Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
Describe the issue: Is it possible to integrate Opensearch with external policy governance engine like https://casbin.org.
Configuration:
Relevant Logs or Screenshots:
Hi @ganu98 ,
What is it you’re trying to achieve, do you have a doc to something specific you’re trying to integrate.
Leeroy.
@Leeroy We are trying to integrate OpenSearch(OS) with our policy engine OPA/Casbin. Right now the policy engines are only authenticating and giving the set of roles a user has back to OpenSearch(OS). Then OS is doing the auth. Rather we would like to use our policy engines for all the Auth/Atuhz. Based on the boolean value(TRUE|FALSE) returned from policy engines OS should either deny or allow to run search/write/read on indexes. You can see the policy engine details here http://casbin.org/
@Leeroy or opensearch team Do you have any solution in your mind for my above requirement
@ganu98 This feature does not appear to be currently available. You can submit a feature request in the OpenSearch security repository at https://github.com/opensearch-project/security.
1 Like
@ganu98 The current security plugin does not have a mechanism to delegate the authorization process to external tools. The plugin makes authorization decisions based on the groups or roles provided during the authentication process.
Authorization is handled through security plugin roles and role mappings.
As per @ganeshrb, you can open a feature request in the OpenSearch security plugin GitHub.
If you do so, please share the link to the FR here.