Log REST target with 403 #29714
Comments
elasticmachine
added
:Security/Authorization
|
Is this being worked upon? I can pick it up if not. I am a newbie, any pointers are much appreciated. |
|
Hi, I'm a newbie and also am looking to start. @ashishguptak have you gotten far with this yet? |
|
@PhaedrusTheGreek which Java file can we get started with to fix this, and how can we reproduce this error |
|
anyone working on this ? If not I'd like to give it a go. |
|
@adityasraghav Will you be working on this? if not, I wouldn't mind taking it. |
|
Is this anybody currently working on this? |
|
How to fix this problem? I wanna learn. |
fdartayre
added
the
:Data Management/Indices APIs
|
Pinging @elastic/es-core-features |
|
Reproduced in 7.3. The index actions (for instance Is there any update on this? |
|
Related: the name of the index is not logged either, even under the |
|
Hi everyone. |
|
This question for developers I think: |
|
Hi, |
|
I'll have a chance to back to this in next week. |
|
@getsaurabh02 I have chance to do this. Are you working on it? |
|
Hi, I'm fairly new to Elasticsearch but I've been looking at this issue, and I think it could use some clarification. Some use cases already seem to be covered. For instance, working off of master right now, let's say I make a bulk update request to two indices, but the user only has permissions to write to one of them. The API provides some helpful feedback: {
"took" : 9,
"errors" : true,
"items" : [
{
"update" : {
"_index" : "test1",
"_id" : "1",
"_version" : 13,
"result" : "noop",
"_shards" : {
"total" : 2,
"successful" : 1,
"failed" : 0
},
"_seq_no" : 12,
"_primary_term" : 1,
"status" : 200
}
},
{
"update" : {
"_index" : "test2",
"_id" : "1",
"status" : 403,
"error" : {
"type" : "security_exception",
"reason" : "action [indices:data/write/bulk[s]] is unauthorized for user [noprivs]"
}
}
}
]
}On the other hand, if the user doesn't have permissions to write to either index, the error message is simpler: {
"error" : {
"root_cause" : [
{
"type" : "security_exception",
"reason" : "action [indices:data/write/bulk] is unauthorized for user [noprivs]"
}
],
"type" : "security_exception",
"reason" : "action [indices:data/write/bulk] is unauthorized for user [noprivs]"
},
"status" : 403
}So it does seem to be doing the right thing in partial failure situations. Looking at the logs at level DEBUG, there isn't as much information, which isn't ideal, but is that what the original feature request is looking for? Also, I have not yet checked the audit logs, but judging from the code they might also do the right thing. Is this feature request already taken care of? |
|
I am going to take a crack at this just in case no one has had time for it. This will be my first time so hopefully I'm able to help. |
rjernst
added
Team:Data Management
|
Is fix still needed for this one? I can work on this is still free. Thanks! |
|
I don't work on that at the moment
сб, 1 авг. 2020 г., 22:11 Ana Therese Taroy <[email protected]>:
… Is fix still needed for this one? I can work on this is still free. Thanks!
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#29714 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAPDTI4J7IAQUTUOEM47TJTR6Q5CDANCNFSM4E5WBHEA>
.
|
|
Thanks. I'll give this a go. |
|
Hello, is anyone working on this issue actually ? |
|
Hi guys! Just linked a PR that attempts to solve this issue. I'm new to Elasticsearch, so I'm might have overlooked some details that require a larger knowledge of the codebase. |
|
The was resolved in #60357 |
Original comment by @PhaedrusTheGreek:
It's very common when debugging security to see a message like this:
Without further exploration, it's not obvious which request has failed. We can see that it is a _bulk request, but on which index? Seeing the index and/or the full REST target with this error message would really be helpful!
The text was updated successfully, but these errors were encountered: