compliantkubernetes-apps
compliantkubernetes-apps copied to clipboard
elastisys
Users can not create alert monitors with index per namespace enabled
Describe the bug
Users mapped to alerting_full_access can not create alert monitors when index per namespace is enabled.
The users can not select an index in the "data source" tab.
These are the required index permissions:
indices_monitor
indices:admin/aliases/get
indices:admin/mappings/get
Problem is that when you grant those permissions to these indices (which we use for other roles):
/^(?!kube-system|gatekeeper-system|other|authlog|\.).*/
the users are still not able to pick any index as datasource when creating an alerting monitor.
It only works if you grant them those permissions on all indices, *.
To Reproduce Steps to reproduce the behavior:
- Enable index per namespace
- Log in to Opensearch as a user mapped to roles
kibana_user,kubernetes_log_reader&alerting_full_access. (Most common non-cluster-admin permissions) - Go to Alerting -> Monitors -> Click "Create monitor"
- Try to pick an index (or index pattern) as a datasource.
Expected behavior
User with alerting_full_access should be albe to create alerting monitors, with index per namespace enabled.
Version (add all relevant versions):
- Compliant kubernetes apps version [v0.29.1]
Waiting for reply to issue upstream
Issue seems to occur with or without index per namespace and no matter what you specify other than "*".
Checked back in on this when upgrading the chart - Seems that you can search for indices and select them that way, but the drop-down menu still isn't working correctly.