Admin and Super Admin (security admin) Documentation Update #7069
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: leanne.laceybyrne@eliatra.com <leanne.laceybyrne@eliatra.com>
leanneeliatra
requested review from
AMoo-Miki,
Naarcha-AWS,
dlvenable,
epugh,
hdhalter,
kolchfa-aws,
natebower,
stephen-crawford and
vagimeli
as code owners
Signed-off-by: leanne.laceybyrne@eliatra.com <leanne.laceybyrne@eliatra.com>
hdhalter
added
security
In progress
1 task
|
@leanneeliatra - Is this ready for review? |
Hi @hdhalter it is still in progress at the moment, I will be adding some updates to this section of the docs today. Thanks a million. |
Signed-off-by: leanne.laceybyrne@eliatra.com <leanne.laceybyrne@eliatra.com>
Signed-off-by: leanne.laceybyrne@eliatra.com <leanne.laceybyrne@eliatra.com>
leanneeliatra
changed the title
|
This ticket is now ready for review. cc @hdhalter |
Signed-off-by: leanne.laceybyrne@eliatra.com <leanne.laceybyrne@eliatra.com>
Signed-off-by: leanne.laceybyrne@eliatra.com <leanne.laceybyrne@eliatra.com>
hdhalter
added
Tech review
|
Apologies if I missed that last capitalisation link @hdhalter. All changes now integrated! Thanks. |
|
@Naarcha-AWS - Can you please take a final look at this? An editorial request has been submitted. Thanks! |
Naarcha-AWS
reviewed
May 29, 2024
Naarcha-AWS
reviewed
May 29, 2024
Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Naarcha-AWS
reviewed
Jun 4, 2024
Naarcha-AWS
reviewed
Jun 4, 2024
Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Naarcha-AWS
added
Editorial review
natebower
requested changes
Jun 5, 2024
There was a problem hiding this comment.
@leanneeliatra @Naarcha-AWS Please see my comments and changes and tag me for approval on lines 265 and 274 in users-roles.md and 131 and 138 in security-admin.md. Thanks!
|
|
||
| #### Authentication of super admin role | ||
|
|
||
| Super admins are authenticated through certificates, not passwords. The necessary certificates are defined in the `admin_dn` section of the `opensearch.yml` file and must be signed with the same root CA to verify and connect it to the cluster. |
There was a problem hiding this comment.
Should this end in a colon? What is being shown in the following example?
_security/configuration/tls.md
Outdated
| ## Configuring admin certificates | ||
| Admin certificates are regular client certificates that have elevated rights to perform administrative tasks. You need an admin certificate to change the Security plugin configuration using [`plugins/opensearch-security/tools/securityadmin.sh`]({{site.url}}{{site.baseurl}}/security/configuration/security-admin/) or the REST API. Admin certificates are configured in `opensearch.yml` by stating their DN(s): | ||
| Super admin certificates are regular client certificates that have elevated rights to perform administrative security and OpenSearch related tasks. You need an admin certificate to change the Security plugin configuration using [`plugins/opensearch-security/tools/securityadmin.sh`]({{site.url}}{{site.baseurl}}/security/configuration/security-admin/) or the REST API. Super admin certificates are configured in `opensearch.yml` by stating their DN(s): |
There was a problem hiding this comment.
"security and OpenSearch related tasks" is too vague and doesn't work here. Please revise for clarity.
_security/configuration/tls.md
Outdated
| ``` | ||
|
|
||
| For security reasons, you can't use wildcards or regular expressions here. | ||
| For security reasons, you cannot use wildcards or regular expressions here. |
There was a problem hiding this comment.
Please replace "here" with a more precise expression.
Naarcha-AWS
reviewed
Jun 5, 2024
Naarcha-AWS
reviewed
Jun 5, 2024
Co-authored-by: Nathan Bower <nbower@amazon.com> Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Naarcha-AWS
reviewed
Jun 5, 2024
Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
natebower
approved these changes
Jun 5, 2024
Co-authored-by: Nathan Bower <nbower@amazon.com> Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Naarcha-AWS
approved these changes
Jun 5, 2024
opensearch-trigger-bot bot
pushed a commit
that referenced
this pull request
Jun 5, 2024
* adding information about the admin and security admin roles Signed-off-by: leanne.laceybyrne@eliatra.com <leanne.laceybyrne@eliatra.com> * reviewdog fixes Signed-off-by: leanne.laceybyrne@eliatra.com <leanne.laceybyrne@eliatra.com> * updating admin priveleges documentation Signed-off-by: leanne.laceybyrne@eliatra.com <leanne.laceybyrne@eliatra.com> * admin and super admin documentation added and made clearer Signed-off-by: leanne.laceybyrne@eliatra.com <leanne.laceybyrne@eliatra.com> * review dog signoff Signed-off-by: leanne.laceybyrne@eliatra.com <leanne.laceybyrne@eliatra.com> * removing extra space Signed-off-by: leanne.laceybyrne@eliatra.com <leanne.laceybyrne@eliatra.com> * added further clarification for superAdmin certs Signed-off-by: leanne.laceybyrne@eliatra.com <leanne.laceybyrne@eliatra.com> * Apply suggestions from code review Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: leanneeliatra <131779422+leanneeliatra@users.noreply.github.com> * reviewdog address Signed-off-by: leanne.laceybyrne@eliatra.com <leanne.laceybyrne@eliatra.com> * Apply suggestions from code review Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Signed-off-by: leanneeliatra <131779422+leanneeliatra@users.noreply.github.com> * calling out super admin where appropriate Signed-off-by: leanne.laceybyrne@eliatra.com <leanne.laceybyrne@eliatra.com> * capitalise linked reference Signed-off-by: leanne.laceybyrne@eliatra.com <leanne.laceybyrne@eliatra.com> * Apply suggestions from code review Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> * Apply suggestions from code review Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Nathan Bower <nbower@amazon.com> Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> * Apply suggestions from code review Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Nathan Bower <nbower@amazon.com> Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> --------- Signed-off-by: leanne.laceybyrne@eliatra.com <leanne.laceybyrne@eliatra.com> Signed-off-by: leanneeliatra <131779422+leanneeliatra@users.noreply.github.com> Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> Co-authored-by: Heather Halter <HDHALTER@AMAZON.COM> Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> Co-authored-by: Nathan Bower <nbower@amazon.com> (cherry picked from commit 7dd0961) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
The addition of supporting documentation to describe the Administration roles and their purposes in OpenSearch. This documentation update will cover the Admin and Super admin role in OpenSearch.
Issues Resolved
Closes [DOC]Add documentation to clarify differences between admin and super admin roles #4646
Checklist
For more information on following Developer Certificate of Origin and signing off your commits, please check here.