Map users by default to read-only role and add another one for admin

Signed-off-by: Sayali Gaikawad <[email protected]>
opensearch-project · Sep 18, 2024 · ca4f152 · ca4f152
1 parent c527d8d
commit ca4f152
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/nightly-playground/resources/security-config/roles_mapping.yml b/nightly-playground/resources/security-config/roles_mapping.yml
@@ -10,12 +10,14 @@ _meta:
 opendistro_security_anonymous_role:
   backend_roles:
     - "opendistro_security_anonymous_backendrole"
+    - "default-roles-opensearch-nightly-playgrounds"
 ## Demo roles mapping
 
 all_access:
   reserved: false
   backend_roles:
     - "admin"
+    - "admin_role_for_nightly"
   description: "Maps admin to all_access"
 
 own_index:

diff --git a/nightly-playground/test/nightly-playground.test.ts b/nightly-playground/test/nightly-playground.test.ts
@@ -47,7 +47,7 @@ test('Ensure security is always enabled with custom role mapping', () => {
               ignoreErrors: false,
             },
             '011': {
-              command: "set -ex; echo \"_meta:\n  type: rolesmapping\n  config_version: 2\nopendistro_security_anonymous_role:\n  backend_roles:\n    - opendistro_security_anonymous_backendrole\nall_access:\n  reserved: false\n  backend_roles:\n    - admin\n  description: Maps admin to all_access\nown_index:\n  reserved: false\n  users:\n    - '*'\n  description: Allow full access to an index named like the username\nkibana_user:\n  reserved: false\n  backend_roles:\n    - kibanauser\n  description: Maps kibanauser to kibana_user\nreadall:\n  reserved: false\n  backend_roles:\n    - readall\nkibana_server:\n  reserved: true\n  users:\n    - kibanaserver\n\" > opensearch/config/opensearch-security/roles_mapping.yml",
+              command: "set -ex; echo \"_meta:\n  type: rolesmapping\n  config_version: 2\nopendistro_security_anonymous_role:\n  backend_roles:\n    - opendistro_security_anonymous_backendrole\n    - default-roles-opensearch-nightly-playgrounds\nall_access:\n  reserved: false\n  backend_roles:\n    - admin\n    - admin_role_for_nightly\n  description: Maps admin to all_access\nown_index:\n  reserved: false\n  users:\n    - '*'\n  description: Allow full access to an index named like the username\nkibana_user:\n  reserved: false\n  backend_roles:\n    - kibanauser\n  description: Maps kibanauser to kibana_user\nreadall:\n  reserved: false\n  backend_roles:\n    - readall\nkibana_server:\n  reserved: true\n  users:\n    - kibanaserver\n\" > opensearch/config/opensearch-security/roles_mapping.yml",
               cwd: '/home/ec2-user',
               ignoreErrors: false,
             },