一键创建kibana工作区(space)和对应只读角色的脚本
来自三线的随记
在ELK日志体系下,可以将用户通过不同的kibana space实现用户权限隔离
这里使用脚本简化工作(需要根据实际环境需求微调索引名字/空间名字/kibana版本/kibana地址/环境参数)
注意传入的环境参数 env变量, dev / prd有不同的行为
# dev will create "${space_name}-uat-*" and "${space_name}-sit-*" index pattern
# prd will only create "${space_info}-prd-*" index pattern
一键创建kibana工作区(space),配置工作区对应的index_patters,和创建对应只读角色的脚本
#!/bin/env bash
set -eu
####################################################################
# Author: sanXian
# Version: v1.2
# Description: Script to create kibana space,
# space's index patterns and corresponding viewer role
####################################################################
kibana_url="http://your_kibana_url"
username=$1
password=$2
space_info=$3
kibana_version="7.12.1"
# dev will create "${space_name}-uat-*" and "${space_name}-sit-*" index pattern
# prd will only create "${space_info}-prd-*" index pattern
env=dev #dev / prd
curl_options=(
"-u" "$username:$password"
"-H" "kbn-version: ${kibana_version}"
"-H" "Content-Type: application/json"
"-s"
)
function echo_green(){
echo -en "\e[32m"
echo -n "$*"
echo -e "\e[0m"
}
printf "%-35s%s\n" "`echo_green Kibana URL:`" ${kibana_url}
printf "%-35s%s\n" "`echo_green Kibana Space Name:`" ${space_info}
# Create the Kibana space, exists will get an error msg
echo_green Trying to create kibana space ${space_info}...
curl "${kibana_url}/api/spaces/space" "${curl_options[@]}" \
--data-binary @- << EOF
{
"id": "${space_info}",
"name": "${space_info}",
"description": "${space_info}",
"initials": "",
"disabledFeatures": [
"siem",
"logs",
"infrastructure",
"apm",
"uptime",
"enterpriseSearch",
"advancedSettings",
"savedObjectsManagement",
"savedObjectsTagging",
"fleet",
"actions",
"stackAlerts",
"monitoring"
]
}
EOF
echo
# 先判断pattern是否存在于特定space,存在则不创建
index_patterns_res=`curl "${kibana_url}/s/${space_info}/api/saved_objects/_find?fields=title&fields=type&per_page=10000&type=index-pattern" "${curl_options[@]}"| jq -c .saved_objects[]`
printf "%-35s" "`echo_green Current Index Patterns:`"
index_patterns=(`echo "$index_patterns_res"| jq -r .attributes.title`)
if [[ ${#index_patterns[@]} == 0 ]]
then
echo -n "No index patterns configuration found!"
else
for i in ${index_patterns[@]}
do
echo -n $i ""
done
fi
echo
function create_index_pattern(){
printf "%-35s%s %s\n" "`echo_green Expected Index patterns:`" "${expected_index_patterns[@]}"
for i in ${expected_index_patterns[@]}
do
if [[ ${#index_patterns[@]} != 0 && "${index_patterns[*]}" =~ "$i" ]]
then
echo "index pattern $i already exist, continue"
continue
fi
echo "index pattern $i creating..."
curl "${kibana_url}/s/${space_info}/api/saved_objects/index-pattern" "${curl_options[@]}" \
--data-binary @- << EOF
{
"attributes": {
"fieldAttrs": "{}",
"title": "$i",
"timeFieldName": "@timestamp",
"sourceFilters": "[{\"value\":\"kubernetes.*label*\"},{\"value\":\"agent.*\"}]",
"fields": "[]",
"runtimeFieldMap": "{}"
}
}
EOF
echo
done
}
if [[ "$env" == "prd" ]]
then
expected_index_patterns=( "${space_info}-prd-*" )
else
expected_index_patterns=( "${space_info}-uat-*" "${space_info}-sit-*" )
fi
create_index_pattern
# Change the index pattern columns settings
# API: /s/${space_info}/api/saved_objects/_find?fields=title&per_page=10&type=index-pattern&filter=index-pattern.attributes.title:%22${index-pattern}%22
# API: /s/${space_info}/api/saved_objects/_find?fields=title&per_page=10&type=index-pattern&search=%22${index-pattern}%22
for i in ${expected_index_patterns[@]}
do
index_patterns_id=`curl "${kibana_url}/s/${space_info}/api/saved_objects/_find?fields=title&fields=type&per_page=10&type=index-pattern&search=%22${i}%22" "${curl_options[@]}" | jq -cr .saved_objects[0].id`
if [[ $index_patterns_id == "null" ]]; then echo "Something Error occurred while getting the index_pattern id! exit... ";exit;fi
echo_green "index pattern $i id is ${index_patterns_id}, settings of the index mode column is being changed"
curl -XPUT "${kibana_url}/s/${space_info}/api/saved_objects/index-pattern/${index_patterns_id}" "${curl_options[@]}" \
--data-binary @- << EOF
{
"attributes": {
"fieldAttrs": "{}",
"title": "$i",
"timeFieldName": "@timestamp",
"sourceFilters": "[{\"value\":\"kubernetes.*label*\"},{\"value\":\"agent.*\"}]",
"fields": "[]",
"runtimeFieldMap": "{}"
}
}
EOF
echo
done
# Create corresponding kibana role
echo_green "Corresponding kibana viewer role creating..."
curl -XPUT "${kibana_url}/s/${space_info}/api/security/role/${space_info}" "${curl_options[@]}" -i \
--data-binary @- << EOF
{
"elasticsearch": {
"cluster": [],
"indices": [
{
"names": [
"${space_info}-*"
],
"privileges": [
"read"
]
}
],
"run_as": []
},
"kibana": [
{
"spaces": [
"${space_info}"
],
"base": [
"read"
],
"feature": {}
}
]
}
EOF
echo
echo "End of script."
Usage:
space_name需要同时就是相应只读索引的开头重合名字
bash kibana-space-create-index-pattern.sh elastic elastic_password space_name
涉及的权限配置分为kibana space可见性配置及es role配置,如果需要用户可以保存搜索记录 或者 修改保存对象等权限,需要自行调整(可以改脚本或者单独改role配置)
