with es 6.1.1 and ror 1.16.27 i’m trying to run cerebro 0.7.2
after entering http://server1:9200 i expect to get login fields (in new window user + password) and instead i get
“unexpected response status: [403]”
and i can find in the es logs “USR: [no basic auth header]”
(i also have old cerebro version (0.6.5) which has an “authenticate” option builtin at the main window. when i’m using that version to login to http://server1:9200 + user + password everything works fine. each user can see its own indices so i guess the readonlyrest configuration is ok)
maybe in case of missing user/pw the return error was 401 instead of 403 the login windows will be shown?
but if i will configure the file like you did, only one user (credential_of_your_RoR_block) will be able to use cerebro and that user will see all indices.
what i need is that different users will use the cerebero (and of course each user should see his own indices).
this is why i need cerebro to show the authentication window.
tested Cerebro, I added to cerebro’s conf/application.conf:
# For accepting self signed SSL certificates
play.ws.ssl.loose.acceptAnyCertificate = true
hosts = [
{
host = "https://localhost:9200"
name = "Secured Cluster Localhost"
}
]
And in ES I experimentally added this extra block to my ACL in readonlyrest.yml:
- name: 'cerebro'
indices: '.k*'
auth_key: 'c:c'
Started up ES and Cerebro, went to Cerebro web ui, and it just asked me for credentials. At this point I wrote “c” and “c” and I could only see my “.kibana” index.
This is sufficient to demonstrate that your use case where everyone connects to the same cerebro and given their credentials they will just see their indices is feasible. It’s just a matter of opening up some more actions for each uses, so cerebro can work.