Unknown rule name: 'headers'


(Roger Seth) #1

been working with ES 6.2.4 and ROR readonlyrest-1.16.19_es6.2.4.zip on my local successfully. However, on deploying the same to AWS Cloud, I am getting this error. The readonlyrest yml is also configured as shown below. Any ideas what could cause the ROR plugin to behave differently on AWS EC2 as opposed to local (windows)?

readonlyrest:
prompt_for_basic_auth: false

access_control_rules:
- name: "::KIBANA-SRV 1::"
  kibana_access: admin
  auth_key: kibana:kibana
  verbosity: error

- name: "::RO::"
  auth_key: converse:converseread
  kibana_access: ro
  indices: [ ".kibana", ".kibana-devnull", "logstash-*"]
  kibana_hide_apps: ["readonlyrest_kbn", "timelion", "kibana:dev_tools", "kibana:management"]

- name: "::RW::"
  auth_key: converse:$apr1$JRxL0HOz$ndMHCirazDfTZznLy.icH1
  kibana_access: rw
  indices: [".kibana", ".kibana-devnull", "logstash-*"]
  kibana_hide_apps: ["readonlyrest_kbn"]

- name: "Global Write/Admin Access"
  auth_key: elastic:$apr1$JRxL0HOz$ndMHCirazDfTZznLy.icH1
  type: allow
  actions: ["indices:data/write/*","indices:admin/*", "cluster:admin/*", "cluster:monitor/*", "indices:monitor/*"]
  verbosity: error

- name: "Route53 Access"
  type: allow
  x_forwarded_for: ["0.0.0.0/0"]
  actions: ["cluster:monitor/*", "indices:admin/get", "indices:admin/aliases", "indices:admin/aliases/*", "indices:admin/analyze", "indices:monitor/*", "indices:data/read/*"]
  verbosity: error

- name: "::NGINX-RESTRICTED-GROUP::"
  indices: [".kibana", "[email protected]{user}", "@{user}_logstash-*"]
  headers: ["x-forwarded-group:restricted"]
  kibana_access: "ro"
  kibana_hide_apps: ["readonlyrest_kbn", "apm", "timelion", "kibana:dev_tools", "kibana:management"]
  proxy_auth:
    proxy_auth_config: "proxy1"
    users: ["*"]
  verbosity: info

- name: "::NGINX-READONLY-GROUP::"
- indices: [".kibana", "[email protected]{user}", "@{user}_logstash-*"]
  headers: ["x-forwarded-group:readonly"]razDfTZznLy.icH1
  kibana_access: "ro"
  proxy_auth:
    proxy_auth_config: "proxy1"
    users: ["*"]
  verbosity: info

- name: "::NGINX-ADMIN-GROUP::"
  indices: [".kibana", "[email protected]{user}", "@{user}_logstash-*"]
  actions: ["indices:data/read/*", "indices:data/write/*" ]
  headers: ["x-forwarded-group:admin"]
  kibana_access: admin
  proxy_auth:
    proxy_auth_config: "proxy1"
    users: ["*"]
  verbosity: info

proxy_auth_configs:
- name: "proxy1"
  user_id_header: "x-forwarded-user"

ERROR

[rank-eval]
[2018-05-30T13:18:25,219][INFO ][o.e.p.PluginsService ] [ip-10-203-122-126.myhost.com] loaded module [reindex]
[2018-05-30T13:18:25,219][INFO ][o.e.p.PluginsService ] [ip-10-203-122-126.myhost.com] loaded module [repository-url]
[2018-05-30T13:18:25,219][INFO ][o.e.p.PluginsService ] [ip-10-203-122-126.myhost.com] loaded module [transport-netty4]
[2018-05-30T13:18:25,219][INFO ][o.e.p.PluginsService ] [ip-10-203-122-126.myhost.com] loaded module [tribe]
[2018-05-30T13:18:25,219][INFO ][o.e.p.PluginsService ] [ip-10-203-122-126.myhost.com] loaded plugin [discovery-ec2]
[2018-05-30T13:18:25,219][INFO ][o.e.p.PluginsService ] [ip-10-203-122-126.myhost.com] loaded plugin [readonlyrest]
[2018-05-30T13:18:25,219][INFO ][o.e.p.PluginsService ] [ip-10-203-122-126.myhost.com] loaded plugin [repository-s3]
[2018-05-30T13:18:27,246][INFO ][t.b.r.e.SettingsObservableImpl] Read data from /etc/elasticsearch/readonlyrest.yml
[2018-05-30T13:18:27,387][INFO ][t.b.r.e.IndexLevelActionFilter] [ip-10-203-122-126.myhost.com] Read data from /etc/elasticsearch/readonlyrest.yml
[2018-05-30T13:18:27,403][INFO ][t.b.r.e.IndexLevelActionFilter] [ip-10-203-122-126.myhost.com] Settings observer refreshing…
[2018-05-30T13:18:27,497][ERROR][t.b.r.e.IndexLevelActionFilter] [ip-10-203-122-126.myhost.com] Cannot configure ReadonlyREST plugin
tech.beshu.ror.commons.settings.SettingsMalformedException: Unknown rule name: 'headers’
at tech.beshu.ror.settings.RulesSettingsCreatorsRegistry.create(RulesSettingsCreatorsRegistry.java:120) ~[?:?]
at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193) ~[?:1.8.0_171]
at java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:175) ~[?:1.8.0_171]
at java.util.Iterator.forEachRemaining(Iterator.java:116) ~[?:1.8.0_171]


(Simone Scarduzio) #2

Hi @Daedelus,
The Headers rule is present since 1.16.20, which will be soon released. Do you need a pre build?


(Roger Seth) #3

Got it - I had assumed the pre-build which you had provided me has been released ! I didn’t check the versions - thanks for pointing it out ! I will continue to test on the pre build until 1.16.20 comes out. couple of questions on that :

  1. when do you think 1.16.20 would be released ballpark
  2. Would it be compatible with 6.3.0 ES that is due to come out soon?

(Simone Scarduzio) #4
  1. Next week for sure, was due this week.
  2. ES 6.3 changes a bunch of stuff, it will take some work. I don’t guarantee same day delivery.