Elasticsearch搭建好以后,我需要设置一个普通账户testuser,对所有叫test开头的索引有操作权限。
查看所有权限:
curl -XGET -u elastic:elastic123 http://127.0.0.1:9200/_xpack/security/role/
新建ROLES(规则名:testrole)
curl -XPOST -H 'Content-type: application/json' -u elastic:elastic123 'http://127.0.0.1:9200/_xpack/security/role/testrole?pretty' -d '{
"cluster":["all"],
"indices":[
{
"names":["test-*"],
"privileges":["all"]
}
]
}'
查看新的ROLES
curl -XGET -H 'Content-type: application/json' -u elastic:elastic123 'http://127.0.0.1:9200/_xpack/security/role/testrole?pretty'
新建用户并绑定ROLES
curl -XPOST -H 'Content-type: application/json' -u elastic:elastic123 'http://127.0.0.1:9200/_xpack/security/user/testuser?pretty' -d '{
"password":"Test123",
"full_name":"testuser",
"roles":["testrole"]
}'
查看用户详情
curl -XGET -u elastic:elastic123 http://127.0.0.1:9200/_xpack/security/user/
用新建的test账户去创建索引
curl -X PUT -u test:Test123 "http://127.0.0.1:9200/test-2025-02-06" -H 'Content-Type: application/json' -d'
{
"mappings": {
"properties": {
"name": {
"type": "text"
},
"age": {
"type": "integer"
},
"date_of_birth": {
"type": "date"
}
}
}
}'
用当前用户查看索引
curl -X GET -u test:Test123 'http://127.0.0.1:9200/_cat/indices?pretty'
删除刚才创建的索引
curl -X DELETE -u test:Test123 "http://127.0.0.1:9200/test-2025-02-06"