Hello !
ReadonlyRest Enterprise user here (1.33.1) on Elasticstack 7.12.1
I think I’ve spotted a bug in a very peculiar setup :
It requires :
An account wich only access to wildcarded pattern indices in RO mode (Maybe It only occurs if indice pattern is provided through oidc assertions; I’ve not tested without though)
An index pattern which matches the indice but the index pattern must be wider than the allowed indice in the ACL :
For example: Index : "remote:very.long.name"
Index Pattern: "*:*.*.na*"
ACL: "*:very.long.*"
When trying to access data of this index pattern, several errors appears in kibana (with forbiden message; related to the field list)
As a workaround; I tried to add the following rule :
About the #1: we need to double check RO users are allowed to those actions.
Abou the #2: we need to add some unit test to our indices rule to try reproduce this. I.e. the user attempts to reach the index my_data and we have a indices rule like: indices: ["*_data"] ? Or maybe you can propose a specific test?
For the #2, I just discovered a strange error log in the elasticsearch output. However it contains non publicly discloseable informations.
I’ll send you the log through PM.
For the #2 It is not related to ReadOnlyRest, but it’s an elasticsearch compatibility issue (Remote clusters are supposed to be leniant about versions, but latest version of kibana requires that even remote clusters to be at least 7.9¨+)
I’ll have to upgrade all my remote clusters.