Add auditor role; update analyst role with correct syntax

2025-12-06 17:22:49 +01:00 · 2021-09-03 15:54:05 -04:00
parent 649f339934
commit fbbb7f4e85
2 changed files with 58 additions and 41 deletions
--- a/salt/common/tools/sbin/so-elasticsearch-roles-load
+++ b/salt/common/tools/sbin/so-elasticsearch-roles-load
@@ -51,7 +51,7 @@ cd ${ELASTICSEARCH_ROLES}
 echo "Loading templates..."
 for role in *; do
 	name=$(echo "$role" | cut -d. -f1)
-	so-elasticsearch-query security/roles/$name -XPUT -d @"$role"
+	so-elasticsearch-query _security/role/$name -XPUT -d @"$role"
 done
 cd - >/dev/null
--- a/salt/elasticsearch/roles/analyst.json
+++ b/salt/elasticsearch/roles/analyst.json
@@ -1,45 +1,62 @@
 {
-  "elasticsearch": {
+  "cluster": [
-    "cluster": [
+    "cancel_task",
-      "cancel_task",
+    "create_snapshot",
-      "create_snapshot",
+    "monitor",
-      "monitor",
+    "monitor_data_frame_transforms",
-      "monitor_data_frame_transforms",
+    "monitor_ml",
-      "monitor_ml",
+    "monitor_rollup",
-      "monitor_rollup",
+    "monitor_snapshot",
-      "monitor_snapshot",
+    "monitor_text_structure",
-      "monitor_text_structure",
+    "monitor_transform",
-      "monitor_transform",
+    "monitor_watcher",
-      "monitor_watcher",
+    "read_ccr",
-      "read_ccr",
+    "read_ilm",
-      "read_ilm",
+    "read_pipeline",
-      "read_pipeline",
+    "read_slm"
-      "read_slm"
+  ],
-    ],
+  "indices": [
    "indices": [
      {
        "names": [
          "so-*"
        ],
        "privileges": [
          "read",
          "read_cross_cluster",
          "monitor",
          "view_index_metadata"
        ]
      }
    ],
    "run_as": []
  },
  "kibana": [
    {
-      "spaces": [
+      "names": [
-        "*"
+        "so-*"
      ],
-      "base": [
+      "privileges": [
-        "read"
+        "index",
-      ],
+        "read",
-      "feature": {}
+        "read_cross_cluster",
        "monitor",
        "view_index_metadata"
      ]
    }
-  ]
+  ],
  "applications": [
    {
      "application": "kibana-.kibana",
      "privileges": [
        "feature_discover.all",
        "feature_dashboard.all",
        "feature_canvas.all",
        "feature_maps.all",
        "feature_ml.all",
        "feature_logs.read",
        "feature_visualize.all",
        "feature_infrastructure.read",
        "feature_apm.read",
        "feature_uptime.read",
        "feature_siem.read",
        "feature_dev_tools.read",
        "feature_advancedSettings.read",
        "feature_indexPatterns.read",
        "feature_savedObjectsManagement.read",
        "feature_savedObjectsTagging.read",
        "feature_fleet.all",
        "feature_actions.read",
        "feature_stackAlerts.read"
      ],
      "resources": [
        "*"
      ]
    }
  ],
  "run_as": []
 }