From a1dd587d6a5204030bc266d371e6ec9fa7c95d7b Mon Sep 17 00:00:00 2001
From: Edwin Lawrance <Edwin.Lawrance@amdocs.com>
Date: Tue, 5 Mar 2019 10:30:33 +0000
Subject: Add Searchguard OOM config to ElasticSearch

Change-Id: I3c4d0c82882b2f064a6ad3610c0f699d8af50632
Issue-ID: AAI-2203
Signed-off-by: Edwin Lawrance <Edwin.Lawrance@amdocs.com>
---
 .../resources/config/sg/sg_roles_mapping.yml       | 38 ++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 kubernetes/aai/charts/aai-elasticsearch/resources/config/sg/sg_roles_mapping.yml

(limited to 'kubernetes/aai/charts/aai-elasticsearch/resources/config/sg/sg_roles_mapping.yml')

diff --git a/kubernetes/aai/charts/aai-elasticsearch/resources/config/sg/sg_roles_mapping.yml b/kubernetes/aai/charts/aai-elasticsearch/resources/config/sg/sg_roles_mapping.yml
new file mode 100644
index 0000000000..970e02763b
--- /dev/null
+++ b/kubernetes/aai/charts/aai-elasticsearch/resources/config/sg/sg_roles_mapping.yml
@@ -0,0 +1,38 @@
+# In this file users, backendroles and hosts can be mapped to Search Guard roles.
+# Permissions for Search Guard roles are configured in sg_roles.yml
+
+sg_all_access:
+  readonly: true
+  backendroles:
+    - admin
+
+sg_logstash:
+  backendroles:
+    - logstash
+    
+sg_kibana_server:
+  readonly: true
+  users:
+    - kibanaserver
+    
+sg_kibana_user:
+  backendroles:
+    - kibanauser
+
+sg_readall:
+  readonly: true
+  backendroles:
+    - readall
+
+sg_manage_snapshots:
+  readonly: true
+  backendroles:
+    - snapshotrestore
+
+sg_own_index:
+  users:
+    - '*'
+
+sg_role_test:
+  users:
+    - test
-- 
cgit 1.2.3-korg