[WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request

Hello,

I have just installed Search Guard, version 5.6.9-19.1, in elasticsearch 5.6.9 to make a PoC. I am using admin default roles and permissions to make requests. Files of sg_roles and sg_roles_mapping are below.

elasticsearch.yml

searchguard.ssl.transport.keystore_filepath: CN=dev-keystore.jks
searchguard.ssl.transport.keystore_password:
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password:
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.ssl.http.keystore_filepath: CN=dev-keystore.jks
searchguard.ssl.http.keystore_password:
searchguard.ssl.http.truststore_filepath: truststore.jks
searchguard.ssl.http.truststore_password:

searchguard.authcz.admin_dn:

  • CN=sgadmin

sg_roles.yml

sg_all_access:
cluster:
- UNLIMITED
indices:
':
'
’:
- UNLIMITED
tenants:
adm_tenant: RW
test_tenant_ro: RO

sg_roles_mapping

sg_all_access:
users:
- sgadmin

  • admin

I’m getting 2 types of warning messages in elastic log:

[2018-07-27T17:37:34,596][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.MultiSearchTemplateRequest’for indices:data/read/msearch/template here
[2018-07-27T17:38:06,053][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.SearchTemplateRequest’for indices:data/read/search/template here

What does that mean? Is there any config missing? How can I avoid these messages?

Thanks,

Marta

Hi,

what kind of request did you make that triggered the warning messages?

···

On Tuesday, July 31, 2018 at 11:23:52 AM UTC+2, marta.devlp@gmail.com wrote:

Hello,

I have just installed Search Guard, version 5.6.9-19.1, in elasticsearch 5.6.9 to make a PoC. I am using admin default roles and permissions to make requests. Files of sg_roles and sg_roles_mapping are below.

elasticsearch.yml

searchguard.ssl.transport.keystore_filepath: CN=dev-keystore.jks
searchguard.ssl.transport.keystore_password:
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password:
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.ssl.http.keystore_filepath: CN=dev-keystore.jks
searchguard.ssl.http.keystore_password:
searchguard.ssl.http.truststore_filepath: truststore.jks
searchguard.ssl.http.truststore_password:

searchguard.authcz.admin_dn:

  • CN=sgadmin

sg_roles.yml

sg_all_access:
cluster:
- UNLIMITED
indices:
':
'
’:
- UNLIMITED
tenants:
adm_tenant: RW
test_tenant_ro: RO

sg_roles_mapping

sg_all_access:
users:
- sgadmin

  • admin

I’m getting 2 types of warning messages in elastic log:

[2018-07-27T17:37:34,596][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.MultiSearchTemplateRequest’for indices:data/read/msearch/template here
[2018-07-27T17:38:06,053][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.SearchTemplateRequest’for indices:data/read/search/template here

What does that mean? Is there any config missing? How can I avoid these messages?

Thanks,

Marta

Hello,

The requests that I made were in kibana console:

GET /_msearch/template
{“index”:“rt”, “_type” : “rt-type”}
{“id”: “getState”,“params”: {“Key”: “Issuer:9972”}}
{“index”:“history”, “_type” : “history-type”}
{“id”: “getDaily”,“params”: {“Key”: “Issuer:9971”,“from”: “2018-07-30T00:00:00”}}

The log message elasticsearch.yml:
[2018-07-31T12:11:00,125][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.MultiSearchTemplateRequest’for indices:data/read/msearch/template here

GET rt/rt-type/_search/template
{“id”: “searchKey”,“params”: {“Key”: “Issuer:9971”}}

The log message elasticsearch.yml:

[2018-07-31T12:16:05,303][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.SearchTemplateRequest’for indices:data/read/search/template here

getState, getDaily and searchKey are templates.

terça-feira, 31 de Julho de 2018 às 10:37:15 UTC+1, Jochen Kressin escreveu:

···

Hi,

what kind of request did you make that triggered the warning messages?

