Open georambo opened 1 year ago
xco-sk
commented
1 year ago Hi @georambo, I'm a bit unsure why it does not work at the moment. The operator takes the JSON in the body field as-is and uses it as a body of PUT request to create/update the role. If possible, can you share an example (e.g. curl or just JSON + url) of a plain REST API request? That would help a lot. Thanks :-)
georambo
commented
1 year ago Below is the documentation. this seems to hit the kibana api, not the elasticsearch one, but maybe the Elasticsearch Role CRD can handle this in the operator?
https://www.elastic.co/guide/en/kibana/current/role-management-api-put.html
curl -X PUT "localhost:5601/api/security/role/my_kibana_role" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -d'
{
"metadata" : {
"version" : 1
},
"elasticsearch": {
"cluster" : [ ],
"indices" : [ ]
},
"kibana": [
{
"base": [],
"feature": {
"discover": [
"all"
],
"visualize": [
"all"
],
"dashboard": [
"all"
],
"dev_tools": [
"read"
],
"advancedSettings": [
"read"
],
"indexPatterns": [
"read"
],
"graph": [
"all"
],
"apm": [
"read"
],
"maps": [
"read"
],
"canvas": [
"read"
],
"infrastructure": [
"all"
],
"logs": [
"all"
],
"uptime": [
"all"
]
},
"spaces": [
"*"
]
}
]
}
'
Kibana privileges are not supported by the operator, but would be handy to add.
apiVersion: es.eck.github.com/v1alpha1 kind: ElasticsearchRole metadata: name: test namespace: test spec: targetInstance: name: elasticsearch body: | { "indices": [ { "names": [ "*"], "privileges": ["read", "read_cross_cluster"] } ], "kibana": [ { "feature": { "discover": ["read"], "dashboard": ["read"], "visualize": ["read"] }, "spaces": ["default"] } ], "metadata" : { "version" : 1 } }