elasticsearch-py icon indicating copy to clipboard operation
elasticsearch-py copied to clipboard

Published 20 hours ago verified publisher icon elastic

delete_by_query authentication error: Action [indices:data/write/bulk[s]] is unauthorized for API key id of user [ ]

Open kgeographer opened this issue 3 years ago • 0 comments

Elasticsearch version: 7.17.1

elasticsearch-py version: 7.17.1

Please make sure the major version matches the Elasticsearch server you are running.

Description of the problem including expected versus actual behavior: I routinely access a 7.17.1 index for reads and writes from a Django app with elasticsearch-py, performing snapshots to GCS, etc. This works fine with both on a Mac dev laptop against a copy of the prod index, and the live index on a Ubuntu prod server. All Python access uses an API_KEY and API_ID combo - one set on dev version and another on the prod server. I also use Kibana logged in with a superuser account.

All ES actions in the app work fine on both dev and prod, except a delete_by_query, which fails on the prod server only

The result is this authentication error

elasticsearch7.exceptions.AuthorizationException: 
AuthorizationException(
  403, '
  {	"took":2,
  "timed_out":false,
  "total":1,
  "deleted":0,
  "batches":1,
  "version_conflicts":0,
  "noops":0,
  "retries":{"bulk":0,"search":0},
  "throttled_millis":0,
  "requests_per_second":-1.0,
  "throttled_until_millis":0,
  "failures":[
      {	"index": "myidx",
      "type":"_doc",
      "id":"14192344",
      "cause":{
        "type":"security_exception",
        "reason":
        "action [indices:data/write/bulk[s]] is unauthorized 
        for API key id [{api key id}] of user [{user}] 
        on indices [ myidx ], this action is granted by the index privileges 
        [create_doc,create,delete,index,write,all]"
      },
      "status":403
}]}')

Steps to reproduce: note: place_id is unique

es.delete_by_query(
  "myindex",
  body={"query": {"terms": {"place_id": ["123456"]}}}
)

The expected behavior is the deletion of the specified doc. This does work fine on my local copy. The only difference between dev and prod actions is different 'api_key': ('{id}', '{key}') values, read from a hidden config.

es = Elasticsearch([{'host': 'localhost',
                     'port': 9200,
                     'api_key': ('{id}', '{key}'),
                     'timeout': 30,
                     'max_retries': 10,
                     'retry_on_timeout': True}])

Note that the same query works fine in Kibana, logged in as the same superuser reported in the above error.

POST /myindex/_delete_by_query
{
  "query": {
    "terms": {
      "place_id": ["123456"]
    }
  }
}

kgeographer avatar Sep 03 '22 16:09 kgeographer