On Tuesday, July 31, 2018 at 11:23:52 AM UTC+2, marta...@gmail.com wrote:

Hello,

I have just installed Search Guard, version 5.6.9-19.1, in elasticsearch 5.6.9 to make a PoC. I am using admin default roles and permissions to make requests. Files of sg_roles and sg_roles_mapping are below.

elasticsearch.yml

searchguard.ssl.transport.keystore_filepath: CN=dev-keystore.jks
searchguard.ssl.transport.keystore_password:
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password:
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.ssl.http.keystore_filepath: CN=dev-keystore.jks
searchguard.ssl.http.keystore_password:
searchguard.ssl.http.truststore_filepath: truststore.jks
searchguard.ssl.http.truststore_password:

searchguard.authcz.admin_dn:

  • CN=sgadmin

sg_roles.yml

sg_all_access:
cluster:
- UNLIMITED
indices:
':
'
’:
- UNLIMITED
tenants:
adm_tenant: RW
test_tenant_ro: RO

sg_roles_mapping

sg_all_access:
users:
- sgadmin

  • admin

I’m getting 2 types of warning messages in elastic log:

[2018-07-27T17:37:34,596][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.MultiSearchTemplateRequest’for indices:data/read/msearch/template here
[2018-07-27T17:38:06,053][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.SearchTemplateRequest’for indices:data/read/search/template here

What does that mean? Is there any config missing? How can I avoid these messages?

Thanks,

Marta

Hi,

Does anyone have any idea?

Thank you.

terça-feira, 31 de Julho de 2018 às 12:12:13 UTC+1, marta...@gmail.com escreveu:

···

Hello,

The requests that I made were in kibana console:

GET /_msearch/template
{“index”:“rt”, “_type” : “rt-type”}
{“id”: “getState”,“params”: {“Key”: “Issuer:9972”}}
{“index”:“history”, “_type” : “history-type”}
{“id”: “getDaily”,“params”: {“Key”: “Issuer:9971”,“from”: “2018-07-30T00:00:00”}}

The log message elasticsearch.yml:
[2018-07-31T12:11:00,125][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.MultiSearchTemplateRequest’for indices:data/read/msearch/template here

GET rt/rt-type/_search/template
{“id”: “searchKey”,“params”: {“Key”: “Issuer:9971”}}

The log message elasticsearch.yml:

[2018-07-31T12:16:05,303][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.SearchTemplateRequest’for indices:data/read/search/template here

getState, getDaily and searchKey are templates.

terça-feira, 31 de Julho de 2018 às 10:37:15 UTC+1, Jochen Kressin escreveu:

Hi,

what kind of request did you make that triggered the warning messages?

On Tuesday, July 31, 2018 at 11:23:52 AM UTC+2, marta...@gmail.com wrote:

Hello,

I have just installed Search Guard, version 5.6.9-19.1, in elasticsearch 5.6.9 to make a PoC. I am using admin default roles and permissions to make requests. Files of sg_roles and sg_roles_mapping are below.

elasticsearch.yml

searchguard.ssl.transport.keystore_filepath: CN=dev-keystore.jks
searchguard.ssl.transport.keystore_password:
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password:
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.ssl.http.keystore_filepath: CN=dev-keystore.jks
searchguard.ssl.http.keystore_password:
searchguard.ssl.http.truststore_filepath: truststore.jks
searchguard.ssl.http.truststore_password:

searchguard.authcz.admin_dn:

  • CN=sgadmin

sg_roles.yml

sg_all_access:
cluster:
- UNLIMITED
indices:
':
'
’:
- UNLIMITED
tenants:
adm_tenant: RW
test_tenant_ro: RO

sg_roles_mapping

sg_all_access:
users:
- sgadmin

  • admin

I’m getting 2 types of warning messages in elastic log:

[2018-07-27T17:37:34,596][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.MultiSearchTemplateRequest’for indices:data/read/msearch/template here
[2018-07-27T17:38:06,053][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.SearchTemplateRequest’for indices:data/read/search/template here

What does that mean? Is there any config missing? How can I avoid these messages?

Thanks,

Marta

So just to make sure - do you only see the warning messages or do they have any effect?

···

On Thursday, August 2, 2018 at 11:21:24 AM UTC+2, marta.devlp@gmail.com wrote:

Hi,

Does anyone have any idea?

Thank you.

terça-feira, 31 de Julho de 2018 às 12:12:13 UTC+1, marta...@gmail.com escreveu:

Hello,

The requests that I made were in kibana console:

GET /_msearch/template
{“index”:“rt”, “_type” : “rt-type”}
{“id”: “getState”,“params”: {“Key”: “Issuer:9972”}}
{“index”:“history”, “_type” : “history-type”}
{“id”: “getDaily”,“params”: {“Key”: “Issuer:9971”,“from”: “2018-07-30T00:00:00”}}

The log message elasticsearch.yml:
[2018-07-31T12:11:00,125][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.MultiSearchTemplateRequest’for indices:data/read/msearch/template here

GET rt/rt-type/_search/template
{“id”: “searchKey”,“params”: {“Key”: “Issuer:9971”}}

The log message elasticsearch.yml:

[2018-07-31T12:16:05,303][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.SearchTemplateRequest’for indices:data/read/search/template here

getState, getDaily and searchKey are templates.

terça-feira, 31 de Julho de 2018 às 10:37:15 UTC+1, Jochen Kressin escreveu:

Hi,

what kind of request did you make that triggered the warning messages?

On Tuesday, July 31, 2018 at 11:23:52 AM UTC+2, marta...@gmail.com wrote:

Hello,

I have just installed Search Guard, version 5.6.9-19.1, in elasticsearch 5.6.9 to make a PoC. I am using admin default roles and permissions to make requests. Files of sg_roles and sg_roles_mapping are below.

elasticsearch.yml

searchguard.ssl.transport.keystore_filepath: CN=dev-keystore.jks
searchguard.ssl.transport.keystore_password:
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password:
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.ssl.http.keystore_filepath: CN=dev-keystore.jks
searchguard.ssl.http.keystore_password:
searchguard.ssl.http.truststore_filepath: truststore.jks
searchguard.ssl.http.truststore_password:

searchguard.authcz.admin_dn:

  • CN=sgadmin

sg_roles.yml

sg_all_access:
cluster:
- UNLIMITED
indices:
':
'
’:
- UNLIMITED
tenants:
adm_tenant: RW
test_tenant_ro: RO

sg_roles_mapping

sg_all_access:
users:
- sgadmin

  • admin

I’m getting 2 types of warning messages in elastic log:

[2018-07-27T17:37:34,596][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.MultiSearchTemplateRequest’for indices:data/read/msearch/template here
[2018-07-27T17:38:06,053][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.SearchTemplateRequest’for indices:data/read/search/template here

What does that mean? Is there any config missing? How can I avoid these messages?

Thanks,

Marta

Hello Jochen,

Apparently they haven’t any effect…

However I have that warning messages. Do you have any idea why?

Thank you.

sexta-feira, 3 de Agosto de 2018 às 13:28:44 UTC+1, Jochen Kressin escreveu:

···

So just to make sure - do you only see the warning messages or do they have any effect?

On Thursday, August 2, 2018 at 11:21:24 AM UTC+2, marta...@gmail.com wrote:

Hi,

Does anyone have any idea?

Thank you.

terça-feira, 31 de Julho de 2018 às 12:12:13 UTC+1, marta...@gmail.com escreveu:

Hello,

The requests that I made were in kibana console:

GET /_msearch/template
{“index”:“rt”, “_type” : “rt-type”}
{“id”: “getState”,“params”: {“Key”: “Issuer:9972”}}
{“index”:“history”, “_type” : “history-type”}
{“id”: “getDaily”,“params”: {“Key”: “Issuer:9971”,“from”: “2018-07-30T00:00:00”}}

The log message elasticsearch.yml:
[2018-07-31T12:11:00,125][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.MultiSearchTemplateRequest’for indices:data/read/msearch/template here

GET rt/rt-type/_search/template
{“id”: “searchKey”,“params”: {“Key”: “Issuer:9971”}}

The log message elasticsearch.yml:

[2018-07-31T12:16:05,303][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.SearchTemplateRequest’for indices:data/read/search/template here

getState, getDaily and searchKey are templates.

terça-feira, 31 de Julho de 2018 às 10:37:15 UTC+1, Jochen Kressin escreveu:

Hi,

what kind of request did you make that triggered the warning messages?

On Tuesday, July 31, 2018 at 11:23:52 AM UTC+2, marta...@gmail.com wrote:

Hello,

I have just installed Search Guard, version 5.6.9-19.1, in elasticsearch 5.6.9 to make a PoC. I am using admin default roles and permissions to make requests. Files of sg_roles and sg_roles_mapping are below.

elasticsearch.yml

searchguard.ssl.transport.keystore_filepath: CN=dev-keystore.jks
searchguard.ssl.transport.keystore_password:
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password:
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.ssl.http.keystore_filepath: CN=dev-keystore.jks
searchguard.ssl.http.keystore_password:
searchguard.ssl.http.truststore_filepath: truststore.jks
searchguard.ssl.http.truststore_password:

searchguard.authcz.admin_dn:

  • CN=sgadmin

sg_roles.yml

sg_all_access:
cluster:
- UNLIMITED
indices:
':
'
’:
- UNLIMITED
tenants:
adm_tenant: RW
test_tenant_ro: RO

sg_roles_mapping

sg_all_access:
users:
- sgadmin

  • admin

I’m getting 2 types of warning messages in elastic log:

[2018-07-27T17:37:34,596][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.MultiSearchTemplateRequest’for indices:data/read/msearch/template here
[2018-07-27T17:38:06,053][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.SearchTemplateRequest’for indices:data/read/search/template here

What does that mean? Is there any config missing? How can I avoid these messages?

Thanks,

Marta

I’ve passed it to the dev team and waiting for feedback. It might well be that the warn messages are superfluous and can be removed from the code.

If you do not want to see them at all, at the moment the only way would be to set the log level of the PrivilegesEvaluator to ERROR. This is of course just a workaround.

You can do that by adding the following to log4j2.properties:

logger.sg.name = com.floragunn.searchguard.configuration.PrivilegesEvaluator
logger.sg.level = error

``

···

On Friday, August 3, 2018 at 5:07:22 PM UTC+2, marta.devlp@gmail.com wrote:

Hello Jochen,

Apparently they haven’t any effect…

However I have that warning messages. Do you have any idea why?

Thank you.

sexta-feira, 3 de Agosto de 2018 às 13:28:44 UTC+1, Jochen Kressin escreveu:

So just to make sure - do you only see the warning messages or do they have any effect?

On Thursday, August 2, 2018 at 11:21:24 AM UTC+2, marta...@gmail.com wrote:

Hi,

Does anyone have any idea?

Thank you.

terça-feira, 31 de Julho de 2018 às 12:12:13 UTC+1, marta...@gmail.com escreveu:

Hello,

The requests that I made were in kibana console:

GET /_msearch/template
{“index”:“rt”, “_type” : “rt-type”}
{“id”: “getState”,“params”: {“Key”: “Issuer:9972”}}
{“index”:“history”, “_type” : “history-type”}
{“id”: “getDaily”,“params”: {“Key”: “Issuer:9971”,“from”: “2018-07-30T00:00:00”}}

The log message elasticsearch.yml:
[2018-07-31T12:11:00,125][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.MultiSearchTemplateRequest’for indices:data/read/msearch/template here

GET rt/rt-type/_search/template
{“id”: “searchKey”,“params”: {“Key”: “Issuer:9971”}}

The log message elasticsearch.yml:

[2018-07-31T12:16:05,303][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.SearchTemplateRequest’for indices:data/read/search/template here

getState, getDaily and searchKey are templates.

terça-feira, 31 de Julho de 2018 às 10:37:15 UTC+1, Jochen Kressin escreveu:

Hi,

what kind of request did you make that triggered the warning messages?

On Tuesday, July 31, 2018 at 11:23:52 AM UTC+2, marta...@gmail.com wrote:

Hello,

I have just installed Search Guard, version 5.6.9-19.1, in elasticsearch 5.6.9 to make a PoC. I am using admin default roles and permissions to make requests. Files of sg_roles and sg_roles_mapping are below.

elasticsearch.yml

searchguard.ssl.transport.keystore_filepath: CN=dev-keystore.jks
searchguard.ssl.transport.keystore_password:
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password:
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.ssl.http.keystore_filepath: CN=dev-keystore.jks
searchguard.ssl.http.keystore_password:
searchguard.ssl.http.truststore_filepath: truststore.jks
searchguard.ssl.http.truststore_password:

searchguard.authcz.admin_dn:

  • CN=sgadmin

sg_roles.yml

sg_all_access:
cluster:
- UNLIMITED
indices:
':
'
’:
- UNLIMITED
tenants:
adm_tenant: RW
test_tenant_ro: RO

sg_roles_mapping

sg_all_access:
users:
- sgadmin

  • admin

I’m getting 2 types of warning messages in elastic log:

[2018-07-27T17:37:34,596][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.MultiSearchTemplateRequest’for indices:data/read/msearch/template here
[2018-07-27T17:38:06,053][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.SearchTemplateRequest’for indices:data/read/search/template here

What does that mean? Is there any config missing? How can I avoid these messages?

Thanks,

Marta

Hello Jochen,

Thank you for your reply. Please let me know when you have news from the dev team.

Thanks.

sexta-feira, 3 de Agosto de 2018 às 16:39:15 UTC+1, Jochen Kressin escreveu:

···

I’ve passed it to the dev team and waiting for feedback. It might well be that the warn messages are superfluous and can be removed from the code.

If you do not want to see them at all, at the moment the only way would be to set the log level of the PrivilegesEvaluator to ERROR. This is of course just a workaround.

You can do that by adding the following to log4j2.properties:

logger.sg.name = com.floragunn.searchguard.configuration.PrivilegesEvaluator
logger.sg.level = error

``

On Friday, August 3, 2018 at 5:07:22 PM UTC+2, marta...@gmail.com wrote:

Hello Jochen,

Apparently they haven’t any effect…

However I have that warning messages. Do you have any idea why?

Thank you.

sexta-feira, 3 de Agosto de 2018 às 13:28:44 UTC+1, Jochen Kressin escreveu:

So just to make sure - do you only see the warning messages or do they have any effect?

On Thursday, August 2, 2018 at 11:21:24 AM UTC+2, marta...@gmail.com wrote:

Hi,

Does anyone have any idea?

Thank you.

terça-feira, 31 de Julho de 2018 às 12:12:13 UTC+1, marta...@gmail.com escreveu:

Hello,

The requests that I made were in kibana console:

GET /_msearch/template
{“index”:“rt”, “_type” : “rt-type”}
{“id”: “getState”,“params”: {“Key”: “Issuer:9972”}}
{“index”:“history”, “_type” : “history-type”}
{“id”: “getDaily”,“params”: {“Key”: “Issuer:9971”,“from”: “2018-07-30T00:00:00”}}

The log message elasticsearch.yml:
[2018-07-31T12:11:00,125][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.MultiSearchTemplateRequest’for indices:data/read/msearch/template here

GET rt/rt-type/_search/template
{“id”: “searchKey”,“params”: {“Key”: “Issuer:9971”}}

The log message elasticsearch.yml:

[2018-07-31T12:16:05,303][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.SearchTemplateRequest’for indices:data/read/search/template here

getState, getDaily and searchKey are templates.

terça-feira, 31 de Julho de 2018 às 10:37:15 UTC+1, Jochen Kressin escreveu:

Hi,

what kind of request did you make that triggered the warning messages?

On Tuesday, July 31, 2018 at 11:23:52 AM UTC+2, marta...@gmail.com wrote:

Hello,

I have just installed Search Guard, version 5.6.9-19.1, in elasticsearch 5.6.9 to make a PoC. I am using admin default roles and permissions to make requests. Files of sg_roles and sg_roles_mapping are below.

elasticsearch.yml

searchguard.ssl.transport.keystore_filepath: CN=dev-keystore.jks
searchguard.ssl.transport.keystore_password:
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password:
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.ssl.http.keystore_filepath: CN=dev-keystore.jks
searchguard.ssl.http.keystore_password:
searchguard.ssl.http.truststore_filepath: truststore.jks
searchguard.ssl.http.truststore_password:

searchguard.authcz.admin_dn:

  • CN=sgadmin

sg_roles.yml

sg_all_access:
cluster:
- UNLIMITED
indices:
':
'
’:
- UNLIMITED
tenants:
adm_tenant: RW
test_tenant_ro: RO

sg_roles_mapping

sg_all_access:
users:
- sgadmin

  • admin

I’m getting 2 types of warning messages in elastic log:

[2018-07-27T17:37:34,596][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.MultiSearchTemplateRequest’for indices:data/read/msearch/template here
[2018-07-27T17:38:06,053][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.SearchTemplateRequest’for indices:data/read/search/template here

What does that mean? Is there any config missing? How can I avoid these messages?

Thanks,

Marta

The warning messages are indeed superfluous and can be ignored. We’ll fix it in one of the next releases.

···

On Monday, August 6, 2018 at 11:56:46 AM UTC+2, marta.devlp@gmail.com wrote:

Hello Jochen,

Thank you for your reply. Please let me know when you have news from the dev team.

Thanks.

sexta-feira, 3 de Agosto de 2018 às 16:39:15 UTC+1, Jochen Kressin escreveu:

I’ve passed it to the dev team and waiting for feedback. It might well be that the warn messages are superfluous and can be removed from the code.

If you do not want to see them at all, at the moment the only way would be to set the log level of the PrivilegesEvaluator to ERROR. This is of course just a workaround.

You can do that by adding the following to log4j2.properties:

logger.sg.name = com.floragunn.searchguard.configuration.PrivilegesEvaluator
logger.sg.level = error

``

On Friday, August 3, 2018 at 5:07:22 PM UTC+2, marta...@gmail.com wrote:

Hello Jochen,

Apparently they haven’t any effect…

However I have that warning messages. Do you have any idea why?

Thank you.

sexta-feira, 3 de Agosto de 2018 às 13:28:44 UTC+1, Jochen Kressin escreveu:

So just to make sure - do you only see the warning messages or do they have any effect?

On Thursday, August 2, 2018 at 11:21:24 AM UTC+2, marta...@gmail.com wrote:

Hi,

Does anyone have any idea?

Thank you.

terça-feira, 31 de Julho de 2018 às 12:12:13 UTC+1, marta...@gmail.com escreveu:

Hello,

The requests that I made were in kibana console:

GET /_msearch/template
{“index”:“rt”, “_type” : “rt-type”}
{“id”: “getState”,“params”: {“Key”: “Issuer:9972”}}
{“index”:“history”, “_type” : “history-type”}
{“id”: “getDaily”,“params”: {“Key”: “Issuer:9971”,“from”: “2018-07-30T00:00:00”}}

The log message elasticsearch.yml:
[2018-07-31T12:11:00,125][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.MultiSearchTemplateRequest’for indices:data/read/msearch/template here

GET rt/rt-type/_search/template
{“id”: “searchKey”,“params”: {“Key”: “Issuer:9971”}}

The log message elasticsearch.yml:

[2018-07-31T12:16:05,303][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.SearchTemplateRequest’for indices:data/read/search/template here

getState, getDaily and searchKey are templates.

terça-feira, 31 de Julho de 2018 às 10:37:15 UTC+1, Jochen Kressin escreveu:

Hi,

what kind of request did you make that triggered the warning messages?

On Tuesday, July 31, 2018 at 11:23:52 AM UTC+2, marta...@gmail.com wrote:

Hello,

I have just installed Search Guard, version 5.6.9-19.1, in elasticsearch 5.6.9 to make a PoC. I am using admin default roles and permissions to make requests. Files of sg_roles and sg_roles_mapping are below.

elasticsearch.yml

searchguard.ssl.transport.keystore_filepath: CN=dev-keystore.jks
searchguard.ssl.transport.keystore_password:
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password:
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.ssl.http.keystore_filepath: CN=dev-keystore.jks
searchguard.ssl.http.keystore_password:
searchguard.ssl.http.truststore_filepath: truststore.jks
searchguard.ssl.http.truststore_password:

searchguard.authcz.admin_dn:

  • CN=sgadmin

sg_roles.yml

sg_all_access:
cluster:
- UNLIMITED
indices:
':
'
’:
- UNLIMITED
tenants:
adm_tenant: RW
test_tenant_ro: RO

sg_roles_mapping

sg_all_access:
users:
- sgadmin

  • admin

I’m getting 2 types of warning messages in elastic log:

[2018-07-27T17:37:34,596][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.MultiSearchTemplateRequest’for indices:data/read/msearch/template here
[2018-07-27T17:38:06,053][WARN ][c.f.s.c.PrivilegesEvaluator] Can not handle composite request of type 'org.elasticsearch.script.mustache.SearchTemplateRequest’for indices:data/read/search/template here

What does that mean? Is there any config missing? How can I avoid these messages?

Thanks,

Marta