Version: 7.x-36.0.0

Testing the configuration

This guide assumes that you have already installed Search Guard in your cluster using the demo installer.

In the last chapters we have:

  • created users by adding them to sg_internal_users.yml
  • created roles by configuring them to sg_roles.yml
  • connected users and Search Guard roles by creating a mapping in sg_roles_mapping.yml

Not it’s time to test if the configuration works as expected.

Checking the configured users

As a first step we want to check whether the users we have configured can log in and are mapped to the correct Search Guard role(s).

Search Guard provides an HTTP endpoint to check the attributes of a user.

https://<node name>:<http port>/_searchguard/authinfo?pretty

To fetch the user information, we need to provde the username and the password. We first check the attributes of the user jdoe by issuing a curl call to this endpoint:

curl -k -u jdoe:jdoe -XGET "https://sgssl-0.example.com:9200/_searchguard/authinfo?pretty"

which returns:

{
  "user" : "User [name=jdoe, backend_roles=[hr_department], requestedTenant=null]",
  "user_name" : "jdoe",
  ...
  "backend_roles" : [
    "hr_department"
  ],
  "sg_roles" : [
    "sg_human_resources"
  ],
  ...
}

In this JSON snippet (abbreviated for clarity) we can see that our user was created and is assigned to the correct Search Guard role:

“user_name” : “jdoe”

This is the user name as configured in sg_internal_users.yml

“backend_roles”: [“hr_department”]

This is backend role we assigned to the user jdoe in sg_internal_users.yml

“sg_roles”: [“sg_human_resources”]

This is the assigned Search Guard role for the user jdoe. This means the mapping from the user to the Search Guard role works as expected.

Accessing Elasticsearch

Now that we are sure that our user jdoe is correctly mapped to the sg_human_resources Search Guard role, we can try to access some data in Elasticsearch.

The definition of the role looks like:

sg_human_resources:
  cluster_permissions:
    - "SGS_CLUSTER_COMPOSITE_OPS"
  index_permissions:
    - index_patterns:
      - "humanresources"
      allowed_actions:
        - "SGS_READ"

So we expect that the user can read data in the humanresources index, but cannot access any other data.

We try to access data in the humanresources first:

curl -k -u jdoe:jdoe -XGET "https://sgssl-0.example.com:9200/humanresources/_search?pretty"

As expected, access is allowed and Elasticsearch returns data from the index:

{
  "took" : 216,
  "timed_out" : false,
  "_shards" : {
   ...
  },
  "hits" : {
    "total" : {
    ...
    },
    "max_score" : 1.0,
    "hits" : [
      {
        "_index" : "humanresources",
        "_type" : "_doc",
        "_id" : "3",
        "_score" : 1.0,
        "_source" : {
          "FirstName" : "CHASE",
          "LastName" : "CRUDO",
          "Designation" : "President",
        }
      },
      ... 

If we try to access data in the devops index, access is denied as expected:

curl -k -u jdoe:jdoe -XGET "https://sgssl-0.example.com:9200/devops/_search?pretty"
{
  "error" : {
    "root_cause" : [
      {
        "type" : "security_exception",
        "reason" : "no permissions for [indices:data/read/search] and User [name=jdoe, roles=[hr_department], requestedTenant=null]"
      }
    ],
    "type" : "security_exception",
    "reason" : "no permissions for [indices:data/read/search] and User [name=jdoe, roles=[hr_department], requestedTenant=null]"
  },
  "status" : 403
}

Not what you were looking for? Try the search.