Not able call SSL configured elasticsearch API from elasticsearch plugin

Rohit_Sawant1 · June 15, 2021, 6:14am

Hi Team,

I am trying to call elasticsearch search ,createindex api from NodeClient but it is giving error message: action [indices:data/read/search] is unauthorized for user [_system].

elasticsearch configured with SSL configuration with certificate ca.p12 and using elastic user and password.

I am using BaseRestHandler :
@Override
protected RestChannelConsumer prepareRequest(RestRequest request, NodeClient client) throws IOException {

    if (request.method().equals(RestRequest.Method.GET)) {
        return restChannel -> {

         if (indexFiles.length > 0) {
                log.debug("found index files into resource/index folder going to check and create index");
                try{

                    GenericIndexService genericIndexService = new GenericIndexService(client);
                    // Create index of not exist
                    genericIndexService.createIndexIfNotExist(indexFiles);

please suggest me how can I call elsticsearch APIs from elasticsearch plugin which is configured with SSL

warkolm · June 15, 2021, 6:22am

I don't know node, but does the username and password you have configured in your client work with a curl to Elasticsearch?

Rohit_Sawant1 · June 15, 2021, 6:29am

Thanks for the reply..
@warkolm yes it is working with username password
I have also tried to create custom client using Transport client :
TransportClient client = new PreBuiltXPackTransportClient(Settings.builder()
.put("cluster.name", "elasticsearchpreprod")
.put("xpack.security.user", "elastic:pass@123")
.put("xpack.security.enabled", true)
.put("xpack.security.transport.ssl.enabled", true)
.put("xpack.security.transport.ssl.verification_mode", "certificate")
.put("xpack.security.transport.ssl.keystore.path", "elastic-stack-ca.p12")
.put("xpack.security.transport.ssl.truststore.path", "elastic-stack-ca.p12")
.build(), JobSchedulerPlugin.class)
.addTransportAddress(new TransportAddress(InetAddress.getByName("localhost"), 9300))
.addTransportAddress(new TransportAddress(InetAddress.getByName("localhost"), 9301));

but it is giving me SSLHandshakeTimeout error.

can you please suggest the correct way to create client and call elasticsearch API for SSL configuration

Christian_Dahlqvist · June 15, 2021, 7:43am

What are you looking to achieve? Are you building a plugin or an external application?

Rohit_Sawant1 · June 15, 2021, 8:39am

I am building a plugin

TimV · June 16, 2021, 10:36am

What is GenericIndexService?

The problem is that the way you are creating the index (which isn't shown in your example) is losing the security context of the current user, so it looks like ES is trying to create an index without a user and that is blocked.

system · July 14, 2021, 10:37am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.