Roles and permissions for custom REST endpoints?

[Lukáš Vlček]

Hi,

is it possible to configure SG to control access to custom REST endpoints? I was not able to find any examples or documentation for this.

For example, there is ES Prometheus exporter plugin that introduces new REST API [1] to the node. Can I use SearchGuard to control access to such endpoint?

Can I assume that the sg_roles.yml will contain config like this?:

--------

sg_role_prometheus:

  cluster:

    - cluster:monitor/_prometheus/metrics

--------

[1] https://github.com/vvanholl/elasticsearch-prometheus-exporter#usage

Regards,

Lukáš

[Search Guard]

It depends on the other plugin.

What is the current behavior you see when installing the prometheus explorer alongside with Search Guard? Do you can access the endpoint without authentication and a result?

[Lukáš Vlček]

When Searchguard is installed se well then I can use 'kirk' certs to access prometheus exporter REST API. Kirk is an admin. Anonymous access is not possible. So I think SG is in place and acting correctly. But I want to create a new user that can access (read-only) just that new API. How can I configure the new user role then?

Thanks,
Lukáš

Dne 14.9.2017 17:57 "Search Guard" <in...@search-guard.com> napsal(a):

--
You received this message because you are subscribed to a topic in the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/MlNVNkuFZzI/unsubscribe.
To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/cd92d2f5-3817-4831-869b-39e38b8dc8ae%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Lukáš Vlček]

FYI, started new thread here: https://groups.google.com/forum/#!topic/search-guard/6iGwoBQ_W0A