Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add workspace documentation #213

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
182 changes: 182 additions & 0 deletions src/plugins/workspace/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,182 @@
# Workspace
Workspace is a significant feature in OpenSearch-Dashboards, allowing users to create customized workspaces by
selecting specific features and plugins that align with their particular use cases. This feature helps users
organize visual assets, such as saved_objects like dashboards and visualizations, in a structured manner within
dedicated workspaces. This approach aims to improve efficiency and manageability, making it a valuable tool for
OpenSearch-Dashboards users who want a more precise and flexible workflow.

## Scopes
In an OpenSearch cluster, when viewed from the perspective of OpenSearch Dashboards (OSD), data can be categorized
into two primary types:

1. OSD Metadata: This category includes critical OSD metadata, which is stored in a metadata store. Examples of OSD
metadata includes visualizations, dashboards, index patterns, UI settings, etc.
2. Other OpenSearch Indices: In addition to OSD metadata, an OpenSearch cluster may contain various other OpenSearch
indices for storing data unrelated to OSD.

The concept of a "workspace" in OSD is primarily concerned with the management and organization of OSD metadata (Type #1).
Workspaces do not encompass the management of data stored by plugins that maintain their independent data stores within
the OpenSearch cluster. If a plugin requires the creation of data specific to a workspace, it must store this data within
the OSD metadata store using Saved Objects. Within OSD workspaces, our focus remains squarely on OSD metadata.

## Workspace data model
The Workspace data model defines the fundamental structure for managing isolated environments dedicated to metadata
management within OpenSearch Dashboards.

```typescript
interface Workspace {
id: string
name: string
description?: string
features?: string[]
reserved?: boolean
}
```

1. `id`: A unique identifier that distinguishes each workspace.
2. `name`: The name of the workspace.
3. `description`: A description providing context for the workspace.
4. `features`: An array of application IDs associated with the workspace, derived from the plugins registered. These application IDs
are used to filter and display the relevant plugins in the left navigation menu when accessing the workspace. It serves as a visual
mechanism for organizing and presenting features.
6. `reserved`: A boolean flag indicating whether the workspace is system-reserved. System-reserved workspaces may have certain operations
restricted for end users.


**Workspace object example 1:**
```typescript
{
id: "M5NqCu",
name: "Sales team",
description: "dashboards of sale analytics",
features: ["dashboards", "visualize"],
reserved: false
}
```

Example #1 represents a workspace typically created by a user, with the reserved flag set to false. This user-created workspace can be
customized with specific features tailored to its purpose.

**Workspace object example 2:**
```typescript
{
id: "management",
name: "Management",
description: "Management workspace for OSD admin",
features: ["@management", "dataSources", "dev_tools"],
reserved: true
}
```

Example #2 is a system-reserved workspace, automatically generated by the workspace plugin for the user. The reserved flag is set to true.
This workspace includes the `@management` category, which includes all features within that category. The `@` symbol indicates that it is a
category. The `management` is the category id which the plugins specified when register applications.

## Associate saved objects with workspaces
Saved objects, such as dashboards, visualizations, and index patterns, form the backbone of data visualization and analysis in OpenSearch Dashboards.
However, as the volume of saved objects grows, keeping them organized becomes increasingly challenging. Grouping saved objects into distinct workspaces,
each serving a specific purpose or team. This association not only simplifies the process of finding and accessing relevant saved objects but also
enhances security and access control (Please ref to this [DOC](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/4633) for more details
about access control).

A new attribute, `workspaces`, is being added to saved objects which type is an array of string. A saved object can be associated with one
or multiple workspaces. The saved objects(dashboards, visualizations, etc) will only be displayed in the associated workspaces.

The follow example shows the dashboard object is associated with workspace which id is `M5NqCu`
```typescript
{
type: "dashboard",
id: "da123f20-6680-11ee-93fa-df944ec23359",
workspaces: ["M5NqCu"]
}
```

Saved object can also be associated with multiple workspaces, this is useful in scenarios where a saved object is relevant
to multiple teams, projects, or use cases.

Consider the following example, where a visualization is associated with multiple workspaces:
```typescript
{
type: "visualization",
id: "da123f20-6680-11ee-93fa-df944ec23359",
workspaces: ["M5NqCu", "<TeamA-workspace-id>", "<Analytics-workspace-id>"]
}
```
By allowing saved objects to be linked with multiple workspaces, this enables users to share and collaborate on resources
across various workspaces(teams).

## Non-workspace saved objects
While the introduction of workspaces in OSD provides a powerful framework for organizing and managing saved objects, it's
important to note that not all saved objects are necessarily associated with workspaces. Some saved objects, by their
nature or purpose, may exist independently of workspaces.

For example, the global UI settings object. This object contains configurations and settings that apply globally across
OSD, affecting the overall user interface and user experience. These settings are not tied to any specific workspace
because they are intended to impact the entire OSD. Such objects won't have `workspaces` attribute.

The coexistence of workspace-associated saved objects and those without workspace association ensures that OSD strikes
a balance between context-specific customization and system-wide consistency.

## Duplicate saved objects among workspaces
While associating saved objects with multiple workspaces links a single object instance to multiple places, duplicating saved
objects takes a different approach. When duplicating objects, it creates hard copies of the objects in the target workspace,
regardless of their original workspaces.

For example, if duplicate this object to `<target-workspace>`
```typescript
{
type: "visualization",
id: "da123f20-6680-11ee-93fa-df944ec23359",
workspaces: ["M5NqCu", "<TeamA-workspace-id>", "<Analytics-workspace-id>"]
}
```
Then a new object will be created with new `id` and associated with `<target-workspace>`
```typescript
{
type: "visualization",
id: "<new-object-id>",
workspaces: ["<target-workspace>"]
}
```
### Handling Dependencies
A significant aspect of duplicating saved objects is the handling of dependencies. Many saved objects, particularly
visual objects like dashboards and visualizations, often have a hierarchical structure with dependencies.
For example, a dashboard may depend on multiple visualizations, and each visualization may rely on specific
index pattern objects.

The duplicating process is not limited to the saved object itself. The user has the flexibility to choose whether
or not to duplicate the entire dependency tree. If duplicating the entire dependency hierarchy, all dependencies
will be duplicated. For example:
1. If the visualization depends on specific index pattern objects, these index pattern objects will also be duplicated
in `<target-workspace>`.
2. If the dashboard depends on multiple visualizations, those visualizations and their associated index patterns will
be copied as well.

This ensures that the copied saved object in <target-workspace> retains its functionality and context, with all necessary
dependencies in place.

## Reserved workspaces
Reserved workspaces are created automatically by workspace plugin, they have pre-defined configurations, including features
and permissions tailored to their intended purposes. Currently, workspace plugin creates three distinct reserved workspace:

1. Global Workspace
- **Purpose**: The Global Workspace serves as a centralized environment for managing resources and configurations that apply
globally across OpenSearch Dashboards.
- **Features**: It includes features that are accessible to all users, regardless of their specific teams or projects.
- **Permissions**: All users have `read` and `write` permission to global workspace and its associated saved objects.
2. Personal Workspace
- **Purpose**: The Personal Workspace is designed to provide individual users with a dedicated space for their personal work.
However, it's important to note that a **Personal Workspace will only be created if user/role information can be retrieved**.
- **Features**: Users have the flexibility to configure their Personal Workspace according to their preferences and requirements.
- **Permissions**: Access to the Personal Workspace is limited to the user who owns it, ensuring data privacy and personalization.
3. Management Workspace
- **Purpose**: The Management Workspace is dedicated to administrative tasks and configurations within OpenSearch Dashboards.
- **Features**: It encompasses features and tools necessary for system administrators to manage OSD advanced settings, such as
index management, security configuration, snapshot management, etc.
- **Permissions**: Initially, access to the Management Workspace is set to public during initialization, administrators have the
responsibility and privilege to restrict access and define permissions within the Management Workspace.

## Appendix
1. The PR the introduce [object access control](https://github.com/opensearch-project/OpenSearch-Dashboards/issues/5083)
2. The [PR](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/4633/files) of the design doc for saved object access control
3. Future Vision for Dashboards: [Issue](https://github.com/opensearch-project/OpenSearch-Dashboards/issues/4298)
Loading