Hi All,
I am using amazon/opendistro-for-elasticsearch-kibana:1.13.1 and amazon/opendistro-for-elasticsearch:1.13.2 version of Opendistro docker images for my setup.
We have two roles one is admin and other as reader who will have only read permission to assigned indices and alerting plugin.
For multitenancy, we have been appending one custom backend role (reader) to each tenant user and some built-in roles. The issue here is user from other tenant able to get the information of alerts, monitors and destination that are created on other tenant.
Created one destination and tried get the information from .opendistro-alerting.config index pattern. The result is:
{
“_index” : “.opendistro-alerting-config”,
“_type” : “_doc”,
“_id” : “dU1e934BaHBp3Qi08bHr”,
“_score” : 1.0,
“_source” : {
“destination” : {
“id” : “”,
“type” : “email”,
“name” : “email-destination”,
“user” : {
“name” : “elk Tenant”,
“backend_roles” : [
“elk-tenant-role”,
“offline_access”,
“admin”,
“uma_authorization”
],
“roles” : [
“elk-tenant-role”,
“own_index”,
“all_access”
],
“custom_attribute_names” : ,
“user_requested_tenant” : null
},
“schema_version” : 3,
“seq_no” : 0,
“primary_term” : 0,
“last_update_time” : 1644827701739,
“email” : {
“recipients” : [
{
“email_group_id” : “azP83X4BxOgYLwZmyNNb”,
“type” : “email_group”
}
],
“email_account_id” : “yjX83X4BbBLDFQ8ES8Hn”
}
}
}
}
From my analysis, creating any object of alerting plugin does not store tenant information as “user_requested_tenant” : null.
Please help me in adding tenant information for alerting plugin of Opendistro.