Is admin can't update mapping,settings or aliases of searchguard index since 25.0 release?

Hello,

So I have a user with bellow auth.

{
  "user" : "User [name=admin, roles=[], requestedTenant=null]",
  "user_name" : "admin",
  "user_requested_tenant" : null,
  "remote_address" : "127.0.0.1:42376",
  "backend_roles" : [ ],
  "custom_attribute_names" : [ ],
  "sg_roles" : [
    "sg_all_access"
  ],
  "sg_tenants" : {
    "test_tenant_ro" : true,
    "admin" : true,
    "adm_tenant" : true
  },
  "principal" : null,
  "peer_certificates" : "0",
  "sso_logout_url" : null
}

While I am using elasticsearch 6.5.3 with searchguard 23.2, I can take and restore backup including searchguard indices.

But, When I am trying same action in elasticsearch-6.8.0 with searchguard 25.0, the restore fails with error:

Restoring index: searchguard
Tue, 06 Aug 2019 11:53:44 GMT | Error Emitted => {"root_cause":[{"type":"security_exception","reason":"no permissions for [] and User [name=admin, roles=[], requestedTenant=null]"}],"type":"security_exception","reason":"no permissions for [] and User [name=admin, roles=[], requestedTenant=null]"}
failed to restore mapping for searchguard

Inside elasticsearch cluster, the error message is:

indices:admin/mapping/put for 'searchguard' index is not allowed for a regular user

I am not sure if this change in searchguard is causing the issue.

Any hints? Is there any way to achieve restore searchguard indices?

FYI, I am using elasticdump for backup and restore purpose.

Yes, this was a change in 25.0 (documented in the changelog as a breaking change).

Please upgrade to 25.3 and try excluding the searchguard index from the dump
like *,-searchguard.

Or use the searchguard.filter_sgindex_from_all_requests option.

See https://docs.search-guard.com/6.x-25/changelog-searchguard-6-x-25_3

1 Like

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.