I started testing search-guard plugin and could someone point me how to control access with admin. I want to see shards (or list of indices) info using admin id and password. but it is not letting me do this. what config I need to set to pass this test? can you point me any online reference documents or blogs about this? thank you
curl -u admin:secret -XGET http://localhost:9200/_cat/shards
{“error”:"RuntimeException[java.lang.NullPointerException]; nested: NullPointerException; ",“status”:500}[
log:
[2015-07-29 18:26:28,213][WARN ][com.floragunn.searchguard.filter.SearchGuardActionFilter] Cannot determine types for indices:monitor/stats (class org.elasticsearch.action.admin.indices.stats.IndicesStatsRequest) due to types method not found
[2015-07-29 18:26:28,213][ERROR][com.floragunn.searchguard.filter.SearchGuardActionFilter] Error while apply() due to java.lang.NullPointerException for action indices:monitor/stats
java.lang.NullPointerException
configuration:
discovery.zen.minimum_master_nodes: 1
discovery.zen.ping.multicast.enabled: false
#searchguard.enabled: false
searchguard.key_path: /usr/share/temp
searchguard.check_for_root: false
searchguard.allow_all_from_loopback: false
#searchguard.authentication.authentication_backend.impl: com.floragunn.searchguard.authentication.backend.simple.SettingsBasedAuthenticationBackend
#searchguard.authentication.authentication_backend.impl: com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend
#searchguard.authentication.authentication_backend.cache.enable: true
Settings based authentication (define users and password directly here in the settings. Note: this is per node)
searchguard.authentication.settingsdb.user.admin: secret
···
#####################################################
Settings based authorization (define users and their roles directly here in the settings. Note: this is per node)
searchguard.authentication.authorization.settingsdb.roles.admin: [“root”,“command”, “admin”]
#####################################################
#Below here you configure what authenticated and authorized users are allowed to do (or not)#
#This maps to the acl defined in the searchguard configuration index #
#############################################################################################
Configure the actionrequestfilter to allow or forbid action
searchguard.actionrequestfilter.names: [“readonly”,“kibanaaccess”]
searchguard.actionrequestfilter.readonly.allowed_actions: [“indices:monitor/stats”, “indices:data/read/mget[shard]”,“indices:data/read/count”,“indices:data/read/exists”,“indices:data/read/explain”,“indices:data/read/get”,“indices:data/read/mget”,“indices:data/read/mlt”,“indices:data/read/mpercolate”,“indices:data/read/msearch”,“indices:data/read/mtv”,“indices:data/read/percolate”,“indices:data/read/script/get”,“indices:data/read/scroll”,“indices:data/read/scroll/clear”,“indices:data/read/search”,“indices:data/read/suggest”,“indices:data/read/tv”,“monitor”, “indices:admin*”, “cluster:admin*”,“indices:data/write*”]
searchguard.actionrequestfilter.readonly.forbidden_actions: