Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
2.13.0
Describe the issue:
I want to use no admin user for filebeat (7.10)
When i try to launch daemon - i have a error
talk to server... ERROR 403 Forbidden: {"error":{"root_cause":[{"type":"security_exception","reason":"no permissions for [cluster:monitor/main] and User [name=filebeat, backend_roles=[develop], requestedTenant=null]"}],"type":"security_exception","reason":"no permissions for [cluster:monitor/main] and User [name=filebeat, backend_roles=[develop], requestedTenant=null]"},"status":403}
Configuration:
Develop role is
resource "opensearch_role" "develop" {
role_name = "develop"
description = "Develop role"
cluster_permissions = [
"cluster_monitor",
"cluster_composite_ops",
"indices:admin/template/get",
"indices:admin/template/put",
"cluster:admin/ingest/pipeline/get",
"cluster:admin/ingest/pipeline/put",
"cluster:monitor/main",
]
index_permissions {
index_patterns = ["*"]
allowed_actions = ["read", "crud", "create_index", "write"]
}
}
Relevant Logs or Screenshots:
I try to research this problem and find, that filebeat try root endpoint of each node in config
Of Course, i try curl with username:password
# curl -XGET https://ossec:9200/?pretty -u 'filebeat:password'
{
"error" : {
"root_cause" : [
{
"type" : "security_exception",
"reason" : "no permissions for [cluster:monitor/main] and User [name=filebeat, backend_roles=[develop], requestedTenant=null]"
}
],
"type" : "security_exception",
"reason" : "no permissions for [cluster:monitor/main] and User [name=filebeat, backend_roles=[develop], requestedTenant=null]"
},
"status" : 403
}