API Post role for kibana privileges - unexpected field [kibana]

Tennis · January 30, 2020, 7:50am

I want to create a role to control user access kibana feature (ref: Kibana privileges | Kibana Guide [8.11] | Elastic)

My role in python code:

my_role = '{\
   "applications":[\
       {\
           "application":"kibana-.kibana",\
           "resources":["*"],\
           "privileges":["saved_object:dashboard/p1_dashboard",\
           "saved_object:dashboard/p2_dashboard"]\
       }\
   ],\
   "indices": [\
    {\
      "names": [ "p1" ],\
      "privileges": [ "all" ]\
    }\
  ],\
  "kibana": [\
    {\
      "base": [],\
      "feature": {\
        "dashboard": ["all"]\
      },\
      "spaces": ["marketing"]\
    }\
  ]\
}'

req = requests.post('http://my_node:<port>/_security/role/my_role, data = my_role , headers = headers, auth=HTTPBasicAuth('...', '...'))
print (req.content)

request contents output:

b'{"error":{"root_cause":[{"type":"parse_exception","reason":"failed to parse role [my_role]. unexpected field [kibana]"}],"type":"parse_exception","reason":"failed to parse role [my_role]. unexpected field [kibana]"},"status":400}'

how to fix it?

LizaD · January 30, 2020, 6:57pm

Hi @Tennis,

I got it to work with a few updates. I removed the 'applications' key as it gave me an error, I am not sure what that should correspond to in the API. Then the 'indices' key I moved under 'elasticsearch' key. I updated to use put instead of post, fixed the endpoint, sent the data as JSON, here is the full example below, hope that helps. Thanks.

my_role = {
"elasticsearch": {
"indices": [
{
"names": [ "p1" ],
"privileges": [ "all" ]
}
],
},
"kibana": [
{
"base": ,
"feature": {
"dashboard": ["all"]
},
"spaces": ["marketing"]
}
]
}
req = requests.put('https://my_node:port/api/security/role/my_role, data = json.dumps(my_role) , headers = headers, auth=HTTPBasicAuth('...', '...'))

Tennis · January 31, 2020, 3:47am

Hi @LizaD

It seems that I request the wrong port with the wrong json contents originally.

for example:

my_role_es = '{\
   "applications":[\
       {\
           "application":"kibana-.kibana",\
           "resources":["*"],\
           "privileges":["..."]\
       }\
   ],\
   "indices": [\
    {\
      "names": [ "..." ],\
      "privileges": [ "all" ]\
    }\
  ]\
}'

my python code:
req = requests.post('http://node:9200/_security/role/my_role_es', data = my_role_es , headers = ..., auth=HTTPBasicAuth('...', '...'))

It worked fine and seems port on 9200 (elasticsearch) can recognize the field term: "applications", "indices", "cluster", but can't "elasticsearch", "kibana".

However, if I want to add field "elasticsearch", "kibana",
for example:

my_role_kibana = '{\
  "kibana": [\
    {\
      "base": [],\
      "feature": {\
        "dashboard": ["all"],\
        "discover": ["all"]\
      }\
    }\
  ]\
}'

My post code of python need to toward to 5601(kibana)
req = requests.post('http://node:5601/api/security/role/my_role_kibana', data = my_role_kibana , headers = ..., auth=HTTPBasicAuth('...', '...'))

It will work fine!

LizaD · January 31, 2020, 2:11pm

Yay @Tennis! Glad you got it to work

system · February 28, 2020, 2:11pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.