The documented structure of ACL blocks seems to have changed significantly between 1.16 and 1.18 however this is not clearly documented in these docs.

Some examples:
Error seen:

org.elasticsearch.bootstrap.StartupException: StartingFailureException[Errors:

Malformed settings: proxy_auth:

• "*"
  x_forwarded_for:
• "*"

So it would seem that
proxy_auth: ["*"]
or
proxy_auth: *

are no longer valid under 1.18. Instead it seems the config is now to be expressed using sub components like:

      proxy_auth: 
        users: ["*"]
        proxy_auth_config: "someconf"

and a seperate top level section:

 proxy_auth_configs:

    - name: "someconf"
      user_id_header: "x-forwarded-user"

Another error I have encountered is :

No order defined for rule: hosts

this seems like a warning as things still start however this is not documented and I have no idea how to resolve...

At Debian 9 your documentation doesn´t work. I´ve installed elasticsearch-6.1.0, but there is no service available whoch can install plugins. Have you forgotten to insert anything to your docs?

Am I correct in saying that replacing the .JKS file and restarting the node is all you need to do for RoR to pickup the new SSL?

Docker file to create image with ROR -

FROM dfw-gteo-hub-docker.prod.walmart.com:5000/elasticsearch:7.4.2
COPY --chown=elasticsearch:elasticsearch readonlyrest-1.18.9_es7.4.2.zip /tmp
WORKDIR /usr/share/elasticsearch
RUN bin/elasticsearch-plugin install --batch file:///tmp/readonlyrest-1.18.9_es7.4.2.zip
COPY --chown=elasticsearch:elasticsearch readonlyrest.yml /usr/share/elasticsearch/config

readonlyrest.yml

readonlyrest:
    #optional
    enable: true
    response_if_req_forbidden: Sorry, your request is forbidden by ReadonlyREST ES plugin

    access_control_rules:
    # We trust Kibana's server side process, full access granted via HTTP authentication
    - name: "::KIBANA-SRV::"
      auth_key: kibana:kibana
      verbosity: error # don't log successful request

    - name: "::RO DEVELOPER::"
      auth_key: readonly:readonly
      kibana_access: ro_strict
      indices: ["*"]

    - name: "::RW::"
      auth_key: readwrite:asd321
      kibana_access: rw
      indices: ["*"]

    - name: "public access monitoring"
      actions: ["indices:data/read/search"]
      indices: [".monitoring*"]

    - name: "Public Access Custom"
      actions: ["indices:data/read/field_stats", "indices:admin/mappings/fields/get", "indices:admin/get", "indices:data/read/msearch", "indices:data/read/field_caps"]
      indices: ["*"]

Sample HelmChart -
https://github.com/elastic/helm-charts/blob/master/elasticsearch/values.yaml

Getting below message in pod logs -

{"type": "server", "timestamp": "2019-12-02T15:22:50,189Z", "level": "INFO", "component": "t.b.r.a.l.AccessControlLoggingDecorator", "cluster.name": "mycluster", "node.name": "master-4", "message": "\u001B[35mFORBIDDEN by default req={ ID:239623908-1322721299#565, TYP:ClusterHealthRequest, CGR:N/A, USR:[user not logged], BRS:true, KDX:null, ACT:cluster:monitor/health, OA:127.0.0.1/32, XFF:null, DA:127.0.0.1/32, IDX:<N/A>, MET:GET, PTH:/_cluster/health, CNT:<N/A>, HDR:Accept=*/*, Host=127.0.0.1:9200, User-Agent=curl/7.29.0, content-length=0, HIS:[::KIBANA-SRV::-> RULES:[auth_key->false], RESOLVED:[]], [::RO DEVELOPER::-> RULES:[auth_key->false], RESOLVED:[]], [::RW::-> RULES:[auth_key->false], RESOLVED:[]], [public access monitoring-> RULES:[indices->true, actions->false], RESOLVED:[indices=.monitoring-kibana-7-2019.11.29,.monitoring-kibana-7-2019.11.28,.monitoring-kibana-7-2019.11.30,.monitoring-es-7-2019.11.27,.monitoring-kibana-7-2019.11.26,.monitoring-es-7-2019.11.29,.monitoring-es-7-2019.11.30,.monitoring-es-7-2019.12.02,.monitoring-es-7-2019.11.28,.monitoring-kibana-7-2019.12.01,.monitoring-es-7-2019.11.26,.monitoring-es-7-2019.12.01,.monitoring-kibana-7-2019.11.27,.monitoring-kibana-7-2019.12.02]], [Public Access Custom-> RULES:[indices->true, actions->false], RESOLVED:[]] }\u001B[0m", "cluster.uuid": "YsS3RfyoTvmAw6U8LEu9Tw", "node.id": "l1KKSm89RhW8Qo_MrDVyZw" }

POD is not coming up -

master-4 0/1 Running 0 47m

Can you please help me with this?

Hi! We use ELK 8.4.3 and enterprise version of plugin! When users from RO group try to do anything, for example go to discover tab after login, they logout!!! :(
In audit events i se that user try to /write/_bulk, update, and some _get actions, for example indices:data/write/bulk in index readonlyrest_audit-2022-11-01, but get FORBIDDEN

Hi,
I am using elasticsearch-oss-6.5.0 with readonlyrest-1.16.29_es6.5.0. When I stop running elasticsearch service I get this error. I am using java - "jre1.8.0_181" I also try OpenJDK "jdk-10.0.2" and "jdk-11.0.1". Still same error. Runing ES without readonlyrest working correct also old readonlyrest-1.16.29_es6.4.3 + elasticsearch-oss-6.4.3 working correct. Any idea?

[2018-11-26T10:37:14,138][ERROR][i.n.u.c.D.rejectedExecution] [w6u2Laz] Failed to submit a listener notification task. Event loop shut down? java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "setContextClassLoader") at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) ~[?:?] at java.security.AccessController.checkPermission(AccessController.java:895) ~[?:?] at java.lang.SecurityManager.checkPermission(SecurityManager.java:335) ~[?:?] at java.lang.Thread.setContextClassLoader(Thread.java:1570) ~[?:?] at io.netty.util.concurrent.GlobalEventExecutor$2.run(GlobalEventExecutor.java:228) ~[netty-common-4.1.30.Final.jar:4.1.30.Final] at io.netty.util.concurrent.GlobalEventExecutor$2.run(GlobalEventExecutor.java:225) ~[netty-common-4.1.30.Final.jar:4.1.30.Final] at java.security.AccessController.doPrivileged(Native Method) ~[?:?] at io.netty.util.concurrent.GlobalEventExecutor.startThread(GlobalEventExecutor.java:225) ~[netty-common-4.1.30.Final.jar:4.1.30.Final] at io.netty.util.concurrent.GlobalEventExecutor.execute(GlobalEventExecutor.java:213) ~[netty-common-4.1.30.Final.jar:4.1.30.Final] at io.netty.util.concurrent.DefaultPromise.safeExecute(DefaultPromise.java:768) [netty-common-4.1.30.Final.jar:4.1.30.Final] at io.netty.util.concurrent.DefaultPromise.notifyListeners(DefaultPromise.java:432) [netty-common-4.1.30.Final.jar:4.1.30.Final] at io.netty.util.concurrent.DefaultPromise.setSuccess(DefaultPromise.java:94) [netty-common-4.1.30.Final.jar:4.1.30.Final] at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:939) [netty-common-4.1.30.Final.jar:4.1.30.Final] at java.lang.Thread.run(Thread.java:844) [?:?]

As described in the docs, tried to set
xpack.security.enabled: false but es fail to start

java.lang.IllegalArgumentException: unknown setting [xpack.security.enabled] please check that any required plugins are installed, or check the breaking changes documentation for removed settings
Any ideas ?
Thanks

Good day! In the latest version of the plugin, users who have kibana_access: ro rights have lost the ability to add fields in the Discover tab, the add button has disappeared. Why is this done? Can you add a setting to return it?

I might be wrong here, but both from observed behavior and reading the code it appears that socket and connection timeouts are missing for the ExternalAuthenticationServiceClient. It appears to be set correctly for LDAP connections, but not for other external authentication services.

