roles yml changes for security-analytics plugin #2192
Conversation
Signed-off-by: Raj Chakravarthi <[email protected]>
There was a problem hiding this comment.
Thanks for creating this pull request, can you please fill in the pull request description for this change?
Biggest unknown for me is where the design usage of these permissions, would love to get more details on this. Please link associated issues/documents about this plugin.
…l order Signed-off-by: Raj Chakravarthi <[email protected]>
Signed-off-by: Raj Chakravarthi <[email protected]>
raj-chak
force-pushed
the
roles_yml_for_detectors
branch
from
71e5115
to
82e2716
Compare
| - 'cluster:admin/opensearch/securityanalytics/mapping/view/get' | ||
| - 'cluster:admin/opensearch/securityanalytics/rule/get' | ||
| - 'cluster:admin/opensearch/securityanalytics/rule/search' | ||
|
|
There was a problem hiding this comment.
Lets also add security_analytics_ack_alerts for the security operators to be able to acknowledge alerts with cluster permission as:
cluster_permissions:
- 'cluster:admin/opendistro/securityanalytics/alerts/*'
There was a problem hiding this comment.
done as opensearch not opendistro to be consistent with the rest
| - index_patterns: | ||
| - '*' | ||
| allowed_actions: | ||
| - 'indices:admin/mapping/put' |
There was a problem hiding this comment.
How about indices:admin/mappings/get ? Also are there more permissions such as for aliases that might be needed?
…e allowed action Signed-off-by: Raj Chakravarthi <[email protected]>
Signed-off-by: Raj Chakravarthi <[email protected]>
peternied
added
backport 2.x
This looks unrelated to this change, need to see if there is a new failure from main |
Codecov Report
@@ Coverage Diff @@
## main #2192 +/- ##
============================================
- Coverage 61.14% 61.02% -0.12%
- Complexity 3266 3267 +1
============================================
Files 259 259
Lines 18335 18335
Branches 3248 3248
============================================
- Hits 11211 11189 -22
- Misses 5535 5561 +26
+ Partials 1589 1585 -4
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
|
Note; the BWC issue is on main, merging this despite BWC failures since they were not impacted |
|
The backport to To backport manually, run these commands in your terminal: # Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-2.x 2.x
# Navigate to the new working tree
cd .worktrees/backport-2.x
# Create a new branch
git switch --create backport/backport-2192-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 89a11c5a165d9fc1a5412a3c2369d3b27869b305
# Push it to GitHub
git push --set-upstream origin backport/backport-2192-to-2.x
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-2.xThen, create a pull request where the |
|
The backport to To backport manually, run these commands in your terminal: # Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-2.4 2.4
# Navigate to the new working tree
cd .worktrees/backport-2.4
# Create a new branch
git switch --create backport/backport-2192-to-2.4
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 89a11c5a165d9fc1a5412a3c2369d3b27869b305
# Push it to GitHub
git push --set-upstream origin backport/backport-2192-to-2.4
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-2.4Then, create a pull request where the |
) * roles yml changes for security-analytics plugin Signed-off-by: Raj Chakravarthi <[email protected]> Signed-off-by: Raj Chakravarthi <[email protected]> (cherry picked from commit 89a11c5)
) * roles yml changes for security-analytics plugin Signed-off-by: Raj Chakravarthi <[email protected]> Signed-off-by: Raj Chakravarthi <[email protected]> (cherry picked from commit 89a11c5)
* roles yml changes for security-analytics plugin Signed-off-by: Raj Chakravarthi <[email protected]> Signed-off-by: Raj Chakravarthi <[email protected]> (cherry picked from commit 89a11c5) Co-authored-by: Peter Nied <[email protected]>
) * roles yml changes for security-analytics plugin Signed-off-by: Raj Chakravarthi <[email protected]> Signed-off-by: Raj Chakravarthi <[email protected]> Signed-off-by: Stephen Crawford <[email protected]>
* roles yml changes for security-analytics plugin Signed-off-by: Raj Chakravarthi <[email protected]> (cherry picked from commit 89a11c5)
) (opensearch-project#2222) * roles yml changes for security-analytics plugin Signed-off-by: Raj Chakravarthi <[email protected]> (cherry picked from commit 89a11c5)
Signed-off-by: Raj Chakravarthi [email protected]
Description
Added entries in roles.yml for cluster permissions to security-analytics plugin end points
Added default roles configuration required for
security-analyticspluginIssues Resolved
opensearch-project/security-analytics#50
Is this a backport? If so, please add backport PR # and/or commits #
Testing
[Please provide details of testing done: unit testing, integration testing and manual testing]
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.