How can I add role with curl?

Security
1

Hi!

How can I add role with curl?

logstash’s role is permitted to add only logstash-* and *beat* indecies.
But, I wish to add yaf.* indecies

I wish to call curl from ansible, so I can’t use Kibana interface.

Here is fail example.

vagrant@ubuntu-bionic:~$ curl -d @role.yaf.json -H “Content-Type: application/json” https://localhost:9200/_opendistro/_security/api/roles -u admin:admin --insecure
{“error”:“Incorrect HTTP method for uri [/_opendistro/_security/api/roles] and method [POST], allowed: [PATCH, GET]”,“status”:405}

vagrant@ubuntu-bionic:~$ cat role.yaf.json
{
“yaf” : {
“hidden” : false,
“description” : “Provide the minimum permissions for yaf”,
“cluster_permissions” : [
“cluster_monitor”,
“cluster_composite_ops”,
“indices:admin/template/get”,
“indices:admin/template/put”,
“cluster:admin/ingest/pipeline/put”,
“cluster:admin/ingest/pipeline/get”
],
“index_permissions” : [
{
“index_patterns” : [
“yaf.*”
],
“fls” : ,
“masked_fields” : ,
“allowed_actions” : [
“crud”,
“create_index”
]
}
],
“tenant_permissions” :
}
}
vagrant@ubuntu-bionic:~$

Thanks!

2

Hi @t-umeno, here’s an example. Sorry for the minified JSON:

$ curl -XPUT https://localhost:9200/_opendistro/_security/api/roles/my-curl-role -u admin:admin -k -H 'Content-Type: application/json' -d '{"cluster_permissions":["cluster_composite_ops","indices_monitor"],"index_permissions":[{"index_patterns":["movies*"],"dls":"","fls":[],"masked_fields":[],"allowed_actions":["read"]}],"tenant_permissions":[{"tenant_patterns":["human_resources"],"allowed_actions":["kibana_all_read"]}]}'

Response from my cluster:

{"status":"CREATED","message":"'my-curl-role' created."}
1 Like
3

Hi @aetter, I’ll try this. Thank you!