honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[Monitoring] Add new cluster privilege now necessary for the stack monitoring ui (#47871) (#47915) 

* Add new cluster privilege now necessary for the stack monitoring ui

* PR feedback, and add test
This commit is contained in:
Chris Roberson 2019-10-11 14:54:59 -04:00 committed by GitHub
parent 1636fa5f15
commit c57191b163
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java
View File

@ -6,6 +6,7 @@
package org.elasticsearch.xpack.core.security.authz.store;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.admin.cluster.remote.RemoteInfoAction;
import org.elasticsearch.action.admin.cluster.repositories.get.GetRepositoriesAction;
import org.elasticsearch.common.collect.MapBuilder;
import org.elasticsearch.xpack.core.monitoring.action.MonitoringBulkAction;
@ -55,7 +56,7 @@ public class ReservedRolesStore implements BiConsumer<Set<String>, ActionListene
null, null,
MetadataUtils.DEFAULT_RESERVED_METADATA, null))
.put("monitoring_user", new RoleDescriptor("monitoring_user",
new String[] { "cluster:monitor/main", "cluster:monitor/xpack/info" },
new String[] { "cluster:monitor/main", "cluster:monitor/xpack/info", RemoteInfoAction.NAME },
new RoleDescriptor.IndicesPrivileges[] {
RoleDescriptor.IndicesPrivileges.builder()
.indices(".monitoring-*").privileges("read", "read_cross_cluster").build()

2
x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java
View File

@ -7,6 +7,7 @@ package org.elasticsearch.xpack.core.security.authz.store;
import org.elasticsearch.Version;
import org.elasticsearch.action.admin.cluster.health.ClusterHealthAction;
import org.elasticsearch.action.admin.cluster.remote.RemoteInfoAction;
import org.elasticsearch.action.admin.cluster.repositories.get.GetRepositoriesAction;
import org.elasticsearch.action.admin.cluster.repositories.put.PutRepositoryAction;
import org.elasticsearch.action.admin.cluster.reroute.ClusterRerouteAction;
@ -441,6 +442,7 @@ public class ReservedRolesStoreTests extends ESTestCase {
Role monitoringUserRole = Role.builder(roleDescriptor, null).build();
assertThat(monitoringUserRole.cluster().check(MainAction.NAME, request, authentication), is(true));
assertThat(monitoringUserRole.cluster().check(XPackInfoAction.NAME, request, authentication), is(true));
assertThat(monitoringUserRole.cluster().check(RemoteInfoAction.NAME, request, authentication), is(true));
assertThat(monitoringUserRole.cluster().check(ClusterHealthAction.NAME, request, authentication), is(false));
assertThat(monitoringUserRole.cluster().check(ClusterStateAction.NAME, request, authentication), is(false));
assertThat(monitoringUserRole.cluster().check(ClusterStatsAction.NAME, request, authentication), is(false));