Implement RBAC index templates

[wazuh-devel-xdrsiem-indexer]

Description

Add the required ECS mappings and custom fields for the RBAC index templates with its corresponding event generator Python script, and adds the new index template generated by the ECS generator tool to the setup plugin.

This PR also includes a fix for an error on the generate-and-push-templates.sh tool, and another minor fix for the mapping-generator to avoid some warnings.

Issues Resolved

Closes #288

[QU3B1M]

Validations

• New hidden index for internal users is generated at startup

  % curl -k "http://localhost:9200/_cat/indices/.*"                
  green open .internal-users     ZYygODP3T9OMY_KUsf7kVg 1 0 0 0 208b 208b
  green open .scheduled-commands 6mlJ1SWbSwKSjOqH3Ft8qw 1 0 0 0 208b 208b

• New index for custom users is generated at startup

  % curl -k "http://localhost:9200/_cat/indices/"  
  ...
  green open wazuh-custom-users               D4pCB5zAS_myzeGFPYD4BA 1 0  0 0   208b   208b
  ...

• Custom user is indexed using the event_generator.py

  % python users/event-generator/event_generator.py --protocol http
  How many events do you want to generate? 1
  Do you want to inject the generated data into your index? (y/n) y
  Enter the IP of your Indexer (default: '127.0.0.1'): 
  Enter the port of your Indexer (default: '9200'): 
  Enter the index name (default: 'wazuh-custom-users'): 
  Username (default: 'admin'): 
  Password (default: 'admin'): 

  % curl -k http://localhost:9200/wazuh-custom-users/_search       
  {"took":15,"timed_out":false,"_shards":{"total":1,"successful":1,"skipped":0,"failed":0},"hits":{"total":{"value":1,"relation":"eq"},"max_score":1.0,"hits":[{"_index":"wazuh-custom-users","_id":"45469b74-af51-4176-a3f3-c9185ac28c92","_score":1.0,"_source":{"user": {"id": "7e8a8894-305e-4679-a41a-37204a2ea5fa", "name": "user_154", "password": "password5917", "allow_run_as": true, "created_at": "2025-03-12T18:19:28Z", "roles": [{"name": "role-4", "created_at": "2025-03-12T18:19:28Z", "level": 0, "policies": [{"name": "policy-3", "actions": ["agent:remove"], "resources": ["*:*:*"], "effect": "deny", "level": 5, "created_at": "2025-03-12T18:19:28Z"}], "rules": [{"name": "rule-1", "body": {}, "created_at": "2025-03-12T18:19:28Z"}, {"name": "rule-3", "body": {}, "created_at": "2025-03-12T18:19:28Z"}]}]}}}]}}

• Internal user is indexed using the event_generator.py

  % python users/event-generator/event_generator.py --protocol http
  How many events do you want to generate? 1
  Do you want to inject the generated data into your index? (y/n) y
  Enter the IP of your Indexer (default: '127.0.0.1'): 
  Enter the port of your Indexer (default: '9200'): 
  Enter the index name (default: 'wazuh-custom-users'): .internal-users
  Username (default: 'admin'): 
  Password (default: 'admin'): 

  % curl -k http://localhost:9200/.internal-users/_search
  {"took":2,"timed_out":false,"_shards":{"total":1,"successful":1,"skipped":0,"failed":0},"hits":{"total":{"value":1,"relation":"eq"},"max_score":1.0,"hits":[{"_index":".internal-users","_id":"5ec2884c-0651-4927-b83b-6e64a172232a","_score":1.0,"_source":{"user": {"id": "f6f7f157-253c-4970-a211-e1f6dc4c3f77", "name": "user_599", "password": "password9829", "allow_run_as": false, "created_at": "2025-03-12T18:21:00Z", "roles": [{"name": "role-2", "created_at": "2025-03-12T18:21:00Z", "level": 4, "policies": [{"name": "policy-5", "actions": ["agent:create"], "resources": ["*:*:*"], "effect": "allow", "level": 0, "created_at": "2025-03-12T18:21:00Z"}, {"name": "policy-5", "actions": ["agent:remove"], "resources": ["*:*:*"], "effect": "allow", "level": 4, "created_at": "2025-03-12T18:21:00Z"}], "rules": [{"name": "rule-2", "body": {}, "created_at": "2025-03-12T18:21:00Z"}]}]}}}]}}

[mcasas993]

LGTM. I ran all validations and got the same result.

[mcasas993]

Approve