mirror of
https://github.com/elastic/kibana.git
synced 2025-04-24 17:59:23 -04:00
c8608461ae
## Summary
This PR adds a new `POST security/roles` API that can be used to bulk
create or update roles.
## How to test
1. Create empty roles
```
POST kbn:/api/security/roles
{
"roles": {
"bulk_role_1": {},
"bulk_role_2": {}
}
}
```
<details>
<summary>2. Create roles with Kibana and ES privileges</summary>
POST kbn:/api/security/roles
{
"roles": {
"bulk_role_with_privilege_1": {
"elasticsearch": {
"cluster": ["manage"],
"indices": [
{
"names": ["logstash-*"],
"privileges": ["read", "view_index_metadata"]
}
],
"run_as": ["watcher_user"]
},
"kibana": [
{
"base": ["read"]
},
{
"feature": {
"dashboard": ["read"],
"discover": ["all"],
"ml": ["all"]
},
"spaces": ["marketing", "sales"]
}
]
},
"bulk_role_with_privilege_2": {
"elasticsearch": {
"cluster": ["manage"],
"indices": [
{
"names": ["logstash-*"],
"privileges": ["read", "view_index_metadata"]
}
],
"run_as": ["watcher_user"]
},
"kibana": [
{
"base": ["read"]
},
{
"feature": {
"dashboard": ["read"],
"discover": ["all"],
"ml": ["all"]
},
"spaces": ["marketing", "sales"]
}
]
}
}
}
</details>
<details>
<summary>3. Create roles failing validation </summary>
POST kbn:/api/security/roles
{
"roles": {
"bulk_role_es_invalid": {
"elasticsearch": {
"cluster": ["bla"]
}
},
"bulk_role_kibana_invalid": {
"kibana": [
{
"spaces": ["bar-space"],
"base": [],
"feature": {
"fleetv2": ["all", "read"]
}
}
]
},
"bulk_role_valid": {
"elasticsearch": {
"cluster": ["all"]
}
}
}
}
</details>
<details>
<summary>4. Check validation for license (under basic license should
return security_exception) </summary>
POST kbn:/api/security/roles
{
"roles": {
"role_with_privileges_dls_fls": {
"metadata": {
"foo": "test-metadata"
},
"elasticsearch": {
"cluster": ["manage"],
"indices": [
{
"field_security": {
"grant": ["*"],
"except": ["geo.*"]
},
"names": ["logstash-*"],
"privileges": ["read", "view_index_metadata"],
"query": "{ \"match\": { \"geo.src\": \"CN\" } }"
}
],
"run_as": ["watcher_user"]
}
}
}
}
</details>
### Checklist
- [x]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
__Fixes: https://github.com/elastic/kibana/issues/187427__
## Release Notes
Added API endpoint `POST security/roles` that can be used to bulk create
or update roles.
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
|
||
|---|---|---|
| .. | ||
| actions-and-connectors | ||
| alerting | ||
| cases | ||
| dashboard | ||
| data-views | ||
| index-patterns | ||
| logstash-configuration-management | ||
| machine-learning | ||
| osquery-manager | ||
| role-management | ||
| saved-objects | ||
| session-management | ||
| short-urls | ||
| spaces-management | ||
| synthetics | ||
| task-manager | ||
| upgrade-assistant | ||
| uptime | ||
| actions-and-connectors.asciidoc | ||
| alerting.asciidoc | ||
| cases.asciidoc | ||
| dashboard-api.asciidoc | ||
| data-views.asciidoc | ||
| features.asciidoc | ||
| index-patterns.asciidoc | ||
| logstash-configuration-management.asciidoc | ||
| machine-learning.asciidoc | ||
| osquery-manager.asciidoc | ||
| role-management.asciidoc | ||
| saved-objects.asciidoc | ||
| session-management.asciidoc | ||
| short-urls.asciidoc | ||
| spaces-management.asciidoc | ||
| upgrade-assistant.asciidoc | ||
| uptime-api.asciidoc | ||