Limit a role and API key privledges


I have a use case for creating a 'stack maintenance' user that will be called up with Ansible to perform the cluster.routing.allocation.enable action to limit shard allocation before Elasticsearch is stopped and other maintenance tasks completed/run:

curl -k -X PUT https://hostname:9200/_cluster/settings -H 'Content-Type: application/json' -H 'Authorization: ApiKey [encoded]' -d'
  "persistent": {
    "cluster.routing.allocation.enable": "primaries"

This works as expected from the standard command line above. I will work on testing it with Ansible.

Question is, can the role assigned/user API key configured Cluster privileges 'cluster:admin/settings/update' be further limited to only allow the assigned role on the user/user's API key the privs to touch only cluster.routing.allocation.enable setting?

Having the privs for cluster:admin/settings/update is still powerful for what will be used as a 'maintenance' account.

No, currently this is not possible.

Ok, thanks for confirming!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.