We are seeing FORBIDDEN in our Elasticsearch logs with the following actions (for our datadog agent). indices:admin/seq_no/global_checkpoint_sync cluster:admin/voting_config/clear_exclusions cluster:admin/component_template/get
These first two are the internal ES actions. They should be passed by ROR.
The 3rd one “cluster:admin/component_template/get” is component template-related action. It’s listed.
Could you please show the FORBIDDEN entry?
The “[no info about user]” means that no Authorization header was attached to the request and ROR was not able to get the basic auth credentials. Probably it needs to be improved because Kibana can communicate with ES using Bearer token
These first two are the internal ES actions. They should be passed by ROR.
The 3rd one “cluster:admin/component_template/get” is component template-related action. It’s listed.
Could you please show the FORBIDDEN entry?
Ok, after explicitly adding those two undocumented permissions, I stopped seeing the errors. If it happens again I will attach the full log.
The “[no info about user]” means that no Authorization header was attached to the request and ROR was not able to get the basic auth credentials. Probably it needs to be improved because Kibana can communicate with ES using Bearer token
Ok, is this tracked as a bug/feature request? We would like this fixed in an upcoming release if possible.
It’s ES notation.
Ok thank you. I did not need to add this permission explicitly.