Hi,
I want to use “snapshot and restore” system from elasticsearch with SG2 but this error happen :
Error : cluster:admin/snapshot/restore is not allowed for a regular user
Looking in the code i’v found : https://github.com/floragunncom/search-guard/blob/master/src/main/java/com/floragunn/searchguard/configuration/PrivilegesEvaluator.java#L132
How can I manage to use restore system with SG by rest http user ?
Regards,
Lucas
Currently it's not possible to restore a snapshot via HTTP/REST (only through java api).
But we are aware of this so that a client cert authenticated will be available to do this with the next SG release.
Am 22.06.2016 um 18:13 schrieb ll@ooworx.com:
Hi,
I want to use "snapshot and restore" system from elasticsearch with SG2 but this error happen :
Error : cluster:admin/snapshot/restore is not allowed for a regular user
Looking in the code i'v found : https://github.com/floragunncom/search-guard/blob/master/src/main/java/com/floragunn/searchguard/configuration/PrivilegesEvaluator.java#L132
How can I manage to use restore system with SG by rest http user ?
Regards,
Lucas--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/1499617b-6542-4c49-95fd-cb390b7479f8%40googlegroups.com\.
For more options, visit https://groups.google.com/d/optout\.
Is there a timeline for when this feature will become available? Currently it’s breaking us to the point where we won’t be able to use search-guard-2.
On Wednesday, June 22, 2016 at 12:13:27 PM UTC-4, l...@ooworx.com wrote:
Hi,
I want to use “snapshot and restore” system from elasticsearch with SG2 but this error happen :
Error : cluster:admin/snapshot/restore is not allowed for a regular user
Looking in the code i’v found : https://github.com/floragunncom/search-guard/blob/master/src/main/java/com/floragunn/searchguard/configuration/PrivilegesEvaluator.java#L132
How can I manage to use restore system with SG by rest http user ?
Regards,
Lucas
There is no fixed timeline yet, but it is one of the top features in our backlog, and we already have outlined an implementation strategy. But given all the other things we have on the plate at the moment, expect at least another 4-6 weeks. Since opening the REST layer for SG index manipulation can introduce potential security holes, we need to audit and test the code thoroughly before we release it.
On Wednesday, 17 August 2016 20:26:45 UTC+2, Sam Mingolelli wrote:
Is there a timeline for when this feature will become available? Currently it’s breaking us to the point where we won’t be able to use search-guard-2.
On Wednesday, June 22, 2016 at 12:13:27 PM UTC-4, l...@ooworx.com wrote:
Hi,
I want to use “snapshot and restore” system from elasticsearch with SG2 but this error happen :
Error : cluster:admin/snapshot/restore is not allowed for a regular user
Looking in the code i’v found : https://github.com/floragunncom/search-guard/blob/master/src/main/java/com/floragunn/searchguard/configuration/PrivilegesEvaluator.java#L132
How can I manage to use restore system with SG by rest http user ?
Regards,
Lucas
Should be possible now with the latest snapshot:
https://oss.sonatype.org/content/repositories/snapshots/com/floragunn/search-guard-2/2.3.5.6-SNAPSHOT/search-guard-2-2.3.5.6-20160819.103812-1.zip
Use it like:
cat example-pki-scripts/kirk.crt.pem example-pki-scripts/ca/chain-ca.pem > ch.pem
curl -Ss --insecure -XPOST 'https://localhost:9200/_snapshot/my_backup/snapshot_1/_restore' -E ch.pem --key example-pki-scripts/kirk.key.pem
Make sure:
* You have SSL activated for HTTP
* Kirk DN is listed as admin in elasticsearch.yml
Am 17.08.2016 um 21:39 schrieb info@search-guard.com:
There is no fixed timeline yet, but it is one of the top features in our backlog, and we already have outlined an implementation strategy. But given all the other things we have on the plate at the moment, expect at least another 4-6 weeks. Since opening the REST layer for SG index manipulation can introduce potential security holes, we need to audit and test the code thoroughly before we release it.
On Wednesday, 17 August 2016 20:26:45 UTC+2, Sam Mingolelli wrote:
Is there a timeline for when this feature will become available? Currently it's breaking us to the point where we won't be able to use search-guard-2.On Wednesday, June 22, 2016 at 12:13:27 PM UTC-4, l...@ooworx.com wrote:
Hi,I want to use "snapshot and restore" system from elasticsearch with SG2 but this error happen :
Error : cluster:admin/snapshot/restore is not allowed for a regular user
Looking in the code i'v found : https://github.com/floragunncom/search-guard/blob/master/src/main/java/com/floragunn/searchguard/configuration/PrivilegesEvaluator.java#L132
How can I manage to use restore system with SG by rest http user ?
Regards,
Lucas--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/dda69483-2f82-458e-9ed3-967541836f14%40googlegroups.com\.
For more options, visit https://groups.google.com/d/optout\.
Getting the following error after applying the snapshot. The user is defined in sg_internal_users.yml, and has the role sg_all_access. I added the user to the list of searchguard.authcz.admin_dn in elasticsearch.yml. Does it support a user defined like this?
