-
Notifications
You must be signed in to change notification settings - Fork 274
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Is it possible to call the Admin API using the HTTP
protocol?
#4693
Comments
I understand that this specification has existed since the |
HTTP
protocol?
[Triage] @10000-ki , the admin certificate should work when https is disabled. Are you experiencing an issue using the admin certificate when https is disabled? I'm hesitant to open up One thing that is possible is exposing dedicated APIs to update portions of the securityconfig. f.e. see this PR which creates APIs to update auth_failure_listeners. |
Super admin users
https://opensearch.org/docs/latest/security/access-control/users-roles/#super-admin-users
Super admin users API
Current possible scenarios
Call by sending admin certificate information to the server
curl -k --cert ./ca.crt --key ./ca.key -X PUT "https://{IP:PORT}/_plugins/_security/configupdate"
Proposal
It would be beneficial if some Admin APIs could also be called using basic auth or JWT token-based authentication, rather than just being restricted to certificate-based authentication.
The current requirement to use HTTPS in order to send certificates adds additional constraints.
In certain situations, information like roles and role mappings might change frequently at runtime, so it would be helpful to have an easier way to call these APIs. The existing method seems to be somewhat less user-friendly.
What do you think about this?
The text was updated successfully, but these errors were encountered: