parse sg_roles.yml error

42 views
Skip to first unread message

Jay Miao

unread,
Jul 7, 2016, 9:17:37 AM7/7/16
to Search Guard
I wanna add a new role in sg_roles like this just for testing:

sg_bbs:
  cluster:
    - '*'
  indices:
    '*':
      '*':
        - '*'


yes, I just like copy admin role config in the same file. When I update the file use sage sgadmin.sh, an parse error comes:
BUT when I delete it. Everything goes well.

Will update 'roles' with plugins/search-guard-2/sgconfig/sg_roles.yml
ERR: An unexpected MapperParsingException occured: object mapping for [sg_bbs.cluster] tried to parse field [null] as object, but found a concrete value
Trace:
MapperParsingException[object mapping for [sg_bbs.cluster] tried to parse field [null] as object, but found a concrete value]
at org.elasticsearch.index.mapper.DocumentParser.parseObject(DocumentParser.java:213)
at org.elasticsearch.index.mapper.DocumentParser.parseObjectOrField(DocumentParser.java:306)
at org.elasticsearch.index.mapper.DocumentParser.parseValue(DocumentParser.java:436)
at org.elasticsearch.index.mapper.DocumentParser.parseNonDynamicArray(DocumentParser.java:424)
at org.elasticsearch.index.mapper.DocumentParser.parseArray(DocumentParser.java:379)
at org.elasticsearch.index.mapper.DocumentParser.parseObject(DocumentParser.java:254)
at org.elasticsearch.index.mapper.DocumentParser.parseObjectOrField(DocumentParser.java:306)
at org.elasticsearch.index.mapper.DocumentParser.parseObject(DocumentParser.java:326)
at org.elasticsearch.index.mapper.DocumentParser.parseObject(DocumentParser.java:252)
at org.elasticsearch.index.mapper.DocumentParser.parseDocument(DocumentParser.java:122)
at org.elasticsearch.index.mapper.DocumentMapper.parse(DocumentMapper.java:309)
at org.elasticsearch.index.shard.IndexShard.prepareIndex(IndexShard.java:580)
at org.elasticsearch.index.shard.IndexShard.prepareIndexOnPrimary(IndexShard.java:559)
at org.elasticsearch.action.index.TransportIndexAction.prepareIndexOperationOnPrimary(TransportIndexAction.java:212)
at org.elasticsearch.action.index.TransportIndexAction.executeIndexRequestOnPrimary(TransportIndexAction.java:224)
at org.elasticsearch.action.index.TransportIndexAction.shardOperationOnPrimary(TransportIndexAction.java:158)
at org.elasticsearch.action.index.TransportIndexAction.shardOperationOnPrimary(TransportIndexAction.java:66)
at org.elasticsearch.action.support.replication.TransportReplicationAction$PrimaryPhase.doRun(TransportReplicationAction.java:639)
at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37)
at org.elasticsearch.action.support.replication.TransportReplicationAction$PrimaryOperationTransportHandler.messageReceived(TransportReplicationAction.java:279)
at org.elasticsearch.action.support.replication.TransportReplicationAction$PrimaryOperationTransportHandler.messageReceived(TransportReplicationAction.java:271)
at com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService.messageReceivedDecorate(SearchGuardSSLTransportService.java:161)
at com.floragunn.searchguard.transport.SearchGuardTransportService.messageReceivedDecorate(SearchGuardTransportService.java:188)
at com.floragunn.searchguard.ssl.transport.SearchGuardSSLTransportService$Interceptor.messageReceived(SearchGuardSSLTransportService.java:100)
at org.elasticsearch.transport.RequestHandlerRegistry.processMessageReceived(RequestHandlerRegistry.java:75)
at org.elasticsearch.transport.TransportService$4.doRun(TransportService.java:376)
at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)

SG

unread,
Jul 7, 2016, 10:00:40 AM7/7/16
to search...@googlegroups.com
cannot reproduce this. Which Search Guard version do you use?

Pls. send your sg_roles.yml (as attachment)
> --
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/35c4674a-1e74-4b94-9087-6bf5509a8605%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

Jay Miao

unread,
Jul 7, 2016, 10:02:51 AM7/7/16
to search...@googlegroups.com
sg_all_access:
  cluster:
    - '*'
  indices:
    '*':
      '*':
        - '*'
        
sg_role_starfleet:
  indices:
    sf:
       ships:  
         - READ
       public:  
         - 'indices:*'
       students:  
         - READ
       alumni:  
         - READ
    'pub*':
       '*':  
         - READ

sg_role_starfleet_captains:
  indices:
    sf:
       '*':  
         - CRUD
    pub*:
       '*':  
         - CRUD 
  cluster:
    - 'cluster:monitor*'
  

sg_readonly_and_monitor:
  cluster:
    - CLUSTER_MONITOR
  indices:
    '*':
      '*':
        - ALL

sg_readall:
  indices:
    '*':
      '*':
        - READ

sg_readonly_dlsfls:
  indices:
    '/\S*/':
      '*':
        - READ    
      _dls_: '{"term" : {"_type" : "legends"}}'
      _fls_:
        - 'aaa'
        - 'bbb'

sg_transport_client:
  cluster:
      - cluster:monitor/nodes/liveness
      - cluster:monitor/state

sg_kibana4:
  indices:
    '*':
      '*':
        - READ
        - indices:admin/mappings/fields/get*
        - indices:admin/validate/query*
        - indices:admin/get*
    '?kibana':
      '*':
        - indices:admin/exists*
        - indices:admin/mapping/put*
        - indices:admin/mappings/fields/get*
        - indices:admin/refresh*
        - indices:admin/validate/query*
        - indices:data/read/get*
        - indices:data/read/mget*
        - indices:data/read/search*
        - indices:data/write/delete*
        - indices:data/write/index*
        - indices:data/write/update*

sg_kibana4_testindex:
  indices:
    'test*':
      '*':
        - READ
        - indices:admin/mappings/fields/get*
        - indices:admin/validate/query*
        - indices:admin/get*
    '?kibana':
      '*':
        - indices:admin/exists*
        - indices:admin/mapping/put*
        - indices:admin/mappings/fields/get*
        - indices:admin/refresh*
        - indices:admin/validate/query*
        - indices:data/read/get*
        - indices:data/read/mget*
        - indices:data/read/search*
        - indices:data/write/delete*
        - indices:data/write/index*
        - indices:data/write/update*

sg_kibana4_server:
  cluster:
      - cluster:monitor/nodes/info
      - cluster:monitor/health
  indices:
    '?kibana':
      '*':
        - ALL

sg_logstash:
  cluster:
    - indices:admin/template/get
    - indices:admin/template/put
  indices:
    'logstash-*':
      '*':
        - CRUD
        - CREATE_INDEX
    '*beat*':
      '*':
        - CRUD
        - CREATE_INDEX

sg_bbs:
  cluster:
    - '*'
  indices:
    '*':
      '*':
        - '*'
You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/NxZeBaQdZNA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to search-guard...@googlegroups.com.

To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/756AB5F7-959F-4F40-9E77-32FF6F41A7BE%40search-guard.com.

For more options, visit https://groups.google.com/d/optout.



--

Jay Miao 苗元君

Jay Miao

unread,
Jul 7, 2016, 10:09:41 AM7/7/16
to search...@googlegroups.com
I tried to use other name , using gamebbs instead of bbs, works well.
So I'm thinking the SG2 use bbs as a key word ? 
It's a little wired....
--

Jay Miao 苗元君

Jay Miao

unread,
Jul 7, 2016, 10:14:43 AM7/7/16
to Search Guard
search-guard-2/2.3.3.2

在 2016年7月7日星期四 UTC+8下午10:00:40,SG写道:
Reply all
Reply to author
Forward
0 new messages