Skip to content

create-write

Estimated time to read: 2 minutes

Experimental-feature notice

This page discusses experimental features. Experimental features are still in progress, and you may encounter bugs or unexpected behavior when using them.

If you experience an issue or want to know more about this feature's status, reach out to us at Era Software.

This command creates a write-only index-level role and then generates an API key for it.

Warning

This command requires the security database permission.

usage: eractl rbac create-write [-h] [--url URL] [--key KEY] [-i INDEXES] [-o OUTPUT_FILE] [-r ROLE_NAME] [--no-key]

optional arguments:
  -h, --help            show this help message and exit
  --url URL             EraSearch URL, set via environment with ERACTL_URL (default: http://localhost:9200)
  --key KEY             EraSearch API key, set via environment with ERACTL_API_KEY (default: None)
  -i INDEXES, --indexes INDEXES
                        Comma-delimited list of indexes to restrict key access to, defaults to '*' (all indexes) (default: *)
  -o OUTPUT_FILE, --output OUTPUT_FILE
                        File path to store key output (default: None)
  -r ROLE_NAME, --role-name ROLE_NAME
                        Name to use for role (default: None)
  --no-key              Skip generating API key following role creation (default: False) 

To run:

eractl rbac create-write --url https://erasearch.example.com --key ******

Or to pass arguments from the environment:

export ERACTL_URL="https://erasearch.example.com"
export ERACTL_API_KEY="******"
eractl rbac create-write

When run, this command will:

  • Create a new role with an auto-generated name (override with -n) and write-only access to the specified indices
  • If --no-key is not specified, an API key for the previously-created role will be created
  • If -o option is specified, the key data will be persisted to the provided path. Otherwise the key data will be written to a file in the current working directory.

Examples

To create a write-only role called write-era-logs with access to the index pattern era_logs-{YYYY-MM-DD}, use:

eractl rbac create-write -r 'write-era-logs' -i 'era_logs-*'

If -n is not specified, a role name will be auto-generated.

To create a write-only with access to the index cloud-app-logs-{YYYY-MM-DD} and kubernetes-logs-{YYYY-MM-DD} indices, use:

eractl rbac create-write -i 'cloud-app-logs-*,kubernetes-logs-*'

Last update: October 6, 2022