[NXP-31771] Can't full reindex with aliases on OpenSearch with security plugin - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2023.0, 2021.37
Component/s: AWS, Elasticsearch

Tags:
- SupCom
- noRNS
- nxplatform
Backlog priority:
1,000
Sprint:
nxplatform #85, nxplatform #86
Story Points:
5

Description

When reindexing the entire repository using the BulkIndex operation and the managed alias is enabled, the operation fails with:

Caused by: org.elasticsearch.client.ResponseException: method [DELETE], host [https://vpc-harlan1-redacted.us-east-1.es.amazonaws.com], URI [/_all/_alias/nuxeo-write], status line [HTTP/1.1 403 Forbidden]
{"error":{"root_cause":[{"type":"security_exception","reason":"no permissions for [] and User [name=harlan, backend_roles=[], requestedTenant=null]"}],"type":"security_exception","reason":"no permissions for [] and User [name=harlan, backend_roles=[], requestedTenant=null]"},"status":403}

Delete /_all/* is restricted on OpenSearch when the plugins.security is not disabled and raises a security exception

Instead of using the /_all which is restricted, the name of the index should be used: Delete nuxeo-0000/_alias/nuxeo-write.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

server.log
74 kB
2023-03-17 22:30

Issue Links

is related to

NXP-31837 Add an option to disable hostname verification during Elastic/Opensearch SSL handshake

Resolved

Activity

People

Assignee:

Benoit Delbosc

Reporter:

Harlan Brown

Participants:

Benoit Delbosc, Harlan Brown, Jenkins

Votes:

0 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

2023-03-17 22:18

Updated:

2023-07-12 08:57

Resolved:

2023-04-18 12:02