Compatibility with Wazuh indexer based on OpenSearch 2.3.0

[gdiazlo]

Description

We need to ensure the UI compatibility with the next Wazuh Indexer which might be based on OpenSearch 2.0.0. This update is still being discussed, and we need to know potential issues.

• Review OpenSearch and OpenSearch Dashboards latest stable changelog
• Identify improvements and potential impact on the UI
• Report the findings to @wazuh/cicd to coordinate the upgrade effort.
• Develop a testing environment to verify our components would work under this new build

Note: we'll move to the latest version of OpenSearch, which is 2.3.0 at this time.

Issues

• Review custom styles for Kibana 7.9.0 #4480
• Bump platform version to 2.3.0 #4683
• Broken breadcrumbs in Wazuh Dashboard 2.x #4502
• Wrong behavior from the Flyout component in Wazuh Dashboard 2.x #4597
• Remove router Internal Error in server console #4650
• Blank window due to conflicts with the cached assets #4353
• Test the plugin in Wazuh Dashboard #4740

[AlexRuiz7]

OpenSearch 2.0.0

Breaking changes

• Deprecate Compatibility override

The override main response setting compatibility.override_main_response_version is deprecated from OpenSearch version 1.x and removed from OpenSearch 2.0.0. This setting is no longer supported for compatibility with legacy clients.

• Deprecate outdated nomenclature

In order for OpenSearch to include more inclusive naming conventions, we’ve replaced the following terms in our code with more inclusive terms

• “Whitelist” is now “Allow list”
• “Blacklist” is now “Deny list”
• “Master” is now “Cluster Manager”

If you are still using the outdated terms in the context of the security APIs or for node management, your calls and automation will continue to work until the terms are removed later in 2022.

@wazuh/cicd These settings must be removed and updated in the opensearch.yml file.

Development environments

We need to adjust our development environments with the following changes:

• Comment or remove the previous configuration setting in the opensearch.yml file
• Re-tag our image on Quay.io from 2.0 to 2.0.0.
• Fix a typo on our Docker Compose file, as the network is Docker network is created with the name os-dev-{OS_VERSION}. Must be changed to os-dev-${OS_VERSION} in order to name it dynamically.

Found issues

• Our plugin contains custom styles for Kibana 7.9.0 which are causing troubles with the OSD 2.x styles. We need to review these styles and remove them if they are no longer required.

[AlexRuiz7]

OpenSearch 2.1.0 is live

OpenSearch 2.1.0 was released the 7th of July. We need to create images for this new version.

OpenSearch and Dashboards 2.1.0 Release Notes

https://github.com/opensearch-project/opensearch-build/blob/main/release-notes/opensearch-release-notes-2.1.0.md

Tasks

• Create and upload a Docker image for OSD-Dev 2.1.0 to our Quay.io repository.
• Test our app with this new version.

[AlexRuiz7]

OpenSearch 2.2.0 is live

OpenSearch 2.2.0 was released the 12th of August. We need to create images for this new version, if we decide to provide support for this new version.

OpenSearch and Dashboards 2.2.0 Release Notes

https://github.com/opensearch-project/opensearch-build/blob/main/release-notes/opensearch-release-notes-2.2.0.md

Tasks

• Review the Release Notes for this version.

This version contains a CVE that is solved in 2.2.1. In case of providing support for OpenSearch 2.2.x we should upgrade directly to v2.2.1.

• Create and upload a Docker image for OSD-Dev 2.2.0 to our Quay.io repository.
• Test our app with this new version.

[AlexRuiz7]

OpenSearch 2.2.1 is live

OpenSearch 2.2.1 was released the 2nd of September. We need to create images for this new version, if we decide to provide support for this new version.

OpenSearch and Dashboards 2.2.1 Release Notes

https://github.com/opensearch-project/opensearch-build/blob/main/release-notes/opensearch-release-notes-2.2.1.md

Tasks

• Review the Release Notes for this version.
• Create and upload a Docker image for OSD-Dev 2.2.1 to our Quay.io repository.
• Test our app with this new version.

Issue:

• Broken breadcrumbs in Wazuh Dashboard 2.x #4502

IMPORTANT

This version solves a CVE in the OpenSearch Reporting plugin. The patched versions are 1.3.5 and 2.2.1, so any other version is vulnerable.

More information about this vulnerability can be found in this link.

