Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[META] Support asynchronous operations on an extension #2528

Open
2 of 8 tasks
cwperks opened this issue Mar 8, 2023 · 0 comments
Open
2 of 8 tasks

[META] Support asynchronous operations on an extension #2528

cwperks opened this issue Mar 8, 2023 · 0 comments
Assignees
Labels
triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.

Comments

@cwperks
Copy link
Member

cwperks commented Mar 8, 2023

Anomaly Detection (AD) backend is currently being converted from a plugin to an extension. AD runs jobs in the background to monitor indices in a cluster for a detector. In the plugin model, AD serializes the user (including roles and backend roles) upon detector creation and saves it as part of the detector metadata. When it comes time to run the detector, AD performs roles injection to evaluate a dedicated user (called plugin) with the roles stored in the detector’s metadata to determine if the original user could perform the action. This will not work for AD running as an extension.

More generally, outside of the Anomaly Detection use-case, guidance needs to be provided for extensions developers on how to implement extensions that want to interact with the OpenSearch cluster asynchronously. When implementing microservices today, developers will typically configure the OpenSearch client used in the microservice with a username and password that is defined in the internal user list of OpenSearch. This will not work for extensions. The password will never be shared with an extension. An alternative approach to asynchronous jobs needs to be developed.

See example from the user guide of opensearch-py: https://github.com/opensearch-project/opensearch-py/blob/main/USER_GUIDE.md#creating-a-client for configuring a client to connect with a secure cluster.

Resolves:

  • As a user, my requests to extensions that run background tasks require an identity to execute

Open Question: For anomaly detection as an extension, will the asynchronous tasks be run from nodes within the cluster or will they be run on the extension? How does scheduling work with extensions?

List of tasks to complete to support this feature:

@cwperks cwperks converted this from a draft issue Mar 8, 2023
@cwperks cwperks self-assigned this Mar 8, 2023
@github-actions github-actions bot added the untriaged Require the attention of the repository maintainers and may need to be prioritized label Mar 8, 2023
@peternied peternied removed the untriaged Require the attention of the repository maintainers and may need to be prioritized label Mar 13, 2023
@stephen-crawford stephen-crawford added autocut triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable. labels Mar 20, 2023
@davidlago davidlago removed the autocut label May 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
triaged Issues labeled as 'Triaged' have been reviewed and are deemed actionable.
Projects
Status: Tracking
Development

No branches or pull requests

4 participants