-
Notifications
You must be signed in to change notification settings - Fork 24.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ML] Adding manage_inference to the kibana_system role #108262
[ML] Adding manage_inference to the kibana_system role #108262
Conversation
Pinging @elastic/ml-core (Team:ML) |
Heya @jonathan-buttner ! I have a few clarifying questions:
|
I can answer // Temporarily use esClient for current user until `kibana_system` user has `inference_admin` role
// See https://github.com/elastic/elasticsearch/pull/108262
// const esClient = (await context.core).elasticsearch.client.asInternalUser;
const esClient = (await context.core).elasticsearch.client.asCurrentUser;
const elserResponse = await esClient.inference.putModel({
inference_id: 'elser_model_2',
task_type: 'sparse_embedding',
model_config: {
service: 'elser',
service_settings: {
model_id: elserId,
num_allocations: 1,
num_threads: 1,
},
task_settings: {},
},
}); We could fall back to using the |
Hey @kc13greiner 👋
The Generally it allows setting up and deleting inference endpoints to interact with 3rd party services like cohere and openai. It also allows interacting with the trained models apis: https://www.elastic.co/guide/en/elasticsearch/reference/master/ml-df-trained-models-apis.html
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@jonathan-buttner @spong Thanks for the info! Reviewing and discussing with the team 🚀 |
@jonathan-buttner Sorry, that wasn't an approval yet. I just wanted to provide an update that I was discussing with the team. I apologize for the confusing wording. |
Accidentally merged this without security's approval. They asked us to revert for now and we'll continue discussing on a new PR. |
This reverts commit 4574f2a.
This PR adds the
manage_inference
to thekibana_system
role so the default user can interact with the inference APIs. This came from a discussion around the security assistant not being able to interact with the inference API using the internal elasticsearch user within kibana.