Can not delete index

Search Guard
1

I’m using Elasticsearch with Search Guard SSL and Search Guard, and all is working.

I’m trying to delete an index by doing the following.

curl -XDELETE “https://localhost:9200/logstast-customer-*” --cacert /etc/elasticsearch/chain-ca.pem -u admin:admin_pw

``

But I get

{“error”:{“root_cause”:[{“type”:“security_exception”,“reason”:“no permissions for indices:admin/delete”}],“type”:“security_exception”,“reason”:“no permissions for indices:admin/delete”},“status”:403}[root@localhost/etc/elasticsearch/chain-ca.pem -u admin:admin_pw

``

Even though I have in sg_roles.yml. Note I’m assuming that logstash-* also covers logstash-customer-* correct?

sg_admins:
cluster:
- indices:admin/template/get
- indices:admin/template/put
- indices:admin/delete*
indices:
‘logstash-':
'’:
- CRUD
- CREATE_INDEX
- DELETE_INDEX

``

and sg_roles_mapping.yml

sg_admins:
users:
- admin

``

and sg_action_groups.yml

DELETE_INDEX:

  • “indices:admin/delete”

``

What am I missing?

2

BTW this is ES v2.4.1 and corresponding latest versions of SG-SSL and SG.

···

On Tuesday, November 29, 2016 at 12:14:31 PM UTC-5, ZillaYT wrote:

I’m using Elasticsearch with Search Guard SSL and Search Guard, and all is working.

I’m trying to delete an index by doing the following.

curl -XDELETE “https://localhost:9200/logstast-customer-*” --cacert /etc/elasticsearch/chain-ca.pem -u admin:admin_pw

``

But I get

{“error”:{“root_cause”:[{“type”:“security_exception”,“reason”:“no permissions for indices:admin/delete”}],“type”:“security_exception”,“reason”:“no permissions for indices:admin/delete”},“status”:403}[root@localhost/etc/elasticsearch/chain-ca.pem -u admin:admin_pw

``

Even though I have in sg_roles.yml. Note I’m assuming that logstash-* also covers logstash-customer-* correct?

sg_admins:
cluster:
- indices:admin/template/get
- indices:admin/template/put
- indices:admin/delete*
indices:
‘logstash-':
'’:
- CRUD
- CREATE_INDEX
- DELETE_INDEX

``

and sg_roles_mapping.yml

sg_admins:
users:
- admin

``

and sg_action_groups.yml

DELETE_INDEX:

  • “indices:admin/delete”

``

What am I missing?

3

looks like a misspelling of the index pattern

curl -XDELETE "https://localhost:9200/logstast-customer-*" does not match 'logstash-*'

···

Am 29.11.2016 um 18:14 schrieb ZillaYT <zilla62@gmail.com>:

I'm using Elasticsearch with Search Guard SSL and Search Guard, and all is working.

I'm trying to delete an index by doing the following.

curl -XDELETE "https://localhost:9200/logstast-customer-*&quot; --cacert /etc/elasticsearch/chain-ca.pem -u admin:admin_pw

But I get

{"error":{"root_cause":[{"type":"security_exception","reason":"no permissions for indices:admin/delete"}],"type":"security_exception","reason":"no permissions for indices:admin/delete"},"status":403}[root@localhost/etc/elasticsearch/chain-ca.pem -u admin:admin_pw

Even though I have in sg_roles.yml. Note I'm assuming that logstash-* also covers logstash-customer-* correct?

sg_admins:
  cluster:
    - indices:admin/template/get
    - indices:admin/template/put
    - indices:admin/delete*
  indices:
    'logstash-*':
      '*':
        - CRUD
        - CREATE_INDEX
        - DELETE_INDEX

and sg_roles_mapping.yml

sg_admins:
   users:
      - admin

and sg_action_groups.yml

DELETE_INDEX:
  - "indices:admin/delete"

What am I missing?

--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/cefbc6b6-ada3-40a2-b9d6-328dc681c89d%40googlegroups.com\.
For more options, visit https://groups.google.com/d/optout\.

4

Thanks! That was indeed the problem.