I have an elasticsearch(2.4.4) server and I'm using elasticsearch java client to manage indicies. I've added authentication with elasticsearch shield plugin(2.2.0) and it works properly. Now, i want to create new roles dynamically but it seems that not possible to do this using client.
Is it the only way making API requests to manage roles dynamically or am i missing something?
Related
How do we map LDAP groups to the teams in OLAM? OLAM is based on the upstream project Ansible AWX.
I am trying to implement RBAC in OLAM. It seems we need to create new LDAP object in OLAM every time we want to map new LDAP group to the team.
OLAM documentation:
https://docs.oracle.com/en/operating-systems/oracle-linux-automation-manager
I'm trying to map users to kibana roles, however, when I do a GET request on _plugins/_security
I get a 401 error. I'm trying to do this from Kibana dashboard where I have all_access
role as well as from an Ec2 instance where the machine role is mapped to all_access
role. Need help in understanding how can I fix the same.
{"Message":"Your request: '/_plugins/_security' is not allowed."}
you will need to ask aws about this, as they run a fork of Elasticsearch that doesn't contain this particular functionality
On our version of AWS ES, I have to do this prefix in order to access the security API:
GET _opendistro/_security/api/roles
What you have to understand is the AWS ES does not use the "normal" ElasticSearch, it uses the OpenDistro version, therefor some commands are different.
Here is the link to the API doc for security :
https://opendistro.github.io/for-elasticsearch-docs/docs/security/access-control/api/#access-control-for-the-api
I am working on a cloud based application using Apache Nifi, for this we required to support Multitenency. But the current Nifi implementation only supports role based access for users, for a single flow.
I could understand that the flow state is saved as a single compressed XML file for a Nifi instance. So that who ever logins into that instance can view the same flow. Our requirement is to create unique flows for each user login. I tried to replicate state saving gz XML file for each users, but couldn't succeeded as the FlowService/FlowController which loads the XML file, is instantiated at the application startup and they are singleton. Please correct me, if Iam wrong with this approach. Or is there any other solution for adding Multitenant support with Nifi. I also wonder the reason behind the Nifi as a single user application.
Multi-tenant support will be introduced in Apache NiFi 1.0.0. There is a BETA release available [1]. This will support assigning permissions on a per component basis. However, the different tenants still share a canvas. There has been discussions of introducing a workspace concept that could provide visually separate dataflows.
[1] https://nifi.apache.org/download.html
I have a running application in which client wants to implement BlogEngine, I have done almost but in the existing application there are also a registration, so now i want that when a user registration at my application that particular user be able to login in blogEngine.
I am using sql database and set all the settings in web.config.
Abhisheks, It sounds like you want to use the same user system as your existing web application. What you need to do is configure your authentication provider for BE.net to use the same user system as your existing app. You can either roll your own provider via code, or if your existing app is using the standard .net auth provider, then you should be able to just piggy-back off of that by configuring BE to use that via your web.config file.
Is it possible to create a new user in sonar without using the web interface?
I need to write a script that inserts the same users for some tools, including sonar.
There are three ways you can do this:
Write directly to the database (there is a simple table called users).
Use the LDAP plugin, if you specify sonar.authenticator.createUsers: true in sonar.properties, it will create the users in the sonar database automatically the first time they authenticate.
Write a java application that depends on the sonar plugin API, you can then use constructor injection to get a Sonar hibernate session and persist the user you want. See Here.
Since SonarQube version 3.6, there is support for user management in webservice API:
https://sonarqube.com/web_api/api/users
http://docs.sonarqube.org/display/DEV/Web+API
The web service API does not seem to support user management. Anything's possible, but it doesn't look like this is offered directly via Sonar.
You could probably use some web automation library (webbrowser, webunit, watir, twill) to do it through the running server; it might even be possible to just use something like 'curl' by looking carefully at the page source for the users/create form.
Or, if you want to go straight to the database, you could try to pull out the user creation functionality from the code and mess with the sonar.users table directly.
There is the LDAP Plugin, which would take care of authentication, but it still requires you to create the users in Sonar, so that wouldn't solve your problem.