-
Notifications
You must be signed in to change notification settings - Fork 274
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow opensearch server to access its new index #1148
Allow opensearch server to access its new index #1148
Conversation
@@ -33,6 +33,9 @@ kibana_user: | |||
- ".kibana" | |||
- ".kibana-6" | |||
- ".kibana_*" | |||
- ".opensearch_dashboards" | |||
- ".opensearch_dashboards-6" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have no context, but could you help me understand where we would use .opensearch_dashboards-6
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Neither do I have the idea. It could be some legacy in kibana and I suggest it will be safer to keep it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
.kibana-6
came out of migration steps to 6.x provided by Kibana (6.7 in case of security plugin).
Is similar plan supported by OpenSearch ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@sujithvm Are you referring to the plan to keep backward compatibility in OpenSearch?
My understanding is that the plan hasn't been dicussed yet, so not clear yet. @saratvemulapalli Could you please confirm this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The migration plan is TBD. We dont know how it is going to look like and whats needed. If you have any thoughts or suggestions please feel free to add them to the issues.
Ref:
opensearch-project/OpenSearch#640
opensearch-project/OpenSearch#638
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As @saratvemulapalli we're still chewing on backwards compatibility. I agree with @hsiang9431-amzn that we should leave dashboard-6 in place and tackle it when we make other backwards compatibility changes.
What is the migration plan for existing installations and how that will work for multi-tenancy? |
I believe that will be a good point to evaluate when discussing the plan to fix backword incompatibility. @saratvemulapalli |
Until there is a plan, why not to keep existing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changes look good to me.
Please make sure you are aligned with your team as well.
opendistro-for-elasticsearch/security pull request intake form
Please provide as much details as possible to get feedback/acceptance on your PR quickly
Category: (Enhancement, New feature, Bug fix, Test fix, Refactoring, Maintenance, Documentation)
Enhancement
Github Issue # or road-map entry, if available:
N/A
Description of changes:
Allows OpenSearch Dashboards server to access its indices with default
kibanaserver
roleWhy these changes are required?
Lack of required permissions granted to
kibanaserver
role renders OpenSearch Dashboards unusableWhat is the old behavior before changes and new behavior after changes? (Please add any example/logs/screen-shot if available)
Old behavior:
kibanaserver
role does not have access to index patterns.opensearch_dashboards
nor its derivativesNew behavior: required permissions granted
Testing done: (Please provide details of testing done: Unit testing, integration testing and manual testing)
N/A, pending build workflow setup locallyCI tests, manually start an opensearch stack and tested functionality
By making a contribution to this project, I certify that:
(a) The contribution was created in whole or in part by me and I
have the right to submit it under the open source license
indicated in the file; or
(b) The contribution is based upon previous work that, to the best
of my knowledge, is covered under an appropriate open source
license and I have the right under that license to submit that
work with modifications, whether created in whole or in part
by me, under the same open source license (unless I am
permitted to submit under a different license), as indicated
in the file; or
(c) The contribution was provided directly to me by some other
person who certified (a), (b) or (c) and I have not modified
it.
(d) I understand and agree that this project and the contribution
are public and that a record of the contribution (including all
personal information I submit with it, including my sign-off) is
maintained indefinitely and may be redistributed consistent with
this project or the open source license(s) involved.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.