[Feature/Identity] Identity use cases#5513
Conversation
peternied
added
skip-changelog
Identity
peternied
requested review from
DarshitChanpura,
RyanL1997,
cwperks,
davidlago,
shanilpa and
stephen-crawford
Gradle Check (Jenkins) Run Completed with:
|
Gradle Check (Jenkins) Run Completed with:
|
DarshitChanpura
left a comment
DarshitChanpura
left a comment
There was a problem hiding this comment.
These initial scenarios look good. As a follow-up we an add tests that support/validate these scenarios. Great stuff hashing these out @peternied !
|
|
||
| ### Scenario 10: | ||
|
|
||
| `GET /identity/whoami` returns the username of the authenticated account |
There was a problem hiding this comment.
Should we support this?. If so, for unauthenticated request, it should return 403, correct?
There was a problem hiding this comment.
There should be some way of identifying who the current user is, and this is more/less what is already in OpenSearch. I think we can dive in on the behavior for other scenarios as well as additional use cases
|
|
||
| ### Scenario 8: | ||
|
|
||
| Admin user can create an account via `POST /identity/user/{username}`. The response includes an automatically generated password for this user. |
There was a problem hiding this comment.
User should be able to edit their password. Should we add a scenario for password-recovery?
There was a problem hiding this comment.
PUT /identity/user/{username}/password would work for any username if you had permission, would this cover your recovery scenario?
|
|
||
| All REST API activity returns 403 without passing authentication information in the request | ||
|
|
||
| ## Using Admin account |
There was a problem hiding this comment.
Do you want this to be the same level bold as the "Identity features enabled" and "Non-use compatibility" headers? Do you think it should be one level smaller to indicate that it is under the "Identity features enabled" group?
There was a problem hiding this comment.
I think this works, but maybe it would make sense to have even more layers of depth. Would you want to re-write with an alternative layout? I'd be happy to accept a pull request
There was a problem hiding this comment.
I think that if you believe it is good as is, then it is just fine. I was more asking a question to see what you thought then expressing a major opinion one way or the other.
Gradle Check (Jenkins) Run Completed with:
|
stephen-crawford
left a comment
stephen-crawford
left a comment
There was a problem hiding this comment.
I think the new changes are beneficial for both the more precise wording and also consistency with the rest of OpenSearch documentation.
cwperks
left a comment
cwperks
left a comment
There was a problem hiding this comment.
Will this document be updated with authorization use-cases in a future iteration?
Signed-off-by: Peter Nied <petern@amazon.com>
peternied
requested review from
Bukhtawar,
CEHENKLE,
anasalkouz,
andrross,
dblock,
gbbafna and
setiah
as code owners
peternied
requested review from
Rishikesh1159,
VachaShah,
adnapibar,
dreamer-89,
kartg,
kotwanikunal,
mch2,
nknize,
owaiskazi19,
ryanbogan,
saratvemulapalli,
shwetathareja,
tlfeng and
xuezhou25
as code owners
Gradle Check (Jenkins) Run Completed with:
|
4 participants
Description
Adding details uses cases for identity, this is going to get long!
Check List
New functionality includes testing.All tests passNew functionality has been documented.New functionality has javadoc addedCommit changes are listed out in CHANGELOG.md file (See: Changelog)By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.