Problem with indexed groovy script, bulk API, and shield

founderbits · June 8, 2016, 3:51pm

Hello,

I've chosen to enable all indexed scripts for my cluster and am able to put groovy scripts into .scripts with my admin user. (I should mention I setup shield with the default config.)

However, when using the readwrite user, I get the following error when trying to use the script in doing a update operation with the bulk API:

{'update': {'error': {'type': 'illegal_argument_exception', 'reason': 'failed to execute script', 'caused_by': {'type': 'security_exception', 'reason': 'action [indices:data/read/get] is unauthorized for user [__es_system_user]'}}, '_id': '4d18aa36-126e-42f9-a397-7abae036e3e5', 'status': 400, '_type': 'subscriber', '_index': 'primary'}}

I am using version 2.3.3 and the first 6 characters of my cluster id are 4523f3.

igor_k · June 9, 2016, 2:59pm

Hi @founderbits, this seems to be an excellent question for the "X-Pack" category. I've moved the post for you.

Thanks,
Igor

jaymode · June 10, 2016, 12:40pm

Thanks for reporting @founderbits. I am moving this to the Shield discussion category and will take a look into reproducing the issue.

jaymode · June 10, 2016, 4:53pm

I tracked down the problem and opened a PR to fix the issue in elasticsearch

jordansparked · June 15, 2016, 10:44pm

Hi @jaymode, I've come across this same error on my 2.3.3 cluster, is there an ETA for when 2.3.4 will be available on ES Cloud? Thx!

jaymode · June 16, 2016, 10:55am

We do not give dates for our releases since there are many unknowns, but the release should be available on cloud immediately once released.