Security plugin support (#399)

* feat(plugins): add security client plugin

Signed-off-by: florian <florian@harfanglab.fr>

* test(plugins): skip security plugin tests when disabled

Signed-off-by: florian <florian@harfanglab.fr>

* fix(security): remove non-ASCII character

Signed-off-by: florian <florian@harfanglab.fr>

* chore(CHANGELOG): added entry for security api support in changelog

Signed-off-by: florian <florian@harfanglab.fr>

* test(plugins): add asynchronous tests version

Signed-off-by: florian <florian@harfanglab.fr>

* test: remove some warnings

Signed-off-by: florian <florian@harfanglab.fr>

* chore(USER_GUIDE): add a security plugin part

Signed-off-by: florian <florian@harfanglab.fr>

* test(security): Split out security plugin tests in its own file

Signed-off-by: florian <florian@harfanglab.fr>

* chore: apply reviews

Signed-off-by: florian <florian@harfanglab.fr>

---------

Signed-off-by: florian <florian@harfanglab.fr>
This commit is contained in:
florianvazelle
2023-06-27 17:01:40 +02:00
committed by GitHub
parent db972e615b
commit c60c259d96
26 changed files with 2254 additions and 46 deletions
+65
View File
@@ -21,6 +21,11 @@
- [**Creating a destination**](#creating-a-destination)
- [**Getting alerts**](#getting-alerts)
- [**Acknowledge alerts**](#acknowledge-alerts)
- [Security plugin](#security-plugin)
- [Creating a role](#creating-a-role)
- [Getting a role](#getting-a-role)
- [Creating a user](#creating-a-user)
- [Getting a user](#getting-a-user)
- [Using different authentication methods](#using-different-authentication-methods)
- [Using IAM credentials](#using-iam-credentials)
- [Pre-requisites to use `AWSV4SignerAuth`](#pre-requisites-to-use-awsv4signerauth)
@@ -420,6 +425,66 @@ query = {
response = client.plugins.alerting.acknowledge_alert(query)
print(response)
```
### Security plugin
#### Creating a role
[API definition](https://opensearch.org/docs/latest/security/access-control/api/#create-role)
```python
print('\Creating a role:')
role_name = "test-role"
role_content = {
"cluster_permissions": ["cluster_monitor"],
"index_permissions": [
{
"index_patterns": ["index", "test-*"],
"allowed_actions": [
"data_access",
"indices_monitor",
],
}
],
}
response = client.security.put_role(role_name, body=role_content)
print(response)
```
#### Getting a role
[API definition](https://opensearch.org/docs/latest/security/access-control/api/#get-role)
```python
print('\Getting a role:')
role_name = "test-role"
response = client.security.get_role(role_name)
print(response)
```
#### Creating a user
[API definition](https://opensearch.org/docs/latest/security/access-control/api/#create-user)
```python
print('\Creating a user:')
user_name = "test-user"
user_content = {"password": "test_password", "opendistro_security_roles": []}
response = client.security.put_role(user_name, body=user_content)
print(response)
```
#### Getting a user
[API definition](https://opensearch.org/docs/latest/security/access-control/api/#get-user)
```python
print('\Getting a user:')
user_name = "test-user"
response = client.security.get_user(user_name)
print(response)
```
## Using different authentication methods
It is possible to use different methods for the authentication to OpenSearch. The parameters of `connection_class` and `http_auth` can be used for this. The following examples show how to authenticate using IAM credentials and using Kerberos.