search

elastic / elasticsearch-migration

This plugin will help you to check whether you can upgrade directly to the next major version of Elasticsearch, or whether you need to make changes to your data and cluster before doing so.
290 stars 32 forks source link

Elasticsearch shield support ? #112

Open sbadia opened 7 years ago

sbadia commented 7 years ago

Hello here,

It seems that this useful plugin doesn't works with an elasticsearch cluster with shield installed. I'm trying to provide credentials using a RFC1738 URI, but creds are not used by jQuery.ajax() req.

shield

And indeed in the shield logs:

[2017-07-18 07:30:27,519][ERROR][shield.audit.logfile     ] [Stellaris] [transport] [access_denied]·origin_type=[rest], origin_address=[127.0.0.1], principal=[_es_anonymous_user], action=[cluster:monitor/stats]

I missed something?

My cluster is running es 2.4.5

  "version" : {
    "number" : "2.4.5",
    "build_hash" : "c849dd13904f53e63e88efc33b2ceeda0b6a1276",
    "build_timestamp" : "2017-04-24T16:18:17Z",
    "build_snapshot" : false,
    "lucene_version" : "5.5.4"
  },

Thanks in advance!

sbadia commented 7 years ago

Hum it was an issue with my bootstrap script. It seems that shield/elasticsearch 2.3.x (2.3.4) doesn't require authentication header for a POST requests on shield native API… (/_shield/user/shield_user), but this issue was fixed in 2.4.x branches.

sbadia commented 7 years ago

In fact if elasticsearch is configured with something else of no_access in shield.authc.anonymous.roles the basic auth isn't displayed.