github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-06-27 18:51:07 -04:00
Code Issues Projects Releases Packages Wiki Activity

[kbn/es serverless] Allow ES serverless resources (ex. users, users_roles, etc) to be overwritten via yarn es serverless command (#167087)

Browse source 
## Summary

### `@kbn/es` package
- Introduces `--resources` option to the `es serverless` command
- Allows for
[`serverless_resources`](https://github.com/elastic/kibana/tree/main/packages/kbn-es/src/serverless_resources)
to be overwritten
 
### Security Solution Plugin

- Added customized `users`, `users_roles` and `roles.yml` files that
includes:
    - Updated `roles.yml` file (sync'ed with project controller version)
- Updated `users` / `users_roles` file that includes one one per
security project role (name the same as the role)
- New CLI script - `node
x-pack/plugins/security_solution/scripts/endpoint/start_es_serverless_with_security_users.js`
- that will start ES in serverless mode and inject the customized
`--resources` into the command
- Any existing option that can be passed to `es` or `es serverless` can
still continue to be passed to this new script. I will pass them along.


closes #167092

__
This commit is contained in:
Paul Tavares 2023-09-27 14:11:01 -04:00 committed by GitHub
parent 581b30b743
commit 45a28d40e3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
14 changed files with 845 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

11
packages/kbn-es/src/cli_commands/serverless.ts
View file

@ -11,6 +11,8 @@ import getopts from 'getopts';
import { ToolingLog } from '@kbn/tooling-log';
import { getTimeReporter } from '@kbn/ci-stats-reporter';
import { basename } from 'path';
import { SERVERLESS_RESOURCES_PATHS } from '../paths';
import { Cluster } from '../cluster';
import {
ES_SERVERLESS_REPO_ELASTICSEARCH,
@ -37,6 +39,13 @@ export const serverless: Command = {
--ssl Enable HTTP SSL on the ES cluster
--skipTeardown If this process exits, leave the ES cluster running in the background
--waitForReady Wait for the ES cluster to be ready to serve requests
--resources Overrides resources under ES 'config/' directory, which are by default
mounted from 'packages/kbn-es/src/serverless_resources/users'. Value should
be a valid file path (relative or absolute). This option can be used multiple
times if needing to override multiple files. The following files can be overwritten:
${SERVERLESS_RESOURCES_PATHS.map((filePath) => basename(filePath)).join(
' | '
)}
-E Additional key=value settings to pass to ES
-F Absolute paths for files to mount into containers
@ -63,7 +72,7 @@ export const serverless: Command = {
files: 'F',
},
string: ['tag', 'image', 'basePath'],
string: ['tag', 'image', 'basePath', 'resources'],
boolean: ['clean', 'ssl', 'kill', 'background', 'skipTeardown', 'waitForReady'],
default: defaults,

15
packages/kbn-es/src/serverless_resources/README.md
View file

@ -14,7 +14,7 @@ password: changeme
### Adding users
1. Add the user:encrypted_password to `users` file. The encrypted password for `elastic_serverless` is `changeme` if you want to reuse the value.
1. Add the `user:encrypted_password` to `users` file. The encrypted password for `elastic_serverless` is `changeme` if you want to reuse the value.
1. Set the new user's roles in `users_roles` file.
1. Add the username to `operator_users.yml` in the array for file realm users.
@ -46,4 +46,15 @@ If a node is configured to use this `service_tokens` file, then you can authenti
curl -H "Authorization: Bearer AAEAAWVsYXN0aWMva2liYW5hL2tpYmFuYS1kZXY6VVVVVVVVTEstKiBaNA" http://localhost:9200/_security/_authenticate
```
The name of the token (`kibana-dev`) is important because the `operator_users.yml` file designates that token as an operator and allows us to seed a serverless cluster with this token.
The name of the token (`kibana-dev`) is important because the `operator_users.yml` file designates that token as an operator and allows us to seed a serverless cluster with this token.
## Overriding resources
The files found in this directory can be overwritten with customized versions by using the `--resources` option of the `yarn es serverless` command.
