Skip to content

Detect security plugin presence and improve WLM rule error message#533

Open
dzane17 wants to merge 5 commits into
opensearch-project:mainfrom
dzane17:fix/wlm-security-plugin-detection-530
Open

Detect security plugin presence and improve WLM rule error message#533
dzane17 wants to merge 5 commits into
opensearch-project:mainfrom
dzane17:fix/wlm-security-plugin-detection-530

Conversation

@dzane17
Copy link
Copy Markdown
Member

@dzane17 dzane17 commented May 28, 2026
edited
Loading

Description

Saving a WLM rule with a username or role on a cluster without the Security plugin currently fails with this cryptic error:

Failed to save changes: [x_content_parse_exception] principal is not a valid attribute within the workload_group feature.

This PR detects whether the OpenSearch Security plugin is installed and active. If it isn't, the Username and Role inputs are disabled with helper text "Requires the OpenSearch Security plugin to be installed and enabled on this cluster." If a save still surfaces the cryptic backend error (e.g. on a slow probe or stale state), it's rewritten to that same actionable wording.

All inactive states are covered: not installed, installed-but-disabled, plugin reachable but degraded, and probe failure (in which case the UI does not over-block).

Screenshot

Screenshot 2026-05-28 at 2 16 06 PM

Issues Resolved

Closes #530

Testing

  • New WLMDetails.security.test.tsx covering each plugin state and the rewritten save error.
  • Extended datasource-utils.test.ts and WLMCreate.test.tsx with the same coverage on the create path.
  • All 470 unit tests pass; lint and typecheck clean.
  • Manually verified on a local cluster with only the workload-management plugin installed.

dzane17 added 5 commits June 1, 2026 14:22
@dzane17
Detect security plugin presence and improve WLM rule error message (o…
53563e3 
…pensearch-project#530)

Signed-off-by: David Zane <davizane@amazon.com>
@dzane17
Address PR review: prevent principal data loss; tighten security probe
a9bb413 
Signed-off-by: David Zane <davizane@amazon.com>
@dzane17
Address PR review round 2: tighten probe defaults, dedupe help text, …
0543138 
…sharpen tests

Signed-off-by: David Zane <davizane@amazon.com>
@dzane17
Address PR review round 3: rollback ordering, network-blip safety, st…
78b8a0c 
…ale-gate refresh

Signed-off-by: David Zane <davizane@amazon.com>
@dzane17
Use force:true for username/role typing in no-security cypress test
443fa6d 
Signed-off-by: David Zane <davizane@amazon.com>
@dzane17 dzane17 force-pushed the fix/wlm-security-plugin-detection-530 branch from 74751f2 to 443fa6d Compare June 1, 2026 21:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ansjcy ansjcy Awaiting requested review from ansjcy ansjcy is a code owner

@jainankitk jainankitk Awaiting requested review from jainankitk jainankitk is a code owner

@deshsidd deshsidd Awaiting requested review from deshsidd deshsidd is a code owner

@KishoreKicha14 KishoreKicha14 Awaiting requested review from KishoreKicha14 KishoreKicha14 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BUG] WLM rule save fails cryptically when Security plugin is not installed

1 participant

@dzane17