Post bulk on elastic xpack role

security

(totsugeki) #1

Hello everyone,

I have an Elastic cluster + kibana, with xpack enable.

I'd like to make a backup of all roles created :

GET _xpack/security/role

=> I get a big json, ex :

{
  "kibana_dashboard_only_user": {
    "cluster": [],
    "indices": [
      {
        "names": [
          ".kibana*"
        ],
        "privileges": [
          "read",
          "view_index_metadata"
        ]
      }
    ],
    "run_as": [],
    "metadata": {
      "_reserved": true
    },
    "transient_metadata": {
      "enabled": true
    }
  },
  "watcher_admin": {
    "cluster": [
      "manage_watcher"
    ],
    "indices": [
      {
        "names": [
          ".watches",
          ".triggered_watches",
          ".watcher-history-*"
        ],
        "privileges": [
          "read"
        ]
      }
    ],
    "run_as": [],
    "metadata": {
      "_reserved": true
    },
    "transient_metadata": {
      "enabled": true
    }
  },
  ....
}

And now I'd like to put it back in the cluster (or another). I cannot just PUT it to _xpack/security/role.
If i understand correctly I have to use bulk :

curl --user elastic:password https://elastic:9200/_xpack/security/_bulk?pretty -XPOST -H 'Content-Type: application/json' -d '
{"index":{"_index": "_xpack/security/role"}}
{"ROOOOLE" : {"cluster" : [ ],"indices" : [{"names" : [".kibana*"],"privileges" : ["read","view_index_metadata"]}],"run_as" : [ ],"metadata" : {"_reserved" : true},"transient_metadata" : {"enabled" : true}}}
'

But i get an error :

{
  "took" : 3,
  "errors" : true,
  "items" : [
    {
      "index" : {
        "_index" : "_xpack/security/role",
        "_type" : "security",
        "_id" : null,
        "status" : 400,
        "error" : {
          "type" : "invalid_index_name_exception",
          "reason" : "Invalid index name [_xpack/security/role], must not contain the following characters [ , \", *, \\, <, |, ,, >, /, ?]",
          "index_uuid" : "_na_",
          "index" : "_xpack/security/role"
        }
      }
    }
  ]
}

Is there a way to do this easily ? Or do I have to parse the json, and put each role one by one to :

  • _xpack/security/role/rolexxx
  • _xpack/security/role/roleyyy
  • ...

More globally, is there a way to get all data of an index (config index), then upload it back or put it into another cluster ?

Thank you.


(Yogesh Gaikwad) #2

Hi @totsugeki,

There is no bulk API for creating/updating roles.
The .security index is an internal index and so no other actions are allowed.

You could make use of Elasticsearch clients to help you with the parsing of JSON and do custom logic to do backup/restore or use Curator to take snapshots and restore them.

If your purpose is to do a backup/restore in the same or different cluster then you could use curator to achieve that.
https://www.elastic.co/guide/en/elasticsearch/client/curator/current/index.html
(For using curator for backing up internal indices you will need a user with superuser role only they have access to internal indices)

Hope this is helpful.

Thanks and Regards,
Yogesh Gaikwad


(totsugeki) #3

Thank you !

I'll look at it :wink:

Best regards.