So I'm trying to play with the DLS stuff and I downloaded the jar and try to set up a anonymous user like so:
sg_public:
cluster:
- '*'
indices:
'*':
'*':
- READ
- indices:admin/mappings/fields/get*
'?kibana':
'*':
- indices:admin/exists*
- indices:admin/mapping/put*
- indices:admin/mappings/fields/get*
- indices:admin/refresh*
- indices:admin/validate/query*
- indices:data/read/get*
- indices:data/read/mget*
- indices:data/read/search*
- indices:data/write/delete*
- indices:data/write/index*
- indices:data/write/update*
dls: '{"term" : {"_type" : "courier"}}'
This should all any user to to view documents of type courier. But when I try to navigate in kibana I get the following in the ES logs:
RemoteTransportException[[
corp-es-4.test.com][10.0.11.194:9300][indices:data/write/index]]; nested: RemoteTransportException[[
corp-es-4.test.com][10.0.11.194:9300][indices:data/write/index[p]]]; nested: DocumentAlreadyExistsException[[config][4.5.0]: document already exists];
Caused by: RemoteTransportException[[
corp-es-4.test.com][10.0.11.194:9300][indices:data/write/index[p]]]; nested: DocumentAlreadyExistsException[[config][4.5.0]: document already exists];
Caused by: [.kibana][[.kibana][0]] DocumentAlreadyExistsException[[config][4.5.0]: document already exists]
at org.elasticsearch.index.engine.InternalEngine.innerCreateNoLock(InternalEngine.java:421)
at org.elasticsearch.index.engine.InternalEngine.innerCreate(InternalEngine.java:378)
at org.elasticsearch.index.engine.InternalEngine.create(InternalEngine.java:349)
at org.elasticsearch.index.shard.IndexShard.create(IndexShard.java:545)
at org.elasticsearch.index.engine.Engine$Create.execute(Engine.java:810)
at org.elasticsearch.action.index.TransportIndexAction.executeIndexRequestOnPrimary(TransportIndexAction.java:237)
at org.elasticsearch.action.index.TransportIndexAction.shardOperationOnPrimary(TransportIndexAction.java:158)
at org.elasticsearch.action.index.TransportIndexAction.shardOperationOnPrimary(TransportIndexAction.java:66)
at org.elasticsearch.action.support.replication.TransportReplicationAction$PrimaryPhase.doRun(TransportReplicationAction.java:639)
at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37)
at org.elasticsearch.action.support.replication.TransportReplicationAction$PrimaryOperationTransportHandler.messageReceived(TransportReplicationAction.java:279)
at org.elasticsearch.action.support.replication.TransportReplicationAction$PrimaryOperationTransportHandler.messageReceived(TransportReplicationAction.java:271)
at com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService.messageReceivedDecorate(SearchGuardSSLTransportService.java:161)
at com.floragunn.searchguard.transport.SearchGuardTransportService.messageReceivedDecorate(SearchGuardTransportService.java:232)
at com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor.messageReceived(SearchGuardSSLTransportService.java:100)
at org.elasticsearch.transport.RequestHandlerRegistry.processMessageReceived(RequestHandlerRegistry.java:75)
at org.elasticsearch.transport.TransportService$4.doRun(TransportService.java:376)
at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
If I comment out the dls stuff it works fine, but obviously the user isn't restricted. Should I just wait for a later release or am I doing something wrong here?