Skip to content

Commit

Permalink
Add permissions field to mapping when the feature flag is enabled
Browse files Browse the repository at this point in the history
Signed-off-by: gaobinlong <gbinlong@amazon.com>
  • Loading branch information
gaobinlong committed Feb 29, 2024
1 parent 587f0d4 commit e29d7fd
Show file tree
Hide file tree
Showing 6 changed files with 59 additions and 32 deletions.
3 changes: 3 additions & 0 deletions src/core/server/opensearch_dashboards_config.ts
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,9 @@ export const config = {
defaultValue: 'https://survey.opensearch.org',
}),
}),
permission: schema.object({
enabled: schema.boolean({ defaultValue: false }),
}),
}),
deprecations,
};
Original file line number Diff line number Diff line change
Expand Up @@ -48,10 +48,37 @@ import {
* @param typeDefinitions - the type definitions to build mapping from.
*/
export function buildActiveMappings(
typeDefinitions: SavedObjectsTypeMappingDefinitions | SavedObjectsMappingProperties
typeDefinitions: SavedObjectsTypeMappingDefinitions | SavedObjectsMappingProperties,
permissionControlEnabled?: boolean
): IndexMapping {
const mapping = defaultMapping();

// if permission control is enabled, the permissions field should be added to the mapping
if (permissionControlEnabled) {
const principals: SavedObjectsFieldMapping = {
properties: {
users: {
type: 'keyword',
},
groups: {
type: 'keyword',
},
},
};
mapping.properties = {
...mapping.properties,
permissions: {
properties: {
read: principals,
write: principals,
management: principals,
library_read: principals,
library_write: principals,
},
},
};
}

const mergedProperties = validateAndMerge(mapping.properties, typeDefinitions);

return cloneDeep({
Expand Down Expand Up @@ -138,16 +165,6 @@ function findChangedProp(actual: any, expected: any) {
* @returns {IndexMapping}
*/
function defaultMapping(): IndexMapping {
const principals: SavedObjectsFieldMapping = {
properties: {
users: {
type: 'keyword',
},
groups: {
type: 'keyword',
},
},
};
return {
dynamic: 'strict',
properties: {
Expand Down Expand Up @@ -189,15 +206,6 @@ function defaultMapping(): IndexMapping {
workspaces: {
type: 'keyword',
},
permissions: {
properties: {
read: principals,
write: principals,
management: principals,
library_read: principals,
library_write: principals,
},
},
},
};
}
Expand Down
13 changes: 10 additions & 3 deletions src/core/server/saved_objects/migrations/core/migration_context.ts
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,7 @@ export interface MigrationOpts {
documentMigrator: VersionedTransformer;
serializer: SavedObjectsSerializer;
convertToAliasScript?: string;
permissionControlEnabled?: boolean;

/**
* If specified, templates matching the specified pattern will be removed
Expand Down Expand Up @@ -93,7 +94,12 @@ export async function migrationContext(opts: MigrationOpts): Promise<Context> {
const { log, client } = opts;
const alias = opts.index;
const source = createSourceContext(await Index.fetchInfo(client, alias), alias);
const dest = createDestContext(source, alias, opts.mappingProperties);
const dest = createDestContext(
source,
alias,
opts.mappingProperties,
opts.permissionControlEnabled
);

return {
client,
Expand Down Expand Up @@ -125,10 +131,11 @@ function createSourceContext(source: Index.FullIndexInfo, alias: string) {
function createDestContext(
source: Index.FullIndexInfo,
alias: string,
typeMappingDefinitions: SavedObjectsTypeMappingDefinitions
typeMappingDefinitions: SavedObjectsTypeMappingDefinitions,
permissionControlEnabled?: boolean
): Index.FullIndexInfo {
const targetMappings = disableUnknownTypeMappingFields(
buildActiveMappings(typeMappingDefinitions),
buildActiveMappings(typeMappingDefinitions, permissionControlEnabled),
source.mappings
);

