From c03a4b1bc4eb86ba8fd48e86bf91c43dbf44f43c Mon Sep 17 00:00:00 2001 From: chrisronline Date: Fri, 2 Apr 2021 09:53:32 -0400 Subject: [PATCH 1/2] Add ability for monitoring_user role to read from metricbeat-* --- .../xpack/core/security/authz/store/ReservedRolesStore.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java index 173bbffaacdf3..2fffa17125e57 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java @@ -61,9 +61,9 @@ private static Map initializeReservedRoles() { .put("monitoring_user", new RoleDescriptor("monitoring_user", new String[] { "cluster:monitor/main", "cluster:monitor/xpack/info", RemoteInfoAction.NAME }, new RoleDescriptor.IndicesPrivileges[] { - RoleDescriptor.IndicesPrivileges.builder() - .indices(".monitoring-*").privileges("read", "read_cross_cluster").build() - }, + RoleDescriptor.IndicesPrivileges.builder().indices(".monitoring-*").privileges("read", "read_cross_cluster").build(), + RoleDescriptor.IndicesPrivileges.builder() + .indices("metricbeat-*").privileges("read", "read_cross_cluster").build() }, new RoleDescriptor.ApplicationResourcePrivileges[] { RoleDescriptor.ApplicationResourcePrivileges.builder() .application("kibana-*").resources("*").privileges("reserved_monitoring").build() From f926fbba46872140771ad543e4a6fa118bdd9e66 Mon Sep 17 00:00:00 2001 From: chrisronline Date: Fri, 2 Apr 2021 10:24:58 -0400 Subject: [PATCH 2/2] Fix style --- .../xpack/core/security/authz/store/ReservedRolesStore.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java index 2fffa17125e57..5a4d79f97ce11 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java @@ -61,9 +61,10 @@ private static Map initializeReservedRoles() { .put("monitoring_user", new RoleDescriptor("monitoring_user", new String[] { "cluster:monitor/main", "cluster:monitor/xpack/info", RemoteInfoAction.NAME }, new RoleDescriptor.IndicesPrivileges[] { - RoleDescriptor.IndicesPrivileges.builder().indices(".monitoring-*").privileges("read", "read_cross_cluster").build(), RoleDescriptor.IndicesPrivileges.builder() - .indices("metricbeat-*").privileges("read", "read_cross_cluster").build() }, + .indices(".monitoring-*").privileges("read", "read_cross_cluster").build(), + RoleDescriptor.IndicesPrivileges.builder() + .indices("metricbeat-*").privileges("read", "read_cross_cluster").build() }, new RoleDescriptor.ApplicationResourcePrivileges[] { RoleDescriptor.ApplicationResourcePrivileges.builder() .application("kibana-*").resources("*").privileges("reserved_monitoring").build()