But I don’t find logstash in roles.yml, I don’t understand why considering that in roles.yml is the place where you are supposed to define cluster_permissions, index_permissions, index_patterns and allowed_actions.
Where are they stored then ?
Also, what are the right permissions to give to the user logstash ? I don’t what to give all permissions.
Yes I have the “old” roles.yml. I took it from the examples.
But in it there is no logstash permissions.
I wanted to set the logstash user properly in the configuration files because when you execute securityadmin.sh it overrides what is configured in API.
Also I wanted to understand why I find the user logstash and the role_mapping logstash but there’s no link with the roles.yml permission file.
It is not backed up by securityadmin.sh script, that’s why you can’t see it in the roles.yml file.
However, you can find it in the roles of the running cluster.
If you’d like to use this role with a different user, you can either duplicate it through OpenSearch Dashboards or assign logstash as backend_role to your custom user.