Pra*_*rty 1 elasticsearch elasticsearch-opendistro
我正在尝试授予匿名用户管理员级别权限以写入 Elasticsearch 的 Opendistro 捆绑包上的某些索引。我已经用 http.anonymous_auth_enabled: true 更新了 config.yml 并且还对 role.yml 进行了匿名_backendrole 角色的必要更改。
但我仍然收到此错误 -
{ "error" : { "root_cause" : [ { "type" : "security_exception", "reason" : "no permissions for [cluster:monitor/health] and User [name=opendistro_security_anonymous, roles=[opendistro_security_anonymous_backendrole], requestedTenant=null]" } ], "type" : "security_exception", "reason" : "no permissions for [cluster:monitor/health] and User [name=opendistro_security_anonymous, roles=[opendistro_security_anonymous_backendrole], requestedTenant=null]" }, "status" : 403 }
在这里寻找是否有人可以提供使用 Opendistro 设置匿名身份验证的正确方法。
小智 6
后端角色实际上只是“从外部服务器导入的角色”的一个令人困惑的名称。在这种情况下,您可以忽略它们。
相反,您需要一个“常规”角色,您可以在 Kibana > Security > Roles(或使用 REST API)中创建该角色。只需确保它具有与现有管理员角色相同的集群和索引权限。我anonymous-admin给我的命名并赋予它UNLIMITED集群权限和*索引。
然后转到安全 > 角色映射 > 添加新的角色映射。选择您的anonymous-admin角色,将字符串添加opendistro_security_anonymous到用户字段,然后点击提交。
前:
$ curl -XGET https://localhost:9200 -k
{"error":{"root_cause":[{"type":"security_exception","reason":"no permissions for [cluster:monitor/main] and User [name=opendistro_security_anonymous, roles=[opendistro_security_anonymous_backendrole], requestedTenant=null]"}],"type":"security_exception","reason":"no permissions for [cluster:monitor/main] and User [name=opendistro_security_anonymous, roles=[opendistro_security_anonymous_backendrole], requestedTenant=null]"},"status":403}
后:
$ curl -XGET https://localhost:9200 -k
{
"name" : "W8ehfvx",
"cluster_name" : "odfe-cluster",
"cluster_uuid" : "Uk67h4MkSL-U_48NJwjeRg",
"version" : {
"number" : "6.5.4",
"build_flavor" : "oss",
"build_type" : "tar",
"build_hash" : "d2ef93d",
"build_date" : "2018-12-17T21:17:40.758843Z",
"build_snapshot" : false,
"lucene_version" : "7.5.0",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
},
"tagline" : "You Know, for Search"
}