search

TomonoriSoejima / Tejun

notes related to working cases
5 stars 3 forks source link

making fleet capable key #174

Open TomonoriSoejima opened 2 months ago

TomonoriSoejima commented 2 months ago 
POST /_security/api_key
{
  "name": "fleet-write-access-api-key",
  "expiration": "1d", // Optional: Adjust the expiration as needed.
  "role_descriptors": {
    "fleet_management_role": {
      "cluster": ["all"], // Adjust if more specific cluster privileges are needed.
      "indices": [
        {
          "names": [".fleet-*"], // This matches all Fleet-related indices.
          "privileges": ["read", "write", "index", "create", "delete"]
        }
      ],
      "applications": [
        {
          "application": "kibana-.kibana",
          "privileges": [
        "login:",
        "api:integrations-read",
        "api:integrations-all",
        "app:integrations",
        "ui:catalogue/fleet",
        "ui:navLinks/integrations",
        "saved_object:ingest-outputs/bulk_get",
        "saved_object:ingest-outputs/get",
        "saved_object:ingest-outputs/find",
        "saved_object:ingest-outputs/open_point_in_time",
        "saved_object:ingest-outputs/close_point_in_time",
        "saved_object:ingest-outputs/create",
        "saved_object:ingest-outputs/bulk_create",
        "saved_object:ingest-outputs/update",
        "saved_object:ingest-outputs/bulk_update",
        "saved_object:ingest-outputs/delete",
        "saved_object:ingest-outputs/bulk_delete",
        "saved_object:ingest-outputs/share_to_space",
        "saved_object:ingest-agent-policies/bulk_get",
        "saved_object:ingest-agent-policies/get",
        "saved_object:ingest-agent-policies/find",
        "saved_object:ingest-agent-policies/open_point_in_time",
        "saved_object:ingest-agent-policies/close_point_in_time",
        "saved_object:ingest-agent-policies/create",
        "saved_object:ingest-agent-policies/bulk_create",
        "saved_object:ingest-agent-policies/update",
        "saved_object:ingest-agent-policies/bulk_update",
        "saved_object:ingest-agent-policies/delete",
        "saved_object:ingest-agent-policies/bulk_delete",
        "saved_object:ingest-agent-policies/share_to_space",
        "saved_object:ingest-package-policies/bulk_get",
        "saved_object:ingest-package-policies/get",
        "saved_object:ingest-package-policies/find",
        "saved_object:ingest-package-policies/open_point_in_time",
        "saved_object:ingest-package-policies/close_point_in_time",
        "saved_object:ingest-package-policies/create",
        "saved_object:ingest-package-policies/bulk_create",
        "saved_object:ingest-package-policies/update",
        "saved_object:ingest-package-policies/bulk_update",
        "saved_object:ingest-package-policies/delete",
        "saved_object:ingest-package-policies/bulk_delete",
        "saved_object:ingest-package-policies/share_to_space",
        "saved_object:epm-packages/bulk_get",
        "saved_object:epm-packages/get",
        "saved_object:epm-packages/find",
        "saved_object:epm-packages/open_point_in_time",
        "saved_object:epm-packages/close_point_in_time",
        "saved_object:epm-packages/create",
        "saved_object:epm-packages/bulk_create",
        "saved_object:epm-packages/update",
        "saved_object:epm-packages/bulk_update",
        "saved_object:epm-packages/delete",
        "saved_object:epm-packages/bulk_delete",
        "saved_object:epm-packages/share_to_space",
        "saved_object:epm-packages-assets/bulk_get",
        "saved_object:epm-packages-assets/get",
        "saved_object:epm-packages-assets/find",
        "saved_object:epm-packages-assets/open_point_in_time",
        "saved_object:epm-packages-assets/close_point_in_time",
        "saved_object:epm-packages-assets/create",
        "saved_object:epm-packages-assets/bulk_create",
        "saved_object:epm-packages-assets/update",
        "saved_object:epm-packages-assets/bulk_update",
        "saved_object:epm-packages-assets/delete",
        "saved_object:epm-packages-assets/bulk_delete",
        "saved_object:epm-packages-assets/share_to_space",
        "saved_object:fleet-preconfiguration-deletion-record/bulk_get",
        "saved_object:fleet-preconfiguration-deletion-record/get",
        "saved_object:fleet-preconfiguration-deletion-record/find",
        "saved_object:fleet-preconfiguration-deletion-record/open_point_in_time",
