Hi,
We've been scratching our heads at this for a while so we thought we'd give it a shot here.
Some background: We have an application that uses ElasticSearch with a custom plugin with a custom REST endpoint that we've written for ElasticSearch 2.1. We have tried the application with the plugin and it works fine. The custom REST endpoint has a structure like so: //_function?param1=¶m2=. We have since tried to get this plugin working with Shield installed on ElasticSearch. We are coming across a problem that Shield is erroring with:
[2016-01-29 16:00:08,062][INFO ][rest.suppressed ] /index_test/_function Params: {field=testfield, size=50, index=index_test, term=a}
ElasticsearchSecurityException[action [indices/termlist] is unauthorized for user [user1]]
at org.elasticsearch.shield.support.Exceptions.authorizationError(Exceptions.java:45)
at org.elasticsearch.shield.authz.InternalAuthorizationService.denialException(InternalAuthorizationService.java:294)
at org.elasticsearch.shield.authz.InternalAuthorizationService.denial(InternalAuthorizationService.java:268)
at org.elasticsearch.shield.authz.InternalAuthorizationService.authorize(InternalAuthorizationService.java:165)
at org.elasticsearch.shield.action.ShieldActionFilter.apply(ShieldActionFilter.java:105)
at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:99)
at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:77)
at org.elasticsearch.client.node.NodeClient.doExecute(NodeClient.java:58)
at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:347)
at org.elasticsearch.client.FilterClient.doExecute(FilterClient.java:52)
at
I've tried playing around with the roles.yml file but have had no luck. The user currently has role admin and the roles.yml for admin is as follows:
admin:
cluster: all
indices:
'*':
privileges: all
Some advice on how we can fix this would be greatly appreciated.