Hi,
I try to secure my elastic cluster with readonlyrest. I encountered an issu for listing repositories.
I declare full access for localhost :
readonlyrest:
access_control_rules:
- name: “Allow requests from localhost only”
hosts: [127.0.0.1]
actions: [“cluster:*”]
But with a curl i get 401 :
curl -v -k https://127.0.0.1:9443/_cat/repositories/
GET /_cat/repositories/ HTTP/1.1
Host: 127.0.0.1:9443
User-Agent: curl/7.58.0
Accept: /
< HTTP/1.1 401 Unauthorized
< WWW-Authenticate: Basic
< content-type: application/json; charset=UTF-8
< content-length: 153
{“error”:{“root_cause”:[{“reason”:“forbidden”,“due_to”:[“OPERATION_NOT_ALLOWED”]}],“reason”:“forbidden”,“due_to”:[“OPERATION_NOT_ALLOWED”],“status”:401}}root@dvpmudb00b00002:/opt/elasticsearch#
whereas in logs it is allowed :
[2021-03-08T11:18:57,912][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [xxx-dev-1] ESC[36mALLOWED by { name: ‘Allow requests from localhost only’, policy: ALLOW, rules: [hosts,actions] req={ ID:659004169-547410566#4287, TYP:GetRepositoriesRequest, CGR:N/A, USR:[no info about user], BRS:true, KDX:null, ACT:cluster:admin/repository/get, OA:127.0.0.1/32, XFF:null, DA:127.0.0.1/32, IDX:<N/A>, MET:GET, PTH:/_cat/repositories/, CNT:<N/A>, HDR:Accept=/, Host=127.0.0.1:9443, User-Agent=curl/7.58.0, content-length=0, HIS:[Allow requests from localhost only-> RULES:[hosts->true, actions->true]] }
is there a mistake in my configuration ?
The version used are :
Elasticsearch 7.7.1 oss
ReadOnlyRest 1.27.1
Any advice would be much appreciated
Thanks