I have a 7.17 index I access routinely for reads and writes from a Django app with elasticsearch-py, performing snapshots to GCS, etc. This works fine with both the ES 7.17 on a Mac dev laptop against a copy of the prod index, and the Ubuntu prod server. All Python access uses an API_KEY and API_ID combo - one set on dev version and another on the prod server. I also use Kibana logged in with a superuser account.
All ES actions in the app work fine on both dev and prod, except this query, which fails on the prod server only (place_id is unique):
es.delete_by_query(
"myindex",
body={"query": {"terms": {"place_id": ["123456"]}}}
)
which returns this error (the user named has the superuser role, and the _id of the doc is 14192344):
elasticsearch7.exceptions.AuthorizationException:
AuthorizationException(
403, '
{ "took":2,
"timed_out":false,
"total":1,
"deleted":0,
"batches":1,
"version_conflicts":0,
"noops":0,
"retries":{"bulk":0,"search":0},
"throttled_millis":0,
"requests_per_second":-1.0,
"throttled_until_millis":0,
"failures":[
{ "index": "myidx",
"type":"_doc",
"id":"14192344",
"cause":{
"type":"security_exception",
"reason":
"action [indices:data/write/bulk[s]] is unauthorized
for API key id [{api key id}] of user [{user}]
on indices [ myidx ], this action is granted by the index privileges
[create_doc,create,delete,index,write,all]"
},
"status":403
}]}')
The same query works fine in Kibana remotely, e.g.
POST /myindex/_delete_by_query
{
"query": {
"terms": {
"place_id": ["123456"]
}
}
}
Thanks in advance for any suggestions. I've tried to find out what the active permissions are on prod, using the API ID and API KEY, can't find out how.