Hi all,
I have a pipeline on my cluster to process items from metricbeats.
The pipeline is responsible to modify the index based on the original doc.
PUT _ingest/pipeline/metricbeat
{
"description": "Pipeline to ingest metrics from Metricbeat",
"processors": [
{
"set": {
"field": "hostname",
"value": "anyhost"
}
},
{
"script": {
"source": "if (ctx.metricset.module == 'kubernetes') { ctx._index = 'metricbeats-linux-kubernetes' ;} "
}
}
]
}
The user has the permission to save on that index:
GET _xpack/security/user/_has_privileges
{
"cluster": ["manage_index_templates", "monitor"],
"index" : [
{
"names": [ "metricbeats*" ],
"privileges": ["create","create_index"]
}
]
}
{
"username" : "metricbeats_user",
"has_all_requested" : true,
"cluster" : {
"manage_index_templates" : true,
"monitor" : true
},
"index" : {
"metricbeats*" : {
"create_index" : true,
"create" : true
}
},
"application" : { }
}
When I try to post it to a random index, I receive a 403 error.
POST any_index_name/doc?pipeline=metricbeat
{
"@timestamp": "2019-02-13T06:43:50.913Z",
"@metadata": {
"beat": "metricbeat",
"type": "doc",
"version": "7.0.0-alpha1"
},
"os_type": "linux",
"version": "v1",
"metricset": {
"name": "container",
"module": "kubernetes"
}
}
{
"error": {
"root_cause": [
{
"type": "security_exception",
"reason": "action [indices:admin/create] is unauthorized for user [metricbeats_user]"
}
],
"type": "security_exception",
"reason": "action [indices:admin/create] is unauthorized for user [metricbeats_user]"
},
"status": 403
}
If I post the samething using the endpoint metricbeats/doc?pipeline=metricbeat
, it works fine.
However, since the pipeline change the index, I was expecting to be able to Post it to any index.
Is it the expected behavior? Is it configurable?
Thank you
Leandro