maxmustermann/kibana
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

[Fleet] Reduce permissions. (#90302)

Browse source 
* Reduce permissions.

* Change permissions back.

* Reducing permissions on fleet_enroll role

- 'write', 'create_index' -> 'auto_configure', 'create_doc'

* Remove indices:admin/auto_create from privileges.
This commit is contained in:
Sonja Krause-Harder 2021-02-11 09:33:51 +01:00 committed by GitHub
parent 57d9dd1419
commit 9870ade971
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 10 additions and 53 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
x-pack/plugins/fleet/server/services/api_keys/index.ts
View file

@ -22,17 +22,8 @@ export async function generateOutputApiKey(
cluster: ['monitor'],
index: [
{
names: [
'logs-*',
'metrics-*',
'traces-*',
'.ds-logs-*',
'.ds-metrics-*',
'.ds-traces-*',
'.logs-endpoint.diagnostic.collection-*',
'.ds-.logs-endpoint.diagnostic.collection-*',
],
privileges: ['write', 'create_index', 'indices:admin/auto_create'],
names: ['logs-*', 'metrics-*', 'traces-*', '.logs-endpoint.diagnostic.collection-*'],
privileges: ['auto_configure', 'create_doc'],
},
],
},

13
x-pack/plugins/fleet/server/services/setup.ts
View file

@ -192,17 +192,8 @@ async function putFleetRole(callCluster: CallESAsCurrentUser) {
cluster: ['monitor', 'manage_api_key'],
indices: [
{
names: [
'logs-*',
'metrics-*',
'traces-*',
'.ds-logs-*',
'.ds-metrics-*',
'.ds-traces-*',
'.logs-endpoint.diagnostic.collection-*',
'.ds-.logs-endpoint.diagnostic.collection-*',
],
privileges: ['write', 'create_index', 'indices:admin/auto_create'],
names: ['logs-*', 'metrics-*', 'traces-*', '.logs-endpoint.diagnostic.collection-*'],
privileges: ['auto_configure', 'create_doc'],
},
],
},

13
x-pack/test/fleet_api_integration/apis/agents_setup.ts
View file

@ -60,17 +60,8 @@ export default function (providerContext: FtrProviderContext) {
cluster: ['monitor', 'manage_api_key'],
indices: [
{
names: [
'logs-*',
'metrics-*',
'traces-*',
'.ds-logs-*',
'.ds-metrics-*',
'.ds-traces-*',
'.logs-endpoint.diagnostic.collection-*',
'.ds-.logs-endpoint.diagnostic.collection-*',
],
privileges: ['write', 'create_index', 'indices:admin/auto_create'],
names: ['logs-*', 'metrics-*', 'traces-*', '.logs-endpoint.diagnostic.collection-*'],
privileges: ['auto_configure', 'create_doc'],
allow_restricted_indices: false,
},
],

24
x-pack/test/fleet_api_integration/apis/fleet_setup.ts
View file

@ -62,15 +62,8 @@ export default function (providerContext: FtrProviderContext) {
cluster: ['monitor', 'manage_api_key'],
indices: [
{
names: [
'logs-*',
'metrics-*',
'traces-*',
'.ds-logs-*',
'.ds-metrics-*',
'.ds-traces-*',
],
privileges: ['write', 'create_index', 'indices:admin/auto_create'],
names: ['logs-*', 'metrics-*', 'traces-*'],
privileges: ['create_doc', 'indices:admin/auto_create'],
allow_restricted_indices: false,
},
],
@ -101,17 +94,8 @@ export default function (providerContext: FtrProviderContext) {
cluster: ['monitor', 'manage_api_key'],
indices: [
{
names: [
'logs-*',
'metrics-*',
'traces-*',
'.ds-logs-*',
'.ds-metrics-*',
'.ds-traces-*',
'.logs-endpoint.diagnostic.collection-*',
'.ds-.logs-endpoint.diagnostic.collection-*',
],
privileges: ['write', 'create_index', 'indices:admin/auto_create'],
names: ['logs-*', 'metrics-*', 'traces-*', '.logs-endpoint.diagnostic.collection-*'],
privileges: ['auto_configure', 'create_doc'],
allow_restricted_indices: false,
},
],