Make plugins.security.dfm_empty_overrides_all dynamically toggleable#6016
Merged
finnegancarroll merged 15 commits intoopensearch-project:mainfrom Mar 26, 2026
Merged
Make plugins.security.dfm_empty_overrides_all dynamically toggleable#6016finnegancarroll merged 15 commits intoopensearch-project:mainfrom
plugins.security.dfm_empty_overrides_all dynamically toggleable#6016finnegancarroll merged 15 commits intoopensearch-project:mainfrom
Conversation
Signed-off-by: Craig Perkins <cwperx@amazon.com>
Signed-off-by: Craig Perkins <cwperx@amazon.com>
Signed-off-by: Craig Perkins <cwperx@amazon.com>
cwperks
requested review from
DarshitChanpura,
RyanL1997,
derek-ho,
nibix,
reta,
shikharj05 and
willyborankin
as code owners
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #6016 +/- ##
==========================================
- Coverage 73.84% 73.82% -0.03%
==========================================
Files 441 441
Lines 27379 27407 +28
Branches 4081 4085 +4
==========================================
+ Hits 20219 20232 +13
- Misses 5235 5249 +14
- Partials 1925 1926 +1
🚀 New features to boost your workflow:
|
Signed-off-by: Craig Perkins <cwperx@amazon.com>
3 tasks
Collaborator
|
Generally cool for me, but I am wondering whether we should perspectively pivot towards deprecating this and just having this on by default. In the end, this is IMHO just a backwards compat setting. |
Member
Author
I'd be aligned with that. What I'm interested most for with this change is showing that we can authz settings updates (for sensitive settings via the |
Signed-off-by: Craig Perkins <cwperx@amazon.com>
Signed-off-by: Craig Perkins <cwperx@amazon.com>
Signed-off-by: Craig Perkins <cwperx@amazon.com>
finnegancarroll
previously approved these changes
Mar 26, 2026
src/main/java/org/opensearch/security/filter/SecurityFilter.java
Outdated
Show resolved
Hide resolved
Signed-off-by: Craig Perkins <cwperx@amazon.com>
Signed-off-by: Craig Perkins <cwperx@amazon.com>
DarshitChanpura
approved these changes
Mar 26, 2026
finnegancarroll
approved these changes
Mar 26, 2026
finnegancarroll
merged commit 42c5dbc
into
opensearch-project:main
111 of 113 checks passed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Companion core PR to make sure we authz this like any other security setting: opensearch-project/OpenSearch#20901
This PR makes
plugins.security.dfm_empty_overrides_alltoggleable at runtime by the cluster admin via Cluster settings APIEnhancement
Issues Resolved
Resolves #6002
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.