Elastic Cloud 6.0 - User authentications

Elastic Stack Elasticsearch
1

Hi,

I'm a noob at Elastic Cloud 6.0 and I'm using X-Pack for the first time.

I have been attempting to add some data into a cluster I created on elastic cloud. I created a new user (as I didn't want to use the elastic user for my python client). I created the user and created a role with privileges for the index and assigned it to the user. However, when I attempt to add data into the cluster, I get the following HTTP 401 error:

elasticsearch.exceptions.AuthenticationException: TransportError(401, u'security_exception', u'unable to authenticate user [some_user] for REST request [CLUSTER/INDEX]')

When I attempt the same request with the elastic user, I'm able to add data to my index. What am I missing?

Here is the user:

"some_script": {
"username": "some_script",
"roles": [
  "events_admin"
],
"full_name": "Some Script",
"email": "something@gmail.com",
"metadata": {},
"enabled": true
}

And here is the role:

"events_admin": {
"cluster": [],
"indices": [
  {
    "names": [
      "INDEX"
    ],
    "privileges": [
      "all"
    ]
  },
  {
    "names": [
      ".kibana*"
    ],
    "privileges": [
      "manage",
      "read",
      "index"
    ]
  }
],
"run_as": [],
"metadata": {},
"transient_metadata": {
  "enabled": true
}
}
2

I moved your question to #x-pack

It seems like the client you are using is calling a cluster level API. I guess for discovering other nodes if you activated something like sniffing.

So you need to add this api to your user.

3

That looks like an authentication error. Either the password for "some_user" is not being sent correctly in your request, or the user doesn't actually exist.
Since it's working for elastic it's probably a configuration problem rather than an actual bug in your code.

Check for typos, and also check that the user really was created in your cloud cluster.

4

I had a look at Kibana and do see it on Kibana's Management Page (following the step 4 in https://www.elastic.co/guide/en/x-pack/current/security-getting-started.html). Is there a different method to create the user for REST API access?

5

The user that you created in Kibana will be able to use the API.

All I can suggest is to triple check that you have all the names and passwords correct, because that error is saying that you don't.

e.g. Your error message says some_user but your user JSON says some_script. I assume you've redacted those for public posting, but do make sure the username you are using in your code, is exactly the same as the user you created in Kibana.

6

:man_facepalming:

User Error! Typo in the client's username :slight_smile: Sorted it out now

7

User Error!

:+1:t4: Glad it's sorted.

8

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.