Hello,
I've set an api_key to manage an index but I'm getting this error :
Error: [403] {"error":{"root_cause":[{"type":"security_exception","reason":"action [indices:data/read/search] is unauthorized for API key id [******] of user [logstash_internal] on indices [services_kpis], this action is granted by the index privileges [read,all]"}],"type":"security_exception","reason":"action [indices:data/read/search] is unauthorized for API key id [******] of user [logstash_internal] on indices [services_kpis], this action is granted by the index privileges [read,all]"},"status":403}
Exception: Elasticsearch::Transport::Transport::Errors::Forbidden
Then I've added the missing privileges "read" but still the same error.
curl -sS -H "Authorization: ApiKey *******" https://localhost:9200/_security/role/logstash_writer | jq -r '.logstash_writer | .cluster, .indices'
[
"manage_index_templates",
"monitor",
"manage_ilm",
"manage_api_key",
"manage_own_api_key"
]
[
{
"names": [
"services_kpis"
],
"privileges": [
"write",
"create",
"delete",
"create_index",
"manage",
"manage_ilm",
"create_doc",
"view_index_metadata",
"read"
],
"allow_restricted_indices": false
}
]
Why isn't directly effective ? If we have to restart all processes it's a shame...
Regards,
Kevin