Authorization Exception for SuperUser

I'm running Elastic 7.8.0 on the latest Debian 10. SSL and authentication is enabled. Everything has been working fine. I've been able to connect to the ES instance using all of the stack products and using the python elasticsearch python client. I created API keys to authenticate the application I am writing, and it has been working for all sorts of queries and updates except for the 'get' request. The details are as follows

When I use the elasticsearch-py library to run the following query
es.get(index="filebeat-*", id=id)
I get the following exception:
elasticsearch.exceptions.AuthorizationException: AuthorizationException(403, 'security_exception', 'action [indices:data/read/get] is unauthorized for user [elastic]')

In the above case I actually authenticated using the 'elastic' superuser just to see if I was doing anything wrong. I can't seem to figure it out.

EDIT : While debugging further I figured it was the wildcard after the index name that caused this. You can't get a document by the id across a number of indices. The exception was misleading. When I ran the same query in the 'Dev Tools' section of Kibana, the error was a bit more accurate - as such.
{ "error" : { "root_cause" : [ { "type" : "security_exception", "reason" : "action [indices:data/read/get] is unauthorized for user [elastic]" } ], "type" : "security_exception", "reason" : "action [indices:data/read/get] is unauthorized for user [elastic]", "caused_by" : { "type" : "illegal_state_exception", "reason" : "There are no external requests known to support wildcards that don't support replacing their indices" } }, "status" : 403 }

Welcome to our community! :smiley:

I wanted to quote this one separately so that the topic can be marked as solved :slight_smile:

Thank you for the warm welcome.
Sure - it's solved. Could the error.root_cause.reason perhaps be amended in a future release so as to give a more accurate description (as opposed to the authorization related issue)?

Thank you

It'd be worth raising a feature request for that on GitHub.

1 Like

Hi Warkolm,
I am having the similar issue, but i couldn't find solution in this topic,. Can you please point me to the solution for "There are no external requests known to support wildcards that don't support replacing their indices" } }, "status" : 403 }?


Please start your own topic on this.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.