Charmed OpenSearch
- By Canonical Data Platform
- Databases
| Channel | Revision | Published | Runs on |
|---|---|---|---|
| 2/beta | 117 | 19 Jul 2024 | |
| 2/edge | 158 | Today |
juju deploy opensearch --channel 2/beta
Deploy universal operators easily with Juju, the Universal Operator Lifecycle Manager.
Platform:
charms.opensearch.v0.opensearch_relation_provider
-
- Last updated 12 Aug 2024
- Revision Library version 0.1
OpenSearch client relation hooks & helpers.
See this link for a detailed spec: https://github.com/canonical/charm-relation-interfaces/tree/main/interfaces/opensearch_client/v0
The read-only-endpoints field of DatabaseProvides is unused in this relation because this concept is irrelevant to OpenSearch. In this relation, the application charm should have control over node & index security policies, and therefore differentiating between types of network endpoints is unnecessary.
A role will be created for the relation with the permissions and action groups applied, and these roles will be mapped to a dedicated user for the relation, which will be removed with the relation. Default security values can be found in the opensearch documentation here: https://opensearch.org/docs/latest/security/access-control/index/.
Index
class ExtraUserRolePermissions
Description
An enum of user types and their associated permissions. None
class OpenSearchProvider
Defines functionality for the 'provides' side of the 'opensearch-client' relation.
Description
Hook events observed: - index-requested - relation-departed - relation-broken
Methods
OpenSearchProvider. __init__( self , charm )
Constructor for OpenSearchProvider object.
Arguments
the charm providing the opensearch relation
OpenSearchProvider. dashboards_relations( self )
Description
Return the dashboard relations out of all. None
OpenSearchProvider. validate_index_name( self , index_name: str )
Description
Validates that the index name provided in the relation is acceptable. None
OpenSearchProvider. create_opensearch_users( self , username: str , hashed_pwd: str , index: str , extra_user_roles: str )
Creates necessary opensearch users and permissions for this relation.
Description
Args: username: Username to be created hashed_pwd: the hash of the password to be assigned to the user index: the index to which the users must be granted access extra_user_roles: the level of permissions that the user should be given. Can be a comma-separated list of roles, which should result in a merged list of permissions.
Raises: OpenSearchUserMgmtError if user creation fails
OpenSearchProvider. get_extra_user_role_permissions( self , extra_user_roles: str , index: str )
Get relation role permissions from the extra_user_roles field.
Arguments
role requested by the requirer unit, provided in relation databag. This needs to be one of "admin" or "default", or it will be set to "default". TODO should this fail and raise an error instead so provider charm authors can guarantee they're getting the perms they expect?
if these permissions are index-specific, they will be assigned to this index.
Returns
A dict containing the required permissions for the requested role.
OpenSearchProvider. update_certs( self , relation_id , ca_chain )
Update TLS certs passed into this relation.
Description
If ca_chain is not provided, it'll get the app-admin CA generated by the TLS charm.
OpenSearchProvider. update_endpoints( self , relation: Relation , omit_endpoints )
Description
Updates endpoints in the databag for the given relation. None
OpenSearchProvider. update_dashboards_password( self )
Description
Update each Opensearch Dashboards relation with the latest kibanaserver. None