[Backport 2.x] Add flow framework system indices and roles (#3851) (#…

…3880)

Backports b996eb1 from #3851

Signed-off-by: Amit Galitzky <amgalitz@amazon.com>
Co-authored-by: Amit Galitzky <amgalitz@amazon.com>

config/roles.yml

@@ -372,3 +372,26 @@ security_analytics_ack_alerts:
   reserved: true
   cluster_permissions:
     - 'cluster:admin/opensearch/securityanalytics/alerts/*'
+
+# Allows users to use all Flow Framework functionality
+flow_framework_full_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opensearch/flow_framework/*'
+    - 'cluster_monitor'
+  index_permissions:
+    - index_patterns:
+        - '*'
+      allowed_actions:
+        - 'indices:admin/aliases/get'
+        - 'indices:admin/mappings/get'
+        - 'indices_monitor'
+
+# Allow users to read flow framework's workflows and their state
+flow_framework_read_access:
+  reserved: true
+  cluster_permissions:
+    - 'cluster:admin/opensearch/flow_framework/workflow/get'
+    - 'cluster:admin/opensearch/flow_framework/workflow/search'
+    - 'cluster:admin/opensearch/flow_framework/workflow_state/get'
+    - 'cluster:admin/opensearch/flow_framework/workflow_state/search'

src/main/java/org/opensearch/security/tools/democonfig/SecuritySettingsConfigurer.java

@@ -69,7 +69,10 @@ public class SecuritySettingsConfigurer {
         ".opendistro-asynchronous-search-response*",
         ".replication-metadata-store",
         ".opensearch-knn-models",
-        ".geospatial-ip2geo-data*"
+        ".geospatial-ip2geo-data*",
+        ".plugins-flow-framework-config",
+        ".plugins-flow-framework-templates",
+        ".plugins-flow-framework-state"
     );
     static String ADMIN_PASSWORD = "";
     static String ADMIN_USERNAME = "admin";