Security Access Control
The Security plugin is enabled for all Instaclustr managed OpenSearch clusters. It gives richer access control as well as TLS for both transport and rest ports. The following documentation provides a few example API calls.
Create User:
The following cURL command shows you how to create a user with username my_user and password my_password. Make sure to add your OpenSearch cluster password and the cluster endpoint address to the example. For details on how to find this information, please refer to our support documentation page on Connecting to an OpenSearch Cluster.
1 2 3 4 5 6 |
curl -X PUT -u icopensearch:<Password> https://xxx.xxx.xxx.xxx:9200/_plugins/_security/api/internalusers/my_user -H 'Content-Type: application/json' -d' { "password": "my_password", "backend_roles": [], "attributes": {} }' |
1 2 3 4 |
curl -X PUT -u icopensearch:<Password> https://xxx.xxx.xxx.xxx:9200/_plugins/_security/api/internalusers/my_user -H 'Content-Type: application/json' -d' { "password": "my_new_password" }' |
Create Role:
The following cURL command shows you how to add a new role named my_role. You can specify what index the role has access to with index_permissions.index_patterns and what action is allowed with index_permissions.allowed_actions.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
curl -X PUT -u icopensearch:<Password> https://xxx.xxx.xxx.xxx:9200/_plugins/_security/api/roles/my_role -H 'Content-Type: application/json' -d' { "cluster_permissions": [ "cluster_composite_ops", "indices_monitor" ], "index_permissions": [{ "index_patterns": [ "*" ], "dls": "", "fls": [], "masked_fields": [], "allowed_actions": [ "read" ] }] }' |
Create Role Mapping:
The following cURL command shows you how to map the role my_role we created above to the user we created in the previous example.
1 2 3 4 |
curl -X PUT -u icopensearch:<Password> https://xxx.xxx.xxx.xxx:9200/_plugins/_security/api/rolesmapping/my_role -H 'Content-Type: application/json' -d' { "users" : [ "my_user" ] }' |