Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature branch sync up with main branch #2847

Closed
Show file tree
Hide file tree
Changes from 9 commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
1bb2ef1
add ml model group system index (#2790)
ylwu-amzn May 25, 2023
a580dfc
role.yml changes for lron feature (#2789)
zhichao-aws May 25, 2023
9be79bd
Remove dependency on javax.annotation implementation as OpenSearch no…
Xtansia May 30, 2023
4b38671
[FEATURE] usage of JWKS with JWT (w/o OpenID connect) (#2808)
cwperks May 30, 2023
5f9c90b
Update non java files (#2812)
stephen-crawford May 31, 2023
30d960c
Add release notes for 2.8.0 (#2827)
RyanL1997 Jun 1, 2023
76a5d7f
Updates the style of all java files under the */dlic/util/ dir. (#2823)
stephen-crawford Jun 1, 2023
abcb3a2
Match version of zstd-jni from core (#2832)
cwperks Jun 5, 2023
cb8818c
Updates all java files under security/* and test/security/a* -> test/…
stephen-crawford Jun 5, 2023
bfc8a6b
Update test/security/s* java files (#2836)
stephen-crawford Jun 5, 2023
ceb5ad2
Format all *.java files tests under test/security (#2837)
stephen-crawford Jun 5, 2023
e407b2c
Update non java files - Stephen's
RyanL1997 Jun 9, 2023
e3f89a6
All formatting changes from Stephen's meta formatting except 2840
RyanL1997 Jun 9, 2023
305e88e
add ml model group system index (#2790)
ylwu-amzn May 25, 2023
538aa57
role.yml changes for lron feature (#2789)
zhichao-aws May 25, 2023
cfe92fa
[FEATURE] usage of JWKS with JWT (w/o OpenID connect) (#2808)
cwperks May 30, 2023
8574481
Add release notes for 2.8.0 (#2827)
RyanL1997 Jun 1, 2023
db22390
Match version of zstd-jni from core (#2832)
cwperks Jun 5, 2023
9c3662d
Fix the fomatting after cherry picks
RyanL1997 Jun 9, 2023
b47bf1d
Remove dependency on javax.annotation implementation as OpenSearch no…
Xtansia May 30, 2023
6483fc5
Update gradle/formatting.gradle
stephen-crawford Jun 9, 2023
d2a5e9d
Update formatter/formatterConfig.xml
stephen-crawford Jun 9, 2023
9af7290
Merge branch 'main' into cherrypick-from-main-to-sync
RyanL1997 Jun 9, 2023
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
2 changes: 1 addition & 1 deletion .github/actions/create-bwc-build/action.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ inputs:
plugin-branch:
description: 'The branch of the plugin that should be built, e.g "2.2", "1.x"'
required: true

outputs:
built-version:
description: 'The version of OpenSearch that was associated with this branch'
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ runs:
# Run any configuration scripts
- name: Run Setup Script for Linux
if: ${{ runner.os == 'Linux' && inputs.setup-script-name != '' }}
run: |
run: |
echo "running linux setup"
chmod +x ./${{ inputs.setup-script-name }}.sh
./${{ inputs.setup-script-name }}.sh
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/delete_backport_branch.yml
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
name: Delete merged branch of the backport PRs
on:
on:
pull_request:
types:
- closed

jobs:
delete-branch:
runs-on: ubuntu-latest
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/plugin_install.yml
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ jobs:
if: ${{ runner.os == 'Linux' }}
run: |
cat > setup.sh <<'EOF'
chmod +x ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/plugins/${{ env.PLUGIN_NAME }}/tools/install_demo_configuration.sh
chmod +x ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/plugins/${{ env.PLUGIN_NAME }}/tools/install_demo_configuration.sh
/bin/bash -c "yes | ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/plugins/${{ env.PLUGIN_NAME }}/tools/install_demo_configuration.sh"
EOF

Expand Down
2 changes: 1 addition & 1 deletion CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
OpenSearch is a community project that is built and maintained by people just like **you**.
[This document](https://github.com/opensearch-project/.github/blob/main/CONTRIBUTING.md) explains how you can contribute to this and related projects.

Visit the following link(s) for more information on specific practices:
Visit the following link(s) for more information on specific practices:

- [Triaging](./TRIAGING.md)

Expand Down
6 changes: 3 additions & 3 deletions DEVELOPER_GUIDE.md
Original file line number Diff line number Diff line change
Expand Up @@ -48,9 +48,9 @@ The `curl localhost:9200` call should succeed again. Kill the server with `Ctrl+

>Worth noting:\
> The version of OpenSearch and the security plugin must match as there is an explicit version check at startup. This can be a bit confusing as, for example, at the time of writing this guide, the `main` branch of this security plugin builds version `3.0.0.0-SNAPSHOT` compatible with OpenSearch `3.0.0`. Check the expected compatible version in `build.gradle` file [here](https://github.com/opensearch-project/security/blob/main/build.gradle) and make sure you get the correct branch from OpenSearch when building that project.
>
>
> The line to look for: `opensearch_version = System.getProperty("opensearch.version", "x")`
>
>
> Alternatively, you can find the compatible version of OpenSearch by running in project root folder
> ```
> ./gradlew properties -q | grep -E '^version:' | awk '{print $2}'
Expand Down Expand Up @@ -164,7 +164,7 @@ Checkstyle enforces several rules within this codebase. Sometimes it will be nec

*Execute Checkstyle*
```
./gradlew checkstyleMain checkstyleTest
./gradlew checkstyleMain checkstyleTest
```

*Example violation*
Expand Down
34 changes: 17 additions & 17 deletions DEVELOPING_WITH_DOCKER.md
Original file line number Diff line number Diff line change
@@ -1,40 +1,40 @@
# Developing with Docker

Docker is a powerful tool that can be used to quickly spin up an OpenSearch cluster. When you follow the steps to run [OpenSearch with Docker](https://opensearch.org/docs/latest/install-and-configure/install-opensearch/docker/), you will find the Security Plugin already included in the basic distribution.
Docker is a powerful tool that can be used to quickly spin up an OpenSearch cluster. When you follow the steps to run [OpenSearch with Docker](https://opensearch.org/docs/latest/install-and-configure/install-opensearch/docker/), you will find the Security Plugin already included in the basic distribution.

- [Developing with Docker](#developing-with-docker)
- [Configuring Security](#configuring-security)
- [Mounting Local Volumes](#mounting-local-volumes)
- [Example docker-compose](#example-docker-compose)


## Configuring Security

By default, the Docker installation of OpenSearch does not enable the Security plugin. In order to enable Security development, you will need set `DISABLE_SECURITY_PLUGIN=false`, as well as change `DISABLE_INSTALL_DEMO_CONFIG` and `DISABLE_SECURITY_DASHBOARDS_PLUGIN`. This will install the demo certificates, and allow you to develop with realistic Security configurations. An example of a completely configured docker-compose file is shown below.
## Configuring Security

By default, the Docker installation of OpenSearch does not enable the Security plugin. In order to enable Security development, you will need set `DISABLE_SECURITY_PLUGIN=false`, as well as change `DISABLE_INSTALL_DEMO_CONFIG` and `DISABLE_SECURITY_DASHBOARDS_PLUGIN`. This will install the demo certificates, and allow you to develop with realistic Security configurations. An example of a completely configured docker-compose file is shown below.

> Warning: You should never use the demo certificates for a production environment. Instead, you will need to follow the steps on [configuring security](https://opensearch.org/docs/latest/security/configuration/index/) before using the cluster for production.

### Mounting Local Volumes
### Mounting Local Volumes

In order to test development changes with an OpenSearch Docker-installation, you will need to mount the volumes in your docker-compose file.
In order to test development changes with an OpenSearch Docker-installation, you will need to mount the volumes in your docker-compose file.

To update your cluster to have local changes, follow these steps:
To update your cluster to have local changes, follow these steps:

1. First you will need to make changes in your local `opensearch-project/security` repository. For this example, assume your fork is cloned into a directory called `security`.
2. After you make changes to your cloned repository, you will need to run `./gradlew assemble`. This will create a `.jar` file you can mount into the Docker container. The file will be located at `./security/build/distributions/opensearch-security-<OPENSEARCH_VERSION>.0-SNAPSHOT.jar`, where the `<OPENSEARCH_VERSION>` field is simply the OpenSearch distribution.
3. You will then need to navigate to your `docker-compose.yml` file where you are running you OpenSearch cluster from. For this example, let us assume this is in another directory called `opensearch-docker`.
4. Modify the compose file, so that in the `volumes:` section of each node configuration (the default configuration will have `opensearch-node1` and `opensearch-node2`), you have a new line which reads `~/security/build/distributions/opensearch-security-<OPENSEARCH_VERSION>.0-SNAPSHOT.jar:/usr/share/opensearch/plugins/opensearch-security/opensearch-security-<OPENSEARCH_VERSION>.0.jar`. This line should be added to the volumes section of all nodes in the compose file. You will not need to add it to the `opensearch-dashboards` section.
5. You can now restart the Docker container by running `docker-compose down -v` and `docker-compose up`. Your changes will now be live in the OpenSearch cluster instance.
2. After you make changes to your cloned repository, you will need to run `./gradlew assemble`. This will create a `.jar` file you can mount into the Docker container. The file will be located at `./security/build/distributions/opensearch-security-<OPENSEARCH_VERSION>.0-SNAPSHOT.jar`, where the `<OPENSEARCH_VERSION>` field is simply the OpenSearch distribution.
3. You will then need to navigate to your `docker-compose.yml` file where you are running you OpenSearch cluster from. For this example, let us assume this is in another directory called `opensearch-docker`.
4. Modify the compose file, so that in the `volumes:` section of each node configuration (the default configuration will have `opensearch-node1` and `opensearch-node2`), you have a new line which reads `~/security/build/distributions/opensearch-security-<OPENSEARCH_VERSION>.0-SNAPSHOT.jar:/usr/share/opensearch/plugins/opensearch-security/opensearch-security-<OPENSEARCH_VERSION>.0.jar`. This line should be added to the volumes section of all nodes in the compose file. You will not need to add it to the `opensearch-dashboards` section.
5. You can now restart the Docker container by running `docker-compose down -v` and `docker-compose up`. Your changes will now be live in the OpenSearch cluster instance.