Assuming a customized `users` and `users_roles` are located in `/tmp/my_es/` directory and executing the below command from the root of Kibana, here is an example:
```shell
yarn es serverless --resources=/tmp/my_es/users --resources=/tmp/my_es/users_roles
```

2
packages/kbn-es/src/serverless_resources/operator_users.yml
View file

@ -1,5 +1,5 @@
operator:
- usernames: ["elastic_serverless", "system_indices_superuser"]
- usernames: ["elastic_serverless", "system_indices_superuser", "soc_manager"]
realm_type: "file"
auth_type: "realm"
- usernames: [ "elastic/kibana" ]

1
packages/kbn-es/src/serverless_resources/users
View file

@ -1,2 +1,3 @@
elastic_serverless:$2a$10$nN6sRtQl2KX9Gn8kV/.NpOLSk6Jwn8TehEDnZ7aaAgzyl/dy5PYzW
system_indices_superuser:$2a$10$nN6sRtQl2KX9Gn8kV/.NpOLSk6Jwn8TehEDnZ7aaAgzyl/dy5PYzW
soc_manager:$2a$10$nN6sRtQl2KX9Gn8kV/.NpOLSk6Jwn8TehEDnZ7aaAgzyl/dy5PYzW

1
packages/kbn-es/src/serverless_resources/users_roles
View file

@ -1,2 +1,3 @@
superuser:elastic_serverless
system_indices_superuser:system_indices_superuser
soc_manager:soc_manager

29
packages/kbn-es/src/utils/docker.test.ts
View file

@ -445,6 +445,35 @@ describe('setupServerlessVolumes()', () => {
expect(volumeCmd).toHaveLength(20);
expect(pathsNotIncludedInCmd).toEqual([]);
});
test('should use resource overrides', async () => {
mockFs(existingObjectStore);
const volumeCmd = await setupServerlessVolumes(log, {
basePath: baseEsPath,
resources: ['./relative/path/users', '/absolute/path/users_roles'],
});
expect(volumeCmd).toContain(
'/absolute/path/users_roles:/usr/share/elasticsearch/config/users_roles'
);
expect(volumeCmd).toContain(
`${process.cwd()}/relative/path/users:/usr/share/elasticsearch/config/users`
);
});
test('should throw if an unknown resource override is used', async () => {
mockFs(existingObjectStore);
await expect(async () => {
await setupServerlessVolumes(log, {
basePath: baseEsPath,
resources: ['/absolute/path/invalid'],
});
}).rejects.toThrow(
'Unsupported ES serverless --resources value(s):\n /absolute/path/invalid\n\n' +
'Valid resources: operator_users.yml | role_mapping.yml | roles.yml | service_tokens | users | users_roles'
);
});
});
describe('runServerlessEsNode()', () => {

35
packages/kbn-es/src/utils/docker.ts
View file

@ -66,6 +66,11 @@ export interface ServerlessOptions extends EsClusterExecOptions, BaseOptions {
background?: boolean;
/** Wait for the ES cluster to be ready to serve requests */
waitForReady?: boolean;
/**
* Resource file(s) to overwrite
* (see list of files that can be overwritten under `packages/kbn-es/src/serverless_resources/users`)
*/
resources?: string | string[];
}
interface ServerlessEsNodeArgs {
@ -470,7 +475,7 @@ export function getDockerFileMountPath(hostPath: string) {
* Setup local volumes for Serverless ES
*/
export async function setupServerlessVolumes(log: ToolingLog, options: ServerlessOptions) {
const { basePath, clean, ssl, files } = options;
const { basePath, clean, ssl, files, resources } = options;
const objectStorePath = resolve(basePath, 'stateless');
log.info(chalk.bold(`Checking for local serverless ES object store at ${objectStorePath}`));
@ -509,12 +514,38 @@ export async function setupServerlessVolumes(log: ToolingLog, options: Serverles
volumeCmds.push(...fileCmds);
}
const resourceFileOverrides: Record<string, string> = resources
? (Array.isArray(resources) ? resources : [resources]).reduce((acc, filePath) => {
acc[basename(filePath)] = resolve(process.cwd(), filePath);
return acc;
}, {} as Record<string, string>)
: {};
const serverlessResources = SERVERLESS_RESOURCES_PATHS.reduce<string[]>((acc, path) => {
acc.push('--volume', `${path}:${SERVERLESS_CONFIG_PATH}${basename(path)}`);
