search

opensearch-project / OpenSearch

🔎 Open source distributed and RESTful search engine.
https://opensearch.org/docs/latest/opensearch/index/
Apache License 2.0
9.37k stars 1.72k forks source link

[RFC] Remove the `opensearch-dashboards` module from this repo #14500

Open cwperks opened 2 months ago

cwperks commented 2 months ago

Please describe the end goal of this project

There is a module in core called opensearch-dashboards that appears to be unused.

This plugin is a single file and all it does is register a few RestHandlers that wrap common operations around indices. On the surface, it looks like the purpose of this plugin is to facilitate requests from OpenSearch-Dashboards to allow dashboards to write to the saved objects (.kibana or .opensearch_dashboards*) index, but its not actually used by dashboards.

When running a cluster with security, dashboards must be configured with opensearch.username and opensearch.password which is used to write and read from the saved objects index or indices if using multi-tenancy. In the demo configuration, this is the kibanaserver user which is mapped to the kibana_server role which grants it permission on those indices.

This is the list of RestHandlers that it registers and it prefixes all of their existing routes with _opensearch_dashboards/

i.e. The create index API that this plugins registers is PUT /_opensearch_dashboards/{idx} instead of PUT/{idx}

Judging by the wrapper in this class it looks like the plugin is trying to provide additional protections to the saved objects indices.

If the module is unused then is there any purpose in keeping the code in core?

Supporting References

Related to work in https://github.com/opensearch-project/security/issues/4439 that is analyzing system indices across all default modules and plugins

Issues

Related to https://github.com/opensearch-project/security/issues/4439

Related component

Plugins

peternied commented 2 months ago

[Triage - attendees 1 2 3] @cwperks Thanks for creating this issue, I've updated the title to reflect that we'd like comments on this issue before making a decision

andrross commented 3 weeks ago

@reta Do you know the purpose of this module?

A simple search for the _opensearch_dashboards prefix picks up a bunch of false positives, but digging through the results I haven't found anything that appears to actually use that prefix.

reta commented 3 weeks ago

@reta Do you know the purpose of this module?

I actually don't to be fair, but it says 'Plugin exposing APIs for OpenSearch Dashboards system indices'

dblock commented 2 weeks ago

This might be of interest for the list of the APIs, https://github.com/opensearch-project/opensearch-api-specification/issues/236.