Skip to content

Security api responses when security is disabled #50288

Closed
#50298
Closed
Security api responses when security is disabled#50288
#50298
Labels
:Security/ClientSecurity in clients (Transport, Rest)>bug
@chrisronline

Description

@chrisronline
chrisronline
opened on Dec 17, 2019

This request:

curl -XPOST http://localhost:9200/_security/user/_has_privileges -H "Content-Type: application/json" -d '{"foo": 1}' -s | jq

when security is disabled results in:

{
  "error": {
    "root_cause": [
      {
        "type": "illegal_argument_exception",
        "reason": "request [POST /_security/user/_has_privileges] does not support having a body"
      }
    ],
    "type": "illegal_argument_exception",
    "reason": "request [POST /_security/user/_has_privileges] does not support having a body"
  },
  "status": 400
}

However, this request:

curl -XPOST http://localhost:9200/_security/user/_has_privileges -H "Content-Type: application/json" -s | jq

results in:

{
  "error": {
    "root_cause": [
      {
        "type": "exception",
        "reason": "Security must be explicitly enabled when using a [trial] license. Enable security by setting [xpack.security.enabled] to [true] in the elasticsearch.yml file and restart the node."
      }
    ],
    "type": "exception",
    "reason": "Security must be explicitly enabled when using a [trial] license. Enable security by setting [xpack.security.enabled] to [true] in the elasticsearch.yml file and restart the node."
  },
  "status": 500
}

Is it a bug that they don't return the same error message when security is disabled? Can this be normalized?

Metadata

Metadata

Assignees

No one assigned

    Labels

    :Security/ClientSecurity in clients (Transport, Rest)>bug

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions