diff --git a/.github/workflows/code-hygiene.yml b/.github/workflows/code-hygiene.yml index f078cb2b56..04590fc7fd 100644 --- a/.github/workflows/code-hygiene.yml +++ b/.github/workflows/code-hygiene.yml @@ -57,3 +57,26 @@ jobs: - uses: gradle/gradle-build-action@v2 with: arguments: spotbugsMain + + check-permissions-order: + runs-on: ubuntu-latest + name: Check permissions orders + steps: + - uses: actions/checkout@v2 + - run: npm install yaml + + - name: Check permissions order + run: | + exclude_pattern="(^|/)roles_invalidxcontent.yml($|/) + (^|/)invalid_config/config.yml($|/)" + # Set pattern to exclude certain files + set -e + exit_code=0 + for file in $(find . -name '*.yml' | grep -Ev "$exclude_pattern"); do + if ! node check-permissions-order.js "$file" --slient; then + exit_code=1 + echo "Error: $file requires changes. Run the following command to fix:" + echo "node check-permissions-order.js $file --fix" + fi + done + exit $exit_code diff --git a/.gitignore b/.gitignore index 5eb2da999f..6fbfafabac 100644 --- a/.gitignore +++ b/.gitignore @@ -43,3 +43,7 @@ out/ build/ gradle-build/ .gradle/ + +# nodejs +node_modules/ +package-lock.json diff --git a/check-permissions-order.js b/check-permissions-order.js new file mode 100644 index 0000000000..934694fc73 --- /dev/null +++ b/check-permissions-order.js @@ -0,0 +1,86 @@ +/* + * SPDX-License-Identifier: Apache-2.0 + * + * The OpenSearch Contributors require contributions made to + * this file be licensed under the Apache-2.0 license or a + * compatible open source license. + * + * Modifications Copyright OpenSearch Contributors. See + * GitHub history for details. + */ + +const fs = require('fs') +const yaml = require('yaml') + +function checkPermissionsOrder(file, fix = false) { + const contents = fs.readFileSync(file, 'utf8') + const doc = yaml.parseDocument(contents, { keepCstNodes: true }) + const roles = doc.contents.items + let requiresChanges = false + roles.forEach(role => { + const itemsFromRole = role?.value?.items; + + const clusterPermissions = itemsFromRole?.filter(item => item.key && item.key.value === 'cluster_permissions'); + requiresChanges |= checkPermissionsOrdering(clusterPermissions); + + + const indexPermissionsArray = itemsFromRole?.filter(item => item.key && item.key.value === 'index_permissions'); + const indexPermissionObj = indexPermissionsArray?.[0]?.value; + const indexPermissionItems = indexPermissionObj?.items[0]?.items; + const allowedIndexActions = indexPermissionItems?.filter(item => item.key && item.key.value === 'allowed_actions'); + + requiresChanges |= checkPermissionsOrdering(allowedIndexActions); + }) + + if (fix && requiresChanges) { + const newContents = doc.toString() + fs.writeFileSync(file, newContents, 'utf8') + } + + return requiresChanges +} + +/* + Checks the permissions ordering + + returns false if they are already stored + returns true if the permissions were not sored, note the permissions object are sorted as a side effect of this function +*/ +function checkPermissionsOrdering(permissions) { + let requiresChanges = false; + if (!permissions) { + return requiresChanges; + } + permissions.forEach(permission => { + const items = permission.value.items; + const originalItems = JSON.stringify(items); + items.sort(); + const sortedItems = JSON.stringify(items); + + // If the original items and sorted items are not the same, then changes are required + if (originalItems !== sortedItems) { + requiresChanges = true; + } + }); + return requiresChanges; +} + +// Example usage +const args = process.argv.slice(2) +if (args.length === 0) { + console.error('Usage: node check-permissions-order.js [--fix] [--silent]') + process.exit(1) +} +const filePath = args[0] +const fix = args.includes('--fix') +const slient = args.includes('--slient') +if (checkPermissionsOrder(filePath, fix)) { + if (fix) { + if (!slient) { console.log(`${filePath} has been updated.`) } + } else { + if (!slient) { console.error(`Error: ${filePath} requires changes.`) } + process.exit(1) + } +} else { + if (!slient) { console.log(`${filePath} is up-to-date.`) } +} diff --git a/config/roles.yml b/config/roles.yml index 4603093834..05bdb6569b 100644 --- a/config/roles.yml +++ b/config/roles.yml @@ -43,17 +43,17 @@ alerting_ack_alerts: alerting_full_access: reserved: true cluster_permissions: - - 'cluster_monitor' - 'cluster:admin/opendistro/alerting/*' - 'cluster:admin/opensearch/alerting/*' - 'cluster:admin/opensearch/notifications/feature/publish' + - 'cluster_monitor' index_permissions: - index_patterns: - '*' allowed_actions: - - 'indices_monitor' - 'indices:admin/aliases/get' - 'indices:admin/mappings/get' + - 'indices_monitor' # Allow users to read Anomaly Detection detectors and results anomaly_read_access: @@ -61,65 +61,65 @@ anomaly_read_access: cluster_permissions: - 'cluster:admin/opendistro/ad/detector/info' - 'cluster:admin/opendistro/ad/detector/search' + - 'cluster:admin/opendistro/ad/detector/validate' - 'cluster:admin/opendistro/ad/detectors/get' - 'cluster:admin/opendistro/ad/result/search' - - 'cluster:admin/opendistro/ad/tasks/search' - - 'cluster:admin/opendistro/ad/detector/validate' - 'cluster:admin/opendistro/ad/result/topAnomalies' + - 'cluster:admin/opendistro/ad/tasks/search' # Allows users to use all Anomaly Detection functionality anomaly_full_access: reserved: true cluster_permissions: - - 'cluster_monitor' - 'cluster:admin/opendistro/ad/*' + - 'cluster_monitor' index_permissions: - index_patterns: - '*' allowed_actions: - - 'indices_monitor' - 'indices:admin/aliases/get' - 'indices:admin/mappings/get' + - 'indices_monitor' # Allow users to execute read only k-NN actions knn_read_access: reserved: true cluster_permissions: - - 'cluster:admin/knn_search_model_action' - 'cluster:admin/knn_get_model_action' + - 'cluster:admin/knn_search_model_action' - 'cluster:admin/knn_stats_action' # Allow users to use all k-NN functionality knn_full_access: reserved: true cluster_permissions: - - 'cluster:admin/knn_training_model_action' - - 'cluster:admin/knn_training_job_router_action' - - 'cluster:admin/knn_training_job_route_decision_info_action' - - 'cluster:admin/knn_warmup_action' - 'cluster:admin/knn_delete_model_action' + - 'cluster:admin/knn_get_model_action' - 'cluster:admin/knn_remove_model_from_cache_action' - - 'cluster:admin/knn_update_model_graveyard_action' - 'cluster:admin/knn_search_model_action' - - 'cluster:admin/knn_get_model_action' - 'cluster:admin/knn_stats_action' + - 'cluster:admin/knn_training_job_route_decision_info_action' + - 'cluster:admin/knn_training_job_router_action' + - 'cluster:admin/knn_training_model_action' + - 'cluster:admin/knn_update_model_graveyard_action' + - 'cluster:admin/knn_warmup_action' # Allows users to read Notebooks notebooks_read_access: reserved: true cluster_permissions: - - 'cluster:admin/opendistro/notebooks/list' - 'cluster:admin/opendistro/notebooks/get' + - 'cluster:admin/opendistro/notebooks/list' # Allows users to all Notebooks functionality notebooks_full_access: reserved: true cluster_permissions: - 'cluster:admin/opendistro/notebooks/create' - - 'cluster:admin/opendistro/notebooks/update' - 'cluster:admin/opendistro/notebooks/delete' - 'cluster:admin/opendistro/notebooks/get' - 'cluster:admin/opendistro/notebooks/list' + - 'cluster:admin/opendistro/notebooks/update' # Allows users to read observability objects observability_read_access: @@ -132,9 +132,9 @@ observability_full_access: reserved: true cluster_permissions: - 'cluster:admin/opensearch/observability/create' - - 'cluster:admin/opensearch/observability/update' - 'cluster:admin/opensearch/observability/delete' - 'cluster:admin/opensearch/observability/get' + - 'cluster:admin/opensearch/observability/update' # Allows users to all PPL functionality ppl_full_access: @@ -153,8 +153,8 @@ ppl_full_access: reports_instances_read_access: reserved: true cluster_permissions: - - 'cluster:admin/opendistro/reports/instance/list' - 'cluster:admin/opendistro/reports/instance/get' + - 'cluster:admin/opendistro/reports/instance/list' - 'cluster:admin/opendistro/reports/menu/download' # Allows users to read and download Reports and Report-definitions @@ -163,8 +163,8 @@ reports_read_access: cluster_permissions: - 'cluster:admin/opendistro/reports/definition/get' - 'cluster:admin/opendistro/reports/definition/list' - - 'cluster:admin/opendistro/reports/instance/list' - 'cluster:admin/opendistro/reports/instance/get' + - 'cluster:admin/opendistro/reports/instance/list' - 'cluster:admin/opendistro/reports/menu/download' # Allows users to all Reports functionality @@ -172,13 +172,13 @@ reports_full_access: reserved: true cluster_permissions: - 'cluster:admin/opendistro/reports/definition/create' - - 'cluster:admin/opendistro/reports/definition/update' - - 'cluster:admin/opendistro/reports/definition/on_demand' - 'cluster:admin/opendistro/reports/definition/delete' - 'cluster:admin/opendistro/reports/definition/get' - 'cluster:admin/opendistro/reports/definition/list' - - 'cluster:admin/opendistro/reports/instance/list' + - 'cluster:admin/opendistro/reports/definition/on_demand' + - 'cluster:admin/opendistro/reports/definition/update' - 'cluster:admin/opendistro/reports/instance/get' + - 'cluster:admin/opendistro/reports/instance/list' - 'cluster:admin/opendistro/reports/menu/download' # Allows users to use all asynchronous-search functionality @@ -234,14 +234,14 @@ cross_cluster_replication_follower_full_access: - index_patterns: - '*' allowed_actions: - - "indices:admin/plugins/replication/index/setup/validate" - - "indices:data/write/plugins/replication/changes" - - "indices:admin/plugins/replication/index/start" - "indices:admin/plugins/replication/index/pause" - "indices:admin/plugins/replication/index/resume" + - "indices:admin/plugins/replication/index/setup/validate" + - "indices:admin/plugins/replication/index/start" + - "indices:admin/plugins/replication/index/status_check" - "indices:admin/plugins/replication/index/stop" - "indices:admin/plugins/replication/index/update" - - "indices:admin/plugins/replication/index/status_check" + - "indices:data/write/plugins/replication/changes" # Allows users to use all cross cluster search functionality at remote cluster cross_cluster_search_remote_full_access: @@ -257,7 +257,6 @@ cross_cluster_search_remote_full_access: ml_read_access: reserved: true cluster_permissions: - - 'cluster:admin/opensearch/ml/stats/nodes' - 'cluster:admin/opensearch/ml/model_groups/search' - 'cluster:admin/opensearch/ml/models/get' - 'cluster:admin/opensearch/ml/models/search' @@ -268,8 +267,8 @@ ml_read_access: ml_full_access: reserved: true cluster_permissions: - - 'cluster_monitor' - 'cluster:admin/opensearch/ml/*' + - 'cluster_monitor' index_permissions: - index_patterns: - '*' @@ -286,16 +285,16 @@ notifications_full_access: notifications_read_access: reserved: true cluster_permissions: + - 'cluster:admin/opensearch/notifications/channels/get' - 'cluster:admin/opensearch/notifications/configs/get' - 'cluster:admin/opensearch/notifications/features' - - 'cluster:admin/opensearch/notifications/channels/get' # Allows users to use all snapshot management functionality snapshot_management_full_access: reserved: true cluster_permissions: - - 'cluster:admin/opensearch/snapshot_management/*' - 'cluster:admin/opensearch/notifications/feature/publish' + - 'cluster:admin/opensearch/snapshot_management/*' - 'cluster:admin/repository/*' - 'cluster:admin/snapshot/*' @@ -303,9 +302,9 @@ snapshot_management_full_access: snapshot_management_read_access: reserved: true cluster_permissions: + - 'cluster:admin/opensearch/snapshot_management/policy/explain' - 'cluster:admin/opensearch/snapshot_management/policy/get' - 'cluster:admin/opensearch/snapshot_management/policy/search' - - 'cluster:admin/opensearch/snapshot_management/policy/explain' - 'cluster:admin/repository/get' - 'cluster:admin/snapshot/get' diff --git a/src/integrationTest/resources/roles.yml b/src/integrationTest/resources/roles.yml index ef4765e25f..02de9bf3d5 100644 --- a/src/integrationTest/resources/roles.yml +++ b/src/integrationTest/resources/roles.yml @@ -4,16 +4,16 @@ _meta: config_version: 2 user_admin__all_access: cluster_permissions: - - "*" - index_permissions: - - index_patterns: - - "*" - allowed_actions: - "*" + index_permissions: + - index_patterns: + - "*" + allowed_actions: + - "*" user_limited-user__limited-role: index_permissions: - - index_patterns: - - "user-${user.name}" - allowed_actions: - - "indices:data/read/search" - - "indices:data/read/get" + - index_patterns: + - "user-${user.name}" + allowed_actions: + - "indices:data/read/get" + - "indices:data/read/search" diff --git a/src/main/resources/static_config/static_roles.yml