一键创建kibana工作区(space)和对应只读角色的脚本:修订间差异
来自三线的随记
小无编辑摘要 |
小 (var-quote) |
||
(未显示同一用户的3个中间版本) | |||
第1行: | 第1行: | ||
在ELK日志体系下,可以将用户通过不同的kibana space实现用户权限隔离 | |||
这里使用脚本简化工作'''(需要根据实际环境需求微调索引名字/空间名字/kibana版本/kibana地址/环境参数)''' | |||
注意传入的环境参数 '''env变量''', dev / prd有不同的行为 | |||
<nowiki>#</nowiki> dev will create "${space_name}-uat-*" and "${space_name}-sit-*" index pattern | |||
<nowiki>#</nowiki> prd will only create "${space_info}-prd-*" index pattern | |||
一键创建kibana工作区(space),配置工作区对应的index_patters,和创建对应只读角色的脚本 | 一键创建kibana工作区(space),配置工作区对应的index_patters,和创建对应只读角色的脚本 | ||
第6行: | 第18行: | ||
#################################################################### | #################################################################### | ||
# Author: sanXian | # Author: sanXian | ||
# Version: v1. | # Version: v1.2 | ||
# Description: Script to create kibana space, | # Description: Script to create kibana space, | ||
# space's index patterns and corresponding viewer role | # space's index patterns and corresponding viewer role | ||
第119行: | 第131行: | ||
for i in ${expected_index_patterns[@]} | for i in ${expected_index_patterns[@]} | ||
do | do | ||
index_patterns_id=`curl "${kibana_url}/s/${space_info}/api/saved_objects/_find?fields=title&fields=type&per_page=10&type=index-pattern&search=$i" "${curl_options[@]}" | jq -cr .saved_objects[0].id` | index_patterns_id=`curl "${kibana_url}/s/${space_info}/api/saved_objects/_find?fields=title&fields=type&per_page=10&type=index-pattern&search=%22${i}%22" "${curl_options[@]}" | jq -cr .saved_objects[0].id` | ||
if [[ $index_patterns_id == "null" ]]; then echo "Something Error occurred while getting the index_pattern id! exit... ";exit;fi | if [[ $index_patterns_id == "null" ]]; then echo "Something Error occurred while getting the index_pattern id! exit... ";exit;fi | ||
echo_green "index pattern $i id is ${index_patterns_id}, settings of the index mode column is being changed" | echo_green "index pattern $i id is ${index_patterns_id}, settings of the index mode column is being changed" | ||
第172行: | 第184行: | ||
echo | echo | ||
echo "End of script." | echo "End of script." | ||
</nowiki></pre> | </nowiki></pre>Usage: | ||
'''space_name需要同时就是相应只读索引的开头重合名字''' | |||
bash kibana-space-create-index-pattern.sh elastic elastic_password space_name | |||
涉及的权限配置分为kibana space可见性配置及es role配置,如果需要用户可以保存搜索记录 或者 修改保存对象等权限,需要自行调整(可以改脚本或者单独改role配置) | |||
[[分类:Kibana]] | |||
[[分类:Efk]] | |||
[[分类:Linux]] | |||
{{DEFAULTSORT:kibana工作区(space)和对应只读角色的脚本}} |
2023年8月2日 (三) 17:51的最新版本
在ELK日志体系下,可以将用户通过不同的kibana space实现用户权限隔离
这里使用脚本简化工作(需要根据实际环境需求微调索引名字/空间名字/kibana版本/kibana地址/环境参数)
注意传入的环境参数 env变量, dev / prd有不同的行为
# dev will create "${space_name}-uat-*" and "${space_name}-sit-*" index pattern
# prd will only create "${space_info}-prd-*" index pattern
一键创建kibana工作区(space),配置工作区对应的index_patters,和创建对应只读角色的脚本
#!/bin/env bash set -eu #################################################################### # Author: sanXian # Version: v1.2 # Description: Script to create kibana space, # space's index patterns and corresponding viewer role #################################################################### kibana_url="http://your_kibana_url" username=$1 password=$2 space_info=$3 kibana_version="7.12.1" # dev will create "${space_name}-uat-*" and "${space_name}-sit-*" index pattern # prd will only create "${space_info}-prd-*" index pattern env=dev #dev / prd curl_options=( "-u" "$username:$password" "-H" "kbn-version: ${kibana_version}" "-H" "Content-Type: application/json" "-s" ) function echo_green(){ echo -en "\e[32m" echo -n "$*" echo -e "\e[0m" } printf "%-35s%s\n" "`echo_green Kibana URL:`" ${kibana_url} printf "%-35s%s\n" "`echo_green Kibana Space Name:`" ${space_info} # Create the Kibana space, exists will get an error msg echo_green Trying to create kibana space ${space_info}... curl "${kibana_url}/api/spaces/space" "${curl_options[@]}" \ --data-binary @- << EOF { "id": "${space_info}", "name": "${space_info}", "description": "${space_info}", "initials": "", "disabledFeatures": [ "siem", "logs", "infrastructure", "apm", "uptime", "enterpriseSearch", "advancedSettings", "savedObjectsManagement", "savedObjectsTagging", "fleet", "actions", "stackAlerts", "monitoring" ] } EOF echo # 先判断pattern是否存在于特定space,存在则不创建 index_patterns_res=`curl "${kibana_url}/s/${space_info}/api/saved_objects/_find?fields=title&fields=type&per_page=10000&type=index-pattern" "${curl_options[@]}"| jq -c .saved_objects[]` printf "%-35s" "`echo_green Current Index Patterns:`" index_patterns=(`echo "$index_patterns_res"| jq -r .attributes.title`) if [[ ${#index_patterns[@]} == 0 ]] then echo -n "No index patterns configuration found!" else for i in ${index_patterns[@]} do echo -n $i "" done fi echo function create_index_pattern(){ printf "%-35s%s %s\n" "`echo_green Expected Index patterns:`" "${expected_index_patterns[@]}" for i in ${expected_index_patterns[@]} do if [[ ${#index_patterns[@]} != 0 && "${index_patterns[*]}" =~ "$i" ]] then echo "index pattern $i already exist, continue" continue fi echo "index pattern $i creating..." curl "${kibana_url}/s/${space_info}/api/saved_objects/index-pattern" "${curl_options[@]}" \ --data-binary @- << EOF { "attributes": { "fieldAttrs": "{}", "title": "$i", "timeFieldName": "@timestamp", "sourceFilters": "[{\"value\":\"kubernetes.*label*\"},{\"value\":\"agent.*\"}]", "fields": "[]", "runtimeFieldMap": "{}" } } EOF echo done } if [[ "$env" == "prd" ]] then expected_index_patterns=( "${space_info}-prd-*" ) else expected_index_patterns=( "${space_info}-uat-*" "${space_info}-sit-*" ) fi create_index_pattern # Change the index pattern columns settings # API: /s/${space_info}/api/saved_objects/_find?fields=title&per_page=10&type=index-pattern&filter=index-pattern.attributes.title:%22${index-pattern}%22 # API: /s/${space_info}/api/saved_objects/_find?fields=title&per_page=10&type=index-pattern&search=%22${index-pattern}%22 for i in ${expected_index_patterns[@]} do index_patterns_id=`curl "${kibana_url}/s/${space_info}/api/saved_objects/_find?fields=title&fields=type&per_page=10&type=index-pattern&search=%22${i}%22" "${curl_options[@]}" | jq -cr .saved_objects[0].id` if [[ $index_patterns_id == "null" ]]; then echo "Something Error occurred while getting the index_pattern id! exit... ";exit;fi echo_green "index pattern $i id is ${index_patterns_id}, settings of the index mode column is being changed" curl -XPUT "${kibana_url}/s/${space_info}/api/saved_objects/index-pattern/${index_patterns_id}" "${curl_options[@]}" \ --data-binary @- << EOF { "attributes": { "fieldAttrs": "{}", "title": "$i", "timeFieldName": "@timestamp", "sourceFilters": "[{\"value\":\"kubernetes.*label*\"},{\"value\":\"agent.*\"}]", "fields": "[]", "runtimeFieldMap": "{}" } } EOF echo done # Create corresponding kibana role echo_green "Corresponding kibana viewer role creating..." curl -XPUT "${kibana_url}/s/${space_info}/api/security/role/${space_info}" "${curl_options[@]}" -i \ --data-binary @- << EOF { "elasticsearch": { "cluster": [], "indices": [ { "names": [ "${space_info}-*" ], "privileges": [ "read" ] } ], "run_as": [] }, "kibana": [ { "spaces": [ "${space_info}" ], "base": [ "read" ], "feature": {} } ] } EOF echo echo "End of script."
Usage:
space_name需要同时就是相应只读索引的开头重合名字
bash kibana-space-create-index-pattern.sh elastic elastic_password space_name
涉及的权限配置分为kibana space可见性配置及es role配置,如果需要用户可以保存搜索记录 或者 修改保存对象等权限,需要自行调整(可以改脚本或者单独改role配置)