Good morning everyone! I’m contacting you because I’m setting up OpenSearch via Docker in my infrastructure to capture logs for an application. However, I’m facing a problem that AI couldn’t help me with: I can only send logs to the application using the admin user.
With AI’s help, I tried to create another, more limited user (my goal is for this user to only send logs, with no access to anything else). I created a role called log-writer as follows:
curl -X PUT -u admin:'P@SsW0rD!' \
"https://localhost:9200/_plugins/_security/api/roles/log-writer-role" \
-H "Content-Type: application/json" \
-d '{
"cluster_permissions": [],
"index_permissions": [
{
"index_patterns": ["logs-test", "logs-*"],
"allowed_actions": [
"write",
"create_index",
"create"
]
}
]
}' \
--insecure
After that, I created the user using this role, but when I tried to add any logs, I received the following error:
curl -u log-writer:'P@SsW0rD!' \
-X POST "https://localhost:9200/logs-test/_doc" \
-H "Content-Type: application/json" \
-d '{
"timestamp": "'"$(date -Iseconds)"'",
"message": "Teste de log de ingestão",
"level": "INFO"
}' \
-k
{“error”:{“root_cause”:\[{“type”:“security_exception”,“reason”:“no permissions for \[indices:data/write/index\] and User \[name=log-writer, backend_roles=\[log-writer-role\], requestedTenant=null\]”}\],“type”:“security_exception”,“reason”:“no permissions for \[indices:data/write/index\] and User \[name=log-writer, backend_roles=\[log-writer-role\], requestedTenant=null\]”},“status”:403}
I’ve already added the indices:data/write/index permission to the role, and the problem persists.
Can anyone who has already documented this tell me what I need to do? My goal is to have a user with absolutely no access other than sending logs, so that if a leak occurs, the data present in the logs won’t leak.