sg_roles - admin/exists when restricting index

I use the PHP api to query elasticsearch. This works fine with Searchguard except when trying to restrict the query to a single index.
The role is configured as follows:

sg_demouser:

cluster:

  • cluster:monitor/nodes/info
  • cluster:monitor/health
  • indices:admin/template/get
  • indices:admin/exists

indices:

‘shakespeare’:

‘*’:

  • READ
  • indices:admin/exists
  • indices:admin/mappings/fields/get*
  • indices:admin/validate/query*
  • indices:admin/get*
  • indices:data/write/bulk*

The privilege evaluator returns ‘No perm match for indices:admin/exists and [sg_demouser, sg_public]’

If I allow all for indices then the query works fine

sg_demouser:

cluster:

  • cluster:monitor/nodes/info
  • cluster:monitor/health
  • indices:admin/template/get
  • indices:admin/exists

indices:

‘*’:

‘*’:

  • READ
  • indices:admin/exists
  • indices:admin/mappings/fields/get*
  • indices:admin/validate/query*
  • indices:admin/get*
  • indices:data/write/bulk*

Any ideas what I might be doing wrong here?

what does your query look like?

can you post the es logfile on DEBUG level?

···

Am 07.09.2016 um 07:51 schrieb Bernie Carolan <bernie.carolan@gmail.com>:

I use the PHP api to query elasticsearch. This works fine with Searchguard except when trying to restrict the query to a single index.
The role is configured as follows:

sg_demouser:
  cluster:
      - cluster:monitor/nodes/info
      - cluster:monitor/health
      - indices:admin/template/get
                 - indices:admin/exists
  indices:
    'shakespeare':
      '*':
        - READ
        - indices:admin/exists
        - indices:admin/mappings/fields/get*
        - indices:admin/validate/query*
        - indices:admin/get*
        - indices:data/write/bulk*

The privilege evaluator returns 'No perm match for indices:admin/exists and [sg_demouser, sg_public]'

If I allow all for indices then the query works fine

sg_demouser:
  cluster:
      - cluster:monitor/nodes/info
      - cluster:monitor/health
      - indices:admin/template/get
                 - indices:admin/exists
  indices:
    '*':
      '*':
        - READ
        - indices:admin/exists
        - indices:admin/mappings/fields/get*
        - indices:admin/validate/query*
        - indices:admin/get*
        - indices:data/write/bulk*

Any ideas what I might be doing wrong here?

--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/36dc1c3d-8bd6-40b9-a4bd-84f0da22cbd0%40googlegroups.com\.
For more options, visit https://groups.google.com/d/optout\.