const fileName = basename(path);
let localFilePath = path;
if (resourceFileOverrides[fileName]) {
localFilePath = resourceFileOverrides[fileName];
log.info(`'${fileName}' resource overridden with: ${localFilePath}`);
delete resourceFileOverrides[fileName];
}
acc.push('--volume', `${localFilePath}:${SERVERLESS_CONFIG_PATH}${fileName}`);
return acc;
}, []);
if (Object.keys(resourceFileOverrides).length > 0) {
throw new Error(
`Unsupported ES serverless --resources value(s):\n ${Object.values(
resourceFileOverrides
).join(' \n')}\n\nValid resources: ${SERVERLESS_RESOURCES_PATHS.map((filePath) =>
basename(filePath)
).join(' | ')}`
);
}
volumeCmds.push(
...getESp12Volume(),
...serverlessResources,

47
x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/README.md Normal file
View file

@ -0,0 +1,47 @@
# Security Solution Serverless Resources
Directory contains ES serverless resources that can be used to override the defaults that are loaded when ES is started in serverless mode. For more information on how these are used [packages/kbn-es/src/serverless_resources/README.md](https://github.com/elastic/kibana/blob/main/packages/kbn-es/src/serverless_resources/README.md)
> ** NOTE**
>
> The files referenced via `--resources` argument will be bound and mounted to the ES docker containers that are running ES. This means that any changes to the files done on the host machine will be automatically (after a delay - 5s by default) picked up by Elasticsearch and applied to the ES docker nodes.
## Usage
Example executed from the root directory of Kibana:
```shell
yarn es serverless \
--clean \
--kill \
-E xpack.security.authc.api_key.enabled=true \
-E http.host=0.0.0.0 \
--resources=./x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/roles.yml \
--resources=./x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/users \
--resources=./x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/users_roles
```
> **💡TIP**
>
> If needing to make custom changes to any of the ES resources for personal dev. purposes, copy the files located in this folder to your own local directly, make changes there and then use those file paths when starting ES
## Files
### `roles.yml`
The list of Roles that are loaded into security serverless projects. The values in this file should match those in the [project controller](https://github.com/elastic/project-controller/blob/main/internal/project/security/config/roles.yml) and should remain in sync.
### `users`
List of users that are loaded into ES for serverless. This file currently includes a user for each of the Security Project roles (same name as the role). All users in this file have their password set to `changeme`
Format: `user:encrypted_password`
### `users_roles`
A map of role names (should match those define in the `roles.yml`) to list of users (values found in the `users` file). All Security serverless roles are listed in this file along with one user by the same name.
Format: `role_name:username,username,username`

571
x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/roles.yml Normal file
View file

@ -0,0 +1,571 @@
---
#--------------------------------------------------------------------------------------------------
#
# FILE SOURCE AT:
# https://github.com/elastic/project-controller/blob/main/internal/project/security/config/roles.yml
#
# !!!! IMPORTANT !!!! DO NOT MAKE CHANGES TO THIS FILE, UNLESS THOSE CHANGES
# HAVE ALSO BEEN MADE TO PROJECT CONTROLLER (path above)
#
#--------------------------------------------------------------------------------------------------
viewer:
cluster: []
indices:
- names:
- "/~(([.]|ilm-history-).*)/"
privileges:
- "read"
- "view_index_metadata"
allow_restricted_indices: false
- names:
