-
Notifications
You must be signed in to change notification settings - Fork 281
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FEATURE] Support Security Config Updates on the REST API #2577
Comments
[Triage] Hi @terryquigleysas, thank you for filing this issue. I will take a moment to update the code to show that it is working as expected. |
@scrawfor99 Thanks for taking this on. Is there other information you require from me? As mentioned above and at the triage meetings it would be great if the following were possible:
This is currently holding up our ability to move to OpenSearch version 2.x unfortunately. Even if point 1) were answered we may be able to progress with that at our end. |
@scrawfor99 and @peternied I can confirm that it works as expected we use it in our test env so far without any issue. The main problem that it is impossible to call the endpoint without superadmin access but together with REST API admin permissions it is possible. I can implement this feature. wdyt? |
Sure thing, IMO there is no good reason to use |
Hi @scrawfor99, @peternied and @willyborankin,
|
Hi @ihendry2, I believe that is correct. That being said, I never ended up implementing this personally. I believe that @willyborankin had mentioned interest in putting this together but I know they are also quite busy so I cannot speak to the state of the change. It is a small change so realistically could be implemented in the subsequent release. |
@willyborankin following up on this as #2411 merged. Are we good to close this one? |
Hi @davidlago I'm going to open PR for this feature |
Is your feature request related to a problem?
We need to be able to update elements of the security config. We have found the REST API to work but have so far been prevented from using it as it appears to be marked as unsupported.
From https://opensearch.org/docs/latest/security/access-control/api/#patch-configuration the property that needs to be set is called:
plugins.security.unsupported.restapi.allow_securityconfig_modification: true
What solution would you like?
As raised in the last backlog and triage meeting, could the naming of this be made more neutral (i.e. removal or replacement of "unsupported") and confirmation provided that there is no functional reason why this call does not work?
What alternatives have you considered?
As an additional note we have attempted to use the securityadmin.sh script to reload the config. As well as being more unwieldy for or use case it no longer works for one of the scenarios we need to support due to the new requirement for TLS to be enabled for the script to work in OpenSearch 2.x
The text was updated successfully, but these errors were encountered: