Open TomonoriSoejima opened 3 years ago
create a key with a less powerful role.
POST /_security/api_key { "name": "test_key2", "expiration": "1d", "role_descriptors": { "kibana_user": { } } }
create a key with a powerful role.
POST /_security/api_key { "name": "kibana_user", "expiration": "1d" }
kibana_key=UEhadi1uWUJ0U3d3a3lCTFBsNUY6LXh4UjhpdTlSMHVFdnBILUdPanBuZw== super_key=aDNaby1uWUJ0U3d3a3lCTEtGSGk6SDZkVDQ3VTJURHFxQkFNNkU0SmZTdw==
_cluster/health
kibana_key
[nami:api_key_test]$ http -b $url Content-type:"application/json" Authorization:"ApiKey $kibana_key" { "error": { "reason": "action [cluster:monitor/health] is unauthorized for API key id [PHZv-nYBtSwwkyBLPl5F] of user [2434140000]", "root_cause": [ { "reason": "action [cluster:monitor/health] is unauthorized for API key id [PHZv-nYBtSwwkyBLPl5F] of user [2434140000]", "type": "security_exception" } ], "type": "security_exception" }, "status": 403 } [nami:api_key_test]$ http -b $url Content-type:"application/json" Authorization:"ApiKey $super_key" { "active_primary_shards": 150, "active_shards": 300, "active_shards_percent_as_number": 100.0, "cluster_name": "7660b48f29e746bbbc20dd74c80368d0", "delayed_unassigned_shards": 0, "initializing_shards": 0, "number_of_data_nodes": 4, "number_of_in_flight_fetch": 0, "number_of_nodes": 5, "number_of_pending_tasks": 0, "relocating_shards": 0, "status": "green", "task_max_waiting_in_queue_millis": 0, "timed_out": false, "unassigned_shards": 0 } [nami:api_key_test]$
create a key with a less powerful role.
create a key with a powerful role.
kibana_key=UEhadi1uWUJ0U3d3a3lCTFBsNUY6LXh4UjhpdTlSMHVFdnBILUdPanBuZw== super_key=aDNaby1uWUJ0U3d3a3lCTEtGSGk6SDZkVDQ3VTJURHFxQkFNNkU0SmZTdw==
_cluster/healthsucceeds with each keykibana_key, you get auth error.