We've observed that after running ElasticSearch with ROR for about a week under moderately high load (nothing extreme, but definitely traffic), authentication stops working for some nodes in our cluster:

[2019-02-06T08:10:59,164][INFO ][t.b.r.h.ApacheHttpCoreClient] [servername] HTTP client failed to connect: [dce6ef35-f2c3-4700-a172-6f0bd2abcc41] GET https://full-hostname/api/auth reason: Connection closed
[2019-02-06T08:10:59,167][ERROR][t.b.r.a.b.Block          ] [servername] es_admins: external_authentication rule matching got an error org.apache.http.ConnectionClosedException: Connection closed
java.util.concurrent.CompletionException: org.apache.http.ConnectionClosedException: Connection closed
... massive stack trace ...
        at tech.beshu.ror.acl.definitions.externalauthenticationservices.ExternalAuthenticationServiceHttpClient.authenticate(ExternalAuthenticationServiceHttpClient.java:41) ~[?:?]
        at tech.beshu.ror.acl.definitions.externalauthenticationservices.CachedExternalAuthenticationServiceClient.authenticate(CachedExternalAuthenticationServiceClient.java:68) ~[?:?]
...

The external authentication service is running fine, but a once a node starts failing it doesn't recover before it's restarted.

To me this seems indicative of stale connections in the connection pool, and reading the code seems to confirm this.

https://github.com/beshu-tech/readonlyrest-docs/blob/master/kibana.md

Setting force_load_from_file: true doesn't prevent "Loading ReadonlyREST settings from index" later. When that index doesn't exist, it takes a lot longer for "ReadonlyREST core was loaded" to be reached.

I think something I can do in the meantime is set "com.readonlyrest.settings.loading.delay". Where do I set this? In a jvm.options.d file?

I just started using this plugin before committing to the enterprise version. Getting started wasn't as obvious as I was expecting for version 6.

The documentation seems to indicate $ES_HOME is the appropriate place for configuration. As far as I'm aware $ES_HOME usually point to the executable location, not where the config should go. This would give me Could not find required attribute 'readonlyrest'
I believe for version 6 at least it should be $ES_PATH_CONF or $CONF_DIR instead of $ES_HOME.

Putting readonlyrest.yml under $ES_PATH_CONF works correctly for me.

# echo $ES_HOME
/usr/share/elasticsearch

# echo $ES_PATH_CONF
/etc/elasticsearch

Happy to update the docs, just not sure how you want to handle covering discrepancies between versions.

It would be useful to include the limitations of using a Nginx proxy + Kibana setup with the open source version for ES 6.1.0. According to what I've seen, even when Kibana is configured to keep the x-forwarded-user header [1], it won't reach the ES server in all scenarios. E.g when saving a visualization:

• browser sends a POST petition to /api/saved_objects/visualization/blahblahblah
• nginx redirects the petition to Kibana with the authentication header (after asking for user:pass)
• Kibana sends a PUT petition to ES with the path /_template/kibana_index_template%3A.kibana and without the authentication header
• user (header) does not reach ES so the content is not loaded due to wrong permissions

[1] kibana parameter elasticsearch.requestHeadersWhitelist: [ authorization, x-forwarded-user ]

Best,
Luis

Hi Team,

Get below error installing plugin.
./elasticsearch-plugin install file:///tmp/elasticsearch-readonlyrest-plugin-master.zip
-> Downloading file:///tmp/elasticsearch-readonlyrest-plugin-master.zip
[=================================================] 100%  
Exception in thread "main" java.nio.file.NoSuchFileException: /elastic/software/elasticsearch-6.5.0/plugins/.installing-2120567135259773208/plugin-descriptor.properties
at sun.nio.fs.UnixException.translateToIOException(UnixException.java:86)
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
at sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:214)
at java.nio.file.Files.newByteChannel(Files.java:361)
at java.nio.file.Files.newByteChannel(Files.java:407)
at java.nio.file.spi.FileSystemProvider.newInputStream(FileSystemProvider.java:384)
at java.nio.file.Files.newInputStream(Files.java:152)
at org.elasticsearch.plugins.PluginInfo.readFromProperties(PluginInfo.java:162)
at org.elasticsearch.plugins.InstallPluginCommand.loadPluginInfo(InstallPluginCommand.java:713)
at org.elasticsearch.plugins.InstallPluginCommand.installPlugin(InstallPluginCommand.java:792)
at org.elasticsearch.plugins.InstallPluginCommand.install(InstallPluginCommand.java:775)
at org.elasticsearch.plugins.InstallPluginCommand.execute(InstallPluginCommand.java:231)
at org.elasticsearch.plugins.InstallPluginCommand.execute(InstallPluginCommand.java:216)
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
at org.elasticsearch.cli.MultiCommand.execute(MultiCommand.java:77)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
at org.elasticsearch.cli.Command.main(Command.java:90)
at org.elasticsearch.plugins.PluginCli.main(PluginCli.java:47)
[elasticsearch@dxp-prd-md1 bin]$

java.util.concurrent.CompletionException: java.lang.NoClassDefFoundError: javax/xml/bind/DatatypeConverter

This seems similar, if not identical to #363.

