From eee765f8c6ad1810d71170e380a6b445e485b11b Mon Sep 17 00:00:00 2001
From: Daniel Pawlik <dpawlik@redhat.com>
Date: Fri, 23 Sep 2022 10:24:45 +0200
Subject: [PATCH] Add information about subunit index in logstash role

With the commit [1], the logsender would push the tempest subunit
results to the Opensearch, but to the new index: 'subunit'.

[1] https://review.opendev.org/c/openstack/ci-log-processing/+/858373

Change-Id: I1ebfdaec384f7d81a0c246a1a1e6c2eaaad3ede0
---
 opensearch-config/README.md | 77 ++++++++++++++++++++++++++++++-------
 1 file changed, 63 insertions(+), 14 deletions(-)

diff --git a/opensearch-config/README.md b/opensearch-config/README.md
index 671ee98..895825e 100644
--- a/opensearch-config/README.md
+++ b/opensearch-config/README.md
@@ -40,23 +40,29 @@ Created roles:
 
 * Readonly role is creaded base on the [inscruction](https://opensearch.org/docs/latest/security-plugin/access-control/users-roles/#set-up-a-read-only-user-in-opensearch-dashboards)
 Details:
-  name: readonly
-  cluster permissions: cluster_composite_ops_ro, cluster:monitor/main
-  index permissions:
-    index: *
-    index permissions: read
-  tenant permissions:
-    tenant: global_tenant
+
+```
+name: readonly
+cluster permissions: cluster_composite_ops_ro, cluster:monitor/main
+index permissions:
+  index: *
+  index permissions: read
+tenant permissions:
+  tenant: global_tenant
+```
 
 * Logstash role (modify)
 Details:
-  name: logstash
-  cluster permissions: cluster_monitor, cluster_composite_ops, indices:admin/template/get, indices:admin/template/put, cluster:admin/ingest/pipeline/put, cluster:admin:ingest/pipeline/get
-  index permissions:
-    index: logstash-*, performance-*, *beat*
-    index permissions: crud, create_index
-  tenant permissions:
-    tenant: global_tenant
+
+```
+name: logstash
+cluster permissions: cluster_monitor, cluster_composite_ops, indices:admin/template/get, indices:admin/template/put, cluster:admin/ingest/pipeline/put, cluster:admin:ingest/pipeline/get
+index permissions:
+  index: logstash-*, performance-*, subunit-*, *beat*
+  index permissions: crud, create_index
+tenant permissions:
+  tenant: global_tenant
+```
 
 NOTE:
 The `cluster:monitor/main` role is required to use Python Opensearch client.
@@ -160,6 +166,49 @@ Policy ID: Delete data for performance index after 14 days
 }
 ```
 
+* For subunit-*
+
+Policy ID: Delete data for subunit index after 14 days
+
+```json
+{
+    "policy": {
+        "description": "Delete subunit data after 14 days",
+        "default_state": "hot",
+        "states": [
+            {
+                "name": "hot",
+                "actions": [],
+                "transitions": [
+                    {
+                        "state_name": "delete",
+                        "conditions": {
+                            "min_index_age": "14d"
+                        }
+                    }
+                ]
+            },
+            {
+                "name": "delete",
+                "actions": [
+                    {
+                        "delete": {}
+                    }
+                ],
+                "transitions": []
+            }
+        ],
+        "ism_template": [
+            {
+                "index_patterns": [
+                    "subunit-*"
+                ]
+            }
+        ]
+    }
+}
+```
+
 ## Advenced settings in Opensearch Dashboards
 
 There is only few changes applied comparing to default settings.