how to pass command cat/shards using admin authentication

Search Guard
1

I started testing search-guard plugin and could someone point me how to control access with admin. I want to see shards (or list of indices) info using admin id and password. but it is not letting me do this. what config I need to set to pass this test? can you point me any online reference documents or blogs about this? thank you

curl -u admin:secret -XGET http://localhost:9200/_cat/shards
{“error”:"RuntimeException[java.lang.NullPointerException]; nested: NullPointerException; ",“status”:500}[

log:

[2015-07-29 18:26:28,213][WARN ][com.floragunn.searchguard.filter.SearchGuardActionFilter] Cannot determine types for indices:monitor/stats (class org.elasticsearch.action.admin.indices.stats.IndicesStatsRequest) due to types method not found
[2015-07-29 18:26:28,213][ERROR][com.floragunn.searchguard.filter.SearchGuardActionFilter] Error while apply() due to java.lang.NullPointerException for action indices:monitor/stats
java.lang.NullPointerException

configuration:

discovery.zen.minimum_master_nodes: 1
discovery.zen.ping.multicast.enabled: false

#searchguard.enabled: false
searchguard.key_path: /usr/share/temp
searchguard.check_for_root: false
searchguard.allow_all_from_loopback: false

#searchguard.authentication.authentication_backend.impl: com.floragunn.searchguard.authentication.backend.simple.SettingsBasedAuthenticationBackend
#searchguard.authentication.authentication_backend.impl: com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend
#searchguard.authentication.authentication_backend.cache.enable: true

Settings based authentication (define users and password directly here in the settings. Note: this is per node)

searchguard.authentication.settingsdb.user.admin: secret

···

#####################################################

Settings based authorization (define users and their roles directly here in the settings. Note: this is per node)

searchguard.authentication.authorization.settingsdb.roles.admin: [“root”,“command”, “admin”]
#####################################################
#Below here you configure what authenticated and authorized users are allowed to do (or not)#
#This maps to the acl defined in the searchguard configuration index #
#############################################################################################

Configure the actionrequestfilter to allow or forbid action

searchguard.actionrequestfilter.names: [“readonly”,“kibanaaccess”]
searchguard.actionrequestfilter.readonly.allowed_actions: [“indices:monitor/stats”, “indices:data/read/mget[shard]”,“indices:data/read/count”,“indices:data/read/exists”,“indices:data/read/explain”,“indices:data/read/get”,“indices:data/read/mget”,“indices:data/read/mlt”,“indices:data/read/mpercolate”,“indices:data/read/msearch”,“indices:data/read/mtv”,“indices:data/read/percolate”,“indices:data/read/script/get”,“indices:data/read/scroll”,“indices:data/read/scroll/clear”,“indices:data/read/search”,“indices:data/read/suggest”,“indices:data/read/tv”,“monitor”, “indices:admin*”, “cluster:admin*”,“indices:data/write*”]
searchguard.actionrequestfilter.readonly.forbidden_actions:

2

Could you post your ACLs ?
It seems that you are using filters:

searchguard.actionrequestfilter.readonly.allowed_actions: ["indices:monitor/stats […] ]
So if your admin user does not have an ACL which grants him reading rights he will not be able to read any stats on the indices