-
Search Guard and Elasticsearch version (Answer: by default - 6.4.1)
-
Installed and used enterprise modules, if any (Answer: by default of search-guard-helm)
1 Created with search-guard-helm.
2 Works well with admin user
3 Add a new user “pp” as below
<img src='//cdck-file-uploads-global.s3.dualstack.us-west-2.amazonaws.com/business5/uploads/search_guard/original/1X/676932eb8a42034f6bbe3742a7d436ab140fab8b.png' width='1033' height='465'>
<details class='elided'>
<summary title='Show trimmed content'>···</summary>
------------
### dev1c_pp*
sg_dev1c_pp:
readonly: true
cluster:
- CLUSTER_COMPOSITE_OPS_RO
indices:
'dev1c_pp*':
'*':
- READ
--------------
sg_dev1c_pp:
readonly: true
backendroles:
- dev1c_pp
---------
#password is: password123
pp:
hash: $2y$12$PJOcaB0KNnBnpx51GybEj.lnEqj9ey1HLRW.u5d3cF9fEJrlkhfZy
roles:
- kibanauser
- dev1c_pp
4 Run sgadmin_update.sh successfully
[root@inclined-ostrich-sg-helm-sgadmin-5b455c8d6b-vbqsn ~]# /root/sgadmin_update.sh
... ...
Will update 'sg/actiongroups' with /root/sgconfig/sg_action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Done with success
5 Log in kibana with new user pp successfully
6 However, the tab of kibana show empty.
7 Click other link (Discover/ Visualize/ Dashboard/ Timelion/ Dev Tools/ Management/), all is empty or not work.
![kibana.png]()
It seems that the sgadmin_update.sh script does not update all the config files:
[root@inclined-ostrich-sg-helm-sgadmin-5b455c8d6b-vbqsn ~]# /root/sgadmin_update.sh
… …
Will update ‘sg/actiongroups’ with /root/sgconfig/sg_action_groups.yml
SUCC: Configuration for ‘actiongroups’ created or updated
Done with success
``
Usually, you would see all 5 configs being updated. Or did you just trim the output of sgadmin?
Can you please check the output of the authinfo endpoint with your newly created pp user:
https://sgssl-0.example.com:9200/_searchguard/authinfo
``
Please post the output here. Pay attention to the sg_roles field in the JSON that this endpoint returns. Does it contain the sg_kibana_user role?
···
On Thursday, November 29, 2018 at 1:45:18 PM UTC+1, johnzhengaz@gmail.com wrote:
- Search Guard and Elasticsearch version (Answer: by default - 6.4.1)
- Installed and used enterprise modules, if any (Answer: by default of search-guard-helm)
1 Created with search-guard-helm.
2 Works well with admin user
3 Add a new user “pp” as below
dev1c_pp*
sg_dev1c_pp:
readonly: true
cluster:
indices:
‘dev1c_pp*’:
‘*’:
sg_dev1c_pp:
readonly: true
backendroles:
#password is: password123
pp:
hash: $2y$12$PJOcaB0KNnBnpx51GybEj.lnEqj9ey1HLRW.u5d3cF9fEJrlkhfZy
roles:
4 Run sgadmin_update.sh successfully
[root@inclined-ostrich-sg-helm-sgadmin-5b455c8d6b-vbqsn ~]# /root/sgadmin_update.sh
… …
Will update ‘sg/actiongroups’ with /root/sgconfig/sg_action_groups.yml
SUCC: Configuration for ‘actiongroups’ created or updated
Done with success
5 Log in kibana with new user pp successfully
6 However, the tab of kibana show empty.
7 Click other link (Discover/ Visualize/ Dashboard/ Timelion/ Dev Tools/ Management/), all is empty or not work.
I guess that the the kibanauser role is not mapped to the appropriate permissions because either the rolemapping is missing or the sg_kibana_user role is missing.
In our helmcharts they are not included! To make a long story short: I think is solely a permission misconfiguration and not k8s related.
Best way to find this out is to dump the current configuration with "sgadmin -r" and post the files.
···
Am 29.11.2018 um 16:22 schrieb Jochen Kressin <jkressin@floragunn.com>:
It seems that the sgadmin_update.sh script does not update all the config files:
[root@inclined-ostrich-sg-helm-sgadmin-5b455c8d6b-vbqsn ~]# /root/sgadmin_update.sh
... ...
Will update 'sg/actiongroups' with /root/sgconfig/sg_action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Done with success
Usually, you would see all 5 configs being updated. Or did you just trim the output of sgadmin?
Can you please check the output of the authinfo endpoint with your newly created pp user:
https://sgssl-0.example.com:9200/_searchguard/authinfo
Please post the output here. Pay attention to the sg_roles field in the JSON that this endpoint returns. Does it contain the sg_kibana_user role?
On Thursday, November 29, 2018 at 1:45:18 PM UTC+1, johnzhengaz@gmail.com wrote:
* Search Guard and Elasticsearch version (Answer: by default - 6.4.1)
* Installed and used enterprise modules, if any (Answer: by default of search-guard-helm)
1 Created with search-guard-helm.
2 Works well with admin user
3 Add a new user "pp" as below
------------
### dev1c_pp*
sg_dev1c_pp:
readonly: true
cluster:
- CLUSTER_COMPOSITE_OPS_RO
indices:
'dev1c_pp*':
'*':
- READ
--------------
sg_dev1c_pp:
readonly: true
backendroles:
- dev1c_pp
---------
#password is: password123
pp:
hash: $2y$12$PJOcaB0KNnBnpx51GybEj.lnEqj9ey1HLRW.u5d3cF9fEJrlkhfZy
roles:
- kibanauser
- dev1c_pp
4 Run sgadmin_update.sh successfully
[root@inclined-ostrich-sg-helm-sgadmin-5b455c8d6b-vbqsn ~]# /root/sgadmin_update.sh
... ...
Will update 'sg/actiongroups' with /root/sgconfig/sg_action_groups.yml
SUCC: Configuration for 'actiongroups' created or updated
Done with success
5 Log in kibana with new user pp successfully
6 However, the tab of kibana show empty.
7 Click other link (Discover/ Visualize/ Dashboard/ Timelion/ Dev Tools/ Management/), all is empty or not work.
--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/cf556cc8-9f13-49e8-ad99-8708d94edb0b%40googlegroups.com\.
For more options, visit https://groups.google.com/d/optout\.
