[Backport 2.8] Rest admin permissions (#2411) (#2807)
* role.yml changes for lron feature (#2789) (#2792)
Signed-off-by: zhichao-aws <email address hidden>
(cherry picked from commit a580dfc6629ae5cc783d253076729270660044cd)
Co-authored-by: zhichao-aws <email address hidden>
* add ml model group system index (#2790) (#2797)
Signed-off-by: Yaliang Wu <email address hidden>
(cherry picked from commit 1bb2ef14f59e8ef2bcee68e65a9e3ec08be988c5)
Co-authored-by: Yaliang Wu <email address hidden>
* Rest admin permissions (#2411)
Permissions for REST admin user
Added granular permissions for all REST API actions in OpenSearch to be individually assigned.
Permissions are:
- 'restapi:admin/actiongroups' - allow full access to actiongroups
- 'restapi:admin/allowlist' - allow full access to allowlist
- 'restapi:admin/internalusers'- allow full access to internalusers
- 'restapi:admin/nodesdn'- allow full access to nodesdn
- 'restapi:admin/roles' - allow full access to roles
- 'restapi:admin/rolesmapping' - allow full access to roles mappings
- 'restapi:admin/ssl/certs/info' - allow full access to certs info
- 'restapi:admin/ssl/certs/reload' - allow full access to certs reload
- 'restapi:admin/tenants' - allow full access to tenants
Adds tests for these permissions.
Signed-off-by: Andrey Pleskach <email address hidden>
(cherry picked from commit d676716e83d1ab387e9e6a0c0f3284e39ed967f5)
* Fixes CI errors
Signed-off-by: Darshit Chanpura <email address hidden>
* Fixes HTTP5 imports
Signed-off-by: Darshit Chanpura <email address hidden>
* Fixes password related changes in tests
Signed-off-by: Darshit Chanpura <email address hidden>
* Update ActionGroupsApiTest.java
Remove unused import
* Incorporates jar hell fix
Signed-off-by: Darshit Chanpura <email address hidden>
---------
Signed-off-by: Darshit Chanpura <email address hidden>
Co-authored-by: opensearch-trigger-bot[bot] <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com>
Co-authored-by: zhichao-aws <email address hidden>
Co-authored-by: Yaliang Wu <email address hidden>
Co-authored-by: Andrey Pleskach <email address hidden>
Co-authored-by: Stephen Crawford <email address hidden>