Add ThreadContextPermission for markAsSystemContext and allow core to perform the method #15016
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…rm the method Signed-off-by: Craig Perkins <[email protected]>
Signed-off-by: Craig Perkins <[email protected]>
cwperks
requested review from
anasalkouz,
andrross,
ashking94,
Bukhtawar,
CEHENKLE,
dblock,
dbwiddis,
gbbafna,
kotwanikunal,
mch2,
msfroh,
nknize,
owaiskazi19,
reta,
Rishikesh1159,
sachinpkale,
saratvemulapalli,
shwetathareja,
sohami and
VachaShah
as code owners
github-actions
bot
added
enhancement
|
Should I open up a manual backport with the change from here or wait for backport bot to create a backport and push a commit to the branch? |
3 tasks
I will add backport label (so the changelog check passes), but we could take it from there |
reta
reviewed
Jul 30, 2024
reta
approved these changes
Jul 30, 2024
opensearch-trigger-bot bot
pushed a commit
that referenced
this pull request
Jul 31, 2024
… perform the method (#15016) * Add RuntimePermission for markAsSystemContext and allow core to perform the method Signed-off-by: Craig Perkins <[email protected]> * private Signed-off-by: Craig Perkins <[email protected]> * Surround with doPrivileged Signed-off-by: Craig Perkins <[email protected]> * Create ThreadContextAccess Signed-off-by: Craig Perkins <[email protected]> * Create notion of ThreadContextPermission Signed-off-by: Craig Perkins <[email protected]> * Add to CHANGELOG Signed-off-by: Craig Perkins <[email protected]> * Add javadoc Signed-off-by: Craig Perkins <[email protected]> * Add to test-framework.policy file Signed-off-by: Craig Perkins <[email protected]> * Mark as internal Signed-off-by: Craig Perkins <[email protected]> --------- Signed-off-by: Craig Perkins <[email protected]> (cherry picked from commit 597747d) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
cwperks
added a commit
to cwperks/OpenSearch
that referenced
this pull request
Jul 31, 2024
… perform the method (opensearch-project#15016) * Add RuntimePermission for markAsSystemContext and allow core to perform the method Signed-off-by: Craig Perkins <[email protected]> * private Signed-off-by: Craig Perkins <[email protected]> * Surround with doPrivileged Signed-off-by: Craig Perkins <[email protected]> * Create ThreadContextAccess Signed-off-by: Craig Perkins <[email protected]> * Create notion of ThreadContextPermission Signed-off-by: Craig Perkins <[email protected]> * Add to CHANGELOG Signed-off-by: Craig Perkins <[email protected]> * Add javadoc Signed-off-by: Craig Perkins <[email protected]> * Add to test-framework.policy file Signed-off-by: Craig Perkins <[email protected]> * Mark as internal Signed-off-by: Craig Perkins <[email protected]> --------- Signed-off-by: Craig Perkins <[email protected]>
This was referenced Jul 31, 2024
reta
pushed a commit
that referenced
this pull request
Jul 31, 2024
…d allow core to perform the method (#15038) * Add ThreadContextPermission for markAsSystemContext and allow core to perform the method (#15016) * Add RuntimePermission for markAsSystemContext and allow core to perform the method Signed-off-by: Craig Perkins <[email protected]> * private Signed-off-by: Craig Perkins <[email protected]> * Surround with doPrivileged Signed-off-by: Craig Perkins <[email protected]> * Create ThreadContextAccess Signed-off-by: Craig Perkins <[email protected]> * Create notion of ThreadContextPermission Signed-off-by: Craig Perkins <[email protected]> * Add to CHANGELOG Signed-off-by: Craig Perkins <[email protected]> * Add javadoc Signed-off-by: Craig Perkins <[email protected]> * Add to test-framework.policy file Signed-off-by: Craig Perkins <[email protected]> * Mark as internal Signed-off-by: Craig Perkins <[email protected]> --------- Signed-off-by: Craig Perkins <[email protected]> * Add deprecationLogger Signed-off-by: Craig Perkins <[email protected]> --------- Signed-off-by: Craig Perkins <[email protected]>
This was referenced Jul 31, 2024
harshavamsi
pushed a commit
to harshavamsi/OpenSearch
that referenced
this pull request
Aug 20, 2024
… perform the method (opensearch-project#15016) * Add RuntimePermission for markAsSystemContext and allow core to perform the method Signed-off-by: Craig Perkins <[email protected]> * private Signed-off-by: Craig Perkins <[email protected]> * Surround with doPrivileged Signed-off-by: Craig Perkins <[email protected]> * Create ThreadContextAccess Signed-off-by: Craig Perkins <[email protected]> * Create notion of ThreadContextPermission Signed-off-by: Craig Perkins <[email protected]> * Add to CHANGELOG Signed-off-by: Craig Perkins <[email protected]> * Add javadoc Signed-off-by: Craig Perkins <[email protected]> * Add to test-framework.policy file Signed-off-by: Craig Perkins <[email protected]> * Mark as internal Signed-off-by: Craig Perkins <[email protected]> --------- Signed-off-by: Craig Perkins <[email protected]>
wdongyu
pushed a commit
to wdongyu/OpenSearch
that referenced
this pull request
Aug 22, 2024
… perform the method (opensearch-project#15016) * Add RuntimePermission for markAsSystemContext and allow core to perform the method Signed-off-by: Craig Perkins <[email protected]> * private Signed-off-by: Craig Perkins <[email protected]> * Surround with doPrivileged Signed-off-by: Craig Perkins <[email protected]> * Create ThreadContextAccess Signed-off-by: Craig Perkins <[email protected]> * Create notion of ThreadContextPermission Signed-off-by: Craig Perkins <[email protected]> * Add to CHANGELOG Signed-off-by: Craig Perkins <[email protected]> * Add javadoc Signed-off-by: Craig Perkins <[email protected]> * Add to test-framework.policy file Signed-off-by: Craig Perkins <[email protected]> * Mark as internal Signed-off-by: Craig Perkins <[email protected]> --------- Signed-off-by: Craig Perkins <[email protected]>
This was referenced Sep 6, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR replaces a previous PR and takes a different approach to protect methods in the ThreadContext class. Instead of changing the access modifier, this PR shows how permissions can be declared to protect methods within the ThreadContext class that should not be accessible outside of the core without explicit permission.
With this change, plugins would be able to utilize the method but permission needs to be granted through an entry in the
plugin-security.policyfile. The permissions would be:Related Issues
Resolves #14931
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.