Not able call SSL configured elasticsearch API from elasticsearch plugin

Rohit_Sawant1 · June 15, 2021, 6:14am

Hi Team,

I am trying to call elasticsearch search ,createindex api from NodeClient but it is giving error message: action [indices:data/read/search] is unauthorized for user [_system].

elasticsearch configured with SSL configuration with certificate ca.p12 and using elastic user and password.

I am using BaseRestHandler :
@Override
protected RestChannelConsumer prepareRequest(RestRequest request, NodeClient client) throws IOException {

    if (request.method().equals(RestRequest.Method.GET)) {
        return restChannel -> {

         if (indexFiles.length > 0) {
                log.debug("found index files into resource/index folder going to check and create index");
                try{

                    GenericIndexService genericIndexService = new GenericIndexService(client);
                    // Create index of not exist
                    genericIndexService.createIndexIfNotExist(indexFiles);

please suggest me how can I call elsticsearch APIs from elasticsearch plugin which is configured with SSL

warkolm · June 15, 2021, 6:22am

I don't know node, but does the username and password you have configured in your client work with a curl to Elasticsearch?

Rohit_Sawant1 · June 15, 2021, 6:29am

Thanks for the reply..
@warkolm yes it is working with username password
I have also tried to create custom client using Transport client :
TransportClient client = new PreBuiltXPackTransportClient(Settings.builder()
.put("cluster.name", "elasticsearchpreprod")
.put("xpack.security.user", "elastic:pass@123")
.put("xpack.security.enabled", true)
.put("xpack.security.transport.ssl.enabled", true)
.put("xpack.security.transport.ssl.verification_mode", "certificate")
.put("xpack.security.transport.ssl.keystore.path", "elastic-stack-ca.p12")
.put("xpack.security.transport.ssl.truststore.path", "elastic-stack-ca.p12")
.build(), JobSchedulerPlugin.class)
.addTransportAddress(new TransportAddress(InetAddress.getByName("localhost"), 9300))
.addTransportAddress(new TransportAddress(InetAddress.getByName("localhost"), 9301));

but it is giving me SSLHandshakeTimeout error.

can you please suggest the correct way to create client and call elasticsearch API for SSL configuration

Christian_Dahlqvist · June 15, 2021, 7:43am

What are you looking to achieve? Are you building a plugin or an external application?

Rohit_Sawant1 · June 15, 2021, 8:39am

I am building a plugin

TimV · June 16, 2021, 10:36am

What is GenericIndexService?

The problem is that the way you are creating the index (which isn't shown in your example) is losing the security context of the current user, so it looks like ES is trying to create an index without a user and that is blocked.

system · July 14, 2021, 10:37am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elasticsearch 5.6.2 (x-pack) secured cluster with custom plugin : action [indices:data/read/search] is unauthorized for user [_system] Elasticsearch	1	631	February 2, 2020
Calling Elasticsearch/X-Pack API from node js application Elasticsearch elastic-stack-security	2	946	November 26, 2018
Getting ssl error while trying to create httpclient Elasticsearch language-clients	17	4422	September 16, 2020
Elasticsearch Java REST clients Elasticsearch	3	3883	August 10, 2018
Unable to establish SSL connection with ElasticSearch 6.x using Rest Client Elasticsearch	4	6012	June 23, 2018

Not able call SSL configured elasticsearch API from elasticsearch plugin

Related topics