[yenienserrano]

In OpenSearch 2.2.1 a new CSS class is being added to the navbar components, in particular to the breadcrumbs headers, that breaks the visualization of the Wazuh breadcrumbs.

In the images below, we can see this new CSS class, named osdHeaderBreadcrumbs, which uses the filter property, root of these issues.

This problem applies to both, the light and the dark mode.

Disabling this property, considerably improves the situation, although there are rendering problems still.

[samrit-narshing]

hi . is there a way to know how to build or get the wazuh plugin package (zip) for opensearch 2.2.1 .. ? as i need to install plugin in existing opensearchv 2.2.1

[yenienserrano]

Hi @samrit-narshing thank you for your interest in Wazuh, currently the application is not compatible with OSD 2.2.1, this issue is to see if it can be compatible with this version.

[AlexRuiz7]

Hello @wazuh-cloud-cicd team.

One of the breaking changes of OS 2.x is the deprecation of the setting compatibility.override_main_response_version, however, we still use this setting in the 4.4 branch, with a comment that says that this setting is required for Filebeat 7.10.2 to work. This is worrying.

### Option to allow Filebeat-oss 7.10.2 to work ###
compatibility.override_main_response_version: true

Are you aware of this conflict?

[yenienserrano]

I was testing the configuration, and it only caused me problems in version 2.0.0, in versions 2.1.0 or 2.2.1 I had no problem.

The deprecation of the setting compatibility.override_main_response_version was reverted in version 2.1.0 and higher in this PR.

[AlexRuiz7]

OpenSearch 2.3.0 is live

OpenSearch 2.3.0 was released the 14th of September. We need to create images for this new version, if we decide to support it.

OpenSearch and Dashboards 2.3.0 Release Notes

https://github.com/opensearch-project/opensearch-build/blob/main/release-notes/opensearch-release-notes-2.3.0.md

Tasks

• Review the Release Notes for this version.
• Create and upload a Docker image for OSD-Dev 2.3.0 to our Quay.io repository.
• Test our app with this new version.

Notable changes

• Changes in some visualizations

🚞 Refactor

• [DeAngular][visualization][vislib] Remove angular from vislib ([DeAngular][visualization][vislib] remove angular from vislib opensearch-project/OpenSearch-Dashboards#2138)
• Change timeline icon ([UX] Change timeline icon opensearch-project/OpenSearch-Dashboards#2162)

[yenienserrano]

From what I was testing I could not find other things to highlight in the 2.2.1 versions and, since version 2.3.0 was released, I was testing that version and so far I found no differences in performance with respect to version 2.2.1.

[yenienserrano]

A new problem has been found in every version of OpenSearch 2.x, more concretely related to the OpenSearch Dashboards.

We use the flyout component from EUI, which closes automatically when the user clicks outside it. However, in 2.x, these components will also close automatically when clicking inside them. This is not the correct behavior, and it's probably related to OSD updating the EUI library to a newer version, breaking our customized components behavior.

Video

flyoutclose.mp4

We'll need to hunt and fix this bug.

Related release notes

OpenSearch Dashboards uses OUI and its alias onto EUI (opensearch-project/OpenSearch-Dashboards#2080)
https://github.com/opensearch-project/OpenSearch-Dashboards/blob/main/release-notes/opensearch-dashboards.release-notes-2.2.0.md

Bumps @elastic/eui to v34.6.0 and @elastic/charts to v31.1.0
https://github.com/opensearch-project/OpenSearch-Dashboards/blob/main/release-notes/opensearch-dashboards.release-notes-2.0.0.md

[yenienserrano]

Comparison table

Changes compared to OpenSearch and OpenSearch Dashboards 1.2.0.

	v2.0.0	v2.1.0	v2.2.1	v2.3.0
compatibility.override_main_response_version	not supported	supported	supported	supported
Changes in breadcrumb styles	No	No	Yes	Yes
Changes in the Elastic/EUI version	Yes, 34.6.0	Yes, 34.6.0	Yes, Fork 34.6.0	Yes, Fork 34.6.0
Flyouts issue	Yes	Yes	Yes	Yes
fixes CVE-2020-6383?	No	No	Yes	Yes
SAML login support*	Yes	No	No	Yes
SAML logoff support*	No	No	No	No

• SAML support is being investigated in this issue SAML logout/session renewal bugs #4595

[AlexRuiz7]

The team has decided to move to OpenSearch 2.3.0 on the new minor version of Wazuh (4.4.0).