        "saved_object:fleet-preconfiguration-deletion-record/close_point_in_time",
        "saved_object:fleet-preconfiguration-deletion-record/create",
        "saved_object:fleet-preconfiguration-deletion-record/bulk_create",
        "saved_object:fleet-preconfiguration-deletion-record/update",
        "saved_object:fleet-preconfiguration-deletion-record/bulk_update",
        "saved_object:fleet-preconfiguration-deletion-record/delete",
        "saved_object:fleet-preconfiguration-deletion-record/bulk_delete",
        "saved_object:fleet-preconfiguration-deletion-record/share_to_space",
        "saved_object:ingest-download-sources/bulk_get",
        "saved_object:ingest-download-sources/get",
        "saved_object:ingest-download-sources/find",
        "saved_object:ingest-download-sources/open_point_in_time",
        "saved_object:ingest-download-sources/close_point_in_time",
        "saved_object:ingest-download-sources/create",
        "saved_object:ingest-download-sources/bulk_create",
        "saved_object:ingest-download-sources/update",
        "saved_object:ingest-download-sources/bulk_update",
        "saved_object:ingest-download-sources/delete",
        "saved_object:ingest-download-sources/bulk_delete",
        "saved_object:ingest-download-sources/share_to_space",
        "saved_object:fleet-fleet-server-host/bulk_get",
        "saved_object:fleet-fleet-server-host/get",
        "saved_object:fleet-fleet-server-host/find",
        "saved_object:fleet-fleet-server-host/open_point_in_time",
        "saved_object:fleet-fleet-server-host/close_point_in_time",
        "saved_object:fleet-fleet-server-host/create",
        "saved_object:fleet-fleet-server-host/bulk_create",
        "saved_object:fleet-fleet-server-host/update",
        "saved_object:fleet-fleet-server-host/bulk_update",
        "saved_object:fleet-fleet-server-host/delete",
        "saved_object:fleet-fleet-server-host/bulk_delete",
        "saved_object:fleet-fleet-server-host/share_to_space",
        "saved_object:fleet-proxy/bulk_get",
        "saved_object:fleet-proxy/get",
        "saved_object:fleet-proxy/find",
        "saved_object:fleet-proxy/open_point_in_time",
        "saved_object:fleet-proxy/close_point_in_time",
        "saved_object:fleet-proxy/create",
        "saved_object:fleet-proxy/bulk_create",
        "saved_object:fleet-proxy/update",
        "saved_object:fleet-proxy/bulk_update",
        "saved_object:fleet-proxy/delete",
        "saved_object:fleet-proxy/bulk_delete",
        "saved_object:fleet-proxy/share_to_space",
        "saved_object:telemetry/bulk_get",
        "saved_object:telemetry/get",
        "saved_object:telemetry/find",
        "saved_object:telemetry/open_point_in_time",
        "saved_object:telemetry/close_point_in_time",
        "saved_object:telemetry/create",
        "saved_object:telemetry/bulk_create",
        "saved_object:telemetry/update",
        "saved_object:telemetry/bulk_update",
        "saved_object:telemetry/delete",
        "saved_object:telemetry/bulk_delete",
        "saved_object:telemetry/share_to_space",
        "saved_object:config/bulk_get",
        "saved_object:config/get",
        "saved_object:config/find",
        "saved_object:config/open_point_in_time",
        "saved_object:config/close_point_in_time",
        "saved_object:config-global/bulk_get",
        "saved_object:config-global/get",
        "saved_object:config-global/find",
        "saved_object:config-global/open_point_in_time",
        "saved_object:config-global/close_point_in_time",
        "saved_object:url/bulk_get",
        "saved_object:url/get",
        "saved_object:url/find",
        "saved_object:url/open_point_in_time",
        "saved_object:url/close_point_in_time",
        "ui:fleet/read",
        "ui:fleet/all"
      ],
          "resources": ["space:default"] // Specify the space as needed, e.g., "space:default".
        }
      ],
      "run_as": [], // Specify users the API key can run as, if necessary.
      "metadata": {}, // Optional metadata for the API key.
      "transient_metadata": { "enabled": true }
    }
  }
}
TomonoriSoejima commented 2 months ago 
POST /_security/api_key
{
  "name": "fleet-api-key",
  "role_descriptors": {
    "fleet_agent_policy_writer": {
      "cluster": ["manage_api_key", "monitor", "manage_security"],
      "index": [
        {
          "names": [".fleet-*"],
          "privileges": ["all"]
        }
      ]
    }
  }
}