- ".siem-signals*"
- ".lists-*"
- ".items-*"
privileges:
- "read"
- "view_index_metadata"
allow_restricted_indices: false
- names:
- ".alerts*"
- ".preview.alerts*"
privileges:
- "read"
- "view_index_metadata"
allow_restricted_indices: false
applications:
- application: "kibana-.kibana"
privileges:
- "read"
resources:
- "*"
run_as: []
editor:
cluster: []
indices:
- names:
- "/~(([.]|ilm-history-).*)/"
privileges:
- "read"
- "view_index_metadata"
allow_restricted_indices: false
- names:
- "observability-annotations"
privileges:
- "read"
- "view_index_metadata"
- "write"
allow_restricted_indices: false
- names:
- ".siem-signals*"
- ".lists-*"
- ".items-*"
privileges:
- "read"
- "view_index_metadata"
- "write"
- "maintenance"
allow_restricted_indices: false
- names:
- ".internal.alerts*"
- ".alerts*"
- ".internal.preview.alerts*"
- ".preview.alerts*"
privileges:
- "read"
- "view_index_metadata"
- "write"
- "maintenance"
allow_restricted_indices: false
applications:
- application: "kibana-.kibana"
privileges:
- "all"
resources:
- "*"
run_as: []
t1_analyst:
cluster:
indices:
- names:
- ".alerts-security*"
- ".siem-signals-*"
privileges:
- read
- write
- maintenance
- names:
- apm-*-transaction*
- traces-apm*
- auditbeat-*
- endgame-*
- filebeat-*
- logs-*
- packetbeat-*
- winlogbeat-*
- metrics-endpoint.metadata_current_*
- ".fleet-agents*"
- ".fleet-actions*"
privileges:
- read
applications:
- application: "kibana-.kibana"
privileges:
- feature_ml.read
- feature_siem.read
- feature_siem.read_alerts
- feature_siem.endpoint_list_read
- feature_securitySolutionCases.read
- feature_actions.read
- feature_builtInAlerts.read
- feature_osquery.read
- feature_osquery.run_saved_queries
resources: "*"
t2_analyst:
cluster:
indices:
- names:
- .alerts-security*
- .siem-signals-*
privileges:
- read
- write
- maintenance
- names:
- .lists*
- .items*
- apm-*-transaction*
- traces-apm*
- auditbeat-*
- endgame-*
- filebeat-*
- logs-*
- packetbeat-*
- winlogbeat-*
- metrics-endpoint.metadata_current_*
- .fleet-agents*
- .fleet-actions*
privileges:
- read
applications:
- application: "kibana-.kibana"
privileges:
- feature_ml.read
- feature_siem.read
- feature_siem.read_alerts
- feature_siem.endpoint_list_read
- feature_securitySolutionCases.all
- feature_actions.read
- feature_builtInAlerts.read
- feature_osquery.read
- feature_osquery.run_saved_queries
resources: "*"
t3_analyst:
cluster:
indices:
- names:
- apm-*-transaction*
- traces-apm*
- auditbeat-*
- endgame-*
- filebeat-*
- logs-*
- packetbeat-*
- winlogbeat-*
privileges:
- read
- write
- names:
- .alerts-security*
- .siem-signals-*
privileges:
- read
- write
- names:
- .lists*
- .items*
privileges:
- read
- write
- names:
- metrics-endpoint.metadata_current_*
- .fleet-agents*
- .fleet-actions*
privileges:
- read
applications:
- application: "kibana-.kibana"
privileges:
- feature_ml.read
- feature_siem.all
- feature_siem.read_alerts
- feature_siem.crud_alerts
- feature_siem.endpoint_list_all
- feature_siem.trusted_applications_all
- feature_siem.event_filters_all
- feature_siem.host_isolation_exceptions_all
- feature_siem.blocklist_all
- feature_siem.policy_management_read # Elastic Defend Policy Management
- feature_siem.host_isolation_all
- feature_siem.process_operations_all
- feature_siem.actions_log_management_all # Response actions history
- feature_siem.file_operations_all
- feature_securitySolutionCases.all
- feature_actions.read
- feature_builtInAlerts.all
- feature_osquery.all
resources: "*"
threat_intelligence_analyst:
cluster:
indices:
- names:
- apm-*-transaction*
- traces-apm*
- auditbeat-*
- endgame-*
- filebeat-*
- logs-*
- .lists*
- .items*
- packetbeat-*
- winlogbeat-*
privileges:
- read
- names:
