Allow opensearch server to access its new index #1148
Conversation
hsiang9431-amzn
changed the title
| @@ -33,6 +33,9 @@ kibana_user: | |||
| - ".kibana" | |||
| - ".kibana-6" | |||
| - ".kibana_*" | |||
| - ".opensearch_dashboards" | |||
| - ".opensearch_dashboards-6" | |||
There was a problem hiding this comment.
I have no context, but could you help me understand where we would use .opensearch_dashboards-6?
There was a problem hiding this comment.
Neither do I have the idea. It could be some legacy in kibana and I suggest it will be safer to keep it
There was a problem hiding this comment.
.kibana-6 came out of migration steps to 6.x provided by Kibana (6.7 in case of security plugin).
Is similar plan supported by OpenSearch ?
There was a problem hiding this comment.
@sujithvm Are you referring to the plan to keep backward compatibility in OpenSearch?
My understanding is that the plan hasn't been dicussed yet, so not clear yet. @saratvemulapalli Could you please confirm this?
There was a problem hiding this comment.
The migration plan is TBD. We dont know how it is going to look like and whats needed. If you have any thoughts or suggestions please feel free to add them to the issues.
Ref:
opensearch-project/OpenSearch#640
opensearch-project/OpenSearch#638
There was a problem hiding this comment.
As @saratvemulapalli we're still chewing on backwards compatibility. I agree with @hsiang9431-amzn that we should leave dashboard-6 in place and tackle it when we make other backwards compatibility changes.
|
What is the migration plan for existing installations and how that will work for multi-tenancy? |
I believe that will be a good point to evaluate when discussing the plan to fix backword incompatibility. @saratvemulapalli |
|
Until there is a plan, why not to keep existing |
opendistro-for-elasticsearch/security pull request intake form
Please provide as much details as possible to get feedback/acceptance on your PR quickly
Category: (Enhancement, New feature, Bug fix, Test fix, Refactoring, Maintenance, Documentation)
Enhancement
Github Issue # or road-map entry, if available:
N/A
Description of changes:
Allows OpenSearch Dashboards server to access its indices with default
kibanaserverroleWhy these changes are required?
Lack of required permissions granted to
kibanaserverrole renders OpenSearch Dashboards unusableWhat is the old behavior before changes and new behavior after changes? (Please add any example/logs/screen-shot if available)
Old behavior:
kibanaserverrole does not have access to index patterns.opensearch_dashboardsnor its derivativesNew behavior: required permissions granted
Testing done: (Please provide details of testing done: Unit testing, integration testing and manual testing)
N/A, pending build workflow setup locallyCI tests, manually start an opensearch stack and tested functionality
By making a contribution to this project, I certify that:
(a) The contribution was created in whole or in part by me and I
have the right to submit it under the open source license
indicated in the file; or
(b) The contribution is based upon previous work that, to the best
of my knowledge, is covered under an appropriate open source
license and I have the right under that license to submit that
work with modifications, whether created in whole or in part
by me, under the same open source license (unless I am
permitted to submit under a different license), as indicated
in the file; or
(c) The contribution was provided directly to me by some other
person who certified (a), (b) or (c) and I have not modified
it.
(d) I understand and agree that this project and the contribution
are public and that a record of the contribution (including all
personal information I submit with it, including my sign-off) is
maintained indefinitely and may be redistributed consistent with
this project or the open source license(s) involved.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.