Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[2.x] Optimize privilege evaluation for index permissions across '*' index pattern (i.e. all_access role) #4926

Open
wants to merge 3 commits into
base: 2.x
Choose a base branch
from
Open

[2.x] Optimize privilege evaluation for index permissions across '*' index pattern (i.e. all_access role) #4926

wants to merge 3 commits into from

Conversation

cwperks
Copy link
Member

@cwperks cwperks commented Nov 21, 2024

Description

Creating this backport to explore a small optimization for the all_access role when evaluating index permissions in clusters with a large number of indices.

This PR is not a strategic fix like #4898. #4898 takes a holistic approach to optimize privilege evaluation for any type of role definition.

  • Category (Enhancement, New feature, Bug fix, Test fix, Refactoring, Maintenance, Documentation)

Performance improvement

Check List

  • New functionality includes testing
  • New functionality has been documented
  • New Roles/Permissions have a corresponding security dashboards plugin PR
  • API changes companion pull request created
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@cwperks cwperks changed the title [2.x] Optimize privilege evaluation for all_access role [2.x] Optimize privilege evaluation for index permissions across '*' index pattern (i.e. all_access role) Nov 21, 2024
@codecov Codecov
Copy link

codecov bot commented Nov 21, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 63.93%. Comparing base (55ff20e) to head (53ada80).
Report is 15 commits behind head on 2.x.

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##              2.x    #4926      +/-   ##
==========================================
+ Coverage   63.91%   63.93%   +0.01%     
==========================================
  Files         330      330              
  Lines       23118    23148      +30     
  Branches     3745     3752       +7     
==========================================
+ Hits        14777    14800      +23     
- Misses       6509     6514       +5     
- Partials     1832     1834       +2
Files with missing lines Coverage Δ
...pensearch/security/securityconf/ConfigModelV7.java 67.54% <100.00%> (+0.24%) ⬆️

... and 12 files with indirect coverage changes

---- 🚨 Try these New Features:

@cwperks
Create a constant
aa50a9a 
Signed-off-by: Craig Perkins <[email protected]>
shikharj05
shikharj05 reviewed Nov 22, 2024
View reviewed changes
Copy link
Contributor

@shikharj05 shikharj05 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution, can we add some tests?

@cwperks
Add tests
53ada80 
Signed-off-by: Craig Perkins <[email protected]>
@cwperks
Copy link
Member Author

cwperks commented Nov 22, 2024

Thanks for the contribution, can we add some tests?

Added unit tests.

@cwperks cwperks marked this pull request as ready for review November 22, 2024 20:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shikharj05 shikharj05 shikharj05 left review comments

@RyanL1997 RyanL1997 RyanL1997 approved these changes

@DarshitChanpura DarshitChanpura Awaiting requested review from DarshitChanpura DarshitChanpura is a code owner

@derek-ho derek-ho Awaiting requested review from derek-ho derek-ho is a code owner

@nibix nibix Awaiting requested review from nibix nibix is a code owner

@peternied peternied Awaiting requested review from peternied peternied is a code owner

@reta reta Awaiting requested review from reta reta is a code owner

@willyborankin willyborankin Awaiting requested review from willyborankin willyborankin is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cwperks @shikharj05 @RyanL1997