Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE]Alerting backend roles not working even after enabling the backend roles #1300

Closed
Sreekanth-hubs opened this issue Sep 12, 2024 · 3 comments
Closed

[FEATURE]Alerting backend roles not working even after enabling the backend roles #1300

Sreekanth-hubs opened this issue Sep 12, 2024 · 3 comments
Labels
enhancement New feature or request

Comments

@Sreekanth-hubs
Copy link

Is your feature request related to a problem?
Describe the issue: We are trying to create the alert monitors in different tenants but however all the monitors are being visible in both the tenants and app teams are complaining about the RBAC in the alerting plugin.

Even after enabling the backend roles the rbac with alerting plugin is not working. Below is the settings that are enabled in the cluster.
settings_in_cluster:

{ “persistent”: { “cluster”: { “routing”: { “allocation”: { “cluster_concurrent_rebalance”: “50”, “node_concurrent_recoveries”: “50”, “enable”: “all”, “total_shards_per_node”: “5000” } }, “max_shards_per_node”: “5000” }, “indices”: { “breaker”: { “fielddata”: { “limit”: “60%” } }, “recovery”: { “max_bytes_per_sec”: “1024mb”, “max_concurrent_file_chunks”: “5”, “max_concurrent_operations”: “4” } }, “opensearch”: { “notifications”: { “general”: { “filter_by_backend_roles”: “true” } } }, “plugins”: { “index_state_management”: { “metadata_migration”: { “status”: “1” }, “template_migration”: { “control”: “-1” } }, “alerting”: { “filter_by_backend_roles”: “true” } } }, “transient”: { “cluster”: { “routing”: { “allocation”: { “disk”: { “watermark”: { “low”: “95%”, “flood_stage”: “95%”, “high”: “95%” } }, “enable”: “all”, “total_shards_per_node”: “5000” } }, “info”: { “update”: { “interval”: “1m” } }, “max_shards_per_node”: “5000” }, “plugins”: { “anomaly_detection”: { “filter_by_backend_roles”: “true” }, “alerting”: { “filter_by_backend_roles”: “true” } } } }
Roles&users:
Below are the configuration I have used for the tenants , Roles, Internal users.
For the internal users We have provided the pre-defined roles as alerting_full_access

What solution would you like?
I want to create monitors inside different tenants and one tenant user should not view another tenant alert monitors

What alternatives have you considered?
Even after creating via API's monitor got triggered but under the global tenant, not under specified tenant.

curl -k -u admin:admin -XPOST "https://127.0.0.1:9200/_plugins/_alerting/monitors" -H "Content-Type: application/json" -H "securitytenant: Tenant-1" -d '{
@Sreekanth-hubs Sreekanth-hubs added enhancement New feature or request untriaged labels Sep 12, 2024
@eirsep
Copy link
Member

eirsep commented Sep 12, 2024

This issue pertains to https://github.com/opensearch-project/alerting repo

@eirsep eirsep removed the untriaged label Sep 12, 2024
@eirsep eirsep mentioned this issue Sep 12, 2024
Open
@eirsep
Copy link
Member

eirsep commented Sep 12, 2024

Closing in favor of the issue that I cloned to alerting repo to which this issue is relevant.

@eirsep eirsep closed this as completed Sep 12, 2024
@Sreekanth-hubs
Copy link
Author

Sreekanth-hubs commented Sep 13, 2024
edited
Loading

Sure @eirsep Thanks for the confirmation on this that alerting plugin does not support multi tenancy.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@eirsep @Sreekanth-hubs