From d4e25289633f7ad221bf652da94c416003e6cf24 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?V=C3=A1clav=20Barto=C5=A1?= <bartos@cesnet.cz>
Date: Wed, 21 Dec 2022 15:41:53 +0100
Subject: [PATCH] OSD: map "all_access" role to any authenticated user

We don't use an explicit list of users in OSD, it only takes identification from Keycloak. This change assigns full access to any user. It's probably not the best solution, but the only one I can do quickly, now.
---
 group_vars/all/variables.template                  | 6 ------
 roles/opensearch-dashboards/templates/role.json.j2 | 7 ++-----
 2 files changed, 2 insertions(+), 11 deletions(-)

diff --git a/group_vars/all/variables.template b/group_vars/all/variables.template
index 203f2f5..0a8e1e6 100644
--- a/group_vars/all/variables.template
+++ b/group_vars/all/variables.template
@@ -20,9 +20,3 @@ soctools_users:
 #    email: "soc_admin_2@example.org"
 #    DN: "CN=soc_admin_2"
 #    CN: "soc_admin_2"
-    
-# list of users(username) from previous step which will recive admin roles in OpenSearch Dashboards. (Minimum one user is required)
-OSD_ADMIN_USERS:
-  - soc_admin
-#  -   soc_admin_2
-
diff --git a/roles/opensearch-dashboards/templates/role.json.j2 b/roles/opensearch-dashboards/templates/role.json.j2
index 1e7c2ae..105b08c 100644
--- a/roles/opensearch-dashboards/templates/role.json.j2
+++ b/roles/opensearch-dashboards/templates/role.json.j2
@@ -6,10 +6,7 @@
       
    ],
    "users":[
-{% for user in OSD_ADMIN_USERS %}
-      "{{ user }}",
-{% endfor %}
-      "admin"
+      "*"
    ],
-   "description":"Maps admin to all_access"
+   "description":"Maps any user to all_access role"
 }
-- 
GitLab