does not compile with ES 2.0.0

[ivukotic]

No description provided.

[sscarduzio]

Thanks for reporting @ivukotic I'll have a look asap.

[sscarduzio]

@ivukotic here you go buddy.
https://github.com/sscarduzio/elasticsearch-readonlyrest-plugin/blob/master/download/elasticsearch-readonlyrest-v1.4_es-v2.0.0.zip?raw=true

[ivukotic]

Hi,

that was really quick! Thanks a lot.

while you are at it… I noticed that the plugin blocks Marvel (and Marvel is for free in ES2).
I happens due to Marvel issuing POSTs directly from a users browser. Would you think there is a way to recognize it?

Thanks,
Ilija

On Nov 10, 2015, at 9:08 , Simone Scarduzio <notifications@github.commailto:notifications@github.com> wrote:

@ivukotichttps://github.com/ivukotic here you go buddy.
https://github.com/sscarduzio/elasticsearch-readonlyrest-plugin/blob/master/download/elasticsearch-readonlyrest-v1.4_es-v2.0.0.zip?raw=true

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/11#issuecomment-155446285.

[sscarduzio]

@ivukotic you could tune the ACLs to allow POST, together with a url_re that matches the marvel plugin.

readonlyrest:
    enable: true
    response_if_req_forbidden: Sorry, your request is forbidden

    access_control_rules:
    - name: full access to internal servers
      type: allow
      hosts: [127.0.0.1, 10.0.0.20, 10.0.2.112]

    - name: forbid access to private index from external hosts
      type: forbid
      uri_re: ^http://localhost:9200/reservedIdx/.*

    ### ADD THIS RULE FOR MARVEL
    - name: allow POST if we're hitting Marvel plugin 
      type: allow
      method: [POST]
      uri_re: ^http://.*/_plugin/marvel.*

    - name: restricted access to all other hosts
      type: allow
      methods: [OPTIONS,GET]
      maxBodyLength: 0

NB: this is not tested, but you got the gist :)
Tell me how it goes, and don't forget to star the project if you like it!

[ivukotic]

Hi,

What marvel is trying to do is this:

curl -XPOST http://cl-analytics.mwt2.org:9200/.marvel-2015.11.10/_search -d '{"facets":{"query":{"terms":{"field":"node.name","size":100},"facet_filter":{"fquery":{"query":{"filtered":{"query":{"query_string":{"query":"_type:node_stats"}},"filter":{"bool":{"must":[{"range":{"@timestamp":{"from":1447119335396,"to":1447122935396}}}]}}}}}}}},"size":0}’

so I made what you suggested:
uri_re: ^http://._.marvel.__search.*

but the access is still not possible. Does it have to be on all the machines or only on the master node?

Thanks,
Ilija

On Nov 10, 2015, at 9:28 , Simone Scarduzio <notifications@github.commailto:notifications@github.com> wrote:

@ivukotichttps://github.com/ivukotic you could tune the ACLs to allow POST, together with a url_re that matches the marvel plugin.

readonlyrest:
enable: true
response_if_req_forbidden: Sorry, your request is forbidden

access_control_rules:
- name: full access to internal servers
  type: allow
  hosts: [127.0.0.1, 10.0.0.20, 10.0.2.112]

- name: forbid access to private index from external hosts
  type: forbid
  uri_re: ^http://localhost:9200/reservedIdx/.*

### ADD THIS RULE FOR MARVEL
- name: allow POST if we're hitting Marvel plugin
  type: allow
  method: [POST]
  uri_re: ^http://.*/_plugin/marvel.*

- name: restricted access to all other hosts
  type: allow
  methods: [OPTIONS,GET]
  maxBodyLength: 0

NB: this is not tested, but you got the gist :)
Tell me how it goes, and don't forget to star the project if you like it!

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/11#issuecomment-155451674.