Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE]Ability to provide customized security configurations to the cluster #73

Closed
Tracked by #129
gaiksaya opened this issue Oct 30, 2023 · 1 comment · Fixed by #82
Closed
Tracked by #129

[FEATURE]Ability to provide customized security configurations to the cluster #73

gaiksaya opened this issue Oct 30, 2023 · 1 comment · Fixed by #82
Assignees
@gaiksaya
Labels
enhancement New feature or request

Comments

@gaiksaya
Copy link
Member

Is your feature request related to a problem?

The current opensearch-cluster-cdk configuration in terms of security is either default security config or no security at all.
It would be helpful to be able to provide custom security configuration to the cluster. For example, only specific role mapping, allow anonymous read, etc

What solution would you like?

Ability to provide customized security configurations to the cluster

What alternatives have you considered?

Manually logging into the cluster, changing config followed by cluster restart

Do you have any additional context?

Add any other context or screenshots about the feature request here.
@gaiksaya gaiksaya added enhancement New feature or request untriaged labels Oct 30, 2023
@gaiksaya gaiksaya mentioned this issue Oct 30, 2023
Closed
11 tasks
@gaiksaya gaiksaya self-assigned this Nov 2, 2023
@gaiksaya gaiksaya removed the untriaged label Nov 2, 2023
@gaiksaya gaiksaya moved this from Backlog to In review in OpenSearch Engineering Effectiveness Nov 2, 2023
@gaiksaya gaiksaya moved this from In review to In Progress in OpenSearch Engineering Effectiveness Nov 2, 2023
@gaiksaya
Copy link
Member Author

gaiksaya commented Nov 2, 2023

Thinking of extending the scope of this issue to allow overwriting any config file with the custom config file provided by the user. As of 2.11.0 I am seeing below file in config folders and sub-folders:

opensearch]# tree config/
config/
├── discovery-ec2
│   └── log4j2.properties
├── jvm.options
├── jvm.options.d
├── log4j2.properties
├── opensearch-notifications
│   └── notifications.yml
├── opensearch-notifications-core
│   └── notifications-core.yml
├── opensearch-observability
│   └── observability.yml
├── opensearch-performance-analyzer
│   ├── agent-stats-metadata
│   ├── log4j2.xml
│   ├── opensearch_security.policy
│   ├── performance-analyzer.properties
│   ├── plugin-stats-metadata
│   ├── rca.conf
│   ├── rca_cluster_manager.conf
│   ├── rca_idle_cluster_manager.conf
│   └── supervisord.conf
├── opensearch-reports-scheduler
│   └── reports-scheduler.yml
├── opensearch-security
│   ├── action_groups.yml
│   ├── allowlist.yml
│   ├── audit.yml
│   ├── config.yml
│   ├── internal_users.yml
│   ├── nodes_dn.yml
│   ├── opensearch.yml.example
│   ├── roles.yml
│   ├── roles_mapping.yml
│   ├── tenants.yml
│   └── whitelist.yml
├── opensearch.keystore
├── opensearch.yml
└── repository-s3
    └── log4j2.properties

If a user provides for-example a custom config file for /local/path/to/customized-reports-scheduler.yml, and path to the file to be overwritten (in this case /config/opensearch-reports-scheduler/reports-scheduler.yml), the cdk should take care of it.

@gaiksaya gaiksaya mentioned this issue Nov 23, 2023
Merged
@gaiksaya gaiksaya moved this from In Progress to In review in OpenSearch Engineering Effectiveness Dec 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gaiksaya gaiksaya

Labels
enhancement New feature or request
Projects
OpenSearch Engineering Effectiveness
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add feature to support customized config files to the cluster gaiksaya/opensearch-cluster-cdk
1 participant
@gaiksaya