Hello,
I have a use case for creating a 'stack maintenance' user that will be called up with Ansible to perform the cluster.routing.allocation.enable
action to limit shard allocation before Elasticsearch is stopped and other maintenance tasks completed/run:
curl -k -X PUT https://hostname:9200/_cluster/settings -H 'Content-Type: application/json' -H 'Authorization: ApiKey [encoded]' -d'
{
"persistent": {
"cluster.routing.allocation.enable": "primaries"
}
}
'
This works as expected from the standard command line above. I will work on testing it with Ansible.
Question is, can the role assigned/user API key configured Cluster privileges 'cluster:admin/settings/update'
be further limited to only allow the assigned role on the user/user's API key the privs to touch only cluster.routing.allocation.enable
setting?
Having the privs for cluster:admin/settings/update
is still powerful for what will be used as a 'maintenance' account.