We're having an issue with persisting percolate documents with Shield enabled. The issue stems from referencing indexed shapes which are documents from another index.
A similar issue was reported a while ago, http://elasticsearch-users.115913.n3.nabble.com/SHIELD-terms-lookup-filter-AuthorizationException-BUG-td4073867.html
We cannot reproduce the other issue but it has a very similar error message while using indexed documents.
We have a way to reproduce consistently using the following,
# [re]create indexes
curl -XDELETE "$USER:$PASSWORD@localhost:9200/customer"
curl -XDELETE "$USER:$PASSWORD@localhost:9200/shapes"
curl -XPUT "$USER:$PASSWORD@localhost:9200/customer"
curl -XPUT "$USER:$PASSWORD@localhost:9200/shapes"
# create a shape document
curl -XPUT "$USER:$PASSWORD@localhost:9200/shapes/city/1" -d '
{
"name" : "City1",
"geo_json": {
"type": "MultiPolygon",
"coordinates" : [
[
[
[
-122.76238,
38.369484
],
[
-122.761759,
38.368645
],
[
-122.76238,
38.369484
]
]
]
]
}
}'
curl -XPUT "$USER:$PASSWORD@localhost:9200/customer/.percolator/1" -d '
{
"query": {
"geo_shape": {
"geo_location": {
"indexed_shape": {
"type": "city",
"index": "shapes",
"id": "1",
"path": "geo_json"
}
}
}
}
}'
and the reported error
{
"error": {
"root_cause": [
{
"type": "security_exception",
"reason": "action [indices:data/read/get] is unauthorized for user [__es_system_user]"
}
],
"type": "percolator_exception",
"reason": "failed to parse query [1]",
"index": "customer",
"caused_by": {
"type": "security_exception",
"reason": "action [indices:data/read/get] is unauthorized for user [__es_system_user]"
}
},
"status": 500
}
Versions:
ElasticSearch 2.2.0
Shield 2.2.0
The user we're using to do all the api requests is an admin and has access to all indices and all actions
Any help would be appreciated.