Authorization Exception for SuperUser

apocalypse0 · August 17, 2020, 7:36pm

I'm running Elastic 7.8.0 on the latest Debian 10. SSL and authentication is enabled. Everything has been working fine. I've been able to connect to the ES instance using all of the stack products and using the python elasticsearch python client. I created API keys to authenticate the application I am writing, and it has been working for all sorts of queries and updates except for the 'get' request. The details are as follows

When I use the elasticsearch-py library to run the following query
es.get(index="filebeat-*", id=id)
I get the following exception:
elasticsearch.exceptions.AuthorizationException: AuthorizationException(403, 'security_exception', 'action [indices:data/read/get] is unauthorized for user [elastic]')

In the above case I actually authenticated using the 'elastic' superuser just to see if I was doing anything wrong. I can't seem to figure it out.

EDIT : While debugging further I figured it was the wildcard after the index name that caused this. You can't get a document by the id across a number of indices. The exception was misleading. When I ran the same query in the 'Dev Tools' section of Kibana, the error was a bit more accurate - as such.
{ "error" : { "root_cause" : [ { "type" : "security_exception", "reason" : "action [indices:data/read/get] is unauthorized for user [elastic]" } ], "type" : "security_exception", "reason" : "action [indices:data/read/get] is unauthorized for user [elastic]", "caused_by" : { "type" : "illegal_state_exception", "reason" : "There are no external requests known to support wildcards that don't support replacing their indices" } }, "status" : 403 }

warkolm · August 17, 2020, 11:14pm

Welcome to our community!

apocalypse0:

EDIT : While debugging further I figured it was the wildcard after the index name that caused this. You can't get a document by the id across a number of indices. The exception was misleading. When I ran the same query in the 'Dev Tools' section of Kibana, the error was a bit more accurate - as such.
{ "error" : { "root_cause" : [ { "type" : "security_exception", "reason" : "action [indices:data/read/get] is unauthorized for user [elastic]" } ], "type" : "security_exception", "reason" : "action [indices:data/read/get] is unauthorized for user [elastic]", "caused_by" : { "type" : "illegal_state_exception", "reason" : "There are no external requests known to support wildcards that don't support replacing their indices" } }, "status" : 403 }

I wanted to quote this one separately so that the topic can be marked as solved

apocalypse0 · August 18, 2020, 4:41am

Thank you for the warm welcome.
Sure - it's solved. Could the error.root_cause.reason perhaps be amended in a future release so as to give a more accurate description (as opposed to the authorization related issue)?

Thank you

warkolm · August 18, 2020, 4:42am

It'd be worth raising a feature request for that on GitHub.

srk1 · August 24, 2020, 8:02pm

Hi Warkolm,
I am having the similar issue, but i couldn't find solution in this topic,. Can you please point me to the solution for "There are no external requests known to support wildcards that don't support replacing their indices" } }, "status" : 403 }?

Thanks,
Sankeerth.

warkolm · August 24, 2020, 9:07pm

Please start your own topic on this.

system · September 21, 2020, 9:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.