Let’s say I want to add new internal user, this would require me to add new entry to sg_internal_users.yml and sg_roles_mapping file manually.
I would like to be able to add new internal user programmatically. Is there a way to do this? Maybe using java searchguard plugin library or other API ?
Ben,
Depending on your requirements, OpenShift uses https://github.com/fabric8io/openshift-elasticsearch-plugin/blob/master/src/main/java/io/fabric8/elasticsearch/plugin/acl/DynamicACLFilter.java to dynamically add users when a request comes in based on which indexes they are allowed to see by policy. This includes reference to a SG ACL document that we created.
On Fri, Jan 6, 2017 at 1:21 PM, Ben Kaffani himpirocco@gmail.com wrote:
Let’s say I want to add new internal user, this would require me to add new entry to sg_internal_users.yml and sg_roles_mapping file manually.
I would like to be able to add new internal user programmatically. Is there a way to do this? Maybe using java searchguard plugin library or other API ?
–
You received this message because you are subscribed to the Google Groups “Search Guard” group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/13ebdc15-9aaf-4d95-9559-301548ffc056%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
–
Jeff Cantrill
Senior Software Engineer, Red Hat Engineering
OpenShift Integration Services
Red Hat, Inc.
Office: 703-748-4420 | 866-546-8970 ext. 8162420
jcantril@redhat.com
http://www.redhat.com
How do you add the user in the code? Are you using this library?
com.floragunn search-guard-2 ${searchguard.version}${version.suffix}``
Or are you sending request to the REST management API which requires enterprise license ?
On Saturday, January 7, 2017 at 4:15:52 AM UTC+7, Jeff Cantrill wrote:
Ben,
Depending on your requirements, OpenShift uses https://github.com/fabric8io/openshift-elasticsearch-plugin/blob/master/src/main/java/io/fabric8/elasticsearch/plugin/acl/DynamicACLFilter.java to dynamically add users when a request comes in based on which indexes they are allowed to see by policy. This includes reference to a SG ACL document that we created.
On Fri, Jan 6, 2017 at 1:21 PM, Ben Kaffani himpi...@gmail.com wrote:
Let’s say I want to add new internal user, this would require me to add new entry to sg_internal_users.yml and sg_roles_mapping file manually.
I would like to be able to add new internal user programmatically. Is there a way to do this? Maybe using java searchguard plugin library or other API ?
–
You received this message because you are subscribed to the Google Groups “Search Guard” group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/13ebdc15-9aaf-4d95-9559-301548ffc056%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Jeff Cantrill
Senior Software Engineer, Red Hat Engineering
OpenShift Integration Services
Red Hat, Inc.
Office: 703-748-4420 | 866-546-8970 ext. 8162420
jcan...@redhat.com
http://www.redhat.com
Our use case is slightly different in user management is part of OpenShift and the visibility of indexes is tied to projects, which is how the indexes are organized. We desired not to manage users and chose to update the ACL as users try to access the cluster. Digging through the code, you will see we have classes that allow de/serialization of the SG document and it is updated as needed. To update the document progammatically is a matter of following the ES documentation for reading/writing a document and updating it accordingly. Unfortunately there is no public SG API for the ACL document but it is trivial enough that you can recreate those classes yourself.
On Friday, January 6, 2017 at 6:04:20 PM UTC-5, Ben Kaffani wrote:
How do you add the user in the code? Are you using this library?
com.floragunn search-guard-2 ${searchguard.version}${version.suffix}
``
Or are you sending request to the REST management API which requires enterprise license ?
On Saturday, January 7, 2017 at 4:15:52 AM UTC+7, Jeff Cantrill wrote:
Ben,
Depending on your requirements, OpenShift uses https://github.com/fabric8io/openshift-elasticsearch-plugin/blob/master/src/main/java/io/fabric8/elasticsearch/plugin/acl/DynamicACLFilter.java to dynamically add users when a request comes in based on which indexes they are allowed to see by policy. This includes reference to a SG ACL document that we created.
On Fri, Jan 6, 2017 at 1:21 PM, Ben Kaffani himpi...@gmail.com wrote:
Let’s say I want to add new internal user, this would require me to add new entry to sg_internal_users.yml and sg_roles_mapping file manually.
I would like to be able to add new internal user programmatically. Is there a way to do this? Maybe using java searchguard plugin library or other API ?
–
You received this message because you are subscribed to the Google Groups “Search Guard” group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/13ebdc15-9aaf-4d95-9559-301548ffc056%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
–
Jeff Cantrill
Senior Software Engineer, Red Hat Engineering
OpenShift Integration Services
Red Hat, Inc.
Office: 703-748-4420 | 866-546-8970 ext. 8162420
jcan...@redhat.com
http://www.redhat.com