Home Explore Help
Register Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

add privileges in vulnerabilities index (#94255)

* add privileges in vulnerabilities index

* fix build failure line length
Lola 2 years ago
parent
06d5fecb3c
commit
2d5eb52d8f
2 changed files with 27 additions and 3 deletions
Split View Show Diff Stats
  1. 6 2
      x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java
  2. 21 1
      x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java

+ 6 - 2
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java
View File 

@@ -873,11 +873,15 @@ public class ReservedRolesStore implements BiConsumer<Set<String>, ActionListene
 
                     .build(),
 
                 // For src/dest indices of the Cloud Security Posture packages that ships a transform
 
                 RoleDescriptor.IndicesPrivileges.builder()
 
-                    .indices("logs-cloud_security_posture.findings-*")
 
+                    .indices("logs-cloud_security_posture.findings-*", "logs-cloud_security_posture.vulnerabilities-*")
 
                     .privileges("read", "view_index_metadata")
 
                     .build(),
 
                 RoleDescriptor.IndicesPrivileges.builder()
 
-                    .indices("logs-cloud_security_posture.findings_latest-default*", "logs-cloud_security_posture.scores-default*")
 
+                    .indices(
 
+                        "logs-cloud_security_posture.findings_latest-default*",
 
+                        "logs-cloud_security_posture.scores-default*",
 
+                        "logs-cloud_security_posture.vulnerabilities_latest-default*"
 
+                    )
 
                     .privileges("create_index", "read", "index", "delete", IndicesAliasesAction.NAME, UpdateSettingsAction.NAME)
 
                     .build() },
 
             null,

+ 21 - 1
x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java
View File 

@@ -1089,11 +1089,31 @@ public class ReservedRolesStoreTests extends ESTestCase {
 
             assertThat(kibanaRole.indices().allowedIndicesMatcher(RolloverAction.NAME).test(indexAbstraction), is(true));
 
         });
 
 
+        Arrays.asList("logs-cloud_security_posture.vulnerabilities-" + randomAlphaOfLength(randomIntBetween(0, 13))).forEach((cspIndex) -> {
 
+            final IndexAbstraction indexAbstraction = mockIndexAbstraction(cspIndex);
 
+            assertThat(kibanaRole.indices().allowedIndicesMatcher("indices:foo").test(indexAbstraction), is(false));
 
+            assertThat(kibanaRole.indices().allowedIndicesMatcher("indices:bar").test(indexAbstraction), is(false));
 
+            assertThat(kibanaRole.indices().allowedIndicesMatcher(DeleteIndexAction.NAME).test(indexAbstraction), is(false));
 
+            assertThat(kibanaRole.indices().allowedIndicesMatcher(GetIndexAction.NAME).test(indexAbstraction), is(true));
 
+            assertThat(kibanaRole.indices().allowedIndicesMatcher(CreateIndexAction.NAME).test(indexAbstraction), is(false));
 
+            assertThat(kibanaRole.indices().allowedIndicesMatcher(IndexAction.NAME).test(indexAbstraction), is(false));
 
+            assertThat(kibanaRole.indices().allowedIndicesMatcher(DeleteAction.NAME).test(indexAbstraction), is(false));
 
+            assertThat(kibanaRole.indices().allowedIndicesMatcher(SearchAction.NAME).test(indexAbstraction), is(true));
 
+            assertThat(kibanaRole.indices().allowedIndicesMatcher(MultiSearchAction.NAME).test(indexAbstraction), is(true));
 
+            assertThat(kibanaRole.indices().allowedIndicesMatcher(GetAction.NAME).test(indexAbstraction), is(true));
 
+            assertThat(kibanaRole.indices().allowedIndicesMatcher(READ_CROSS_CLUSTER_NAME).test(indexAbstraction), is(false));
 
+            assertThat(kibanaRole.indices().allowedIndicesMatcher(UpdateSettingsAction.NAME).test(indexAbstraction), is(true));
 
+            assertThat(kibanaRole.indices().allowedIndicesMatcher(PutMappingAction.NAME).test(indexAbstraction), is(true));
 
+            assertThat(kibanaRole.indices().allowedIndicesMatcher(RolloverAction.NAME).test(indexAbstraction), is(true));
 
+        });
 
+
 
         Arrays.asList(
 
             "logs-cloud_security_posture.findings_latest-default",
 
             "logs-cloud_security_posture.scores-default",
 
+            "logs-cloud_security_posture.vulnerabilities_latest-default",
 
             "logs-cloud_security_posture.findings_latest-default-" + Version.CURRENT,
 
-            "logs-cloud_security_posture.scores-default-" + Version.CURRENT
 
+            "logs-cloud_security_posture.scores-default-" + Version.CURRENT,
 
+            "logs-cloud_security_posture.vulnerabilities_latest-default" + Version.CURRENT
 
         ).forEach(indexName -> {
 
             logger.info("index name [{}]", indexName);
 
             final IndexAbstraction indexAbstraction = mockIndexAbstraction(indexName);