ElasticsearchException[Security configuration cannot be loaded for unknown reasons #21
Description
curl -v http://app.user:***@localhost:9200/_search?pretty=true
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 9200 (#0)
* Server auth using Basic with user 'app.user'
> GET /_search?pretty=true HTTP/1.1
> Authorization: Basic YXBwLnVzZXI6Um9nZXJzMTIz
> User-Agent: curl/7.40.0
> Host: localhost:9200
> Accept: */*
>
< HTTP/1.1 500 Internal Server Error
< Content-Type: application/json; charset=UTF-8
< Content-Length: 480
<
{
"error" : {
"root_cause" : [ {
"type" : "runtime_exception",
"reason" : "ElasticsearchException[Security configuration cannot be loaded for unknown reasons]"
} ],
"type" : "runtime_exception",
"reason" : "ElasticsearchException[Security configuration cannot be loaded for unknown reasons]",
"caused_by" : {
"type" : "exception",
"reason" : "Security configuration cannot be loaded for unknown reasons"
}
},
"status" : 500
}
elasticsearch.yml configurations
# Armor
armor.key_path: "/data/elasticsearch/armor"
armor.authentication.authentication_backend.impl: com.petalmd.armor.authentication.backend.simple.SettingsBasedAuthenticationBackend
armor.authentication.http_authenticator.impl: com.petalmd.armor.authentication.http.basic.HTTPBasicAuthenticator
armor.authentication.authorizer.impl: com.petalmd.armor.authorization.simple.SettingsBasedAuthorizator
# Users
armor.authentication.settingsdb.digest: SHA256
armor.authentication.settingsdb.user.app.user: 94aa520b351f5df1abcd3195bf9f06888475e143a4ef20922c4cabe445e66719
# Roles
armor.authentication.authorization.settingsdb.roles.app.user: ["admin"]
# Permissions
armor.restactionfilter.names: ["admin"]
armor.actionrequestfilter.admin.allowed_actions: ["*"]
There is no localhost:9200/ac index present at the time of testing, adding the default settings did not seem to have any impact:
curl -XPUT 'http://localhost:9200/armor/ac/ac' -d '{
"acl": [
{
"__Comment__": "By default no filters are executed and no filters a by-passed. In such a case an exception is thrown and access will be denied.",
"filters_bypass": [],
"filters_execute": []
},
{
"__Comment__": "For role *admin* all filters are bypassed (so none will be executed). This means unrestricted access.",
"roles": [
"admin"
],
"filters_bypass": ["*"],
"filters_execute": []
}
]
}'
Root level request seems to succeed:
curl -v http://app.user:***@localhost:9200/?pretty=true
* Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 9200 (#0)
* Server auth using Basic with user 'app.user'
> GET /?pretty=true HTTP/1.1
> Authorization: Basic YXBwVXNlcjpSb2dlcnMxMjM=
> User-Agent: curl/7.40.0
> Host: localhost:9200
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: application/json; charset=UTF-8
< Content-Length: 366
<
{
"name" : "audit-log-dev-elasticsearch-host03",
"cluster_name" : "audit-logs-dev-elasticsearch-cluster",
"version" : {
"number" : "2.3.3",
"build_hash" : "218bdf10790eef486ff2c41a3df5cfa32dadcfde",
"build_timestamp" : "2016-05-17T15:40:04Z",
"build_snapshot" : false,
"lucene_version" : "5.5.0"
},
"tagline" : "You Know, for Search"
}
* Connection #0 to host localhost left intact