/* * Copyright OpenSearch Contributors * * Licensed under the Apache License, Version 2.0 (the "License"). * You may not use this file except in compliance with the License. * A copy of the License is located at * * http://www.apache.org/licenses/LICENSE-2.0 * * or in the "license" file accompanying this file. This file is distributed * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either * express or implied. See the License for the specific language governing * permissions and limitations under the License. */ import { EuiButton, EuiCode, EuiFlexGroup, EuiFlexItem, EuiImage, EuiPageHeader, EuiPanel, EuiSpacer, EuiSteps, EuiText, EuiTitle, } from '@elastic/eui'; import React from 'react'; import { FormattedMessage } from '@osd/i18n/react'; import { flow } from 'lodash'; import { HashRouter as Router, Route } from 'react-router-dom'; import { AppDependencies } from '../../types'; import securityStepsDiagram from '../../../assets/get_started.svg'; import { buildHashUrl, buildUrl } from '../utils/url-builder'; import { Action, ResourceType, RouteItem } from '../types'; import { API_ENDPOINT_CACHE, DocLinks } from '../constants'; import { ExternalLink, ExternalLinkButton } from '../utils/display-utils'; import { TenantList } from './tenant-list/tenant-list'; import { getBreadcrumbs } from '../app-router'; import { CrossPageToast } from '../cross-page-toast'; const addBackendStep = { title: 'Add backends', children: ( <> Add authentication(authc)and authorization(authz) information toconfig/opensearch-security/config.yml. The authc section contains the backends to check user credentials against. The authz section contains any backends to fetch backend roles from. The most common example of a backend role is an LDAP group. { window.location.href = buildHashUrl(ResourceType.auth); }} > Review authentication and authorization ), }; const setOfSteps = [ { title: 'Create roles', children: ( <> Roles are reusable collections of permissions. The default roles are a great starting point, but you might need to create custom roles that meet your exact needs.{' '} { window.location.href = buildHashUrl(ResourceType.roles); }} > Explore existing roles { window.location.href = buildHashUrl(ResourceType.roles, Action.create); }} > Create new role ), }, { title: 'Map users', children: ( <> After a user successfully authenticates, the security plugin retrieves that user’s roles. You can map roles directly to users, but you can also map them to backend roles.{' '} { window.location.href = buildHashUrl(ResourceType.users); }} > Map users to a role { window.location.href = buildHashUrl(ResourceType.users, Action.create); }} > Create internal user ), }, ]; export function GetStarted(props: AppDependencies) { let steps; if (props.config.ui.backend_configurable) { steps = [addBackendStep, ...setOfSteps]; } else { steps = setOfSteps; } return ( <>

Get started

The OpenSearch security plugin lets you define the API calls that users can make and the data they can access. The most basic configuration consists of these steps.

{props.config.ui.backend_configurable && (

)}

Optional: Configure audit logs

{' '}

{ window.location.href = buildHashUrl(ResourceType.auditLogging); }} > Review Audit Log Configuration

Optional: Purge cache

By default, the security plugin caches authenticated users, along with their roles and permissions. This option will purge cached users, roles and permissions.

{ props.coreStart.http.delete(API_ENDPOINT_CACHE); }} > Purge cache

Optional: Multi-tenancy

By default tenancy is activated in Dashboards. Tenants in OpenSearch Dashboards are spaces for saving index patterns, visualizations, dashboards, and other OpenSearch Dashboards objects.

{ window.location.href = buildHashUrl(ResourceType.tenants); }} > Manage Multi-tenancy { window.location.href = buildHashUrl(ResourceType.tenantsConfigureTab); }} > Configure Multi-tenancy

); }