ES plugin - filter


(francisca) #1

Hello,
I am using the Elasticsearch plugin. When I insert the filter option, kibana does not work. Any error in my code?

readonlyrest:
    access_control_rules:

    - name: "::Kibana server::"
      auth_key: user1:password1
      type: allow

    - name: "user2"
      auth_key: user2:password2
      type: allow
      kibana_access: ro
      indices: [".kibana*","exercicio"]
      actions: ["indices:data/read/*"]
      filter: '{"bool": { "must": { "match": { "sms_campaign_name.keyword": "Campanha1" }}}}'

The strange this is that if I use must_not worked.

  filter: '{"bool": { "must_not": { "match": {"sms_campaign_name.keyword":"Campanha1"}}}}'

Thank you.


(Simone Scarduzio) #2

Yes @francisca.lima, this is expected. When you use filter and fields rules, you need to duplicate your ACL block, as these rules only will match with *search *get requests, while a normal Kibana session uses a wider mix of request types.

You can find this technique explained in our documentation, look where it says “IMPORTANT”.

If you want some feedback on your settings, feel free to show us here.


(francisca) #3

Can you send me example? How I duplicate my ACL block? I only want to read data.


(Simone Scarduzio) #4

Something like this:

So the searches will be intercepted by the first block. All the other requests will be intercepted by the second block


(francisca) #5

Thank your for your help!


(francisca) #6

However, in 6.7.0 version this is not working. Any idea?


(Simone Scarduzio) #7

Can you tell us in what (ES and ROR) version you had it working? Also, can you tell us how you define work/not work with a simple experiment? I.e. using curl with a minimal configuration?


(francisca) #8

I defined the configuration file of readonlyrest in 6.6.1 but when I upgrade to 6.7.0 did not work.
The configuration file is:

readonlyrest:
access_control_rules:

- name: "::Kibana server::"
  auth_key: user1:password1
  type: allow

- name: "user2 (filtered searches)"
  auth_key: user2:password2
  type: allow
  indices: ["exercicio2","exercicio"]
  filter: '{"bool": { "must": { "match": { "sms_campaign_name.keyword": "Campanha1" }}}}'

- name: "user2 (other kibana ops)"
  auth_key: user2:password2
  type: allow
  kibana_access: ro
  indices: [".kibana*","exercicio2","exercicio"]
  actions: ["indices:data/read/*"]

- name: "user3 (filtered searches)"
  auth_key: user3:password3
  type: allow
  indices: ["exercicio"]
  filter: '{"bool": { "must": { "match": { "sms_campaign_name.keyword": "Campanha2" }}}}'

- name: "user3 (other kibana ops)"
  auth_key: user3:password3
  type: allow
  kibana_access: ro
  indices: [".kibana*","exercicio"]
  actions: ["indices:data/read/*"]

The filtered searches are not working in Kibana. Can you help me? In Elasticsearch, doing a curl, it worked.

Even stanger is when I add the filter also in other kibana ops, after inserting the credentials of user2 the kibana page does not even work.

[I am using ES Plugin for 6.7.0]


(Simone Scarduzio) #9

Not sure what’s wrong, but what I’m sure about is that mixing “actions” and “kibana_access” doesn’t make sense. The kibana_access rule is already a macro that selects a series of actions. And if you add the actions rule, you are basically neutralising it.

Please have a read at a better explanation of kibana_access.

Please remove the actions rule and try again.

Also, why to allow users access to “.kibana*” when all they need is “.kibana”?


(francisca) #10

Thank you! I removed the actions. My system indexes of kibana are: .kibana_task_manager and .kibana_1, so I tried to only use .kibana_1 or only use .kibana_task_manager, but no success (cannot access kibana).

readonlyrest:
    access_control_rules:

    - name: "::Kibana server::"
      auth_key: user1:password1
      type: allow

    - name: "user2 (filtered searches)"
      auth_key: user2:password2
      type: allow
      indices: ["exercicio2","exercicio"]
      filter: '{"bool": { "must": { "match": { "sms_campaign_name.keyword": "Campanha1" }}}}'

    - name: "user2 (other kibana ops)"
      auth_key: user2:password2
      type: allow
      kibana_access: ro
      indices: [".kibana*","exercicio2","exercicio"]

Any other idea?


(Simone Scarduzio) #11

It’s a bug, we just reproduced it. Will let you know.


(francisca) #12

Thank you! I will be waiting :smiley:


(Simone Scarduzio) #13

Hi Francisca,

This is the build with the fix: http://readonlyrest-1.17.5-pre2_es6.7.0.zip


(francisca) #14

Thank you so much! It worked!