Fix CI workflow that called assemble instead of :assemble and adds SP…

…I to maven publish task and updates SPI readme Signed-off-by: Darshit Chanpura <[email protected]>
opensearch-project · Jan 13, 2025 · 534838f · 534838f
1 parent 8366a05
commit 534838f
Show file tree

Hide file tree

Showing 6 changed files with 19 additions and 152 deletions.
diff --git a/.github/actions/create-bwc-build/action.yaml b/.github/actions/create-bwc-build/action.yaml
@@ -42,7 +42,7 @@ runs:
       uses: gradle/gradle-build-action@v2
       with:
         cache-disabled: true
-        arguments: assemble
+        arguments: :assemble
         build-root-directory: ${{ inputs.plugin-branch }}
 
     - id: get-opensearch-version

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -208,7 +208,7 @@ jobs:
     - uses: github/codeql-action/init@v3
       with:
         languages: java
-    - run: ./gradlew clean assemble
+    - run: ./gradlew clean :assemble
     - uses: github/codeql-action/analyze@v3
 
   build-artifact-names:
@@ -238,13 +238,13 @@ jobs:
         echo ${{ env.SECURITY_PLUGIN_VERSION_ONLY_NUMBER }}
         echo ${{ env.TEST_QUALIFIER }}
 
-    - run: ./gradlew clean assemble && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION }}.zip
+    - run: ./gradlew clean :assemble && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION }}.zip
 
-    - run: ./gradlew clean assemble -Dbuild.snapshot=false && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION_NO_SNAPSHOT }}.zip
+    - run: ./gradlew clean :assemble -Dbuild.snapshot=false && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION_NO_SNAPSHOT }}.zip
 
-    - run: ./gradlew clean assemble -Dbuild.snapshot=false -Dbuild.version_qualifier=${{ env.TEST_QUALIFIER }} && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION_ONLY_NUMBER }}-${{ env.TEST_QUALIFIER }}.zip
+    - run: ./gradlew clean :assemble -Dbuild.snapshot=false -Dbuild.version_qualifier=${{ env.TEST_QUALIFIER }} && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION_ONLY_NUMBER }}-${{ env.TEST_QUALIFIER }}.zip
 
-    - run: ./gradlew clean assemble -Dbuild.version_qualifier=${{ env.TEST_QUALIFIER }} && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION_ONLY_NUMBER }}-${{ env.TEST_QUALIFIER }}-SNAPSHOT.zip
+    - run: ./gradlew clean :assemble -Dbuild.version_qualifier=${{ env.TEST_QUALIFIER }} && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION_ONLY_NUMBER }}-${{ env.TEST_QUALIFIER }}-SNAPSHOT.zip
 
     - run: ./gradlew clean publishPluginZipPublicationToZipStagingRepository && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION }}.zip && test -s ./build/distributions/opensearch-security-${{ env.SECURITY_PLUGIN_VERSION }}.pom
 

diff --git a/.github/workflows/maven-publish.yml b/.github/workflows/maven-publish.yml
@@ -32,4 +32,5 @@ jobs:
           export SONATYPE_PASSWORD=$(aws secretsmanager get-secret-value --secret-id maven-snapshots-password --query SecretString --output text)
           echo "::add-mask::$SONATYPE_USERNAME"
           echo "::add-mask::$SONATYPE_PASSWORD"
-          ./gradlew publishPluginZipPublicationToSnapshotsRepository
+          ./gradlew --no-daemon publishPluginZipPublicationToSnapshotsRepository
+          ./gradlew --no-daemon :opensearch-resource-sharing-spi:publishMavenJavaPublicationToSnapshotsRepository
diff --git a/.github/workflows/plugin_install.yml b/.github/workflows/plugin_install.yml
@@ -32,7 +32,7 @@ jobs:
         uses: gradle/gradle-build-action@v3
         with:
           cache-disabled: true
-          arguments: assemble
+          arguments: :assemble
 
       # Move and rename the plugin for installation
       - name: Move and rename the plugin for installation

diff --git a/spi/README.md b/spi/README.md
@@ -1,147 +1,6 @@
-# Resource Sharing and Access Control Plugin
+# Resource Sharing and Access Control SPI
 
-This plugin demonstrates resource sharing and access control functionality, providing APIs to create, manage, and verify access to resources. The plugin enables fine-grained permissions for sharing and accessing resources, making it suitable for systems requiring robust security and collaboration.
-
-## Features
-
-- Create and delete resources.
-- Share resources with specific users, roles and/or backend_roles with specific scope(s).
-- Revoke access to shared resources for a list of or all scopes.
-- Verify access permissions for a given user within a given scope.
-- List all resources accessible to current user.
-
-## API Endpoints
-
-The plugin exposes the following six API endpoints:
-
-### 1. Create Resource
-- **Endpoint:** `POST /_plugins/sample_resource_sharing/create`
-- **Description:** Creates a new resource. Also creates a resource sharing entry if security plugin is enabled.
-- **Request Body:**
-  ```json
-  {
-    "name": "<resource_name>"
-  }
-  ```
-- **Response:**
-  ```json
-  {
-    "message": "Resource <resource_name> created successfully."
-  }
-  ```
-
-### 2. Delete Resource
-- **Endpoint:** `DELETE /_plugins/sample_resource_sharing/{resource_id}`
-- **Description:** Deletes a specified resource owned by the requesting user.
-- **Response:**
-  ```json
-  {
-    "message": "Resource <resource_id> deleted successfully."
-  }
-  ```
-
-### 3. Share Resource
-- **Endpoint:** `POST /_plugins/sample_resource_sharing/share`
-- **Description:** Shares a resource with specified users or roles with defined scope.
-- **Request Body:**
-  ```json
-    {
-      "resource_id" :  "{{ADMIN_RESOURCE_ID}}",
-      "share_with" : {
-        "SAMPLE_FULL_ACCESS": {
-            "users": ["test"],
-            "roles": ["test_role"],
-            "backend_roles": ["test_backend_role"]
-        },
-        "READ_ONLY": {
-            "users": ["test"],
-            "roles": ["test_role"],
-            "backend_roles": ["test_backend_role"]
-        },
-        "READ_WRITE": {
-            "users": ["test"],
-            "roles": ["test_role"],
-            "backend_roles": ["test_backend_role"]
-        }
-      }
-    }
-  ```
-- **Response:**
-  ```json
-    {
-    "message": "Resource <resource-id> shared successfully."
-    }
-  ```
-
-### 4. Revoke Access
-- **Endpoint:** `POST /_plugins/sample_resource_sharing/revoke`
-- **Description:** Revokes access to a resource for specified users or roles.
-- **Request Body:**
-  ```json
-    {
-      "resource_id" :  "<resource-id>",
-      "entities" : {
-            "users": ["test", "admin"],
-            "roles": ["test_role", "all_access"],
-            "backend_roles": ["test_backend_role", "admin"]
-      },
-      "scopes": ["SAMPLE_FULL_ACCESS", "READ_ONLY", "READ_WRITE"]
-    }
-  ```
-- **Response:**
-  ```json
-    {
-      "message": "Resource <resource-id> access revoked successfully."
-    }
-  ```
-
-### 5. Verify Access
-- **Endpoint:** `GET /_plugins/sample_resource_sharing/verify_resource_access`
-- **Description:** Verifies if a user or role has access to a specific resource with a specific scope.
-- **Request Body:**
-    ```json
-    {
-      "resource_id": "<resource-id>",
-      "scope": "SAMPLE_FULL_ACCESS"
-    }
-    ```
-- **Response:**
-  ```json
-  {
-    "message": "User has requested scope SAMPLE_FULL_ACCESS access to <resource-id>"
-  }
-  ```
-
-### 6. List Accessible Resources
-- **Endpoint:** `GET /_plugins/sample_resource_sharing/list`
-- **Description:** Lists all resources accessible to the requesting user or role.
-- **Response:**
-  ```json
-  {
-    "resource-ids": [
-        "<resource-id-1>",
-        "<resource-id-2>"
-    ]
-  }
-  ```
-
-## Installation
-
-1. Clone the repository:
-   ```bash
-   git clone [email protected]:opensearch-project/security.git
-   ```
-
-2. Navigate to the project directory:
-   ```bash
-   cd sample-resource-plugin
-   ```
-
-3. Build and deploy the plugin:
-   ```bash
-   $ ./gradlew clean build -x test -x integrationTest -x spotbugsIntegrationTest
-   $ ./bin/opensearch-plugin install file: <path-to-this-plugin>/sample-resource-plugin/build/distributions/opensearch-sample-resource-plugin-3.0.0.0-SNAPSHOT.zip
-   ```
+This SPI provides interfaces to implement Resource Sharing and Access Control.
 
 ## License
 

diff --git a/spi/build.gradle b/spi/build.gradle
@@ -69,6 +69,13 @@ publishing {
         }
     }
     repositories {
-        mavenLocal()
+        maven {
+            name = "Snapshots" //  optional target repository name
+            url = "https://aws.oss.sonatype.org/content/repositories/snapshots"
+            credentials {
+                username "$System.env.SONATYPE_USERNAME"
+                password "$System.env.SONATYPE_PASSWORD"
+            }
+        }
     }
 }