From ca4f1529864f8affccb934e3a13bb01bd86f084b Mon Sep 17 00:00:00 2001
From: Sayali Gaikawad <gaiksaya@amazon.com>
Date: Wed, 18 Sep 2024 11:50:58 -0700
Subject: [PATCH] Map users by default to read-only role and add another one
 for admin

Signed-off-by: Sayali Gaikawad <gaiksaya@amazon.com>
---
 nightly-playground/resources/security-config/roles_mapping.yml | 2 ++
 nightly-playground/test/nightly-playground.test.ts             | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/nightly-playground/resources/security-config/roles_mapping.yml b/nightly-playground/resources/security-config/roles_mapping.yml
index bac3ac5..9579879 100644
--- a/nightly-playground/resources/security-config/roles_mapping.yml
+++ b/nightly-playground/resources/security-config/roles_mapping.yml
@@ -10,12 +10,14 @@ _meta:
 opendistro_security_anonymous_role:
   backend_roles:
     - "opendistro_security_anonymous_backendrole"
+    - "default-roles-opensearch-nightly-playgrounds"
 ## Demo roles mapping
 
 all_access:
   reserved: false
   backend_roles:
     - "admin"
+    - "admin_role_for_nightly"
   description: "Maps admin to all_access"
 
 own_index:
diff --git a/nightly-playground/test/nightly-playground.test.ts b/nightly-playground/test/nightly-playground.test.ts
index a1e0a8b..43afff1 100644
--- a/nightly-playground/test/nightly-playground.test.ts
+++ b/nightly-playground/test/nightly-playground.test.ts
@@ -47,7 +47,7 @@ test('Ensure security is always enabled with custom role mapping', () => {
               ignoreErrors: false,
             },
             '011': {
-              command: "set -ex; echo \"_meta:\n  type: rolesmapping\n  config_version: 2\nopendistro_security_anonymous_role:\n  backend_roles:\n    - opendistro_security_anonymous_backendrole\nall_access:\n  reserved: false\n  backend_roles:\n    - admin\n  description: Maps admin to all_access\nown_index:\n  reserved: false\n  users:\n    - '*'\n  description: Allow full access to an index named like the username\nkibana_user:\n  reserved: false\n  backend_roles:\n    - kibanauser\n  description: Maps kibanauser to kibana_user\nreadall:\n  reserved: false\n  backend_roles:\n    - readall\nkibana_server:\n  reserved: true\n  users:\n    - kibanaserver\n\" > opensearch/config/opensearch-security/roles_mapping.yml",
+              command: "set -ex; echo \"_meta:\n  type: rolesmapping\n  config_version: 2\nopendistro_security_anonymous_role:\n  backend_roles:\n    - opendistro_security_anonymous_backendrole\n    - default-roles-opensearch-nightly-playgrounds\nall_access:\n  reserved: false\n  backend_roles:\n    - admin\n    - admin_role_for_nightly\n  description: Maps admin to all_access\nown_index:\n  reserved: false\n  users:\n    - '*'\n  description: Allow full access to an index named like the username\nkibana_user:\n  reserved: false\n  backend_roles:\n    - kibanauser\n  description: Maps kibanauser to kibana_user\nreadall:\n  reserved: false\n  backend_roles:\n    - readall\nkibana_server:\n  reserved: true\n  users:\n    - kibanaserver\n\" > opensearch/config/opensearch-security/roles_mapping.yml",
               cwd: '/home/ec2-user',
               ignoreErrors: false,
             },