No permission in version 7.2

rickywu · July 15, 2019, 4:58am

I’m using v7.2, seems older version config file not the same as v7.2

sg_internal_uses.yml:

logstash:
  hash: "$2y$12$ZMZ4MM82Pjdi38R.UettceWdvZZMyB5sowlymi18ZJ.B75gfVXM.G"
  reserved: false
  backend_roles:
  - "logstash"
  description: "Demo logstash user"

sg_roles_mapping.yml:

SGS_LOGSTASH:
  reserved: false
  backend_roles:
  - "logstash"
...
PA_LOGSTASH_USER:
  reserved: true
  backend_roles:
  - "logstash"

sg_roles.yml:

PA_LOGSTASH_USER:
  description: "my search guard role"
  cluster_permissions:
    - "cluster:monitor/main"
    - "cluster:admin/xpack/monitoring/bulk"
    - CLUSTER_MONITOR
    - CLUSTER_COMPOSITE_OPS
    - CLUSTER_MANAGE_INDEX_TEMPLATES
    - CLUSTER_MANAGE_ILM
    - CLUSTER_MANAGE_PIPELINES
  index_permissions:
    - index_patterns:
      - "panos-*"
      allowed_actions:
        - SGS_READ
        - SGS_WRITE

My logstash got error:

retrying failed action with response code: 403 ({"type"=>"security_exception", "reason"=>"no permissions for [indices:data/write/index, indices:data/write/bulk[s]] and User [name=logstash, roles=[logstash], requestedTenant=null]"})

What did I missed here? Thanks

jkressin · July 15, 2019, 9:31pm

Hi,

can you please post the content of the Elasticsearch logs when this error happens. It should contain more information than the logstash output.

rickywu · July 16, 2019, 1:20am

@jkressin Hi, here is elasticsearch log:

{"type": "server", "timestamp": "2019-07-16T01:20:01,290+0000", "level": "INFO", "component": "c.f.s.p.PrivilegesEvaluator", "cluster.name": "docker-cluster", "node.name": "es01", "cluster.uuid": "xh55E4cWQh2-i3kLoYVOtw", "node.id": "wq-gu1R1SACeIv6V6agciw", "message": "No index-level perm match for User [name=logstash, roles=[logstash], requestedTenant=null] Resolved [aliases=[], indices=[panos-traffic], allIndices=[panos-traffic], types=[*], originalRequested=[panos-traffic], remoteIndices=[]] [Action [indices:data/write/bulk[s]]] [RolesChecked [SGS_LOGSTASH, SGS_OWN_INDEX]]" }

Seems my customized role not checked?

cstaley · July 16, 2019, 5:28pm

Did you push your config (after editing) via sgadmin into the cluster?

rickywu · July 17, 2019, 12:59am

Thanks, use sgadmin push config solved this problem.

system · August 7, 2019, 12:59am

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
No permissions for for indices:data/write/index and indices:data/write/bulk[s] and User [name=logsta Search Guard	4	3648	April 12, 2018
no permissions for [cluster:monitor/main] Search Guard	23	12668	July 3, 2019
Search guard configuration question Search Guard	1	515	March 12, 2019
Permission configuration for Logstash Search Guard	1	373	September 20, 2016
Logstash won't write to elasticsearch with 403 Search Guard	5	5991	December 5, 2018

No permission in version 7.2

Related Topics