diff --git a/x-pack/docs/en/rest-api/security/get-service-accounts.asciidoc b/x-pack/docs/en/rest-api/security/get-service-accounts.asciidoc index d288ab3ea1376..ff308050813af 100644 --- a/x-pack/docs/en/rest-api/security/get-service-accounts.asciidoc +++ b/x-pack/docs/en/rest-api/security/get-service-accounts.asciidoc @@ -74,7 +74,8 @@ GET /_security/service/elastic/fleet-server "metrics-*", "traces-*", "synthetics-*", - ".logs-endpoint.diagnostic.collection-*" + ".logs-endpoint.diagnostic.collection-*", + ".logs-endpoint.action.responses-*" ], "privileges": [ "write", diff --git a/x-pack/plugin/security/qa/service-account/src/javaRestTest/java/org/elasticsearch/xpack/security/authc/service/ServiceAccountIT.java b/x-pack/plugin/security/qa/service-account/src/javaRestTest/java/org/elasticsearch/xpack/security/authc/service/ServiceAccountIT.java index 26f686032a209..69f2daf4f066f 100644 --- a/x-pack/plugin/security/qa/service-account/src/javaRestTest/java/org/elasticsearch/xpack/security/authc/service/ServiceAccountIT.java +++ b/x-pack/plugin/security/qa/service-account/src/javaRestTest/java/org/elasticsearch/xpack/security/authc/service/ServiceAccountIT.java @@ -90,7 +90,8 @@ public class ServiceAccountIT extends ESRestTestCase { + " \"metrics-*\",\n" + " \"traces-*\",\n" + " \"synthetics-*\",\n" - + " \".logs-endpoint.diagnostic.collection-*\"\n" + + " \".logs-endpoint.diagnostic.collection-*\",\n" + + " \".logs-endpoint.action.responses-*\"\n" + " ],\n" + " \"privileges\": [\n" + " \"write\",\n" diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/service/ElasticServiceAccounts.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/service/ElasticServiceAccounts.java index 50b3d2fb82c59..712f131b0d12e 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/service/ElasticServiceAccounts.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/service/ElasticServiceAccounts.java @@ -29,7 +29,14 @@ final class ElasticServiceAccounts { new String[] { "monitor", "manage_own_api_key" }, new RoleDescriptor.IndicesPrivileges[] { RoleDescriptor.IndicesPrivileges.builder() - .indices("logs-*", "metrics-*", "traces-*", "synthetics-*", ".logs-endpoint.diagnostic.collection-*") + .indices( + "logs-*", + "metrics-*", + "traces-*", + "synthetics-*", + ".logs-endpoint.diagnostic.collection-*", + ".logs-endpoint.action.responses-*" + ) .privileges("write", "create_index", "auto_configure") .build(), RoleDescriptor.IndicesPrivileges.builder() diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/service/ElasticServiceAccountsTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/service/ElasticServiceAccountsTests.java index 48e572cd27642..65e68f97fc95f 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/service/ElasticServiceAccountsTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/service/ElasticServiceAccountsTests.java @@ -158,7 +158,8 @@ public void testElasticFleetServerPrivileges() { "metrics-" + randomAlphaOfLengthBetween(1, 20), "traces-" + randomAlphaOfLengthBetween(1, 20), "synthetics-" + randomAlphaOfLengthBetween(1, 20), - ".logs-endpoint.diagnostic.collection-" + randomAlphaOfLengthBetween(1, 20) + ".logs-endpoint.diagnostic.collection-" + randomAlphaOfLengthBetween(1, 20), + ".logs-endpoint.action.responses-" + randomAlphaOfLengthBetween(1, 20) ).stream().map(this::mockIndexAbstraction).forEach(index -> { assertThat(role.indices().allowedIndicesMatcher(AutoPutMappingAction.NAME).test(index), is(true)); assertThat(role.indices().allowedIndicesMatcher(AutoCreateAction.NAME).test(index), is(true));