Split up a value into multiple cookie payloads #1352

jochen-kressin · 2023-02-28T15:43:08Z

Description

Second shot at a solution for #1311. This should also be seen as more of a RFC than a final pull request. Also, at the moment this only covers SAML.

With this PR, we create additional cookies without changing the Dashboards core code. Unfortunately, this required some not very nice workarounds:

Setting a cookie value and clearing a cookie is done via the raw hapi request's cookieAuth.set() method. The cookieAuth in turn comes from the hapi cookie plugin. The reason for doing this is that we don't have access to the response.state() method with which we'd normally set the cookie
https://github.com/opensearch-project/security-dashboards-plugin/pull/1352/files#diff-0558556cc54b27144ba1c7e6c85065a7c37563f400171438153a8faca97bd757R26
While it is possible to write a cookie without registering it with the hapi server first, this led to some problems with the cookie not being properly cleared. Hence, we opted for another not so nice workaround: We access the SessionStorage object to access the hapi server, and there we add the cookies
https://github.com/opensearch-project/security-dashboards-plugin/pull/1352/files#diff-94c1c398c7b3a2cd568a7ac3bfcd72dc48428eb1995613276a013be4413338c6R60

Additional info

~~For this PoC we have just added two extra cookies. However, the quantity of extra cookies could be made configurable.~~
At the moment, the cookies are not encoded using "Iron". This could be changed in the cookie options though. We'd just have to make sure that we account for the extra space required when using Iron when splitting up the value into the cookies.
~~The names for the cookies are hardcoded as well. They use the cookie.name from the config, and appends 'saml_1' and 'saml_2'. This should probably be made configurable.~~
The number of extra cookies to use is now configurable
The name of the extra cookies are now configurable. The extra cookies will use the configuration value as a prefix, and the append _1, _2 and so on, depending on how many cookies are used

Regarding the additional cookies

The number of extra cookies is configurable now, and defaults to 3. When splitting up the value we take the iron encoding into account, which adds considerably to the written cookie's size
The logic for that can be found here: https://github.com/opensearch-project/security-dashboards-plugin/pull/1352/files#diff-0558556cc54b27144ba1c7e6c85065a7c37563f400171438153a8faca97bd757R82

We assume that Iron adds around 50%
Based on that we try to split up the value, using as few extra cookies as possible
If we know, based on the length of the value to written and the number of configured extra cookies, that we won't have enough cookies to account for the 50% we try to write anyway, but we divide the value evenly between all available cookies. Based on the value, Iron sometimes adds less overhead.
I'm not sure if this is the best way, so I would appreciate your input on this.

Another caveat with having the number of extra cookies configurable would be if the administrators decrease that number, then existing cookies would not be read correctly.
To mitigate this, I guess we could store the maximum number of cookies used in the authHeaderValueExtra when the cookies are written.

But - I would wait for your feedback first, maybe you'd prefer not having the number of cookies configurable at all?

I could also give making the number of cookies completely dynamic based on the needed length another try.
The issue I ran in with this was that I wasn't able to delete the cookies if I did not register them with the Hapi server first.

Iron cookie size

I ran some tests on how much Iron adds to the final cookie size.
This is highly depending on the string, though. In my tests I added different roles to the token, and then compared.
For the SAML provided by @nibix both the compression and the Iron overhead were much better.

Roles	Original JWT	Compressed	Final Cookie	Iron overhead, ca	Comment
5	733	764	1260	+65%
10	839	844	1367	+62%
50	1679	1464	2199	+50%
100	2791	2264	3266	+44%
150	3923	3036	!!! >4096		Too large for the browser
200	5065	3808	!!! >4096		Too large for the browser
Test SAML payload	14096	2860	4055	+42%	Tested with the SAML test token from the issue

Still open

Test error handling if the unsplit value is missing/corrupted.
We added checks to the isValidCookie method that will invalidate the cookie if the value is corrupted somehow, or if writing the cookies did not work.
While this improves the situation a bit, the user will still run into the "too many redirects" error if they have an active session with the IdP, which will then just redirect back the user to Dashboards. If the token still can't be written the redirecting will commence...
The getCookie for SAML needs to be changed before writing the authorization header value https://github.com/opensearch-project/security-dashboards-plugin/pull/1352/files#diff-94c1c398c7b3a2cd568a7ac3bfcd72dc48428eb1995613276a013be4413338c6R118

Untested

Setting cookies after an authorization header was found. E.g. here: https://github.com/opensearch-project/security-dashboards-plugin/pull/1352/files#diff-d782daf5a30c26f91c0430ed18479194b9b562026646e440521516a3e4290651R173
The refresh token flow in Openid

Why these changes are required?

Allow users with many roles to authenticate with SAML in Dashboards.

What is the old behavior before changes and new behavior after changes?

Such users could not log in into Dashboards.

Issues Resolved

Testing

Unit testing
We still need some sample payloads to verify the effectiveness

Check List

New functionality includes testing
New functionality has been documented
Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

peternied · 2023-03-03T16:27:54Z

In this POC the token is split into 2 parts. Can we pull in a library that supports N chunks so we can support a larger upper bound?

nibix · 2023-03-06T13:56:44Z

In this POC the token is split into 2 parts. Can we pull in a library that supports N chunks so we can support a larger upper bound?

Absolutely can do that. :-) But first we should decide whether this is the way to go, as it is also a tradeoff solution with advantages and disadvantages. If we decide that the disadvantages are too heavy, then we should abandon this solution and look for new ones.

Advantages of this solution:

Self-contained, just implemented inside of the security plugin

Disadvantages:

In order to achieve the multi-cookie approach, we need to by-pass Dashboards core APIs in order to be able work on the underlying Hapi APIs. From a sustainability pov, this might be not desirable. However, this might be acceptable if this is just regarded as a temporary solution.

stephen-crawford · 2023-03-06T14:31:57Z

Hi @jochen-kressin and @nibix,

Thank you for sharing this proof of concept. I understand your concerns about the downsides of this implementation, so was wondering if you had found any alternatives in your work that had fewer? Is there another option which would offer more long-term stability?

I think that this option seems promising as a workaround but it is hard to give a strong opinion without knowing the other options you are considering. Do you mind sharing?

Thank you

nibix · 2023-03-06T14:48:53Z

@scrawfor99

Well, if we do not want to bypass Dashboards core APIs, we would need to modify Dashboards core by itself. I cannot give more detail about how this might look in detail, as we also would first need to explore this. Also, we would need to get the Dashboards core team into the boat. I am just wondering whether that would make sense if it is supposed to be just a temporary solution which is supposed to be rolled back when there is actual session support.

stephen-crawford · 2023-03-06T14:58:16Z

Hi @nibix,

Thank you for following up. That clarifies things a bit more for me. I agree with you that a temporary workaround like this may be the best option if we are going to just roll things back. This option seems acceptable for now in light of the future development plans and the tradeoffs. I am in favor of seeing this option implemented.

RyanL1997 · 2023-03-06T17:31:53Z

For this PoC we have just added two extra cookies. However, the quantity of extra cookies could be made configurable.

Hi, @nibix and @jochen-kressin, thanks for sharing this PoC! I do have a general question about the above comment. Let's say if the user reduces the role to less than the size limitation of one cookie? Will we still have two cookies to store these roles?

jochen-kressin · 2023-03-06T20:18:27Z

Hi @RyanL1997,

At the moment, yes. However, the logic for splitting up the payload into two cookies could easily be changed.
If I'm not completely mistaken, Hapi cookies have two steps involved:

Register the cookie with the Hapi server. This adds the cookie name, and also any settings related to the cookie (ttl, encoding, domain etc.). This doesn't automatically add the cookie to the browser though (I would need to double check this, but I'm quite sure). Instead, this only tells Hapi to parse cookies found in the request's set-cookie header.
Set the cookie with the state(cookieName, value, settings?) method. This is where the cookie is actually written and stored in the browser.

So in this case we would always have two cookies registered (step 1 above), but if we change the writing logic to not always split up the payload into two cookies (in step 2 above), I believe only one cookie will be set in the browser.

If we do change this, we need to make sure to account for the encoding setting for the cookie (there is no encoding configured in this PR, but that may be changed to e.g. "Iron"). I.e. it's not enough to just check the token/payload size and call it a day - Iron may add ~30% or more to the size before the value is written, so the "splitting logic" should be aware of that.

I hope I understood your question correctly, otherwise please let me know :)

stephen-crawford

Hi @jochen-kressin thank you for taking the time to write up this PR. Overall, I think things look really good. I left a few questions and comments to do due diligence and make sure I understood your changes. The only thing I would add is that it would be great if the final PR could include some unit and integration tests demonstrating the splitting and recombining process.

For example, you could mock a cookie, split it, and recombine it show to show the process is efficient.

Thank you for all your contributions!

stephen-crawford · 2023-03-28T20:32:11Z

server/auth/types/authentication_type.ts

  protected abstract handleUnauthedRequest(
    request: OpenSearchDashboardsRequest,
    response: LifecycleResponseFactory,
    toolkit: AuthToolkit
  ): IOpenSearchDashboardsResponse | AuthResult;
-  public abstract buildAuthHeaderFromCookie(cookie: SecuritySessionCookie): any;
+  public abstract buildAuthHeaderFromCookie(cookie: SecuritySessionCookie, request: OpenSearchDashboardsRequest): any;


You add in the OpenSearchDashboardsRequest to this line but I am not sure why the changes you are making require this. Could you explain quickly? Thanks.

I added the OpenSearchDashboardsRequests to accommodate for the changes in SAML's and OpenId's buildAuthHeaderFromCookie. There, we now need the request in order to read the the extra cookies.

