OpenSearch/x-pack/qa/reindex-tests-with-security/roles.yml

# All cluster rights
# All operations on all indices
# Run as all users
admin:
  cluster:
    - all
  indices:
    - names: '*'
      privileges: [ all ]
  run_as:
    - '*'

# Search and write on both source and destination indices. It should work if you could just search on the source and
# write to the destination but that isn't how security works.
minimal:
  cluster:
    - cluster:monitor/main
  indices:
    - names: source
      privileges:
        - read
        - write
        - create_index
        - indices:admin/refresh
    - names: dest
      privileges:
        - read
        - write
        - create_index
        - indices:admin/refresh

# Search and write on both source and destination indices. It should work if you could just search on the source and
# write to the destination but that isn't how security works.
minimal_with_task:
  cluster:
    - cluster:monitor/main
    - cluster:monitor/task/get
  indices:
    - names: source
      privileges:
        - read
        - write
        - create_index
        - indices:admin/refresh
    - names: dest
      privileges:
        - read
        - write
        - create_index
        - indices:admin/refresh

# Read only operations on indices
readonly:
  cluster:
    - cluster:monitor/main
  indices:
    - names: '*'
      privileges: [ read ]

# Write operations on destination index, none on source index
dest_only:
  cluster:
    - cluster:monitor/main
  indices:
    - names: dest
      privileges: [ write ]

# Search and write on both source and destination indices with document level security filtering out some docs.
can_not_see_hidden_docs:
  cluster:
    - cluster:monitor/main
  indices:
    - names: source
      privileges:
        - read
        - write
        - create_index
        - indices:admin/refresh
      query:
        bool:
          must_not:
            match:
              hidden: true
    - names: dest
      privileges:
        - read
        - write
        - create_index
        - indices:admin/refresh

# Search and write on both source and destination indices with field level security.
can_not_see_hidden_fields:
  cluster:
    - cluster:monitor/main
  indices:
    - names: source
      privileges:
        - read
        - write
        - create_index
        - indices:admin/refresh
      field_security:
        grant:
          - foo
          - bar
    - names: dest
      privileges:
        - read
        - write
        - create_index
        - indices:admin/refresh
Add comments inadvertently removed during migrate A few files had their first comment removed even though it did not contain a license. This re-adds those comments. 2018-04-24 14:41:09 -04:00			`# All cluster rights`
			`# All operations on all indices`
			`# Run as all users`
Add reindex tests to shield Original commit: elastic/x-pack-elasticsearch@fe00f317b3c366fe43a44417dab88ea070ff6dc0 2016-03-08 17:15:40 -05:00			`admin:`
security: file parsing only supports the new format This commit remove the pre-existing file parsing code and replaces it with the updated code in the RoleDescriptor class. This unifies the parsing for the files and API for roles. Closes elastic/elasticsearch#1596 Original commit: elastic/x-pack-elasticsearch@9e0b58fcf1edb72913c30d05c6fc6031309d62bf 2016-03-15 13:10:40 -04:00			`cluster:`
			`- all`
Add reindex tests to shield Original commit: elastic/x-pack-elasticsearch@fe00f317b3c366fe43a44417dab88ea070ff6dc0 2016-03-08 17:15:40 -05:00			`indices:`
security: file parsing only supports the new format This commit remove the pre-existing file parsing code and replaces it with the updated code in the RoleDescriptor class. This unifies the parsing for the files and API for roles. Closes elastic/elasticsearch#1596 Original commit: elastic/x-pack-elasticsearch@9e0b58fcf1edb72913c30d05c6fc6031309d62bf 2016-03-15 13:10:40 -04:00			`- names: '*'`
			`privileges: [ all ]`
			`run_as:`
			`- '*'`
Add reindex tests to shield Original commit: elastic/x-pack-elasticsearch@fe00f317b3c366fe43a44417dab88ea070ff6dc0 2016-03-08 17:15:40 -05:00
			`# Search and write on both source and destination indices. It should work if you could just search on the source and`
security: remove use of shield in files and directory names This commit removes as much of the use of shield as possible in the source code. See elastic/elasticsearch#2383 Original commit: elastic/x-pack-elasticsearch@00009cc06edfe81c1c7716233552ea8a9eea305b 2016-06-17 11:53:55 -04:00			`# write to the destination but that isn't how security works.`
Add reindex tests to shield Original commit: elastic/x-pack-elasticsearch@fe00f317b3c366fe43a44417dab88ea070ff6dc0 2016-03-08 17:15:40 -05:00			`minimal:`
Test reindex-from-remote with security Original commit: elastic/x-pack-elasticsearch@7e3530a95808b67912b15134729fe2d3d9c97d39 2016-07-06 15:48:20 -04:00			`cluster:`
			`- cluster:monitor/main`
Add reindex tests to shield Original commit: elastic/x-pack-elasticsearch@fe00f317b3c366fe43a44417dab88ea070ff6dc0 2016-03-08 17:15:40 -05:00			`indices:`
security: file parsing only supports the new format This commit remove the pre-existing file parsing code and replaces it with the updated code in the RoleDescriptor class. This unifies the parsing for the files and API for roles. Closes elastic/elasticsearch#1596 Original commit: elastic/x-pack-elasticsearch@9e0b58fcf1edb72913c30d05c6fc6031309d62bf 2016-03-15 13:10:40 -04:00			`- names: source`
			`privileges:`
shield: add support for new privilege naming This commit adds support for the privilege naming defined in elastic/elasticsearch#1342 and removes the support for the privileges that were deprecated in 2.3. This change also includes updates to the documentation to account for the new roles format. Original commit: elastic/x-pack-elasticsearch@98e9afd40990e3f6fa9796e627417c82e8d162b3 2016-03-08 14:20:54 -05:00			`- read`
security: file parsing only supports the new format This commit remove the pre-existing file parsing code and replaces it with the updated code in the RoleDescriptor class. This unifies the parsing for the files and API for roles. Closes elastic/elasticsearch#1596 Original commit: elastic/x-pack-elasticsearch@9e0b58fcf1edb72913c30d05c6fc6031309d62bf 2016-03-15 13:10:40 -04:00			`- write`
			`- create_index`
			`- indices:admin/refresh`
			`- names: dest`
			`privileges:`
shield: add support for new privilege naming This commit adds support for the privilege naming defined in elastic/elasticsearch#1342 and removes the support for the privileges that were deprecated in 2.3. This change also includes updates to the documentation to account for the new roles format. Original commit: elastic/x-pack-elasticsearch@98e9afd40990e3f6fa9796e627417c82e8d162b3 2016-03-08 14:20:54 -05:00			`- read`
security: file parsing only supports the new format This commit remove the pre-existing file parsing code and replaces it with the updated code in the RoleDescriptor class. This unifies the parsing for the files and API for roles. Closes elastic/elasticsearch#1596 Original commit: elastic/x-pack-elasticsearch@9e0b58fcf1edb72913c30d05c6fc6031309d62bf 2016-03-15 13:10:40 -04:00			`- write`
			`- create_index`
			`- indices:admin/refresh`
Add reindex tests to shield Original commit: elastic/x-pack-elasticsearch@fe00f317b3c366fe43a44417dab88ea070ff6dc0 2016-03-08 17:15:40 -05:00