I'm using the docker image at https://hub.docker.com/r/natewarr/elasticsearch-oss/ (natewarr/elasticsearch-oss:6.4.1) with the following Dockerfile:

FROM docker.elastic.co/elasticsearch/elasticsearch-oss:6.4.1

COPY ./plugins /install/plugins

RUN elasticsearch-plugin install --batch repository-s3
RUN for plugin in $(ls /install/plugins); do \
        elasticsearch-plugin install --batch file:///install/plugins/${plugin}; \
    done \
    && rm -rf /install/plugins

readonlyrest-1.16.27_es6.4.1 is the only plugin installed.

This is the official OSS elasticsearch docker image, modified with the readonlyrest plugin. When will it support Java 10?

{
"error" : {
"root_cause" : [
{
"reason" : "forbidden",
"due_to" : [
"OPERATION_NOT_ALLOWED"
]
}
],
"reason" : "forbidden",
"due_to" : [
"OPERATION_NOT_ALLOWED"
],
"status" : 401
}
}

I have not been able to install the plugin following the Download plugin zip instructions i receive in email. I am getting File Not Found exception . I tried using the below

C:\Program Files\elasticsearch-6.1.1\elasticsearch-6.1.1\bin>elasticsearch-plugi
n install "file:\c:\es_install\readonlyrest-1.16.15_es6.1.1.zip"
-> Downloading file:\c:\es_install\readonlyrest-1.16.15_es6.1.1.zip from mave
n central
Exception in thread "main" java.io.FileNotFoundException: https://repo1.maven.or
g/maven2/file/\c/\es_install\readonlyrest-1.16.15_es6.1.1.zip/\c-\es_instal
l\readonlyrest-1.16.15_es6.1.1.zip.zip
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

I don't know if this is the correct place to post this issue, but I am currently unable to download ReadonlyREST because Firefox and my WiFi router are rejecting https://readonlyrest.com/'s TLS certificate.

The Firefox error I'm getting is as follows:

https://readonlyrest.com/

Peer’s Certificate issuer is not recognized.

HTTP Strict Transport Security: false
HTTP Public Key Pinning: false

Certificate chain:

