Question

我试图用Kibana设置一个基本的readonlyrest示例。我的配置如下：

readonlyrest:
enable: true
response_if_req_forbidden: Forbidden by ReadonlyREST ES plugin

access_control_rules:

- name: Accept requests from users in group team1 on index1
  type: allow
  hosts: [localhost,127.0.0.1,10.0.0.0/24]
  groups: ["team1"]
  actions: ["indices:data/read","indices:data/read/mge/*","indices:data/read/mget","indices:data/read/*","indices:data/write/*","indices:admin/template/*","indices:admin/create", "cluster:monitor/*"]
  indices: ["<no-index>", ".kibana*", "logstash*", "default" ,"sha*" ,"ba*"]

users:

- username: alice
  auth_key: alice:p455phrase
  groups: ["team1"]

不幸的是，这不起作用。我一直在弹性搜索日志中收到以下错误消息的Authorization异常：

no block has matched, forbidding by default: { action: indices:data/read/mget, 
OA:127.0.0.1, indices:[.kibana], M:POST, P:/_mget, C:{"docs":[{"_index":".kibana",
"_type":"config","_id":"4.6.1"}]}, Headers:[]}

我的配置中缺少什么？

在kibana.yml中，配置为：

elasticsearch.username: "alice"
elasticsearch.password: "p455phrase"

Answer 1

如果您使用案例是基本的kibana身份验证，则应遵循the example in the readme。

一旦你开始工作，你可以修改示例以支持permssion组。

Readonlyrest和Kibana权限配置

1 个答案: