I am trying to give anonymous user admin level privilege to write to certain indices on Opendistro bundle of Elasticsearch. I have updated the config.yml with http.anonymous_auth_enabled: true and also made required changes to role.yml for anonymous_backendrole role.
But I am still getting this error -
{
"error": {
"root_cause": [
{
"type": "security_exception",
"reason": "no permissions for [cluster:monitor/health] and User [name=opendistro_security_anonymous, roles=[opendistro_security_anonymous_backendrole], requestedTenant=null]"
}
],
"type": "security_exception",
"reason": "no permissions for [cluster:monitor/health] and User [name=opendistro_security_anonymous, roles=[opendistro_security_anonymous_backendrole], requestedTenant=null]"
},
"status": 403
}
Looking for here if anyone could provide correct way to setup the anonymous auth with Opendistro.
Backend roles is really just a confusing name for "roles imported from an external server." In this case, you can ignore them.
Instead, you want a "regular" role, which you can create in Kibana > Security > Roles (or using the REST API). Just make sure it has the same cluster and index permissions as the existing admin role. I named mine anonymous-admin
and gave it UNLIMITED
for cluster permissions and *
for indices.
Then go to Security > Role Mappings > Add a new role mapping. Choose your anonymous-admin
role, add the string opendistro_security_anonymous
to the Users field, and hit Submit.
Before:
$ curl -XGET https://localhost:9200 -k
{"error":{"root_cause":[{"type":"security_exception","reason":"no permissions for [cluster:monitor/main] and User [name=opendistro_security_anonymous, roles=[opendistro_security_anonymous_backendrole], requestedTenant=null]"}],"type":"security_exception","reason":"no permissions for [cluster:monitor/main] and User [name=opendistro_security_anonymous, roles=[opendistro_security_anonymous_backendrole], requestedTenant=null]"},"status":403}
After:
$ curl -XGET https://localhost:9200 -k
{
"name" : "W8ehfvx",
"cluster_name" : "odfe-cluster",
"cluster_uuid" : "Uk67h4MkSL-U_48NJwjeRg",
"version" : {
"number" : "6.5.4",
"build_flavor" : "oss",
"build_type" : "tar",
"build_hash" : "d2ef93d",
"build_date" : "2018-12-17T21:17:40.758843Z",
"build_snapshot" : false,
"lucene_version" : "7.5.0",
"minimum_wire_compatibility_version" : "5.6.0",
"minimum_index_compatibility_version" : "5.0.0"
},
"tagline" : "You Know, for Search"
}