I am using open distro version 0.7.0. I have the following internal_users.yml that gets uploaded (I am sure its working as I changed the admin hash which is reflected):
admin:
readonly: true
hash: XXXX
roles:
- admin
attributes:
#no dots allowed in attribute names
attribute1: value1
attribute2: value2
attribute3: value3
logstash:
readonly: false
hash: XXXX
roles:
- logstash
index_permissions:
- index_patterns:
- my_data*
dls: “”
fls:
masked_fields:
allowed_actions:
- SG_READ
- SG_WRITE
kibanaserver:
readonly: true
hash: XXXX
kibanaro:
hash: XXXX
roles:
- kibanauser
- readall
readall:
hash: XXXX
roles:
- readall
snapshotrestore:
hash: XXXX
roles:
- snapshotrestore
However, I am getting the following error from logstash/elasticsearch saying that logstash does not have index permission for my_data-2020.04.13:
[2020-04-13T20:05:35,838][INFO ][c.a.o.s.p.PrivilegesEvaluator] [yRikf81] No permissions for [indices:data/write/index, indices:data/write/bulk[s]]
[2020-04-13T20:05:35,861][INFO ][c.a.o.s.p.PrivilegesEvaluator] [yRikf81] No index-level perm match for User [name=logstash, roles=[logstash], requestedTenant=null] Resolved [aliases=, indices=[my_data-2020.04.13], allIndices=[my_data-2020.04.13], types=[doc], isAll()=false, isEmpty()=false] [Action [indices:data/write/bulk[s]]] [RolesChecked [own_index, logstash]]
Is there something I am missing here?