Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

[Monitoring] Add new cluster privilege now necessary for the stack monitoring ui (#47871)

* Add new cluster privilege now necessary for the stack monitoring ui

* PR feedback, and add test
Chris Roberson 6 years ago
parent
f5b8d61c52
commit
fb871125f8
2 changed files with 4 additions and 1 deletions
Split View Show Diff Stats
  1. 2 1
      x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java
  2. 2 0
      x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java

+ 2 - 1
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java
View File 

@@ -6,6 +6,7 @@
 
 package org.elasticsearch.xpack.core.security.authz.store;
 
 
 import org.elasticsearch.action.ActionListener;
 
+import org.elasticsearch.action.admin.cluster.remote.RemoteInfoAction;
 
 import org.elasticsearch.action.admin.cluster.repositories.get.GetRepositoriesAction;
 
 import org.elasticsearch.common.collect.MapBuilder;
 
 import org.elasticsearch.xpack.core.monitoring.action.MonitoringBulkAction;
 
@@ -55,7 +56,7 @@ public class ReservedRolesStore implements BiConsumer<Set<String>, ActionListene
 
                         null, null,
 
                         MetadataUtils.DEFAULT_RESERVED_METADATA, null))
 
                 .put("monitoring_user", new RoleDescriptor("monitoring_user",
 
-                        new String[] { "cluster:monitor/main", "cluster:monitor/xpack/info" },
 
+                        new String[] { "cluster:monitor/main", "cluster:monitor/xpack/info", RemoteInfoAction.NAME },
 
                         new RoleDescriptor.IndicesPrivileges[] {
 
                             RoleDescriptor.IndicesPrivileges.builder()
 
                                 .indices(".monitoring-*").privileges("read", "read_cross_cluster").build()

+ 2 - 0
x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java
View File 

@@ -7,6 +7,7 @@ package org.elasticsearch.xpack.core.security.authz.store;
 
 
 import org.elasticsearch.Version;
 
 import org.elasticsearch.action.admin.cluster.health.ClusterHealthAction;
 
+import org.elasticsearch.action.admin.cluster.remote.RemoteInfoAction;
 
 import org.elasticsearch.action.admin.cluster.repositories.get.GetRepositoriesAction;
 
 import org.elasticsearch.action.admin.cluster.repositories.put.PutRepositoryAction;
 
 import org.elasticsearch.action.admin.cluster.reroute.ClusterRerouteAction;
 
@@ -441,6 +442,7 @@ public class ReservedRolesStoreTests extends ESTestCase {
 
         Role monitoringUserRole = Role.builder(roleDescriptor, null).build();
 
         assertThat(monitoringUserRole.cluster().check(MainAction.NAME, request, authentication), is(true));
 
         assertThat(monitoringUserRole.cluster().check(XPackInfoAction.NAME, request, authentication), is(true));
 
+        assertThat(monitoringUserRole.cluster().check(RemoteInfoAction.NAME, request, authentication), is(true));
 
         assertThat(monitoringUserRole.cluster().check(ClusterHealthAction.NAME, request, authentication), is(false));
 
         assertThat(monitoringUserRole.cluster().check(ClusterStateAction.NAME, request, authentication), is(false));
 
         assertThat(monitoringUserRole.cluster().check(ClusterStatsAction.NAME, request, authentication), is(false));