[FEATURE] [RFC] Feature flag/Split security dashboards plugin into two plugins about security-dashboards-plugin HOT 4 CLOSED

@derek-ho The security-dashboards-plugin has multiple responsibilities, but I disagree that its tightly coupled. Whichever plugin manages the session needs to be aware of the same security model that the pages in the security-dashboards-plugin reveal. I think of the responsibilities like this:

1. Session Management (Log in screen, log out, cookie management and user info) - These features are required for the security dashboards plugin to have a functioning instance of OSD coupled to a cluster running with the security plugin enabled
2. Security Admin Pages - This can be thought of as optional and really a convenience for configuring security through dashboards. An admin can always directly use the security APIs or securityadmin to manage security in the cluster.

For 2), I suppose you can think of it like an admin-portal plugin. In order for OSD to function with an OpenSearch backend with the security plugin installed 1) is a requirement and 2) is for convenience.

from security-dashboards-plugin.

Thanks for the response @cwperks ! I guess I was getting more at the fact that it is tightly coupled because it is bundled as part of the same plugin. Another use case in which this might be useful is if in multiple datasources, and users want to configure audit logging, but do not want the other features of the security plugin. We should still allow users to turn off the cookies/session management since it may not apply in that case.

from security-dashboards-plugin.

[Triage] Looks like there is not any comments on this so will not mark it as triaged just yet. We can review this in next weeks meeting and close it if there is no need for it.

from security-dashboards-plugin.

@derek-ho would you provide an update on how you would like this issue to be addressed at this point? Thank you.

from security-dashboards-plugin.