Add view_index_matadata connector permission for fleet-server account (…

…elastic#113262) * Add view_index_matadata to fleet-server for elastic_connetors package * Fix typo
n1v0lg · Sep 23, 2024 · ce79fa4 · ce79fa4
1 parent c28df8e
commit ce79fa4
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 6 deletions.
diff --git a/docs/reference/rest-api/security/get-service-accounts.asciidoc b/docs/reference/rest-api/security/get-service-accounts.asciidoc
@@ -250,7 +250,8 @@ GET /_security/service/elastic/fleet-server
             "monitor",
             "create_index",
             "auto_configure",
-            "maintenance"
+            "maintenance",
+            "view_index_metadata"
           ],
           "allow_restricted_indices": false
         },
@@ -265,7 +266,8 @@ GET /_security/service/elastic/fleet-server
             "monitor",
             "create_index",
             "auto_configure",
-            "maintenance"
+            "maintenance",
+            "view_index_metadata"
           ],
           "allow_restricted_indices": false
         }

diff --git a/...rc/javaRestTest/java/org/elasticsearch/xpack/security/authc/service/ServiceAccountIT.java b/...rc/javaRestTest/java/org/elasticsearch/xpack/security/authc/service/ServiceAccountIT.java
@@ -296,7 +296,8 @@ public class ServiceAccountIT extends ESRestTestCase {
                     "monitor",
                     "create_index",
                     "auto_configure",
-                    "maintenance"
+                    "maintenance",
+                    "view_index_metadata"
                   ],
                   "allow_restricted_indices": false
                 },
@@ -311,7 +312,8 @@ public class ServiceAccountIT extends ESRestTestCase {
                     "monitor",
                     "create_index",
                     "auto_configure",
-                    "maintenance"
+                    "maintenance",
+                    "view_index_metadata"
                   ],
                   "allow_restricted_indices": false
                 }

diff --git a/.../src/main/java/org/elasticsearch/xpack/security/authc/service/ElasticServiceAccounts.java b/.../src/main/java/org/elasticsearch/xpack/security/authc/service/ElasticServiceAccounts.java
@@ -160,12 +160,12 @@ final class ElasticServiceAccounts {
                 // Custom permissions required for running Elastic connectors integration
                 RoleDescriptor.IndicesPrivileges.builder()
                     .indices(".elastic-connectors*")
-                    .privileges("read", "write", "monitor", "create_index", "auto_configure", "maintenance")
+                    .privileges("read", "write", "monitor", "create_index", "auto_configure", "maintenance", "view_index_metadata")
                     .build(),
                 // Permissions for data indices and access control filters used by Elastic connectors integration
                 RoleDescriptor.IndicesPrivileges.builder()
                     .indices("content-*", ".search-acl-filter-*")
-                    .privileges("read", "write", "monitor", "create_index", "auto_configure", "maintenance")
+                    .privileges("read", "write", "monitor", "create_index", "auto_configure", "maintenance", "view_index_metadata")
                     .build(), },
             new RoleDescriptor.ApplicationResourcePrivileges[] {
                 RoleDescriptor.ApplicationResourcePrivileges.builder()