Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RFC] Remove the opensearch-dashboards module from this repo #14500

Open
cwperks opened this issue Jun 21, 2024 · 4 comments
Open

[RFC] Remove the opensearch-dashboards module from this repo #14500

cwperks opened this issue Jun 21, 2024 · 4 comments
Labels
Plugins RFC Issues requesting major changes

Comments

@cwperks
Copy link
Member

cwperks commented Jun 21, 2024

Please describe the end goal of this project

There is a module in core called opensearch-dashboards that appears to be unused.

This plugin is a single file and all it does is register a few RestHandlers that wrap common operations around indices. On the surface, it looks like the purpose of this plugin is to facilitate requests from OpenSearch-Dashboards to allow dashboards to write to the saved objects (.kibana or .opensearch_dashboards*) index, but its not actually used by dashboards.

When running a cluster with security, dashboards must be configured with opensearch.username and opensearch.password which is used to write and read from the saved objects index or indices if using multi-tenancy. In the demo configuration, this is the kibanaserver user which is mapped to the kibana_server role which grants it permission on those indices.

This is the list of RestHandlers that it registers and it prefixes all of their existing routes with _opensearch_dashboards/

i.e. The create index API that this plugins registers is PUT /_opensearch_dashboards/{idx} instead of PUT/{idx}

Judging by the wrapper in this class it looks like the plugin is trying to provide additional protections to the saved objects indices.

If the module is unused then is there any purpose in keeping the code in core?

Supporting References

Related to work in opensearch-project/security#4439 that is analyzing system indices across all default modules and plugins

Issues

Related to opensearch-project/security#4439

Related component

Plugins
@cwperks cwperks added Meta Meta issue, not directly linked to a PR untriaged labels Jun 21, 2024
@cwperks cwperks mentioned this issue Jun 21, 2024
Merged
3 tasks
@peternied peternied added RFC Issues requesting major changes Plugins and removed untriaged Meta Meta issue, not directly linked to a PR labels Jun 26, 2024
@peternied peternied changed the title [Refactor] Consider removing the opensearch-dashboards module from this repo [RFC] Remove the opensearch-dashboards module from this repo Jun 26, 2024
@peternied
Copy link
Member

[Triage - attendees 1 2 3]
@cwperks Thanks for creating this issue, I've updated the title to reflect that we'd like comments on this issue before making a decision

@andrross
Copy link
Member

andrross commented Aug 9, 2024

@reta Do you know the purpose of this module?

A simple search for the _opensearch_dashboards prefix picks up a bunch of false positives, but digging through the results I haven't found anything that appears to actually use that prefix.

@reta
Copy link
Collaborator

reta commented Aug 9, 2024

@reta Do you know the purpose of this module?

I actually don't to be fair, but it says 'Plugin exposing APIs for OpenSearch Dashboards system indices'

@dblock
Copy link
Member

dblock commented Aug 12, 2024

This might be of interest for the list of the APIs, opensearch-project/opensearch-api-specification#236.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Plugins RFC Issues requesting major changes
Projects
OpenSearch Roadmap
Status: New
Milestone
No milestone
Development

No branches or pull requests
5 participants
@reta @dblock @peternied @andrross @cwperks