I am trying to automate the configuration changes for ReadonlyREST.
Manually editing the ReadonlyREST configuration in the Kibana App (/app/readonlyrest_kbn) works, but I would like for this to be done by an automation solution.
Every time a new index is created for a project, the ReadonlyREST configuration needs to be adjusted by adding a section for it such as:
How can I supply the ReadonlyREST configuration and Save it via the API so that this can be performed automatically ?
An alternative to this would be to generate the readonlyrest.yml, copy it to each elasticsearch node in the cluster and restart elasticsearch on each node.
My company is a ReadonlyREST Enterprise Subscriber.
The simplest way to automatically allow certain class of indices to a certain ACL block is to use indices name prefixes (for as much as possible) for example:
The accountants should create accounants_index1, accountants_index2, etc. So you can write:
indices: [".kibana", "accountants_*"]
And no changes are ever needed.
However, I understand this is not always possible. So the only other way is to use the settings API the Kibana App uses. But that is an internal API, so it’s undocuemnted and we are not able to guarantee it will remain unchanged in time. As a matter of fact, it’s recently received a facelift. Right @coutoPL?
Yes, we have internal API and endpoint to reload config which works pretty much like this:
receive POST request with readonlyrest.yml content as a payload
validate the config
if config is valid, save it in ROR settings index
all nodes will be reloaded after scheduled interval (default 5s)
We could send a document how to use it but as Simone said, this is our internal API and we cannot guarantee that we won’t change it in a future (obviously we can notify you about the changes but we are not going to maintain backward compatibility of such API).