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -43,14 +43,14 @@ import { buildActiveMappings, IndexMigrator, MigrationResult, MigrationStatus }
import { DocumentMigrator, VersionedTransformer } from '../core/document_migrator';
import { MigrationOpenSearchClient } from '../core/';
import { createIndexMap } from '../core/build_index_map';
import { SavedObjectsMigrationConfigType } from '../../saved_objects_config';
import { SavedObjectConfig, SavedObjectsMigrationConfigType } from '../../saved_objects_config';
import { ISavedObjectTypeRegistry } from '../../saved_objects_type_registry';
import { SavedObjectsType } from '../../types';

export interface OpenSearchDashboardsMigratorOptions {
client: MigrationOpenSearchClient;
typeRegistry: ISavedObjectTypeRegistry;
savedObjectsConfig: SavedObjectsMigrationConfigType;
savedObjectsConfig: SavedObjectConfig;
opensearchDashboardsConfig: OpenSearchDashboardsConfigType;
opensearchDashboardsVersion: string;
logger: Logger;
Expand All @@ -71,7 +71,7 @@ export interface OpenSearchDashboardsMigratorStatus {
*/
export class OpenSearchDashboardsMigrator {
private readonly client: MigrationOpenSearchClient;
private readonly savedObjectsConfig: SavedObjectsMigrationConfigType;
private readonly savedObjectsConfig: SavedObjectConfig;
private readonly documentMigrator: VersionedTransformer;
private readonly opensearchDashboardsConfig: OpenSearchDashboardsConfigType;
private readonly log: Logger;
Expand Down Expand Up @@ -109,7 +109,10 @@ export class OpenSearchDashboardsMigrator {
});
// Building the active mappings (and associated md5sums) is an expensive
// operation so we cache the result
this.activeMappings = buildActiveMappings(this.mappingProperties);
this.activeMappings = buildActiveMappings(
this.mappingProperties,
this.savedObjectsConfig.permissionControlEnabled
);
}

/**
Expand Down Expand Up @@ -166,21 +169,22 @@ export class OpenSearchDashboardsMigrator {

const migrators = Object.keys(indexMap).map((index) => {
return new IndexMigrator({
batchSize: this.savedObjectsConfig.batchSize,
batchSize: this.savedObjectsConfig.migration.batchSize,
client: this.client,
documentMigrator: this.documentMigrator,
index,
log: this.log,
mappingProperties: indexMap[index].typeMappings,
pollInterval: this.savedObjectsConfig.pollInterval,
scrollDuration: this.savedObjectsConfig.scrollDuration,
pollInterval: this.savedObjectsConfig.migration.pollInterval,
scrollDuration: this.savedObjectsConfig.migration.scrollDuration,
serializer: this.serializer,
// Only necessary for the migrator of the opensearch-dashboards index.
obsoleteIndexTemplatePattern:
index === opensearchDashboardsIndexName
? 'opensearch_dashboards_index_template*'
: undefined,
convertToAliasScript: indexMap[index].script,
permissionControlEnabled: this.savedObjectsConfig.permissionControlEnabled,
});
});

Expand Down
5 changes: 5 additions & 0 deletions src/core/server/saved_objects/saved_objects_config.ts
Original file line number Diff line number Diff line change
Expand Up @@ -49,12 +49,16 @@ export const savedObjectsConfig = {
schema: schema.object({
maxImportPayloadBytes: schema.byteSize({ defaultValue: 26214400 }),
maxImportExportSize: schema.byteSize({ defaultValue: 10000 }),
permission: schema.object({
enabled: schema.boolean({ defaultValue: false }),
}),
}),
};

export class SavedObjectConfig {
public maxImportPayloadBytes: number;
public maxImportExportSize: number;
public permissionControlEnabled: boolean;

public migration: SavedObjectsMigrationConfigType;

Expand All @@ -65,5 +69,6 @@ export class SavedObjectConfig {
this.maxImportPayloadBytes = rawConfig.maxImportPayloadBytes.getValueInBytes();
this.maxImportExportSize = rawConfig.maxImportExportSize.getValueInBytes();
this.migration = rawMigrationConfig;
this.permissionControlEnabled = rawConfig.permission.enabled;
}
}
4 changes: 2 additions & 2 deletions src/core/server/saved_objects/saved_objects_service.ts
Original file line number Diff line number Diff line change
Expand Up @@ -433,7 +433,7 @@ export class SavedObjectsService

const migrator = this.createMigrator(
opensearchDashboardsConfig,
this.config.migration,
this.config,
opensearch.client,
migrationsRetryDelay
);
Expand Down Expand Up @@ -544,7 +544,7 @@ export class SavedObjectsService

private createMigrator(
opensearchDashboardsConfig: OpenSearchDashboardsConfigType,
savedObjectsConfig: SavedObjectsMigrationConfigType,
savedObjectsConfig: SavedObjectConfig,
client: IClusterClient,
migrationsRetryDelay?: number
): IOpenSearchDashboardsMigrator {
Expand Down

0 comments on commit e29d7fd

Please sign in to comment.