Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[workspace] refactor: refactor the bulk_get handler in permission wrapper when item has permission error #8906

Open
wants to merge 9 commits into
base: main
Choose a base branch
from

Conversation

Qxisylolo
Copy link
Contributor

@Qxisylolo Qxisylolo commented Nov 21, 2024

Description

This pr fixes index pattern fetch error in discover dataset modal by return response with error instead of throwing an error

Screenshot

before:
before

after:
截屏2024-11-21 14 50 09

Testing the changes

Changelog

  • feat: refactor the bulk_get handler in permission wrapper when item has permission error

Check List

  • All tests pass
    • yarn test:jest
    • yarn test:jest_integration
  • New functionality includes testing.
  • New functionality has been documented.
  • Update CHANGELOG.md
  • Commits are signed per the DCO using --signoff

opensearch-changeset-bot bot added a commit to Qxisylolo/OpenSearch-Dashboards that referenced this pull request Nov 21, 2024
Copy link

codecov bot commented Nov 21, 2024

Codecov Report

Attention: Patch coverage is 83.87097% with 5 lines in your changes missing coverage. Please review.

Project coverage is 60.87%. Comparing base (f06a478) to head (cff0f0e).

Files with missing lines Patch % Lines
..._objects/workspace_saved_objects_client_wrapper.ts 83.87% 5 Missing ⚠️
Additional details and impacted files
@@           Coverage Diff           @@
##             main    #8906   +/-   ##
=======================================
  Coverage   60.86%   60.87%           
=======================================
  Files        3808     3808           
  Lines       91209    91234   +25     
  Branches    14410    14416    +6     
=======================================
+ Hits        55514    55537   +23     
- Misses      32154    32158    +4     
+ Partials     3541     3539    -2     
Flag Coverage Δ
Linux_1 29.04% <83.87%> (+0.02%) ⬆️
Linux_2 56.38% <ø> (ø)
Linux_3 37.93% <ø> (?)
Linux_4 29.01% <ø> (ø)
Windows_1 29.05% <83.87%> (+0.02%) ⬆️
Windows_2 56.34% <ø> (ø)
Windows_3 37.93% <ø> (ø)
Windows_4 29.01% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@@ -0,0 +1,2 @@
fix:
- Index pattern fetch error in discover dataset modal ([#8906](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/8906))
Copy link
Contributor

@raintygao raintygao Nov 21, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Although this PR may could fix #8891, but this is not the direct root cause, so I would suggest to change to refactor: refactor the bulk_get handler in permission wrapper when item has permission error

Comment on lines 513 to 533
if (!hasPermission) {
ACLAuditor?.increment(ACLAuditorStateKey.VALIDATE_FAILURE, 1);
throw generateDataSourcePermissionError();
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We may also don't need to throw Error for this verification.

Comment on lines 533 to 546
error: {
error: 'Invalid saved objects permission',
statusCode: 403,
message: 'Permission denied',
},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we extract this as a function along with other generatexxxError functions on the top of this file.

Comment on lines 544 to 547
ACLAuditor?.increment(
ACLAuditorStateKey.VALIDATE_SUCCESS,
objectToBulkGet.saved_objects.length
);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This represents all verification are successful, now in the new implementation we may need a flag in the map to indicate whether all objects are passed.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for all the comments, updated.

@Qxisylolo Qxisylolo force-pushed the fix/index_pattern_fetch_error branch from 671af1f to 2f4dedd Compare November 22, 2024 09:22
@Qxisylolo Qxisylolo changed the title [workspace] fix: index pattern fetch error in discover dataset modal [workspace] refactor: index pattern fetch error in discover dataset modal Nov 22, 2024
opensearch-changeset-bot bot added a commit to Qxisylolo/OpenSearch-Dashboards that referenced this pull request Nov 22, 2024
@Qxisylolo Qxisylolo marked this pull request as ready for review November 22, 2024 09:26
const hasPermission = this.validateDataSourcePermissions(object, wrapperOptions.request);
if (!hasPermission) {
if (
!(await this.validateWorkspacesAndSavedObjectsPermissions(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: This validateWorkspacesAndSavedObjectsPermissions may throw error during permission validation. Shall we need to add a try catch block here to avoid the whole Promise.all breaking

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your comments,updated

@Qxisylolo Qxisylolo force-pushed the fix/index_pattern_fetch_error branch from a10cf3e to d5fb789 Compare November 28, 2024 02:42
@Qxisylolo Qxisylolo changed the title [workspace] refactor: index pattern fetch error in discover dataset modal [workspace] refactor: refactor the bulk_get handler in permission wrapper when item has permission error Dec 4, 2024
Qxisylolo and others added 8 commits December 5, 2024 14:10
Signed-off-by: Qxisylolo <[email protected]>
Signed-off-by: Qxisylolo <[email protected]>
Signed-off-by: Qxisylolo <[email protected]>
Signed-off-by: Qxisylolo <[email protected]>
Signed-off-by: Qxisylolo <[email protected]>
Signed-off-by: Qxisylolo <[email protected]>
@Qxisylolo Qxisylolo force-pushed the fix/index_pattern_fetch_error branch from d5fb789 to b5dc492 Compare December 5, 2024 06:17
@@ -196,6 +204,32 @@ export class WorkspaceSavedObjectsClientWrapper {
return hasPermission;
}

// Data source is a workspace level object, validate if the request has access to the data source within the requested workspace.
private validateDataSourcePermissions = (
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@yubonluo Could you please check if this change is compatible with the bulkGet changes you made recently regarding permission check?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure, the data source validation has been moved to id_consumer_wrapper, you can delete the method from the permission_wrapper.
related PR: https://github.com/opensearch-project/OpenSearch-Dashboards/pull/8888/files#diff-6f4daf9988f5262d2403821efd458faf7157c7e7473ec65a16ae2724a92d6556L209

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants