Loading...

Using the native realm in Elasticsearch Shield

:heavy_exclamation_mark: This post is older than a year. Consider some information might not be accurate anymore. :heavy_exclamation_mark:

Shield is the security plugin for Elasticsearch. Security in Elasticsearch is based on users with associated roles. A quick demonstration how to use it.

First you need to setup the realm in the elasticsearch.yml configuration. Find below a custom test configuration:

cluster.name: demo
#
node:
	name: master
	master: true
	data: true
#
path:
	data: /var/opt/es/data
	logs: /var/log/es
#
network.host: alpha
network.bind_host:
  - _local_
  - _bond0:ipv4_
http.port: 3333
shield:
  enabled: true
  authc:
    realms:
      file:
        type: file
        order: 0
      native:
        type: native
        order: 1

The native realm stores the security data in elasticsearch itself. Create user

curl -XPOST -u admin http://alpha:3333/_shield/user/ironman -d '
{
  "password" : "frontoff!ce-f0reve3",
  "roles" : [ "devops" ],
  "full_name" : "Michel Erard",
  "email" : "er7@not-real.org",
  "metadata" : {
    "intelligence" : 7
  }
}'

Log entry in the elasticsearch log

[2016-08-11 13:48:21,460][INFO ][shield.action.user       ] [client] added user [ironman]

Show created user

vinh@alpha:~> curl -XGET -u admin http://alpha:3333/_shield/user
Enter host password for user 'admin':
{"ironman":{"username":"ironman","roles":["devops"],"full_name":"Michel Erard","email":"er7@acme.com","metadata":{"intelligence":7}}}

Query es as user ironman

vinh@alpha:~> curl -XGET -u ironman http://alpha:3333
Enter host password for user 'ironman':
{
  "name" : "master",
  "cluster_name" : "demo",
  "version" : {
    "number" : "2.3.3",
    "build_hash" : "218bdf10790eef486ff2c41a3df5cfa32dadcfde",
    "build_timestamp" : "2016-05-17T15:40:04Z",
    "build_snapshot" : false,
    "lucene_version" : "5.5.0"
  },
  "tagline" : "You Know, for Search"
}

Delete user

vinh@alpha:~> curl -XDELETE -u admin http://alpha:4444/_shield/user/ironman
Enter host password for user 'admin':
{"found":true}