API tools faq
paste
Guest User

Untitled

a guest
Apr 2nd, 2018
251
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.80 KB | None | 0 0
raw download clone embed print report
  1. # Tested with version 6.2.x of the Elastic Stack
  2.  
  3. # Add index templates
  4.  
  5. PUT _template/identity_store
  6. {
  7. "index_patterns": ["identity_store"],
  8. "settings": {
  9. "number_of_shards": 1
  10. },
  11. "mappings":{
  12. "doc":{
  13. "properties":{
  14. "key":{"type":"keyword"},
  15. "value":{"type":"keyword"}
  16. }
  17. }
  18. }
  19. }
  20.  
  21. PUT _template/order_items
  22. {
  23. "index_patterns": ["order_items-*"],
  24. "settings": {
  25. "number_of_shards": 1
  26. },
  27. "mappings":{
  28. "doc":{
  29. "properties":{
  30. "quantity":{"type":"integer"},
  31. "customer_age":{"type":"integer"},
  32. "customer_id":{"type":"integer"},
  33. "price":{"type":"float"},
  34. "created_on":{"type":"date"},
  35. "customer_gender":{"type":"keyword"},
  36. "sku":{"type":"keyword"},
  37. "ip":{"type":"keyword"},
  38. "user":{"type":"keyword"},
  39. "geoip":{
  40. "properties":{
  41. "country_iso_code":{"type":"keyword"},
  42. "location":{"type":"geo_point"}
  43. }
  44. }
  45. }
  46. }
  47. }
  48. }
  49.  
  50. # Add sample data
  51.  
  52. PUT identity_store/doc/6be0f12c7026124f637097b7af98dfe82711e7982648ef5c2f2cf51167ed17d0
  53. {
  54. "key": "6be0f12c7026124f637097b7af98dfe82711e7982648ef5c2f2cf51167ed17d0",
  55. "value": "86.58.0.0"
  56. }
  57.  
  58. PUT order_items-2018/doc/1
  59. {
  60. "geoip": {
  61. "country_iso_code": "GB",
  62. "location": {
  63. "lat": 52.4768,
  64. "lon": -1.9341
  65. }
  66. },
  67. "quantity": 1,
  68. "created_on": "2018-01-15T12:25:55+00:00",
  69. "customer_gender": "FEMALE",
  70. "customer_age": 31,
  71. "sku": "PI911NA30-C11",
  72. "customer_id": 46,
  73. "ip": "6be0f12c7026124f637097b7af98dfe82711e7982648ef5c2f2cf51167ed17d0",
  74. "user": "81c52b4457b4966544ec582f4e1e6d2e72ec7091ebe68172b2d4dc634998719c",
  75. "price": 59.99
  76. }
  77.  
  78. PUT order_items-2018/doc/2
  79. {
  80. "geoip": {
  81. "country_iso_code": "FR",
  82. "location": {
  83. "lat": 43.5513,
  84. "lon": 7.0128
  85. }
  86. },
  87. "quantity": 1,
  88. "created_on": "2018-01-15T12:34:34+00:00",
  89. "customer_gender": "FEMALE",
  90. "customer_age": 27,
  91. "sku": "K4422IA03-P11",
  92. "customer_id": 49,
  93. "ip": "8dd0255a39f96174c0035687f0c3a420395be6234eba82c4b9f297abfa9c0eea",
  94. "user": "46b6f0ae97088f7259ea1daf97deba6535971584da62c71874287406b980fd79",
  95. "price": 41.99
  96. }
  97.  
  98. # Add roles
  99.  
  100. PUT _xpack/security/role/identity_store-readonly
  101. {
  102. "indices": [
  103. {
  104. "names": ["identity_store"],
  105. "privileges": ["read"]
  106. }
  107. ]
  108. }
  109.  
  110. PUT _xpack/security/role/identity_store-write
  111. {
  112. "indices": [
  113. {
  114. "names": ["identity_store"],
  115. "privileges": ["index"]
  116. }
  117. ]
  118. }
  119.  
  120. PUT _xpack/security/role/order_items-abac-full
  121. {
  122. "indices": [
  123. {
  124. "names": ["order_items-*"],
  125. "privileges": ["read"],
  126. "query": {
  127. "template": {
  128. "source": "{\"terms\":{\"geoip.country_iso_code\":{{#toJson}}_user.metadata.visible_countries{{/toJson}}}}"
  129. }
  130. }
  131. }
  132. ]
  133. }
  134.  
  135. PUT _xpack/security/role/order_items-abac-restricted
  136. {
  137. "indices": [
  138. {
  139. "names": ["order_items-*"],
  140. "privileges": ["read"],
  141. "query": {
  142. "template": {
  143. "source": "{\"terms\":{\"geoip.country_iso_code\":{{#toJson}}_user.metadata.visible_countries{{/toJson}}}}"
  144. }
  145. },
  146. "field_security" : {
  147. "grant" : [ "*"],
  148. "except": [ "geoip.location.*", "customer_gender", "customer_age" ]
  149. }
  150. }
  151. ]
  152. }
  153.  
  154. PUT _xpack/security/role/order_items-fr-rbac-full
  155. {
  156. "indices": [
  157. {
  158. "names": ["order_items-*"],
  159. "privileges": ["read"],
  160. "query" : {
  161. "term" : { "geoip.country_iso_code" : "FR" }
  162. }
  163. }
  164. ]
  165. }
  166.  
  167. PUT _xpack/security/role/order_items-fr-rbac-restricted
  168. {
  169. "indices": [
  170. {
  171. "names": ["order_items-*"],
  172. "privileges": ["read"],
  173. "query" : {
  174. "term" : { "geoip.country_iso_code" : "FR" }
  175. },
  176. "field_security" : {
  177. "grant" : [ "*"],
  178. "except": [ "geoip.location.*", "customer_gender", "customer_age" ]
  179. }
  180. }
  181. ]
  182. }
  183.  
  184. PUT _xpack/security/role/order_items-gb-rbac-full
  185. {
  186. "indices": [
  187. {
  188. "names": ["order_items-*"],
  189. "privileges": ["read"],
  190. "query" : {
  191. "term" : { "geoip.country_iso_code" : "GB" }
  192. }
  193. }
  194. ]
  195. }
  196.  
  197. PUT _xpack/security/role/order_items-gb-rbac-restricted
  198. {
  199. "indices": [
  200. {
  201. "names": ["order_items-*"],
  202. "privileges": ["read"],
  203. "query" : {
  204. "term" : { "geoip.country_iso_code" : "GB" }
  205. },
  206. "field_security" : {
  207. "grant" : [ "*"],
  208. "except": [ "geoip.location.*", "customer_gender", "customer_age" ]
  209. }
  210. }
  211. ]
  212. }
  213.  
  214.  
  215. # Add users
  216.  
  217. PUT _xpack/security/user/identity_reader
  218. {
  219. "username": "identity_reader",
  220. "password": "testtest",
  221. "roles": ["kibana_user", "identity_store-readonly"],
  222. "full_name": "Identity Reader",
  223. "email": "identity_reader@example.com"
  224. }
  225.  
  226. PUT _xpack/security/user/identity_writer
  227. {
  228. "username": "identity_writer",
  229. "password": "testtest",
  230. "roles": ["kibana_user", "identity_store-write"],
  231. "full_name": "Identity Writer",
  232. "email": "identity_writer@example.com"
  233. }
  234.  
  235. PUT _xpack/security/user/abac1
  236. {
  237. "username": "abac1",
  238. "password": "testtest",
  239. "roles": ["kibana_user", "order_items-abac-restricted"],
  240. "full_name": "ABAC 1",
  241. "email": "abac1@example.com",
  242. "metadata": {
  243. "visible_countries": ["GB", "FR"]
  244. }
  245. }
  246.  
  247. PUT _xpack/security/user/abac2
  248. {
  249. "username": "abac2",
  250. "password": "testtest",
  251. "roles": ["kibana_user", "order_items-abac-full"],
  252. "full_name": "ABAC 2",
  253. "email": "abac2@example.com",
  254. "metadata": {
  255. "visible_countries": ["GB"]
  256. }
  257. }
  258.  
  259. PUT _xpack/security/user/rbac1
  260. {
  261. "username": "rbac1",
  262. "password": "testtest",
  263. "roles": ["kibana_user", "order_items-fr-rbac-restricted", "order_items-gb-rbac-restricted"],
  264. "full_name": "RBAC 1",
  265. "email": "rbac1@example.com"
  266. }
  267.  
  268. PUT _xpack/security/user/rbac2
  269. {
  270. "username": "rbac2",
  271. "password": "testtest",
  272. "roles": ["kibana_user", "order_items-gb-rbac-full"],
  273. "full_name": "RBAC 2",
  274. "email": "rbac2@example.com"
  275. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!