b/src/main/resources/static_config/static_roles.yml index dc80662d0e..d688848a6e 100644 --- a/src/main/resources/static_config/static_roles.yml +++ b/src/main/resources/static_config/static_roles.yml @@ -37,10 +37,10 @@ kibana_user: - ".opensearch_dashboards-6" - ".opensearch_dashboards_*" allowed_actions: - - "read" - "delete" - - "manage" - "index" + - "manage" + - "read" - index_patterns: - ".tasks" - ".management-beats" @@ -55,13 +55,12 @@ own_index: static: true description: "Allow all for indices named like the current user" cluster_permissions: - - "cluster_composite_ops" + - "cluster_composite_ops" index_permissions: - - index_patterns: - - "${user_name}" - allowed_actions: - - "indices_all" - + - index_patterns: + - "${user_name}" + allowed_actions: + - "indices_all" manage_snapshots: reserved: true @@ -69,13 +68,13 @@ manage_snapshots: static: true description: "Provide the minimum permissions for managing snapshots" cluster_permissions: - - "manage_snapshots" + - "manage_snapshots" index_permissions: - - index_patterns: - - "*" - allowed_actions: - - "indices:data/write/index" - - "indices:admin/create" + - index_patterns: + - "*" + allowed_actions: + - "indices:admin/create" + - "indices:data/write/index" kibana_server: reserved: true @@ -83,40 +82,40 @@ kibana_server: static: true description: "Provide the minimum permissions for the Kibana server" cluster_permissions: - - "cluster_monitor" - - "cluster_composite_ops" - - "manage_point_in_time" - - "indices:admin/template*" - - "indices:admin/index_template*" - - "indices:data/read/scroll*" + - "cluster_composite_ops" + - "cluster_monitor" + - "indices:admin/index_template*" + - "indices:admin/template*" + - "indices:data/read/scroll*" + - "manage_point_in_time" index_permissions: - - index_patterns: - - ".kibana" - - ".opensearch_dashboards" - allowed_actions: - - "indices_all" - - index_patterns: - - ".kibana-6" - - ".opensearch_dashboards-6" - allowed_actions: - - "indices_all" - - index_patterns: - - ".kibana_*" - - ".opensearch_dashboards_*" - allowed_actions: - - "indices_all" - - index_patterns: - - ".tasks" - allowed_actions: - - "indices_all" - - index_patterns: - - ".management-beats*" - allowed_actions: - - "indices_all" - - index_patterns: - - "*" - allowed_actions: - - "indices:admin/aliases*" + - index_patterns: + - ".kibana" + - ".opensearch_dashboards" + allowed_actions: + - "indices_all" + - index_patterns: + - ".kibana-6" + - ".opensearch_dashboards-6" + allowed_actions: + - "indices_all" + - index_patterns: + - ".kibana_*" + - ".opensearch_dashboards_*" + allowed_actions: + - "indices_all" + - index_patterns: + - ".tasks" + allowed_actions: + - "indices_all" + - index_patterns: + - ".management-beats*" + allowed_actions: + - "indices_all" + - index_patterns: + - "*" + allowed_actions: + - "indices:admin/aliases*" logstash: reserved: true @@ -124,37 +123,38 @@ logstash: static: true description: "Provide the minimum permissions for logstash and beats" cluster_permissions: - - "cluster_monitor" - - "cluster_composite_ops" - - "indices:admin/template/get" - - "indices:admin/template/put" - - "cluster:admin/ingest/pipeline/put" - - "cluster:admin/ingest/pipeline/get" + - "cluster:admin/ingest/pipeline/get" + - "cluster:admin/ingest/pipeline/put" + - "cluster_composite_ops" + - "cluster_monitor" + - "indices:admin/template/get" + - "indices:admin/template/put" index_permissions: - - index_patterns: - - "logstash-*" - allowed_actions: - - "crud" - - "create_index" - - index_patterns: - - "*beat*" - allowed_actions: - - "crud" - - "create_index" + - index_patterns: + - "logstash-*" + allowed_actions: + - "create_index" + - "crud" + - index_patterns: + - "*beat*" + allowed_actions: + - "crud" + - "create_index" readall_and_monitor: reserved: true hidden: false static: true - description: "Provide the minimum permissions for to readall indices and monitor the cluster" + description: "Provide the minimum permissions for to readall indices and monitor + the cluster" cluster_permissions: - - "cluster_monitor" - - "cluster_composite_ops_ro" + - "cluster_composite_ops_ro" + - "cluster_monitor" index_permissions: - - index_patterns: - - "*" - allowed_actions: - - "read" + - index_patterns: + - "*" + allowed_actions: + - "read" readall: reserved: true @@ -162,9 +162,9 @@ readall: static: true description: "Provide the minimum permissions for to readall indices" cluster_permissions: - - "cluster_composite_ops_ro" + - "cluster_composite_ops_ro" index_permissions: - - index_patterns: - - "*" - allowed_actions: - - "read" + - index_patterns: + - "*" + allowed_actions: + - "read" diff --git a/src/test/java/org/opensearch/security/dlic/rest/api/RoleBasedAccessTest.java b/src/test/java/org/opensearch/security/dlic/rest/api/RoleBasedAccessTest.java index fc5c59d36f..9d8badba6f 100644 --- a/src/test/java/org/opensearch/security/dlic/rest/api/RoleBasedAccessTest.java +++ b/src/test/java/org/opensearch/security/dlic/rest/api/RoleBasedAccessTest.java @@ -24,6 +24,10 @@ import static org.opensearch.security.OpenSearchSecurityPlugin.PLUGINS_PREFIX; +import static org.hamcrest.MatcherAssert.assertThat; +import static org.hamcrest.Matchers.allOf; +import static org.hamcrest.Matchers.hasItem; + public class RoleBasedAccessTest extends AbstractRestApiUnitTest { private final String ENDPOINT; @@ -173,11 +177,9 @@ public void testActionGroupsApi() throws Exception { // Worf, has access to roles API, get captains role response = rh.executeGetRequest(ENDPOINT + "/roles/opendistro_security_role_starfleet_captains", encodeBasicHeader("worf", "worf")); Assert.assertEquals(HttpStatus.SC_OK, response.getStatusCode()); - Assert.assertEquals( - new SecurityJsonNode(DefaultObjectMapper.readTree(response.getBody())).getDotted( - "opendistro_security_role_starfleet_captains.cluster_permissions" - ).get(0).asString(), - "cluster:monitor*" + assertThat( + response.findArrayInJson("opendistro_security_role_starfleet_captains.cluster_permissions"), + allOf(hasItem("*bulk*"), hasItem("cluster:monitor*")) ); // Worf, has access to roles API, able to delete diff --git a/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java b/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java index 730a22f18f..87ffa06da7 100644 --- a/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java +++ b/src/test/java/org/opensearch/security/test/helper/rest/RestHelper.java @@ -29,6 +29,7 @@ import java.io.FileInputStream; import java.io.IOException; import java.security.KeyStore; +import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; import java.util.List; @@ -476,9 +477,40 @@ public String toString() { } /** - * Given a json path with dots delimiated returns the object at the leaf + * Given a json path with dots delimiated returns the object at the leaf as a string */ public String findValueInJson(final String jsonDotPath) { + final JsonNode node = this.findObjectInJson(jsonDotPath); + throwIfNotValueNode(node); + return node.asText(); + } + + /** + * Given a json path with dots delimiated returns the array at the leaf + */ + public List findArrayInJson(final String jsonDotPath) { + final JsonNode node = this.findObjectInJson(jsonDotPath); + if (!node.isArray()) { + throw new RuntimeException("Found object was not an array, object\n" + node.toPrettyString()); + } + final List elements = new ArrayList<>(); + for (int i = 0; i < node.size(); i++) { + final JsonNode currentNode = node.get(i); + throwIfNotValueNode(currentNode); + elements.add(currentNode.asText()); + } + return elements; + } + + private void throwIfNotValueNode(final JsonNode node) { + if (!node.isValueNode()) { + throw new RuntimeException( + "Unexpected value note, index directly to the object to reference, object\n" + node.toPrettyString() + ); + } + } + + private JsonNode findObjectInJson(final String jsonDotPath) { // Make sure its json / then parse it if (!isJsonContentType()) { throw new RuntimeException("Response was expected to be JSON, body was: \n" + body); @@ -551,12 +583,7 @@ public String findValueInJson(final String jsonDotPath) { } } while (jsonPathScanner.hasNext()); - if (!currentNode.isValueNode()) { - throw new RuntimeException( - "Unexpected value note, index directly to the object to reference, object\n" + currentNode.toPrettyString() - ); - } - return currentNode.asText(); + return currentNode; } } diff --git a/src/test/resources/cache/roles.yml b/src/test/resources/cache/roles.yml index 45c5e23af0..0822e486d3 100644 --- a/src/test/resources/cache/roles.yml +++ b/src/test/resources/cache/roles.yml @@ -7,204 +7,204 @@ opendistro_security_own_index: hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS" + - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS" index_permissions: - - index_patterns: - - "${user_name}" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_INDICES_ALL" + - index_patterns: + - "${user_name}" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_INDICES_ALL" tenant_permissions: [] opendistro_security_kibana_testindex: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" + - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" index_permissions: - - index_patterns: - - "test*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_READ" - - "indices:admin/mappings/fields/get*" - - index_patterns: - - ".kibana" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_INDICES_ALL" + - index_patterns: + - "test*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_READ" + - "indices:admin/mappings/fields/get*" + - index_patterns: + - ".kibana" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_INDICES_ALL" tenant_permissions: - - tenant_patterns: - - "test_tenant_rw" - allowed_actions: - - "kibana_all_write" - - tenant_patterns: - - "test_tenant_ro" - allowed_actions: - - "kibana_all_read" + - tenant_patterns: + - "test_tenant_rw" + allowed_actions: + - "kibana_all_write" + - tenant_patterns: + - "test_tenant_ro" + allowed_actions: + - "kibana_all_read" opendistro_security_human_resources: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS" + - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS" index_permissions: - - index_patterns: - - "humanresources" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "*" - - index_patterns: - - "?kibana" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "ALL" + - index_patterns: + - "humanresources" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "*" + - index_patterns: + - "?kibana" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "ALL" tenant_permissions: - - tenant_patterns: - - "human_resources" - - "performance_data" - - "management" - - "PerFormance ___Reviews/&%%/&&/" - - "PerFormance ___Reviews%%%!!!" - allowed_actions: - - "kibana_all_write" - - tenant_patterns: - - "business_intelligence" - allowed_actions: - - "kibana_all_read" + - tenant_patterns: + - "human_resources" + - "performance_data" + - "management" + - "PerFormance ___Reviews/&%%/&&/" + - "PerFormance ___Reviews%%%!!!" + allowed_actions: + - "kibana_all_write" + - tenant_patterns: + - "business_intelligence" + allowed_actions: + - "kibana_all_read" opendistro_security_human_resources_trainee: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" + - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" index_permissions: - - index_patterns: - - "humanresources" - dls: "{ \"bool\": { \"must_not\": { \"match\": { \"Designation\": \"CEO\" }}}}" - fls: - - "Designation" - - "FirstName" - - "LastName" - - "Salary" - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_CRUD" - - index_patterns: - - "?kibana" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "ALL" + - index_patterns: + - "humanresources" + dls: "{ \"bool\": { \"must_not\": { \"match\": { \"Designation\": \"CEO\" }}}}" + fls: + - "Designation" + - "FirstName" + - "LastName" + - "Salary" + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_CRUD" + - index_patterns: + - "?kibana" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "ALL" tenant_permissions: - - tenant_patterns: - - "human_resources" - - "performance_data" - - "business_intelligence" - allowed_actions: - - "kibana_all_read" + - tenant_patterns: + - "human_resources" + - "performance_data" + - "business_intelligence" + allowed_actions: + - "kibana_all_read" opendistro_security_readonly_and_monitor: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "OPENDISTRO_SECURITY_CLUSTER_MONITOR" - - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" + - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" + - "OPENDISTRO_SECURITY_CLUSTER_MONITOR" index_permissions: - - index_patterns: - - "*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_INDICES_ALL" + - index_patterns: + - "*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_INDICES_ALL" tenant_permissions: [] opendistro_security_kibana: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "MONITOR" - - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" + - "MONITOR" + - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" index_permissions: - - index_patterns: - - "?kibana" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_READ" - - "OPENDISTRO_SECURITY_DELETE" - - "OPENDISTRO_SECURITY_MANAGE" - - "OPENDISTRO_SECURITY_INDEX" - - index_patterns: - - "?kibana-6" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_READ" - - "OPENDISTRO_SECURITY_DELETE" - - "OPENDISTRO_SECURITY_MANAGE" - - "OPENDISTRO_SECURITY_INDEX" - - index_patterns: - - "*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:data/read/field_caps*" + - index_patterns: + - "?kibana" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_DELETE" + - "OPENDISTRO_SECURITY_INDEX" + - "OPENDISTRO_SECURITY_MANAGE" + - "OPENDISTRO_SECURITY_READ" + - index_patterns: + - "?kibana-6" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_READ" + - "OPENDISTRO_SECURITY_DELETE" + - "OPENDISTRO_SECURITY_MANAGE" + - "OPENDISTRO_SECURITY_INDEX" + - index_patterns: + - "*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:data/read/field_caps*" tenant_permissions: [] opendistro_security_manage_snapshots: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "OPENDISTRO_SECURITY_MANAGE_SNAPSHOTS" + - "OPENDISTRO_SECURITY_MANAGE_SNAPSHOTS" index_permissions: - - index_patterns: - - "*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:data/write/index" - - "indices:admin/create" + - index_patterns: + - "*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:admin/create" + - "indices:data/write/index" tenant_permissions: [] opendistro_security_kibana_server: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "OPENDISTRO_SECURITY_CLUSTER_MONITOR" - - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS" + - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS" + - "OPENDISTRO_SECURITY_CLUSTER_MONITOR" index_permissions: - - index_patterns: - - "?kibana" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_INDICES_ALL" + - index_patterns: + - "?kibana" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_INDICES_ALL" tenant_permissions: [] opendistro_security_public: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "cluster:monitor/main" - - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" + - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" + - "cluster:monitor/main" index_permissions: [] tenant_permissions: [] opendistro_security_all_access: @@ -212,254 +212,254 @@ opendistro_security_all_access: hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "OPENDISTRO_SECURITY_UNLIMITED" - index_permissions: - - index_patterns: - - "*" - dls: null - fls: null - masked_fields: null - allowed_actions: - "OPENDISTRO_SECURITY_UNLIMITED" + index_permissions: + - index_patterns: + - "*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_UNLIMITED" tenant_permissions: - - tenant_patterns: - - "adm_tenant" - - "test_tenant_ro" - allowed_actions: - - "kibana_all_write" + - tenant_patterns: + - "adm_tenant" + - "test_tenant_ro" + allowed_actions: + - "kibana_all_write" opendistro_security_logstash: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "indices:admin/template/get" - - "indices:admin/template/put" - - "OPENDISTRO_SECURITY_CLUSTER_MONITOR" - - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS" + - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS" + - "OPENDISTRO_SECURITY_CLUSTER_MONITOR" + - "indices:admin/template/get" + - "indices:admin/template/put" index_permissions: - - index_patterns: - - "logstash-*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_CRUD" - - "OPENDISTRO_SECURITY_CREATE_INDEX" - - index_patterns: - - "*beat*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_CRUD" - - "OPENDISTRO_SECURITY_CREATE_INDEX" + - index_patterns: + - "logstash-*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_CREATE_INDEX" + - "OPENDISTRO_SECURITY_CRUD" + - index_patterns: + - "*beat*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_CRUD" + - "OPENDISTRO_SECURITY_CREATE_INDEX" tenant_permissions: [] opendistro_security_ua: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "*" - index_permissions: - - index_patterns: - - "indexa*" - dls: null - fls: null - masked_fields: null - allowed_actions: - "*" - - index_patterns: - - "permitnotexistentindex" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "*" - - index_patterns: - - "?kibana" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "ALL" - - index_patterns: - - "*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:data/read/field_caps" + index_permissions: + - index_patterns: + - "indexa*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "*" + - index_patterns: + - "permitnotexistentindex" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "*" + - index_patterns: + - "?kibana" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "ALL" + - index_patterns: + - "*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:data/read/field_caps" tenant_permissions: [] opendistro_security_finance: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" + - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" index_permissions: - - index_patterns: - - "finance" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "*" - - index_patterns: - - "humanresources" - dls: null - fls: - - "Designation" - - "FirstName" - - "LastName" - - "Salary" - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_READ" - - index_patterns: - - "?kibana" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "ALL" + - index_patterns: + - "finance" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "*" + - index_patterns: + - "humanresources" + dls: null + fls: + - "Designation" + - "FirstName" + - "LastName" + - "Salary" + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_READ" + - index_patterns: + - "?kibana" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "ALL" tenant_permissions: - - tenant_patterns: - - "finance" - - "finance_management" - - "performance_data" - - "management" - - "business_intelligence" - allowed_actions: - - "kibana_all_write" - - tenant_patterns: - - "human_resources" - allowed_actions: - - "kibana_all_read" + - tenant_patterns: + - "finance" + - "finance_management" + - "performance_data" + - "management" + - "business_intelligence" + allowed_actions: + - "kibana_all_write" + - tenant_patterns: + - "human_resources" + allowed_actions: + - "kibana_all_read" opendistro_security_readonly_dlsfls: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" + - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" index_permissions: - - index_patterns: - - "/\\S*/" - dls: "{\"term\" : {\"_type\" : \"legends\"}}" - fls: - - "aaa" - - "bbb" - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_READ" + - index_patterns: + - "/\\S*/" + dls: "{\"term\" : {\"_type\" : \"legends\"}}" + fls: + - "aaa" + - "bbb" + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_READ" tenant_permissions: [] opendistro_security_finance_trainee: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" + - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" index_permissions: - - index_patterns: - - "finance" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_CRUD" - - index_patterns: - - "?kibana" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "ALL" + - index_patterns: + - "finance" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_CRUD" + - index_patterns: + - "?kibana" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "ALL" tenant_permissions: - - tenant_patterns: - - "finance" - allowed_actions: - - "kibana_all_read" + - tenant_patterns: + - "finance" + allowed_actions: + - "kibana_all_read" opendistro_security_role_starfleet: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS" + - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS" index_permissions: - - index_patterns: - - "sf" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_READ" - - "OPENDISTRO_SECURITY_INDICES_ALL" - - index_patterns: - - "pub*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_READ" + - index_patterns: + - "sf" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_INDICES_ALL" + - "OPENDISTRO_SECURITY_READ" + - index_patterns: + - "pub*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_READ" tenant_permissions: - - tenant_patterns: - - "enterprise_tenant" - - "test_tenant_ro" - allowed_actions: - - "kibana_all_write" + - tenant_patterns: + - "enterprise_tenant" + - "test_tenant_ro" + allowed_actions: + - "kibana_all_write" opendistro_security_readall: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" + - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" index_permissions: - - index_patterns: - - "*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_READ" + - index_patterns: + - "*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_READ" tenant_permissions: [] opendistro_security_ub: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "*" - index_permissions: - - index_patterns: - - "indexb" - dls: null - fls: null - masked_fields: null - allowed_actions: - "*" + index_permissions: + - index_patterns: + - "indexb" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "*" tenant_permissions: [] opendistro_security_role_starfleet_captains: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "cluster:monitor*" - - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS" + - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS" + - "cluster:monitor*" index_permissions: - - index_patterns: - - "sf" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_CRUD" - - index_patterns: - - "pub*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_CRUD" + - index_patterns: + - "sf" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_CRUD" + - index_patterns: + - "pub*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_CRUD" tenant_permissions: - - tenant_patterns: - - "command_tenant" - allowed_actions: - - "kibana_all_write" + - tenant_patterns: + - "command_tenant" + allowed_actions: + - "kibana_all_write" diff --git a/src/test/resources/multitenancy/roles.yml b/src/test/resources/multitenancy/roles.yml index 1baa77cc8b..feb86a8e49 100644 --- a/src/test/resources/multitenancy/roles.yml +++ b/src/test/resources/multitenancy/roles.yml @@ -9,204 +9,204 @@ opendistro_security_own_index: hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS" + - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS" index_permissions: - - index_patterns: - - "${user_name}" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_INDICES_ALL" + - index_patterns: + - "${user_name}" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_INDICES_ALL" tenant_permissions: [] opendistro_security_kibana_testindex: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" + - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" index_permissions: - - index_patterns: - - "test*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_READ" - - "indices:admin/mappings/fields/get*" - - index_patterns: - - ".kibana" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_INDICES_ALL" + - index_patterns: + - "test*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_READ" + - "indices:admin/mappings/fields/get*" + - index_patterns: + - ".kibana" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_INDICES_ALL" tenant_permissions: - - tenant_patterns: - - "test_tenant_rw" - allowed_actions: - - "kibana_all_write" - - tenant_patterns: - - "test_tenant_ro" - allowed_actions: - - "kibana_all_read" + - tenant_patterns: + - "test_tenant_rw" + allowed_actions: + - "kibana_all_write" + - tenant_patterns: + - "test_tenant_ro" + allowed_actions: + - "kibana_all_read" opendistro_security_human_resources: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS" + - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS" index_permissions: - - index_patterns: - - "humanresources" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "*" - - index_patterns: - - "?kibana" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "ALL" + - index_patterns: + - "humanresources" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "*" + - index_patterns: + - "?kibana" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "ALL" tenant_permissions: - - tenant_patterns: - - "human_resources" - - "performance_data" - - "management" - - "PerFormance ___Reviews/&%%/&&/" - - "PerFormance ___Reviews%%%!!!" - allowed_actions: - - "kibana_all_write" - - tenant_patterns: - - "business_intelligence" - allowed_actions: - - "kibana_all_read" + - tenant_patterns: + - "human_resources" + - "performance_data" + - "management" + - "PerFormance ___Reviews/&%%/&&/" + - "PerFormance ___Reviews%%%!!!" + allowed_actions: + - "kibana_all_write" + - tenant_patterns: + - "business_intelligence" + allowed_actions: + - "kibana_all_read" opendistro_security_human_resources_trainee: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" + - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" index_permissions: - - index_patterns: - - "humanresources" - dls: "{ \"bool\": { \"must_not\": { \"match\": { \"Designation\": \"CEO\" }}}}" - fls: - - "Designation" - - "FirstName" - - "LastName" - - "Salary" - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_CRUD" - - index_patterns: - - "?kibana" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "ALL" + - index_patterns: + - "humanresources" + dls: "{ \"bool\": { \"must_not\": { \"match\": { \"Designation\": \"CEO\" }}}}" + fls: + - "Designation" + - "FirstName" + - "LastName" + - "Salary" + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_CRUD" + - index_patterns: + - "?kibana" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "ALL" tenant_permissions: - - tenant_patterns: - - "human_resources" - - "performance_data" - - "business_intelligence" - allowed_actions: - - "kibana_all_read" + - tenant_patterns: + - "human_resources" + - "performance_data" + - "business_intelligence" + allowed_actions: + - "kibana_all_read" opendistro_security_readonly_and_monitor: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "OPENDISTRO_SECURITY_CLUSTER_MONITOR" - - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" + - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" + - "OPENDISTRO_SECURITY_CLUSTER_MONITOR" index_permissions: - - index_patterns: - - "*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_INDICES_ALL" + - index_patterns: + - "*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_INDICES_ALL" tenant_permissions: [] opendistro_security_kibana: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "MONITOR" - - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" + - "MONITOR" + - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" index_permissions: - - index_patterns: - - "?kibana" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_READ" - - "OPENDISTRO_SECURITY_DELETE" - - "OPENDISTRO_SECURITY_MANAGE" - - "OPENDISTRO_SECURITY_INDEX" - - index_patterns: - - "?kibana-6" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_READ" - - "OPENDISTRO_SECURITY_DELETE" - - "OPENDISTRO_SECURITY_MANAGE" - - "OPENDISTRO_SECURITY_INDEX" - - index_patterns: - - "*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:data/read/field_caps*" + - index_patterns: + - "?kibana" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_DELETE" + - "OPENDISTRO_SECURITY_INDEX" + - "OPENDISTRO_SECURITY_MANAGE" + - "OPENDISTRO_SECURITY_READ" + - index_patterns: + - "?kibana-6" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_READ" + - "OPENDISTRO_SECURITY_DELETE" + - "OPENDISTRO_SECURITY_MANAGE" + - "OPENDISTRO_SECURITY_INDEX" + - index_patterns: + - "*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:data/read/field_caps*" tenant_permissions: [] opendistro_security_manage_snapshots: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "OPENDISTRO_SECURITY_MANAGE_SNAPSHOTS" + - "OPENDISTRO_SECURITY_MANAGE_SNAPSHOTS" index_permissions: - - index_patterns: - - "*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:data/write/index" - - "indices:admin/create" + - index_patterns: + - "*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:admin/create" + - "indices:data/write/index" tenant_permissions: [] opendistro_security_kibana_server: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "OPENDISTRO_SECURITY_CLUSTER_MONITOR" - - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS" + - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS" + - "OPENDISTRO_SECURITY_CLUSTER_MONITOR" index_permissions: - - index_patterns: - - "?kibana" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_INDICES_ALL" + - index_patterns: + - "?kibana" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_INDICES_ALL" tenant_permissions: [] opendistro_security_public: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "cluster:monitor/main" - - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" + - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" + - "cluster:monitor/main" index_permissions: [] tenant_permissions: [] opendistro_security_all_access: @@ -214,291 +214,291 @@ opendistro_security_all_access: hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "OPENDISTRO_SECURITY_UNLIMITED" - index_permissions: - - index_patterns: - - "*" - dls: null - fls: null - masked_fields: null - allowed_actions: - "OPENDISTRO_SECURITY_UNLIMITED" + index_permissions: + - index_patterns: + - "*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_UNLIMITED" tenant_permissions: - - tenant_patterns: - - "adm_tenant" - - "test_tenant_ro" - - "anonymous_tenant" - allowed_actions: - - "kibana_all_write" + - tenant_patterns: + - "adm_tenant" + - "test_tenant_ro" + - "anonymous_tenant" + allowed_actions: + - "kibana_all_write" opendistro_security_logstash: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "indices:admin/template/get" - - "indices:admin/template/put" - - "OPENDISTRO_SECURITY_CLUSTER_MONITOR" - - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS" + - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS" + - "OPENDISTRO_SECURITY_CLUSTER_MONITOR" + - "indices:admin/template/get" + - "indices:admin/template/put" index_permissions: - - index_patterns: - - "logstash-*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_CRUD" - - "OPENDISTRO_SECURITY_CREATE_INDEX" - - index_patterns: - - "*beat*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_CRUD" - - "OPENDISTRO_SECURITY_CREATE_INDEX" + - index_patterns: + - "logstash-*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_CREATE_INDEX" + - "OPENDISTRO_SECURITY_CRUD" + - index_patterns: + - "*beat*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_CRUD" + - "OPENDISTRO_SECURITY_CREATE_INDEX" tenant_permissions: [] opendistro_security_ua: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "*" - index_permissions: - - index_patterns: - - "indexa*" - dls: null - fls: null - masked_fields: null - allowed_actions: - "*" - - index_patterns: - - "permitnotexistentindex" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "*" - - index_patterns: - - "?kibana" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "ALL" - - index_patterns: - - "*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:data/read/field_caps" + index_permissions: + - index_patterns: + - "indexa*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "*" + - index_patterns: + - "permitnotexistentindex" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "*" + - index_patterns: + - "?kibana" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "ALL" + - index_patterns: + - "*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:data/read/field_caps" tenant_permissions: [] opendistro_security_finance: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" + - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" index_permissions: - - index_patterns: - - "finance" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "*" - - index_patterns: - - "humanresources" - dls: null - fls: - - "Designation" - - "FirstName" - - "LastName" - - "Salary" - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_READ" - - index_patterns: - - "?kibana" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "ALL" + - index_patterns: + - "finance" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "*" + - index_patterns: + - "humanresources" + dls: null + fls: + - "Designation" + - "FirstName" + - "LastName" + - "Salary" + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_READ" + - index_patterns: + - "?kibana" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "ALL" tenant_permissions: - - tenant_patterns: - - "finance" - - "finance_management" - - "performance_data" - - "management" - - "business_intelligence" - allowed_actions: - - "kibana_all_write" - - tenant_patterns: - - "human_resources" - allowed_actions: - - "kibana_all_read" + - tenant_patterns: + - "finance" + - "finance_management" + - "performance_data" + - "management" + - "business_intelligence" + allowed_actions: + - "kibana_all_write" + - tenant_patterns: + - "human_resources" + allowed_actions: + - "kibana_all_read" opendistro_security_readonly_dlsfls: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" + - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" index_permissions: - - index_patterns: - - "/\\S*/" - dls: "{\"term\" : {\"_type\" : \"legends\"}}" - fls: - - "aaa" - - "bbb" - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_READ" + - index_patterns: + - "/\\S*/" + dls: "{\"term\" : {\"_type\" : \"legends\"}}" + fls: + - "aaa" + - "bbb" + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_READ" tenant_permissions: [] opendistro_security_finance_trainee: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" + - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" index_permissions: - - index_patterns: - - "finance" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_CRUD" - - index_patterns: - - "?kibana" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "ALL" + - index_patterns: + - "finance" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_CRUD" + - index_patterns: + - "?kibana" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "ALL" tenant_permissions: - - tenant_patterns: - - "finance" - allowed_actions: - - "kibana_all_read" + - tenant_patterns: + - "finance" + allowed_actions: + - "kibana_all_read" opendistro_security_role_starfleet: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS" + - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS" index_permissions: - - index_patterns: - - "sf" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_READ" - - "OPENDISTRO_SECURITY_INDICES_ALL" - - index_patterns: - - "pub*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_READ" + - index_patterns: + - "sf" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_INDICES_ALL" + - "OPENDISTRO_SECURITY_READ" + - index_patterns: + - "pub*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_READ" tenant_permissions: - - tenant_patterns: - - "enterprise_tenant" - - "test_tenant_ro" - allowed_actions: - - "kibana_all_write" + - tenant_patterns: + - "enterprise_tenant" + - "test_tenant_ro" + allowed_actions: + - "kibana_all_write" opendistro_security_readall: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" + - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" index_permissions: - - index_patterns: - - "*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_READ" + - index_patterns: + - "*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_READ" tenant_permissions: [] opendistro_security_ub: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "*" - index_permissions: - - index_patterns: - - "indexb" - dls: null - fls: null - masked_fields: null - allowed_actions: - "*" + index_permissions: + - index_patterns: + - "indexb" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "*" tenant_permissions: [] opendistro_security_role_starfleet_captains: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "cluster:monitor*" - - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS" + - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS" + - "cluster:monitor*" index_permissions: - - index_patterns: - - "sf" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_CRUD" - - index_patterns: - - "pub*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_CRUD" + - index_patterns: + - "sf" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_CRUD" + - index_patterns: + - "pub*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_CRUD" tenant_permissions: - - tenant_patterns: - - "command_tenant" - allowed_actions: - - "kibana_all_write" + - tenant_patterns: + - "command_tenant" + allowed_actions: + - "kibana_all_write" opendistro_security_role_tenant_parameters_substitution: reserved: false hidden: false description: "PR#819 / Issue#817" cluster_permissions: - - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS" + - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS" index_permissions: - - index_patterns: - - "?kibana" - allowed_actions: - - "ALL" + - index_patterns: + - "?kibana" + allowed_actions: + - "ALL" tenant_permissions: - - tenant_patterns: - - "${attr.internal.attribute1}" - - "${attr.internal.attribute1}_1" - allowed_actions: - - "kibana_all_write" + - tenant_patterns: + - "${attr.internal.attribute1}" + - "${attr.internal.attribute1}_1" + allowed_actions: + - "kibana_all_write" opendistro_security_anonymous_multitenancy: reserved: false hidden: false description: "PR#2459" cluster_permissions: - - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" + - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" index_permissions: - - index_patterns: - - "*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_READ" + - index_patterns: + - "*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_READ" tenant_permissions: - - tenant_patterns: - - "anonymous_tenant" - allowed_actions: - - "kibana_all_read" + - tenant_patterns: + - "anonymous_tenant" + allowed_actions: + - "kibana_all_read" diff --git a/src/test/resources/restapi/roles.yml b/src/test/resources/restapi/roles.yml index 6deb194e9b..f639a21a4e 100644 --- a/src/test/resources/restapi/roles.yml +++ b/src/test/resources/restapi/roles.yml @@ -7,15 +7,15 @@ opendistro_security_unittest_1: hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "*" - index_permissions: - - index_patterns: - - "*" - dls: null - fls: null - masked_fields: null - allowed_actions: - "*" + index_permissions: + - index_patterns: + - "*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "*" tenant_permissions: [] opendistro_security_role_starfleet_library: reserved: true @@ -66,15 +66,15 @@ opendistro_security_internal: hidden: true description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "OPENDISTRO_SECURITY_CLUSTER_ALL" + - "OPENDISTRO_SECURITY_CLUSTER_ALL" index_permissions: - - index_patterns: - - "abc*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "ALL" + - index_patterns: + - "abc*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "ALL" tenant_permissions: [] opendistro_security_role_klingons1: reserved: false @@ -82,13 +82,13 @@ opendistro_security_role_klingons1: description: "Migrated from v6 (all types mapped)" cluster_permissions: [] index_permissions: - - index_patterns: - - "klingonempire" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "READ_UT" + - index_patterns: + - "klingonempire" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "READ_UT" tenant_permissions: [] opendistro_security_role_klingons2: reserved: false @@ -96,50 +96,50 @@ opendistro_security_role_klingons2: description: "Migrated from v6 (all types mapped)" cluster_permissions: [] index_permissions: - - index_patterns: - - "klingonempire" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "READ_UT" + - index_patterns: + - "klingonempire" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "READ_UT" tenant_permissions: [] opendistro_security_kibana4: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "cluster:monitor/nodes/info" - - "cluster:monitor/health" + - "cluster:monitor/health" + - "cluster:monitor/nodes/info" index_permissions: - - index_patterns: - - "*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:data/read/search-" - - "indices:data/read/msearch" - - "indices:admin/get" - - "indices:admin/validate/query" - - "indices:admin/mappings/fields/get" - - index_patterns: - - "?kibana" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:data/write/index" - - "indices:data/write/delete" - - "indices:data/write/update" - - "indices:admin/mapping/put" - - "indices:data/read/get" - - "indices:admin/refresh" - - "indices:admin/validate/query" - - "indices:data/read/search" - - "indices:admin/mappings/fields/get" - - "indices:admin/exists" - - "indices:data/read/mget" + - index_patterns: + - "*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:admin/get" + - "indices:admin/mappings/fields/get" + - "indices:admin/validate/query" + - "indices:data/read/msearch" + - "indices:data/read/search-" + - index_patterns: + - "?kibana" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:data/write/index" + - "indices:data/write/delete" + - "indices:data/write/update" + - "indices:admin/mapping/put" + - "indices:data/read/get" + - "indices:admin/refresh" + - "indices:admin/validate/query" + - "indices:data/read/search" + - "indices:admin/mappings/fields/get" + - "indices:admin/exists" + - "indices:data/read/mget" tenant_permissions: [] opendistro_security_theindex_admin: reserved: false @@ -147,35 +147,35 @@ opendistro_security_theindex_admin: description: "Migrated from v6 (all types mapped)" cluster_permissions: [] index_permissions: - - index_patterns: - - "theindex" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "ALL" + - index_patterns: + - "theindex" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "ALL" tenant_permissions: [] opendistro_security_power_user: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "OPENDISTRO_SECURITY_CLUSTER_MONITOR" + - "OPENDISTRO_SECURITY_CLUSTER_MONITOR" index_permissions: - - index_patterns: - - "*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "ALL" + - index_patterns: + - "*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "ALL" tenant_permissions: [] opendistro_security_transport_client: reserved: true hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "cluster:monitor/nodes/liveness" + - "cluster:monitor/nodes/liveness" index_permissions: [] tenant_permissions: [] opendistro_security_remote_marvel_agent: @@ -183,61 +183,61 @@ opendistro_security_remote_marvel_agent: hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "indices:admin/template/put" - - "indices:admin/template/get" + - "indices:admin/template/get" + - "indices:admin/template/put" index_permissions: - - index_patterns: - - "?marvel-opensearch-*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "ALL" + - index_patterns: + - "?marvel-opensearch-*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "ALL" tenant_permissions: [] opendistro_security_zdummy_all: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "cluster:*" + - "cluster:*" index_permissions: - - index_patterns: - - "*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "ALL" + - index_patterns: + - "*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "ALL" tenant_permissions: [] opendistro_security_admin: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "OPENDISTRO_SECURITY_CLUSTER_ALL" + - "OPENDISTRO_SECURITY_CLUSTER_ALL" index_permissions: - - index_patterns: - - "*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "ALL" + - index_patterns: + - "*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "ALL" tenant_permissions: [] opendistro_security_all_access: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "cluster:*" + - "cluster:*" index_permissions: - - index_patterns: - - "*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "ALL" + - index_patterns: + - "*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "ALL" tenant_permissions: [] opendistro_security_marvel_user: reserved: false @@ -245,64 +245,64 @@ opendistro_security_marvel_user: description: "Migrated from v6 (all types mapped)" cluster_permissions: [] index_permissions: - - index_patterns: - - "?marvel-opensearch-*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "READ_UT" - - index_patterns: - - "?kibana" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:data/read/get" - - "indices:admin/validate/query" - - "indices:data/read/search" - - "indices:admin/mappings/fields/get" - - "indices:admin/exists" - - "indices:data/read/mget" + - index_patterns: + - "?marvel-opensearch-*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "READ_UT" + - index_patterns: + - "?kibana" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:data/read/get" + - "indices:admin/validate/query" + - "indices:data/read/search" + - "indices:admin/mappings/fields/get" + - "indices:admin/exists" + - "indices:data/read/mget" tenant_permissions: [] opendistro_security_logstash: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "indices:admin/template/get" - - "indices:admin/template/put" + - "indices:admin/template/get" + - "indices:admin/template/put" index_permissions: - - index_patterns: - - "logstash-*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:data/write/delete" - - "indices:data/write/update" - - "indices:data/read/scroll" - - "indices:data/write/bulk" - - "indices:data/read/search" - - "OPENDISTRO_SECURITY_CREATE_INDEX" + - index_patterns: + - "logstash-*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_CREATE_INDEX" + - "indices:data/read/scroll" + - "indices:data/read/search" + - "indices:data/write/bulk" + - "indices:data/write/delete" + - "indices:data/write/update" tenant_permissions: [] opendistro_security_flsdls: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "*" - index_permissions: - - index_patterns: - - "*" - dls: "{\"term\" : {\"_type\" : \"legends\"}}" - fls: - - "fieldx" - - "field2.b" - - "field3.m.*" - masked_fields: null - allowed_actions: - "*" + index_permissions: + - index_patterns: + - "*" + dls: "{\"term\" : {\"_type\" : \"legends\"}}" + fls: + - "fieldx" + - "field2.b" + - "field3.m.*" + masked_fields: null + allowed_actions: + - "*" tenant_permissions: [] opendistro_security_user: reserved: false @@ -310,88 +310,88 @@ opendistro_security_user: description: "Migrated from v6 (all types mapped)" cluster_permissions: [] index_permissions: - - index_patterns: - - "*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "READ_UT" + - index_patterns: + - "*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "READ_UT" tenant_permissions: [] opendistro_security_kibana4_server: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "cluster:monitor/nodes/info" - - "cluster:monitor/health" + - "cluster:monitor/health" + - "cluster:monitor/nodes/info" index_permissions: - - index_patterns: - - "?kibana" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:data/write/index" - - "indices:data/write/delete" - - "indices:data/write/update" - - "indices:admin/mapping/put" - - "indices:data/read/get" - - "indices:admin/refresh" - - "indices:admin/validate/query" - - "indices:data/read/search" - - "indices:admin/mappings/fields/get" - - "indices:admin/create" - - "indices:admin/exists" - - "indices:data/read/mget" + - index_patterns: + - "?kibana" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:admin/create" + - "indices:admin/exists" + - "indices:admin/mapping/put" + - "indices:admin/mappings/fields/get" + - "indices:admin/refresh" + - "indices:admin/validate/query" + - "indices:data/read/get" + - "indices:data/read/mget" + - "indices:data/read/search" + - "indices:data/write/delete" + - "indices:data/write/index" + - "indices:data/write/update" tenant_permissions: [] opendistro_security_role_starfleet: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "cluster:monitor*" - - "indices:data/read/scroll" - - "*bulk*" - index_permissions: - - index_patterns: - - "sf" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "READ_UT" - "*bulk*" - - index_patterns: - - "*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "READ_UT" + - "cluster:monitor*" + - "indices:data/read/scroll" + index_permissions: + - index_patterns: + - "sf" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "*bulk*" + - "READ_UT" + - index_patterns: + - "*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "READ_UT" tenant_permissions: [] opendistro_security_role_starfleet_captains: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "cluster:monitor*" - - "*bulk*" + - "*bulk*" + - "cluster:monitor*" index_permissions: - - index_patterns: - - "sf" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "CRUD_UT" - - index_patterns: - - "public" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "CRUD_UT" + - index_patterns: + - "sf" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "CRUD_UT" + - index_patterns: + - "public" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "CRUD_UT" tenant_permissions: [] rest_api_admin_full_access: reserved: true diff --git a/src/test/resources/roles.yml b/src/test/resources/roles.yml index 898ea9215f..3f9c8c1158 100644 --- a/src/test/resources/roles.yml +++ b/src/test/resources/roles.yml @@ -7,15 +7,15 @@ unittest_1: hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "*" - index_permissions: - - index_patterns: - - "*" - dls: null - fls: null - masked_fields: null - allowed_actions: - "*" + index_permissions: + - index_patterns: + - "*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "*" tenant_permissions: [] rexclude: reserved: false @@ -23,51 +23,51 @@ rexclude: description: "Migrated from v6 (all types mapped)" cluster_permissions: [] index_permissions: - - index_patterns: - - "/(?!special|alsonotallowed)(\\S|\\s)*/" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_READ" + - index_patterns: + - "/(?!special|alsonotallowed)(\\S|\\s)*/" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_READ" tenant_permissions: [] underscore: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "*" - index_permissions: - - index_patterns: - - "*abc_xyz_*" - dls: null - fls: null - masked_fields: null - allowed_actions: - "*" + index_permissions: + - index_patterns: + - "*abc_xyz_*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "*" tenant_permissions: [] shakespeare: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "cluster:monitor/nodes/info" - - "cluster:monitor/health" - - "indices:admin/template/get" - - "indices:admin/exists" - index_permissions: - - index_patterns: - - "shakespeare" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_READ" - - "indices:data/write/bulk*" - - "indices:admin/validate/query*" + - "cluster:monitor/health" + - "cluster:monitor/nodes/info" - "indices:admin/exists" - - "indices:admin/get*" - - "indices:admin/mappings/fields/get*" + - "indices:admin/template/get" + index_permissions: + - index_patterns: + - "shakespeare" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_READ" + - "indices:admin/exists" + - "indices:admin/get*" + - "indices:admin/mappings/fields/get*" + - "indices:admin/validate/query*" + - "indices:data/write/bulk*" tenant_permissions: [] aliasmngt: reserved: false @@ -75,23 +75,23 @@ aliasmngt: description: "Migrated from v6 (all types mapped)" cluster_permissions: [] index_permissions: - - index_patterns: - - "logstash-*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:admin/aliases*" - - "indices:data/write/*" - - "indices:data/read/*" - - "OPENDISTRO_SECURITY_CREATE_INDEX" + - index_patterns: + - "logstash-*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_CREATE_INDEX" + - "indices:admin/aliases*" + - "indices:data/read/*" + - "indices:data/write/*" tenant_permissions: [] transport_client: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "cluster:monitor/nodes/liveness" + - "cluster:monitor/nodes/liveness" index_permissions: [] tenant_permissions: [] user1: @@ -100,13 +100,13 @@ user1: description: "Migrated from v6 (all types mapped)" cluster_permissions: [] index_permissions: - - index_patterns: - - "alias1" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_READ" + - index_patterns: + - "alias1" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_READ" tenant_permissions: [] ccsresolv: reserved: false @@ -114,13 +114,13 @@ ccsresolv: description: "Migrated from v6 (all types mapped)" cluster_permissions: [] index_permissions: - - index_patterns: - - "?abc*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:data/read/*" + - index_patterns: + - "?abc*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:data/read/*" tenant_permissions: [] user2: reserved: false @@ -128,183 +128,183 @@ user2: description: "Migrated from v6 (all types mapped)" cluster_permissions: [] index_permissions: - - index_patterns: - - "alias2" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_READ" + - index_patterns: + - "alias2" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_READ" tenant_permissions: [] role_starfleet_captains: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "cluster:monitor*" - index_permissions: - - index_patterns: - - "sf" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_CRUD" - - index_patterns: - - "public" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_CRUD" + - "cluster:monitor*" + index_permissions: + - index_patterns: + - "sf" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_CRUD" + - index_patterns: + - "public" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_CRUD" tenant_permissions: [] restore: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "cluster:admin/snapshot/restore" - index_permissions: - - index_patterns: - - "vulcangov_restore_1" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:data/write/index" - - "indices:admin/create" - - index_patterns: - - "vulcangov_restore_2a" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:admin/create" - - index_patterns: - - "vulcangov_restore_2*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:data/write/index" - - index_patterns: - - "vulcangov_no_restore_1" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:data/write/index" - - "indices:admin/create" - - index_patterns: - - "vulcangov_no_restore_2" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:data/write/index" - - "indices:admin/create" - - index_patterns: - - "vulcangov_no_restore_3" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:data/write/index" - - index_patterns: - - "vulcangov_no_restore_4" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:admin/create" + - "cluster:admin/snapshot/restore" + index_permissions: + - index_patterns: + - "vulcangov_restore_1" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:admin/create" + - "indices:data/write/index" + - index_patterns: + - "vulcangov_restore_2a" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:admin/create" + - index_patterns: + - "vulcangov_restore_2*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:data/write/index" + - index_patterns: + - "vulcangov_no_restore_1" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:data/write/index" + - "indices:admin/create" + - index_patterns: + - "vulcangov_no_restore_2" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:data/write/index" + - "indices:admin/create" + - index_patterns: + - "vulcangov_no_restore_3" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:data/write/index" + - index_patterns: + - "vulcangov_no_restore_4" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:admin/create" tenant_permissions: [] baz: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "ALL" - index_permissions: - - index_patterns: - - "foo*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_READ" - - index_patterns: - - "foo" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_READ" + - "ALL" + index_permissions: + - index_patterns: + - "foo*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_READ" + - index_patterns: + - "foo" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_READ" tenant_permissions: [] kibana4: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "cluster:monitor/nodes/info" - - "cluster:monitor/health" + - "cluster:monitor/health" + - "cluster:monitor/nodes/info" index_permissions: - - index_patterns: - - "*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:data/read/search-" - - "indices:data/read/msearch" - - "indices:admin/get" - - "indices:admin/validate/query" - - "indices:admin/mappings/fields/get" - - index_patterns: - - "?kibana" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:data/write/index" - - "indices:data/write/delete" - - "indices:data/write/update" - - "indices:admin/mapping/put" - - "indices:data/read/get" - - "indices:admin/refresh" - - "indices:admin/validate/query" - - "indices:data/read/search" - - "indices:admin/mappings/fields/get" - - "indices:admin/exists" - - "indices:data/read/mget" + - index_patterns: + - "*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:admin/get" + - "indices:admin/mappings/fields/get" + - "indices:admin/validate/query" + - "indices:data/read/msearch" + - "indices:data/read/search-" + - index_patterns: + - "?kibana" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:data/write/index" + - "indices:data/write/delete" + - "indices:data/write/update" + - "indices:admin/mapping/put" + - "indices:data/read/get" + - "indices:admin/refresh" + - "indices:admin/validate/query" + - "indices:data/read/search" + - "indices:admin/mappings/fields/get" + - "indices:admin/exists" + - "indices:data/read/mget" tenant_permissions: [] dlsnoinvest: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "ALL" - index_permissions: - - index_patterns: - - "article" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "ALL" - - index_patterns: - - "investment" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "ALL" - - index_patterns: - - "company" - dls: "{\"term\" : {\"category_code\" : \"software\"}}" - fls: null - masked_fields: null - allowed_actions: - "ALL" + index_permissions: + - index_patterns: + - "article" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "ALL" + - index_patterns: + - "investment" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "ALL" + - index_patterns: + - "company" + dls: "{\"term\" : {\"category_code\" : \"software\"}}" + fls: null + masked_fields: null + allowed_actions: + - "ALL" tenant_permissions: [] remote_ccs: reserved: false @@ -312,73 +312,73 @@ remote_ccs: description: "Migrated from v6 (all types mapped)" cluster_permissions: [] index_permissions: - - index_patterns: - - "*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:admin/shards/search_shards" + - index_patterns: + - "*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:admin/shards/search_shards" tenant_permissions: [] zdummy_all: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "cluster:*" + - "cluster:*" index_permissions: - - index_patterns: - - "*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "ALL" + - index_patterns: + - "*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "ALL" tenant_permissions: - - tenant_patterns: - - "admin_1" - allowed_actions: - - "kibana_all_write" - - tenant_patterns: - - "abcdef_2_2" - allowed_actions: - - "kibana_all_read" + - tenant_patterns: + - "admin_1" + allowed_actions: + - "kibana_all_write" + - tenant_patterns: + - "abcdef_2_2" + allowed_actions: + - "kibana_all_read" multiget: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "indices:data/read/mget" - index_permissions: - - index_patterns: - - "mindex1" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_READ" - - index_patterns: - - "mindex2" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_READ" + - "indices:data/read/mget" + index_permissions: + - index_patterns: + - "mindex1" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_READ" + - index_patterns: + - "mindex2" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_READ" tenant_permissions: [] public: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "cluster:monitor/main" - index_permissions: - - index_patterns: - - ".notexistingindexcvnjl9809991" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "ALL" + - "cluster:monitor/main" + index_permissions: + - index_patterns: + - ".notexistingindexcvnjl9809991" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "ALL" tenant_permissions: [] ccsresolv1: reserved: false @@ -386,27 +386,27 @@ ccsresolv1: description: "Migrated from v6 (all types mapped)" cluster_permissions: [] index_permissions: - - index_patterns: - - "?abc*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:data/read/*" - - index_patterns: - - "xyz" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:data/read/*" - - index_patterns: - - "*noexist" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:data/read/*" + - index_patterns: + - "?abc*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:data/read/*" + - index_patterns: + - "xyz" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:data/read/*" + - index_patterns: + - "*noexist" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:data/read/*" tenant_permissions: [] role01_role02: reserved: false @@ -414,79 +414,79 @@ role01_role02: description: "Migrated from v6 (all types mapped)" cluster_permissions: [] index_permissions: - - index_patterns: - - "role01_role02" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "ALL" + - index_patterns: + - "role01_role02" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "ALL" tenant_permissions: [] kibana4_server: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "cluster:monitor/nodes/info" - - "cluster:monitor/health" - index_permissions: - - index_patterns: - - "?kibana" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:data/write/index" - - "indices:data/write/delete" - - "indices:data/write/update" - - "indices:admin/mapping/put" - - "indices:data/read/get" - - "indices:admin/refresh" - - "indices:admin/validate/query" - - "indices:data/read/search" - - "indices:admin/mappings/fields/get" - - "indices:admin/create" - - "indices:admin/exists" - - "indices:data/read/mget" + - "cluster:monitor/health" + - "cluster:monitor/nodes/info" + index_permissions: + - index_patterns: + - "?kibana" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:admin/create" + - "indices:admin/exists" + - "indices:admin/mapping/put" + - "indices:admin/mappings/fields/get" + - "indices:admin/refresh" + - "indices:admin/validate/query" + - "indices:data/read/get" + - "indices:data/read/mget" + - "indices:data/read/search" + - "indices:data/write/delete" + - "indices:data/write/index" + - "indices:data/write/update" tenant_permissions: [] 557: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "*" - index_permissions: - - index_patterns: - - "/\\S*/" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_READ" + - "*" + index_permissions: + - index_patterns: + - "/\\S*/" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_READ" tenant_permissions: [] role_starfleet: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "cluster:monitor*" - - "indices:data/read/scroll" - index_permissions: - - index_patterns: - - "sf" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_READ" - - "indices:*" - - index_patterns: - - "pub*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_READ" + - "cluster:monitor*" + - "indices:data/read/scroll" + index_permissions: + - index_patterns: + - "sf" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_READ" + - "indices:*" + - index_patterns: + - "pub*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_READ" tenant_permissions: [] opendistro_security_own_index: reserved: false @@ -494,13 +494,13 @@ opendistro_security_own_index: description: "Migrated from v6 (all types mapped)" cluster_permissions: [] index_permissions: - - index_patterns: - - "${user_name}" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "ALL" + - index_patterns: + - "${user_name}" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "ALL" tenant_permissions: [] aliastest: reserved: false @@ -508,130 +508,130 @@ aliastest: description: "Migrated from v6 (all types mapped)" cluster_permissions: [] index_permissions: - - index_patterns: - - "?kibana" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:data/write/*" - - "indices:data/read/*" - - index_patterns: - - "calias-1" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:data/write/*" - - "indices:data/read/*" + - index_patterns: + - "?kibana" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:data/read/*" + - "indices:data/write/*" + - index_patterns: + - "calias-1" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:data/write/*" + - "indices:data/read/*" tenant_permissions: [] admin: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "OPENDISTRO_SECURITY_CLUSTER_ALL" + - "OPENDISTRO_SECURITY_CLUSTER_ALL" index_permissions: - - index_patterns: - - "*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "ALL" + - index_patterns: + - "*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "ALL" tenant_permissions: [] ua: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "*" - index_permissions: - - index_patterns: - - "indexa*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "*" - - index_patterns: - - "permitnotexistentindex*" - dls: null - fls: null - masked_fields: null - allowed_actions: - "*" - - index_patterns: - - "*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:data/read/field_caps" + index_permissions: + - index_patterns: + - "indexa*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "*" + - index_patterns: + - "permitnotexistentindex*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "*" + - index_patterns: + - "*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:data/read/field_caps" tenant_permissions: [] flsdls: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "*" - index_permissions: - - index_patterns: - - "*" - dls: "{\"term\" : {\"_type\" : \"legends\"}}" - fls: - - "fieldx" - - "field2.b" - - "field3.m.*" - masked_fields: null - allowed_actions: - "*" + index_permissions: + - index_patterns: + - "*" + dls: "{\"term\" : {\"_type\" : \"legends\"}}" + fls: + - "fieldx" + - "field2.b" + - "field3.m.*" + masked_fields: null + allowed_actions: + - "*" tenant_permissions: [] ub: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "*" - index_permissions: - - index_patterns: - - "indexb" - dls: null - fls: null - masked_fields: null - allowed_actions: - "*" + index_permissions: + - index_patterns: + - "indexb" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "*" tenant_permissions: [] uc: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "*" - index_permissions: - - index_patterns: - - "indexc" - dls: null - fls: null - masked_fields: null - allowed_actions: - "*" - - index_patterns: - - "beats-*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:data/write/*" - - "indices:data/read/*" - - "OPENDISTRO_SECURITY_CREATE_INDEX" + index_permissions: + - index_patterns: + - "indexc" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "*" + - index_patterns: + - "beats-*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:data/write/*" + - "indices:data/read/*" + - "OPENDISTRO_SECURITY_CREATE_INDEX" tenant_permissions: [] dummy: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "cluster:monitor/health" + - "cluster:monitor/health" index_permissions: [] tenant_permissions: [] attr: @@ -640,13 +640,13 @@ attr: description: "Migrated from v6 (all types mapped)" cluster_permissions: [] index_permissions: - - index_patterns: - - "${attr_internal_c2}" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:data/read/*" + - index_patterns: + - "${attr_internal_c2}" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:data/read/*" tenant_permissions: [] mindex3: reserved: false @@ -654,28 +654,28 @@ mindex3: description: "Migrated from v6 (all types mapped)" cluster_permissions: [] index_permissions: - - index_patterns: - - "mindex_3" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:data/write*" + - index_patterns: + - "mindex_3" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:data/write*" tenant_permissions: [] role.with.dot: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "*" - index_permissions: - - index_patterns: - - "index.with.dot" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "ALL" + - "*" + index_permissions: + - index_patterns: + - "index.with.dot" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "ALL" tenant_permissions: [] mindex2: reserved: false @@ -683,13 +683,13 @@ mindex2: description: "Migrated from v6 (all types mapped)" cluster_permissions: [] index_permissions: - - index_patterns: - - "mindex_2" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:data/read/search" + - index_patterns: + - "mindex_2" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:data/read/search" tenant_permissions: [] mindex1: reserved: false @@ -697,13 +697,13 @@ mindex1: description: "Migrated from v6 (all types mapped)" cluster_permissions: [] index_permissions: - - index_patterns: - - "mindex_1" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:data/read/search" + - index_patterns: + - "mindex_1" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:data/read/search" tenant_permissions: [] role_klingons1: reserved: false @@ -711,44 +711,44 @@ role_klingons1: description: "Migrated from v6 (all types mapped)" cluster_permissions: [] index_permissions: - - index_patterns: - - "*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:admin/shards/search_shards" - - index_patterns: - - "klingonempire" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_READ" + - index_patterns: + - "*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:admin/shards/search_shards" + - index_patterns: + - "klingonempire" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_READ" tenant_permissions: - - tenant_patterns: - - "kltentrw" - allowed_actions: - - "kibana_all_write" - - tenant_patterns: - - "kltentro" - allowed_actions: - - "kibana_all_read" + - tenant_patterns: + - "kltentrw" + allowed_actions: + - "kibana_all_write" + - tenant_patterns: + - "kltentro" + allowed_actions: + - "kibana_all_read" snapres: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "OPENDISTRO_SECURITY_MANAGE_SNAPSHOTS" + - "OPENDISTRO_SECURITY_MANAGE_SNAPSHOTS" index_permissions: - - index_patterns: - - "*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:data/write/index" - - "indices:admin/create" + - index_patterns: + - "*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:admin/create" + - "indices:data/write/index" tenant_permissions: [] role_klingons2: reserved: false @@ -756,135 +756,135 @@ role_klingons2: description: "Migrated from v6 (all types mapped)" cluster_permissions: [] index_permissions: - - index_patterns: - - "klingonempire" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_READ" + - index_patterns: + - "klingonempire" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_READ" tenant_permissions: - - tenant_patterns: - - "praxisrw" - allowed_actions: - - "kibana_all_write" - - tenant_patterns: - - "praxisro" - allowed_actions: - - "kibana_all_read" + - tenant_patterns: + - "praxisrw" + allowed_actions: + - "kibana_all_write" + - tenant_patterns: + - "praxisro" + allowed_actions: + - "kibana_all_read" theindex_admin: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS" - index_permissions: - - index_patterns: - - "theindex" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "ALL" + - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS" + index_permissions: + - index_patterns: + - "theindex" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "ALL" tenant_permissions: [] power_user: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "OPENDISTRO_SECURITY_CLUSTER_MONITOR" + - "OPENDISTRO_SECURITY_CLUSTER_MONITOR" index_permissions: - - index_patterns: - - "*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "ALL" + - index_patterns: + - "*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "ALL" tenant_permissions: [] remote_marvel_agent: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "indices:admin/template/put" - - "indices:admin/template/get" - index_permissions: - - index_patterns: - - "?marvel-opensearch-*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "ALL" + - "indices:admin/template/get" + - "indices:admin/template/put" + index_permissions: + - index_patterns: + - "?marvel-opensearch-*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "ALL" tenant_permissions: [] opendistro_security_kibana_server: reserved: true hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "OPENDISTRO_SECURITY_CLUSTER_MONITOR" - - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS" - - "indices:admin/template*" - - "indices:data/read/scroll*" - index_permissions: - - index_patterns: - - "?kibana" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_INDICES_ALL" - - index_patterns: - - "?kibana-6" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_INDICES_ALL" - - index_patterns: - - "?kibana_*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_INDICES_ALL" - - index_patterns: - - "?tasks" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_INDICES_ALL" - - index_patterns: - - "*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:admin/aliases*" + - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS" + - "OPENDISTRO_SECURITY_CLUSTER_MONITOR" + - "indices:admin/template*" + - "indices:data/read/scroll*" + index_permissions: + - index_patterns: + - "?kibana" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_INDICES_ALL" + - index_patterns: + - "?kibana-6" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_INDICES_ALL" + - index_patterns: + - "?kibana_*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_INDICES_ALL" + - index_patterns: + - "?tasks" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_INDICES_ALL" + - index_patterns: + - "*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:admin/aliases*" tenant_permissions: [] opendistro_security_all_access: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "*" - index_permissions: - - index_patterns: - "*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "ALL" - - index_patterns: - - ".notexistingindexcvnjl9809991" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "ALL" + index_permissions: + - index_patterns: + - "*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "ALL" + - index_patterns: + - ".notexistingindexcvnjl9809991" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "ALL" tenant_permissions: [] marvel_user: reserved: false @@ -892,60 +892,60 @@ marvel_user: description: "Migrated from v6 (all types mapped)" cluster_permissions: [] index_permissions: - - index_patterns: - - "?marvel-opensearch-*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_READ" - - index_patterns: - - "?kibana" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:data/read/get" - - "indices:admin/validate/query" - - "indices:data/read/search" - - "indices:admin/mappings/fields/get" - - "indices:admin/exists" - - "indices:data/read/mget" + - index_patterns: + - "?marvel-opensearch-*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_READ" + - index_patterns: + - "?kibana" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:data/read/get" + - "indices:admin/validate/query" + - "indices:data/read/search" + - "indices:admin/mappings/fields/get" + - "indices:admin/exists" + - "indices:data/read/mget" tenant_permissions: [] writer: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "indices:data/write/bulk*" + - "indices:data/write/bulk*" index_permissions: - - index_patterns: - - "*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_CREATE_INDEX" - - "OPENDISTRO_SECURITY_WRITE" + - index_patterns: + - "*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_CREATE_INDEX" + - "OPENDISTRO_SECURITY_WRITE" tenant_permissions: [] opendistro_security_logstash: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "indices:admin/template/get" - - "indices:admin/template/put" - - "indices:data/write*" - index_permissions: - - index_patterns: - - "logstash-*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:data/write/*" - - "indices:data/read/*" - - "OPENDISTRO_SECURITY_CREATE_INDEX" + - "indices:admin/template/get" + - "indices:admin/template/put" + - "indices:data/write*" + index_permissions: + - index_patterns: + - "logstash-*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_CREATE_INDEX" + - "indices:data/read/*" + - "indices:data/write/*" tenant_permissions: [] user: reserved: false @@ -953,41 +953,41 @@ user: description: "Migrated from v6 (all types mapped)" cluster_permissions: [] index_permissions: - - index_patterns: - - "*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "OPENDISTRO_SECURITY_READ" + - index_patterns: + - "*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "OPENDISTRO_SECURITY_READ" tenant_permissions: [] twitter: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" - index_permissions: - - index_patterns: - - "twitter" - - "analytics" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "*" + - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS_RO" + index_permissions: + - index_patterns: + - "twitter" + - "analytics" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "*" tenant_permissions: [] env_test: cluster_permissions: - - '*' - index_permissions: - - index_patterns: - - '${env.INDEXNAME1:-index1}' - - '${env.INDEXNAME2:-index2}' - - '${user_name}' - - '${env.INDEXNAME3}' - allowed_actions: - - "*" + - '*' + index_permissions: + - index_patterns: + - '${env.INDEXNAME1:-index1}' + - '${env.INDEXNAME2:-index2}' + - '${user_name}' + - '${env.INDEXNAME3}' + allowed_actions: + - "*" xyz_impsr: cluster_permissions: - "*" @@ -1003,8 +1003,8 @@ role_foo_index: - index_patterns: - foo-index allowed_actions: - - indices:data/read/* - indices:admin/* + - indices:data/read/* - indices:monitor/* role_foo_all: cluster_permissions: @@ -1013,8 +1013,8 @@ role_foo_all: - index_patterns: - 'foo-*' allowed_actions: - - indices:data/read/* - indices:admin/* + - indices:data/read/* - indices:monitor/* xyz_sr: @@ -1100,8 +1100,8 @@ data_stream_1: - index_patterns: - "my-data-stream*" allowed_actions: - - "indices:admin/data_stream/get" - "indices:admin/data_stream/create" + - "indices:admin/data_stream/get" data_stream_2: reserved: true @@ -1112,11 +1112,11 @@ data_stream_2: - index_patterns: - "my-data-stream2*" allowed_actions: - - "indices:admin/data_stream/get" - "indices:admin/data_stream/create" - - "indices:monitor/data_stream/stats" - "indices:admin/data_stream/delete" + - "indices:admin/data_stream/get" - "indices:admin/get" + - "indices:monitor/data_stream/stats" data_stream_3: reserved: true @@ -1129,8 +1129,8 @@ data_stream_3: - "*" allowed_actions: - "DATASTREAM_ALL" - - "indices:data/write/index" - "indices:data/write/bulk*" + - "indices:data/write/index" data_stream_4: reserved: true @@ -1163,7 +1163,23 @@ data_stream_dls_1: index_permissions: - index_patterns: - "my-data-stream11" - dls: "{\n \"bool\": {\n \"must\": {\n \"match\": {\n \"user.id\": \"8a4f500d\"\n }\n }\n }\n}" + dls: "{ + + \ \"bool\": { + + \ \"must\": { + + \ \"match\": { + + \ \"user.id\": \"8a4f500d\" + + \ } + + \ } + + \ } + + }" allowed_actions: - "read" @@ -1175,7 +1191,23 @@ data_stream_dls_2: index_permissions: - index_patterns: - "my-data-stream2*" - dls: "{\n \"bool\": {\n \"must\": {\n \"match\": {\n \"user.id\": \"8a4f500d\"\n }\n }\n }\n}" + dls: "{ + + \ \"bool\": { + + \ \"must\": { + + \ \"match\": { + + \ \"user.id\": \"8a4f500d\" + + \ } + + \ } + + \ } + + }" allowed_actions: - "read" @@ -1187,7 +1219,23 @@ data_stream_dls_3: index_permissions: - index_patterns: - "my-data-stream*" - dls: "{\n \"bool\": {\n \"must\": {\n \"match\": {\n \"user.id\": \"8a4f500d\"\n }\n }\n }\n}" + dls: "{ + + \ \"bool\": { + + \ \"must\": { + + \ \"match\": { + + \ \"user.id\": \"8a4f500d\" + + \ } + + \ } + + \ } + + }" allowed_actions: - "read" @@ -1329,12 +1377,12 @@ point_in_time_all: hidden_test: cluster_permissions: - - SGS_CLUSTER_COMPOSITE_OPS + - SGS_CLUSTER_COMPOSITE_OPS index_permissions: - - index_patterns: - - hidden_test_not_hidden - allowed_actions: - - "*" + - index_patterns: + - hidden_test_not_hidden + allowed_actions: + - "*" sem-role: reserved: true diff --git a/src/test/resources/roles_bs.yml b/src/test/resources/roles_bs.yml index a8cf55a668..9ceb20c531 100644 --- a/src/test/resources/roles_bs.yml +++ b/src/test/resources/roles_bs.yml @@ -7,32 +7,32 @@ public: hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS" + - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS" index_permissions: - - index_patterns: - - "*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:admin/mapping/put" - - "indices:admin/create" - - "indices:data/write/bulk[s]" + - index_patterns: + - "*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:admin/create" + - "indices:admin/mapping/put" + - "indices:data/write/bulk[s]" tenant_permissions: [] opendistro_security_all_access: reserved: false hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "*" - index_permissions: - - index_patterns: - "*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "ALL" + index_permissions: + - index_patterns: + - "*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "ALL" tenant_permissions: [] role_klingons1: reserved: false @@ -40,18 +40,18 @@ role_klingons1: description: "Migrated from v6 (all types mapped)" cluster_permissions: [] index_permissions: - - index_patterns: - - "test" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "*" - - index_patterns: - - "lorem" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:data/write/index" + - index_patterns: + - "test" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "*" + - index_patterns: + - "lorem" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:data/write/index" tenant_permissions: [] diff --git a/src/test/resources/roles_bulk.yml b/src/test/resources/roles_bulk.yml index 986a9853f8..a0246ded02 100644 --- a/src/test/resources/roles_bulk.yml +++ b/src/test/resources/roles_bulk.yml @@ -7,18 +7,18 @@ bulk: hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "indices:data/write/bulk" + - "indices:data/write/bulk" index_permissions: - - index_patterns: - - "*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:data/write/index" - - "indices:admin/mapping/put" - - "indices:admin/create" - - "indices:data/write/bulk[s]" + - index_patterns: + - "*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:admin/create" + - "indices:admin/mapping/put" + - "indices:data/write/bulk[s]" + - "indices:data/write/index" tenant_permissions: [] bulk_test_user_role: diff --git a/src/test/resources/roles_ccs.yml b/src/test/resources/roles_ccs.yml index 9965993add..5b9eccea25 100644 --- a/src/test/resources/roles_ccs.yml +++ b/src/test/resources/roles_ccs.yml @@ -7,7 +7,7 @@ opendistro_security_public: hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "cluster:monitor/main" + - "cluster:monitor/main" index_permissions: [] tenant_permissions: [] opendistro_security_all_access: @@ -15,14 +15,14 @@ opendistro_security_all_access: hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "cluster:monitor/main" + - "cluster:monitor/main" index_permissions: - - index_patterns: - - "*" - dls: null - fls: null - masked_fields: null - allowed_actions: - - "indices:data/read/search" - - "indices:admin/shards/search_shards" + - index_patterns: + - "*" + dls: null + fls: null + masked_fields: null + allowed_actions: + - "indices:admin/shards/search_shards" + - "indices:data/read/search" tenant_permissions: [] diff --git a/src/test/resources/security_passive/roles.yml b/src/test/resources/security_passive/roles.yml index 85795af293..85c3d270da 100644 --- a/src/test/resources/security_passive/roles.yml +++ b/src/test/resources/security_passive/roles.yml @@ -51,10 +51,10 @@ shakespeare: hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "cluster:monitor/nodes/info" - "cluster:monitor/health" - - "indices:admin/template/get" + - "cluster:monitor/nodes/info" - "indices:admin/exists" + - "indices:admin/template/get" index_permissions: - index_patterns: - "shakespeare" @@ -63,11 +63,11 @@ shakespeare: masked_fields: null allowed_actions: - "OPENDISTRO_SECURITY_READ" - - "indices:data/write/bulk*" - - "indices:admin/validate/query*" - "indices:admin/exists" - "indices:admin/get*" - "indices:admin/mappings/fields/get*" + - "indices:admin/validate/query*" + - "indices:data/write/bulk*" tenant_permissions: [] aliasmngt: reserved: false @@ -81,10 +81,10 @@ aliasmngt: fls: null masked_fields: null allowed_actions: + - "OPENDISTRO_SECURITY_CREATE_INDEX" - "indices:admin/aliases*" - - "indices:data/write/*" - "indices:data/read/*" - - "OPENDISTRO_SECURITY_CREATE_INDEX" + - "indices:data/write/*" tenant_permissions: [] transport_client: reserved: false @@ -171,8 +171,8 @@ restore: fls: null masked_fields: null allowed_actions: - - "indices:data/write/index" - "indices:admin/create" + - "indices:data/write/index" - index_patterns: - "vulcangov_restore_2a" dls: null @@ -245,8 +245,8 @@ kibana4: hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "cluster:monitor/nodes/info" - "cluster:monitor/health" + - "cluster:monitor/nodes/info" index_permissions: - index_patterns: - "*" @@ -254,11 +254,11 @@ kibana4: fls: null masked_fields: null allowed_actions: - - "indices:data/read/search-" - - "indices:data/read/msearch" - "indices:admin/get" - - "indices:admin/validate/query" - "indices:admin/mappings/fields/get" + - "indices:admin/validate/query" + - "indices:data/read/msearch" + - "indices:data/read/search-" - index_patterns: - "?kibana" dls: null @@ -427,8 +427,8 @@ kibana4_server: hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "cluster:monitor/nodes/info" - "cluster:monitor/health" + - "cluster:monitor/nodes/info" index_permissions: - index_patterns: - "?kibana" @@ -436,18 +436,18 @@ kibana4_server: fls: null masked_fields: null allowed_actions: - - "indices:data/write/index" - - "indices:data/write/delete" - - "indices:data/write/update" + - "indices:admin/create" + - "indices:admin/exists" - "indices:admin/mapping/put" - - "indices:data/read/get" + - "indices:admin/mappings/fields/get" - "indices:admin/refresh" - "indices:admin/validate/query" - - "indices:data/read/search" - - "indices:admin/mappings/fields/get" - - "indices:admin/create" - - "indices:admin/exists" + - "indices:data/read/get" - "indices:data/read/mget" + - "indices:data/read/search" + - "indices:data/write/delete" + - "indices:data/write/index" + - "indices:data/write/update" tenant_permissions: [] 557: reserved: false @@ -514,8 +514,8 @@ aliastest: fls: null masked_fields: null allowed_actions: - - "indices:data/write/*" - "indices:data/read/*" + - "indices:data/write/*" - index_patterns: - "calias-1" dls: null @@ -747,8 +747,8 @@ snapres: fls: null masked_fields: null allowed_actions: - - "indices:data/write/index" - "indices:admin/create" + - "indices:data/write/index" tenant_permissions: [] role_klingons2: reserved: false @@ -807,8 +807,8 @@ remote_marvel_agent: hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "indices:admin/template/put" - "indices:admin/template/get" + - "indices:admin/template/put" index_permissions: - index_patterns: - "?marvel-es-*" @@ -823,8 +823,8 @@ opendistro_security_kibana_server: hidden: false description: "Migrated from v6 (all types mapped)" cluster_permissions: - - "OPENDISTRO_SECURITY_CLUSTER_MONITOR" - "OPENDISTRO_SECURITY_CLUSTER_COMPOSITE_OPS" + - "OPENDISTRO_SECURITY_CLUSTER_MONITOR" - "indices:admin/template*" - "indices:data/read/scroll*" index_permissions: @@ -943,9 +943,9 @@ opendistro_security_logstash: fls: null masked_fields: null allowed_actions: - - "indices:data/write/*" - - "indices:data/read/*" - "OPENDISTRO_SECURITY_CREATE_INDEX" + - "indices:data/read/*" + - "indices:data/write/*" tenant_permissions: [] user: reserved: false @@ -1003,8 +1003,8 @@ role_foo_index: - index_patterns: - foo-index allowed_actions: - - indices:data/read/* - indices:admin/* + - indices:data/read/* - indices:monitor/* role_foo_all: cluster_permissions: @@ -1013,8 +1013,8 @@ role_foo_all: - index_patterns: - 'foo-*' allowed_actions: - - indices:data/read/* - indices:admin/* + - indices:data/read/* - indices:monitor/* xyz_sr: