Additional logging in role loader and fixing of YAML

paul-tavares · Jul 25, 2023 · e0d00ac · e0d00ac
1 parent ab29f37
commit e0d00ac
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 14 deletions.
diff --git a/...ck/test_serverless/shared/lib/security/kibana_roles/project_controller_security_roles.yml b/...ck/test_serverless/shared/lib/security/kibana_roles/project_controller_security_roles.yml
@@ -1,4 +1,12 @@
+# -----
 # Source: https://github.com/elastic/project-controller/blob/main/internal/project/security/config/roles.yml
+#
+# Changes that needed to be done locally here:
+#
+# 1. indentation of 'privileges' for role endpoint_operations_manager was not correct
+# 2. instances of 'application.spaces.privileges[0]' of '*' were changed to 'all'
+#
+# -----
 t1_analyst:
   cluster:
   indices:
@@ -48,7 +56,7 @@ t1_analyst:
       resources: "*"
     - application: spaces
       privileges:
-        - "*"
+        - all
       resources: "*"
 
 t2_analyst:
@@ -102,7 +110,7 @@ t2_analyst:
       resources: "*"
     - application: spaces
       privileges:
-        - "*"
+        - all
       resources: "*"
 
 t3_analyst:
@@ -177,7 +185,7 @@ t3_analyst:
       resources: "*"
     - application: spaces
       privileges:
-        - "*"
+        - all
       resources: "*"
 
 threat_intelligence_analyst:
@@ -234,7 +242,7 @@ threat_intelligence_analyst:
       resources: "*"
     - application: spaces
       privileges:
-        - "*"
+        - all
       resources: "*"
 
 rule_author:
@@ -306,7 +314,7 @@ rule_author:
       resources: "*"
     - application: spaces
       privileges:
-        - "*"
+        - all
       resources: "*"
 
 soc_manager:
@@ -381,7 +389,7 @@ soc_manager:
       resources: "*"
     - application: spaces
       privileges:
-        - "*"
+        - all
       resources: "*"
 
 detections_admin:
@@ -441,7 +449,7 @@ detections_admin:
       resources: "*"
     - application: spaces
       privileges:
-        - "*"
+        - all
       resources: "*"
 
 platform_engineer:
@@ -497,7 +505,7 @@ platform_engineer:
       resources: "*"
     - application: spaces
       privileges:
-        - "*"
+        - all
       resources: "*"
 
 endpoint_operations_manager:

diff --git a/x-pack/test_serverless/shared/lib/security/kibana_roles/role_loader.ts b/x-pack/test_serverless/shared/lib/security/kibana_roles/role_loader.ts
@@ -17,7 +17,7 @@ import {
   ServerlessSecurityRoles,
 } from './kibana_roles';
 
-const igonoreHttp409Error = (error: AxiosError) => {
+const ignoreHttp409Error = (error: AxiosError) => {
   if (error?.response?.status === 409) {
     return;
   }
@@ -67,11 +67,15 @@ export class RoleAndUserLoader<R extends Record<string, Role> = Record<string, R
     await this.kbnClient
       .request({
         method: 'PUT',
-        path: `/api/security/role/${roleName}?createOnly=true`,
+        path: `/api/security/role/${roleName}`,
         body: roleDefinition,
       })
-      .catch(igonoreHttp409Error)
-      .catch(this.logPromiseError);
+      .catch(ignoreHttp409Error)
+      .catch(this.logPromiseError)
+      .then((response) => {
+        this.logger.info(`Role [${role}] created/updated`, response?.data);
+        return response;
+      });
   }
 
   private async createUser(
@@ -95,8 +99,12 @@ export class RoleAndUserLoader<R extends Record<string, Role> = Record<string, R
         path: `/internal/security/users/${username}`,
         body: user,
       })
-      .catch(igonoreHttp409Error)
-      .catch(this.logPromiseError);
+      .catch(ignoreHttp409Error)
+      .catch(this.logPromiseError)
+      .then((response) => {
+        this.logger.info(`User [${username}] created/updated`, response?.data);
+        return response;
+      });
   }
 }