github-mirrors/logstash
1
0
Fork 0
mirror of https://github.com/elastic/logstash.git synced 2025-04-24 14:47:19 -04:00
Code Issues Projects Releases Packages Wiki Activity

[7x backport] document system indices api privilege (#12393)

Browse source 
backport #12388 #12391
This commit is contained in:
kaisecheng 2020-10-29 09:49:52 +01:00 committed by GitHub
parent a02b7e13c5
commit c96543b010
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

11
docs/static/security/logstash.asciidoc vendored
View file

@ -123,16 +123,9 @@ privileges for the Logstash indices. You can create roles from the
---------------------------------------------------------------
POST _xpack/security/role/logstash_reader
{
"indices": [
{
"names": [ "logstash-*" ], <1>
"privileges": ["read","view_index_metadata"]
}
]
"cluster": ["manage_logstash_pipelines"]
}
---------------------------------------------------------------
<1> If you use a custom Logstash index pattern, specify that pattern
instead of the default `logstash-*` pattern.
. Assign your Logstash users the `logstash_reader` role. If the Logstash user
will be using
@ -149,7 +142,7 @@ POST _xpack/security/user/logstash_user
"full_name" : "Kibana User for Logstash"
}
---------------------------------------------------------------
<1> `logstash_admin` is a built-in role that provides access to `.logstash-*`
<1> `logstash_admin` is a built-in role that provides access to system
indices for managing configurations.
[float]

8
docs/static/settings/configuration-management-settings.asciidoc vendored
View file

@ -53,8 +53,10 @@ section in your Logstash configuration, or a different one. Defaults to
If your {es} cluster is protected with basic authentication, these settings
provide the username and password that the Logstash instance uses to
authenticate for accessing the configuration data. The username you specify here
should have the built-in `logstash_admin` role and the customized `logstash_writer` role, which provides access to `.logstash-*`
indices for managing configurations.
should have the built-in `logstash_admin` role and the customized `logstash_writer` role, which provides access to system
indices for managing configurations. Starting with Elasticsearch version 7.10.0, the
`logstash_admin` role inherits the `manage_logstash_pipelines` cluster privilege for centralized pipeline management.
If a user has created their own roles and granted them access to the .logstash index, those roles will continue to work in 7.x but will need to be updated for 8.0.
`xpack.management.elasticsearch.proxy`::
@ -98,7 +100,7 @@ This setting is an alternative to both `xpack.management.elasticsearch.username`
and `xpack.management.elasticsearch.password`. If `cloud_auth` is configured,
those settings should not be used.
The credentials you specify here should be for a user with the `logstash_admin` role, which
provides access to `.logstash-*` indices for managing configurations.
provides access to system indices for managing configurations.
`xpack.management.elasticsearch.api_key`::