sg_roles - admin/exists when restricting index

[Bernie Carolan]

I use the PHP api to query elasticsearch. This works fine with Searchguard except when trying to restrict the query to a single index.

The role is configured as follows:

sg_demouser:

  cluster:

      - cluster:monitor/nodes/info

      - cluster:monitor/health

      - indices:admin/template/get

                 - indices:admin/exists 

  indices:

    'shakespeare':

      '*':

        - READ

        - indices:admin/exists

        - indices:admin/mappings/fields/get*

        - indices:admin/validate/query*

        - indices:admin/get*

        - indices:data/write/bulk*

The  privilege evaluator returns 'No perm match for indices:admin/exists and [sg_demouser, sg_public]'

If I allow all for indices then the query works fine

sg_demouser:

  cluster:

      - cluster:monitor/nodes/info

      - cluster:monitor/health

      - indices:admin/template/get

                 - indices:admin/exists 

  indices:

    '*':

      '*':

        - READ

        - indices:admin/exists

        - indices:admin/mappings/fields/get*

        - indices:admin/validate/query*

        - indices:admin/get*

        - indices:data/write/bulk*

 Any ideas what I might be doing wrong here?

[SG]

what does your query look like?

can you post the es logfile on DEBUG level?

> --
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/36dc1c3d-8bd6-40b9-a4bd-84f0da22cbd0%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.