Tasks: Only require task permissions (#35667) Right now using the `GET /_tasks/<taskid>` API and causing a task to opt in to saving its result after being completed requires permissions on the `.tasks` index. When we built this we thought that that was fine, but we've since moved towards not leaking details like "persisting task results after the task is completed is done by saving them into an index named `.tasks`." A more modern way of doing this would be to save the tasks into the index "under the hood" and to have APIs to manage the saved tasks. This is the first step down that road: it drops the requirement to have permissions to interact with the `.tasks` index when fetching task statuses and when persisting statuses beyond the lifetime of the task. In particular, this moves the concept of the "origin" of an action into a more prominent place in the Elasticsearch server. The origin of an action is ignored by the server, but the security plugin uses the origin to make requests on behalf of a user in such a way that the user need not have permissions to perform these actions. It can be made to be fairly precise. More specifically, we can create an internal user just for the tasks API that just has permission to interact with the `.tasks` index. This change doesn't do that, instead, it uses the ubiquitus "xpack" user which has most permissions because it is simpler. Adding the tasks user is something I'd like to get to in a follow up change. Instead, the majority of this change is about moving the "origin" concept from the security portion of x-pack into the server. This should allow any code to use the origin. To keep the change managable I've also opted to deprecate rather than remove the "origin" helpers in the security code. Removing them is almost entirely mechanical and I'd like to that in a follow up as well. Relates to #35573 2018-11-28 09:28:27 -05:00			`# Search and write on both source and destination indices. It should work if you could just search on the source and`
			`# write to the destination but that isn't how security works.`
			`minimal_with_task:`
			`cluster:`
			`- cluster:monitor/main`
			`- cluster:monitor/task/get`
			`indices:`
			`- names: source`
			`privileges:`
			`- read`
			`- write`
			`- create_index`
			`- indices:admin/refresh`
			`- names: dest`
			`privileges:`
			`- read`
			`- write`
			`- create_index`
			`- indices:admin/refresh`

Add reindex tests to shield Original commit: elastic/x-pack-elasticsearch@fe00f317b3c366fe43a44417dab88ea070ff6dc0 2016-03-08 17:15:40 -05:00			`# Read only operations on indices`
			`readonly:`
Test reindex-from-remote with security Original commit: elastic/x-pack-elasticsearch@7e3530a95808b67912b15134729fe2d3d9c97d39 2016-07-06 15:48:20 -04:00			`cluster:`
			`- cluster:monitor/main`
Add reindex tests to shield Original commit: elastic/x-pack-elasticsearch@fe00f317b3c366fe43a44417dab88ea070ff6dc0 2016-03-08 17:15:40 -05:00			`indices:`
security: file parsing only supports the new format This commit remove the pre-existing file parsing code and replaces it with the updated code in the RoleDescriptor class. This unifies the parsing for the files and API for roles. Closes elastic/elasticsearch#1596 Original commit: elastic/x-pack-elasticsearch@9e0b58fcf1edb72913c30d05c6fc6031309d62bf 2016-03-15 13:10:40 -04:00			`- names: '*'`
shield: add support for new privilege naming This commit adds support for the privilege naming defined in elastic/elasticsearch#1342 and removes the support for the privileges that were deprecated in 2.3. This change also includes updates to the documentation to account for the new roles format. Original commit: elastic/x-pack-elasticsearch@98e9afd40990e3f6fa9796e627417c82e8d162b3 2016-03-08 14:20:54 -05:00			`privileges: [ read ]`
Add reindex tests to shield Original commit: elastic/x-pack-elasticsearch@fe00f317b3c366fe43a44417dab88ea070ff6dc0 2016-03-08 17:15:40 -05:00
			`# Write operations on destination index, none on source index`
			`dest_only:`
Test reindex-from-remote with security Original commit: elastic/x-pack-elasticsearch@7e3530a95808b67912b15134729fe2d3d9c97d39 2016-07-06 15:48:20 -04:00			`cluster:`
