Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DOCS][ESQL][8.14] Add API key based security model info for ESQL CCS #109155

Merged
merged 9 commits into from
Jun 3, 2024
Merged

[DOCS][ESQL][8.14] Add API key based security model info for ESQL CCS #109155

merged 9 commits into from
Jun 3, 2024

Conversation

leemthompo
Copy link
Contributor

@leemthompo leemthompo commented May 29, 2024
edited
Loading

Note

This PR targets 8.14 changes first, updates for 8.15+ will come in follow-up PR.

Part 1 of tackling #108735.

URL preview

Drive-by edits 🚗

  • Replace querying cluster and fulfilling cluster with local and remote for consistency
  • Fix heading levels

@leemthompo leemthompo added >docs General docs changes Team:Docs Meta label for docs team Team:Analytics Meta label for analytical engine team (ESQL/Aggs/Geo) labels May 29, 2024
@leemthompo leemthompo self-assigned this May 29, 2024
@github-actions GitHub Actions
Copy link

Documentation preview:

@leemthompo leemthompo mentioned this pull request May 29, 2024
Open
@leemthompo leemthompo marked this pull request as ready for review May 29, 2024 12:50
@elasticsearchmachine elasticsearchmachine removed the Team:Analytics Meta label for analytical engine team (ESQL/Aggs/Geo) label May 29, 2024
@elasticsearchmachine
Copy link
Collaborator

Pinging @elastic/es-docs (Team:Docs)

jakelandis
jakelandis reviewed May 29, 2024
View reviewed changes
Copy link
Contributor

@jakelandis jakelandis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looking good ... a couple of comments.

docs/reference/esql/esql-across-clusters.asciidoc Outdated Show resolved Hide resolved
docs/reference/esql/esql-across-clusters.asciidoc Show resolved Hide resolved
docs/reference/esql/esql-across-clusters.asciidoc Outdated Show resolved Hide resolved
docs/reference/esql/esql-across-clusters.asciidoc Show resolved Hide resolved
@leemthompo
Copy link
Contributor Author

leemthompo commented May 30, 2024
edited
Loading

Thanks @jakelandis, I've updated per review

[edit] I also tried to add a little practical color for choosing between security models in 9e61001

c429b95 adds cluster privilege that is required in 99% of cases as we discussed

jakelandis
jakelandis reviewed May 30, 2024
View reviewed changes
Copy link
Contributor

@jakelandis jakelandis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updates look good. a couple more suggestions.

docs/reference/esql/esql-across-clusters.asciidoc Outdated
[[esql-ccs-security-model-certificate]]
===== TLS certificate authentication

TLS certificate authentication makes sense in single administrator scenarios where you have full control over both clusters.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
TLS certificate authentication makes sense in single administrator scenarios where you have full control over both clusters.
TLS certificate authentication secures remote clusters with mutual TLS and is available under the basic license. This may be the preferred model where a single administrator has full control over both clusters.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we talk about licenses explicitly in docs given variance between self-managed and cloud?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know our general stance, but it seems like an important detail since ES|QL is not gated by an enterprise license. IIUC in cloud user have access to all features, but are billed based on usage.

Copy link
Contributor Author

@leemthompo leemthompo May 31, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We use generic messaging about licensing as a rule, and the main pages for these security models have prerequisites sections that say stuff like "The local and remote clusters must have an appropriate license. For more information, refer to https://www.elastic.co/subscriptions". So I will refrain from mentioning licensing in this doc.

docs/reference/esql/esql-across-clusters.asciidoc Outdated Show resolved Hide resolved
docs/reference/esql/esql-across-clusters.asciidoc Show resolved Hide resolved
docs/reference/esql/esql-across-clusters.asciidoc Outdated Show resolved Hide resolved
docs/reference/esql/esql-across-clusters.asciidoc Outdated Show resolved Hide resolved
docs/reference/esql/esql-across-clusters.asciidoc Outdated Show resolved Hide resolved
docs/reference/esql/esql-across-clusters.asciidoc Outdated Show resolved Hide resolved
docs/reference/esql/esql-across-clusters.asciidoc Outdated Show resolved Hide resolved
@leemthompo
Copy link
Contributor Author

leemthompo commented May 31, 2024
edited
Loading

thanks @jakelandis! updated again, and tried to make some things more explicit about this doc, i.e. here we detail esql specifics but need to follow the full flow on the main API key authentication page

You can use the URL preview to check how the page looks and zoom out from the commit diffs

jakelandis
jakelandis approved these changes Jun 3, 2024
View reviewed changes
Copy link
Contributor

@jakelandis jakelandis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - a couple minor clarifications.

Thanks for working on this !

docs/reference/esql/esql-across-clusters.asciidoc Outdated Show resolved Hide resolved
docs/reference/esql/esql-across-clusters.asciidoc Outdated Show resolved Hide resolved
docs/reference/esql/esql-across-clusters.asciidoc Outdated Show resolved Hide resolved
@leemthompo @jakelandis
Apply Jakes's latest suggestions
62e97fc 
Co-authored-by: Jake Landis <jake.landis@elastic.co>
@leemthompo leemthompo added auto-backport-and-merge Automatically create backport pull requests and merge when ready v8.14.0 labels Jun 3, 2024
@leemthompo leemthompo merged commit 2268e38 into elastic:main Jun 3, 2024
5 checks passed
@leemthompo leemthompo deleted the ccs-api-key-esql branch June 3, 2024 16:44
@leemthompo leemthompo mentioned this pull request Jun 3, 2024
Merged
leemthompo added a commit to leemthompo/elasticsearch that referenced this pull request Jun 3, 2024
@leemthompo @jakelandis
[DOCS][ESQL][8.14] Add API key based security model info for ESQL CCS (
a4e8b93 
…elastic#109155)

Co-authored-by: Jake Landis <jake.landis@elastic.co>
@elasticsearchmachine
Copy link
Collaborator

💚 Backport successful

Status Branch Result
8.14

elasticsearchmachine pushed a commit that referenced this pull request Jun 3, 2024
@leemthompo @jakelandis
[DOCS][ESQL][8.14] Add API key based security model info for ESQL CCS (
eb37c7a 
…#109155) (#109310)

Co-authored-by: Jake Landis <jake.landis@elastic.co>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jakelandis jakelandis jakelandis approved these changes

@dnhatn dnhatn Awaiting requested review from dnhatn

Assignees

@leemthompo leemthompo

Labels
auto-backport-and-merge Automatically create backport pull requests and merge when ready >docs General docs changes Team:Docs Meta label for docs team v8.14.0 v8.15.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@leemthompo @elasticsearchmachine @jakelandis