fix: change password for builtin users
This commit is contained in:
parent
f1ba54d2ad
commit
0ab1bd2023
4 changed files with 61 additions and 6 deletions
11
README.md
11
README.md
|
|
@ -25,6 +25,17 @@ Install and configure Elasticsearch
|
||||||
path.logs: /var/log/elasticsearch
|
path.logs: /var/log/elasticsearch
|
||||||
```
|
```
|
||||||
|
|
||||||
|
* `elasticsearch_users` - hash with the users to managed
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
toto:
|
||||||
|
password: supers3cret
|
||||||
|
roles:
|
||||||
|
- viewer
|
||||||
|
kibana_system:
|
||||||
|
password: supertest2
|
||||||
|
```
|
||||||
|
|
||||||
* `elasticsearch_index_templates` - hash with the index templates configuration
|
* `elasticsearch_index_templates` - hash with the index templates configuration
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
|
||||||
|
|
@ -17,6 +17,21 @@ class ElasticsearchUser:
|
||||||
self.exist = False
|
self.exist = False
|
||||||
self.data = {}
|
self.data = {}
|
||||||
|
|
||||||
|
def is_builtin(self):
|
||||||
|
users = [
|
||||||
|
'apm_system',
|
||||||
|
'beats_system',
|
||||||
|
'elastic',
|
||||||
|
'kibana',
|
||||||
|
'kibana_system',
|
||||||
|
'logstash_system',
|
||||||
|
'remote_monitoring_user'
|
||||||
|
]
|
||||||
|
if self.name in users:
|
||||||
|
return True
|
||||||
|
|
||||||
|
return False
|
||||||
|
|
||||||
def get_data(self):
|
def get_data(self):
|
||||||
status_code, data = self.api.get('_security/user/{}'.format(self.name))
|
status_code, data = self.api.get('_security/user/{}'.format(self.name))
|
||||||
if status_code == 200:
|
if status_code == 200:
|
||||||
|
|
@ -64,6 +79,14 @@ class ElasticsearchUser:
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
|
def change_password(self):
|
||||||
|
self.api.post(
|
||||||
|
'_security/user/{}/_password'.format(self.name),
|
||||||
|
{
|
||||||
|
'password': self.password
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
def delete(self):
|
def delete(self):
|
||||||
self.api.delete('_security/user/{}'.format(self.name))
|
self.api.delete('_security/user/{}'.format(self.name))
|
||||||
|
|
||||||
|
|
@ -91,6 +114,11 @@ def main():
|
||||||
)
|
)
|
||||||
user.get_data()
|
user.get_data()
|
||||||
|
|
||||||
|
if user.is_builtin():
|
||||||
|
if user.password_has_changed():
|
||||||
|
user.change_password()
|
||||||
|
changed = True
|
||||||
|
else:
|
||||||
if module.params['state'] == 'present':
|
if module.params['state'] == 'present':
|
||||||
if not user.exist or user.has_changed():
|
if not user.exist or user.has_changed():
|
||||||
user.create()
|
user.create()
|
||||||
|
|
|
||||||
|
|
@ -20,6 +20,20 @@ class ElasticsearchApi:
|
||||||
|
|
||||||
return r.status_code, r.json()
|
return r.status_code, r.json()
|
||||||
|
|
||||||
|
def post(self, path, data):
|
||||||
|
r = requests.post(
|
||||||
|
'{}/{}'.format(self.url, path),
|
||||||
|
auth=self.basic,
|
||||||
|
json=data
|
||||||
|
)
|
||||||
|
|
||||||
|
if r.status_code == 500:
|
||||||
|
raise Exception('Server return 500 error: {}'.format(r.text))
|
||||||
|
elif r.status_code == 401:
|
||||||
|
raise Exception('Authentification has failed')
|
||||||
|
elif r.status_code != 200:
|
||||||
|
raise Exception('Server return an unknown error: {}'.format(r.text))
|
||||||
|
|
||||||
def put(self, path, data):
|
def put(self, path, data):
|
||||||
r = requests.put(
|
r = requests.put(
|
||||||
'{}/{}'.format(self.url, path),
|
'{}/{}'.format(self.url, path),
|
||||||
|
|
|
||||||
|
|
@ -11,6 +11,8 @@
|
||||||
password: supers3cret
|
password: supers3cret
|
||||||
roles:
|
roles:
|
||||||
- viewer
|
- viewer
|
||||||
|
kibana_system:
|
||||||
|
password: supertest2
|
||||||
elasticsearch_index_templates:
|
elasticsearch_index_templates:
|
||||||
test:
|
test:
|
||||||
index_patterns:
|
index_patterns:
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue