search

opensearch-project / ansible-playbook

🤖 A community repository for Ansible Playbook of OpenSearch Project.
https://opensearch.org/
Apache License 2.0
86 stars 96 forks source link

[BUG][security.yml] deploy custom security config is not supported if auth type is different than oidc #116

Open ySp-chld opened 1 year ago

ySp-chld commented 1 year ago

If copy_custom_security_configs is true custom file security_plugin_conf.yml is not deployed because the check is made on auth_type == 'oidc'.

- name: Security Plugin configuration | Copy the security configuration file 3 to cluster
  template:
    src: security_plugin_conf.yml
    dest: "{{ os_sec_plugin_conf_path }}/config.yml"
    backup: yes
    owner: "{{ os_user }}"
    group: "{{ os_user }}"
    mode: 0600
    force: yes
  when: auth_type == 'oidc'

So if you customised security_plugin_conf.yml to use ldap or anything but oidc then you cannot deploy the configuration.

I suggest an easy fix by adding an alternative check : 

- name: Security Plugin configuration | Copy the security configuration file 3 to cluster
  template:
    src: security_plugin_conf.yml
    dest: "{{ os_sec_plugin_conf_path }}/config.yml"
    backup: yes
    owner: "{{ os_user }}"
    group: "{{ os_user }}"
    mode: 0600
    force: yes
  when: auth_type == 'oidc' or copy_custom_security_configs

This changed should not cause too much trouble.

prudhvigodithi commented 1 year ago

[Triage] Hey @french-kiwy thanks for raising an issue, I now get the problem, can you please raise a PR and contribute to the fix you suggested? Thank you @gaiksaya @bbarani @peterzhuamazon