-
Notifications
You must be signed in to change notification settings - Fork 24.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[DOCS][ESQL][8.14] Add API key based security model info for ESQL CCS #109155
Conversation
Documentation preview: |
Pinging @elastic/es-docs (Team:Docs) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looking good ... a couple of comments.
Thanks @jakelandis, I've updated per review [edit] I also tried to add a little practical color for choosing between security models in 9e61001 c429b95 adds cluster privilege that is required in 99% of cases as we discussed |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
updates look good. a couple more suggestions.
[[esql-ccs-security-model-certificate]] | ||
===== TLS certificate authentication | ||
|
||
TLS certificate authentication makes sense in single administrator scenarios where you have full control over both clusters. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
TLS certificate authentication makes sense in single administrator scenarios where you have full control over both clusters. | |
TLS certificate authentication secures remote clusters with mutual TLS and is available under the basic license. This may be the preferred model where a single administrator has full control over both clusters. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we talk about licenses explicitly in docs given variance between self-managed and cloud?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't know our general stance, but it seems like an important detail since ES|QL is not gated by an enterprise license. IIUC in cloud user have access to all features, but are billed based on usage.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We use generic messaging about licensing as a rule, and the main pages for these security models have prerequisites sections that say stuff like "The local and remote clusters must have an appropriate license. For more information, refer to https://www.elastic.co/subscriptions". So I will refrain from mentioning licensing in this doc.
thanks @jakelandis! updated again, and tried to make some things more explicit about this doc, i.e. here we detail esql specifics but need to follow the full flow on the main API key authentication page You can use the URL preview to check how the page looks and zoom out from the commit diffs |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM - a couple minor clarifications.
Thanks for working on this !
Co-authored-by: Jake Landis <jake.landis@elastic.co>
…elastic#109155) Co-authored-by: Jake Landis <jake.landis@elastic.co>
💚 Backport successful
|
Note
This PR targets 8.14 changes first, updates for 8.15+ will come in follow-up PR.
Part 1 of tackling #108735.
URL preview
Drive-by edits 🚗