Custome roles using curl post to rest api error

Graylog Central (peer support)
1

Hi,
I am trying to create custom Role to give search permission. but getting Authentication problem.

I am able to get permission list:
curl -XGET -u adminuser:Pass@1234 ‘http://127.0.0.1:9000/api/system/permissions?pretty=true
{
“permissions” : {
“outputs” : [ “create”, “edit”, “terminate”, “read” ],
“sidecars” : [ “update”, “create”, “read”, “delete” ],
“deflector” : [ “read”, “cycle” ],
“loggers” : [ “readsubsystem”, “edit”, “editsubsystem”, “read” ],
“catalog” : [ “resolve”, “list” ],
“inputs” : [ “terminate”, “read”, “create”, “changestate”, “edit” ],…

Unable to post:

root@graylog:/etc/nginx/sites-enabled# curl -v -XPOST -u adminuser:Pass@1234 -H ‘Content-Type: application/json’ ‘http://127.0.0.1:9000/api/roles’ -d ‘{“read_only”: false,“permissions”: [“savedsearches:read”,“searches:relative”,“searches:absolute”,“searches:keyword”],“name”: “Allow Searches”,“description”: “Permission to Search on Graylog nodes”}’
Note: Unnecessary use of -X or --request, POST is already inferred.

  • Trying 127.0.0.1…
  • TCP_NODELAY set
  • Connected to 127.0.0.1 (127.0.0.1) port 9000 (#0)
  • Server auth using Basic with user ‘adminuser’

POST /api/roles HTTP/1.1
Host: 127.0.0.1:9000
Authorization: Basic dGhpbmFrYXJhbjpSb290QDEyMzQ=
User-Agent: curl/7.58.0
Accept: /
Content-Type: application/json
Content-Length: 197

  • upload completely sent off: 197 out of 197 bytes
    < HTTP/1.1 401 Unauthorized
  • Authentication problem. Ignoring this.
    < WWW-Authenticate: Basic realm=“Graylog Server”
    < X-Graylog-Node-ID: e5851a96-e2e0-4f7d-8df6-fbe3386ad47b
    < Date: Fri, 10 May 2019 11:36:59 GMT
    < Content-Length: 0
    <
  • Connection #0 to host 127.0.0.1 left intact
2

root@graylog:/etc/nginx/sites-enabled# cat default
server {
listen 443 ssl;
server_name graylog2.domain.com;
ssl_certificate /etc/nginx/ssl/STAR_domain_com.crt;
ssl_certificate_key /etc/nginx/ssl/STAR_domain_com.key;
ssl_session_timeout 10m;
ssl_protocols TLSv1.2;

  location / {
    proxy_pass http://127.0.0.1:9000/;
    proxy_http_version 1.1;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Graylog-Server-URL https://$host;
    proxy_pass_request_headers on;
    proxy_connect_timeout 150;
    proxy_send_timeout 100;
    proxy_read_timeout 100;
    proxy_buffering off;
    client_max_body_size 8m;
    client_body_buffer_size 128k;
    expires off;
  }
  error_page 502 /502.html;
  location  /502.html {
    internal;
  }

}

3

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.