From 52f67d787f7df1ef2aa533559e60d97e20fb93af Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 27 Apr 2022 12:41:54 +1000 Subject: [PATCH 1/2] cluster_permissions has no allowed_actions --- services/api/src/resources/group/opendistroSecurity.ts | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/services/api/src/resources/group/opendistroSecurity.ts b/services/api/src/resources/group/opendistroSecurity.ts index f218b96ea0..12e0e0b894 100644 --- a/services/api/src/resources/group/opendistroSecurity.ts +++ b/services/api/src/resources/group/opendistroSecurity.ts @@ -43,9 +43,7 @@ export const OpendistroSecurityOperations = ( const groupProjectPermissions = { body: { cluster_permissions: [ - { - allowed_actions: ['cluster:admin/opendistro/reports/menu/download'] - } + 'cluster:admin/opendistro/reports/menu/download' ], index_permissions: [ { From a51fa3980e50e321aa11bcc67855f51d84ce15a8 Mon Sep 17 00:00:00 2001 From: Toby Bellwood Date: Wed, 27 Apr 2022 19:49:48 +1000 Subject: [PATCH 2/2] add roleMapping to tenant creation step --- services/api/src/resources/group/opendistroSecurity.ts | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/services/api/src/resources/group/opendistroSecurity.ts b/services/api/src/resources/group/opendistroSecurity.ts index 12e0e0b894..3e269137ab 100644 --- a/services/api/src/resources/group/opendistroSecurity.ts +++ b/services/api/src/resources/group/opendistroSecurity.ts @@ -94,6 +94,14 @@ export const OpendistroSecurityOperations = ( logger.debug(`${groupName}: Created Tenant "${tenantName}"`); } catch (err) { logger.error(`Opendistro-Security create tenant error: ${err}`); + }; + + try { + // Create a new RoleMapping for this Group + await opendistroSecurityClient.put(`rolesmapping/${tenantName}`, { body: { backend_roles: [`${tenantName}`] } }); + logger.debug(`${groupName}: Created RoleMapping "${tenantName}"`); + } catch (err) { + logger.error(`Opendistro-Security create rolemapping error: ${err}`); } }