Skip to content

Replace usages of ThreadContext.stashContext with PluginClient #1060

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

Replace usages of ThreadContext.stashContext with PluginClient #1060

wants to merge 2 commits into from

Conversation

cwperks
Copy link
Member

@cwperks cwperks commented Aug 12, 2025

Description

This PR replaces usages of ThreadContext.stashContext with a replacement that enforces strong ownership over system indices. The reporting plugin can access the system indices it declares with SystemIndexPlugin.getSystemIndexDescriptors, but otherwise needs to declare additional perms like this: https://github.com/opensearch-project/geospatial/blob/main/src/main/resources/plugin-additional-permissions.yml

The replacement restricts what plugins can do inside a privileged context, but permits access to their own system indices.

Related Issues

Resolves opensearch-project/opensearch-plugins#238

Check List

  • New functionality includes testing.
  • New functionality has been documented.
  • API changes companion pull request created.
  • Commits are signed per the DCO using --signoff.
  • Public documentation issue/PR created.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@xluo-aws xluo-aws Awaiting requested review from xluo-aws xluo-aws will be requested when the pull request is marked ready for review xluo-aws is a code owner

@gaobinlong gaobinlong Awaiting requested review from gaobinlong gaobinlong will be requested when the pull request is marked ready for review gaobinlong is a code owner

@Hailong-am Hailong-am Awaiting requested review from Hailong-am Hailong-am will be requested when the pull request is marked ready for review Hailong-am is a code owner

@SuZhou-Joe SuZhou-Joe Awaiting requested review from SuZhou-Joe SuZhou-Joe will be requested when the pull request is marked ready for review SuZhou-Joe is a code owner

@zhichao-aws zhichao-aws Awaiting requested review from zhichao-aws zhichao-aws will be requested when the pull request is marked ready for review zhichao-aws is a code owner

@yuye-aws yuye-aws Awaiting requested review from yuye-aws yuye-aws will be requested when the pull request is marked ready for review yuye-aws is a code owner

@zhongnansu zhongnansu Awaiting requested review from zhongnansu zhongnansu will be requested when the pull request is marked ready for review zhongnansu is a code owner

@sbcd90 sbcd90 Awaiting requested review from sbcd90 sbcd90 will be requested when the pull request is marked ready for review sbcd90 is a code owner

@praveensameneni praveensameneni Awaiting requested review from praveensameneni praveensameneni will be requested when the pull request is marked ready for review praveensameneni is a code owner

@amsiglan amsiglan Awaiting requested review from amsiglan amsiglan will be requested when the pull request is marked ready for review amsiglan is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[META] Remove usages of ThreadContext.stashContext and adopt new mechanism for System Index access

1 participant

@cwperks