本文介绍了Readonlyrest和Kibana权限配置的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试用Kibana设置一个基本的readonlyrest示例。我的配置如下:

  readonlyrest:
enable:true
response_if_req_forbidden:被ReadonlyREST ES插件禁止

access_control_rules:

- 名称:接受group1中用户在index1上的请求
type:allow
hosts:[localhost,127.0.0.1, 10.0.0.0/24]
groups:[team1]
actions:[indices:data / read,indices:data / read / mge / *,indexes:data / read / mget,indices:data / read / *,indices:data / write / *,indexes:admin / template / *,indexes:admin / create,cluster:monitor / *
索引:[< no-index>,.kibana *,logstash *,默认,sha *,ba *]

用户:

- 用户名:alice
auth_key:alice:p455phrase
groups:[team1]

不幸的是,这不行。我在弹性搜索日志中继续使用Authorization异常,并显示以下错误消息:

  no block has matched,索引:data / read / mget,
OA:127.0.0.1,索引:[。kibana],M:POST,P:/ _ mget,C:{docs:[{_ index ,
_type:config,_ id:4.6.1}]},标题:[]}

我的配置中缺少什么?



在kibana.yml中,配置为:


$

$ b $ / code $ >

解决方案

如果用例是一个基本的kibana认证,你应该遵循中的示例中使用elasticsearch-readonlyrest-plugin#use-case-2-multiuser-kibana-authenticated-logstash-various-permission-levelsrel =nofollow



一旦你得到这个工作,你可以修改这个例子来支持安全组。


I'm trying to setup a basic readonlyrest example with Kibana. My config is as follows:

readonlyrest:
enable: true
response_if_req_forbidden: Forbidden by ReadonlyREST ES plugin

access_control_rules:

- name: Accept requests from users in group team1 on index1
  type: allow
  hosts: [localhost,127.0.0.1,10.0.0.0/24]
  groups: ["team1"]
  actions: ["indices:data/read","indices:data/read/mge/*","indices:data/read/mget","indices:data/read/*","indices:data/write/*","indices:admin/template/*","indices:admin/create", "cluster:monitor/*"]
  indices: ["<no-index>", ".kibana*", "logstash*", "default" ,"sha*" ,"ba*"]

users:

- username: alice
  auth_key: alice:p455phrase
  groups: ["team1"]

Unfortunately this does not work. I keep getting Authorization exception with the following error message in elasticsearch logs:

no block has matched, forbidding by default: { action: indices:data/read/mget, 
OA:127.0.0.1, indices:[.kibana], M:POST, P:/_mget, C:{"docs":[{"_index":".kibana",
"_type":"config","_id":"4.6.1"}]}, Headers:[]}

What is missing in my config?

In kibana.yml the configuration is:

elasticsearch.username: "alice"
elasticsearch.password: "p455phrase"
解决方案

If you use case is a basic kibana authentication, you should follow the example in the readme.

Once you get that working, you could modify the example to support permssion groups.

这篇关于Readonlyrest和Kibana权限配置的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

10-29 15:15