一键创建kibana工作区(space)和对应只读角色的脚本

来自三线的随记
Admin讨论 | 贡献2023年8月2日 (三) 17:47的版本 (修复搜索index-pattern拿不到结果的问题)

在ELK日志体系下,可以将用户通过不同的kibana space实现用户权限隔离

这里使用脚本简化工作(需要根据实际环境需求微调索引名字/空间名字/kibana版本/kibana地址/环境参数)


注意传入的环境参数 env变量, dev / prd有不同的行为

# dev will create "${space_name}-uat-*" and "${space_name}-sit-*" index pattern

# prd will only create "${space_info}-prd-*" index pattern


一键创建kibana工作区(space),配置工作区对应的index_patters,和创建对应只读角色的脚本

#!/bin/env bash
set -eu
####################################################################
# Author: sanXian
# Version: v1.1
# Description: Script to create kibana space,
#              space's index patterns and corresponding viewer role
####################################################################

kibana_url="http://your_kibana_url"
username=$1
password=$2
space_info=$3
kibana_version="7.12.1"
# dev will create "${space_name}-uat-*" and "${space_name}-sit-*" index pattern
# prd will only create "${space_info}-prd-*" index pattern
env=dev #dev / prd

curl_options=(
  "-u" "$username:$password"
  "-H" "kbn-version: ${kibana_version}"
  "-H" "Content-Type: application/json"
  "-s"
)

function echo_green(){
  echo -en "\e[32m"
  echo -n "$*"
  echo -e "\e[0m"
}

printf "%-35s%s\n" "`echo_green Kibana URL:`" ${kibana_url}
printf "%-35s%s\n" "`echo_green Kibana Space Name:`" ${space_info}

# Create the Kibana space, exists will get an error msg
echo_green Trying to create kibana space ${space_info}...
curl "${kibana_url}/api/spaces/space" "${curl_options[@]}" \
--data-binary @- << EOF
{
  "id": "${space_info}",
  "name": "${space_info}",
  "description": "${space_info}",
  "initials": "",
  "disabledFeatures": [
    "siem",
    "logs",
    "infrastructure",
    "apm",
    "uptime",
    "enterpriseSearch",
    "advancedSettings",
    "savedObjectsManagement",
    "savedObjectsTagging",
    "fleet",
    "actions",
    "stackAlerts",
    "monitoring"
  ]
}
EOF
echo

# 先判断pattern是否存在于特定space,存在则不创建
index_patterns_res=`curl "${kibana_url}/s/${space_info}/api/saved_objects/_find?fields=title&fields=type&per_page=10000&type=index-pattern" "${curl_options[@]}"| jq -c .saved_objects[]`
printf "%-35s" "`echo_green Current Index Patterns:`"
index_patterns=(`echo "$index_patterns_res"| jq -r .attributes.title`)
if [[ ${#index_patterns[@]} == 0 ]]
then
  echo -n "No index patterns configuration found!"
else
  for i in ${index_patterns[@]}
  do
    echo -n $i ""
  done
fi
echo

function create_index_pattern(){
  printf "%-35s%s %s\n" "`echo_green Expected Index patterns:`" "${expected_index_patterns[@]}"
  for i in ${expected_index_patterns[@]}
  do
   if [[ ${#index_patterns[@]} != 0 && "${index_patterns[*]}" =~ "$i"  ]]
   then
     echo "index pattern $i already exist, continue"
     continue
   fi
  echo "index pattern $i creating..."
  curl "${kibana_url}/s/${space_info}/api/saved_objects/index-pattern" "${curl_options[@]}" \
--data-binary @- << EOF
{
  "attributes": {
    "fieldAttrs": "{}",
    "title": "$i",
    "timeFieldName": "@timestamp",
    "sourceFilters": "[{\"value\":\"kubernetes.*label*\"},{\"value\":\"agent.*\"}]",
    "fields": "[]",
    "runtimeFieldMap": "{}"
  }
}
EOF
  echo
  done
}

if [[ "$env" == "prd" ]]
then
  expected_index_patterns=( "${space_info}-prd-*" )
else
  expected_index_patterns=( "${space_info}-uat-*" "${space_info}-sit-*" )
fi
create_index_pattern

# Change the index pattern columns settings
# API: /s/${space_info}/api/saved_objects/_find?fields=title&per_page=10&type=index-pattern&filter=index-pattern.attributes.title:%22${index-pattern}%22
# API: /s/${space_info}/api/saved_objects/_find?fields=title&per_page=10&type=index-pattern&search=%22${index-pattern}%22
for i in ${expected_index_patterns[@]}
  do
  index_patterns_id=`curl "${kibana_url}/s/${space_info}/api/saved_objects/_find?fields=title&fields=type&per_page=10&type=index-pattern&search=%22$i%22" "${curl_options[@]}" | jq -cr .saved_objects[0].id`
  if [[ $index_patterns_id == "null" ]]; then echo "Something Error occurred while getting the index_pattern id! exit... ";exit;fi
  echo_green "index pattern $i id is ${index_patterns_id}, settings of the index mode column is being changed"
  curl -XPUT "${kibana_url}/s/${space_info}/api/saved_objects/index-pattern/${index_patterns_id}" "${curl_options[@]}" \
--data-binary @- << EOF
{
  "attributes": {
    "fieldAttrs": "{}",
    "title": "$i",
    "timeFieldName": "@timestamp",
    "sourceFilters": "[{\"value\":\"kubernetes.*label*\"},{\"value\":\"agent.*\"}]",
    "fields": "[]",
    "runtimeFieldMap": "{}"
  }
}
EOF
  echo
  done

# Create corresponding kibana role
echo_green "Corresponding kibana viewer role creating..."
curl -XPUT "${kibana_url}/s/${space_info}/api/security/role/${space_info}" "${curl_options[@]}" -i \
--data-binary @- << EOF
{
  "elasticsearch": {
    "cluster": [],
    "indices": [
      {
        "names": [
          "${space_info}-*"
        ],
        "privileges": [
          "read"
        ]
      }
    ],
    "run_as": []
  },
  "kibana": [
    {
      "spaces": [
        "${space_info}"
      ],
      "base": [
        "read"
      ],
      "feature": {}
    }
  ]
}
EOF
echo
echo "End of script."

Usage:

space_name需要同时就是相应只读索引的开头重合名字

bash kibana-space-create-index-pattern.sh elastic elastic_password space_name


涉及的权限配置分为kibana space可见性配置及es role配置,如果需要用户可以保存搜索记录 或者 修改保存对象等权限,需要自行调整(可以改脚本或者单独改role配置)