Defined Type: elasticsearch::user

Defined in:
manifests/user.pp

Overview

Manages shield/x-pack users.

Examples:

creates and manage a user with membership in the ‘logstash’ and ‘kibana4’ roles.

elasticsearch::user { 'bob':
  password => 'foobar',
  roles    => ['logstash', 'kibana4'],
}

Parameters:

  • ensure (String) (defaults to: 'present')

    Whether the user should be present or not. Set to ‘absent` to ensure a user is not installed

  • password (String)

    Password for the given user. A plaintext password will be managed with the esusers utility and requires a refresh to update, while a hashed password from the esusers utility will be managed manually in the uses file.

  • roles (Array) (defaults to: [])

    A list of roles to which the user should belong.

Author:

  • Tyler Langlois <tyler.langlois@elastic.co>



24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
 
# File 'manifests/user.pp', line 24

define elasticsearch::user (
  $password,
  $ensure = 'present',
  $roles  = [],
) {
  validate_string($ensure, $password)
  validate_array($roles)
  if $elasticsearch::security_plugin == undef or ! ($elasticsearch::security_plugin in ['shield', 'x-pack']) {
    fail("\"${elasticsearch::security_plugin}\" is not a valid security_plugin parameter value")
  }


  if $password =~ /^\$2a\$/ {
    elasticsearch_user { $name:
      ensure          => $ensure,
      hashed_password => $password,
    }
  } else {
    $_provider = $elasticsearch::security_plugin ? {
      'shield' => 'esusers',
      'x-pack' => 'users',
    }
    elasticsearch_user { $name:
      ensure   => $ensure,
      password => $password,
      provider => $_provider,
    }
  }

  elasticsearch_user_roles { $name:
    ensure => $ensure,
    roles  => $roles,
  }
}