Example of configuring Search Guard
This example implements the generic concepts presented in Configuring security for Siren Federate using Search Guard.
Before you begin, ensure that Search Guard is installed in your cluster, and that you know how to configure users, roles, and permissions.
For more information, see the Search Guard documentation and the introduction in Configuring security for Siren Federate ifndef::output-html,output-pdf[Configuring security for Siren Federate].
Configuring action groups
The sg_action_groups.yml
file contains named groups of permissions that can be referred to in the definition of roles. The following are the action groups that are suitable for Siren Federate.
###### INDEX LEVEL ######
INDICES_ALL:
allowed_actions:
- "indices:*"
MANAGE:
allowed_actions:
- "indices:monitor/*"
- "indices:admin/*" (1)
WRITE:
allowed_actions:
- "indices:data/write*"
- "indices:admin/mapping/put"
READ: (2)
allowed_actions:
- "indices:data/read*"
VIEW_INDEX_METADATA: (3)
allowed_actions:
- "indices:admin/aliases/get"
- "indices:admin/aliases/exists"
- "indices:admin/get"
- "indices:admin/exists"
- "indices:admin/mappings/fields/get*"
- "indices:admin/mappings/get*"
- "indices:admin/mappings/federate/connector/get*"
- "indices:admin/mappings/federate/connector/fields/get*"
- "indices:admin/types/exists"
- "indices:admin/validate/query"
- "indices:monitor/settings/get"
###### CLUSTER LEVEL ######
CLUSTER_ALL:
allowed_actions:
- "cluster:*"
CLUSTER_MONITOR:
allowed_actions:
- "cluster:monitor/*" (4)
CLUSTER_COMPOSITE_OPS:
allowed_actions:
- CLUSTER_COMPOSITE_OPS_RO
- "indices:data/write/bulk"
CLUSTER_COMPOSITE_OPS_RO:
allowed_actions:
- "indices:data/read/mget"
- "indices:data/read/msearch"
- "indices:data/read/mtv"
- "indices:data/read/scroll*"
CLUSTER_MANAGE: (5)
allowed_actions:
- CLUSTER_INTERNAL_FEDERATE
- "cluster:admin/federate/*"
- "indices:admin/aliases*"
CLUSTER_INTERNAL_FEDERATE: (6)
allowed_actions:
- "cluster:internal/federate/*"
Configuring role-based access control
The sg_roles.yml
file contains a list of user roles. Each role contains a set of permissions at the cluster level and for individual indices.
For example, to define the Admin role and the User role for the companies
index, open the sg_roles.yml
file and specify the following:
federate_admin:
cluster_permissions:
- CLUSTER_MANAGE (1)
- CLUSTER_MONITOR (2)
index_permissions:
- index_patterns:
- 'companies'
allowed_actions:
- MANAGE
- READ
- VIEW_INDEX_METADATA (3)
federate_user:
cluster_permissions:
- CLUSTER_INTERNAL_FEDERATE (4)
index_permissions:
- index_patterns:
- 'company'
allowed_actions:
- READ
- VIEW_INDEX_METADATA (3)
The System role
The following is an example of a System role that can manage internal Siren Federate indices.
federate_system:
index_permissions:
- index_patterns:
- '?siren-federate-*'
allowed_actions:
- INDICES_ALL
The Admin role
The following is an example of an Admin role called connector_admin
that can manage the index db_mysql
.
connector_admin:
cluster_permissions:
- CLUSTER_MANAGE
- CLUSTER_MONITOR
index_permissions:
- index_patterns:
- 'db_mysql'
allowed_actions:
- READ
- VIEW_INDEX_METADATA
- MANAGE
The User role
The following is an example of a User role called connector_user
with read-only access to the index called db_mysql
.
connector_user:
cluster:
- CLUSTER_INTERNAL_FEDERATE
index_permissions:
- index_patterns:
- 'db_mysql'
allowed_actions:
- READ
- VIEW_INDEX_METADATA
The following is an example of a User role called logs_viewer
that can read-only multiple indices that are prefixed with logstash-
.
.sg_roles.yml
logs_viewer:
index_permissions:
- index_patterns:
- 'logstash-*'
allowed_actions:
- READ
- VIEW_INDEX_METADATA