For example here: https://github.com/opensearch-project/security-dashboards-plugin/pull/1352/files#diff-d782daf5a30c26f91c0430ed18479194b9b562026646e440521516a3e4290651R299

stephen-crawford · 2023-03-28T20:33:56Z

server/auth/types/openid/openid_auth.ts

@@ -60,6 +62,9 @@ export class OpenIdAuthentication extends AuthenticationType {
  private openIdConnectUrl: string;
  private wreckClient: typeof wreck;

+  private readonly extraCookiePrefix: string = '';


What is this for?

That is the cookie prefix that is used by the additional cookies.
I had this before the number of cookies was configurable, and the cookie prefix was the only thing you could configure.

But thanks for pointing this out - since we read the config on multiple places now when interacting with the new cookies, I don't think we need this instance variable. I'll refactor this away.

stephen-crawford · 2023-03-28T20:37:58Z

server/auth/types/openid/openid_auth.ts

@@ -144,27 +171,38 @@ export class OpenIdAuthentication extends AuthenticationType {
  }

  getCookie(request: OpenSearchDashboardsRequest, authInfo: any): SecuritySessionCookie {
+    setExtraAuthStorage(request, request.headers.authorization as string, {
+      cookiePrefix: this.config.openid!.extra_storage.cookie_prefix,


It does not look like config.openid!.extra_storage.cookie_prefix is always set. Is this going to throw an error when the extra storage is 0 because the additional cookies is 0?

I was a bit ambivalent about using ! here. The openId config is and was configured with schema.maybe, so IIRC TypeScript would warn here. But in order to use OpenId we need to configure client_id and client_secret, so at this point the entire config tree should be there.

But, and thanks for pointing this out, there is an error here - if the additional cookies are 0 things will crash. In this PR we always use compression, and the compression will always look for the additional cookies. There is no conditionals checking for 0.
I'll fix that, probably by raising the minimal number of additional cookies to 1.
You left another comment asking if the additional cookies should be configurable - maybe we can remove that config option altogether and just use a sensible (hard coded) default value...

@jochen-kressin Do you think having a hard-coded value could result into the same problem if the chunk size gets too large? or should we fail the request if the cookie size is larger? IMO, we should have it configurable, but I'm not sure and would like to understand your view on this

Yes, the effect would be the same if we have too few cookies for a large chunk size.
So if we do hard code the number of additional cookies, I think it's better to err on the higher side.

Configurable is probably the most flexible way. My concern is that if the admin decreases the number of additional cookies, then already existing cookies will not be valid anymore. But I may be overthinking that.

Regarding failing the request. It is possible to use Hapi's Statehood to encode the cookie and then check the size, but that introduces another step.
And if we do fail the request we probably need to add some kind of error page to redirect to.
I think that currently the worst part with the current cookie size problem is that the user gets stuck in a redirect loop, and there isn't really much they can do to "get out".
Failing the request and redirecting away from that loop makes sense, but at the end of the day the user still can't log in...

stephen-crawford · 2023-03-28T20:39:14Z

server/auth/types/openid/openid_auth.ts

    return {
      username: authInfo.user_name,
      credentials: {
-        authHeaderValue: request.headers.authorization,
+        authHeaderValueExtra: true,


Is this now pass through? Why do we want this to be changed from the previous request.headers.authorization?

Originally I changed this so that existing valid user cookies would still be valid after an upgrade. When checking the cookie for a valid authorization header, both SAML and OpenId will look for authHeaderValue if no authHeaderValueExtra is found.

Gotcha, thank you for the clarification.

Can you add a brief comment on why hard-coding the boolean to true here?

@DarshitChanpura Please see this answer for the reasoning behind it. Always open for suggestions though!
#1352 (comment)

stephen-crawford · 2023-03-28T20:50:09Z

server/auth/types/authentication_type.ts

  protected abstract handleUnauthedRequest(
    request: OpenSearchDashboardsRequest,
    response: LifecycleResponseFactory,
    toolkit: AuthToolkit
  ): IOpenSearchDashboardsResponse | AuthResult;
-  public abstract buildAuthHeaderFromCookie(cookie: SecuritySessionCookie): any;
+  public abstract buildAuthHeaderFromCookie(cookie: SecuritySessionCookie, request: OpenSearchDashboardsRequest): any;


Is it dangerous to return any type here?

I didn't really touch that part, and the returned data still has the same format.
But it may be a good idea to update the return type - I believe all authentication types expect an object with the 'authorization` property set.

stephen-crawford · 2023-03-28T20:53:00Z

server/auth/types/openid/routes.ts

@@ -173,7 +180,7 @@ export class OpenIdAuthRoutes {
          const sessionStorage: SecuritySessionCookie = {
            username: user.username,
            credentials: {
-              authHeaderValue: `Bearer ${tokenResponse.idToken}`,
+              authHeaderValueExtra: true,


Why is this set to true?

Even if we're always using the extra storage, i.e. the additional cookies, I didn't want to move away from the current way of checking for an unauthenticated user. So even if there are extra cookies with a token, the regular cookie would still be required. That way the regular cookie and the additional cookies are synced a little bit, at least.

We could maybe consider a better "syncing mechanism" than just the value true... Like adding a small part of the token, and the rest in the additional cookies perhaps.

Thank you for the clarification. I appreciate your detailed response :)

stephen-crawford · 2023-03-28T20:55:21Z

server/auth/types/saml/routes.ts

            },
            authType: AuthType.SAML, // TODO: create constant
            expiryTime,
          };
+
+          setExtraAuthStorage(request, credentials.authorization, {
+            cookiePrefix: this.config.saml.extra_storage.cookie_prefix,


Do you need the non-null ! flag behind saml in this.config.saml.extra_storage.cookie_prefix?

Good catch. I think this is a leftover. In an earlier version I made the SAML config optional using schema.maybe, just to be consistent with the OpenId config, but then I changed it again.
I can either remove this, or if you want to make the SAML config optional, I would update accordingly. Not sure if there are any benefits making the config optional...?

I think your implementation to make it consistent with OIDC makes sense. That being said, I do not know any specific benefits for the config being optional assuming we have defaults set in place.

Would it break if there are no defaults set in place?

@DarshitChanpura Yes, so there should be defaults in the schema definition.
Re-reading my comment to @scrawfor99, I think I commented on the wrong part of the code, but I will check all the non-null flags again.
And I agree with @scrawfor99, I'm also not aware of any benefits of the config being optional (schema.maybe) provided the definitions has defaults.

stephen-crawford · 2023-03-28T20:56:41Z

server/auth/types/saml/saml_auth.ts

@@ -49,6 +55,30 @@ export class SamlAuthentication extends AuthenticationType {
    logger: Logger
  ) {
    super(config, sessionStorageFactory, router, esClient, coreSetup, logger);
+
+    // Use extra cookie to store the SAML token?
+    if (this.config.saml?.extra_storage.additional_cookies > 0) {


How would we get here without SAML being a valid field at this point? Is the optionallity flag (?) needed?

You are right. Please see my comment to your comment above :)

stephen-crawford · 2023-03-28T20:58:09Z

server/index.ts

@@ -180,8 +180,19 @@ export const configSchema = schema.object({
      verify_hostnames: schema.boolean({ defaultValue: true }),
      refresh_tokens: schema.boolean({ defaultValue: true }),
      trust_dynamic_headers: schema.boolean({ defaultValue: false }),
+      extra_storage: schema.object({
+        cookie_prefix: schema.string({ defaultValue: 'security_authentication_oidc' }),
+        additional_cookies: schema.number({ min: 0, defaultValue: 3 }),


Should this number be made configurable?

Assuming you mean additional_cookies, that's one of the main open questions I have for you. Maybe it is better to just use a sensible default? It's not really expensive to add cookie definitions to Hapi I believe, so maybe 5 or 10 would be a good default and should be enough even for very large tokens?

Configurable might come in handy, but with the current code existing valid cookies would be invalid if the customer would decrease the number of additional cookies.
That case could also be handled of course, but maybe let's decide first if we really do want this configurable.

I see. Thank you for the clarification. I know I asked a lot of questions but from your responses, it looks like you thought of everything already. I agree on waiting for the configur-ability and think that something like 5 would probably be appropriate as a default.

Based on some comments above, should the min number be set to 1 or more?

@DarshitChanpura Yes, 0 additional cookies would actually cause an error now. Fixing.

cwperks

Took a first pass at this PR and left a few comments. I think this approach could work to get by the 4kb browser limitation, but Hapi's own docs also mention they recommend a server side approach. I would like to see some tests around the new behavior.

Cookies have a practical maximum length. All of the data you store in a cookie is sent to the browser. If your cookie is too long, browsers may not set it. Read more here and here. If you need to store more data, store a small amount of identifying data in the cookie and use that as a key to a server-side cache system.

https://hapi.dev/module/cookie/api/?v=12.0.1

cwperks · 2023-03-29T12:56:28Z

server/session/cookie_splitter.ts

+   * Assume that Iron adds around 50%.
+   * Remember that an empty cookie is around 30 bytes
+   */
+  const maxLengthPerCookie = Math.floor(4000 / 1.5);


Can 4000 be made into a constant MAX_LENGTH_OF_COOKIE_BYTES?

Yes, I'll change that.

cwperks · 2023-03-29T12:58:17Z

server/session/cookie_splitter.ts

+  const cookiesNeeded = value.length / maxLengthPerCookie; // Assume 1 bit per character since this value is encoded
+
+  // If the amount of additional cookies aren't enough for our logic, we try to write the value anyway
+  // TODO We could also consider throwing an error, since a failed cookie leads to weird redirects.


Can a message be generated for the cluster admin to increase the limit if we detect this case?

Good idea, that definitely makes sense. By message do you mean a log message with the regular Dashboards logger? That should be doable. I'll add this.

It is safe to return 500 or an equivalent response in such cases and fail the ACS request sent by IDP to OSD.
Not sure about OpenID behaviour in this case.

IdP won't redirect again in such cases. I have observed multiple cases where saml/acs API throws 500 due to error while parsing SAML Response and IdP doesn't do a redirect again.

@anijain-Amazon I think the flow (as it is now) is something like this:

We try to write the token from the IdP in the cookie. We're still happily unaware that the browser won't accept it

A subsequent request checks for the credentials in the cookie and can't find any

The auth code redirects back to the IdP

The IdP has an active session and redirects back to Dashboards with a new token

We repeat from 1

I guess we could throw an error when we're sure that the cookie payload size + Iron encoding is too large.
But then what do we do? Error page perhaps where the problem is explained?

The auth code redirects back to the IdP

This won't happen it will fail with 400 Bad Request in case of SP Initiated login.
In case of IdP initiated login we can return 500 and stop the request flow

cwperks · 2023-03-29T13:01:16Z

server/session/cookie_splitter.ts

+      ? maxLengthPerCookie
+      : Math.ceil(value.length / additionalCookies);
+
+  const rawRequest = ensureRawRequest(request);


Leaving a note here. From the docstring in OSD this function performs Returns underlying Hapi Request.

Ah right, I'll add the type. I vaguely recall there was a reason to why I left it out, but I may be mistaken. Will check and add it.

jochen-kressin · 2023-03-30T12:57:31Z

Hi @jochen-kressin thank you for taking the time to write up this PR. Overall, I think things look really good. I left a few questions and comments to do due diligence and make sure I understood your changes. The only thing I would add is that it would be great if the final PR could include some unit and integration tests demonstrating the splitting and recombining process.

For example, you could mock a cookie, split it, and recombine it show to show the process is efficient.

Thank you for all your contributions!

Thanks for the review and comments!
Hopefully I answered most of your questions, and I also left a question or two of my own :)

Will try to add some definitely well needed tests!

DarshitChanpura

Thank you @jochen-kressin for this contribution!

One generic comment is I have is with the usage of flags ? and ! while extracting values from a chain. Could you see if they are more consistent and only used where required.

Questions:

How do we ensure security against bad actors in this case? will they be able to modify cookies?
Will you be adding tests for this functionality as a part of this PR?

DarshitChanpura · 2023-03-30T13:28:52Z

server/auth/types/openid/openid_auth.ts

@@ -70,6 +75,28 @@ export class OpenIdAuthentication extends AuthenticationType {
  ) {
    super(config, sessionStorageFactory, router, esClient, core, logger);

+    const openidConfig = this.config.openid;
+    if (openidConfig && openidConfig.extra_storage.additional_cookies > 0) {


Can you add a brief comment here on what does the if statement do?

This is kind of an effect of what you pointed out in your comment above - the usage of ? and ! flags isn't consistent.
So this is kind of just a shorthand to check if we have the openIdConfig at all. If we do, extra_storage and all its nested properties are there.

I'll check this again.

DarshitChanpura · 2023-03-30T13:31:47Z

server/auth/types/openid/openid_auth.ts

@@ -144,27 +171,38 @@ export class OpenIdAuthentication extends AuthenticationType {
  }

  getCookie(request: OpenSearchDashboardsRequest, authInfo: any): SecuritySessionCookie {
+    setExtraAuthStorage(request, request.headers.authorization as string, {
+      cookiePrefix: this.config.openid!.extra_storage.cookie_prefix,


@jochen-kressin Do you think having a hard-coded value could result into the same problem if the chunk size gets too large? or should we fail the request if the cookie size is larger? IMO, we should have it configurable, but I'm not sure and would like to understand your view on this

DarshitChanpura · 2023-03-30T13:32:45Z

server/auth/types/openid/openid_auth.ts

@@ -144,27 +171,38 @@ export class OpenIdAuthentication extends AuthenticationType {
  }

  getCookie(request: OpenSearchDashboardsRequest, authInfo: any): SecuritySessionCookie {
+    setExtraAuthStorage(request, request.headers.authorization as string, {
+      cookiePrefix: this.config.openid!.extra_storage.cookie_prefix,
+      additionalCookies: this.config.openid!.extra_storage.additional_cookies,


if this is ever going to be null. we can rewrite it as: additionalCookies: this.config.openid?.extra_storage.additional_cookies || <default-number>

I would like to keep relying on a default number in the schema definition itself, just to avoid having multiple "sources of truth".

I'll check this again though. We shouldn't really be at this point if config.openid isn't configured.

DarshitChanpura · 2023-03-30T13:34:12Z

server/auth/types/openid/openid_auth.ts

    return {
      username: authInfo.user_name,
      credentials: {
-        authHeaderValue: request.headers.authorization,
+        authHeaderValueExtra: true,


Can you add a brief comment on why hard-coding the boolean to true here?

DarshitChanpura · 2023-03-30T13:40:10Z

server/auth/types/openid/openid_auth.ts

    if (
      cookie.authType !== this.type ||
      !cookie.username ||
      !cookie.expiryTime ||
-      !cookie.credentials?.authHeaderValue ||
+      (!cookie.credentials?.authHeaderValue &&


Should this be modified to authHeaderValueExtra?

@DarshitChanpura Oh, I believe so yes - will check, thanks!

DarshitChanpura · 2023-03-30T14:36:50Z

server/auth/types/saml/routes.ts

            },
            authType: AuthType.SAML, // TODO: create constant
            expiryTime,
          };
+
+          setExtraAuthStorage(request, credentials.authorization, {
+            cookiePrefix: this.config.saml.extra_storage.cookie_prefix,


Would it break if there are no defaults set in place?

DarshitChanpura · 2023-03-30T14:38:20Z

server/auth/types/saml/routes.ts

-          await clearSplitCookies(request, extraCookieName);
+          await clearSplitCookies(request, {
+              cookiePrefix: extraCookiePrefix,
+              additionalCookies: this.config.saml.extra_storage.additional_cookies


this might need this.config.saml!...similar to L#234

DarshitChanpura · 2023-03-30T15:15:38Z

server/auth/types/saml/saml_auth.ts

+      ] as string;
+
+    setExtraAuthStorage(request, authorizationHeaderValue, {
+      cookiePrefix: this.config.saml!.extra_storage.cookie_prefix,


! is used inconsistently in the file. Is that intentional?

why not user ? instead?

With ! if saml didn't exist at the time of method execution then, this might throw Cannot read properties of undefined [....] error.
And if it will always exist then we don't need any flag here

Not intentional. At the current state in the saml definition will always be there with default values set.
But I may need to make it consistent with config.openid.

DarshitChanpura · 2023-03-30T15:43:55Z

server/index.ts

@@ -180,8 +180,19 @@ export const configSchema = schema.object({
      verify_hostnames: schema.boolean({ defaultValue: true }),
      refresh_tokens: schema.boolean({ defaultValue: true }),
      trust_dynamic_headers: schema.boolean({ defaultValue: false }),
+      extra_storage: schema.object({
+        cookie_prefix: schema.string({ defaultValue: 'security_authentication_oidc' }),
+        additional_cookies: schema.number({ min: 0, defaultValue: 3 }),


Based on some comments above, should the min number be set to 1 or more?

server/session/cookie_splitter.ts

expani · 2023-04-01T17:53:12Z

As mentioned in the RFC by @jochen-kressin

The main questions going forward whether you would like the number of cookies to be configurable. There are some drawbacks to that, mainly related to if the customer changes the number of cookies.

We are currently retrieving the value for ExtraAuthStorageOptions.additionalCookies directly from the configuration.

The number of spilts done on the JWT Token gets lost on a configuration update by the user.

If we also store this data while writing multiple cookies, then we can derive the parameter ExtraAuthStorageOptions.additionalCookies every time while reading all the split cookies.

We can choose another cookie to store the metadata or store it at the start before the encoded cookie.

This can give user flexibility on changing the configuration as they desire.

References

ExtraAuthStorageOptions.additionalCookies - Variable in PR used to denote the number of splits done to a cookie.

expani · 2023-04-03T11:55:55Z

@jochen-kressin We are currently keeping the number of cookies configurable an are using it to generate the number of split cookies.

I can see from the implementation that we will use these many cookies irrespective of whether the underlying data requires it or not.

Can we use this configuration as a upper bound instead ? This will ensure that for users with small number of roles we don't end creating empty cookies.

expani · 2023-04-03T13:40:54Z

server/session/cookie_splitter.ts

+  }
+
+  values.forEach(async (cookieSplitValue: string, index: number) => {
+    const cookieName: string = cookiePrefix + '_' + (index + 1);


We can use a constant to refer to the cookie name delimiter _

jochen-kressin · 2023-04-03T19:25:28Z

@jochen-kressin We are currently keeping the number of cookies configurable an are using it to generate the number of split cookies.

I can see from the implementation that we will use these many cookies irrespective of whether the underlying data requires it or not.

Can we use this configuration as a upper bound instead ? This will ensure that for users with small number of roles we don't end creating empty cookies.

@anijain-Amazon Regarding "creating empty cookies". I added some info about the cookie creation here: #1352 (comment)
While we do register the cookie with Hapi, we don't really write them to the browser if they aren't needed.

The reason that we register the cookies with Hapi is that we then get the (iron) decoding "for free" within the request.
Otherwise we'd need to parse the cookies ourselves. Also doable, but that comes with another set of required changes :)

davidlago · 2023-04-05T12:17:48Z

@jochen-kressin, just to double-check, what would the behavior be during an upgrade for users already logged-in with "old style" cookies in their browsers, when the next call goes out to the backend that now understands the "new style" of cookies? Would they get logged off and prompted to log back in? or would they see some kind of error? If it is the latter, it might make for a frustrating/confusing user experience.

jochen-kressin · 2023-04-05T13:56:16Z

@jochen-kressin, just to double-check, what would the behavior be during an upgrade for users already logged-in with "old style" cookies in their browsers, when the next call goes out to the backend that now understands the "new style" of cookies? Would they get logged off and prompted to log back in? or would they see some kind of error? If it is the latter, it might make for a frustrating/confusing user experience.

@davidlago I tested this again to make sure, and a cookie created before the upgrade would still be valid.
The communication with the backend hasn't changed - it is still handled by the authorization header. Only the way the authorization header is retrieved has been changed.
So it goes something like this:

SAML or OpenId handles the request
Their respective buildAuthHeaderFromCookie methods first checks if the cookie has the property authHeaderValueExtra.
If yes - the new style is used, meaning that we retrieve the actual value from the new cookies and then use that for the authorization header.
If no - we fall back to look for the "old" authHeaderValue in the cookie and builds the authorization header as it did before this change.

That remains until the session expires or the user actively logs in again, at which point they would receive the "new format" in the cookie.

expani · 2023-04-05T15:36:07Z

@jochen-kressin The approach still has a problem with having additionalCookies as configurable right ? If a user reduces the number of additionalCookies in SAML Config, then their older cookies won't work. Please correct me if I am wrong or if that has been handled.

Essentially, the concerns you raised here #1311 (comment)

Maybe we can try something on these lines #1352 (comment)

nibix · 2023-04-05T16:05:14Z

@anijain-Amazon

If a user reduces the number of additionalCookies in SAML Config, then their older cookies won't work.

Can't this be just handled by documenting it? Generally, it seems a very seldom thing that an administrator would want to reduce the number of cookies registered in Hapi. I am not sure whether big efforts should be spent on handling this in the code.

expani · 2023-04-05T16:10:22Z

Can't this be just handled by documenting it?

Yes we can document it. But, there is still a possibility of user changing it unknowingly ( human errors ) and lead to a bad user experience especially with larger user base.

davidlago · 2023-04-05T17:38:04Z

Thanks @anijain-Amazon for pointing this out. It is a good reminder that we need to make sure we document this (I am tagging the team to take a look). At this point I'm inclined to proceed with these changes as-is and prioritize the remaining time until code freeze making sure we have good test coverage for them.

* PoC for splitting up a value into multiple cookie payloads Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Cookie splitting for OpenId and SAML Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Changes after review comments Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * WIP: First unit tests Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * More unit tests Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Fix for multi auth, request argument was missing Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Fixed linting errors Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Added one additional cookie for the SAML integration tests Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> --------- Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> (cherry picked from commit c5cdbbb)

cwperks · 2023-04-17T13:25:38Z

@anijain-Amazon This will be included in the 2.7 release. I have added the backport labels to this PR and the v2.7.0 label to the associated issue. The backport PRs will be merged before code freeze tomorrow.

* PoC for splitting up a value into multiple cookie payloads Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Cookie splitting for OpenId and SAML Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Changes after review comments Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * WIP: First unit tests Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * More unit tests Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Fix for multi auth, request argument was missing Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Fixed linting errors Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Added one additional cookie for the SAML integration tests Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> --------- Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> (cherry picked from commit c5cdbbb) Co-authored-by: Jochen Kressin <126353411+jochen-kressin@users.noreply.github.com>

* PoC for splitting up a value into multiple cookie payloads Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Cookie splitting for OpenId and SAML Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Changes after review comments Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * WIP: First unit tests Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * More unit tests Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Fix for multi auth, request argument was missing Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Fixed linting errors Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Added one additional cookie for the SAML integration tests Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> --------- Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com>

* Replace legacy template with index template (#1359) Signed-off-by: Chang Liu <lc12251109@gmail.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * added loginEndPointWithPath (#1358) * added loginEndPointWithPath Signed-off-by: Mattijs Vanhaverbeke <mattijs-v@live.be> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Add release notes for 1.3.9 (#1379) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * No blank backend role before adding a new one in Create User page (#1384) * Add last backend role empty check Signed-off-by: nursaadat <SNursultan@dar.kz> Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> * Add backend role empty check Signed-off-by: nursaadat <SNursultan@dar.kz> Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> * Add strict comparison Signed-off-by: nursaadat <SNursultan@dar.kz> Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> * Fix lint errors Signed-off-by: nursaadat <SNursultan@dar.kz> Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> * Add tests for backend role panel Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> * Fix lint errors Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> --------- Signed-off-by: nursaadat <SNursultan@dar.kz> Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> Co-authored-by: nursaadat <SNursultan@dar.kz> Co-authored-by: Saadat Nursultan <nursultan.saadat@gmail.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Fix script for Windows (#1393) * Fix script for Windows Signed-off-by: nurbqq <nurbakhyt.sembayev@gmail.com> Signed-off-by: nurbqq <106753054+nurbq@users.noreply.github.com> Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding new actions for ppl and datasource apis (#1395) * Adding new actions for ppl and datasource apis Signed-off-by: vamsi-amazon <reddyvam@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Fix "Get started" image is not adaptive to the browser window size. (#1396) * Fixed get-started page image not adapting to the browser window size Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> * Update fix by applying suggested changes Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> * Update unit tests snapshot Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> --------- Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Split up a value into multiple cookie payloads (#1352) * PoC for splitting up a value into multiple cookie payloads Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Cookie splitting for OpenId and SAML Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Changes after review comments Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * WIP: First unit tests Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * More unit tests Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Fix for multi auth, request argument was missing Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Fixed linting errors Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Added one additional cookie for the SAML integration tests Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> --------- Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Dynamic tenancy configurations (#1394) * Dynamic multitenancy feature. Signed-off-by: Abhi Kalra <abhivka@amazon.com> * Dynamic multitenancy feature -PR feedback Signed-off-by: Abhi Kalra <abhivka@amazon.com> --------- Signed-off-by: Abhi Kalra <abhivka@amazon.com> Co-authored-by: Abhi Kalra <abhivka@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Add release notes for 2.7.0 (#1407) * Add release notes for 2.7.0 Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removes tiny.amazon.com links (#1420) Signed-off-by: Darshit Chanpura <dchanp@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Fixing dynamic tenancy changes for issues 1412 (#1419) * Fixing dynamic tenancy changes for opensearchdasbhoard.yaml Signed-off-by: Abhi Kalra <abhivka@amazon.com> Co-authored-by: Abhi Kalra <abhivka@amazon.com> Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Change the testuser's password in some integration test cases into a stronger password (#1428) * Change the testuser's password into a stronger password Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Increment version to 3.0.0.0 (#1414) Signed-off-by: opensearch-ci-bot <opensearch-infra@amazon.com> Co-authored-by: opensearch-ci-bot <opensearch-infra@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adds the newly created admin api permissions to the static dropdown list (#1426) * Adds the newly created admin api permissions to the static dropdown of permissions displayed when creating/modifying a role --------- Signed-off-by: Darshit Chanpura <dchanp@amazon.com> Co-authored-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Update account-nav-button.tsx Fix added to set the window.location to the pathname, rather than just reload & clear lastURL as it would be from the previous tenant. Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Update account-nav-button.tsx Adding comments to explain changes Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * add new cluster permissions constants for lron (#1444) Signed-off-by: zhichao-aws <zhichaog@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * removing whitespace due to linting fix Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests for account-nav-button wip Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * put commented code to original state Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Skip flaky SAML test as it awaits a fix (#1453) Signed-off-by: Craig Perkins <craig5008@gmail.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Use version from package.json for integration tests (#1463) * Use version from package.json for integration tests Signed-off-by: Craig Perkins <cwperx@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adds 2.8 release notes (#1464) Signed-off-by: Darshit Chanpura <dchanp@amazon.com> Co-authored-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests to jest test for tenant switch. Putting test in correct folder and renaming function. Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * handle switch calling correct function Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * checking for session storage Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * adding window to make sessionStorage more explicit Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Moved the test into account-nav-button.test.tsx Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing additional files. Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Declared session storage as a constant Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Update account-nav-button.tsx Fix added to set the window.location to the pathname, rather than just reload & clear lastURL as it would be from the previous tenant. Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Update account-nav-button.tsx Adding comments to explain changes Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * removing whitespace due to linting fix Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests for account-nav-button wip Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * put commented code to original state Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests to jest test for tenant switch. Putting test in correct folder and renaming function. Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * handle switch calling correct function Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing additional files. Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Fix unwanted changes Signed-off-by: Darshit Chanpura <dchanp@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Update account-nav-button.tsx Fix added to set the window.location to the pathname, rather than just reload & clear lastURL as it would be from the previous tenant. Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests for account-nav-button wip Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests to jest test for tenant switch. Putting test in correct folder and renaming function. Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * checking for session storage Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Declared session storage as a constant Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests for account-nav-button wip Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests to jest test for tenant switch. Putting test in correct folder and renaming function. Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Moved the test into account-nav-button.test.tsx Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Dynamic tenancy configurations (#1394) * Dynamic multitenancy feature. Signed-off-by: Abhi Kalra <abhivka@amazon.com> * Dynamic multitenancy feature -PR feedback Signed-off-by: Abhi Kalra <abhivka@amazon.com> --------- Signed-off-by: Abhi Kalra <abhivka@amazon.com> Co-authored-by: Abhi Kalra <abhivka@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Fixing dynamic tenancy changes for issues 1412 (#1419) * Fixing dynamic tenancy changes for opensearchdasbhoard.yaml Signed-off-by: Abhi Kalra <abhivka@amazon.com> Co-authored-by: Abhi Kalra <abhivka@amazon.com> Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Use version from package.json for integration tests (#1463) * Use version from package.json for integration tests Signed-off-by: Craig Perkins <cwperx@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing unneded file Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> --------- Signed-off-by: Chang Liu <lc12251109@gmail.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: nursaadat <SNursultan@dar.kz> Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> Signed-off-by: nurbqq <nurbakhyt.sembayev@gmail.com> Signed-off-by: nurbqq <106753054+nurbq@users.noreply.github.com> Signed-off-by: vamsi-amazon <reddyvam@amazon.com> Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> Signed-off-by: Abhi Kalra <abhivka@amazon.com> Signed-off-by: Darshit Chanpura <dchanp@amazon.com> Signed-off-by: opensearch-ci-bot <opensearch-infra@amazon.com> Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: zhichao-aws <zhichaog@amazon.com> Signed-off-by: Craig Perkins <craig5008@gmail.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: Craig Perkins <cwperx@amazon.com> Co-authored-by: Chang Liu <lc12251109@gmail.com> Co-authored-by: mattieserver <3049868+mattieserver@users.noreply.github.com> Co-authored-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Co-authored-by: Saadat Nursultan <39532643+nurSaadat@users.noreply.github.com> Co-authored-by: nursaadat <SNursultan@dar.kz> Co-authored-by: Saadat Nursultan <nursultan.saadat@gmail.com> Co-authored-by: Nurbakhyt Sembayev <106753054+nurbq@users.noreply.github.com> Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Co-authored-by: Vamsi Manohar <reddyvam@amazon.com> Co-authored-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> Co-authored-by: Jochen Kressin <126353411+jochen-kressin@users.noreply.github.com> Co-authored-by: Abhi Kalra <99718513+abhivka7@users.noreply.github.com> Co-authored-by: Abhi Kalra <abhivka@amazon.com> Co-authored-by: Darshit Chanpura <35282393+DarshitChanpura@users.noreply.github.com> Co-authored-by: opensearch-trigger-bot[bot] <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Co-authored-by: opensearch-ci-bot <opensearch-infra@amazon.com> Co-authored-by: zhichao-aws <zhichaog@amazon.com> Co-authored-by: Craig Perkins <cwperx@amazon.com> Co-authored-by: Darshit Chanpura <dchanp@amazon.com>

* Replace legacy template with index template (#1359) Signed-off-by: Chang Liu <lc12251109@gmail.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * added loginEndPointWithPath (#1358) * added loginEndPointWithPath Signed-off-by: Mattijs Vanhaverbeke <mattijs-v@live.be> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Add release notes for 1.3.9 (#1379) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * No blank backend role before adding a new one in Create User page (#1384) * Add last backend role empty check Signed-off-by: nursaadat <SNursultan@dar.kz> Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> * Add backend role empty check Signed-off-by: nursaadat <SNursultan@dar.kz> Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> * Add strict comparison Signed-off-by: nursaadat <SNursultan@dar.kz> Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> * Fix lint errors Signed-off-by: nursaadat <SNursultan@dar.kz> Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> * Add tests for backend role panel Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> * Fix lint errors Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> --------- Signed-off-by: nursaadat <SNursultan@dar.kz> Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> Co-authored-by: nursaadat <SNursultan@dar.kz> Co-authored-by: Saadat Nursultan <nursultan.saadat@gmail.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Fix script for Windows (#1393) * Fix script for Windows Signed-off-by: nurbqq <nurbakhyt.sembayev@gmail.com> Signed-off-by: nurbqq <106753054+nurbq@users.noreply.github.com> Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding new actions for ppl and datasource apis (#1395) * Adding new actions for ppl and datasource apis Signed-off-by: vamsi-amazon <reddyvam@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Fix "Get started" image is not adaptive to the browser window size. (#1396) * Fixed get-started page image not adapting to the browser window size Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> * Update fix by applying suggested changes Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> * Update unit tests snapshot Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> --------- Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Split up a value into multiple cookie payloads (#1352) * PoC for splitting up a value into multiple cookie payloads Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Cookie splitting for OpenId and SAML Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Changes after review comments Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * WIP: First unit tests Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * More unit tests Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Fix for multi auth, request argument was missing Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Fixed linting errors Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Added one additional cookie for the SAML integration tests Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> --------- Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Dynamic tenancy configurations (#1394) * Dynamic multitenancy feature. Signed-off-by: Abhi Kalra <abhivka@amazon.com> * Dynamic multitenancy feature -PR feedback Signed-off-by: Abhi Kalra <abhivka@amazon.com> --------- Signed-off-by: Abhi Kalra <abhivka@amazon.com> Co-authored-by: Abhi Kalra <abhivka@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Add release notes for 2.7.0 (#1407) * Add release notes for 2.7.0 Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removes tiny.amazon.com links (#1420) Signed-off-by: Darshit Chanpura <dchanp@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Fixing dynamic tenancy changes for issues 1412 (#1419) * Fixing dynamic tenancy changes for opensearchdasbhoard.yaml Signed-off-by: Abhi Kalra <abhivka@amazon.com> Co-authored-by: Abhi Kalra <abhivka@amazon.com> Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Change the testuser's password in some integration test cases into a stronger password (#1428) * Change the testuser's password into a stronger password Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Increment version to 3.0.0.0 (#1414) Signed-off-by: opensearch-ci-bot <opensearch-infra@amazon.com> Co-authored-by: opensearch-ci-bot <opensearch-infra@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adds the newly created admin api permissions to the static dropdown list (#1426) * Adds the newly created admin api permissions to the static dropdown of permissions displayed when creating/modifying a role --------- Signed-off-by: Darshit Chanpura <dchanp@amazon.com> Co-authored-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Update account-nav-button.tsx Fix added to set the window.location to the pathname, rather than just reload & clear lastURL as it would be from the previous tenant. Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Update account-nav-button.tsx Adding comments to explain changes Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * add new cluster permissions constants for lron (#1444) Signed-off-by: zhichao-aws <zhichaog@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * removing whitespace due to linting fix Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests for account-nav-button wip Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * put commented code to original state Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Skip flaky SAML test as it awaits a fix (#1453) Signed-off-by: Craig Perkins <craig5008@gmail.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Use version from package.json for integration tests (#1463) * Use version from package.json for integration tests Signed-off-by: Craig Perkins <cwperx@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adds 2.8 release notes (#1464) Signed-off-by: Darshit Chanpura <dchanp@amazon.com> Co-authored-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests to jest test for tenant switch. Putting test in correct folder and renaming function. Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * handle switch calling correct function Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * checking for session storage Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * adding window to make sessionStorage more explicit Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Moved the test into account-nav-button.test.tsx Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing additional files. Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Declared session storage as a constant Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Update account-nav-button.tsx Fix added to set the window.location to the pathname, rather than just reload & clear lastURL as it would be from the previous tenant. Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Update account-nav-button.tsx Adding comments to explain changes Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * removing whitespace due to linting fix Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests for account-nav-button wip Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * put commented code to original state Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests to jest test for tenant switch. Putting test in correct folder and renaming function. Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * handle switch calling correct function Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing additional files. Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Fix unwanted changes Signed-off-by: Darshit Chanpura <dchanp@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Update account-nav-button.tsx Fix added to set the window.location to the pathname, rather than just reload & clear lastURL as it would be from the previous tenant. Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests for account-nav-button wip Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests to jest test for tenant switch. Putting test in correct folder and renaming function. Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * checking for session storage Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Declared session storage as a constant Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests for account-nav-button wip Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests to jest test for tenant switch. Putting test in correct folder and renaming function. Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Moved the test into account-nav-button.test.tsx Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Dynamic tenancy configurations (#1394) * Dynamic multitenancy feature. Signed-off-by: Abhi Kalra <abhivka@amazon.com> * Dynamic multitenancy feature -PR feedback Signed-off-by: Abhi Kalra <abhivka@amazon.com> --------- Signed-off-by: Abhi Kalra <abhivka@amazon.com> Co-authored-by: Abhi Kalra <abhivka@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Fixing dynamic tenancy changes for issues 1412 (#1419) * Fixing dynamic tenancy changes for opensearchdasbhoard.yaml Signed-off-by: Abhi Kalra <abhivka@amazon.com> Co-authored-by: Abhi Kalra <abhivka@amazon.com> Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Use version from package.json for integration tests (#1463) * Use version from package.json for integration tests Signed-off-by: Craig Perkins <cwperx@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing unneded file Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> --------- Signed-off-by: Chang Liu <lc12251109@gmail.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: nursaadat <SNursultan@dar.kz> Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> Signed-off-by: nurbqq <nurbakhyt.sembayev@gmail.com> Signed-off-by: nurbqq <106753054+nurbq@users.noreply.github.com> Signed-off-by: vamsi-amazon <reddyvam@amazon.com> Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> Signed-off-by: Abhi Kalra <abhivka@amazon.com> Signed-off-by: Darshit Chanpura <dchanp@amazon.com> Signed-off-by: opensearch-ci-bot <opensearch-infra@amazon.com> Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: zhichao-aws <zhichaog@amazon.com> Signed-off-by: Craig Perkins <craig5008@gmail.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: Craig Perkins <cwperx@amazon.com> Co-authored-by: Chang Liu <lc12251109@gmail.com> Co-authored-by: mattieserver <3049868+mattieserver@users.noreply.github.com> Co-authored-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Co-authored-by: Saadat Nursultan <39532643+nurSaadat@users.noreply.github.com> Co-authored-by: nursaadat <SNursultan@dar.kz> Co-authored-by: Saadat Nursultan <nursultan.saadat@gmail.com> Co-authored-by: Nurbakhyt Sembayev <106753054+nurbq@users.noreply.github.com> Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Co-authored-by: Vamsi Manohar <reddyvam@amazon.com> Co-authored-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> Co-authored-by: Jochen Kressin <126353411+jochen-kressin@users.noreply.github.com> Co-authored-by: Abhi Kalra <99718513+abhivka7@users.noreply.github.com> Co-authored-by: Abhi Kalra <abhivka@amazon.com> Co-authored-by: Darshit Chanpura <35282393+DarshitChanpura@users.noreply.github.com> Co-authored-by: opensearch-trigger-bot[bot] <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Co-authored-by: opensearch-ci-bot <opensearch-infra@amazon.com> Co-authored-by: zhichao-aws <zhichaog@amazon.com> Co-authored-by: Craig Perkins <cwperx@amazon.com> Co-authored-by: Darshit Chanpura <dchanp@amazon.com> (cherry picked from commit 7f4e0f2)

