-
Notifications
You must be signed in to change notification settings - Fork 274
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
roles yml changes for security-analytics plugin #2192
roles yml changes for security-analytics plugin #2192
Conversation
Signed-off-by: Raj Chakravarthi <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for creating this pull request, can you please fill in the pull request description for this change?
Biggest unknown for me is where the design usage of these permissions, would love to get more details on this. Please link associated issues/documents about this plugin.
…l order Signed-off-by: Raj Chakravarthi <[email protected]>
Signed-off-by: Raj Chakravarthi <[email protected]>
71e5115
to
82e2716
Compare
- 'cluster:admin/opensearch/securityanalytics/mapping/view/get' | ||
- 'cluster:admin/opensearch/securityanalytics/rule/get' | ||
- 'cluster:admin/opensearch/securityanalytics/rule/search' | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lets also add security_analytics_ack_alerts
for the security operators to be able to acknowledge alerts with cluster permission as:
cluster_permissions:
- 'cluster:admin/opendistro/securityanalytics/alerts/*'
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done as opensearch not opendistro to be consistent with the rest
- index_patterns: | ||
- '*' | ||
allowed_actions: | ||
- 'indices:admin/mapping/put' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How about indices:admin/mappings/get
? Also are there more permissions such as for aliases that might be needed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done and tested.
…e allowed action Signed-off-by: Raj Chakravarthi <[email protected]>
Signed-off-by: Raj Chakravarthi <[email protected]>
This looks unrelated to this change, need to see if there is a new failure from main |
Codecov Report
@@ Coverage Diff @@
## main #2192 +/- ##
============================================
- Coverage 61.14% 61.02% -0.12%
- Complexity 3266 3267 +1
============================================
Files 259 259
Lines 18335 18335
Branches 3248 3248
============================================
- Hits 11211 11189 -22
- Misses 5535 5561 +26
+ Partials 1589 1585 -4
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for making these updates, merging!
Note; the BWC issue is on main, merging this despite BWC failures since they were not impacted |
The backport to
To backport manually, run these commands in your terminal: # Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-2.x 2.x
# Navigate to the new working tree
cd .worktrees/backport-2.x
# Create a new branch
git switch --create backport/backport-2192-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 89a11c5a165d9fc1a5412a3c2369d3b27869b305
# Push it to GitHub
git push --set-upstream origin backport/backport-2192-to-2.x
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-2.x Then, create a pull request where the |
The backport to
To backport manually, run these commands in your terminal: # Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-2.4 2.4
# Navigate to the new working tree
cd .worktrees/backport-2.4
# Create a new branch
git switch --create backport/backport-2192-to-2.4
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 89a11c5a165d9fc1a5412a3c2369d3b27869b305
# Push it to GitHub
git push --set-upstream origin backport/backport-2192-to-2.4
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-2.4 Then, create a pull request where the |
) * roles yml changes for security-analytics plugin Signed-off-by: Raj Chakravarthi <[email protected]> Signed-off-by: Raj Chakravarthi <[email protected]> (cherry picked from commit 89a11c5)
) * roles yml changes for security-analytics plugin Signed-off-by: Raj Chakravarthi <[email protected]> Signed-off-by: Raj Chakravarthi <[email protected]> (cherry picked from commit 89a11c5)
* roles yml changes for security-analytics plugin Signed-off-by: Raj Chakravarthi <[email protected]> Signed-off-by: Raj Chakravarthi <[email protected]> (cherry picked from commit 89a11c5) Co-authored-by: Peter Nied <[email protected]>
) * roles yml changes for security-analytics plugin Signed-off-by: Raj Chakravarthi <[email protected]> Signed-off-by: Raj Chakravarthi <[email protected]> Signed-off-by: Stephen Crawford <[email protected]>
* roles yml changes for security-analytics plugin Signed-off-by: Raj Chakravarthi <[email protected]> (cherry picked from commit 89a11c5)
) (opensearch-project#2222) * roles yml changes for security-analytics plugin Signed-off-by: Raj Chakravarthi <[email protected]> (cherry picked from commit 89a11c5)
Signed-off-by: Raj Chakravarthi [email protected]
Description
Added entries in roles.yml for cluster permissions to security-analytics plugin end points
Added default roles configuration required for
security-analytics
pluginIssues Resolved
opensearch-project/security-analytics#50
Is this a backport? If so, please add backport PR # and/or commits #
Testing
[Please provide details of testing done: unit testing, integration testing and manual testing]
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.