Failed to create client for go-elasticsearch

Bosees · December 8, 2023, 2:27am

I'm trying to create a client using go-elasticsearch with a viewer permission user who can only play a read role. The problem is that I'm getting a 403 error. Here is the corresponding error log

"type":"security_exception","reason":"action [cluster:monitor/main] is unauthorized for user [readonly] with effective roles [viewer], this action is granted by the cluster privileges [monitor,manage,all]"

This does not happen in JS-elasticsearch.
Is the action related to monitor included by default in Go-elasticsearch? How can I turn it off? I don't see it when I look at the interface of the Config type.

This is my current connection code block.

cfg := elasticsearch.Config{
		Addresses: []string{
			esConfig.Host,
		},
		Username:          esConfig.User,
		Password:          esConfig.Password,
	}

I don't want to just grant permissions, I want to start with just viewer permissions like JS-Elasticsearch works.

system · January 5, 2024, 2:27am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Security_exception - action [cluster:monitor/main] is unauthorized for user [p595200] Elasticsearch elastic-stack-security	2	13024	December 13, 2017
Why does it need cluster:monitor/main permission Elasticsearch language-clients	2	573	August 16, 2022
Security_exception: action [cluster:monitor/main] is unauthorized for user [user.name] Elasticsearch	1	1639	August 7, 2019
elasticsearch.AuthorizationException: AuthorizationException(403, 'security_exception', 'action [cluster:monitor/main] is unauthorized for user***************this action is grante d by the cluster privileges [monitor,manage,all]') Elasticsearch	2	2446	February 16, 2023
Right role to access https://$ES_HOST/_stats Elasticsearch	2	370	July 8, 2020

Failed to create client for go-elasticsearch

Related topics