-----BEGIN CERTIFICATE-----
MIID4zCCAsugAwIBAgIRALub44QVvM8pAdYhoVesQlQwDQYJKoZIhvcNAQELBQAw
azELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFTATBgNVBAoTDFpz
Y2FsZXIgSW5jLjEQMA4GA1UECxMHWnNjYWxlcjEeMBwGA1UEAxMVYmxvY2tkLnBy
b2QuenBhdGgubmV0MB4XDTIwMTAxMzE3MzE1OVoXDTIxMTAxMzE3MzE1OVowTzEL
MAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExEDAOBgNVBAoMB1pzY2Fs
ZXIxGTAXBgNVBAMMEHJlYWRvbmx5cmVzdC5jb20wggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCmKVY4UAY5NZAR7yK9M27AApsdHs3bA3dWRCN9IdcHNupG
LOjY/GyfnoiJXJi7J3lFXfKevc/xLFl6/J4aU06Xzq6vYWqTKBNNy21Pn0Wq9RMy
nBV82z6H4Z9qIUZ95tpn97JhW0ZHS73UkwuBgQyb1htlbHUHxZL/ctwFJNaDq7/A
+Chkp8vA8NVG7lPWSmkPiL9kRx29EWZGl8RlNT0U1NeL0IVOpkbKSZ5SLTnQyVhD
0Z+Ly+VyNwk2v18mdu0m0QtsUlxYXYq+YJMz3p1FTWH9j+ZzYlrJy+lFTkWDn8UD
+tR27pnmugRysxlh9JGMIoGGrSiqAXcUu2f2gU11AgMBAAGjgZ0wgZowHwYDVR0j
BBgwFoAU2W+DtG8MMKyVFk8/snP1bvgH4DowHQYDVR0OBBYEFBWJcNdALYA89vwn
UVxCqC13+DkvMBsGA1UdEQQUMBKCEHJlYWRvbmx5cmVzdC5jb20wDgYDVR0PAQH/
BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8E
AjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCOlhuBYX9aTGWf3RFrGcztAvYsZqvWIaMq
sx5q5zlaQNMUdZvm76CPloREABS5tINsUZZtmIbyqAtAp+u8D1maRR5o3C7gjdg9
U9MbjCoK2m8T1zZPIU4xudCvAZcSZa+ufhNI57xpzxdvss0R/hPoBdtmQGruua7R
oRNuhasakKl1ZmS8JAwo71lXt4GF+o4gFOT0Oi2OtbsMY7XFD4SnVgZoPlia4NsS
5SVfbqlrkVK41b+b0/Oa8lK8yMDWtt3iLj5vJd7CiOet3F+lHTpO1ByaLpIhgTmF
ygtUvxabkEANPzza+tyaDfHu5EggOSeMrueYJvxGr5+JbUPerfIH
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDxzCCAq+gAwIBAgIEAPq83jANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMC
VVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMRUwEwYD
VQQKEwxac2NhbGVyIEluYy4xFTATBgNVBAsTDFpzY2FsZXIgSW5jLjEYMBYGA1UE
AxMPWnNjYWxlciBSb290IENBMSIwIAYJKoZIhvcNAQkBFhNzdXBwb3J0QHpzY2Fs
ZXIuY29tMB4XDTE5MDIwNzIyNDU0OVoXDTQ2MDYyNTIyNDU0OVowazELMAkGA1UE
BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFTATBgNVBAoTDFpzY2FsZXIgSW5j
LjEQMA4GA1UECxMHWnNjYWxlcjEeMBwGA1UEAxMVYmxvY2tkLnByb2QuenBhdGgu
bmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvhYCKYdi6OXJBmGp
LzefcxznZbzDYTupURn11cr8JYKjHNW3Kwf/VghBCtCZ8X5K+fiXbk9/MD5eXo93
2C6dzvR2QtHAXBUtQUCFPQyw0T7Zy7NjNQKd7d2CFlmxMq1eXxQoLk9Doa+Kef2T
PhsNpJWXKjcYmkfW5LCxDL+iZK+YeurlUDAxu4LLucqyqulzC8m0ubpSfpudXBAw
MSZB3nQ9K0zX0q/qpzhQyooFLkklQv9Y9IpSiPx0+hL6+b9f6GyCNN8NSsTkoziX
5ikeU19al53aGnRoFWx3roQTfaQTIHwULQxDEk1yWlvVq2fLIkFE9HurZwPgoxXu
kF/8pwIDAQABozwwOjAdBgNVHQ4EFgQU2W+DtG8MMKyVFk8/snP1bvgH4DowDAYD
VR0TBAUwAwEB/zALBgNVHQ8EBAMCAf4wDQYJKoZIhvcNAQELBQADggEBAJGkM48y
KMzMWHtNeAVAdLNKjxBZG5acZNBtNAzS27CSfuQls2F/6o5AznDsl0y7ePzLyjWT
083+kyr/R8wcPoigzva1JS2SMrrNoL/jwdf8uyKuswaj1aqOE98ow0w+KivOapNE
uneTW0V1z/BoFKgTXyurc0MByyhE2iAm9bHySPguboV5Ay0xZK+sxox3wqCLRqsU
wCXyf/iUR6hXpUMjSALtW719lIxNKHtEWRI341njzTzdszFm+vzejoWk0LsYs28/
vc9a2TfNXfjmlBgFs+RF/24oQPIQCycoIOYXrb7wK7fYUu4EzSslZc+0Pg8H4I30
OEmoec8umVMO52c=
-----END CERTIFICATE-----

If this is not the correct place to be posting this issue, could you forward/repost it wherever it would be? Thanks!