* Replace legacy template with index template (#1359) Signed-off-by: Chang Liu <lc12251109@gmail.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * added loginEndPointWithPath (#1358) * added loginEndPointWithPath Signed-off-by: Mattijs Vanhaverbeke <mattijs-v@live.be> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Add release notes for 1.3.9 (#1379) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * No blank backend role before adding a new one in Create User page (#1384) * Add last backend role empty check Signed-off-by: nursaadat <SNursultan@dar.kz> Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> * Add backend role empty check Signed-off-by: nursaadat <SNursultan@dar.kz> Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> * Add strict comparison Signed-off-by: nursaadat <SNursultan@dar.kz> Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> * Fix lint errors Signed-off-by: nursaadat <SNursultan@dar.kz> Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> * Add tests for backend role panel Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> * Fix lint errors Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> --------- Signed-off-by: nursaadat <SNursultan@dar.kz> Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> Co-authored-by: nursaadat <SNursultan@dar.kz> Co-authored-by: Saadat Nursultan <nursultan.saadat@gmail.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Fix script for Windows (#1393) * Fix script for Windows Signed-off-by: nurbqq <nurbakhyt.sembayev@gmail.com> Signed-off-by: nurbqq <106753054+nurbq@users.noreply.github.com> Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding new actions for ppl and datasource apis (#1395) * Adding new actions for ppl and datasource apis Signed-off-by: vamsi-amazon <reddyvam@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Fix "Get started" image is not adaptive to the browser window size. (#1396) * Fixed get-started page image not adapting to the browser window size Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> * Update fix by applying suggested changes Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> * Update unit tests snapshot Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> --------- Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Split up a value into multiple cookie payloads (#1352) * PoC for splitting up a value into multiple cookie payloads Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Cookie splitting for OpenId and SAML Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Changes after review comments Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * WIP: First unit tests Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * More unit tests Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Fix for multi auth, request argument was missing Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Fixed linting errors Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Added one additional cookie for the SAML integration tests Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> --------- Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Dynamic tenancy configurations (#1394) * Dynamic multitenancy feature. Signed-off-by: Abhi Kalra <abhivka@amazon.com> * Dynamic multitenancy feature -PR feedback Signed-off-by: Abhi Kalra <abhivka@amazon.com> --------- Signed-off-by: Abhi Kalra <abhivka@amazon.com> Co-authored-by: Abhi Kalra <abhivka@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Add release notes for 2.7.0 (#1407) * Add release notes for 2.7.0 Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removes tiny.amazon.com links (#1420) Signed-off-by: Darshit Chanpura <dchanp@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Fixing dynamic tenancy changes for issues 1412 (#1419) * Fixing dynamic tenancy changes for opensearchdasbhoard.yaml Signed-off-by: Abhi Kalra <abhivka@amazon.com> Co-authored-by: Abhi Kalra <abhivka@amazon.com> Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Change the testuser's password in some integration test cases into a stronger password (#1428) * Change the testuser's password into a stronger password Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Increment version to 3.0.0.0 (#1414) Signed-off-by: opensearch-ci-bot <opensearch-infra@amazon.com> Co-authored-by: opensearch-ci-bot <opensearch-infra@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adds the newly created admin api permissions to the static dropdown list (#1426) * Adds the newly created admin api permissions to the static dropdown of permissions displayed when creating/modifying a role --------- Signed-off-by: Darshit Chanpura <dchanp@amazon.com> Co-authored-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Update account-nav-button.tsx Fix added to set the window.location to the pathname, rather than just reload & clear lastURL as it would be from the previous tenant. Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Update account-nav-button.tsx Adding comments to explain changes Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * add new cluster permissions constants for lron (#1444) Signed-off-by: zhichao-aws <zhichaog@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * removing whitespace due to linting fix Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests for account-nav-button wip Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * put commented code to original state Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Skip flaky SAML test as it awaits a fix (#1453) Signed-off-by: Craig Perkins <craig5008@gmail.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Use version from package.json for integration tests (#1463) * Use version from package.json for integration tests Signed-off-by: Craig Perkins <cwperx@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adds 2.8 release notes (#1464) Signed-off-by: Darshit Chanpura <dchanp@amazon.com> Co-authored-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests to jest test for tenant switch. Putting test in correct folder and renaming function. Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * handle switch calling correct function Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * checking for session storage Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * adding window to make sessionStorage more explicit Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Moved the test into account-nav-button.test.tsx Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing additional files. Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Declared session storage as a constant Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Update account-nav-button.tsx Fix added to set the window.location to the pathname, rather than just reload & clear lastURL as it would be from the previous tenant. Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Update account-nav-button.tsx Adding comments to explain changes Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * removing whitespace due to linting fix Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests for account-nav-button wip Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * put commented code to original state Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests to jest test for tenant switch. Putting test in correct folder and renaming function. Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * handle switch calling correct function Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing additional files. Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Fix unwanted changes Signed-off-by: Darshit Chanpura <dchanp@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Update account-nav-button.tsx Fix added to set the window.location to the pathname, rather than just reload & clear lastURL as it would be from the previous tenant. Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests for account-nav-button wip Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests to jest test for tenant switch. Putting test in correct folder and renaming function. Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * checking for session storage Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Declared session storage as a constant Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests for account-nav-button wip Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests to jest test for tenant switch. Putting test in correct folder and renaming function. Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Moved the test into account-nav-button.test.tsx Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Dynamic tenancy configurations (#1394) * Dynamic multitenancy feature. Signed-off-by: Abhi Kalra <abhivka@amazon.com> * Dynamic multitenancy feature -PR feedback Signed-off-by: Abhi Kalra <abhivka@amazon.com> --------- Signed-off-by: Abhi Kalra <abhivka@amazon.com> Co-authored-by: Abhi Kalra <abhivka@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Fixing dynamic tenancy changes for issues 1412 (#1419) * Fixing dynamic tenancy changes for opensearchdasbhoard.yaml Signed-off-by: Abhi Kalra <abhivka@amazon.com> Co-authored-by: Abhi Kalra <abhivka@amazon.com> Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Use version from package.json for integration tests (#1463) * Use version from package.json for integration tests Signed-off-by: Craig Perkins <cwperx@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing unneded file Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> --------- Signed-off-by: Chang Liu <lc12251109@gmail.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: nursaadat <SNursultan@dar.kz> Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> Signed-off-by: nurbqq <nurbakhyt.sembayev@gmail.com> Signed-off-by: nurbqq <106753054+nurbq@users.noreply.github.com> Signed-off-by: vamsi-amazon <reddyvam@amazon.com> Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> Signed-off-by: Abhi Kalra <abhivka@amazon.com> Signed-off-by: Darshit Chanpura <dchanp@amazon.com> Signed-off-by: opensearch-ci-bot <opensearch-infra@amazon.com> Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: zhichao-aws <zhichaog@amazon.com> Signed-off-by: Craig Perkins <craig5008@gmail.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: Craig Perkins <cwperx@amazon.com> Co-authored-by: Chang Liu <lc12251109@gmail.com> Co-authored-by: mattieserver <3049868+mattieserver@users.noreply.github.com> Co-authored-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Co-authored-by: Saadat Nursultan <39532643+nurSaadat@users.noreply.github.com> Co-authored-by: nursaadat <SNursultan@dar.kz> Co-authored-by: Saadat Nursultan <nursultan.saadat@gmail.com> Co-authored-by: Nurbakhyt Sembayev <106753054+nurbq@users.noreply.github.com> Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Co-authored-by: Vamsi Manohar <reddyvam@amazon.com> Co-authored-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> Co-authored-by: Jochen Kressin <126353411+jochen-kressin@users.noreply.github.com> Co-authored-by: Abhi Kalra <99718513+abhivka7@users.noreply.github.com> Co-authored-by: Abhi Kalra <abhivka@amazon.com> Co-authored-by: Darshit Chanpura <35282393+DarshitChanpura@users.noreply.github.com> Co-authored-by: opensearch-trigger-bot[bot] <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Co-authored-by: opensearch-ci-bot <opensearch-infra@amazon.com> Co-authored-by: zhichao-aws <zhichaog@amazon.com> Co-authored-by: Craig Perkins <cwperx@amazon.com> Co-authored-by: Darshit Chanpura <dchanp@amazon.com> (cherry picked from commit 7f4e0f2) Co-authored-by: leanneeliatra <131779422+leanneeliatra@users.noreply.github.com>

