@@ -17,7 +17,7 @@ List of other supported Elasticsearch versions: [releases](https://github.com/ss
1717
1818``` bash
1919ES_VERSION=2.4.1
20- bin/plugin install https://github.com/sscarduzio/elasticsearch-readonlyrest-plugin/releases/download/v1.10 .0_es-v$ES_VERSION /elasticsearch-readonlyrest-v1.11.0_es-v$ES_VERSION .zip
20+ bin/plugin install https://github.com/sscarduzio/elasticsearch-readonlyrest-plugin/releases/download/v1.12 .0_es-v$ES_VERSION /elasticsearch-readonlyrest-v1.11.0_es-v$ES_VERSION .zip
2121```
2222
2323### 2. Configuration
@@ -60,35 +60,52 @@ readonlyrest:
6060
6161# ## USE CASE 2: Multiuser Kibana + Authenticated Logstash (various permission levels)
6262` ` ` yml
63- # remember to set the right CORS origin (or disable it, if you're brave). See https://github.com/elastic/kibana/issues/6719
64- http.cors.enabled: true
65- http.cors.allow-origin: /https?:\/\/ localhost(:[0-9]+)?/
6663
6764readonlyrest:
6865 enable: true
69-
66+ ssl:
67+ enable: true
68+ keystore_file: "/elasticsearch/plugins/readonlyrest/keystore.jks"
69+ keystore_pass: readonlyrest
70+ key_pass: readonlyrest
71+
7072 response_if_req_forbidden: Forbidden by ReadonlyREST ES plugin
71-
73+
7274 access_control_rules:
7375
74- - name: "Logstash can write and create its own indices "
76+ - name: "::LOGSTASH:: "
7577 # auth_key is good for testing, but replace it with ` auth_key_sha1`!
7678 auth_key : logstash:logstash
7779 type : allow
7880 actions : ["indices:data/read/*","indices:data/write/*","indices:admin/template/*","indices:admin/create"]
7981 indices : ["logstash-*", "<no-index>"]
8082
81- - name : Kibana Server (we trust this server side component, full access granted via HTTP authentication)
83+ # We trust this server side component, full access granted via HTTP authentication
84+ - name : " ::KIBANA-SRV::"
8285 # auth_key is good for testing, but replace it with `auth_key_sha1`!
83- auth_key : admin:passwd3
86+ auth_key : kibana:kibana
8487 type : allow
8588
86- - name : Developer (reads only logstash indices, but can create new charts/dashboards)
87- # auth_key is good for testing, but replace it with `auth_key_sha1`!
88- auth_key : dev :dev
89+ # Logs in via HTTP Basic Authentication, has RW access to kibana but zero access to non-kibana actions.
90+ - name : " ::RO+ DEVELOPER:: "
91+ auth_key : ro+ :dev
8992 type : allow
9093 kibana_access : ro+
91- indices : ["<no-index>", ".kibana*", "logstash*", "default"]
94+ indices : ["<no-index>", ".kibana", ".kibana-devnull", "logstash-*", "default"]
95+
96+ # Cannot configure or edit dashboards and visualizations.
97+ - name : " ::RO DEVELOPER::"
98+ auth_key : ro:dev
99+ type : allow
100+ kibana_access : ro
101+ indices : ["<no-index>", ".kibana", ".kibana-devnull", "logstash-*", "default"]
102+
103+ # No authentication required to read from this index
104+ - name : " ::PUBLIC SEARCH::"
105+ type : allow
106+ indices : ["public"]
107+ actions : ["indices:data/read/*"]
108+
92109
93110```
94111** Now activate authentication in Kibana server** : let the Kibana daemon connect to ElasticSearch in privileged mode.
0 commit comments