Removing the ability to get/put roles

elastic · Jun 8, 2018 · 5e4c27e · 5e4c27e
1 parent 5550955
commit 5e4c27e
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 9 deletions.
diff --git a/...e/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java b/...e/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java
@@ -83,8 +83,6 @@ private static Map<String, RoleDescriptor> initializeReservedRoles() {
                             "monitor", "manage_index_templates", MonitoringBulkAction.NAME, "manage_saml",
                             "cluster:admin/xpack/security/privilege/get",
                             "cluster:admin/xpack/security/privilege/put",
-                            "cluster:admin/xpack/security/role/get",
-                            "cluster:admin/xpack/security/role/put"
                         },
                         new RoleDescriptor.IndicesPrivileges[] {
                                 RoleDescriptor.IndicesPrivileges.builder().indices(".kibana*", ".reporting-*").privileges("all").build(),

diff --git a/.../test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java b/.../test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java
@@ -78,9 +78,6 @@
 import org.elasticsearch.xpack.core.security.action.privilege.DeletePrivilegesAction;
 import org.elasticsearch.xpack.core.security.action.privilege.GetPrivilegesAction;
 import org.elasticsearch.xpack.core.security.action.privilege.PutPrivilegesAction;
-import org.elasticsearch.xpack.core.security.action.role.ClearRolesCacheAction;
-import org.elasticsearch.xpack.core.security.action.role.DeleteRoleAction;
-import org.elasticsearch.xpack.core.security.action.role.GetRolesAction;
 import org.elasticsearch.xpack.core.security.action.role.PutRoleAction;
 import org.elasticsearch.xpack.core.security.action.saml.SamlAuthenticateAction;
 import org.elasticsearch.xpack.core.security.action.saml.SamlPrepareAuthenticationAction;
@@ -192,10 +189,6 @@ public void testKibanaSystemRole() {
         assertThat(kibanaRole.cluster().check(DeletePrivilegesAction.NAME), is(false));
         assertThat(kibanaRole.cluster().check(GetPrivilegesAction.NAME), is(true));
         assertThat(kibanaRole.cluster().check(PutPrivilegesAction.NAME), is(true));
-        assertThat(kibanaRole.cluster().check(ClearRolesCacheAction.NAME), is(false));
-        assertThat(kibanaRole.cluster().check(DeleteRoleAction.NAME), is(false));
-        assertThat(kibanaRole.cluster().check(GetRolesAction.NAME), is(true));
-        assertThat(kibanaRole.cluster().check(PutRoleAction.NAME), is(true));
 
 
         // Everything else