### Example docker-compose
### Example docker-compose

This is an example of a completely configured docker-compose file for a local installation of the 2.5.0 version of OpenSearch.
This is an example of a completely configured docker-compose file for a local installation of the 2.5.0 version of OpenSearch.

```
version: '3'
services:
opensearch-node1:
image: opensearchstaging/opensearch:2.5.0 # This is a image of the 2.5.0 distribution
image: opensearchstaging/opensearch:2.5.0 # This is a image of the 2.5.0 distribution
environment:
- cluster.name=opensearch-cluster
- node.name=opensearch-node1
Expand All @@ -58,7 +58,7 @@ services:
# - ./config/opensearch.yml:/usr/share/opensearch/config/opensearch.yml # These paths are relative to the location of the docker-compose file
# - ./config/esnode.pem:/usr/share/opensearch/config/esnode.pem
# - ./config/esnode-key.pem:/usr/share/opensearch/config/esnode-key.pem
# - ./config/root-ca.pem:/usr/share/opensearch/config/root-ca.pem
# - ./config/root-ca.pem:/usr/share/opensearch/config/root-ca.pem
# - ./config/opensearch-security/audit.yml:/usr/share/opensearch/config/opensearch-security/audit.yml
# - ./config/opensearch-security/tenants.yml:/usr/share/opensearch/config/opensearch-security/tenants.yml
# - /OpenSearch-Snapshots:/mnt/snapshots # This is where your snapshots would be stored
Expand Down Expand Up @@ -86,8 +86,8 @@ services:
# - ./config/root-ca.pem:/usr/share/opensearch/config/root-ca.pem
# - ./config/opensearch-security/audit.yml:/usr/share/opensearch/config/opensearch-security/audit.yml
# - ./config/opensearch-security/tenants.yml:/usr/share/opensearch/config/opensearch-security/tenants.yml
# - /OpenSearch-Snapshots:/mnt/snapshots
# - /security/build/distributions/opensearch-security-2.5.0.0-SNAPSHOT.jar:/usr/share/opensearch/plugins/opensearch-security/opensearch-security-2.5.0.0.jar
# - /OpenSearch-Snapshots:/mnt/snapshots
# - /security/build/distributions/opensearch-security-2.5.0.0-SNAPSHOT.jar:/usr/share/opensearch/plugins/opensearch-security/opensearch-security-2.5.0.0.jar
networks:
- opensearch-net
opensearch-dashboards:
Expand Down
12 changes: 6 additions & 6 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
[![CI](https://github.com/opensearch-project/security/workflows/CI/badge.svg?branch=main)](https://github.com/opensearch-project/security/actions) [![](https://img.shields.io/github/issues/opensearch-project/security/untriaged?labelColor=red)](https://github.com/opensearch-project/security/issues?q=is%3Aissue+is%3Aopen+label%3A"untriaged") [![](https://img.shields.io/github/issues/opensearch-project/security/security%20vulnerability?labelColor=red)](https://github.com/opensearch-project/security/issues?q=is%3Aissue+is%3Aopen+label%3A"security%20vulnerability") [![](https://img.shields.io/github/issues/opensearch-project/security)](https://github.com/opensearch-project/security/issues) [![](https://img.shields.io/github/issues-pr/opensearch-project/security)](https://github.com/opensearch-project/security/pulls)
[![CI](https://github.com/opensearch-project/security/workflows/CI/badge.svg?branch=main)](https://github.com/opensearch-project/security/actions) [![](https://img.shields.io/github/issues/opensearch-project/security/untriaged?labelColor=red)](https://github.com/opensearch-project/security/issues?q=is%3Aissue+is%3Aopen+label%3A"untriaged") [![](https://img.shields.io/github/issues/opensearch-project/security/security%20vulnerability?labelColor=red)](https://github.com/opensearch-project/security/issues?q=is%3Aissue+is%3Aopen+label%3A"security%20vulnerability") [![](https://img.shields.io/github/issues/opensearch-project/security)](https://github.com/opensearch-project/security/issues) [![](https://img.shields.io/github/issues-pr/opensearch-project/security)](https://github.com/opensearch-project/security/pulls)
[![](https://img.shields.io/codecov/c/gh/opensearch-project/security)](https://app.codecov.io/gh/opensearch-project/security) [![](https://img.shields.io/github/issues/opensearch-project/security/v2.4.0)](https://github.com/opensearch-project/security/issues?q=is%3Aissue+is%3Aopen+label%3A"v2.4.0") [![](https://img.shields.io/github/issues/opensearch-project/security/v3.0.0)](https://github.com/opensearch-project/security/issues?q=is%3Aissue+is%3Aopen+label%3A"v3.0.0")
