How can I add role with curl?

Hi!

How can I add role with curl?

logstash’s role is permitted to add only logstash-* and *beat* indecies.
But, I wish to add yaf.* indecies

I wish to call curl from ansible, so I can’t use Kibana interface.

Here is fail example.

vagrant@ubuntu-bionic:~$ curl -d @role.yaf.json -H “Content-Type: application/json” https://localhost:9200/_opendistro/_security/api/roles -u admin:admin --insecure
{“error”:“Incorrect HTTP method for uri [/_opendistro/_security/api/roles] and method [POST], allowed: [PATCH, GET]”,“status”:405}

vagrant@ubuntu-bionic:~ cat role.yaf.json { "yaf" : { "hidden" : false, "description" : "Provide the minimum permissions for yaf", "cluster_permissions" : [ "cluster_monitor", "cluster_composite_ops", "indices:admin/template/get", "indices:admin/template/put", "cluster:admin/ingest/pipeline/put", "cluster:admin/ingest/pipeline/get" ], "index_permissions" : [ { "index_patterns" : [ "yaf.*" ], "fls" : [ ], "masked_fields" : [ ], "allowed_actions" : [ "crud", "create_index" ] } ], "tenant_permissions" : [ ] } } vagrant@ubuntu-bionic:~

Thanks!

Hi @t-umeno, here’s an example. Sorry for the minified JSON:

$ curl -XPUT https://localhost:9200/_opendistro/_security/api/roles/my-curl-role -u admin:admin -k -H 'Content-Type: application/json' -d '{"cluster_permissions":["cluster_composite_ops","indices_monitor"],"index_permissions":[{"index_patterns":["movies*"],"dls":"","fls":[],"masked_fields":[],"allowed_actions":["read"]}],"tenant_permissions":[{"tenant_patterns":["human_resources"],"allowed_actions":["kibana_all_read"]}]}'

Response from my cluster:

{"status":"CREATED","message":"'my-curl-role' created."}

Hi @aetter, I’ll try this. Thank you!