I'm trying to setup a basic readonlyrest example with Kibana. My config is as follows:
readonlyrest:
enable: true
response_if_req_forbidden: Forbidden by ReadonlyREST ES plugin
access_control_rules:
- name: Accept requests from users in group team1 on index1
type: allow
hosts: [localhost,127.0.0.1,10.0.0.0/24]
groups: ["team1"]
actions: ["indices:data/read","indices:data/read/mge/*","indices:data/read/mget","indices:data/read/*","indices:data/write/*","indices:admin/template/*","indices:admin/create", "cluster:monitor/*"]
indices: ["<no-index>", ".kibana*", "logstash*", "default" ,"sha*" ,"ba*"]
users:
- username: alice
auth_key: alice:p455phrase
groups: ["team1"]
Unfortunately this does not work. I keep getting Authorization exception with the following error message in elasticsearch logs:
no block has matched, forbidding by default: { action: indices:data/read/mget,
OA:127.0.0.1, indices:[.kibana], M:POST, P:/_mget, C:{"docs":[{"_index":".kibana",
"_type":"config","_id":"4.6.1"}]}, Headers:[]}
What is missing in my config?
In kibana.yml the configuration is:
elasticsearch.username: "alice"
elasticsearch.password: "p455phrase"
