Skip to content

Commit

Permalink
Synchronize all permissions from latest OpenSearch (#1333)
Browse files Browse the repository at this point in the history
We've noticed there are some permissions in OpenSearch that are not included in the UX dropdown of the security-dashboards-plugin

Signed-off-by: Peter Nied <[email protected]>
Co-authored-by: Craig Perkins <[email protected]>
  • Loading branch information
peternied and cwperks authored Feb 20, 2023
1 parent d5441b2 commit e5c0588
Showing 1 changed file with 37 additions and 0 deletions.
37 changes: 37 additions & 0 deletions public/apps/configuration/constants.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -30,11 +30,27 @@ export const API_ENDPOINT_PERMISSIONS_INFO = API_PREFIX + '/restapiinfo';
export const API_ENDPOINT_CACHE = API_ENDPOINT + '/cache';

export const CLUSTER_PERMISSIONS: string[] = [
'cluster:admin/component_template/delete',
'cluster:admin/component_template/get',
'cluster:admin/component_template/put',
'cluster:admin/decommission/awareness/delete',
'cluster:admin/decommission/awareness/get',
'cluster:admin/decommission/awareness/put',
'cluster:admin/indices/dangling/delete',
'cluster:admin/indices/dangling/find',
'cluster:admin/indices/dangling/import',
'cluster:admin/indices/dangling/list',
'cluster:admin/ingest/pipeline/delete',
'cluster:admin/ingest/pipeline/get',
'cluster:admin/ingest/pipeline/put',
'cluster:admin/ingest/pipeline/simulate',
'cluster:admin/ingest/processor/grok/get',
'cluster:admin/nodes/reload_secure_settings',
'cluster:admin/persistent/completion',
'cluster:admin/persistent/remove',
'cluster:admin/persistent/start',
'cluster:admin/persistent/update_status',
'cluster:admin/remotestore/restore',
'cluster:admin/opendistro/ad/detector/delete',
'cluster:admin/opendistro/ad/detector/info',
'cluster:admin/opendistro/ad/detector/jobmanagement',
Expand Down Expand Up @@ -137,16 +153,23 @@ export const CLUSTER_PERMISSIONS: string[] = [
'cluster:admin/opensearch/observability/get',
'cluster:admin/opensearch/observability/update',
'cluster:admin/reindex/rethrottle',
'cluster:admin/repository/_cleanup',
'cluster:admin/repository/delete',
'cluster:admin/repository/get',
'cluster:admin/repository/put',
'cluster:admin/repository/verify',
'cluster:admin/reroute',
'cluster:admin/routing/awareness/weights/delete',
'cluster:admin/routing/awareness/weights/get',
'cluster:admin/routing/awareness/weights/put',
'cluster:admin/script/delete',
'cluster:admin/script/get',
'cluster:admin/script/put',
'cluster:admin/script_context/get',
'cluster:admin/script_language/get',
'cluster:admin/settings/update',
'cluster:admin/snapshot/create',
'cluster:admin/snapshot/clone',
'cluster:admin/snapshot/delete',
'cluster:admin/snapshot/get',
'cluster:admin/snapshot/restore',
Expand All @@ -155,6 +178,8 @@ export const CLUSTER_PERMISSIONS: string[] = [
'cluster:admin/tasks/cancel',
'cluster:admin/tasks/test',
'cluster:admin/tasks/testunblock',
'cluster:admin/voting_config/add_exclusions',
'cluster:admin/voting_config/clear_exclusions',
'cluster:monitor/allocation/explain',
'cluster:monitor/health',
'cluster:monitor/main',
Expand All @@ -169,6 +194,7 @@ export const CLUSTER_PERMISSIONS: string[] = [
'cluster:monitor/task',
'cluster:monitor/task/get',
'cluster:monitor/tasks/list',
'cluster:monitor/tasks/list*',
];

export function includeClusterPermissions(clusterPermissionsToInclude: string[]) {
Expand All @@ -182,6 +208,8 @@ export const INDEX_PERMISSIONS: string[] = [
'indices:admin/aliases/exists',
'indices:admin/aliases/get',
'indices:admin/analyze',
'indices:admin/auto_create',
'indices:admin/block/add',
'indices:admin/cache/clear',
'indices:admin/close',
'indices:admin/close*',
Expand All @@ -200,16 +228,21 @@ export const INDEX_PERMISSIONS: string[] = [
'indices:admin/index_template/put',
'indices:admin/index_template/simulate',
'indices:admin/index_template/simulate_index',
'indices:admin/mapping/auto_put',
'indices:admin/mapping/put',
'indices:admin/mappings/fields/get',
'indices:admin/mappings/fields/get*',
'indices:admin/mappings/get',
'indices:admin/open',
'indices:admin/refresh',
'indices:admin/refresh*',
'indices:admin/resize',
'indices:admin/resolve/index',
'indices:admin/rollover',
'indices:admin/seq_no/global_checkpoint_sync',
'indices:admin/seq_no/add_retention_lease',
'indices:admin/seq_no/remove_retention_lease',
'indices:admin/seq_no/renew_retention_lease',
'indices:admin/settings/update',
'indices:admin/shards/search_shards',
'indices:admin/shrink',
Expand All @@ -230,6 +263,9 @@ export const INDEX_PERMISSIONS: string[] = [
'indices:data/read/msearch/template',
'indices:data/read/mtv',
'indices:data/read/mtv*',
'indices:data/read/point_in_time/create',
'indices:data/read/point_in_time/delete',
'indices:data/read/point_in_time/readall',
'indices:data/read/scroll',
'indices:data/read/scroll/clear',
'indices:data/read/search',
Expand All @@ -245,6 +281,7 @@ export const INDEX_PERMISSIONS: string[] = [
'indices:data/write/update',
'indices:data/write/update/byquery',
'indices:monitor/data_stream/stats',
'indices:monitor/point_in_time/segments',
'indices:monitor/recovery',
'indices:monitor/segments',
'indices:monitor/settings/get',
Expand Down

0 comments on commit e5c0588

Please sign in to comment.