Map users by default to read-only role and add another one for admin (#…

…204) Signed-off-by: Sayali Gaikawad <gaiksaya@amazon.com>
opensearch-project · Sep 18, 2024 · 0d4599e · 0d4599e
1 parent c527d8d
commit 0d4599e
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 2 deletions.
diff --git a/.github/workflows/nightly-playground-trigger.yml b/.github/workflows/nightly-playground-trigger.yml
@@ -9,7 +9,7 @@ jobs:
   deploy-nightly-playground:
     strategy:
       matrix:
-        dist_version: ['2.17.0', '3.0.0']
+        dist_version: ['2.18.0', '3.0.0']
       fail-fast: false
     uses: ./.github/workflows/nightly-playground-deploy.yml
     secrets: inherit

diff --git a/nightly-playground/resources/security-config/roles_mapping.yml b/nightly-playground/resources/security-config/roles_mapping.yml
@@ -10,12 +10,14 @@ _meta:
 opendistro_security_anonymous_role:
   backend_roles:
     - "opendistro_security_anonymous_backendrole"
+    - "default-roles-opensearch-nightly-playgrounds"
 ## Demo roles mapping
 
 all_access:
   reserved: false
   backend_roles:
     - "admin"
+    - "admin_role_for_nightly"
   description: "Maps admin to all_access"
 
 own_index:

diff --git a/nightly-playground/test/nightly-playground.test.ts b/nightly-playground/test/nightly-playground.test.ts
@@ -47,7 +47,7 @@ test('Ensure security is always enabled with custom role mapping', () => {
               ignoreErrors: false,
             },
             '011': {
-              command: "set -ex; echo \"_meta:\n  type: rolesmapping\n  config_version: 2\nopendistro_security_anonymous_role:\n  backend_roles:\n    - opendistro_security_anonymous_backendrole\nall_access:\n  reserved: false\n  backend_roles:\n    - admin\n  description: Maps admin to all_access\nown_index:\n  reserved: false\n  users:\n    - '*'\n  description: Allow full access to an index named like the username\nkibana_user:\n  reserved: false\n  backend_roles:\n    - kibanauser\n  description: Maps kibanauser to kibana_user\nreadall:\n  reserved: false\n  backend_roles:\n    - readall\nkibana_server:\n  reserved: true\n  users:\n    - kibanaserver\n\" > opensearch/config/opensearch-security/roles_mapping.yml",
+              command: "set -ex; echo \"_meta:\n  type: rolesmapping\n  config_version: 2\nopendistro_security_anonymous_role:\n  backend_roles:\n    - opendistro_security_anonymous_backendrole\n    - default-roles-opensearch-nightly-playgrounds\nall_access:\n  reserved: false\n  backend_roles:\n    - admin\n    - admin_role_for_nightly\n  description: Maps admin to all_access\nown_index:\n  reserved: false\n  users:\n    - '*'\n  description: Allow full access to an index named like the username\nkibana_user:\n  reserved: false\n  backend_roles:\n    - kibanauser\n  description: Maps kibanauser to kibana_user\nreadall:\n  reserved: false\n  backend_roles:\n    - readall\nkibana_server:\n  reserved: true\n  users:\n    - kibanaserver\n\" > opensearch/config/opensearch-security/roles_mapping.yml",
               cwd: '/home/ec2-user',
               ignoreErrors: false,
             },