Possible error in documentaion about creating an API key for central management

So i was reading the document:Secure your connection to Elasticsearch section:Create an API key for central management and when i try to run the provided example:

POST /_security/api_key
{
  "name": "logstash_host001", 
  "role_descriptors": {
    "logstash_monitoring": { 
      "cluster": ["monitor"],
      "index": ["read"]
    }
  }
}

i get the following error:


{
  "error": {
    "root_cause": [
      {
        "type": "parse_exception",
        "reason": "failed to parse indices privileges for role [logstash_monitoring]. expected field [null] value to be an array of objects, but found an array element of type [VALUE_STRING]"
      }
    ],
    "type": "x_content_parse_exception",
    "reason": "[6:17] [api_key_request] failed to parse field [role_descriptors]",
    "caused_by": {
      "type": "x_content_parse_exception",
      "reason": "[6:17] [role_descriptors] failed to parse field [logstash_monitoring]",
      "caused_by": {
        "type": "parse_exception",
        "reason": "failed to parse indices privileges for role [logstash_monitoring]. expected field [null] value to be an array of objects, but found an array element of type [VALUE_STRING]"
      }
    }
  },
  "status": 400
}

just want to make sure that the example is right?!

also as i was trying to figure out what is wrong, i came across another problem. there is another example in the same document in the section above : Create an API key for monitoring which is as follow :

POST /_security/api_key
{
  "name": "logstash_host001", 
  "role_descriptors": {
    "logstash_monitoring": { 
      "cluster": ["monitor"],
      "index": [
        {
          "names": [".monitoring-ls-*"],
          "privileges": ["create_index", "create"]
        }
      ]
    }
  }
}

and this works. Then i read the document Create API key API and it says


so i thought maybe the problem with the first example is not defining names field as document says it is required. Then there is another problem that in both documents (1) and (2) under role_descriptors there is a field named indices but not index, so maybe, although it works, this is also a old reference and need to be updated?

to recap:
1 . is the first example right?
2. should the field index be changed to indices to represent latest api changes?

Hi @jack_a

I am confused... or perhaps you are ... the definitions of the API keys are correct but then need to be used in the correct context...

Your first example is to create a key for Central monitoring per the docs but the error message you provide is not for that API Key

You created

POST /_security/api_key
{
  "name": "logstash_host001", 
  "role_descriptors": {
    "logstash_monitoring": { 
      "cluster": ["monitor"],
      "index": ["read"]
    }
  }
}

but there error you show is for a different key...

 "reason": "failed to parse indices privileges for role >>>[logstash_monitoring]<<<<. expected field [null] value to be an array of objects, but found an array element of type [VALUE_STRING]"

You need to create the keys per the specs and then use them for the correct authentication...

Yes that is correct but then it is only valid for management not monitoring

xpack.management.elasticsearch.api_key: TiNAGG4BaaMdaH1tRfuU:KnR6yE41RrSowb0kQ0HWoA 

You can not mix them
perhaps you are creating a management key ... and then trying to use that key for monitoring which will no work....or vice versa

Thanks for the reply.

OH! my bad. So it is a configuration related to central pipeline management and it probably need some pre-configuration to be able generate the api key.

about

but there error you show is for a different key...

what i did was to run the following example:

POST /_security/api_key
{
  "name": "logstash_host001", 
  "role_descriptors": {
    "logstash_monitoring": { 
      "cluster": ["monitor"],
      "index": ["read"]
    }
  }
}

and the error that i provided is what i got when i ran the above command.

Not sure where you got that ... but this.... what you show is malformed

POST /_security/api_key
{
  "name": "logstash_host001", 
  "role_descriptors": {
    "logstash_monitoring": { 
      "cluster": ["monitor"],
      "index": ["read"] <<<< THIS IS NOT CORRECT
    }
  }
}

According to the docs here

Note how index is form name and privileges

POST /_security/api_key
{
  "name": "logstash_host001", 
  "role_descriptors": {
    "logstash_monitoring": { 
      "cluster": ["monitor"],
      "index": [
        {
          "names": [".monitoring-ls-*"],
          "privileges": ["create_index", "create"]
        }
      ]
    }
  }
}