diff --git a/defaults/main.yml b/defaults/main.yml index 2b4fe3a..479d818 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -42,6 +42,8 @@ es_debian_startup_timeout: 10 # JVM custom parameters es_jvm_custom_parameters: '' +es_security_api: "_{{ 'xpack/security' if es_version is version_compare('7.0.0', '<=') else 'security' }}" + # SSL/TLS parameters es_enable_http_ssl: false es_enable_transport_ssl: false diff --git a/tasks/xpack/security/elasticsearch-security-native.yml b/tasks/xpack/security/elasticsearch-security-native.yml index 6235952..e83cf80 100644 --- a/tasks/xpack/security/elasticsearch-security-native.yml +++ b/tasks/xpack/security/elasticsearch-security-native.yml @@ -21,7 +21,7 @@ #List current users - name: List Native Users uri: - url: http://{{es_api_host}}:{{es_api_port}}/_xpack/security/user + url: http://{{es_api_host}}:{{es_api_port}}/{{ es_security_api }}/user method: GET user: "{{es_api_basic_auth_username}}" password: "{{es_api_basic_auth_password}}" @@ -51,7 +51,7 @@ - name: Update API User Password uri: - url: http://{{es_api_host}}:{{es_api_port}}/_xpack/security/user/{{es_api_basic_auth_username}}/_password + url: http://{{es_api_host}}:{{es_api_port}}/{{ es_security_api }}/user/{{es_api_basic_auth_username}}/_password method: POST body_format: json body: "{ \"password\":\"{{native_users[es_api_basic_auth_username].password}}\" }" @@ -73,7 +73,7 @@ #Delete all non required users NOT inc. reserved - name: Delete Native Users uri: - url: http://{{es_api_host}}:{{es_api_port}}/_xpack/security/user/{{item}} + url: http://{{es_api_host}}:{{es_api_port}}/{{ es_security_api }}/user/{{item}} method: DELETE status_code: 200 user: "{{es_api_basic_auth_username}}" @@ -94,7 +94,7 @@ #Update password on all reserved users - name: Update Reserved User Passwords uri: - url: http://{{es_api_host}}:{{es_api_port}}/_xpack/security/user/{{item}}/_password + url: http://{{es_api_host}}:{{es_api_port}}/{{ es_security_api }}/user/{{item}}/_password method: POST body_format: json body: "{ \"password\":\"{{native_users[item].password}}\" }" @@ -113,7 +113,7 @@ #Overwrite all other users NOT inc. those reserved - name: Update Non-Reserved Native User Details uri: - url: http://{{es_api_host}}:{{es_api_port}}/_xpack/security/user/{{item}} + url: http://{{es_api_host}}:{{es_api_port}}/{{ es_security_api }}/user/{{item}} method: POST body_format: json body: "{{ native_users[item] | to_json }}" @@ -130,7 +130,7 @@ #List current roles not. inc those reserved - name: List Native Roles uri: - url: http://{{es_api_host}}:{{es_api_port}}/_xpack/security/role + url: http://{{es_api_host}}:{{es_api_port}}/{{ es_security_api }}/role method: GET body_format: json user: "{{es_api_basic_auth_username}}" @@ -165,7 +165,7 @@ #Delete all non required roles NOT inc. reserved - name: Delete Native Roles uri: - url: http://{{es_api_host}}:{{es_api_port}}/_xpack/security/role/{{item}} + url: http://{{es_api_host}}:{{es_api_port}}/{{ es_security_api }}/role/{{item}} method: DELETE status_code: 200 user: "{{es_api_basic_auth_username}}" @@ -181,7 +181,7 @@ #Update other roles - NOT inc. reserved roles - name: Update Native Roles uri: - url: http://{{es_api_host}}:{{es_api_port}}/_xpack/security/role/{{item}} + url: http://{{es_api_host}}:{{es_api_port}}/{{ es_security_api }}/role/{{item}} method: POST body_format: json body: "{{ es_roles.native[item] | to_json}}"