[2016-08-22 13:02:13,785][DEBUG][rest.suppressed ] path: /_snapshot/my_backup/boa-test7s235q_1471885332038/_restore, params: {wait_for_completion=true, repository=my_backup, snapshot=boa-test7s235q_1471885332038}
ElasticsearchSecurityException[no permissions for cluster:admin/snapshot/restore]
at com.floragunn.searchguard.filter.SearchGuardFilter.apply(SearchGuardFilter.java:164)
at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:170)
at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:144)
On Friday, August 19, 2016 at 6:41:34 AM UTC-4, SG wrote:
Should be possible now with the latest snapshot:
https://oss.sonatype.org/content/repositories/snapshots/com/floragunn/search-guard-2/2.3.5.6-SNAPSHOT/search-guard-2-2.3.5.6-20160819.103812-1.zipUse it like:
cat example-pki-scripts/kirk.crt.pem example-pki-scripts/ca/chain-ca.pem > ch.pem
curl -Ss --insecure -XPOST ‘https://localhost:9200/_snapshot/my_backup/snapshot_1/_restore’ -E ch.pem --key example-pki-scripts/kirk.key.pem
Make sure:
You have SSL activated for HTTP
Kirk DN is listed as admin in elasticsearch.yml
Am 17.08.2016 um 21:39 schrieb in...@search-guard.com:
There is no fixed timeline yet, but it is one of the top features in our backlog, and we already have outlined an implementation strategy. But given all the other things we have on the plate at the moment, expect at least another 4-6 weeks. Since opening the REST layer for SG index manipulation can introduce potential security holes, we need to audit and test the code thoroughly before we release it.
On Wednesday, 17 August 2016 20:26:45 UTC+2, Sam Mingolelli wrote:
Is there a timeline for when this feature will become available? Currently it’s breaking us to the point where we won’t be able to use search-guard-2.
On Wednesday, June 22, 2016 at 12:13:27 PM UTC-4, l...@ooworx.com wrote:
Hi,
I want to use “snapshot and restore” system from elasticsearch with SG2 but this error happen :
Error : cluster:admin/snapshot/restore is not allowed for a regular user
Looking in the code i’v found : https://github.com/floragunncom/search-guard/blob/master/src/main/java/com/floragunn/searchguard/configuration/PrivilegesEvaluator.java#L132
How can I manage to use restore system with SG by rest http user ?
Regards,
Lucas
–
You received this message because you are subscribed to the Google Groups “Search Guard” group.To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/dda69483-2f82-458e-9ed3-967541836f14%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
are you sure you supplied a client certificate?
How do you call the restore command? Make sure its like:
cat example-pki-scripts/kirk.crt.pem example-pki-scripts/ca/chain-ca.pem > ch.pem
curl -Ss --insecure -XPOST ‘https://localhost:9200/_snapshot/my_backup/snapshot_1/_restore’ -E ch.pem --key example-pki-scripts/kirk.key.pem
Otherwise it wont work! You do not need to configure a user in the config or roles except in “searchguard.authcz.admin_dn”. Its the same procedure as with sgadmin.
On Monday, 22 August 2016 19:33:05 UTC+2, myin2000 wrote:
Getting the following error after applying the snapshot. The user is defined in sg_internal_users.yml, and has the role sg_all_access. I added the user to the list of searchguard.authcz.admin_dn in elasticsearch.yml. Does it support a user defined like this?
[2016-08-22 13:02:13,785][DEBUG][rest.suppressed ] path: /_snapshot/my_backup/boa-test7s235q_1471885332038/_restore, params: {wait_for_completion=true, repository=my_backup, snapshot=boa-test7s235q_1471885332038}
ElasticsearchSecurityException[no permissions for cluster:admin/snapshot/restore]
at com.floragunn.searchguard.filter.SearchGuardFilter.apply(SearchGuardFilter.java:164)
at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:170)
at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:144)
On Friday, August 19, 2016 at 6:41:34 AM UTC-4, SG wrote:
Should be possible now with the latest snapshot:
https://oss.sonatype.org/content/repositories/snapshots/com/floragunn/search-guard-2/2.3.5.6-SNAPSHOT/search-guard-2-2.3.5.6-20160819.103812-1.zipUse it like:
cat example-pki-scripts/kirk.crt.pem example-pki-scripts/ca/chain-ca.pem > ch.pem
curl -Ss --insecure -XPOST ‘https://localhost:9200/_snapshot/my_backup/snapshot_1/_restore’ -E ch.pem --key example-pki-scripts/kirk.key.pem
Make sure:
You have SSL activated for HTTP
Kirk DN is listed as admin in elasticsearch.yml
Am 17.08.2016 um 21:39 schrieb in...@search-guard.com:
There is no fixed timeline yet, but it is one of the top features in our backlog, and we already have outlined an implementation strategy. But given all the other things we have on the plate at the moment, expect at least another 4-6 weeks. Since opening the REST layer for SG index manipulation can introduce potential security holes, we need to audit and test the code thoroughly before we release it.
