How to create role mapping file

Hi,
I am adding the LDAP authentication to my cluster, I need to create the group_to_role_mapping.yml file for the roles. Is there an example I can follow?

 files:
              role_mapping: "/mnt/elasticsearch/group_to_role_mapping.yml"
            unmapped_groups_as_roles: false

Thanks

Sorry for the late reply!

In principle you would follow the approach outlined in our documentation for custom configuration files https://www.elastic.co/guide/en/cloud-on-k8s/master/k8s-bundles-plugins.html

spec:
  nodes: # incomplete config, just to convey the idea!
  - config:
       xpack.security.authc.realms:
          ...
          ldap.realm1:  # adjust to your config of course
             ...
             files.role_mapping: /mnt/config/role-mapping/group_to_role_mapping.yml
    podTemplate:
      spec:
        containers:
        - name: elasticsearch 
          volumeMounts:
          - name: role-mapping
            mountPath: /mnt/config/role-mapping # just an example, you can chose something that works for you here
        volumes:
        - name: role-mapping
          configMap:
            name: role-mappings

This assumes you have created a ConfigMap called role-mappings containing your group_to_role_mapping.yml file

1 Like

Thanks for the code.

How do we update the new role mapping, on the running application?

do we need to update the configmap and restart the pods? or do we have any other method?

https://www.elastic.co/guide/en/elasticsearch/reference/7.4/mapping-roles.html#mapping-roles-file says role mapping files are checked for changes every 5 seconds. But the interval is configurable.