…ect#1450) * Replace legacy template with index template (opensearch-project#1359) Signed-off-by: Chang Liu <lc12251109@gmail.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * added loginEndPointWithPath (opensearch-project#1358) * added loginEndPointWithPath Signed-off-by: Mattijs Vanhaverbeke <mattijs-v@live.be> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Add release notes for 1.3.9 (opensearch-project#1379) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * No blank backend role before adding a new one in Create User page (opensearch-project#1384) * Add last backend role empty check Signed-off-by: nursaadat <SNursultan@dar.kz> Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> * Add backend role empty check Signed-off-by: nursaadat <SNursultan@dar.kz> Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> * Add strict comparison Signed-off-by: nursaadat <SNursultan@dar.kz> Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> * Fix lint errors Signed-off-by: nursaadat <SNursultan@dar.kz> Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> * Add tests for backend role panel Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> * Fix lint errors Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> --------- Signed-off-by: nursaadat <SNursultan@dar.kz> Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> Co-authored-by: nursaadat <SNursultan@dar.kz> Co-authored-by: Saadat Nursultan <nursultan.saadat@gmail.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Fix script for Windows (opensearch-project#1393) * Fix script for Windows Signed-off-by: nurbqq <nurbakhyt.sembayev@gmail.com> Signed-off-by: nurbqq <106753054+nurbq@users.noreply.github.com> Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding new actions for ppl and datasource apis (opensearch-project#1395) * Adding new actions for ppl and datasource apis Signed-off-by: vamsi-amazon <reddyvam@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Fix "Get started" image is not adaptive to the browser window size. (opensearch-project#1396) * Fixed get-started page image not adapting to the browser window size Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> * Update fix by applying suggested changes Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> * Update unit tests snapshot Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> --------- Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Split up a value into multiple cookie payloads (opensearch-project#1352) * PoC for splitting up a value into multiple cookie payloads Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Cookie splitting for OpenId and SAML Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Changes after review comments Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * WIP: First unit tests Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * More unit tests Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Fix for multi auth, request argument was missing Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Fixed linting errors Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Added one additional cookie for the SAML integration tests Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> --------- Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Dynamic tenancy configurations (opensearch-project#1394) * Dynamic multitenancy feature. Signed-off-by: Abhi Kalra <abhivka@amazon.com> * Dynamic multitenancy feature -PR feedback Signed-off-by: Abhi Kalra <abhivka@amazon.com> --------- Signed-off-by: Abhi Kalra <abhivka@amazon.com> Co-authored-by: Abhi Kalra <abhivka@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Add release notes for 2.7.0 (opensearch-project#1407) * Add release notes for 2.7.0 Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removes tiny.amazon.com links (opensearch-project#1420) Signed-off-by: Darshit Chanpura <dchanp@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Fixing dynamic tenancy changes for issues 1412 (opensearch-project#1419) * Fixing dynamic tenancy changes for opensearchdasbhoard.yaml Signed-off-by: Abhi Kalra <abhivka@amazon.com> Co-authored-by: Abhi Kalra <abhivka@amazon.com> Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Change the testuser's password in some integration test cases into a stronger password (opensearch-project#1428) * Change the testuser's password into a stronger password Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Increment version to 3.0.0.0 (opensearch-project#1414) Signed-off-by: opensearch-ci-bot <opensearch-infra@amazon.com> Co-authored-by: opensearch-ci-bot <opensearch-infra@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adds the newly created admin api permissions to the static dropdown list (opensearch-project#1426) * Adds the newly created admin api permissions to the static dropdown of permissions displayed when creating/modifying a role --------- Signed-off-by: Darshit Chanpura <dchanp@amazon.com> Co-authored-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Update account-nav-button.tsx Fix added to set the window.location to the pathname, rather than just reload & clear lastURL as it would be from the previous tenant. Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Update account-nav-button.tsx Adding comments to explain changes Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * add new cluster permissions constants for lron (opensearch-project#1444) Signed-off-by: zhichao-aws <zhichaog@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * removing whitespace due to linting fix Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests for account-nav-button wip Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * put commented code to original state Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Skip flaky SAML test as it awaits a fix (opensearch-project#1453) Signed-off-by: Craig Perkins <craig5008@gmail.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Use version from package.json for integration tests (opensearch-project#1463) * Use version from package.json for integration tests Signed-off-by: Craig Perkins <cwperx@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adds 2.8 release notes (opensearch-project#1464) Signed-off-by: Darshit Chanpura <dchanp@amazon.com> Co-authored-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests to jest test for tenant switch. Putting test in correct folder and renaming function. Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * handle switch calling correct function Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * checking for session storage Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * adding window to make sessionStorage more explicit Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Moved the test into account-nav-button.test.tsx Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing additional files. Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Declared session storage as a constant Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Update account-nav-button.tsx Fix added to set the window.location to the pathname, rather than just reload & clear lastURL as it would be from the previous tenant. Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Update account-nav-button.tsx Adding comments to explain changes Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * removing whitespace due to linting fix Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests for account-nav-button wip Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * put commented code to original state Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests to jest test for tenant switch. Putting test in correct folder and renaming function. Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * handle switch calling correct function Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing additional files. Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Fix unwanted changes Signed-off-by: Darshit Chanpura <dchanp@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Update account-nav-button.tsx Fix added to set the window.location to the pathname, rather than just reload & clear lastURL as it would be from the previous tenant. Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests for account-nav-button wip Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests to jest test for tenant switch. Putting test in correct folder and renaming function. Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * checking for session storage Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Declared session storage as a constant Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests for account-nav-button wip Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests to jest test for tenant switch. Putting test in correct folder and renaming function. Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Moved the test into account-nav-button.test.tsx Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Dynamic tenancy configurations (opensearch-project#1394) * Dynamic multitenancy feature. Signed-off-by: Abhi Kalra <abhivka@amazon.com> * Dynamic multitenancy feature -PR feedback Signed-off-by: Abhi Kalra <abhivka@amazon.com> --------- Signed-off-by: Abhi Kalra <abhivka@amazon.com> Co-authored-by: Abhi Kalra <abhivka@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Fixing dynamic tenancy changes for issues 1412 (opensearch-project#1419) * Fixing dynamic tenancy changes for opensearchdasbhoard.yaml Signed-off-by: Abhi Kalra <abhivka@amazon.com> Co-authored-by: Abhi Kalra <abhivka@amazon.com> Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Use version from package.json for integration tests (opensearch-project#1463) * Use version from package.json for integration tests Signed-off-by: Craig Perkins <cwperx@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing unneded file Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> --------- Signed-off-by: Chang Liu <lc12251109@gmail.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: nursaadat <SNursultan@dar.kz> Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> Signed-off-by: nurbqq <nurbakhyt.sembayev@gmail.com> Signed-off-by: nurbqq <106753054+nurbq@users.noreply.github.com> Signed-off-by: vamsi-amazon <reddyvam@amazon.com> Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> Signed-off-by: Abhi Kalra <abhivka@amazon.com> Signed-off-by: Darshit Chanpura <dchanp@amazon.com> Signed-off-by: opensearch-ci-bot <opensearch-infra@amazon.com> Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: zhichao-aws <zhichaog@amazon.com> Signed-off-by: Craig Perkins <craig5008@gmail.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: Craig Perkins <cwperx@amazon.com> Co-authored-by: Chang Liu <lc12251109@gmail.com> Co-authored-by: mattieserver <3049868+mattieserver@users.noreply.github.com> Co-authored-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Co-authored-by: Saadat Nursultan <39532643+nurSaadat@users.noreply.github.com> Co-authored-by: nursaadat <SNursultan@dar.kz> Co-authored-by: Saadat Nursultan <nursultan.saadat@gmail.com> Co-authored-by: Nurbakhyt Sembayev <106753054+nurbq@users.noreply.github.com> Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Co-authored-by: Vamsi Manohar <reddyvam@amazon.com> Co-authored-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> Co-authored-by: Jochen Kressin <126353411+jochen-kressin@users.noreply.github.com> Co-authored-by: Abhi Kalra <99718513+abhivka7@users.noreply.github.com> Co-authored-by: Abhi Kalra <abhivka@amazon.com> Co-authored-by: Darshit Chanpura <35282393+DarshitChanpura@users.noreply.github.com> Co-authored-by: opensearch-trigger-bot[bot] <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Co-authored-by: opensearch-ci-bot <opensearch-infra@amazon.com> Co-authored-by: zhichao-aws <zhichaog@amazon.com> Co-authored-by: Craig Perkins <cwperx@amazon.com> Co-authored-by: Darshit Chanpura <dchanp@amazon.com> (cherry picked from commit 7f4e0f2)

