Elastic Cloud 6.0 - User authentications

Hi,

I'm a noob at Elastic Cloud 6.0 and I'm using X-Pack for the first time.

I have been attempting to add some data into a cluster I created on elastic cloud. I created a new user (as I didn't want to use the elastic user for my python client). I created the user and created a role with privileges for the index and assigned it to the user. However, when I attempt to add data into the cluster, I get the following HTTP 401 error:

elasticsearch.exceptions.AuthenticationException: TransportError(401, u'security_exception', u'unable to authenticate user [some_user] for REST request [CLUSTER/INDEX]')

When I attempt the same request with the elastic user, I'm able to add data to my index. What am I missing?

Here is the user:

"some_script": {
"username": "some_script",
"roles": [
  "events_admin"
],
"full_name": "Some Script",
"email": "something@gmail.com",
"metadata": {},
"enabled": true
}

And here is the role:

"events_admin": {
"cluster": [],
"indices": [
  {
    "names": [
      "INDEX"
    ],
    "privileges": [
      "all"
    ]
  },
  {
    "names": [
      ".kibana*"
    ],
    "privileges": [
      "manage",
      "read",
      "index"
    ]
  }
],
"run_as": [],
"metadata": {},
"transient_metadata": {
  "enabled": true
}
}

I moved your question to #x-pack

It seems like the client you are using is calling a cluster level API. I guess for discovering other nodes if you activated something like sniffing.

So you need to add this api to your user.

That looks like an authentication error. Either the password for "some_user" is not being sent correctly in your request, or the user doesn't actually exist.
Since it's working for elastic it's probably a configuration problem rather than an actual bug in your code.

Check for typos, and also check that the user really was created in your cloud cluster.

I had a look at Kibana and do see it on Kibana's Management Page (following the step 4 in https://www.elastic.co/guide/en/x-pack/current/security-getting-started.html). Is there a different method to create the user for REST API access?

The user that you created in Kibana will be able to use the API.

All I can suggest is to triple check that you have all the names and passwords correct, because that error is saying that you don't.

e.g. Your error message says some_user but your user JSON says some_script. I assume you've redacted those for public posting, but do make sure the username you are using in your code, is exactly the same as the user you created in Kibana.

:man_facepalming:

User Error! Typo in the client's username :slight_smile: Sorted it out now

User Error!

:+1:t4: Glad it's sorted.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.