Skip to content

Commit

Permalink
Give kibana user privileges to create APM agent config index (elastic…
Browse files Browse the repository at this point in the history
…#46765) (elastic#46793)

* Give kibana user reserved role privileges on .apm-* to create APM agent configuration index.

* fixed test to include checking all .apm-* permissions

* changed pattern from ".apm-*" to the more specific ".apm-agent-configuration"
  • Loading branch information
ogupte authored Sep 17, 2019
1 parent 84859b2 commit 85ce1c7
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,9 @@ private static Map<String, RoleDescriptor> initializeReservedRoles() {
// .code_internal-* is for Code's internal worker queue index creation.
RoleDescriptor.IndicesPrivileges.builder()
.indices(".code-*", ".code_internal-*").privileges("all").build(),
// .apm-* is for APM's agent configuration index creation
RoleDescriptor.IndicesPrivileges.builder()
.indices(".apm-agent-configuration").privileges("all").build(),
},
null,
new ConfigurableClusterPrivilege[] { new ManageApplicationPrivileges(Collections.singleton("kibana-*")) },
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -334,7 +334,12 @@ public void testKibanaSystemRole() {
assertThat(kibanaRole.indices().allowedIndicesMatcher(IndexAction.NAME).test(".reporting"), is(false));
assertThat(kibanaRole.indices().allowedIndicesMatcher("indices:foo").test(randomAlphaOfLengthBetween(8, 24)), is(false));

Arrays.asList(".kibana", ".kibana-devnull", ".reporting-" + randomAlphaOfLength(randomIntBetween(0, 13))).forEach((index) -> {
Arrays.asList(
".kibana",
".kibana-devnull",
".reporting-" + randomAlphaOfLength(randomIntBetween(0, 13)),
".apm-agent-configuration"
).forEach((index) -> {
logger.info("index name [{}]", index);
assertThat(kibanaRole.indices().allowedIndicesMatcher("indices:foo").test(index), is(true));
assertThat(kibanaRole.indices().allowedIndicesMatcher("indices:bar").test(index), is(true));
Expand Down

0 comments on commit 85ce1c7

Please sign in to comment.