Readonlyrest和Kibana权限配置 [英] Readonlyrest and Kibana Permission Configuration

问题描述

我正在尝试用Kibana设置一个基本的readonlyrest示例。我的配置如下：

  readonlyrest：
 enable：true 
 response_if_req_forbidden：被ReadonlyREST ES插件禁止
 
 access_control_rules：
 
  - 名称：接受group1中用户在index1上的请求
 type：allow 
 hosts：[localhost，127.0.0.1， 10.0.0.0/24] 
 groups：[team1] 
 actions：[indices：data / read，indices：data / read / mge / *，indexes：data / read / mget，indices：data / read / *，indices：data / write / *，indexes：admin / template / *，indexes：admin / create，cluster：monitor / * 
索引：[< no-index>，.kibana *，logstash *，默认，sha *，ba *] 
 
用户：
 
  - 用户名：alice 
 auth_key：alice：p455phrase 
 groups：[team1] 
  

不幸的是，这不行。我在弹性搜索日志中继续使用Authorization异常，并显示以下错误消息：

  no block has matched，索引：data / read / mget，
 OA：127.0.0.1，索引：[。kibana]，M：POST，P：/ _ mget，C：{docs：[{_ index ，
_type：config，_ id：4.6.1}]}，标题：[]} 
  

我的配置中缺少什么？

在kibana.yml中，配置为：

$

$ b $ / code $ >

解决方案

如果用例是一个基本的kibana认证，你应该遵循中的示例中使用elasticsearch-readonlyrest-plugin＃use-case-2-multiuser-kibana-authenticated-logstash-various-permission-levelsrel =nofollow

一旦你得到这个工作，你可以修改这个例子来支持安全组。

I'm trying to setup a basic readonlyrest example with Kibana. My config is as follows:

readonlyrest:
enable: true
response_if_req_forbidden: Forbidden by ReadonlyREST ES plugin

access_control_rules:

- name: Accept requests from users in group team1 on index1
  type: allow
  hosts: [localhost,127.0.0.1,10.0.0.0/24]
  groups: ["team1"]
  actions: ["indices:data/read","indices:data/read/mge/*","indices:data/read/mget","indices:data/read/*","indices:data/write/*","indices:admin/template/*","indices:admin/create", "cluster:monitor/*"]
  indices: ["<no-index>", ".kibana*", "logstash*", "default" ,"sha*" ,"ba*"]

users:

- username: alice
  auth_key: alice:p455phrase
  groups: ["team1"]

Unfortunately this does not work. I keep getting Authorization exception with the following error message in elasticsearch logs:

no block has matched, forbidding by default: { action: indices:data/read/mget, 
OA:127.0.0.1, indices:[.kibana], M:POST, P:/_mget, C:{"docs":[{"_index":".kibana",
"_type":"config","_id":"4.6.1"}]}, Headers:[]}

What is missing in my config?

In kibana.yml the configuration is:

elasticsearch.username: "alice"
elasticsearch.password: "p455phrase"

解决方案

If you use case is a basic kibana authentication, you should follow the example in the readme.

Once you get that working, you could modify the example to support permssion groups.

这篇关于Readonlyrest和Kibana权限配置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！