[Manual Backport][2.x][Data Source] Restrict to manage data source on…

… the DSM UI (opensearch-project#7303) * Restrict to manage data source on the DSM UI Signed-off-by: yubonluo <[email protected]> * fix unit test error Signed-off-by: yubonluo <[email protected]> --------- Signed-off-by: yubonluo <[email protected]>
stephen-crawford · Jul 18, 2024 · 1b8c801 · 1b8c801
1 parent ac22fd2
commit 1b8c801
Show file tree

Hide file tree

Showing 15 changed files with 2,448 additions and 25 deletions.
diff --git a/changelogs/fragments/7214.yml b/changelogs/fragments/7214.yml
@@ -0,0 +1,2 @@
+feat:
+- [DataSource] Restrict to edit data source on the DSM UI. ([#7214](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/7214))
diff --git a/config/opensearch_dashboards.yml b/config/opensearch_dashboards.yml
@@ -321,6 +321,12 @@
 #   AWSSigV4:
 #     enabled: true
 
+# Optional setting that controls the permissions of data source to create, update and delete.
+# "none": The data source is readonly for all users.
+# "dashboard_admin": The data source can only be managed by dashboard admin.
+# "all": The data source can be managed by all users. Default to "all".
+# data_source.manageableBy: "all"
+
 # Set the value of this setting to false to hide the help menu link to the OpenSearch Dashboards user survey
 # opensearchDashboards.survey.url: "https://survey.opensearch.org"
 

diff --git a/src/plugins/data_source/common/data_sources/types.ts b/src/plugins/data_source/common/data_sources/types.ts
@@ -60,3 +60,9 @@ export enum DataSourceEngineType {
   Elasticsearch = 'Elasticsearch',
   NA = 'No Engine Type Available',
 }
+
+export enum ManageableBy {
+  All = 'all',
+  DashboardAdmin = 'dashboard_admin',
+  None = 'none',
+}
diff --git a/src/plugins/data_source/config.ts b/src/plugins/data_source/config.ts
@@ -59,6 +59,10 @@ export const configSchema = schema.object({
       enabled: schema.boolean({ defaultValue: true }),
     }),
   }),
+  manageableBy: schema.oneOf(
+    [schema.literal('all'), schema.literal('dashboard_admin'), schema.literal('none')],
+    { defaultValue: 'all' }
+  ),
 });
 
 export type DataSourcePluginConfigType = TypeOf<typeof configSchema>;
diff --git a/src/plugins/data_source/server/plugin.ts b/src/plugins/data_source/server/plugin.ts
@@ -33,6 +33,8 @@ import { registerTestConnectionRoute } from './routes/test_connection';
 import { registerFetchDataSourceMetaDataRoute } from './routes/fetch_data_source_metadata';
 import { AuthenticationMethodRegistry, IAuthenticationMethodRegistry } from './auth_registry';
 import { CustomApiSchemaRegistry } from './schema_registry';
+import { ManageableBy } from '../common/data_sources';
+import { getWorkspaceState } from '../../../../src/core/server/utils';
 
 export class DataSourcePlugin implements Plugin<DataSourcePluginSetup, DataSourcePluginStart> {
   private readonly logger: Logger;
@@ -81,6 +83,25 @@ export class DataSourcePlugin implements Plugin<DataSourcePluginSetup, DataSourc
       dataSourceSavedObjectsClientWrapper.wrapperFactory
     );
 
+    const { manageableBy } = config;
+    core.capabilities.registerProvider(() => ({
+      dataSource: {
+        canManage: false,
+      },
+    }));
+
+    core.capabilities.registerSwitcher((request) => {
+      const { requestWorkspaceId, isDashboardAdmin } = getWorkspaceState(request);
+      // User can not manage data source in the workspace.
+      const canManage =
+        (manageableBy === ManageableBy.All && !requestWorkspaceId) ||
+        (manageableBy === ManageableBy.DashboardAdmin &&
+          isDashboardAdmin !== false &&
+          !requestWorkspaceId);
+
+      return { dataSource: { canManage } };
+    });
+
     core.logging.configure(
       this.config$.pipe<LoggerContextConfigInput>(
         map((dataSourceConfig) => ({
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		feat:
		- [DataSource] Restrict to edit data source on the DSM UI. ([#7214](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/7214))