diff --git a/MAINTAINERS.md b/MAINTAINERS.md index f7d069cd1..4e21da685 100644 --- a/MAINTAINERS.md +++ b/MAINTAINERS.md @@ -13,6 +13,7 @@ This document contains a list of maintainers in this repo. See [opensearch-proje | Craig Perkins | [cwperks](https://github.com/cwperks) | Amazon | | Ryan Liang | [RyanL1997](https://github.com/RyanL1997) | Amazon | | Stephen Crawford | [scrawfor99](https://github.com/scrawfor99) | Amazon | +| Derek Ho | [derek-ho](https://github.com/derek-ho) | Amazon | ## Emeritus diff --git a/public/apps/configuration/constants.tsx b/public/apps/configuration/constants.tsx index 9df5f8285..93b36aa96 100644 --- a/public/apps/configuration/constants.tsx +++ b/public/apps/configuration/constants.tsx @@ -145,24 +145,64 @@ export const CLUSTER_PERMISSIONS: string[] = [ 'cluster:admin/opensearch/ql/async_query/result', 'cluster:admin/opensearch/ql/async_query/delete', 'cluster:admin/opensearch/ppl', + 'cluster:admin/opensearch/ml/agents/delete', + 'cluster:admin/opensearch/ml/agents/get', + 'cluster:admin/opensearch/ml/agents/register', + 'cluster:admin/opensearch/ml/agents/search', + 'cluster:admin/opensearch/ml/config/get', + 'cluster:admin/opensearch/ml/create_connector', + 'cluster:admin/opensearch/ml/connectors/get', + 'cluster:admin/opensearch/ml/connectors/search', + 'cluster:admin/opensearch/ml/connectors/update', + 'cluster:admin/opensearch/ml/controllers/create', + 'cluster:admin/opensearch/ml/controllers/delete', + 'cluster:admin/opensearch/ml/controllers/deploy', + 'cluster:admin/opensearch/ml/controllers/get', + 'cluster:admin/opensearch/ml/controllers/undeploy', + 'cluster:admin/opensearch/ml/controllers/update', 'cluster:admin/opensearch/ml/create_model_meta', 'cluster:admin/opensearch/ml/execute', - 'cluster:admin/opensearch/ml/load_model', - 'cluster:admin/opensearch/ml/load_model_on_nodes', + 'cluster:admin/opensearch/ml/deploy_model', + 'cluster:admin/opensearch/ml/deploy_model_on_nodes', + 'cluster:admin/opensearch/ml/memory/conversation/get', + 'cluster:admin/opensearch/ml/memory/conversation/interaction/search', + 'cluster:admin/opensearch/ml/memory/conversation/delete', + 'cluster:admin/opensearch/ml/memory/conversation/list', + 'cluster:admin/opensearch/ml/memory/conversation/search', + 'cluster:admin/opensearch/ml/memory/conversation/create', + 'cluster:admin/opensearch/ml/memory/conversation/update', + 'cluster:admin/opensearch/ml/memory/interaction/create', + 'cluster:admin/opensearch/ml/memory/interaction/update', + 'cluster:admin/opensearch/ml/memory/interaction/get', + 'cluster:admin/opensearch/ml/memory/interaction/list', + 'cluster:admin/opensearch/ml/memory/trace/get', + 'cluster:admin/opensearch/ml/model_groups/delete', + 'cluster:admin/opensearch/ml/model_groups/get', + 'cluster:admin/opensearch/ml/model_groups/search', + 'cluster:admin/opensearch/ml/register_model_group', + 'cluster:admin/opensearch/ml/update_model_group', 'cluster:admin/opensearch/ml/models/delete', 'cluster:admin/opensearch/ml/models/get', 'cluster:admin/opensearch/ml/models/search', + 'cluster:admin/opensearch/ml/models/update', + 'cluster:admin/opensearch/ml/models/update_cache', 'cluster:admin/opensearch/ml/predict', 'cluster:admin/opensearch/ml/profile/nodes', + 'cluster:admin/opensearch/ml/register_model', + 'cluster:admin/opensearch/ml/register_model_meta', 'cluster:admin/opensearch/ml/stats/nodes', 'cluster:admin/opensearch/ml/tasks/delete', 'cluster:admin/opensearch/ml/tasks/get', 'cluster:admin/opensearch/ml/tasks/search', + 'cluster:admin/opensearch/ml/tools/get', + 'cluster:admin/opensearch/ml/tools/list', 'cluster:admin/opensearch/ml/train', 'cluster:admin/opensearch/ml/trainAndPredict', - 'cluster:admin/opensearch/ml/unload_model', + 'cluster:admin/opensearch/ml/undeploy_model', + 'cluster:admin/opensearch/ml/undeploy_models', 'cluster:admin/opensearch/ml/upload_model', 'cluster:admin/opensearch/ml/upload_model_chunk', + 'cluster:admin/opensearch/mlinternal/forward', 'cluster:admin/opensearch/observability/create', 'cluster:admin/opensearch/observability/delete', 'cluster:admin/opensearch/observability/get', diff --git a/public/apps/login/login-page.tsx b/public/apps/login/login-page.tsx index 9057e452e..1e5f43dd8 100644 --- a/public/apps/login/login-page.tsx +++ b/public/apps/login/login-page.tsx @@ -35,6 +35,7 @@ import { OPENID_AUTH_LOGIN_WITH_FRAGMENT, SAML_AUTH_LOGIN_WITH_FRAGMENT, } from '../../../common'; +import { getSavedTenant } from '../../utils/storage-utils'; interface LoginPageDeps { http: CoreStart['http']; @@ -49,8 +50,7 @@ interface LoginButtonConfig { buttonstyle: string; } -function redirect(serverBasePath: string) { - // navigate to nextUrl +export function getNextPath(serverBasePath: string) { const urlParams = new URLSearchParams(window.location.search); let nextUrl = urlParams.get('nextUrl'); if (!nextUrl || nextUrl.toLowerCase().includes('//')) { @@ -58,7 +58,26 @@ function redirect(serverBasePath: string) { // redirect to '/'. nextUrl = serverBasePath + '/'; } - window.location.href = nextUrl + window.location.hash; + const savedTenant = getSavedTenant(); + const url = new URL( + window.location.protocol + '//' + window.location.host + nextUrl + window.location.hash + ); + if ( + !!savedTenant && + !( + url.searchParams.has('security_tenant') || + url.searchParams.has('securitytenant') || + url.searchParams.has('securityTenant_') + ) + ) { + url.searchParams.append('security_tenant', savedTenant); + } + return url.pathname + url.search + url.hash; +} + +function redirect(serverBasePath: string) { + // navigate to nextUrl + window.location.href = getNextPath(serverBasePath); } export function extractNextUrlFromWindowLocation(): string { diff --git a/public/apps/login/test/login-page.test.tsx b/public/apps/login/test/login-page.test.tsx index da6222eb3..b03debbbb 100644 --- a/public/apps/login/test/login-page.test.tsx +++ b/public/apps/login/test/login-page.test.tsx @@ -16,11 +16,12 @@ import { shallow } from 'enzyme'; import React from 'react'; import { ClientConfigType } from '../../../types'; -import { LoginPage, extractNextUrlFromWindowLocation } from '../login-page'; +import { LoginPage, extractNextUrlFromWindowLocation, getNextPath } from '../login-page'; import { validateCurrentPassword } from '../../../utils/login-utils'; import { API_AUTH_LOGOUT } from '../../../../common'; import { chromeServiceMock } from '../../../../../../src/core/public/mocks'; import { AuthType } from '../../../../common'; +import { setSavedTenant } from '../../../utils/storage-utils'; jest.mock('../../../utils/login-utils', () => ({ validateCurrentPassword: jest.fn(), @@ -94,6 +95,45 @@ describe('test extractNextUrlFromWindowLocation', () => { }); }); +describe('test redirect', () => { + test('extract redirect excludes security_tenant when no tenant in local storage', () => { + // Trick to mock window.location + const originalLocation = window.location; + delete window.location; + window.location = new URL('http://localhost:5601/app/login?nextUrl=%2Fapp%2Fdashboards') as any; + setSavedTenant(null); + const nextPath = getNextPath(''); + expect(nextPath).toEqual('/app/dashboards'); + window.location = originalLocation; + }); + + test('extract redirect includes security_tenant when tenant in local storage', () => { + const originalLocation = window.location; + delete window.location; + window.location = new URL('http://localhost:5601/app/login?nextUrl=%2Fapp%2Fdashboards'); + setSavedTenant('custom'); + const nextPath = getNextPath(''); + expect(nextPath).toEqual('/app/dashboards?security_tenant=custom'); + setSavedTenant(null); + window.location = originalLocation; + }); + + test('extract redirect includes security_tenant when tenant in local storage, existing url params and hash', () => { + const originalLocation = window.location; + delete window.location; + window.location = new URL( + "http://localhost:5601/app/login?nextUrl=%2Fapp%2Fdashboards?param1=value1#/view/7adfa750-4c81-11e8-b3d7-01146121b73d?_g=(filters:!(),refreshInterval:(pause:!f,value:900000),time:(from:now-24h,to:now))&_a=(description:'Analyze%20mock%20flight%20data%20for%20OpenSearch-Air,%20Logstash%20Airways,%20OpenSearch%20Dashboards%20Airlines%20and%20BeatsWest',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),query:(language:kuery,query:''),timeRestore:!t,title:'%5BFlights%5D%20Global%20Flight%20Dashboard',viewMode:view)" + ); + setSavedTenant('custom'); + const nextPath = getNextPath(''); + expect(nextPath).toEqual( + "/app/dashboards?param1=value1&security_tenant=custom#/view/7adfa750-4c81-11e8-b3d7-01146121b73d?_g=(filters:!(),refreshInterval:(pause:!f,value:900000),time:(from:now-24h,to:now))&_a=(description:'Analyze%20mock%20flight%20data%20for%20OpenSearch-Air,%20Logstash%20Airways,%20OpenSearch%20Dashboards%20Airlines%20and%20BeatsWest',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),query:(language:kuery,query:''),timeRestore:!t,title:'%5BFlights%5D%20Global%20Flight%20Dashboard',viewMode:view)" + ); + setSavedTenant(null); + window.location = originalLocation; + }); +}); + describe('Login page', () => { let chrome: ReturnType; const mockHttpStart = {