From d9d030021a89f27a980ced72d3739b8bc485c9d0 Mon Sep 17 00:00:00 2001 From: Khristinin Nikita Date: Thu, 25 May 2023 15:50:27 +0200 Subject: [PATCH 1/4] Add risk_score indexes for kibana_system_user --- .../xpack/core/security/authz/store/ReservedRolesStore.java | 3 ++- .../core/security/authz/store/ReservedRolesStoreTests.java | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java index d6a941a8bffd8..4204b9ea75fb5 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java @@ -924,7 +924,8 @@ public static RoleDescriptor kibanaSystemRoleDescriptor(String name) { "logs-cloud_security_posture.vulnerabilities_latest-default*" ) .privileges("create_index", "read", "index", "delete", IndicesAliasesAction.NAME, UpdateSettingsAction.NAME) - .build() }, + .build(), + RoleDescriptor.IndicesPrivileges.builder().indices("risk-score.risk-*").privileges("all").build() }, null, new ConfigurableClusterPrivilege[] { new ManageApplicationPrivileges(Set.of("kibana-*")), diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java index 9c51cdb8c9772..251a7be849557 100644 --- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java @@ -1245,6 +1245,10 @@ public void testKibanaSystemRole() { is(true) ); }); + + Arrays.asList( + "risk-score.risk-score-" + randomAlphaOfLength(randomIntBetween(0, 13)), + ).forEach(index -> assertAllIndicesAccessAllowed(kibanaRole, index)); } public void testKibanaAdminRole() { From f0c4cf51dcd3073f2a874cdaaadeda51401cab24 Mon Sep 17 00:00:00 2001 From: Khristinin Nikita Date: Fri, 26 May 2023 14:09:16 +0200 Subject: [PATCH 2/4] Fix typeo --- .../core/security/authz/store/ReservedRolesStoreTests.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java index 251a7be849557..beb51445a78f0 100644 --- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java @@ -1247,7 +1247,7 @@ public void testKibanaSystemRole() { }); Arrays.asList( - "risk-score.risk-score-" + randomAlphaOfLength(randomIntBetween(0, 13)), + "risk-score.risk-score-" + randomAlphaOfLength(randomIntBetween(0, 13)) ).forEach(index -> assertAllIndicesAccessAllowed(kibanaRole, index)); } From c0f2d5488e118a44a58165e3c16457eacf8f80ed Mon Sep 17 00:00:00 2001 From: Khristinin Nikita Date: Fri, 26 May 2023 14:21:46 +0200 Subject: [PATCH 3/4] Java fix --- .../core/security/authz/store/ReservedRolesStoreTests.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java index beb51445a78f0..9e8eaa26ab2f5 100644 --- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java @@ -1248,7 +1248,7 @@ public void testKibanaSystemRole() { Arrays.asList( "risk-score.risk-score-" + randomAlphaOfLength(randomIntBetween(0, 13)) - ).forEach(index -> assertAllIndicesAccessAllowed(kibanaRole, index)); + ).forEach(indexName -> assertAllIndicesAccessAllowed(kibanaRole, indexName)); } public void testKibanaAdminRole() { From 386b2e641e979b4ba9db9dabfd4e283f6afc0d76 Mon Sep 17 00:00:00 2001 From: Khristinin Nikita Date: Tue, 6 Jun 2023 12:47:47 +0200 Subject: [PATCH 4/4] Change formatting --- .../core/security/authz/store/ReservedRolesStoreTests.java | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java index 9e8eaa26ab2f5..a35a8fbf47210 100644 --- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java @@ -1246,9 +1246,8 @@ public void testKibanaSystemRole() { ); }); - Arrays.asList( - "risk-score.risk-score-" + randomAlphaOfLength(randomIntBetween(0, 13)) - ).forEach(indexName -> assertAllIndicesAccessAllowed(kibanaRole, indexName)); + Arrays.asList("risk-score.risk-score-" + randomAlphaOfLength(randomIntBetween(0, 13))) + .forEach(indexName -> assertAllIndicesAccessAllowed(kibanaRole, indexName)); } public void testKibanaAdminRole() {