[RAC] Disable RAC multi-tenancy#108506
Conversation
Kerry350
added
Feature:Observability RAC
Feature:RAC
Kerry350
added
release_note:skip
Yeah, I think this is absolutely acceptable and let's prioritize other work over figuring that out. Thanks! |
jasonrhodes
left a comment
jasonrhodes
left a comment
There was a problem hiding this comment.
This LGTM, thanks for walking me through the functionality!
| @@ -13,8 +13,14 @@ export const config = { | |||
| write: schema.object({ | |||
| enabled: schema.boolean({ defaultValue: false }), | |||
There was a problem hiding this comment.
Shall we change xpack.ruleRegistry.write.enabled to true by default now?
There was a problem hiding this comment.
It'll happen as part of #105237 and the "final wrap up" 👍
| if (!hasEnabledWrite) return false; | ||
|
|
||
| // Not using legacy multi-tenancy | ||
| if (!hasSetCustomKibanaIndex) { | ||
| return hasEnabledWrite; | ||
| } else { | ||
| return hasSetUnsafeAccess; | ||
| } |
There was a problem hiding this comment.
Nit: maybe this could be easier to grasp (totally subjective)
if (hasEnabledWrite) {
return hasSetCustomKibanaIndex ? hasSetUnsafeAccess : true;
}
return false;
💚 Build SucceededMetrics [docs]Unknown metric groupsAPI count
API count missing comments
History
To update your PR or re-run it, just comment with: cc @Kerry350 |
Kerry350
added
the
auto-backport
* Disable RAC multi-tenancy
💚 Backport successful
This backport PR will be merged automatically after passing CI. |
5 participants
Summary
Implements #108393.
Customisation of the index used by the rule registry is no longer allowed. User's with
kibana.indexset will, by default, have no rule data written. They can however opt into an unsafe experience usingxpack.ruleRegistry.unsafe.legacyMultiTenancy.enabled.(Please see the ticket for more details).
Testing
Make sure you have a user with the ability to create indices for the later steps, when you set a custom kibana.index
The expectation is still that
xpack.ruleRegistry.write.enabledhas been set totrueFlows
Flow: User without a custom
kibana.indexExpectation: Data is written and viewable as normal
Flow: User has a custom
kibana.indexsetExpectation: Data isn't written
Flow: User has a custom
kibana.indexset andxpack.ruleRegistry.unsafe.legacyMultiTenancy.enabledset totrueExpectation: Data is written and viewable
UI disabling
Right now the
alertsUI and table isn't disabled (this won't break anything as there will be no data to query). We don't have access tokibana.indexeasily on the client side as we do on the server side. So we need to share information from the server side of the rule registry plugin, with the client side of the observability plugin. As it's server -> client we can't do a simple contract access. We could setup an API route. (Maybe I've missed an option 🤔). Jason and I discussed this, and it might be okay that the table displays, but just doesn't contain any data.