Api to add roles to a specific user

Search Guard
1

Hi,

In our application we use JWE for authentication and the secret key is not shared outside our authentication component. We have apis to find out roles of a specific user after authentication is done.

We are trying to integrate search-guard with Kibana, elastic search and our own auth component. Use case - our user can create elastic search indexes and the access to those indexes are restricted as per our backend roles which gets updated every time user creates new indexes.

Currently I believe we can use /_serachguard/api/internalusers/ end point to add authorized roles to a user. But the document says it is deprecated. We need to know if this endpoint is deprecated then what is the alternative.

Regards,

Pankaj

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version - Elasticsarch 6.4.2 , Search guard-6.4.2-23.1

  • Installed and used enterprise modules, if any - Kibana plugin

  • JVM version and operating system version - java version “1.8.0_121”

  • Search Guard configuration files -

  • Elasticsearch log messages on debug level

  • Other installed Elasticsearch or Kibana plugins, if any

sg_config.yml (9.4 KB)

2

This is just a change in the name of the endpoint. Before the endpoint was called:

/_searchguard/api/user/

``

which was confusing since it actually only refers to the internal user database. The endpoint was switched to:

/_searchguard/api/internalusers/

``

For backward compatibility, Search Guard 6 supports both endpoints. However, the first one will be removed in Search Guard 7.

···

On Thursday, November 15, 2018 at 11:45:48 AM UTC+1, pankaj chand wrote:

Hi,

In our application we use JWE for authentication and the secret key is not shared outside our authentication component. We have apis to find out roles of a specific user after authentication is done.

We are trying to integrate search-guard with Kibana, elastic search and our own auth component. Use case - our user can create elastic search indexes and the access to those indexes are restricted as per our backend roles which gets updated every time user creates new indexes.

Currently I believe we can use /_serachguard/api/internalusers/ end point to add authorized roles to a user. But the document says it is deprecated. We need to know if this endpoint is deprecated then what is the alternative.

Regards,

Pankaj

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version - Elasticsarch 6.4.2 , Search guard-6.4.2-23.1
  • Installed and used enterprise modules, if any - Kibana plugin
  • JVM version and operating system version - java version “1.8.0_121”
  • Search Guard configuration files -
  • Elasticsearch log messages on debug level
  • Other installed Elasticsearch or Kibana plugins, if any
3

Thanks Jochen for the confirmation.

···

On Thursday, November 15, 2018 at 6:44:23 PM UTC+5:30, Jochen Kressin wrote:

This is just a change in the name of the endpoint. Before the endpoint was called:

/_searchguard/api/user/

``

which was confusing since it actually only refers to the internal user database. The endpoint was switched to:

/_searchguard/api/internalusers/

``

For backward compatibility, Search Guard 6 supports both endpoints. However, the first one will be removed in Search Guard 7.

On Thursday, November 15, 2018 at 11:45:48 AM UTC+1, pankaj chand wrote:

Hi,

In our application we use JWE for authentication and the secret key is not shared outside our authentication component. We have apis to find out roles of a specific user after authentication is done.

We are trying to integrate search-guard with Kibana, elastic search and our own auth component. Use case - our user can create elastic search indexes and the access to those indexes are restricted as per our backend roles which gets updated every time user creates new indexes.

Currently I believe we can use /_serachguard/api/internalusers/ end point to add authorized roles to a user. But the document says it is deprecated. We need to know if this endpoint is deprecated then what is the alternative.

Regards,

Pankaj

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version - Elasticsarch 6.4.2 , Search guard-6.4.2-23.1
  • Installed and used enterprise modules, if any - Kibana plugin
  • JVM version and operating system version - java version “1.8.0_121”
  • Search Guard configuration files -
  • Elasticsearch log messages on debug level
  • Other installed Elasticsearch or Kibana plugins, if any