…ect#1450) * Replace legacy template with index template (opensearch-project#1359) Signed-off-by: Chang Liu <lc12251109@gmail.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * added loginEndPointWithPath (opensearch-project#1358) * added loginEndPointWithPath Signed-off-by: Mattijs Vanhaverbeke <mattijs-v@live.be> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Add release notes for 1.3.9 (opensearch-project#1379) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * No blank backend role before adding a new one in Create User page (opensearch-project#1384) * Add last backend role empty check Signed-off-by: nursaadat <SNursultan@dar.kz> Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> * Add backend role empty check Signed-off-by: nursaadat <SNursultan@dar.kz> Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> * Add strict comparison Signed-off-by: nursaadat <SNursultan@dar.kz> Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> * Fix lint errors Signed-off-by: nursaadat <SNursultan@dar.kz> Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> * Add tests for backend role panel Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> * Fix lint errors Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> --------- Signed-off-by: nursaadat <SNursultan@dar.kz> Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> Co-authored-by: nursaadat <SNursultan@dar.kz> Co-authored-by: Saadat Nursultan <nursultan.saadat@gmail.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Fix script for Windows (opensearch-project#1393) * Fix script for Windows Signed-off-by: nurbqq <nurbakhyt.sembayev@gmail.com> Signed-off-by: nurbqq <106753054+nurbq@users.noreply.github.com> Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding new actions for ppl and datasource apis (opensearch-project#1395) * Adding new actions for ppl and datasource apis Signed-off-by: vamsi-amazon <reddyvam@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Fix "Get started" image is not adaptive to the browser window size. (opensearch-project#1396) * Fixed get-started page image not adapting to the browser window size Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> * Update fix by applying suggested changes Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> * Update unit tests snapshot Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> --------- Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Split up a value into multiple cookie payloads (opensearch-project#1352) * PoC for splitting up a value into multiple cookie payloads Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Cookie splitting for OpenId and SAML Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Changes after review comments Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * WIP: First unit tests Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * More unit tests Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Fix for multi auth, request argument was missing Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Fixed linting errors Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> * Added one additional cookie for the SAML integration tests Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> --------- Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Dynamic tenancy configurations (opensearch-project#1394) * Dynamic multitenancy feature. Signed-off-by: Abhi Kalra <abhivka@amazon.com> * Dynamic multitenancy feature -PR feedback Signed-off-by: Abhi Kalra <abhivka@amazon.com> --------- Signed-off-by: Abhi Kalra <abhivka@amazon.com> Co-authored-by: Abhi Kalra <abhivka@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Add release notes for 2.7.0 (opensearch-project#1407) * Add release notes for 2.7.0 Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removes tiny.amazon.com links (opensearch-project#1420) Signed-off-by: Darshit Chanpura <dchanp@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Fixing dynamic tenancy changes for issues 1412 (opensearch-project#1419) * Fixing dynamic tenancy changes for opensearchdasbhoard.yaml Signed-off-by: Abhi Kalra <abhivka@amazon.com> Co-authored-by: Abhi Kalra <abhivka@amazon.com> Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Change the testuser's password in some integration test cases into a stronger password (opensearch-project#1428) * Change the testuser's password into a stronger password Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Increment version to 3.0.0.0 (opensearch-project#1414) Signed-off-by: opensearch-ci-bot <opensearch-infra@amazon.com> Co-authored-by: opensearch-ci-bot <opensearch-infra@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adds the newly created admin api permissions to the static dropdown list (opensearch-project#1426) * Adds the newly created admin api permissions to the static dropdown of permissions displayed when creating/modifying a role --------- Signed-off-by: Darshit Chanpura <dchanp@amazon.com> Co-authored-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Update account-nav-button.tsx Fix added to set the window.location to the pathname, rather than just reload & clear lastURL as it would be from the previous tenant. Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Update account-nav-button.tsx Adding comments to explain changes Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * add new cluster permissions constants for lron (opensearch-project#1444) Signed-off-by: zhichao-aws <zhichaog@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * removing whitespace due to linting fix Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests for account-nav-button wip Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * put commented code to original state Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Skip flaky SAML test as it awaits a fix (opensearch-project#1453) Signed-off-by: Craig Perkins <craig5008@gmail.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Use version from package.json for integration tests (opensearch-project#1463) * Use version from package.json for integration tests Signed-off-by: Craig Perkins <cwperx@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adds 2.8 release notes (opensearch-project#1464) Signed-off-by: Darshit Chanpura <dchanp@amazon.com> Co-authored-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests to jest test for tenant switch. Putting test in correct folder and renaming function. Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * handle switch calling correct function Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * checking for session storage Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * adding window to make sessionStorage more explicit Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Moved the test into account-nav-button.test.tsx Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing additional files. Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Declared session storage as a constant Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Update account-nav-button.tsx Fix added to set the window.location to the pathname, rather than just reload & clear lastURL as it would be from the previous tenant. Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Update account-nav-button.tsx Adding comments to explain changes Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * removing whitespace due to linting fix Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests for account-nav-button wip Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * put commented code to original state Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests to jest test for tenant switch. Putting test in correct folder and renaming function. Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * handle switch calling correct function Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing additional files. Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Fix unwanted changes Signed-off-by: Darshit Chanpura <dchanp@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Update account-nav-button.tsx Fix added to set the window.location to the pathname, rather than just reload & clear lastURL as it would be from the previous tenant. Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests for account-nav-button wip Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests to jest test for tenant switch. Putting test in correct folder and renaming function. Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * checking for session storage Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Declared session storage as a constant Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests for account-nav-button wip Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Adding tests to jest test for tenant switch. Putting test in correct folder and renaming function. Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Moved the test into account-nav-button.test.tsx Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Dynamic tenancy configurations (opensearch-project#1394) * Dynamic multitenancy feature. Signed-off-by: Abhi Kalra <abhivka@amazon.com> * Dynamic multitenancy feature -PR feedback Signed-off-by: Abhi Kalra <abhivka@amazon.com> --------- Signed-off-by: Abhi Kalra <abhivka@amazon.com> Co-authored-by: Abhi Kalra <abhivka@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Fixing dynamic tenancy changes for issues 1412 (opensearch-project#1419) * Fixing dynamic tenancy changes for opensearchdasbhoard.yaml Signed-off-by: Abhi Kalra <abhivka@amazon.com> Co-authored-by: Abhi Kalra <abhivka@amazon.com> Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing Prerequisite Checks Workflow (opensearch-project#1456) Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Use version from package.json for integration tests (opensearch-project#1463) * Use version from package.json for integration tests Signed-off-by: Craig Perkins <cwperx@amazon.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> * Removing unneded file Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> --------- Signed-off-by: Chang Liu <lc12251109@gmail.com> Signed-off-by: leanneeliatra <leanne.laceybyrne@eliatra.com> Signed-off-by: Ryan Liang <jiallian@amazon.com> Signed-off-by: nursaadat <SNursultan@dar.kz> Signed-off-by: Saadat Nursultan <nursultan.saadat@gmail.com> Signed-off-by: nurbqq <nurbakhyt.sembayev@gmail.com> Signed-off-by: nurbqq <106753054+nurbq@users.noreply.github.com> Signed-off-by: vamsi-amazon <reddyvam@amazon.com> Signed-off-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> Signed-off-by: Jochen Kressin <jochen.kressin-gh@eliatra.com> Signed-off-by: Abhi Kalra <abhivka@amazon.com> Signed-off-by: Darshit Chanpura <dchanp@amazon.com> Signed-off-by: opensearch-ci-bot <opensearch-infra@amazon.com> Signed-off-by: Leanne Lacey-Byrne <leanne.laceybyrne@eliatra.com> Signed-off-by: zhichao-aws <zhichaog@amazon.com> Signed-off-by: Craig Perkins <craig5008@gmail.com> Signed-off-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Signed-off-by: Craig Perkins <cwperx@amazon.com> Co-authored-by: Chang Liu <lc12251109@gmail.com> Co-authored-by: mattieserver <3049868+mattieserver@users.noreply.github.com> Co-authored-by: Ryan Liang <109499885+RyanL1997@users.noreply.github.com> Co-authored-by: Saadat Nursultan <39532643+nurSaadat@users.noreply.github.com> Co-authored-by: nursaadat <SNursultan@dar.kz> Co-authored-by: Saadat Nursultan <nursultan.saadat@gmail.com> Co-authored-by: Nurbakhyt Sembayev <106753054+nurbq@users.noreply.github.com> Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Co-authored-by: Vamsi Manohar <reddyvam@amazon.com> Co-authored-by: Sirazh Gabdullin <sirazh.gabdullin@nu.edu.kz> Co-authored-by: Jochen Kressin <126353411+jochen-kressin@users.noreply.github.com> Co-authored-by: Abhi Kalra <99718513+abhivka7@users.noreply.github.com> Co-authored-by: Abhi Kalra <abhivka@amazon.com> Co-authored-by: Darshit Chanpura <35282393+DarshitChanpura@users.noreply.github.com> Co-authored-by: opensearch-trigger-bot[bot] <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com> Co-authored-by: opensearch-ci-bot <opensearch-infra@amazon.com> Co-authored-by: zhichao-aws <zhichaog@amazon.com> Co-authored-by: Craig Perkins <cwperx@amazon.com> Co-authored-by: Darshit Chanpura <dchanp@amazon.com> Signed-off-by: Sam <samuel.costa@eliatra.com>

jochen-kressin requested review from cliu123, cwperks, DarshitChanpura, davidlago, peternied, RyanL1997 and stephen-crawford as code owners February 28, 2023 15:43

jochen-kressin mentioned this pull request Feb 28, 2023

[RFC] Improved session management #1311

Closed

stephen-crawford reviewed Mar 28, 2023

View reviewed changes

cwperks reviewed Mar 29, 2023

View reviewed changes

DarshitChanpura reviewed Mar 30, 2023

View reviewed changes

expani reviewed Apr 3, 2023

View reviewed changes

davidlago mentioned this pull request Apr 5, 2023

[DOC] Document cookie split configuration parameter opensearch-project/documentation-website#3691

Closed

4 tasks

cwperks added the backport 2.x backport to 2.x branch label Apr 17, 2023

opensearch-trigger-bot bot mentioned this pull request Apr 17, 2023

[Backport 2.x] Split up a value into multiple cookie payloads #1401

Merged

cwperks added the backport 2.7 backport to 2.7 branch label Apr 17, 2023

opensearch-trigger-bot bot mentioned this pull request Apr 17, 2023

[Backport 2.7] Split up a value into multiple cookie payloads #1402

Merged

cwillum mentioned this pull request Apr 19, 2023

Add new settings for SAML and OIDC that allow for cookie splitting opensearch-project/documentation-website#3807

Merged

1 task

davidlago mentioned this pull request Aug 30, 2023

[BUG] opensearch login not working with more than 15 roles assign to user #1567

Closed

This was referenced Aug 30, 2023

Fix refresh token flow in OIDC accounting for cookie split #1569

Closed

[BUG] OpenID Token not refreshed #1522

Closed

jochen-kressin mentioned this pull request Sep 11, 2023

Fix OIDC refresh token flow when using the cookie splitter #1580

Merged

3 tasks

pheex mentioned this pull request Nov 2, 2023

[BUG] Security cookie could be too large when using JWT auth type #1638

Closed

adrian-golawski-eliatra mentioned this pull request Nov 21, 2023

Backport cookie splitter #1662

Closed

3 tasks

This was referenced Dec 14, 2023

Extend cookie splitting to JWT cwperks/security-dashboards-plugin#2

Open

[BUG] Dashboards permalink and iframe losses url param JWT on internal API calls #1621

Closed

[Backport 1.x] Split up a value into multiple cookie payloads #1702

Closed

cwperks mentioned this pull request Mar 18, 2024

[Backport 1.3] Split up a value into multiple cookie payload #1831

Merged

Split up a value into multiple cookie payloads #1352

Split up a value into multiple cookie payloads #1352

Conversation

jochen-kressin commented Feb 28, 2023 • edited Loading

Description

Additional info

Regarding the additional cookies

Iron cookie size

Still open

Untested

Category

Why these changes are required?

What is the old behavior before changes and new behavior after changes?

Issues Resolved

Testing

Check List

peternied commented Mar 3, 2023

nibix commented Mar 6, 2023

stephen-crawford commented Mar 6, 2023

nibix commented Mar 6, 2023 • edited Loading

stephen-crawford commented Mar 6, 2023

RyanL1997 commented Mar 6, 2023

jochen-kressin commented Mar 6, 2023 • edited Loading

stephen-crawford left a comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

cwperks left a comment • edited Loading

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

jochen-kressin commented Mar 30, 2023

DarshitChanpura left a comment • edited Loading

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

jochen-kressin commented Feb 28, 2023 •

edited

Loading

nibix commented Mar 6, 2023 •

edited

Loading

jochen-kressin commented Mar 6, 2023 •

edited

Loading

cwperks left a comment •

edited

Loading

DarshitChanpura left a comment •

edited

Loading

expani commented Apr 1, 2023 •

edited

Loading

expani commented Apr 5, 2023 •

edited

Loading