This post is older than a year. Consider some information might not be accurate anymore.
Shield is the security plugin for Elasticsearch. Security in Elasticsearch is based on users with associated roles. A quick demonstration how to use it.
First you need to setup the realm in the elasticsearch.yml configuration. Find below a custom test configuration:
cluster.name: demo
#
node:
name: master
master: true
data: true
#
path:
data: /var/opt/es/data
logs: /var/log/es
#
network.host: alpha
network.bind_host:
- _local_
- _bond0:ipv4_
http.port: 3333
shield:
enabled: true
authc:
realms:
file:
type: file
order: 0
native:
type: native
order: 1
The native realm stores the security data in elasticsearch itself. Create user
curl -XPOST -u admin http://alpha:3333/_shield/user/ironman -d '
{
"password" : "frontoff!ce-f0reve3",
"roles" : [ "devops" ],
"full_name" : "Michel Erard",
"email" : "er7@not-real.org",
"metadata" : {
"intelligence" : 7
}
}'
Log entry in the elasticsearch log
[2016-08-11 13:48:21,460][INFO ][shield.action.user ] [client] added user [ironman]
Show created user
vinh@alpha:~> curl -XGET -u admin http://alpha:3333/_shield/user
Enter host password for user 'admin':
{"ironman":{"username":"ironman","roles":["devops"],"full_name":"Michel Erard","email":"er7@acme.com","metadata":{"intelligence":7}}}
Query es as user ironman
vinh@alpha:~> curl -XGET -u ironman http://alpha:3333
Enter host password for user 'ironman':
{
"name" : "master",
"cluster_name" : "demo",
"version" : {
"number" : "2.3.3",
"build_hash" : "218bdf10790eef486ff2c41a3df5cfa32dadcfde",
"build_timestamp" : "2016-05-17T15:40:04Z",
"build_snapshot" : false,
"lucene_version" : "5.5.0"
},
"tagline" : "You Know, for Search"
}
Delete user
vinh@alpha:~> curl -XDELETE -u admin http://alpha:4444/_shield/user/ironman
Enter host password for user 'admin':
{"found":true}