Skip to content

Commit

Permalink
Support disable permission check on workspace (opensearch-project#228)
Browse files Browse the repository at this point in the history
* support disable permission check for workspace

Signed-off-by: Hailong Cui <[email protected]>

* fix typos

Signed-off-by: Hailong Cui <[email protected]>

---------

Signed-off-by: Hailong Cui <[email protected]>
  • Loading branch information
Hailong-am authored and wanglam committed Mar 5, 2024
1 parent 73b1de1 commit 1e3c1b8
Show file tree
Hide file tree
Showing 4 changed files with 37 additions and 13 deletions.
5 changes: 4 additions & 1 deletion config/opensearch_dashboards.yml
Original file line number Diff line number Diff line change
Expand Up @@ -277,4 +277,7 @@
# vis_augmenter.pluginAugmentationEnabled: true

# Set the value to true to enable workspace feature
# workspace.enabled: false
# workspace.enabled: false
# Set the value to false to disable permission check on workspace
# Permission check depends on OpenSearch Dashboards has authentication enabled, set it to false if no authentication is configured
# workspace.permission.enabled: true
5 changes: 4 additions & 1 deletion src/plugins/workspace/config.ts
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@ import { schema, TypeOf } from '@osd/config-schema';

export const configSchema = schema.object({
enabled: schema.boolean({ defaultValue: false }),
permission: schema.object({
enabled: schema.boolean({ defaultValue: true }),
}),
});

export type ConfigSchema = TypeOf<typeof configSchema>;
export type WorkspacePluginConfigType = TypeOf<typeof configSchema>;
3 changes: 3 additions & 0 deletions src/plugins/workspace/server/integration_tests/routes.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,9 @@ describe('workspace service', () => {
osd: {
workspace: {
enabled: true,
permission: {
enabled: false,
},
},
migrations: { skip: false },
},
Expand Down
37 changes: 26 additions & 11 deletions src/plugins/workspace/server/plugin.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,8 @@
* Copyright OpenSearch Contributors
* SPDX-License-Identifier: Apache-2.0
*/

import { Observable } from 'rxjs';
import { first } from 'rxjs/operators';
import {
PluginInitializerContext,
CoreSetup,
Expand All @@ -24,12 +25,14 @@ import {
SavedObjectsPermissionControl,
SavedObjectsPermissionControlContract,
} from './permission_control/client';
import { WorkspacePluginConfigType } from '../config';

export class WorkspacePlugin implements Plugin<{}, {}> {
private readonly logger: Logger;
private client?: IWorkspaceClientImpl;
private workspaceConflictControl?: WorkspaceConflictSavedObjectsClientWrapper;
private permissionControl?: SavedObjectsPermissionControlContract;
private readonly config$: Observable<WorkspacePluginConfigType>;

private proxyWorkspaceTrafficToRealHandler(setupDeps: CoreSetup) {
/**
Expand All @@ -49,10 +52,14 @@ export class WorkspacePlugin implements Plugin<{}, {}> {

constructor(initializerContext: PluginInitializerContext) {
this.logger = initializerContext.logger.get('plugins', 'workspace');
this.config$ = initializerContext.config.create<WorkspacePluginConfigType>();
}

public async setup(core: CoreSetup) {
this.logger.debug('Setting up Workspaces service');
const config: WorkspacePluginConfigType = await this.config$.pipe(first()).toPromise();
const isPermissionControlEnabled =
config.permission.enabled === undefined ? true : config.permission.enabled;

this.client = new WorkspaceClient(core, this.logger);

Expand All @@ -67,25 +74,33 @@ export class WorkspacePlugin implements Plugin<{}, {}> {
this.workspaceConflictControl.wrapperFactory
);

this.permissionControl = new SavedObjectsPermissionControl(this.logger);
this.logger.info('Workspace permission control enabled:' + isPermissionControlEnabled);
if (isPermissionControlEnabled) {
this.permissionControl = new SavedObjectsPermissionControl(this.logger);

const workspaceSavedObjectsClientWrapper = new WorkspaceSavedObjectsClientWrapper(
this.permissionControl
);
const workspaceSavedObjectsClientWrapper = new WorkspaceSavedObjectsClientWrapper(
this.permissionControl
);

core.savedObjects.addClientWrapper(
0,
WORKSPACE_SAVED_OBJECTS_CLIENT_WRAPPER_ID,
workspaceSavedObjectsClientWrapper.wrapperFactory
);
core.savedObjects.addClientWrapper(
0,
WORKSPACE_SAVED_OBJECTS_CLIENT_WRAPPER_ID,
workspaceSavedObjectsClientWrapper.wrapperFactory
);
}

registerRoutes({
http: core.http,
logger: this.logger,
client: this.client as IWorkspaceClientImpl,
});

core.capabilities.registerProvider(() => ({ workspaces: { enabled: true } }));
core.capabilities.registerProvider(() => ({
workspaces: {
enabled: true,
permissionEnabled: isPermissionControlEnabled,
},
}));

return {
client: this.client,
Expand Down

0 comments on commit 1e3c1b8

Please sign in to comment.