			`- cluster:monitor/main`
Add reindex tests to shield Original commit: elastic/x-pack-elasticsearch@fe00f317b3c366fe43a44417dab88ea070ff6dc0 2016-03-08 17:15:40 -05:00			`indices:`
security: file parsing only supports the new format This commit remove the pre-existing file parsing code and replaces it with the updated code in the RoleDescriptor class. This unifies the parsing for the files and API for roles. Closes elastic/elasticsearch#1596 Original commit: elastic/x-pack-elasticsearch@9e0b58fcf1edb72913c30d05c6fc6031309d62bf 2016-03-15 13:10:40 -04:00			`- names: dest`
			`privileges: [ write ]`
Add reindex tests to shield Original commit: elastic/x-pack-elasticsearch@fe00f317b3c366fe43a44417dab88ea070ff6dc0 2016-03-08 17:15:40 -05:00
			`# Search and write on both source and destination indices with document level security filtering out some docs.`
			`can_not_see_hidden_docs:`
Test reindex-from-remote with security Original commit: elastic/x-pack-elasticsearch@7e3530a95808b67912b15134729fe2d3d9c97d39 2016-07-06 15:48:20 -04:00			`cluster:`
			`- cluster:monitor/main`
Add reindex tests to shield Original commit: elastic/x-pack-elasticsearch@fe00f317b3c366fe43a44417dab88ea070ff6dc0 2016-03-08 17:15:40 -05:00			`indices:`
security: file parsing only supports the new format This commit remove the pre-existing file parsing code and replaces it with the updated code in the RoleDescriptor class. This unifies the parsing for the files and API for roles. Closes elastic/elasticsearch#1596 Original commit: elastic/x-pack-elasticsearch@9e0b58fcf1edb72913c30d05c6fc6031309d62bf 2016-03-15 13:10:40 -04:00			`- names: source`
			`privileges:`
shield: add support for new privilege naming This commit adds support for the privilege naming defined in elastic/elasticsearch#1342 and removes the support for the privileges that were deprecated in 2.3. This change also includes updates to the documentation to account for the new roles format. Original commit: elastic/x-pack-elasticsearch@98e9afd40990e3f6fa9796e627417c82e8d162b3 2016-03-08 14:20:54 -05:00			`- read`
security: file parsing only supports the new format This commit remove the pre-existing file parsing code and replaces it with the updated code in the RoleDescriptor class. This unifies the parsing for the files and API for roles. Closes elastic/elasticsearch#1596 Original commit: elastic/x-pack-elasticsearch@9e0b58fcf1edb72913c30d05c6fc6031309d62bf 2016-03-15 13:10:40 -04:00			`- write`
			`- create_index`
			`- indices:admin/refresh`
Add reindex tests to shield Original commit: elastic/x-pack-elasticsearch@fe00f317b3c366fe43a44417dab88ea070ff6dc0 2016-03-08 17:15:40 -05:00			`query:`
			`bool:`
			`must_not:`
			`match:`
			`hidden: true`
security: file parsing only supports the new format This commit remove the pre-existing file parsing code and replaces it with the updated code in the RoleDescriptor class. This unifies the parsing for the files and API for roles. Closes elastic/elasticsearch#1596 Original commit: elastic/x-pack-elasticsearch@9e0b58fcf1edb72913c30d05c6fc6031309d62bf 2016-03-15 13:10:40 -04:00			`- names: dest`
			`privileges:`
shield: add support for new privilege naming This commit adds support for the privilege naming defined in elastic/elasticsearch#1342 and removes the support for the privileges that were deprecated in 2.3. This change also includes updates to the documentation to account for the new roles format. Original commit: elastic/x-pack-elasticsearch@98e9afd40990e3f6fa9796e627417c82e8d162b3 2016-03-08 14:20:54 -05:00			`- read`
security: file parsing only supports the new format This commit remove the pre-existing file parsing code and replaces it with the updated code in the RoleDescriptor class. This unifies the parsing for the files and API for roles. Closes elastic/elasticsearch#1596 Original commit: elastic/x-pack-elasticsearch@9e0b58fcf1edb72913c30d05c6fc6031309d62bf 2016-03-15 13:10:40 -04:00			`- write`
