OpenSearch

Channel Revision Published Runs on
2/stable 168 24 Sep 2024
Ubuntu 22.04
2/candidate 168 24 Sep 2024
Ubuntu 22.04
2/beta 168 24 Sep 2024
Ubuntu 22.04
2/edge 198 Today
Ubuntu 24.04 Ubuntu 22.04
2/edge 196 11 Dec 2024
Ubuntu 24.04 Ubuntu 22.04
juju deploy opensearch --channel 2/stable
Show information

Platform:

Ubuntu
24.04 22.04

charms.opensearch.v0.opensearch_relation_provider

OpenSearch client relation hooks & helpers.

See this link for a detailed spec: https://github.com/canonical/charm-relation-interfaces/tree/main/interfaces/opensearch_client/v0

The read-only-endpoints field of DatabaseProvides is unused in this relation because this concept is irrelevant to OpenSearch. In this relation, the application charm should have control over node & index security policies, and therefore differentiating between types of network endpoints is unnecessary.

A role will be created for the relation with the permissions and action groups applied, and these roles will be mapped to a dedicated user for the relation, which will be removed with the relation. Default security values can be found in the opensearch documentation here: https://opensearch.org/docs/latest/security/access-control/index/.


class ExtraUserRolePermissions

Description

An enum of user types and their associated permissions. None

class OpenSearchProvider

Defines functionality for the 'provides' side of the 'opensearch-client' relation.

Description

Hook events observed: - index-requested - relation-departed - relation-broken

Methods

OpenSearchProvider. __init__( self , charm )

Constructor for OpenSearchProvider object.

Arguments

charm

the charm providing the opensearch relation

OpenSearchProvider. dashboards_relations( self )

Description

Return the dashboard relations out of all. None

OpenSearchProvider. validate_index_name( self , index_name: str )

Description

Validates that the index name provided in the relation is acceptable. None

OpenSearchProvider. create_opensearch_users( self , username: str , hashed_pwd: str , index: str , extra_user_roles: str )

Creates necessary opensearch users and permissions for this relation.

Description

Args: username: Username to be created hashed_pwd: the hash of the password to be assigned to the user index: the index to which the users must be granted access extra_user_roles: the level of permissions that the user should be given. Can be a comma-separated list of roles, which should result in a merged list of permissions.

Raises: OpenSearchUserMgmtError if user creation fails

OpenSearchProvider. get_extra_user_role_permissions( self , extra_user_roles: str , index: str )

Get relation role permissions from the extra_user_roles field.

Arguments

extra_user_roles

role requested by the requirer unit, provided in relation databag. This needs to be one of "admin" or "default", or it will be set to "default". TODO should this fail and raise an error instead so provider charm authors can guarantee they're getting the perms they expect?

index

if these permissions are index-specific, they will be assigned to this index.

Returns

A dict containing the required permissions for the requested role.

OpenSearchProvider. update_certs( self , relation_id , ca_chain )

Update TLS certs passed into this relation.

Description

If ca_chain is not provided, it'll get the app-admin CA generated by the TLS charm.

OpenSearchProvider. update_endpoints( self , relation: Relation , omit_endpoints )

Description

Updates endpoints in the databag for the given relation. None

OpenSearchProvider. update_dashboards_password( self )

Description

Update each Opensearch Dashboards relation with the latest kibanaserver. None