security icon indicating copy to clipboard operation
security copied to clipboard
verified publisher icon opensearch-project

Add can trip circuit breaker override

Open derek-ho opened this issue 1 year ago • 1 comments

Description

[Describe what this change achieves]

  • Category (Enhancement, New feature, Bug fix, Test fix, Refactoring, Maintenance, Documentation)
  • Why these changes are required?
  • What is the old behavior before changes and new behavior after changes?

Issues Resolved

[List any issues this PR will resolve]

Is this a backport? If so, please add backport PR # and/or commits #, and remove backport-failed label from the original PR.

Do these changes introduce new permission(s) to be displayed in the static dropdown on the front-end? If so, please open a draft PR in the security dashboards plugin and link the draft PR here

Testing

[Please provide details of testing done: unit testing, integration testing and manual testing]

Check List

  • [ ] New functionality includes testing
  • [ ] New functionality has been documented
  • [ ] New Roles/Permissions have a corresponding security dashboards plugin PR
  • [ ] API changes companion pull request created
  • [ ] Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check here.

derek-ho avatar Sep 03 '24 17:09 derek-ho

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 67.94%. Comparing base (830b341) to head (c81ee08). Report is 5 commits behind head on main.

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #4697      +/-   ##
==========================================
- Coverage   67.98%   67.94%   -0.05%     
==========================================
  Files         310      310              
  Lines       20924    20927       +3     
  Branches     3318     3322       +4     
==========================================
- Hits        14225    14218       -7     
- Misses       4951     4958       +7     
- Partials     1748     1751       +3
Files with missing lines Coverage Δ
...arch/security/dlic/rest/api/AbstractApiAction.java 83.39% <100.00%> (+0.06%) :arrow_up:

... and 3 files with indirect coverage changes

codecov[bot] avatar Sep 03 '24 17:09 codecov[bot]

Thank you @derek-ho. This looks like an innocuous change that would enhance the security of a cluster. For instance, if a cluster has a single user eating up resources, this change will ensure that an admin can take actions to mitigate w/o running into the circuit breaker.

cwperks avatar Oct 04 '24 15:10 cwperks

Thank you @derek-ho. This looks like an innocuous change that would enhance the security of a cluster. For instance, if a cluster has a single user eating up resources, this change will ensure that an admin can take actions to mitigate w/o running into the circuit breaker.

Agree! Are there any APIs not covered by this that you think should also not trip the circuit breaker?

derek-ho avatar Oct 04 '24 16:10 derek-ho

Agree! Are there any APIs not covered by this that you think should also not trip the circuit breaker?

No, I think this single change in the Abstract class covers the most important endpoints around internalusers, roles, roles mappings, etc.

cwperks avatar Oct 04 '24 16:10 cwperks