Defined Type: elasticsearch::role

Defined in:
manifests/role.pp

Overview

Manage x-pack roles.

Examples:

create and manage the role ‘power_user’ mapped to an LDAP group.

elasticsearch::role { 'power_user':
  privileges => {
    'cluster' => 'monitor',
    'indices' => {
      '*' => 'all',
    },
  },
  mappings => [
    "cn=users,dc=example,dc=com",
  ],
}

Parameters:

  • ensure (Enum['absent', 'present']) (defaults to: 'present')

    Whether the role should be present or not. Set to ‘absent’ to ensure a role is not present.

  • mappings (Array) (defaults to: [])

    A list of optional mappings defined for this role.

  • privileges (Hash) (defaults to: {})

    A hash of permissions defined for the role. Valid privilege settings can be found in the x-pack documentation.

Author:

  • Tyler Langlois <tyler.langlois@elastic.co>

  • Gavin Williams <gavin.williams@elastic.co>



30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
 
# File 'manifests/role.pp', line 30

define elasticsearch::role (
  Enum['absent', 'present'] $ensure     = 'present',
  Array                     $mappings   = [],
  Hash                      $privileges = {},
) {
  #validate_slength($name, 40, 1)
  if ($name.length < 1 or $name.length > 40) {
    fail("Invalid length role name '${name}' must be between 1 and 40")
  }

  if empty($privileges) or $ensure == 'absent' {
    $_role_ensure = 'absent'
  } else {
    $_role_ensure = $ensure
  }

  if empty($mappings) or $ensure == 'absent' {
    $_mapping_ensure = 'absent'
  } else {
    $_mapping_ensure = $ensure
  }

  elasticsearch_role { $name :
    ensure     => $_role_ensure,
    privileges => $privileges,
  }

  elasticsearch_role_mapping { $name :
    ensure   => $_mapping_ensure,
    mappings => $mappings,
  }
}