Occurrence of NullPointerException and role not assigned when using elasticsearch-users command in Windows

mousumis · June 11, 2024, 4:13pm

I am attempting to use the elasticsearch-users.bat utility on a windows machine (Windows Server 2022) to create a user. I am running the following command:
elasticsearch-users.bat useradd admin_user -p "testpassword" -r superuser

After running this, I observe the following:

There is a null pointer exception thrown, though I believe the user is created.

Exception in thread "main" java.lang.NullPointerException: Cannot invoke "java.util.Map.size()" because "m" is null
        at java.base/java.util.HashMap.putMapEntries(HashMap.java:495)
        at java.base/java.util.HashMap.<init>(HashMap.java:484)
        at org.elasticsearch.xpack.security.authc.file.tool.UsersTool$AddUserCommand.execute(UsersTool.java:137)
        at org.elasticsearch.common.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:54)
        at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:85)
        at org.elasticsearch.cli.MultiCommand.execute(MultiCommand.java:94)
        at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:85)
        at org.elasticsearch.cli.Command.main(Command.java:50)
        at org.elasticsearch.launcher.CliToolLauncher.main(CliToolLauncher.java:64)

I have also tried other commands like userdel and roles with elasticsearch-users.bat and they all cause the NullPointerException. I saw a somewhat related post but it does not appear to have a resolution.

Subsequent attempts to call elasticsearch endpoints with this user are rejected, though I tried to assign the superuser role when creating the user.

bin>curl -i -X POST -u "admin_user:testpassword" -H "Content-Type: application/json" -d"{\"cluster\": [\"monitor\"]}" localhost:9200/_security/role/health_check_role

HTTP/1.1 403 Forbidden
content-type: application/json
content-length: 485

{"error":{"root_cause":[{"type":"security_exception","reason":"action [cluster:admin/xpack/security/role/put] is unauthorized for user [appian_admin] with effective roles [], this action is granted by the cluster privileges [manage_security,all]"}],"type":"security_exception","reason":"action [cluster:admin/xpack/security/role/put] is unauthorized for user [appian_admin] with effective roles [], this action is granted by the cluster privileges [manage_security,all]"},"status":403}

I would appreciate any insight into why the error is occurring, why the role assignment is not taking effect for the user, and if there are any steps I am missing.

TimV · June 12, 2024, 3:19am

It looks like your users_roles file is missing which causes the users command to fail.

Check for a file named users_roles in your config directory (the same directory where your elasticsearch.yml is).
If it's not there, then you should create it as an empty file.
If it is there, then you might have a permissions problem, or your elasticsearch-users tool might be configured to look in the wrong directory.

mousumis · June 16, 2024, 8:07pm

Yes that was the issue, the error threw me off. Thank you for your help!