I am trying to integrate our product which has an embedded node client with Shield. Yes, it is a node client and I read that we should be using a transport client, but we are looking to move to a transport client in future release. Versions are : ES v1.4.3 + Shield v1.1.1.
As soon as my application starts up, it throws :
Caused by: org.elasticsearch.shield.authz.AuthorizationException: action [indices:admin/exists] is unauthorized for user [__es_system_user]
and therefore my application will not start.
I have tried adding the following to my elasticsearch.yml file in my application as per the documentation here : https://www.elastic.co/guide/en/shield/current/authentication.html#anonymous-access
...but it doesn't have any effect. I understand that this will allow any anonymous user have full admin control over the cluster, but I will lock anonymous access down to a lower range of privileges once I get it to work.
To get past this, I created a user in Shield and assigned that user to the admin role and then added a line to my elasticsearch.yml file :
... and this worked. No issues, I can index data, search data, etc.
Have I misunderstood this "anonymous" access, how to configure for it and what it provides ?