Roles and permissions for custom REST endpoints?

Hi,

is it possible to configure SG to control access to custom REST endpoints? I was not able to find any examples or documentation for this.

For example, there is ES Prometheus exporter plugin that introduces new REST API [1] to the node. Can I use SearchGuard to control access to such endpoint?

Can I assume that the sg_roles.yml will contain config like this?:

···

sg_role_prometheus:

cluster:

  • cluster:monitor/_prometheus/metrics

[1] https://github.com/vvanholl/elasticsearch-prometheus-exporter#usage

Regards,

Lukáš

It depends on the other plugin.

What is the current behavior you see when installing the prometheus explorer alongside with Search Guard? Do you can access the endpoint without authentication and a result?

···

On Thursday, 14 September 2017 17:11:33 UTC+2, Lukáš Vlček wrote:

Hi,

is it possible to configure SG to control access to custom REST endpoints? I was not able to find any examples or documentation for this.

For example, there is ES Prometheus exporter plugin that introduces new REST API [1] to the node. Can I use SearchGuard to control access to such endpoint?

Can I assume that the sg_roles.yml will contain config like this?:


sg_role_prometheus:

cluster:

  • cluster:monitor/_prometheus/metrics

[1] https://github.com/vvanholl/elasticsearch-prometheus-exporter#usage

Regards,

Lukáš

When Searchguard is installed se well then I can use ‘kirk’ certs to access prometheus exporter REST API. Kirk is an admin. Anonymous access is not possible. So I think SG is in place and acting correctly. But I want to create a new user that can access (read-only) just that new API. How can I configure the new user role then?

Thanks,

Lukáš

Dne 14.9.2017 17:57 “Search Guard” info@search-guard.com napsal(a):

···

It depends on the other plugin.

What is the current behavior you see when installing the prometheus explorer alongside with Search Guard? Do you can access the endpoint without authentication and a result?

On Thursday, 14 September 2017 17:11:33 UTC+2, Lukáš Vlček wrote:

Hi,

is it possible to configure SG to control access to custom REST endpoints? I was not able to find any examples or documentation for this.

For example, there is ES Prometheus exporter plugin that introduces new REST API [1] to the node. Can I use SearchGuard to control access to such endpoint?

Can I assume that the sg_roles.yml will contain config like this?:


sg_role_prometheus:

cluster:

  • cluster:monitor/_prometheus/metrics

[1] https://github.com/vvanholl/elasticsearch-prometheus-exporter#usage

Regards,

Lukáš

You received this message because you are subscribed to a topic in the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/MlNVNkuFZzI/unsubscribe.

To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/cd92d2f5-3817-4831-869b-39e38b8dc8ae%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

FYI, started new thread here: https://groups.google.com/forum/#!topic/search-guard/6iGwoBQ_W0A

···

On Thu, Sep 14, 2017 at 6:14 PM, Lukáš Vlček lukas.vlcek@gmail.com wrote:

When Searchguard is installed se well then I can use ‘kirk’ certs to access prometheus exporter REST API. Kirk is an admin. Anonymous access is not possible. So I think SG is in place and acting correctly. But I want to create a new user that can access (read-only) just that new API. How can I configure the new user role then?

Thanks,

Lukáš

Dne 14.9.2017 17:57 “Search Guard” info@search-guard.com napsal(a):

It depends on the other plugin.

What is the current behavior you see when installing the prometheus explorer alongside with Search Guard? Do you can access the endpoint without authentication and a result?

On Thursday, 14 September 2017 17:11:33 UTC+2, Lukáš Vlček wrote:

Hi,

is it possible to configure SG to control access to custom REST endpoints? I was not able to find any examples or documentation for this.

For example, there is ES Prometheus exporter plugin that introduces new REST API [1] to the node. Can I use SearchGuard to control access to such endpoint?

Can I assume that the sg_roles.yml will contain config like this?:


sg_role_prometheus:

cluster:

  • cluster:monitor/_prometheus/metrics

[1] https://github.com/vvanholl/elasticsearch-prometheus-exporter#usage

Regards,

Lukáš

You received this message because you are subscribed to a topic in the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/MlNVNkuFZzI/unsubscribe.

To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/cd92d2f5-3817-4831-869b-39e38b8dc8ae%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.