From 8049a82953b0b46a9d3a3d1576aa59665a477059 Mon Sep 17 00:00:00 2001 From: jaymode Date: Thu, 7 Apr 2016 05:55:06 -0400 Subject: [PATCH] security: add support for main action This commit adds support for the change in elasticsearch where the `/` rest endpoint now delegates to an action and can be authorized. Original commit: elastic/x-pack-elasticsearch@8ef38ce50fde11c0a5ed0cbefc8169c717e1447e --- elasticsearch/qa/smoke-test-graph-with-shield/roles.yml | 2 ++ elasticsearch/qa/smoke-test-watcher-with-shield/roles.yml | 1 + elasticsearch/x-pack/shield/config/x-pack/roles.yml | 2 +- .../src/test/resources/org/elasticsearch/transport/actions | 1 + .../src/test/resources/org/elasticsearch/transport/handlers | 1 + 5 files changed, 6 insertions(+), 1 deletion(-) diff --git a/elasticsearch/qa/smoke-test-graph-with-shield/roles.yml b/elasticsearch/qa/smoke-test-graph-with-shield/roles.yml index 6a5b4183287..cce1a736441 100644 --- a/elasticsearch/qa/smoke-test-graph-with-shield/roles.yml +++ b/elasticsearch/qa/smoke-test-graph-with-shield/roles.yml @@ -9,6 +9,7 @@ admin: graph_explorer: cluster: - cluster:monitor/health + - cluster:monitor/main indices: - names: '*' privileges: @@ -21,6 +22,7 @@ graph_explorer: no_graph_explorer: cluster: - cluster:monitor/health + - cluster:monitor/main indices: - names: '*' privileges: diff --git a/elasticsearch/qa/smoke-test-watcher-with-shield/roles.yml b/elasticsearch/qa/smoke-test-watcher-with-shield/roles.yml index ba29cd6d7ae..144f8cb2fe5 100644 --- a/elasticsearch/qa/smoke-test-watcher-with-shield/roles.yml +++ b/elasticsearch/qa/smoke-test-watcher-with-shield/roles.yml @@ -30,4 +30,5 @@ crappy_role: - cluster:monitor/nodes/info - cluster:monitor/health - cluster:monitor/nodes/liveness + - cluster:monitor/main diff --git a/elasticsearch/x-pack/shield/config/x-pack/roles.yml b/elasticsearch/x-pack/shield/config/x-pack/roles.yml index 8a15b4afcd7..774f5ac8684 100644 --- a/elasticsearch/x-pack/shield/config/x-pack/roles.yml +++ b/elasticsearch/x-pack/shield/config/x-pack/roles.yml @@ -23,7 +23,7 @@ monitoring_user: # Marvel remote agent role. Assign to the agent user on the remote marvel cluster # to which the marvel agent will export all its data remote_monitoring_agent: - cluster: [ "manage_index_templates" ] + cluster: [ "manage_index_templates", "monitor" ] indices: - names: - '.marvel-es-*' diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/actions b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/actions index d4cc05f05e7..e7e92274312 100644 --- a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/actions +++ b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/actions @@ -13,6 +13,7 @@ cluster:admin/snapshot/status cluster:admin/tasks/cancel cluster:monitor/allocation/explain cluster:monitor/health +cluster:monitor/main cluster:monitor/nodes/hot_threads cluster:monitor/nodes/info cluster:monitor/nodes/stats diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/handlers b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/handlers index 036bdec28fb..5fc61b4d1a4 100644 --- a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/handlers +++ b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/transport/handlers @@ -3,6 +3,7 @@ cluster:admin/snapshot/status[nodes] cluster:admin/snapshot/status[nodes][n] cluster:admin/tasks/cancel[n] cluster:monitor/allocation/explain +cluster:monitor/main cluster:monitor/nodes/hot_threads[n] cluster:monitor/nodes/info[n] cluster:monitor/nodes/liveness