Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-31771

Can't full reindex with aliases on OpenSearch with security plugin

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2023.0, 2021.37
    • Component/s: AWS, Elasticsearch
    • Backlog priority:
      1,000
    • Sprint:
      nxplatform #85, nxplatform #86
    • Story Points:
      5

      Description

      When reindexing the entire repository using the BulkIndex operation and the managed alias is enabled, the operation fails with:

      Caused by: org.elasticsearch.client.ResponseException: method [DELETE], host [https://vpc-harlan1-redacted.us-east-1.es.amazonaws.com], URI [/_all/_alias/nuxeo-write], status line [HTTP/1.1 403 Forbidden]
      {"error":{"root_cause":[{"type":"security_exception","reason":"no permissions for [] and User [name=harlan, backend_roles=[], requestedTenant=null]"}],"type":"security_exception","reason":"no permissions for [] and User [name=harlan, backend_roles=[], requestedTenant=null]"},"status":403}
      

      Delete /_all/* is restricted on OpenSearch when the plugins.security is not disabled and raises a security exception

      Instead of using the /_all which is restricted, the name of the index should be used: Delete nuxeo-0000/_alias/nuxeo-write.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: