{"id":10854,"date":"2024-04-04T20:53:00","date_gmt":"2024-04-05T01:53:00","guid":{"rendered":"https:\/\/www.rushworth.us\/lisa\/?p=10854"},"modified":"2024-04-03T21:27:31","modified_gmt":"2024-04-04T02:27:31","slug":"elasticsearch-to-opensearch-migration-map-users-to-roles","status":"publish","type":"post","link":"https:\/\/www.rushworth.us\/lisa\/?p=10854","title":{"rendered":"ElasticSearch to OpenSearch Migration: Map Users to Roles"},"content":{"rendered":"\n

After the roles are created, I need to map users into the roles — using the ElasticSearch API to list all roles and add each user to the corresponding OpenSearch role. <\/p>\n\n\n

\nimport requests\nfrom requests.auth import HTTPBasicAuth\n\ndef addUserToRole(strRole, strUID):\n        jsonAddUser = [\n        {               "op": "add",            "path": f"\/{strRole}",          "value": {"users": strUID} }]\n        print(f"{strRole}\\t{jsonAddUser}")\n        r2 = requests.patch(f"https:\/\/opensearch.example.com:9200\/_plugins\/_security\/api\/rolesmapping", json=jsonAddUser, auth = HTTPBasicAuth('something', 'something'), verify=False)\n        print(r2.text)\n        print(r2.status_code)\n\nlistIgnoredGroups = ['security_rest_api_access', 'logstash_role', 'elastalert_role', 'kibana_server', 'wsadmin_role', 'mgmt_role', 'logstash', 'manage_snapshots', 'readall', 'all_access', 'own_index', 'kibana_user', ]\n\n# Get all roles from prod & list users in those roles\n#GET _opendistro\/_security\/api\/rolesmapping\/\nr = requests.get(f"https:\/\/elasticsearch.example.com:9200\/_opendistro\/_security\/api\/rolesmapping\/", auth = HTTPBasicAuth('something', 'something'), verify=False)\n\ndictAllRoles = r.json()\n\n# For each role, list out each user and add that user to that role in OS\nfor item in dictAllRoles.items():\n        if item[0] not in listIgnoredGroups:\n                for strUID in item[1].get('users'):\n                        addUserToRole(item[0], item[1].get('users'))\n\n<\/pre><\/div>","protected":false},"excerpt":{"rendered":"
After the roles are created, I need to map users into the roles — using the ElasticSearch API to list all roles and add each user to the corresponding OpenSearch role.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1588],"tags":[1590,2001,1740],"class_list":["post-10854","post","type-post","status-publish","format-standard","hentry","category-elk","tag-elasticsearch","tag-elasticsearch-to-opensearch-migration","tag-opensearch"],"_links":{"self":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/10854","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=10854"}],"version-history":[{"count":1,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/10854\/revisions"}],"predecessor-version":[{"id":10855,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/10854\/revisions\/10855"}],"wp:attachment":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=10854"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=10854"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=10854"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}