Skip to content

Commit 151d778

Browse files
aleksmausaleksmaus
authored
Add "maintenance" permission to the fleet-server service account (#82125) (#82138)
* Add "maintenance" permission to the fleet-server service account * Fix tests
1 parent 93f0c26 commit 151d778

3 files changed

Lines changed: 6 additions & 3 deletions

File tree

x-pack/docs/en/rest-api/security/get-service-accounts.asciidoc

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -93,7 +93,8 @@ GET /_security/service/elastic/fleet-server
9393
"write",
9494
"monitor",
9595
"create_index",
96-
"auto_configure"
96+
"auto_configure",
97+
"maintenance"
9798
],
9899
"allow_restricted_indices": true
99100
}

x-pack/plugin/security/qa/service-account/src/javaRestTest/java/org/elasticsearch/xpack/security/authc/service/ServiceAccountIT.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -110,7 +110,8 @@ public class ServiceAccountIT extends ESRestTestCase {
110110
"write",
111111
"monitor",
112112
"create_index",
113-
"auto_configure"
113+
"auto_configure",
114+
"maintenance"
114115
],
115116
"allow_restricted_indices": true
116117
}

x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/service/ElasticServiceAccounts.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,8 @@ final class ElasticServiceAccounts {
4141
.build(),
4242
RoleDescriptor.IndicesPrivileges.builder()
4343
.indices(".fleet-*")
44-
.privileges("read", "write", "monitor", "create_index", "auto_configure")
44+
// Fleet Server needs "maintenance" privilege to be able to perform operations with "refresh"
45+
.privileges("read", "write", "monitor", "create_index", "auto_configure", "maintenance")
4546
.allowRestrictedIndices(true)
4647
.build() },
4748
new RoleDescriptor.ApplicationResourcePrivileges[] {

0 commit comments

Comments
 (0)