Point in time API security changes (opensearch-project#2033) (opensea…

…rch-project#2037) Signed-off-by: Bharathwaj G <bharath78910@gmail.com> (cherry picked from commit 6b7a586) Co-authored-by: Bharathwaj G <58062316+bharath-techie@users.noreply.github.com>
ochprince · Aug 22, 2022 · 2f2c400 · 2f2c400
1 parent 706a732
commit 2f2c400
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 4 deletions.
diff --git a/src/main/resources/static_config/static_action_groups.yml b/src/main/resources/static_config/static_action_groups.yml
@@ -116,7 +116,6 @@ cluster_composite_ops:
  - "indices:admin/aliases*"
  - "indices:data/write/reindex"
  - "cluster_composite_ops_ro"
- - "indices:data/read/point_in_time/delete"
  type: "cluster"
  description: "Allow read/write bulk and m* operations"
 cluster_composite_ops_ro:
@@ -131,8 +130,6 @@ cluster_composite_ops_ro:
  - "indices:admin/aliases/get*"
  - "indices:data/read/scroll"
  - "indices:admin/resolve/index"
- - "indices:data/read/point_in_time/read*"
- - "indices:data/read/point_in_time/create"
  type: "cluster"
  description: "Allow readonly bulk and m* operations"
 get:
@@ -230,3 +227,14 @@ manage_data_streams:
  - "indices:monitor/data_stream/stats"
  type: "index"
  description: "Manage data streams"
+manage_point_in_time:
+ reserved: true
+ hidden: false
+ static: true
+ allowed_actions:
+ - "indices:data/read/point_in_time/create"
+ - "cluster:admin/point_in_time/delete"
+ - "cluster:admin/point_in_time/read*"
+ - "indices:monitor/point_in_time/segments"
+ type: "cluster"
+ description: "Manage point in time actions"
diff --git a/src/main/resources/static_config/static_roles.yml b/src/main/resources/static_config/static_roles.yml
@@ -85,9 +85,9 @@ kibana_server:
  cluster_permissions:
  - "cluster_monitor"
  - "cluster_composite_ops"
+ - "manage_point_in_time"
  - "indices:admin/template*"
  - "indices:data/read/scroll*"
- - "indices:data/read/point_in_time*"
  index_permissions:
  - index_patterns:
  - ".kibana"