search

opensearch-project / helm-charts

:wheel_of_dharma: A community repository for Helm Charts of OpenSearch Project.
https://opensearch.org/docs/latest/opensearch/install/helm/
Apache License 2.0
170 stars 228 forks source link

[BUG] Helm install after uninstall doesn't update the security config #483

Closed bagipriyank closed 11 months ago

bagipriyank commented 1 year ago

What is the bug?

Helm install after uninstall of opensearch doesn't update the security config

How can one reproduce the bug?

Helm install opensearch with 

      config.yml: |-
        _meta:
          type: "config"
          config_version: "2"
        config:
          dynamic:
            http:
              anonymous_auth_enabled: false
            authc:
              basic_internal_auth_domain:
                description: "Authenticate via HTTP Basic against internal users database"
                http_enabled: true
                transport_enabled: true
                order: 0
                http_authenticator:
                  type: basic
                  challenge: true
                authentication_backend:
                  type: intern
              saml_auth_domain:
                order: 1
                description: "SAML provider"
                http_enabled: true
                transport_enabled: false
                http_authenticator:
                  type: saml
                  challenge: true
                  config:
                    idp:
                      metadata_url: ${idp_metadata_url}
                      entity_id: ${idp_entity_id}
                    sp:
                      entity_id: ${sp_entity_id}
                    kibana_url: ${kibana_url}
                    exchange_key : ${exchange_key}
                    roles_key: Roles
                authentication_backend:
                  type: noop

notice the value of challenge is true for basic_internal_auth_domain

Now do helm uninstall do get rid of the pods, and then do helm install again. This time use challenge: false for basic_internal_auth_domain.

What is the expected behavior?

Value of challenge should update in config/opensearch-security/config.yml to false but it stays as true

Do you have any additional context?

https://forum.opensearch.org/t/azure-sso-integration-issue/15745/10?u=pbagrecha

Please let me know if this is not the right repository, and if you can point me to the right place.

jordarlu commented 11 months ago

Hi, @peterzhuamazon , @gaiksaya , @prudhvigodithi , could you help move this issue to helm-charts repo, thanks

smlx commented 11 months ago

This is a duplicate of #303

peterzhuamazon commented 11 months ago

Close this as it is duplicate to #303.