Skip to content

Commit

Permalink
Merge branch 'main' of github.com:elastic/kibana into oaia-show-conve…
Browse files Browse the repository at this point in the history 
…rsations-in-flyout
  • Loading branch information
@miltonhultgren
miltonhultgren committed Jan 22, 2024
2 parents cdc372a + 22a365f commit 2a3c089
Show file tree
Hide file tree
Showing 128 changed files with 3,016 additions and 879 deletions.
2 changes: 2 additions & 0 deletions packages/kbn-es/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,5 +16,7 @@ export {
getDockerFileMountPath,
verifyDockerInstalled,
maybeCreateDockerNetwork,
type ServerlessProjectType,
} from './src/utils';
export type { ArtifactLicense } from './src/artifact';
export { SERVERLESS_ROLES_ROOT_PATH } from './src/paths';
6 changes: 4 additions & 2 deletions packages/kbn-es/src/paths.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,10 @@ export const SERVERLESS_SERVICE_TOKENS_PATH = resolve(
export const SERVERLESS_USERS_PATH = resolve(__dirname, './serverless_resources/users');
export const SERVERLESS_USERS_ROLES_PATH = resolve(__dirname, './serverless_resources/users_roles');

export const SERVERLESS_ROLES_PATH = resolve(__dirname, './serverless_resources/roles.yml');
export const SERVERLESS_ROLES_ROOT_PATH = resolve(
__dirname,
'./serverless_resources/project_roles'
);
export const SERVERLESS_ROLE_MAPPING_PATH = resolve(
__dirname,
'./serverless_resources/role_mapping.yml'
Expand All @@ -57,7 +60,6 @@ export const SERVERLESS_IDP_METADATA_PATH = resolve(REPO_ROOT, '.es', 'idp_metad
export const SERVERLESS_RESOURCES_PATHS = [
SERVERLESS_OPERATOR_USERS_PATH,
SERVERLESS_ROLE_MAPPING_PATH,
SERVERLESS_ROLES_PATH,
SERVERLESS_SERVICE_TOKENS_PATH,
SERVERLESS_USERS_PATH,
SERVERLESS_USERS_ROLES_PATH,
Expand Down
2 changes: 1 addition & 1 deletion packages/kbn-es/src/serverless_resources/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ The resources in this directory are used for seeding Elasticsearch Serverless im

## Roles

Roles defined in `roles.yml` intended to mock a Serverless deployment. It must be in sync with `project-controller` defined roles and used in real (MKI) environments. In case of some differences tests may pass against Serverless snapshot environment but fail against MKI environments creating confusion.
Roles are defined in `roles.yml` for each project under 'es' | 'oblt' | 'security' folder respectively and intended to mock a Serverless deployment. It must be in sync with `project-controller` defined roles and used in real (MKI) environments. In case of some differences tests may pass against Serverless snapshot environment but fail against MKI environments creating confusion.

### Why `security_roles.json` is here?

Expand Down
43 changes: 43 additions & 0 deletions packages/kbn-es/src/serverless_resources/project_roles/es/roles.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
# temporarily added for testing purpose
system_indices_superuser:
cluster: ['all']
indices:
- names: ['*']
privileges: ['all']
allow_restricted_indices: true
applications:
- application: '*'
privileges: ['*']
resources: ['*']
run_as: ['*']

# -----
# Source: https://github.com/elastic/project-controller/blob/main/internal/project/esproject/config/roles.yml
# -----
viewer:
cluster: ['manage_own_api_key', 'read_pipeline']
indices:
- names:
- '*'
privileges:
- 'read'
- 'view_index_metadata'
applications:
- application: 'kibana-.kibana'
privileges:
- 'read'
resources:
- '*'
developer:
cluster: ['all']
indices:
- names:
- '*'
privileges:
- 'all'
applications:
- application: 'kibana-.kibana'
privileges:
- 'all'
resources:
- '*'
91 changes: 91 additions & 0 deletions packages/kbn-es/src/serverless_resources/project_roles/oblt/roles.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
# temporarily added for testing purpose
system_indices_superuser:
cluster: ['all']
indices:
- names: ['*']
privileges: ['all']
allow_restricted_indices: true
applications:
- application: '*'
privileges: ['*']
resources: ['*']
run_as: ['*']

# -----
# Source: https://github.com/elastic/project-controller/blob/main/internal/project/security/config/roles.yml
# -----
viewer:
cluster: []
indices:
- names:
- '/~(([.]|ilm-history-).*)/'
privileges:
- 'read'
- 'view_index_metadata'
allow_restricted_indices: false
- names:
- '.siem-signals*'
- '.lists-*'
- '.items-*'
privileges:
- 'read'
- 'view_index_metadata'
allow_restricted_indices: false
- names:
- '.alerts*'
- '.preview.alerts*'
privileges:
- 'read'
- 'view_index_metadata'
allow_restricted_indices: false
applications:
- application: 'kibana-.kibana'
privileges:
- 'read'
resources:
- '*'
run_as: []
editor:
cluster: []
indices:
- names:
- '/~(([.]|ilm-history-).*)/'
privileges:
- 'read'
- 'view_index_metadata'
allow_restricted_indices: false
- names:
- 'observability-annotations'
privileges:
- 'read'
- 'view_index_metadata'
- 'write'
allow_restricted_indices: false
- names:
- '.siem-signals*'
- '.lists-*'
- '.items-*'
privileges:
- 'read'
- 'view_index_metadata'
- 'write'
- 'maintenance'
allow_restricted_indices: false
- names:
- '.internal.alerts*'
- '.alerts*'
- '.internal.preview.alerts*'
- '.preview.alerts*'
privileges:
- 'read'
- 'view_index_metadata'
- 'write'
- 'maintenance'
allow_restricted_indices: false
applications:
- application: 'kibana-.kibana'
privileges:
- 'all'
resources:
- '*'
run_as: []
Loading

0 comments on commit 2a3c089

Please sign in to comment.