security-dashboards-plugin
security-dashboards-plugin copied to clipboard
opensearch-project
2.18
Description
Add Kerberos authentication feature on opensearch-dashboard
Category
New feature
Why these changes are required?
This add version will add feature to authentication by Kerberos via SPNEGO. So user can login without need password in environment that Kerberos are existed.
What is the old behavior before changes and new behavior after changes?
This only make change to enable new authentication method
Issues Resolved
Testing
Integration testing by using google chrome setting policy to enable [AuthServerAllowlist] for dashboards server with both client and server are communicate with Kerberos server. [Please provide details of testing done: unit testing, integration testing and manual testing]
Check List
- [ ] New functionality includes testing
- [ ] New functionality has been documented
- [x] Commits are signed per the DCO using --signoff
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check here.
Thank you for the PR @Ohasumi. Could you please sign the commits and add some unit tests? Would it be possible to write an integration test or provide steps on how to set up testing for this so another developer can verify the change?
Codecov Report
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 71.46%. Comparing base (
ef72c90) to head (141797e).
Additional details and impacted files
@@ Coverage Diff @@
## 2.18 #2154 +/- ##
=======================================
Coverage 71.46% 71.46%
=======================================
Files 97 97
Lines 2649 2649
Branches 411 403 -8
=======================================
Hits 1893 1893
Misses 641 641
Partials 115 115
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
Thank you for the PR @Ohasumi. Could you please sign the commits and add some unit tests? Would it be possible to write an integration test or provide steps on how to set up testing for this so another developer can verify the change?
@cwperks I sign the commits and add notes for environment I'm using. But I'm not sure how to add some unit test, since it required valid kerberos token passing to opensearch core to validate then using jsonwebtoken to sign the user data to be use as cookie.
If anything I can helps please tell me, I will do my best.
Thank you for the PR @Ohasumi. Could you please sign the commits and add some unit tests? Would it be possible to write an integration test or provide steps on how to set up testing for this so another developer can verify the change?
@cwperks I sign the commits and add notes for environment I'm using. But I'm not sure how to add some unit test, since it required valid kerberos token passing to opensearch core to validate then using jsonwebtoken to sign the user data to be use as cookie.
If anything I can helps please tell me, I will do my best.
Can you provide a markdown document or a Github comment outlining steps used to test?
Thank you for the PR @Ohasumi. Could you please sign the commits and add some unit tests? Would it be possible to write an integration test or provide steps on how to set up testing for this so another developer can verify the change?
@cwperks I sign the commits and add notes for environment I'm using. But I'm not sure how to add some unit test, since it required valid kerberos token passing to opensearch core to validate then using jsonwebtoken to sign the user data to be use as cookie.
If anything I can helps please tell me, I will do my best.
Can you provide a markdown document or a Github comment outlining steps used to test?
I added setup environment note as markdown "kerberos_notes.md" in my last commit, which contained most required environment for test. For testing when access dashboard it should redirect to authentication page then browser should attached kerberos ticket with it,after passed the authentication process jsontoken with user credentials should attached as cookie.
I hope this might help clarify my test.
@Ohasumi Would you upload a screen recording of this feature in action? Will help understand the setup much better.
