94 lines
3.2 KiB
Plaintext
94 lines
3.2 KiB
Plaintext
|
[[example]]
|
||
|
|
== Appendix 6. Full `esusers` Example
|
||
|
|
|
||
|
|
[float]
|
||
|
|
=== Putting it all together: Ecommerce Store Example
|
||
|
|
|
||
|
|
The e-commerce store site in this example store has the following components:
|
||
|
|
|
||
|
|
* A webshop application, which executes queries
|
||
|
|
* A nightly bulk import process, which reindexes the documents to ensure correct pricing for the following day
|
||
|
|
* A update mechanism that writes data concurrently during business hours on a per-document base
|
||
|
|
* A sales representative that needs to read sales-specific indices
|
||
|
|
|
||
|
|
[float]
|
||
|
|
=== Defining the roles
|
||
|
|
|
||
|
|
[source,yaml]
|
||
|
|
--------------------------------------------------
|
||
|
|
bulk:
|
||
|
|
indices:
|
||
|
|
'products_*': write, manage, read
|
||
|
|
|
||
|
|
updater:
|
||
|
|
indices:
|
||
|
|
'products': index, delete, indices:admin/optimize
|
||
|
|
|
||
|
|
webshop:
|
||
|
|
indices:
|
||
|
|
'products': search, get
|
||
|
|
|
||
|
|
monitoring:
|
||
|
|
cluster: monitor
|
||
|
|
indices:
|
||
|
|
'*': monitor
|
||
|
|
|
||
|
|
sales_rep :
|
||
|
|
cluster : none
|
||
|
|
indices:
|
||
|
|
'sales_*' : all
|
||
|
|
'social_events' : data_access, monitor
|
||
|
|
--------------------------------------------------
|
||
|
|
|
||
|
|
Let's step through each of the role definitions:
|
||
|
|
|
||
|
|
* The `bulk` role definition has the privileges to create/delete all indices starting with `products_` as well as
|
||
|
|
indexing data into it. This set of privileges enables the user with this role to delete and repopulate a particular
|
||
|
|
index.
|
||
|
|
|
||
|
|
* The `updater` role does not require any information about concrete indices. The only privileges required for updating
|
||
|
|
the `products` index are the `write` and `delete` privileges, as well as index optimization.
|
||
|
|
|
||
|
|
* The `webshop` role is a read-only role that solely executes queries and GET requests.
|
||
|
|
|
||
|
|
* The `monitoring` role extracts monitoring data for display on an internal screen of the web application.
|
||
|
|
|
||
|
|
* The `sales_rep` role has write access on all indices starting with `sales` and read access to the `social_events`
|
||
|
|
index.
|
||
|
|
|
||
|
|
[float]
|
||
|
|
=== Creating Users and Their Roles
|
||
|
|
|
||
|
|
After creating the `roles.yml` file, you can use the `esusers` tool to create the needed users and the respective
|
||
|
|
user-to-role mapping.
|
||
|
|
|
||
|
|
[source,shell]
|
||
|
|
-----------------------------------------------------------
|
||
|
|
bin/shield/esusers useradd webshop -r webshop,monitoring
|
||
|
|
-----------------------------------------------------------
|
||
|
|
|
||
|
|
[source,shell]
|
||
|
|
-----------------------------------------------------------
|
||
|
|
bin/shield/esusers useradd bulk -r bulk
|
||
|
|
-----------------------------------------------------------
|
||
|
|
|
||
|
|
[source,shell]
|
||
|
|
-----------------------------------------------------------
|
||
|
|
bin/shield/esusers useradd updater -r updater
|
||
|
|
-----------------------------------------------------------
|
||
|
|
|
||
|
|
[source,shell]
|
||
|
|
--------------------------------------------------------------------
|
||
|
|
bin/shield/esusers useradd best_sales_guy_of_the_world -r sales_rep
|
||
|
|
--------------------------------------------------------------------
|
||
|
|
|
||
|
|
[source,shell]
|
||
|
|
----------------------------------------------------------------------------
|
||
|
|
bin/shield/esusers useradd second_best_sales_guy_of_the_world -r sales_rep
|
||
|
|
----------------------------------------------------------------------------
|
||
|
|
|
||
|
|
[float]
|
||
|
|
=== Modifying Your Application
|
||
|
|
|
||
|
|
With the users and roles defined, you now need to modify your application. Each part of the application must
|
||
|
|
authenticate to Elasticsearch using the username and password you gave it in the previous steps.
|