- .alerts-security*
- .siem-signals-*
privileges:
- read
- write
- maintenance
- names:
- metrics-endpoint.metadata_current_*
- .fleet-agents*
- .fleet-actions*
privileges:
- read
applications:
- application: "kibana-.kibana"
privileges:
- feature_ml.read
- feature_siem.read
- feature_siem.read_alerts
- feature_siem.endpoint_list_read
- feature_siem.blocklist_all
- feature_securitySolutionCases.all
- feature_actions.read
- feature_builtInAlerts.read
- feature_osquery.all
resources: "*"
rule_author:
cluster:
indices:
- names:
- apm-*-transaction*
- traces-apm*
- auditbeat-*
- endgame-*
- filebeat-*
- logs-*
- packetbeat-*
- winlogbeat-*
privileges:
- read
- write
- names:
- .alerts-security*
- .siem-signals-*
- .internal.preview.alerts-security*
- .preview.alerts-security*
privileges:
- read
- write
- maintenance
- view_index_metadata
- names:
- .lists*
- .items*
privileges:
- read
- write
- names:
- metrics-endpoint.metadata_current_*
- .fleet-agents*
- .fleet-actions*
privileges:
- read
applications:
- application: "kibana-.kibana"
privileges:
- feature_ml.read
- feature_siem.all
- feature_siem.read_alerts
- feature_siem.crud_alerts
- feature_siem.policy_management_all
- feature_siem.endpoint_list_all
- feature_siem.trusted_applications_all
- feature_siem.event_filters_all
- feature_siem.host_isolation_exceptions_read
- feature_siem.blocklist_all # Elastic Defend Policy Management
- feature_siem.actions_log_management_read
- feature_securitySolutionCases.all
- feature_actions.read
- feature_builtInAlerts.all
- feature_osquery.all
resources: "*"
soc_manager:
cluster:
indices:
- names:
- apm-*-transaction*
- traces-apm*
- auditbeat-*
- endgame-*
- filebeat-*
- logs-*
- packetbeat-*
- winlogbeat-*
privileges:
- read
- write
- names:
- .alerts-security*
- .siem-signals-*
- .preview.alerts-security*
- .internal.preview.alerts-security*
privileges:
- read
- write
- manage
- names:
- .lists*
- .items*
privileges:
- read
- write
- names:
- metrics-endpoint.metadata_current_*
- .fleet-agents*
- .fleet-actions*
privileges:
- read
applications:
- application: "kibana-.kibana"
privileges:
- feature_ml.read
- feature_siem.all
- feature_siem.read_alerts
- feature_siem.crud_alerts
- feature_siem.policy_management_all
- feature_siem.endpoint_list_all
- feature_siem.trusted_applications_all
- feature_siem.event_filters_all
- feature_siem.host_isolation_exceptions_all
- feature_siem.blocklist_all
- feature_siem.host_isolation_all
- feature_siem.process_operations_all
- feature_siem.actions_log_management_all
- feature_siem.file_operations_all
- feature_siem.execute_operations_all
- feature_securitySolutionCases.all
- feature_actions.all
- feature_builtInAlerts.all
- feature_osquery.all
resources: "*"
detections_admin:
cluster:
indices:
- names:
- apm-*-transaction*
- traces-apm*
- auditbeat-*
- endgame-*
- filebeat-*
- logs-*
- packetbeat-*
- winlogbeat-*
- .lists*
- .items*
- .alerts-security*
- .siem-signals-*
- .preview.alerts-security*
- .internal.preview.alerts-security*
privileges:
- read
- write
- manage
- names:
- metrics-endpoint.metadata_current_*
- .fleet-agents*
- .fleet-actions*
privileges:
- read
applications:
- application: "kibana-.kibana"
privileges:
- feature_ml.all
- feature_siem.all
- feature_siem.read_alerts
- feature_siem.crud_alerts
- feature_securitySolutionCases.all
- feature_actions.all
- feature_builtInAlerts.all
- feature_dev_tools.all
resources: "*"
platform_engineer:
cluster:
- manage
indices:
- names:
- apm-*-transaction*
- traces-apm*
- auditbeat-*
- endgame-*
- filebeat-*
- logs-*
- packetbeat-*
- winlogbeat-*
- .lists*
- .items*
- .alerts-security*
- .siem-signals-*
- .preview.alerts-security*
- .internal.preview.alerts-security*
privileges:
- all
applications:
- application: "kibana-.kibana"
privileges:
- feature_ml.all
- feature_siem.all
- feature_siem.read_alerts
- feature_siem.crud_alerts
- feature_siem.policy_management_all
- feature_siem.endpoint_list_all
- feature_siem.trusted_applications_all
- feature_siem.event_filters_all
- feature_siem.host_isolation_exceptions_all
- feature_siem.blocklist_all # Elastic Defend Policy Management
- feature_siem.actions_log_management_read
- feature_securitySolutionCases.all
- feature_actions.all
- feature_builtInAlerts.all
- feature_fleet.all
- feature_fleetv2.all
- feature_osquery.all
resources: "*"
endpoint_operations_analyst:
cluster:
indices:
- names:
- metrics-endpoint.metadata_current_*
- .fleet-agents*
- .fleet-actions*
privileges:
- read
- names:
- apm-*-transaction*
- traces-apm*
- auditbeat-*
- endgame-*
- filebeat-*
- logs-*
- packetbeat-*
- winlogbeat-*
- .lists*
- .items*
privileges:
- read
- names:
- .alerts-security*
- .siem-signals-*
- .preview.alerts-security*
- .internal.preview.alerts-security*
privileges:
- read
- write
applications:
- application: "kibana-.kibana"
privileges:
- feature_ml.read
- feature_siem.all
- feature_siem.read_alerts
- feature_siem.policy_management_all
- feature_siem.endpoint_list_all
- feature_siem.trusted_applications_all
- feature_siem.event_filters_all
- feature_siem.host_isolation_exceptions_all
- feature_siem.blocklist_all
- feature_siem.host_isolation_all
- feature_siem.process_operations_all
- feature_siem.actions_log_management_all # Response History
- feature_siem.file_operations_all
- feature_siem.execute_operations_all # Execute
- feature_securitySolutionCases.all
- feature_actions.all
- feature_builtInAlerts.all
- feature_osquery.all
- feature_fleet.all
- feature_fleetv2.all
resources: "*"
endpoint_policy_manager:
cluster:
indices:
- names:
- metrics-endpoint.metadata_current_*
- .fleet-agents*
- .fleet-actions*
privileges:
- read
- names:
- apm-*-transaction*
- traces-apm*
- auditbeat-*
- endgame-*
- filebeat-*
- logs-*
- packetbeat-*
- winlogbeat-*
- .lists*
- .items*
privileges:
- read
- names:
- .alerts-security*
- .siem-signals-*
- .preview.alerts-security*
- .internal.preview.alerts-security*
privileges:
- read
- write
- manage
applications:
- application: "kibana-.kibana"
privileges:
- feature_ml.all
- feature_siem.all
- feature_siem.read_alerts
- feature_siem.crud_alerts
- feature_siem.policy_management_all
- feature_siem.endpoint_list_all
- feature_siem.trusted_applications_all
- feature_siem.event_filters_all
- feature_siem.host_isolation_exceptions_all
- feature_siem.blocklist_all # Elastic Defend Policy Management
- feature_securitySolutionCases.all
- feature_actions.all
- feature_builtInAlerts.all
- feature_osquery.all
- feature_fleet.all
- feature_fleetv2.all
resources: "*"

13
x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/users Normal file
View file

@ -0,0 +1,13 @@
elastic_serverless:$2a$10$nN6sRtQl2KX9Gn8kV/.NpOLSk6Jwn8TehEDnZ7aaAgzyl/dy5PYzW
system_indices_superuser:$2a$10$nN6sRtQl2KX9Gn8kV/.NpOLSk6Jwn8TehEDnZ7aaAgzyl/dy5PYzW
t1_analyst:$2a$10$nN6sRtQl2KX9Gn8kV/.NpOLSk6Jwn8TehEDnZ7aaAgzyl/dy5PYzW
t2_analyst:$2a$10$nN6sRtQl2KX9Gn8kV/.NpOLSk6Jwn8TehEDnZ7aaAgzyl/dy5PYzW
t3_analyst:$2a$10$nN6sRtQl2KX9Gn8kV/.NpOLSk6Jwn8TehEDnZ7aaAgzyl/dy5PYzW
threat_intelligence_analyst:$2a$10$nN6sRtQl2KX9Gn8kV/.NpOLSk6Jwn8TehEDnZ7aaAgzyl/dy5PYzW
rule_author:$2a$10$nN6sRtQl2KX9Gn8kV/.NpOLSk6Jwn8TehEDnZ7aaAgzyl/dy5PYzW
soc_manager:$2a$10$nN6sRtQl2KX9Gn8kV/.NpOLSk6Jwn8TehEDnZ7aaAgzyl/dy5PYzW
detections_admin:$2a$10$nN6sRtQl2KX9Gn8kV/.NpOLSk6Jwn8TehEDnZ7aaAgzyl/dy5PYzW
platform_engineer:$2a$10$nN6sRtQl2KX9Gn8kV/.NpOLSk6Jwn8TehEDnZ7aaAgzyl/dy5PYzW
