How to create Role, Permissions and Map Backend Roles via OpenSearch Python Client

Security
1

Hi all,
I’m using the OpenSearch Python Client for all our OpenSearch Cluster (running on AWS) via signed AWS4Auth.

How can I create the OpenSearch roles, permissions and backend role mapping via the OpenSearch Python Client?

I would like to use the same client that I’m currently using for creating indices and add/update/delete documents. And avoid writing another client using the Requests library.

I did it via the Dev Tools but wondering how to do it with Python.

PUT _plugins/_security/api/roles/TestRole
{
  "cluster_permissions": [
    "read"
  ],
  "index_permissions": [{
    "index_patterns": [
      "<INDEX>*"
    ],
    "allowed_actions": [
      "read"
    ]
  }]
}

PUT _plugins/_security/api/rolesmapping/TestRole
{
  "backend_roles" : [ <IAM_ROLE_ARN> ]
}
2

Hi @ericsda!

I’m afraid that the opensearch-python client doesn’t quite support this feature at the moment. Someone has opened up a bug report for this already if you’d care to weigh in:

https://github.com/opensearch-project/opensearch-py/issues/110

If you’re super familiar with python already, this is an awesome opportunity to help contribute. If you need some generic help with the Opensearch python client, there’s some usage help here:

Nate