[![Slack](https://img.shields.io/badge/Slack-4A154B?&logo=slack&logoColor=white)](https://opensearch.slack.com/archives/C051Y637FKK)



## Announcement: The Slack workspace is live! Please join the [conversation](https://opensearch.slack.com/archives/C051Y637FKK).
## Announcement: The Slack workspace is live! Please join the [conversation](https://opensearch.slack.com/archives/C051Y637FKK).

<img src="https://opensearch.org/assets/img/opensearch-logo-themed.svg" height="64px">

Expand Down Expand Up @@ -37,7 +37,7 @@ OpenSearch Security is a plugin for OpenSearch that offers encryption, authentic
* Full data in transit encryption
* Node-to-node encryption
* Certificate revocation lists
* Hot Certificate renewal
* Hot Certificate renewal

### Authentication
* Internal user database
Expand All @@ -60,7 +60,7 @@ OpenSearch Security is a plugin for OpenSearch that offers encryption, authentic
* REST management API

### Audit/Compliance logging
* Audit logging
* Audit logging
* Compliance logging for GDPR, HIPAA, PCI, SOX and ISO compliance

### OpenSearch Dashboards multi-tenancy
Expand Down Expand Up @@ -126,7 +126,7 @@ sequenceDiagram
participant OpenSearch
participant SecurityPlugin
participant Cluster as Plugin

Client->>OpenSearch: Request
OpenSearch->>SecurityPlugin: Request
SecurityPlugin->>SecurityPlugin: Add Auth information to request context
Expand Down Expand Up @@ -188,7 +188,7 @@ If you discover a potential security issue in this project we ask that you notif

## License

This code is licensed under the Apache 2.0 License.
This code is licensed under the Apache 2.0 License.

## Copyright

Expand Down
4 changes: 2 additions & 2 deletions TRIAGING.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ If you have an issue you'd like to bring forth please consider getting a link to

### Is there an agenda for each week?

Meetings are lightly structured as follows:
Meetings are lightly structured as follows:

1. Announcements: If there are any announcements to be made they will happen at the start of the meeting.
2. Review of new issues: The meetings always start with reviewing all untriaged [issues](https://github.com/search?q=label%3Auntriaged+is%3Aopen++repo%3Aopensearch-project%2Fsecurity+repo%3Aopensearch-project%2Fsecurity-dashboards-plugin&type=issues&ref=advsearch&s=created&o=desc) for the security and security-dashboards repositories.
Expand Down Expand Up @@ -53,7 +53,7 @@ There you can find answers to many common questions as well as speak with implem

### What if my issue is critical to OpenSearch operations, do I have to wait for the weekly meeting for it to be addressed?

All new issues for the [security](https://github.com/opensearch-project/security/issues?q=is%3Aissue+is%3Aopen+label%3Auntriaged) repo and [security-dashboards](https://github.com/opensearch-project/security-dashboards-plugin/issues?q=is%3Aissue+is%3Aopen+-label%3Atriaged) repo are reviewed daily to check for critical issues which require immediate triaging. If an issue relates to a severe concern for OpenSearch operation, it will be triaged by a maintainer mid-week. You can still come to discuss an issue at the following meeting even if it has already been triaged during the week.
All new issues for the [security](https://github.com/opensearch-project/security/issues?q=is%3Aissue+is%3Aopen+label%3Auntriaged) repo and [security-dashboards](https://github.com/opensearch-project/security-dashboards-plugin/issues?q=is%3Aissue+is%3Aopen+-label%3Atriaged) repo are reviewed daily to check for critical issues which require immediate triaging. If an issue relates to a severe concern for OpenSearch operation, it will be triaged by a maintainer mid-week. You can still come to discuss an issue at the following meeting even if it has already been triaged during the week.

### Is this where I should bring up potential security vulnerabilities?

Expand Down
Loading