一键创建kibana工作区(space)和对应只读角色的脚本
来自三线的随记
在ELK日志体系下,可以将用户通过不同的kibana space实现用户权限隔离
这里使用脚本简化工作(需要根据实际环境需求微调索引名字/空间名字/kibana版本/kibana地址/环境参数)
注意传入的环境参数 env变量, dev / prd有不同的行为
# dev will create "${space_name}-uat-*" and "${space_name}-sit-*" index pattern
# prd will only create "${space_info}-prd-*" index pattern
一键创建kibana工作区(space),配置工作区对应的index_patters,和创建对应只读角色的脚本
#!/bin/env bash set -eu #################################################################### # Author: sanXian # Version: v1.2 # Description: Script to create kibana space, # space's index patterns and corresponding viewer role #################################################################### kibana_url="http://your_kibana_url" username=$1 password=$2 space_info=$3 kibana_version="7.12.1" # dev will create "${space_name}-uat-*" and "${space_name}-sit-*" index pattern # prd will only create "${space_info}-prd-*" index pattern env=dev #dev / prd curl_options=( "-u" "$username:$password" "-H" "kbn-version: ${kibana_version}" "-H" "Content-Type: application/json" "-s" ) function echo_green(){ echo -en "\e[32m" echo -n "$*" echo -e "\e[0m" } printf "%-35s%s\n" "`echo_green Kibana URL:`" ${kibana_url} printf "%-35s%s\n" "`echo_green Kibana Space Name:`" ${space_info} # Create the Kibana space, exists will get an error msg echo_green Trying to create kibana space ${space_info}... curl "${kibana_url}/api/spaces/space" "${curl_options[@]}" \ --data-binary @- << EOF { "id": "${space_info}", "name": "${space_info}", "description": "${space_info}", "initials": "", "disabledFeatures": [ "siem", "logs", "infrastructure", "apm", "uptime", "enterpriseSearch", "advancedSettings", "savedObjectsManagement", "savedObjectsTagging", "fleet", "actions", "stackAlerts", "monitoring" ] } EOF echo # 先判断pattern是否存在于特定space,存在则不创建 index_patterns_res=`curl "${kibana_url}/s/${space_info}/api/saved_objects/_find?fields=title&fields=type&per_page=10000&type=index-pattern" "${curl_options[@]}"| jq -c .saved_objects[]` printf "%-35s" "`echo_green Current Index Patterns:`" index_patterns=(`echo "$index_patterns_res"| jq -r .attributes.title`) if [[ ${#index_patterns[@]} == 0 ]] then echo -n "No index patterns configuration found!" else for i in ${index_patterns[@]} do echo -n $i "" done fi echo function create_index_pattern(){ printf "%-35s%s %s\n" "`echo_green Expected Index patterns:`" "${expected_index_patterns[@]}" for i in ${expected_index_patterns[@]} do if [[ ${#index_patterns[@]} != 0 && "${index_patterns[*]}" =~ "$i" ]] then echo "index pattern $i already exist, continue" continue fi echo "index pattern $i creating..." curl "${kibana_url}/s/${space_info}/api/saved_objects/index-pattern" "${curl_options[@]}" \ --data-binary @- << EOF { "attributes": { "fieldAttrs": "{}", "title": "$i", "timeFieldName": "@timestamp", "sourceFilters": "[{\"value\":\"kubernetes.*label*\"},{\"value\":\"agent.*\"}]", "fields": "[]", "runtimeFieldMap": "{}" } } EOF echo done } if [[ "$env" == "prd" ]] then expected_index_patterns=( "${space_info}-prd-*" ) else expected_index_patterns=( "${space_info}-uat-*" "${space_info}-sit-*" ) fi create_index_pattern # Change the index pattern columns settings # API: /s/${space_info}/api/saved_objects/_find?fields=title&per_page=10&type=index-pattern&filter=index-pattern.attributes.title:%22${index-pattern}%22 # API: /s/${space_info}/api/saved_objects/_find?fields=title&per_page=10&type=index-pattern&search=%22${index-pattern}%22 for i in ${expected_index_patterns[@]} do index_patterns_id=`curl "${kibana_url}/s/${space_info}/api/saved_objects/_find?fields=title&fields=type&per_page=10&type=index-pattern&search=%22${i}%22" "${curl_options[@]}" | jq -cr .saved_objects[0].id` if [[ $index_patterns_id == "null" ]]; then echo "Something Error occurred while getting the index_pattern id! exit... ";exit;fi echo_green "index pattern $i id is ${index_patterns_id}, settings of the index mode column is being changed" curl -XPUT "${kibana_url}/s/${space_info}/api/saved_objects/index-pattern/${index_patterns_id}" "${curl_options[@]}" \ --data-binary @- << EOF { "attributes": { "fieldAttrs": "{}", "title": "$i", "timeFieldName": "@timestamp", "sourceFilters": "[{\"value\":\"kubernetes.*label*\"},{\"value\":\"agent.*\"}]", "fields": "[]", "runtimeFieldMap": "{}" } } EOF echo done # Create corresponding kibana role echo_green "Corresponding kibana viewer role creating..." curl -XPUT "${kibana_url}/s/${space_info}/api/security/role/${space_info}" "${curl_options[@]}" -i \ --data-binary @- << EOF { "elasticsearch": { "cluster": [], "indices": [ { "names": [ "${space_info}-*" ], "privileges": [ "read" ] } ], "run_as": [] }, "kibana": [ { "spaces": [ "${space_info}" ], "base": [ "read" ], "feature": {} } ] } EOF echo echo "End of script."
Usage:
space_name需要同时就是相应只读索引的开头重合名字
bash kibana-space-create-index-pattern.sh elastic elastic_password space_name
涉及的权限配置分为kibana space可见性配置及es role配置,如果需要用户可以保存搜索记录 或者 修改保存对象等权限,需要自行调整(可以改脚本或者单独改role配置)