* Give kibana user reserved role privileges on .apm-* to create APM agent configuration index. * fixed test to include checking all .apm-* permissions * changed pattern from ".apm-*" to the more specific ".apm-agent-configuration"
This commit is contained in:
Oliver Gupte
GitHub
parent
cd71d4a83b
commit
cbd58d3b78
|
|
@ -123,6 +123,9 @@ public class ReservedRolesStore implements BiConsumer<Set<String>, ActionListene
|
|||
// .code_internal-* is for Code's internal worker queue index creation.
|
||||
RoleDescriptor.IndicesPrivileges.builder()
|
||||
.indices(".code-*", ".code_internal-*").privileges("all").build(),
|
||||
// .apm-* is for APM's agent configuration index creation
|
||||
RoleDescriptor.IndicesPrivileges.builder()
|
||||
.indices(".apm-agent-configuration").privileges("all").build(),
|
||||
},
|
||||
null,
|
||||
new ConfigurableClusterPrivilege[] { new ManageApplicationPrivileges(Collections.singleton("kibana-*")) },
|
||||
|
|
|
|||
|
|
@ -334,7 +334,12 @@ public class ReservedRolesStoreTests extends ESTestCase {
|
|||
assertThat(kibanaRole.indices().allowedIndicesMatcher(IndexAction.NAME).test(".reporting"), is(false));
|
||||
assertThat(kibanaRole.indices().allowedIndicesMatcher("indices:foo").test(randomAlphaOfLengthBetween(8, 24)), is(false));
|
||||
|
||||
Arrays.asList(".kibana", ".kibana-devnull", ".reporting-" + randomAlphaOfLength(randomIntBetween(0, 13))).forEach((index) -> {
|
||||
Arrays.asList(
|
||||
".kibana",
|
||||
".kibana-devnull",
|
||||
".reporting-" + randomAlphaOfLength(randomIntBetween(0, 13)),
|
||||
".apm-agent-configuration"
|
||||
).forEach((index) -> {
|
||||
logger.info("index name [{}]", index);
|
||||
assertThat(kibanaRole.indices().allowedIndicesMatcher("indices:foo").test(index), is(true));
|
||||
assertThat(kibanaRole.indices().allowedIndicesMatcher("indices:bar").test(index), is(true));
|
||||
|
|
|
|||
Loading…
Reference in New Issue