endpoint_operations_analyst:$2a$10$nN6sRtQl2KX9Gn8kV/.NpOLSk6Jwn8TehEDnZ7aaAgzyl/dy5PYzW
endpoint_policy_manager:$2a$10$nN6sRtQl2KX9Gn8kV/.NpOLSk6Jwn8TehEDnZ7aaAgzyl/dy5PYzW
reader:$2a$10$nN6sRtQl2KX9Gn8kV/.NpOLSk6Jwn8TehEDnZ7aaAgzyl/dy5PYzW

13
x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/es_serverless_resources/users_roles Normal file
View file

@ -0,0 +1,13 @@
superuser:elastic_serverless
system_indices_superuser:system_indices_superuser
t1_analyst:t1_analyst
t2_analyst:t2_analyst
t3_analyst:t3_analyst
threat_intelligence_analyst:threat_intelligence_analyst
rule_author:rule_author
soc_manager:soc_manager
detections_admin:detections_admin
platform_engineer:platform_engineer
endpoint_operations_analyst:endpoint_operations_analyst
endpoint_policy_manager:endpoint_policy_manager
reader:reader

25
x-pack/plugins/security_solution/scripts/endpoint/common/roles_users/serverless/index.ts Normal file
View file

@ -0,0 +1,25 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { resolve, join } from 'path';
import { readFileSync } from 'fs';
const ES_RESOURCES_DIR = resolve(__dirname, 'es_serverless_resources');
export const ES_RESOURCES = Object.freeze({
roles: join(ES_RESOURCES_DIR, 'roles.yml'),
users: join(ES_RESOURCES_DIR, 'users'),
users_roles: join(ES_RESOURCES_DIR, 'users_roles'),
});
export const ES_LOADED_USERS = readFileSync(ES_RESOURCES.users)
.toString()
.split(/\n/)
.filter((v) => !!v) // Ensure no empty strings
.map((userAndPasswordString) => {
return userAndPasswordString.split(':').at(0);
});

79
x-pack/plugins/security_solution/scripts/endpoint/es_serverless/index.ts Normal file
View file

@ -0,0 +1,79 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { run, type RunContext } from '@kbn/dev-cli-runner';
import { cyan, gray } from 'chalk';
import execa from 'execa';
import { REPO_ROOT } from '@kbn/repo-info';
import { join } from 'path';
import { ColumnLayoutFormatter } from '../common/screen/column_layout_formatter';
import { ES_LOADED_USERS, ES_RESOURCES } from '../common/roles_users/serverless';
export const cli = async () => {
return run(
async (cliContext: RunContext) => {
const exeScript = join(REPO_ROOT, 'scripts', 'es');
const callingArgs = process.argv.slice(2);
if (!callingArgs.includes('serverless')) {
callingArgs.unshift('serverless');
}
callingArgs.push(
...Object.values(ES_RESOURCES).reduce((acc, resourcePath) => {
acc.push('--resources', resourcePath);
return acc;
}, [] as string[])
);
cliContext.log.info(`
Starting ES with supported Security project roles and users.
User accounts available for login:
${
new ColumnLayoutFormatter(
[
['USERNAME', '-'.repeat(20), ...ES_LOADED_USERS.map((u) => cyan(u))].join('\n'),
[
'PASSWORD',
'-'.repeat(20),
' ',
' ',
gray('Password for all'),
gray('accounts set'),
`${gray('to:')} ${cyan('changeme')}`,
].join('\n'),
],
{ separator: ' ', widths: [50, 40] }
).output
}
`);
cliContext.log.info(gray(`node ${exeScript} ${callingArgs.join(' ')}`));
await execa.node(exeScript, callingArgs, {
stderr: 'inherit',
stdout: 'inherit',
});
},
{
description: `ES serverless start script for Security project.
This is a bypass utility that calls ${cyan('yarn es serverless')} along with some default options
that will enable users and roles to be loaded into ES.
`,
flags: {
allowUnexpected: true,
help: `
Any option supported by ${cyan('yarn es')} can also be used with this utility.
For more on ${cyan('yarn es')} usage, enter: ${cyan('yarn es --help')}
`,
},
}
);
};

9
x-pack/plugins/security_solution/scripts/endpoint/start_es_serverless_with_security_users.js Normal file
View file

@ -0,0 +1,9 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
require('../../../../../src/setup_node_env');
require('./es_serverless').cli();