Add Searchguard OOM config to ElasticSearch

Change-Id: I3c4d0c82882b2f064a6ad3610c0f699d8af50632 Issue-ID: AAI-2203 Signed-off-by: Edwin Lawrance <Edwin.Lawrance@amdocs.com>
author: Edwin Lawrance <Edwin.Lawrance@amdocs.com> 2019-03-05 10:30:33 +0000
committer: Edwin Lawrance <Edwin.Lawrance@amdocs.com> 2019-03-05 14:55:20 +0000
commit: a1dd587d6a5204030bc266d371e6ec9fa7c95d7b (patch)
tree: 8840b7b88601ef13ea879235ec7afac51d8b2e16 /kubernetes/aai/charts/aai-elasticsearch/resources/config/sg/sg_roles_mapping.yml
parent: 827c5c38d3065e469e2a9605df5b3d114ef87ba8 (diff)
1 files changed, 38 insertions, 0 deletions
diff --git a/kubernetes/aai/charts/aai-elasticsearch/resources/config/sg/sg_roles_mapping.yml b/kubernetes/aai/charts/aai-elasticsearch/resources/config/sg/sg_roles_mapping.yml
new file mode 100644
index 0000000000..970e02763b
--- /dev/null
+++ b/kubernetes/aai/charts/aai-elasticsearch/resources/config/sg/sg_roles_mapping.yml
@@ -0,0 +1,38 @@
+# In this file users, backendroles and hosts can be mapped to Search Guard roles.
+# Permissions for Search Guard roles are configured in sg_roles.yml
+
+sg_all_access:
+  readonly: true
+  backendroles:
+    - admin
+
+sg_logstash:
+  backendroles:
+    - logstash
+    
+sg_kibana_server:
+  readonly: true
+  users:
+    - kibanaserver
+    
+sg_kibana_user:
+  backendroles:
+    - kibanauser
+
+sg_readall:
+  readonly: true
+  backendroles:
+    - readall
+
+sg_manage_snapshots:
+  readonly: true
+  backendroles:
+    - snapshotrestore
+
+sg_own_index:
+  users:
+    - '*'
+
+sg_role_test:
+  users:
+    - test
author	Edwin Lawrance <Edwin.Lawrance@amdocs.com>	2019-03-05 10:30:33 +0000
committer	Edwin Lawrance <Edwin.Lawrance@amdocs.com>	2019-03-05 14:55:20 +0000
commit	a1dd587d6a5204030bc266d371e6ec9fa7c95d7b (patch)
tree	8840b7b88601ef13ea879235ec7afac51d8b2e16 /kubernetes/aai/charts/aai-elasticsearch/resources/config/sg/sg_roles_mapping.yml
parent	827c5c38d3065e469e2a9605df5b3d114ef87ba8 (diff)