Skip to content

fix(saved-objects): gate config import on advancedSettings.save capabilities#12220

Open
sumukhswamy wants to merge 1 commit into
opensearch-project:mainfrom
sumukhswamy:fix/config-import-capability-check
Open

fix(saved-objects): gate config import on advancedSettings.save capabilities#12220
sumukhswamy wants to merge 1 commit into
opensearch-project:mainfrom
sumukhswamy:fix/config-import-capability-check

Conversation

@sumukhswamy

@sumukhswamy sumukhswamy commented Jun 15, 2026

Copy link
Copy Markdown
Collaborator

Description

The config type block introduced in #12014 (security fix for P432840841) rejected all config-type objects unconditionally and failed the entire import when any were present.

This change:

  • Gates config import on the advancedSettings.save capability: admin users with this capability can import config objects; non-admin users still receive unsupported_type errors for config objects.
  • Changes from fail-all to filter-and-continue: when config objects are rejected, remaining valid objects in the same import are still processed. Config objects are reported as errors in the response alongside any successful imports.

Issues Resolved

Resolves #12201

Screenshot

Testing the changes

Check List

  • All tests pass
    • yarn test:jest
    • yarn test:jest_integration
  • New functionality includes testing.
  • New functionality has been documented.
  • Commits are signed per the DCO using --signoff

@sumukhswamy sumukhswamy force-pushed the fix/config-import-capability-check branch from 5868ba4 to ce9a2c7 Compare June 15, 2026 23:23
@github-actions

github-actions Bot commented Jun 15, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

🔗 Workflow run · commit 75e27613e2141405686d7708d8c2315a69ab3ed7

✅ All Jest Tests Passed

No failures detected in JUnit reports.

@sumukhswamy
fix(saved-objects): gate config import on advancedSettings.save capab…
75e2761 
…ility

The config type block introduced in opensearch-project#12014 (security fix for P432840841)
rejected all config-type objects unconditionally and failed the entire
import when any were present.

This change:
- Gates config import on the advancedSettings.save capability: admin
  users with this capability can import config objects; non-admin users
  still receive unsupported_type errors for config objects.
- Changes from fail-all to filter-and-continue: when config objects are
  rejected, remaining valid objects in the same import are still
  processed. Config objects are reported as errors in the response
  alongside any successful imports.

Resolves opensearch-project#12201

Signed-off-by: sumukhswamy <sumukhhs@amazon.com>
@sumukhswamy sumukhswamy force-pushed the fix/config-import-capability-check branch from ce9a2c7 to 75e2761 Compare June 16, 2026 00:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ananzh ananzh Awaiting requested review from ananzh ananzh is a code owner

@kavilla kavilla Awaiting requested review from kavilla kavilla is a code owner

@AMoo-Miki AMoo-Miki Awaiting requested review from AMoo-Miki AMoo-Miki is a code owner

@ashwin-pc ashwin-pc Awaiting requested review from ashwin-pc ashwin-pc is a code owner

@abbyhu2000 abbyhu2000 Awaiting requested review from abbyhu2000 abbyhu2000 is a code owner

@zengyan-amazon zengyan-amazon Awaiting requested review from zengyan-amazon zengyan-amazon is a code owner

@zhongnansu zhongnansu Awaiting requested review from zhongnansu zhongnansu is a code owner

@ZilongX ZilongX Awaiting requested review from ZilongX ZilongX is a code owner

@bandinib-amzn bandinib-amzn Awaiting requested review from bandinib-amzn bandinib-amzn is a code owner

@SuZhou-Joe SuZhou-Joe Awaiting requested review from SuZhou-Joe SuZhou-Joe is a code owner

@ruanyl ruanyl Awaiting requested review from ruanyl ruanyl is a code owner

@xinruiba xinruiba Awaiting requested review from xinruiba xinruiba is a code owner

@zhyuanqi zhyuanqi Awaiting requested review from zhyuanqi zhyuanqi is a code owner

@mengweieric mengweieric Awaiting requested review from mengweieric mengweieric is a code owner

@LDrago27 LDrago27 Awaiting requested review from LDrago27 LDrago27 is a code owner

@virajsanghvi virajsanghvi Awaiting requested review from virajsanghvi virajsanghvi is a code owner

@sejli sejli Awaiting requested review from sejli sejli is a code owner

@joshuali925 joshuali925 Awaiting requested review from joshuali925 joshuali925 is a code owner

@huyaboo huyaboo Awaiting requested review from huyaboo huyaboo is a code owner

@angle943 angle943 Awaiting requested review from angle943 angle943 is a code owner

@Maosaic Maosaic Awaiting requested review from Maosaic Maosaic is a code owner

@wanglam wanglam Awaiting requested review from wanglam wanglam is a code owner

@d-buckner d-buckner Awaiting requested review from d-buckner d-buckner is a code owner

@ps48 ps48 Awaiting requested review from ps48 ps48 is a code owner

@TackAdam TackAdam Awaiting requested review from TackAdam TackAdam is a code owner

@ruchidh ruchidh Awaiting requested review from ruchidh ruchidh is a code owner

@paulstn paulstn Awaiting requested review from paulstn paulstn is a code owner

@Qxisylolo Qxisylolo Awaiting requested review from Qxisylolo Qxisylolo is a code owner

@yubonluo yubonluo Awaiting requested review from yubonluo yubonluo is a code owner

@FriedhelmWS FriedhelmWS Awaiting requested review from FriedhelmWS FriedhelmWS is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

all-star-contributor

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BUG] saved_object API call failing in OpenSearch Dashboards 3.7.0 (worked in 3.6.0 and earlier)

1 participant

@sumukhswamy