Hello everyone,
I am trying to create an API key that has permissions to query the /api/fleet/agents endpoint.
It is important for me to minimize its permissions as much as possible.
Which permissions do I need to provide in the request body (I am creating the API key via the API)?
I have tried various options without success.
Thank you very much.
Hello @Viktor_Movita
POST /_security/api_key
{
"name": "fleet_minimal_privileges",
"role_descriptors": {
"fleet_agents_query_role": {
"cluster": [],
"index": [
{
"names": [".fleet-agents"],
"privileges": ["read"]
}
],
"applications": [
{
"application": "fleet",
"privileges": ["read"],
"resources": ["*"]
}
]
}
}
}
curl -X GET "https://<kibana-endpoint>/api/fleet/agents" \
-H "Content-Type: application/json" \
-H "Authorization: ApiKey <encoded-api-key>"
Received error => {"statusCode":403,"error":"Forbidden","message":"Forbidden"}
POST /_security/api_key
{
"name": "fleet_full_permissions",
"role_descriptors": {
"fleet_full_access_role": {
"cluster": ["all"],
"index": [
{
"names": ["*"],
"privileges": ["all"]
}
],
"applications": [
{
"application": "*",
"privileges": ["*"],
"resources": ["*"]
}
]
}
}
}
The curl works & returns data.
Create kibana role :
POST /_security/role/fleet_agents_read
{
"cluster": ["monitor"],
"index": [
{
"names": [".fleet-agents"],
"privileges": ["read"]
}
],
"applications": [
{
"application": "kibana-.kibana",
"privileges": ["read"],
"resources": ["*"]
}
]
}
Assigned a new user to this role :
POST /_security/user/fleet_reader
{
"password": "set_password",
"roles": ["fleet_agents_read"],
"full_name": "Fleet Reader",
"email": "fleet.reader@example.com"
}
curl -X GET "https://your-kibana-url/api/fleet/agents" \
-H "Content-Type: application/json" \
-u "fleet_reader:set_password"
Thanks!!
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.