I have a local & a remote cluster running on the same host (localhost) to be used by the integration tests. It is basically a sidecar container running ES. These tests were passing for ES version 7.16.2, but when I tried using ES version 8.8.2 with no other changes, the tests started failing with -
{
"error": {
"root_cause": [
{
"type": "no_such_remote_cluster_exception",
"reason": "no such remote cluster: [remote_cluster]"
}
],
"type": "no_such_remote_cluster_exception",
"reason": "no such remote cluster: [remote_cluster]"
},
"status": 404
}
[remote_cluster
is the name I have used in the tests for the remote cluster]
I have not set this setting in the elasticsearch.yml - xpack.security.enabled
[From the answer here, by default security is in a half-on state, where it supports TLS (so it can join other nodes in the cluster) and then disables the rest of security (authentication, RBAC) when it determines that the cluster has a basic license.]
I tried to make a call using curl to the localhost and was getting this -
$ curl -XGET localhost:9207/_cat/indices/remote_cluster:*?pretty
{
"error" : {
"root_cause" : [
{
"type" : "illegal_argument_exception",
"reason" : "Cross-cluster calls are not supported in this context but remote indices were requested: [remote_cluster:*]"
}
],
"type" : "illegal_argument_exception",
"reason" : "Cross-cluster calls are not supported in this context but remote indices were requested: [remote_cluster:*]"
},
"status" : 400
}
Cross-cluster calls are not supported
-> from this error and the official docs, thought about setting up the security to see if that changes anything. I used the anonymous-access with this role -
anonymous_role:
cluster: [ 'all' ]
indices:
- names: [ '*' ]
privileges: [ 'all' ]
and started ES service with -
-Expack.security.enabled=true
-Expack.security.authc.anonymous.roles=anonymous_role
-Expack.security.authc.anonymous.authz_exception=true
but then I'm getting this error in the tests now -
{
"error": {
"root_cause": [
{
"type": "no_such_remote_cluster_exception",
"reason": "no such remote cluster: [remote_cluster]"
}
],
"type": "security_exception",
"reason": "action [indices:data/read/search] is unauthorized for user [_anonymous] with effective roles [anonymous_role], this action is granted by the index privileges [read,all]",
"caused_by": {
"type": "no_such_remote_cluster_exception",
"reason": "no such remote cluster: [remote_cluster]"
}
},
"status": 403
}
When it says - this action is granted by the index privileges [read,all]
, shouldn't it have these privileges already when I gave all
privilege for indices
to this anonymous role?
If I do a curl to _cat indices now then it doesn't fail with any errors -
$ curl -XGET localhost:9207/_cat/indices?pretty
<empty output>
Any idea what is causing the calls to fail with this no_such_remote_cluster_exception
?
I can provide any details that is needed to debug the issue.