			`- create_index`
			`- indices:admin/refresh`
Add reindex tests to shield Original commit: elastic/x-pack-elasticsearch@fe00f317b3c366fe43a44417dab88ea070ff6dc0 2016-03-08 17:15:40 -05:00
			`# Search and write on both source and destination indices with field level security.`
			`can_not_see_hidden_fields:`
Test reindex-from-remote with security Original commit: elastic/x-pack-elasticsearch@7e3530a95808b67912b15134729fe2d3d9c97d39 2016-07-06 15:48:20 -04:00			`cluster:`
			`- cluster:monitor/main`
Add reindex tests to shield Original commit: elastic/x-pack-elasticsearch@fe00f317b3c366fe43a44417dab88ea070ff6dc0 2016-03-08 17:15:40 -05:00			`indices:`
security: file parsing only supports the new format This commit remove the pre-existing file parsing code and replaces it with the updated code in the RoleDescriptor class. This unifies the parsing for the files and API for roles. Closes elastic/elasticsearch#1596 Original commit: elastic/x-pack-elasticsearch@9e0b58fcf1edb72913c30d05c6fc6031309d62bf 2016-03-15 13:10:40 -04:00			`- names: source`
			`privileges:`
shield: add support for new privilege naming This commit adds support for the privilege naming defined in elastic/elasticsearch#1342 and removes the support for the privileges that were deprecated in 2.3. This change also includes updates to the documentation to account for the new roles format. Original commit: elastic/x-pack-elasticsearch@98e9afd40990e3f6fa9796e627417c82e8d162b3 2016-03-08 14:20:54 -05:00			`- read`
security: file parsing only supports the new format This commit remove the pre-existing file parsing code and replaces it with the updated code in the RoleDescriptor class. This unifies the parsing for the files and API for roles. Closes elastic/elasticsearch#1596 Original commit: elastic/x-pack-elasticsearch@9e0b58fcf1edb72913c30d05c6fc6031309d62bf 2016-03-15 13:10:40 -04:00			`- write`
			`- create_index`
			`- indices:admin/refresh`
Add option to deny access to fields (elastic/elasticsearch#2879) To deny access to a fields users can name exceptions to field permissions with the following syntax: "fields": { "grant": [list of field names patterns], "except": [list of patterns that are forbidden] } See doc for the rules for this. This commit also reverts elastic/elasticsearch#2720 closes elastic/elasticsearch#2681 Original commit: elastic/x-pack-elasticsearch@d6537028ec0cf214e5c5fbf3cc144b8eb5444161 2016-09-13 10:38:58 -04:00			`field_security:`
			`grant:`
			`- foo`
			`- bar`
security: file parsing only supports the new format This commit remove the pre-existing file parsing code and replaces it with the updated code in the RoleDescriptor class. This unifies the parsing for the files and API for roles. Closes elastic/elasticsearch#1596 Original commit: elastic/x-pack-elasticsearch@9e0b58fcf1edb72913c30d05c6fc6031309d62bf 2016-03-15 13:10:40 -04:00			`- names: dest`
			`privileges:`
shield: add support for new privilege naming This commit adds support for the privilege naming defined in elastic/elasticsearch#1342 and removes the support for the privileges that were deprecated in 2.3. This change also includes updates to the documentation to account for the new roles format. Original commit: elastic/x-pack-elasticsearch@98e9afd40990e3f6fa9796e627417c82e8d162b3 2016-03-08 14:20:54 -05:00			`- read`
security: file parsing only supports the new format This commit remove the pre-existing file parsing code and replaces it with the updated code in the RoleDescriptor class. This unifies the parsing for the files and API for roles. Closes elastic/elasticsearch#1596 Original commit: elastic/x-pack-elasticsearch@9e0b58fcf1edb72913c30d05c6fc6031309d62bf 2016-03-15 13:10:40 -04:00			`- write`
			`- create_index`
			`- indices:admin/refresh`