SGS_CLUSTER_MANAGE_INDEX_TEMPLATES has permission when the index pattern is configured as ’ * '. But the same doesn’t work for a particular index pattern ex: ‘log-test*’ ?
Any particular reason for this behaviour?
sg config for user:
sg_configmap:
internal_users_yml: |-
---
_sg_meta:
type: "internalusers"
config_version: 2
admin:
reserved: true
hidden: false
hash: "$xxxxxxxxxxxxxxxxx"
backend_roles:
- "admin"
sachin:
hash: "$xxxxxxxxxxx"
Sg config for roles:
sg_sachin_role:
cluster_permissions:
- SGS_CLUSTER_MANAGE_INDEX_TEMPLATES
- SGS_CLUSTER_ALL
index_permissions:
- index_patterns:
- 'log-test*'
allowed_actions:
- SGS_INDICES_ALL
- SGS_CRUD
SG config for role mapping
sg_sachin_role
reserved: true
users:
- "sachin"
Below error we get while running curl command.
"error" : {
"root_cause" : [
{
"type" : "security_exception",
"reason" : "no permissions for [indices:admin/index_template/put] and User [name=sachin, backend_roles=[], requestedTenant=null]"
}
],
"type" : "security_exception",
"reason" : "no permissions for [indices:admin/index_template/put] and User [name=sachin, backend_roles=[], requestedTenant=null]"
},
"status" : 403
Can you help me resolve the isuue.
Thanks
nils
February 17, 2021, 2:07pm
2
What version of Search Guard and what version of Elasticsearch are you using?
Hi @nils , Elasticsearch version is - 7.8.0
Searchguard version is - 7.8.0
nils
February 18, 2021, 9:35am
4
For Elasticsearch 7.8.0, Search Guard was released in the versions 42.0.0, 43.0.0 and 43.1.0. I’ll assume 43.1.0 for now.
What is the curl command you are trying to execute? What Elasticsearch API are you calling with curl?
The normal index API PUT /<target>/_doc/<_id>
?
The composable template API PUT /_index_template/<index-template>
?
The legacy template API PUT /_template/<index-template>
?
Another API?
Hi @nils
Searchguard version used is - 43.0.0 .
curl command used is -
curl -XPUT --insecure -uusername:paaword https://10.xx.xx.xx:9200/_index_template/template_1?pretty -H 'Content-Type: application/json' -d'{"index_patterns": "log-test*","template":{"settings":
{ "number_of_shards": 1 }
} } '
in SG config for role section , if we give index pattern as ’ log-test* ’ like below…it doesn’t work & curl command fails with error.
sg_sachin_role:
cluster_permissions:
- SGS_CLUSTER_MANAGE_INDEX_TEMPLATES
- SGS_CLUSTER_ALL
index_permissions:
- index_patterns:
- 'log-test*'
allowed_actions:
- SGS_INDICES_ALL
- SGS_CRUD
"error" : {
"root_cause" : [
{
"type" : "security_exception",
"reason" : "no permissions for [indices:admin/index_template/put] and User [name=sachin, backend_roles=[], requestedTenant=null]"
}
],
"type" : "security_exception",
"reason" : "no permissions for [indices:admin/index_template/put] and User [name=sachin, backend_roles=[], requestedTenant=null]"
},
"status" : 403
nils
February 18, 2021, 2:52pm
6
It seems that there are still issues with the new Index Template API introduced in ES 7.8:
We are looking into this. As a workaround, would it be possible for you to use instead the legacy index template API? Docs are here:
system
Closed
March 11, 2021, 2:52pm
7
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.