Wrong results for _cluster/settings
kiblik opened this issue · comments
Hello,
I have ES cluster with N "front" client nodes and M data nodes.
- Front nodes
- ES
... node: data: false ingest: true master: true ...
- ROR
readonlyrest: access_control_rules: ... - name: XXX auth_key_sha256: xxx... # no other rule -> full access ... ...
- ES
- Data nodes
- ES
... node: data: true ingest: false master: false ...
- ROR: not installed
- ES
When I request curl localhost:9200/_cluster/settings?pretty
on a data node, I receive correct response:
{
"persistent" : {
"cluster" : {
"routing" : {
"allocation" : {
"node_concurrent_recoveries" : "4"
}
}
}
},
"transient" : {
"cluster" : {
"routing" : {
"allocation" : {
"node_concurrent_incoming_recoveries" : "4",
"cluster_concurrent_rebalance" : "4",
"node_concurrent_recoveries" : "6",
"disk" : {
"watermark" : {
"low" : "90%",
"high" : "92%"
}
},
"exclude" : {
"_ip" : "a.b.c.d"
},
"node_concurrent_outgoing_recoveries" : "4"
}
}
}
}
}
But when I request curl localhost:9200/_cluster/settings?pretty -u xxx
on a front node, there is "empty" response:
{
"persistent" : { },
"transient" : { }
}
Log says this action was allowed:
[2020-08-11T01:44:36,943][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [xxx] ALLOWED by { name: 'XXX', policy: ALLOW, rules: [auth_key_sha256] req={ ID:xxx-xxx#xxx, TYP:ClusterStateRequest, CGR:N/A, USR:xxx, BRS:true, KDX:null, ACT:cluster:monitor/state, OA:127.0.0.1/32, XFF:null, DA:::1/32, IDX:*, MET:GET, PTH:/_cluster/settings, CNT:<N/A>, HDR:Accept=*/*, Authorization=<OMITTED>, Host=localhost:9200, User-Agent=curl/7.29.0, content-length=0, HIS:[..., RESOLVED:[user=xxx;indices=*]] }
So ROR filtred huge part of the message.
ES: 7.8.0
ROR: 1.20.0
Thanks for help
Hi @kiblik. Looks like it is the same issue: https://forum.readonlyrest.com/t/settings-problems/1616. This should be fixed in 1.21.0. Could you check it, please?