github.com/verrazzano/verrazzano@v1.7.0/platform-operator/thirdparty/manifests/opensearch-operator/opensearch-securityconfig.yaml (about) 1 apiVersion: v1 2 kind: Secret 3 metadata: 4 name: securityconfig-secret 5 namespace: verrazzano-logging 6 type: Opaque 7 stringData: 8 action_groups.yml: |- 9 _meta: 10 type: "actiongroups" 11 config_version: 2 12 internal_users.yml: |- 13 _meta: 14 type: "internalusers" 15 config_version: 2 16 admin: 17 hash: 18 reserved: true 19 backend_roles: 20 - "admin" 21 description: "Admin user" 22 nodes_dn.yml: |- 23 _meta: 24 type: "nodesdn" 25 config_version: 2 26 whitelist.yml: |- 27 _meta: 28 type: "whitelist" 29 config_version: 2 30 tenants.yml: |- 31 _meta: 32 type: "tenants" 33 config_version: 2 34 roles_mapping.yml: |- 35 _meta: 36 type: "rolesmapping" 37 config_version: 2 38 all_access: 39 reserved: false 40 backend_roles: 41 - "admin" 42 description: "Maps admin to all_access" 43 vz_log_pusher: 44 reserved: false 45 backend_roles: 46 - "vz_log_pusher" 47 description: "Role for fluentd to push logs" 48 own_index: 49 reserved: false 50 users: 51 - "*" 52 description: "Allow full access to an index named like the username" 53 readall: 54 reserved: false 55 backend_roles: 56 - "readall" 57 manage_snapshots: 58 reserved: false 59 backend_roles: 60 - "snapshotrestore" 61 dashboard_server: 62 reserved: true 63 users: 64 - "dashboarduser" 65 roles.yml: |- 66 _meta: 67 type: "roles" 68 config_version: 2 69 vz_log_pusher: 70 reserved: false 71 hidden: false 72 cluster_permissions: 73 - "cluster:monitor/main" 74 - "cluster:monitor/state" 75 - "cluster:monitor/health" 76 - "cluster_manage_index_templates" 77 - "indices:admin/index_template/get" 78 - "indices:admin/index_template/put" 79 - "indices:admin/mapping/put" 80 - "indices:admin/mapping/get" 81 - "indices:admin/create" 82 index_permissions: 83 - index_patterns: 84 - "*verrazzano*" 85 allowed_actions: 86 - indices_all 87 config.yml: |- 88 _meta: 89 type: "config" 90 config_version: "2" 91 config: 92 dynamic: 93 kibana: 94 multitenancy_enabled: false 95 http: 96 anonymous_auth_enabled: false 97 xff: 98 enabled: true 99 internalProxies: '.*' 100 remoteIpHeader: 'x-forwarded-for' 101 authc: 102 vz_proxy_auth_domain: 103 description: "Authenticate via Verrazzano proxy" 104 http_enabled: true 105 transport_enabled: true 106 order: 0 107 http_authenticator: 108 type: proxy 109 challenge: false 110 config: 111 user_header: "X-WEBAUTH-USER" 112 roles_header: "x-proxy-roles" 113 authentication_backend: 114 type: noop 115 vz_basic_internal_auth_domain: 116 description: "Authenticate via HTTP Basic against internal users database" 117 http_enabled: true 118 transport_enabled: true 119 order: 1 120 http_authenticator: 121 type: basic 122 challenge: false 123 authentication_backend: 124 type: intern 125 vz_clientcert_auth_domain: 126 description: "Authenticate via SSL client certificates" 127 http_enabled: true 128 transport_enabled: true 129 order: 2 130 http_authenticator: 131 type: clientcert 132 config: 133 enforce_hostname_verification: false 134 username_attribute: cn 135 challenge: false 136 authentication_backend: 137 type: noop