Add indices:data/read/scroll permission to AWS OpenSearch fine grained permissions examples
Problem to solve
GitLab integration lacks scroll clear permission
In the OpenSearch logs (of a customer data nodes) they found errors stating that the user for the interaction between GitLab and OpenSearch lacks permissions to clear scrolls. Scroll contexts that are not cleared by this user will most likely be kept alive until the default duration of 5 minutes is reached and they get closed by OpenSearch. They are hesitant to now blindly give the user this permission (indices:data/read/scroll/clear) since it's not documented as such by GitLab and They are unsure about potential side-effects. This is the log entry for the lacking permission:
[2024-08-16T11:43:44,463][INFO ][o.o.s.p.PrivilegesEvaluator]
[<OpenSearch cluster manager node name redacted>]
No cluster-level perm match for User [name=<OpenSearch user name redacted>,
backend_roles=[], requestedTenant=null] Resolved [aliases=[*], allIndices=[*], types=[*], originalRequested=[*], remoteIndices=[]] [Action [indices:data/read/scroll/clear]]
[RolesChecked [<OpenSearch role name redacted>]]. No permissions for [indices:data/read/scroll/clear]What product or feature(s) affected?
AWS OpenSearch integration
What docs or doc section affected? Include links or paths.
Is there a problem with a specific document, or a feature/process that's not addressed sufficiently in docs?
The latter (feature/process that's not addressed sufficiently in docs)
Any other ideas or requests?
We need to ensure that it's safe to add this permission before adding it to the documentation.
Further details
Proposal
Add indices:data/read/scroll permission to AWS OpenSearch fine grained permissions examples
Who can address the issue
Global Search group
Other links/references
Customer ticket: https://gitlab.zendesk.com/agent/tickets/558759 (Internal Use Only)