I noticed that prior to version 3.0.0, the naming convention for the security configuration file changed from whitelist.yaml to allowlist.yaml. However, the current repository still contains references to whitelist.conf.
This issue is to validate and track the update of those references to align with the new naming convention.
Remove remaining whitelist.conf reference from the securityconfig-secret and add allowlist.yaml - file.
│ Waiting to connect to the cluster
UnauthorizedSecurity Admin v7
Will connect to os-test.opensearch.svc.cluster.local:9200 ... done
Connected as "CN=admin,OU=mvx-os-test"
OpenSearch Version: 3.2.0
Contacting opensearch cluster 'opensearch' and wait for YELLOW clusterstate ...
Clustername: os-test
Clusterstate: YELLOW
Number of nodes: 2
Number of data nodes: 2
.opendistro_security index already exists, so we do not need to create one.
INFO: .opendistro_security index state is YELLOW, it seems you miss some replicas
Populate config from /usr/share/opensearch/config/opensearch-security/
Will update '/config' with /usr/share/opensearch/config/opensearch-security/config.yml
SUCC: Configuration for 'config' created or updated
Will update '/roles' with /usr/share/opensearch/config/opensearch-security/roles.yml
SUCC: Configuration for 'roles' created or updated
Will update '/rolesmapping' with /usr/share/opensearch/config/opensearch-security/roles_mapping.yml
SUCC: Configuration for 'rolesmapping' created or updated
Will update '/internalusers' with /usr/share/opensearch/config/opensearch-security/internal_users.yml
SUCC: Configuration for 'internalusers' created or updated
Will update '/actiongroups' with /usr/share/opensearch/config/opensearch-security/action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Will update '/tenants' with /usr/share/opensearch/config/opensearch-security/tenants.yml
SUCC: Configuration for 'tenants' created or updated
Will update '/nodesdn' with /usr/share/opensearch/config/opensearch-security/nodes_dn.yml
SUCC: Configuration for 'nodesdn' created or updated
Will update '/audit' with /usr/share/opensearch/config/opensearch-security/audit.yml
SUCC: Configuration for 'audit' created or updated
Will update '/allowlist' with /usr/share/opensearch/config/opensearch-security/allowlist.yml
SUCC: Configuration for 'allowlist' created or updated
SUCC: Expected 9 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","actiongroups","config","internalusers"],"updated_config_size":9,"message":nu
SUCC: Expected 9 config types for node {"updated_config_types":["allowlist","tenants","rolesmapping","nodesdn","audit","roles","actiongroups","config","internalusers"],"updated_config_size":9,"message":nu
Done with success
Context
I noticed that prior to version 3.0.0, the naming convention for the security configuration file changed from whitelist.yaml to allowlist.yaml. However, the current repository still contains references to whitelist.conf.
This issue is to validate and track the update of those references to align with the new naming convention.
Proposed action
Remove remaining whitelist.conf reference from the securityconfig-secret and add allowlist.yaml - file.
How did I notice it
When I tried to reapply the security configuration, the following line appeared in the logs:
ERR: Invalid type 'whitelist'. I don’t like seeing errors, so I googled it and found the reference discussion below.After I change my security file without whitelist.yaml
Reference
Whitelist → Allowlist change discussion