From b28ac98619843160a5ccaccf2e493251205f92a5 Mon Sep 17 00:00:00 2001 From: Christoph Wurm Date: Thu, 3 Oct 2019 09:27:06 +0100 Subject: [PATCH] Use less restrictive API to check if template exists (#13847) Switches from using `HEAD _template/{name}` to `GET _cat/templates/{name}` to check if a template exists before trying to load it. The significance is that the `_cat/templates` API requires only the `monitor` cluster privilege and not the far more permissive `manage_index_templates`. With this change, the default Beats configuration works without any unnecessary write privileges for publishing. --- CHANGELOG.next.asciidoc | 1 + libbeat/template/load.go | 10 +++++----- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 3eef5efb77fb..2914cf203758 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -263,6 +263,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Added `monitoring.cluster_uuid` setting to associate Beat data with specified ES cluster in Stack Monitoring UI. {pull}13182[13182] - Add autodetection mode for add_kubernetes_metadata and enable it by default in included configuration files. {pull}13473[13473] - Add `providers` setting to `add_cloud_metadata` processor. {pull}13812[13812] +- Use less restrictive API to check if template exists. {pull}13847[13847] *Auditbeat* diff --git a/libbeat/template/load.go b/libbeat/template/load.go index 33b9886dea85..2a63c9efb397 100644 --- a/libbeat/template/load.go +++ b/libbeat/template/load.go @@ -23,6 +23,7 @@ import ( "io/ioutil" "net/http" "os" + "strings" "github.com/elastic/beats/libbeat/beat" "github.com/elastic/beats/libbeat/common" @@ -124,11 +125,10 @@ func (l *ESLoader) templateExists(templateName string) bool { if l.client == nil { return false } - status, _, _ := l.client.Request("HEAD", "/_template/"+templateName, "", nil, nil) - if status != http.StatusOK { - return false - } - return true + + status, body, _ := l.client.Request("GET", "/_cat/templates/"+templateName, "", nil, nil) + + return status == http.StatusOK && strings.Contains(string(body), templateName) } // Load reads the template from the config, creates the template body and prints it to the configured file.