From 55e7c27130574382565521f826cef60e7596faa6 Mon Sep 17 00:00:00 2001 From: Davis Plumlee Date: Mon, 15 Nov 2021 17:35:35 -0500 Subject: [PATCH] adds preview index to reserved roles --- .../xpack/core/security/authz/store/ReservedRolesStore.java | 4 ++++ .../core/security/authz/store/ReservedRolesStoreTests.java | 3 ++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java index b1f65884d5641..1d578fbdc2edd 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java @@ -42,6 +42,7 @@ public class ReservedRolesStore implements BiConsumer, ActionListene public static final String ALERTS_LEGACY_INDEX = ".siem-signals*"; public static final String ALERTS_BACKING_INDEX = ".internal.alerts*"; public static final String ALERTS_INDEX_ALIAS = ".alerts*"; + public static final String PREVIEW_ALERTS_INDEX_ALIAS = ".preview.alerts*"; public static final RoleDescriptor SUPERUSER_ROLE_DESCRIPTOR = new RoleDescriptor( "superuser", @@ -674,6 +675,9 @@ public static RoleDescriptor kibanaSystemRoleDescriptor(String name) { // "Alerts as data" public index aliases used in Security Solution, Observability, etc. // Kibana system user uses them to read / write alerts. RoleDescriptor.IndicesPrivileges.builder().indices(ReservedRolesStore.ALERTS_INDEX_ALIAS).privileges("all").build(), + // "Alerts as data" public index alias used in Security Solution + // Kibana system user uses them to read / write alerts. + RoleDescriptor.IndicesPrivileges.builder().indices(ReservedRolesStore.PREVIEW_ALERTS_INDEX_ALIAS).privileges("all").build(), // Endpoint / Fleet policy responses. Kibana requires read access to send telemetry RoleDescriptor.IndicesPrivileges.builder().indices("metrics-endpoint.policy-*").privileges("read").build(), // Endpoint metrics. Kibana requires read access to send telemetry diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java index d8f961bf3f7be..c3f1c05141254 100644 --- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java @@ -464,7 +464,8 @@ public void testKibanaSystemRole() { ".apm-custom-link", ReservedRolesStore.ALERTS_LEGACY_INDEX + randomAlphaOfLength(randomIntBetween(0, 13)), ReservedRolesStore.ALERTS_BACKING_INDEX + randomAlphaOfLength(randomIntBetween(0, 13)), - ReservedRolesStore.ALERTS_INDEX_ALIAS + randomAlphaOfLength(randomIntBetween(0, 13)) + ReservedRolesStore.ALERTS_INDEX_ALIAS + randomAlphaOfLength(randomIntBetween(0, 13)), + ReservedRolesStore.PREVIEW_ALERTS_INDEX_ALIAS + randomAlphaOfLength(randomIntBetween(0, 13)) ).forEach(index -> assertAllIndicesAccessAllowed(kibanaRole, index)); // read-only index access, including cross cluster