On Wednesday, 17 August 2016 20:26:45 UTC+2, Sam Mingolelli wrote:
Is there a timeline for when this feature will become available? Currently it’s breaking us to the point where we won’t be able to use search-guard-2.
On Wednesday, June 22, 2016 at 12:13:27 PM UTC-4, l...@ooworx.com wrote:
Hi,
I want to use “snapshot and restore” system from elasticsearch with SG2 but this error happen :
Error : cluster:admin/snapshot/restore is not allowed for a regular user
Looking in the code i’v found : https://github.com/floragunncom/search-guard/blob/master/src/main/java/com/floragunn/searchguard/configuration/PrivilegesEvaluator.java#L132
How can I manage to use restore system with SG by rest http user ?
Regards,
Lucas
–
You received this message because you are subscribed to the Google Groups “Search Guard” group.To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/dda69483-2f82-458e-9ed3-967541836f14%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Does searchguard 5.0.2 support have this patch?
On Friday, August 19, 2016 at 10:41:34 PM UTC+12, Search Guard wrote:
Should be possible now with the latest snapshot:
https://oss.sonatype.org/content/repositories/snapshots/com/floragunn/search-guard-2/2.3.5.6-SNAPSHOT/search-guard-2-2.3.5.6-20160819.103812-1.zipUse it like:
cat example-pki-scripts/kirk.crt.pem example-pki-scripts/ca/chain-ca.pem > ch.pem
curl -Ss --insecure -XPOST ‘https://localhost:9200/_snapshot/my_backup/snapshot_1/_restore’ -E ch.pem --key example-pki-scripts/kirk.key.pem
Make sure:
You have SSL activated for HTTP
Kirk DN is listed as admin in elasticsearch.yml
Am 17.08.2016 um 21:39 schrieb in...@search-guard.com:
There is no fixed timeline yet, but it is one of the top features in our backlog, and we already have outlined an implementation strategy. But given all the other things we have on the plate at the moment, expect at least another 4-6 weeks. Since opening the REST layer for SG index manipulation can introduce potential security holes, we need to audit and test the code thoroughly before we release it.
On Wednesday, 17 August 2016 20:26:45 UTC+2, Sam Mingolelli wrote:
Is there a timeline for when this feature will become available? Currently it’s breaking us to the point where we won’t be able to use search-guard-2.
On Wednesday, June 22, 2016 at 12:13:27 PM UTC-4, l...@ooworx.com wrote:
Hi,
I want to use “snapshot and restore” system from elasticsearch with SG2 but this error happen :
Error : cluster:admin/snapshot/restore is not allowed for a regular user
Looking in the code i’v found : https://github.com/floragunncom/search-guard/blob/master/src/main/java/com/floragunn/searchguard/configuration/PrivilegesEvaluator.java#L132
How can I manage to use restore system with SG by rest http user ?
Regards,
Lucas
–
You received this message because you are subscribed to the Google Groups “Search Guard” group.To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/dda69483-2f82-458e-9ed3-967541836f14%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
yes
On Monday, 9 January 2017 03:54:50 UTC+1, Enzo Wang wrote:
Does searchguard 5.0.2 support have this patch?
On Friday, August 19, 2016 at 10:41:34 PM UTC+12, Search Guard wrote:
Should be possible now with the latest snapshot:
https://oss.sonatype.org/content/repositories/snapshots/com/floragunn/search-guard-2/2.3.5.6-SNAPSHOT/search-guard-2-2.3.5.6-20160819.103812-1.zipUse it like:
cat example-pki-scripts/kirk.crt.pem example-pki-scripts/ca/chain-ca.pem > ch.pem
curl -Ss --insecure -XPOST ‘https://localhost:9200/_snapshot/my_backup/snapshot_1/_restore’ -E ch.pem --key example-pki-scripts/kirk.key.pem
Make sure:
You have SSL activated for HTTP
Kirk DN is listed as admin in elasticsearch.yml
Am 17.08.2016 um 21:39 schrieb in...@search-guard.com:
There is no fixed timeline yet, but it is one of the top features in our backlog, and we already have outlined an implementation strategy. But given all the other things we have on the plate at the moment, expect at least another 4-6 weeks. Since opening the REST layer for SG index manipulation can introduce potential security holes, we need to audit and test the code thoroughly before we release it.
On Wednesday, 17 August 2016 20:26:45 UTC+2, Sam Mingolelli wrote:
Is there a timeline for when this feature will become available? Currently it’s breaking us to the point where we won’t be able to use search-guard-2.
On Wednesday, June 22, 2016 at 12:13:27 PM UTC-4, l...@ooworx.com wrote:
Hi,
I want to use “snapshot and restore” system from elasticsearch with SG2 but this error happen :
Error : cluster:admin/snapshot/restore is not allowed for a regular user
Looking in the code i’v found : https://github.com/floragunncom/search-guard/blob/master/src/main/java/com/floragunn/searchguard/configuration/PrivilegesEvaluator.java#L132
How can I manage to use restore system with SG by rest http user ?
Regards,
Lucas
–
You received this message because you are subscribed to the Google Groups “Search Guard” group.To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/dda69483-2f82-458e-9ed3-967541836f14%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.