Elastic Cloud 6.0 - User authentications

shanim · November 23, 2017, 12:15am

Hi,

I'm a noob at Elastic Cloud 6.0 and I'm using X-Pack for the first time.

I have been attempting to add some data into a cluster I created on elastic cloud. I created a new user (as I didn't want to use the elastic user for my python client). I created the user and created a role with privileges for the index and assigned it to the user. However, when I attempt to add data into the cluster, I get the following HTTP 401 error:

elasticsearch.exceptions.AuthenticationException: TransportError(401, u'security_exception', u'unable to authenticate user [some_user] for REST request [CLUSTER/INDEX]')

When I attempt the same request with the elastic user, I'm able to add data to my index. What am I missing?

Here is the user:

"some_script": {
"username": "some_script",
"roles": [
  "events_admin"
],
"full_name": "Some Script",
"email": "something@gmail.com",
"metadata": {},
"enabled": true
}

And here is the role:

"events_admin": {
"cluster": [],
"indices": [
  {
    "names": [
      "INDEX"
    ],
    "privileges": [
      "all"
    ]
  },
  {
    "names": [
      ".kibana*"
    ],
    "privileges": [
      "manage",
      "read",
      "index"
    ]
  }
],
"run_as": [],
"metadata": {},
"transient_metadata": {
  "enabled": true
}
}

dadoonet · November 23, 2017, 2:06am

I moved your question to #x-pack

It seems like the client you are using is calling a cluster level API. I guess for discovering other nodes if you activated something like sniffing.

So you need to add this api to your user.

TimV · November 23, 2017, 2:29am

That looks like an authentication error. Either the password for "some_user" is not being sent correctly in your request, or the user doesn't actually exist.
Since it's working for elastic it's probably a configuration problem rather than an actual bug in your code.

Check for typos, and also check that the user really was created in your cloud cluster.

shanim · November 23, 2017, 2:37am

I had a look at Kibana and do see it on Kibana's Management Page (following the step 4 in https://www.elastic.co/guide/en/x-pack/current/security-getting-started.html). Is there a different method to create the user for REST API access?

TimV · November 23, 2017, 5:13am

The user that you created in Kibana will be able to use the API.

All I can suggest is to triple check that you have all the names and passwords correct, because that error is saying that you don't.

e.g. Your error message says some_user but your user JSON says some_script. I assume you've redacted those for public posting, but do make sure the username you are using in your code, is exactly the same as the user you created in Kibana.

shanim · November 23, 2017, 6:07am

User Error! Typo in the client's username Sorted it out now

TimV · November 23, 2017, 7:41am

User Error!

Glad it's sorted.

system · December 21, 2017, 7:42am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elasticsearch 7.8.0 user authentication with X-Pack security fails Elasticsearch elastic-stack-security	11	1347	October 27, 2020
AuthenticationError with Elastic Cloud Kibana	10	1667	July 6, 2017
Authentication fails on a new node in a secure cluster Elasticsearch elastic-stack-security	2	1202	November 16, 2020
Adding users Elasticsearch	2	999	July 31, 2017
Unable to create users and roles Elasticsearch elastic-stack-security	12	1911	June 20, 2019

Elastic Cloud 6.0 - User authentications

Related Topics