No longer creating the roles on start-up (#19799)

elastic · Jun 11, 2018 · 117b0d4 · 117b0d4
1 parent 4b3c6ba
commit 117b0d4
Show file tree

Hide file tree

Showing 5 changed files with 30 additions and 291 deletions.
diff --git a/x-pack/plugins/security/index.js b/x-pack/plugins/security/index.js
@@ -18,7 +18,6 @@ import { checkLicense } from './server/lib/check_license';
 import { initAuthenticator } from './server/lib/authentication/authenticator';
 import { mirrorStatusAndInitialize } from './server/lib/mirror_status_and_initialize';
 import { registerPrivilegesWithCluster } from './server/lib/privileges';
-import { createDefaultRoles } from './server/lib/authorization/create_default_roles';
 import { initPrivilegesApi } from './server/routes/api/v1/privileges';
 import { hasPrivilegesWithServer } from './server/lib/authorization/has_privileges';
 import { SecurityAuditLogger } from './server/lib/audit_logger';
@@ -46,7 +45,6 @@ export const security = (kibana) => new kibana.Plugin({
       }).default(),
       rbac: Joi.object({
         enabled: Joi.boolean().default(false),
-        createDefaultRoles: Joi.boolean().default(true),
         application: Joi.string().default('kibana').regex(
           /[a-zA-Z0-9-_]+/,
           `may contain alphanumeric characters (a-z, A-Z, 0-9), underscores and hyphens`
@@ -99,7 +97,6 @@ export const security = (kibana) => new kibana.Plugin({
       }
 
       await registerPrivilegesWithCluster(server);
-      await createDefaultRoles(server);
     });
 
     // Register a function that is called whenever the xpack info changes,

diff --git a/...plugins/security/server/lib/authorization/__snapshots__/create_default_roles.test.js.snap b/...plugins/security/server/lib/authorization/__snapshots__/create_default_roles.test.js.snap
diff --git a/x-pack/plugins/security/server/lib/authorization/create_default_roles.js b/x-pack/plugins/security/server/lib/authorization/create_default_roles.js
diff --git a/x-pack/plugins/security/server/lib/authorization/create_default_roles.test.js b/x-pack/plugins/security/server/lib/authorization/create_default_roles.test.js
diff --git a/x-pack/test/rbac_api_integration/apis/saved_objects/index.js b/x-pack/test/rbac_api_integration/apis/saved_objects/index.js
@@ -11,6 +11,36 @@ export default function ({ loadTestFile, getService }) {
 
   describe('saved_objects', () => {
     before(async () => {
+      await es.shield.putRole({
+        name: 'kibana_rbac_user',
+        body: {
+          cluster: [],
+          index: [],
+          applications: [
+            {
+              application: 'kibana',
+              privileges: [ 'all' ],
+              resources: [ 'default' ]
+            }
+          ]
+        }
+      });
+
+      await es.shield.putRole({
+        name: 'kibana_rbac_dashboard_only_user',
+        body: {
+          cluster: [],
+          index: [],
+          applications: [
+            {
+              application: 'kibana',
+              privileges: [ 'read' ],
+              resources: [ 'default' ]
+            }
+          ]
+        }
+      });
+
       await es.shield.putUser({
         username: AUTHENTICATION.NOT_A_KIBANA_USER.USERNAME,
         body: {