Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG]opensearch_role_mapping resource - fails #158

Open
kcorelight opened this issue Feb 6, 2024 · 3 comments
Open

[BUG]opensearch_role_mapping resource - fails #158

kcorelight opened this issue Feb 6, 2024 · 3 comments
Assignees
@rblcoder
Labels
bug Something isn't working

Comments

@kcorelight
Copy link

What is the bug?

module.opensearch_logs_saml[0].opensearch_roles_mapping.security_manager_mapping will be created

  • resource "opensearch_roles_mapping" "security_manager_mapping" {
    • and_backend_roles = [
      • "arn:aws:iam::433822642130:instance-profile/terraform_host_profile",
        ]
    • description = "Mapping AWS IAM roles to ES role"
    • id = (known after apply)
    • role_name = "security_manager"
      }


│ Error: elastic: Error 400 (Bad Request)

│ with module.opensearch_logs_saml[0].opensearch_roles_mapping.security_manager_mapping,
│ on ../../../modules/common/opensearch_saml/roles_mapping.tf line 19, in resource "opensearch_roles_mapping" "security_manager_mapping":
│ 19: resource "opensearch_roles_mapping" "security_manager_mapping" {


[root@9457465f450e NorthAmerica]#

How can one reproduce the bug?

[root@9457465f450e NorthAmerica]# terraform apply --auto-approve -target=module.opensearch_logs_saml[0].opensearch_roles_mapping.security_manager_mapping

What is the expected behavior?

Successfully apply the resource

What is your host/environment?

N/A

Do you have any screenshots?

Above screenshot

Do you have any additional context?

Add any other context about the problem.
@kcorelight kcorelight added bug Something isn't working untriaged labels Feb 6, 2024
This was referenced Feb 13, 2024
Closed
Open
@prudhvigodithi
Copy link
Member

[Triage]
Thanks @kcorelight Looks similar #153, #156 .

Adding @rblcoder @bbarani

@rblcoder
Copy link
Collaborator

rblcoder commented Mar 5, 2024

@kcorelight Does this help you with the issue on using and_backend_roles
opensearch-project/security#4084

@rblcoder
Copy link
Collaborator

rblcoder commented Apr 2, 2024

and_backend_roles requires that all the backend roles be specified in this list and only users with all of these backend roles will be mapped to the role.

For example if and_backend_roles has ["IT", "Finance", "HR"]
for a user to to be mapped to the role, the user would need to have all of these backend roles.
Such a user can be created using,

PUT _plugins/_security/api/internalusers/johndoe
{
  "password": "myStrongPassword123@456",
  "backend_roles": ["IT", "Administrator", "HR"]
}

The following terraform code maps user johndoe to custom_role

terraform {
  required_providers {
    opensearch = {
      source = "opensearch-project/opensearch"
      version = "2.2.0"
    }
  }
}

provider "opensearch" {
  url = "https://localhost:9200"
  username          = "admin"
  password          = "myStrongPassword123@456"
  healthcheck = false
  insecure = true
  version_ping_timeout = "10"

}

resource "opensearch_roles_mapping" "custom_role_mapping" {
    role_name = "custom_role"
    description = "Mapping roles"
    and_backend_roles = ["IT", "Finance", "HR"]
    
}

@rblcoder rblcoder self-assigned this Apr 2, 2024
@getsaurabh02 getsaurabh02 moved this from 🆕 New to Later (6 months plus) in Engineering Effectiveness Board Jul 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rblcoder rblcoder

Labels
bug Something isn't working
Projects
Engineering Effectiveness Board
Status: 📦 Backlog
Milestone
No milestone
Development

No branches or pull requests
3 participants
@prudhvigodithi @rblcoder @kcorelight