I have found the following issues with Elasticsearch plugin documentation:

1. filename is log4j2.properties, not a l4j2.properties
2. ACL logger name is tech.beshu.ror.acl, not org.elasticsearch.plugin.readonlyrest.acl

It is my understanding that the recommended place to put rules is a separate config file. However, most documentation still describes adding rules to elasticsearch.yml.

bin/elasticsearch-plugin install /tmp/readonlyrest-1.16.22_es6.3.0.zip
A tool for managing installed elasticsearch plugins

Commands

list - Lists installed elasticsearch plugins
install - Install a plugin
remove - removes a plugin from Elasticsearch

Non-option arguments:
command

Option Description

-h, --help show help
-s, --silent show minimal output
-v, --verbose show verbose output
ERROR: Unknown plugin /tmp/readonlyrest-1.16.22_es6.3.0.zip

hash is correct

I am using ReadonlyREST Free (ES) to force users to pass an api key for every request.
I've tried with versions 6.5.4 of Kibana, ES and plugin readonlyrest-1.16.33_es6.5.4.zip and also Kibana ES 6.2.4 with readonlyrest-1.16.33_es6.2.4.zip.

My readonlyrest.yml:

readonlyrest:
    response_if_req_forbidden: "NOT ALLOWED!"
    access_control_rules:
    - name: "Accept all requests from localhost"
      type: allow
      hosts: [127.0.0.1]
      uri_re: ^/*

    - name: "Read key"
      type: allow
      api_keys: [myreadkey]
      methods: [GET]

    - name: "Write key"
      type: allow
      api_keys: [mywritekey]

It works for my REST quests:

curl -H 'X-Api-Key: myreadkey' http://10.XXX.XXX.XXX:9200/logs/_search?

kibana.yml has elasticsearch.customHeaders set to {"X-Api-Key":"myreadkey"}.

The problem is that Kibana does not work. Is there a way to configure Kibana to pass the keys for all of its requests? Do I have to create another kibana_access rule? How does it knows it really is Kibana calling? What is the recommended procedure in this case?

Hi,
I'm testing the ES plugin with elasticsearch 6.1.0 and kibana and I'm not able to get the kibana_access parameter working for read only operations.

According to the zip file, the version of the plugin is 1.16.15 with md5 93d5de0d2fe8315acbb2371d1f4bd9d6

This is the log I'm getting:

[2018-02-14T09:39:57,578][INFO ][t.b.r.a.ACL              ] FORBIDDEN by default req={ ID:554508840-63789460#84, TYP:GetMappingsRequest, CGR:N/A, USR:bitergia, BRS:false, ACT:indices:admin/mappings/get, OA:172.17.0.3, IDX:.kibana, MET:GET, PTH:/.kibana/_mappings, CNT:<N/A>, HDR:Authorization,Connection,Content-Length,Host, HIS:[Accept requests from users in group admin->[groups->false]], [RO for Kibana->[kibana_access->false, auth_key->true]] } 

And this is the setup I'm using:

readonlyrest:
    #optional
    response_if_req_forbidden: Sorry, your request is forbidden.

    access_control_rules:

    - name: Accept requests from users in group admin
      groups: ["admin"]

    - name: RO for Kibana
      hosts: [172.17.0.3]
      kibana_access: ro
      kibana_index: ".kibana"
      groups: ["readers"]

    users:
    - username: admin
      auth_key_unix: admin:$6$rounds=65535$d07dnv4N$QeErsDT9Mz.ZoEPXW3dwQGL7tzwRz.eOrTBepIwfGEwdUAYSy/NirGoOaNyPx8lqiR6DYRSsDzVvVbhP4Y9wf0 #admin:test
      groups: ["admin"]

    - username: bitergia
      auth_key: bitergia:bitergia # auth_key is good for testing but replace it with auth_key_sha1 for production!
      groups: ["readers"]

Hi Team,

I'm using ELK with version 7.10.2 and after I execute kibana-plugin installation, i got this error

bash-4.4$ bin/kibana-plugin install "https://api.beshu.tech/download/trial?edition=kbn_enterprise&email=xxxxxx"
Attempting to transfer from https://api.beshu.tech/download/trial?edition=kbn_enterprise&email=xxxxxxx
Transferring 19357504 bytes....................
Transfer complete
Retrieving metadata from plugin archive
Plugin installation was unsuccessful due to error "No kibana plugins found in archive"
bash-4.4$ bin/kibana-plugin list

How to use this plugins?