Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security api responses when security is disabled #50288

Closed
chrisronline opened this issue Dec 17, 2019 · 1 comment · Fixed by #50298
Closed

Security api responses when security is disabled #50288

chrisronline opened this issue Dec 17, 2019 · 1 comment · Fixed by #50298
Labels
>bug :Security/Client Security in clients (Transport, Rest)

Comments

@chrisronline
Copy link
Contributor

This request:

curl -XPOST http://localhost:9200/_security/user/_has_privileges -H "Content-Type: application/json" -d '{"foo": 1}' -s | jq

when security is disabled results in:

{
  "error": {
    "root_cause": [
      {
        "type": "illegal_argument_exception",
        "reason": "request [POST /_security/user/_has_privileges] does not support having a body"
      }
    ],
    "type": "illegal_argument_exception",
    "reason": "request [POST /_security/user/_has_privileges] does not support having a body"
  },
  "status": 400
}

However, this request:

curl -XPOST http://localhost:9200/_security/user/_has_privileges -H "Content-Type: application/json" -s | jq

results in:

{
  "error": {
    "root_cause": [
      {
        "type": "exception",
        "reason": "Security must be explicitly enabled when using a [trial] license. Enable security by setting [xpack.security.enabled] to [true] in the elasticsearch.yml file and restart the node."
      }
    ],
    "type": "exception",
    "reason": "Security must be explicitly enabled when using a [trial] license. Enable security by setting [xpack.security.enabled] to [true] in the elasticsearch.yml file and restart the node."
  },
  "status": 500
}

Is it a bug that they don't return the same error message when security is disabled? Can this be normalized?
@chrisronline chrisronline added the :Security/Client Security in clients (Transport, Rest) label Dec 17, 2019
@elasticmachine
Copy link
Collaborator

Pinging @elastic/es-security (:Security/Client)

@chrisronline chrisronline mentioned this issue Dec 17, 2019
Merged
@jasontedor jasontedor mentioned this issue Dec 18, 2019
Merged
This was referenced Feb 3, 2020
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
>bug :Security/Client Security in clients (Transport, Rest)
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Always consume the body in has privileges jasontedor/elasticsearch
2 participants
@chrisronline @elasticmachine