[Chore] Updates developer guide for security development #5287
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -179,6 +179,7 @@ For windows: | |
| $ wsl -d docker-desktop | ||
| $ sysctl -w vm.max_map_count=262144 | ||
| ``` | ||
|
|
||
| ### Next Steps | ||
|
|
||
| Now that you have a development environment to play with, there are a number of different paths you may take next. | ||
|
|
@@ -235,6 +236,7 @@ $ yarn opensearch snapshot --P https://repo1.maven.org/maven2/org/opensearch/plu | |
| Note - if you add the [`security` plugin](https://github.com/opensearch-project/security), you'll also need to [configure OpenSearch Dashboards for security](#configure-opensearch-dashboards-for-security). | ||
|
|
||
| ### Plugin development | ||
|
|
||
| The osd-plugin-generator tool makes it easier to create a plugin for OpenSearch Dashboards. It sets up the basic structure of the project and provides scripts to build it. Refer to [osd-plugin-generator](https://github.com/opensearch-project/OpenSearch-Dashboards/tree/main/packages/osd-plugin-generator) for more details. | ||
|
|
||
| #### Other snapshot configuration options | ||
|
|
@@ -258,6 +260,8 @@ Options: | |
| $ yarn opensearch snapshot --version 2.2.0 -E cluster.name=test -E path.data=/tmp/opensearch-data --P org.opensearch.plugin:test-plugin:2.2.0.0 --P file:/home/user/opensearch-test-plugin-2.2.0.0.zip | ||
| ``` | ||
|
|
||
| > You can find nightly builds of opensearch and its plugins at https://aws.oss.sonatype.org/content/repositories/snapshots/org/opensearch/ and release builds at https://repo1.maven.org/maven2/org/opensearch/ | ||
|
|
||
| #### Read Only capabilities | ||
|
|
||
| _This feature will only work if you have the [`security` plugin](https://github.com/opensearch-project/security) installed on your OpenSearch cluster with https/authentication enabled._ | ||
|
|
@@ -281,6 +285,13 @@ This method can also be used to develop against the [full distribution of OpenSe | |
|
|
||
| _This step is only mandatory if you have the [`security` plugin](https://github.com/opensearch-project/security) installed on your OpenSearch cluster with https/authentication enabled._ | ||
|
|
||
| > Running `yarn opensearch snapshot -P <security_plugin_url>` will not work since the plugin needs some additional configuration to setup correctly. To configure it correctly, here are the steps: | ||
| > | ||
| > 1. Run `yarn opensearch snapshot -P <security_plugin_url>`. This will fail to run and complain about missing certificates. Ignore that since what we want is for the build artifacts | ||
| > 2. Run `export initialAdminPassword=<inital admin password>` since its needed by the configuration script | ||
| > 3. Run the config script in the plugin directory of opensearch. `bash .opensearch/<version>/plugins/opensearch-security/tools/install_demo_configuration.sh` | ||
|
There was a problem hiding this comment. @manasvinibs do you think it's worth to consider provide an optional execute setup script or even "with security enabled that runs this default' There was a problem hiding this comment. That would be even better. A one line command would be ideal There was a problem hiding this comment. Yeah I agree! An additional flag to enable security which takes care of There was a problem hiding this comment. Do we want a separate PR for the additional flag? |
||
| > 4. Start opensearch `.opensearch/<version>/bin/opensearch` | ||
|
|
||
| Once the bootstrap of OpenSearch Dashboards is finished, you need to apply some | ||
| changes to the default [`opensearch_dashboards.yml`](https://github.com/opensearch-project/OpenSearch-Dashboards/blob/main/config/opensearch_dashboards.yml#L25-L72) in order to connect to OpenSearch. | ||
|
|
||
|
|
||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
should we provide just an example, like it can be
adminor imply that this is setting up initial admin password not so much that it has to be preconfiguredThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm okay with that. This is one of those docs where I want this to be a stub and see where people get confused and need more information. I think the variable name is quite self explanatory ;)