Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/ev2900/opensearch_user_role_premission_managment

Example python code manipulating the OpenSearch RESTful API for user, role and permission management
https://github.com/ev2900/opensearch_user_role_premission_managment

aws opensearch premission python restful-api role security user

Last synced: about 2 months ago
JSON representation

Example python code manipulating the OpenSearch RESTful API for user, role and permission management

Awesome Lists containing this project

README 

        
## Create a user



map-user map-user



The following snippet of python code creats a new OpenSearch user.



Before running the code snippet ensure you update any value surrounded by ```< >``` brackets



```

import requests

import json



request_body = {

		"password": "",

		"opendistro_security_roles": [""],

		"backend_roles": [""]

}



create_user = requests.put(

  '/_plugins/_security/api/internalusers/',

  auth = ('', ''),

  headers = {'Content-type': 'application/json'},

  data = json.dumps(request_body)

)



print(create_user.text)

```



You can also reference [create_a_user.py](https://github.com/ev2900/OpenSearch_User_Role_Premission_Managment/blob/main/create_a_user.py) for a scripted version of the code sample



## Mapping a user to an OpenSearch role



The following snippet of python code maps a user to an OpenSearch role.



Before running the code snippet ensure you update any value surrounded by ```< >``` brackets



```

import requests

import json



request_body = [

	{

		"op": "add",

		"path": "//-",

		"value": ""

	}

]



map_user_to_IAM_role = requests.patch(

  '/_plugins/_security/api/rolesmapping/',

  auth = ('', ''),

  headers = {'Content-type': 'application/json'},

  data = json.dumps(request_body)

)



print(map_user_to_IAM_role.text)

```



You can also reference [mapping_a_user_to_an_opensearch_role.py](https://github.com/ev2900/OpenSearch_User_Role_Premission_Managment/blob/main/mapping_a_user_to_an_opensearch_role.py) for a scripted version of the code sample



## Removing a user from an OpenSearch role mapping



The following snippet of python code removes a user from an OpenSearch role. OpenSearch stores user role mapping as separate lists for backend roles and users. Unfortunately the HTTP ```PATCH``` operation does not support removing an object from a list using the value name of the object. Instead ```PATCH``` supports deleting objects based on the index ie. position of the object in the list. Consequently the python code snippet below has two parts. The first part finds the index position of the user. The second part uses the index position to remove the user from the role mapping.



Before running the code snippet ensure you update any value surrounded by ```< >``` brackets



```

import requests

import json



# 1. Find the index position of the user

get_user_mapped_to_IAM_role = requests.get(

  '/_plugins/_security/api/rolesmapping/',

  auth = ('', ''),

  headers = {'Content-type': 'application/json'}

)



users_or_backend_users_mapped_to_role = get_user_mapped_to_IAM_role.json()['']['']



for index_position, name in enumerate(users_or_backend_users_mapped_to_role):

	if name == '':

		index_position_to_delete = index_position



# 2. Use the index position to remove the user from the role mapping

request_body = [

	{

		"op": "remove",

		"path": "//" + str(index_position_to_delete),

		"value": ""

	}

]



remove_user_to_IAM_role = requests.patch(

  'https:///_plugins/_security/api/rolesmapping/',

  auth = ('', ''),

  headers = {'Content-type': 'application/json'},

  data = json.dumps(request_body)

)



print(remove_user_to_IAM_role.text)

```



You can also reference [removing_a_user_from_an_opensearch_role_mapping.py](https://github.com/ev2900/OpenSearch_User_Role_Premission_Managment/blob/main/removing_a_user_from_an_opensearch_role_mapping.py) for a scripted version of the code sample