You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This plugin is a single file and all it does is register a few RestHandlers that wrap common operations around indices. On the surface, it looks like the purpose of this plugin is to facilitate requests from OpenSearch-Dashboards to allow dashboards to write to the saved objects (.kibana or .opensearch_dashboards*) index, but its not actually used by dashboards.
When running a cluster with security, dashboards must be configured with opensearch.username and opensearch.password which is used to write and read from the saved objects index or indices if using multi-tenancy. In the demo configuration, this is the kibanaserver user which is mapped to the kibana_server role which grants it permission on those indices.
This is the list of RestHandlers that it registers and it prefixes all of their existing routes with _opensearch_dashboards/
i.e. The create index API that this plugins registers is PUT /_opensearch_dashboards/{idx} instead of PUT/{idx}
Judging by the wrapper in this class it looks like the plugin is trying to provide additional protections to the saved objects indices.
If the module is unused then is there any purpose in keeping the code in core?
peternied
changed the title
[Refactor] Consider removing the opensearch-dashboards module from this repo
[RFC] Remove the opensearch-dashboards module from this repo
Jun 26, 2024
[Triage - attendees 123] @cwperks Thanks for creating this issue, I've updated the title to reflect that we'd like comments on this issue before making a decision
A simple search for the _opensearch_dashboards prefix picks up a bunch of false positives, but digging through the results I haven't found anything that appears to actually use that prefix.
Please describe the end goal of this project
There is a module in core called opensearch-dashboards that appears to be unused.
This plugin is a single file and all it does is register a few RestHandlers that wrap common operations around indices. On the surface, it looks like the purpose of this plugin is to facilitate requests from OpenSearch-Dashboards to allow dashboards to write to the saved objects (.kibana or .opensearch_dashboards*) index, but its not actually used by dashboards.
When running a cluster with security, dashboards must be configured with
opensearch.username
andopensearch.password
which is used to write and read from the saved objects index or indices if using multi-tenancy. In the demo configuration, this is thekibanaserver
user which is mapped to the kibana_server role which grants it permission on those indices.This is the list of RestHandlers that it registers and it prefixes all of their existing routes with
_opensearch_dashboards/
i.e. The create index API that this plugins registers is
PUT /_opensearch_dashboards/{idx}
instead ofPUT/{idx}
Judging by the wrapper in this class it looks like the plugin is trying to provide additional protections to the saved objects indices.
If the module is unused then is there any purpose in keeping the code in core?
Supporting References
Related to work in opensearch-project/security#4439 that is analyzing system indices across all default modules and plugins
Issues
Related to opensearch-project/security#4439
Related component
Plugins
The text was updated successfully, but these errors were encountered: