Skip to content

Commit 4534502

Browse files
markdboydmarkdboyd
committed
add shell var for directory of opensearch security config
1 parent 52dba7f commit 4534502

File tree

1 file changed

+6
-5
lines changed

1 file changed

+6
-5
lines changed

jobs/opensearch/templates/bin/pre-start.erb

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@ export JOB_DIR=/var/vcap/jobs/$JOB_NAME
66
export OPENSEARCH_PATH_CONF=${JOB_DIR}/config
77
export YQ_PACKAGE_DIR=/var/vcap/packages/yq
88
export PATH=$YQ_PACKAGE_DIR/bin:$PATH
9+
export OPENSEARCH_SECURITY_CONFIG_PATH=${OPENSEARCH_PATH_CONF}/opensearch-security
910

1011
sysctl -q -w vm.max_map_count=262144
1112
mkdir -p ${OPENSEARCH_HOME}/plugins
@@ -17,7 +18,7 @@ source /var/vcap/packages/openjdk-17/bosh/runtime.env
1718

1819
# Copy default security config if it doesn't already exist
1920
# Have to copy files that don't exist otherwise securityadmin.sh invocation will fail
20-
cp -u ${OPENSEARCH_HOME}/config/opensearch-security/*.yml ${OPENSEARCH_PATH_CONF}/opensearch-security
21+
cp -u ${OPENSEARCH_HOME}/config/opensearch-security/*.yml "$OPENSEARCH_SECURITY_CONFIG_PATH"
2122

2223
<%
2324
api = p("opensearch.cf.domain")
@@ -29,17 +30,17 @@ cf auth "<%= client %>" "<%= password %>" --client-credentials
2930

3031
cd ${OPENSEARCH_HOME}
3132
chown -R vcap:vcap config plugins
32-
chown -R vcap:vcap ${OPENSEARCH_PATH_CONF}/opensearch-security
33+
chown -R vcap:vcap "$OPENSEARCH_SECURITY_CONFIG_PATH"
3334

3435
# Prepare tenants, roles, and role mappings so that they don't get overridden by securityadmin.sh
3536
# script invocation in post-start
3637
for org in $(cf orgs | tail -n +4); do
3738
ORG_GUID=$(cf org "$org" --guid)
3839
ROLE_NAME="$org-tenant"
3940

40-
yq -i ".\"$org\"={\"description\":\"tenant for $org\"}" "$OPENSEARCH_PATH_CONF/opensearch-security/tenants.yml"
41-
yq -i ".\"$ROLE_NAME\"={\"tenant_permissions\":[{\"tenant_patterns\": [\"$org\"],\"allowed_actions\": [\"kibana_all_write\"]}]}" "$OPENSEARCH_PATH_CONF/opensearch-security/roles.yml"
42-
yq -i ".\"$ROLE_NAME\"={\"backend_roles\": [\"$ORG_GUID\"]}" "$OPENSEARCH_PATH_CONF/opensearch-security/roles_mapping.yml"
41+
yq -i ".\"$org\"={\"description\":\"tenant for $org\"}" "$OPENSEARCH_SECURITY_CONFIG_PATH/tenants.yml"
42+
yq -i ".\"$ROLE_NAME\"={\"tenant_permissions\":[{\"tenant_patterns\": [\"$org\"],\"allowed_actions\": [\"kibana_all_write\"]}]}" "$OPENSEARCH_SECURITY_CONFIG_PATH/roles.yml"
43+
yq -i ".\"$ROLE_NAME\"={\"backend_roles\": [\"$ORG_GUID\"]}" "$OPENSEARCH_SECURITY_CONFIG_PATH/roles_mapping.yml"
4344
done
4445

4546
# leaving all plugin files and plugins installed for now

0 commit comments

Comments
 (0)