Closed tbauriedel closed 4 months ago
Example usage for the elasticsearch_user module:
With that module you can create, update and delete access users inside elasticsearch. Uses the elasticsearch API.
- name: Create elasticsearch user 'new-user'
netways.elasticstack.elasticsearch_user:
name: new-user1
fullname: New User
password: changeMe123!
email: new@user.de
roles:
- new-role1
- logstash-writer
enabled: true
state: present
host: https://localhost:9200
auth_user: elastic
auth_pass: changeMe321!
verify_certs: false
@widhalmt since that modules where requested from your side, could you please have a look at it? Maybe test them also.
I have local testing environments and I will put this change through a few tests. I'm the wrong person to review the code of the module (yet) but I can do integration tests and check everything around the module.
Genuine question: why would we need a module which calls upon a role? I have never seen this before, is this commonly done?
Inspiration for the two modules comes from here, for example. Roles and users are repeatedly created in the collection via several tasks so that the needed component has a user in Elastic. In order to be able to do this cleanly and not always require several tasks with requests, etc., these modules were requested.
With them you can easily create, update and delete them.
Sure, you could do this in your Kibana. But we have some known customers which do this all within the collection (or want to)
The whole thing has turned into a discussion of principles, as the idea of creating an internal Elastic user within the Logstash role is somewhat at odds with the idea of separating roles. However, this will be addressed later and assumed as a requirement.
OH NOW I GET IT I misunderstood "role" as ansible-role. No objections then. I will have a closer look at the code later!
I have already implemented a workflow to test the modules.
@lcndsmr I guess you can remove the change request now. I have requested Thomas for review. As long as he dont approve it, it should be finde. Auto-merging is also not enabled for this PR.
@widhalmt would you please give us a last "okay it works"? :)
First draft for a elasticsearch_role module.
With that module you can create, update and delete access roles inside elasticsearch. Uses the elasticsearch API.
Example Usage: