From 4496440de11e1d1435ff5803942bbdad0c6be513 Mon Sep 17 00:00:00 2001 From: Darshit Chanpura <35282393+DarshitChanpura@users.noreply.github.com> Date: Fri, 17 Nov 2023 13:15:07 -0500 Subject: [PATCH] Adds missing default security config lines when updating opensearch.yml (#3734) Adds 4 config lines that were missed in the original PR: https://github.com/opensearch-project/security/blob/deff84265cd22badf9cca02a3240aeb000acb439/tools/install_demo_configuration.sh#L384C1-L388C1 --------- Signed-off-by: Darshit Chanpura --- .../security/tools/democonfig/Certificates.java | 11 +++++++++++ .../tools/democonfig/ExecutionEnvironment.java | 11 +++++++++++ .../tools/democonfig/SecuritySettingsConfigurer.java | 10 +++++++--- 3 files changed, 29 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/opensearch/security/tools/democonfig/Certificates.java b/src/main/java/org/opensearch/security/tools/democonfig/Certificates.java index 6821147e8c..c776a5e29b 100644 --- a/src/main/java/org/opensearch/security/tools/democonfig/Certificates.java +++ b/src/main/java/org/opensearch/security/tools/democonfig/Certificates.java @@ -1,3 +1,14 @@ +/* + * SPDX-License-Identifier: Apache-2.0 + * + * The OpenSearch Contributors require contributions made to + * this file be licensed under the Apache-2.0 license or a + * compatible open source license. + * + * Modifications Copyright OpenSearch Contributors. See + * GitHub history for details. + */ + package org.opensearch.security.tools.democonfig; /** diff --git a/src/main/java/org/opensearch/security/tools/democonfig/ExecutionEnvironment.java b/src/main/java/org/opensearch/security/tools/democonfig/ExecutionEnvironment.java index 9f901c4487..e9a8273c5f 100644 --- a/src/main/java/org/opensearch/security/tools/democonfig/ExecutionEnvironment.java +++ b/src/main/java/org/opensearch/security/tools/democonfig/ExecutionEnvironment.java @@ -1,3 +1,14 @@ +/* + * SPDX-License-Identifier: Apache-2.0 + * + * The OpenSearch Contributors require contributions made to + * this file be licensed under the Apache-2.0 license or a + * compatible open source license. + * + * Modifications Copyright OpenSearch Contributors. See + * GitHub history for details. + */ + package org.opensearch.security.tools.democonfig; /** diff --git a/src/main/java/org/opensearch/security/tools/democonfig/SecuritySettingsConfigurer.java b/src/main/java/org/opensearch/security/tools/democonfig/SecuritySettingsConfigurer.java index 1e318c38b9..a5daa579dd 100644 --- a/src/main/java/org/opensearch/security/tools/democonfig/SecuritySettingsConfigurer.java +++ b/src/main/java/org/opensearch/security/tools/democonfig/SecuritySettingsConfigurer.java @@ -212,9 +212,13 @@ static String buildSecurityConfigString() { securityConfigLines.append("plugins.security.authcz.admin_dn:\n - CN=kirk,OU=client,O=client,L=test, C=de\n\n"); - securityConfigLines.append("plugins.security.system_indices.enabled: true\n" + "plugins.security.system_indices.indices: [") - .append(SYSTEM_INDICES) - .append("]\n"); + securityConfigLines.append("plugins.security.audit.type: internal_opensearch\n"); + securityConfigLines.append("plugins.security.enable_snapshot_restore_privilege: true\n"); + securityConfigLines.append("plugins.security.check_snapshot_restore_write_privileges: true\n"); + securityConfigLines.append("plugins.security.restapi.roles_enabled: [\"all_access\", \"security_rest_api_access\"]\n"); + + securityConfigLines.append("plugins.security.system_indices.enabled: true\n"); + securityConfigLines.append("plugins.security.system_indices.indices: [").append(SYSTEM_INDICES).append("]\n"); if (!isNetworkHostAlreadyPresent(OPENSEARCH_CONF_FILE)) { if (cluster_mode) {