Open
Description
Is your feature request related to a problem? Please describe
Implement security features and integrate with OpenSearch security plugin for production readiness of experimental gRPC transport. It should be the case that security settings for existing http transport maps cleanly onto newly introduced grpc-transport, providing configurable TLS, AuthN, and AuthZ for this new transport implementation.
Describe the solution you'd like
Security Requirements
TLS/Certificate Management
- Add and extend NetworkPlugin.SecureAuxTransport interface
- Configure certificate loading from security plugin
- Allow enable TLS on grpc-transport
- Maintain separation of security settings between client/server transports
Authentication/Authorization
*Additional research needed here to determine the extent these are handled by the security plugin.
- Provide framework for user authentication
- Provide framework for enforcing role-based access control
Related component
Plugins
Describe alternatives you've considered
Leaving the grpc-transport as plaintext. TLS may not be useful for if users do not plan on making this endpoint public. Similarly AuthN/AuthZ is situational.
Additional context
No response
Metadata
Assignees
Labels
Type
Projects
Status
In Progress
Status
New
Activity