Description of the problem including expected versus actual behavior
@spalger discovered this issue while doing some testing around the action.destructive_requires_name setting: #66908 (comment)
In short, if you run Elasticsearch with security enabled and action.destructive_requires_name set to true, and you're ignoring unavailable indices, you can get a wildcard warning from an index deletion request that doesn't include a wildcard.
curl -s -XDELETE 'http://elastic:changeme@localhost:9200/functional-test-actions-index?ignore_unavailable=true&pretty'
{
"error" : {
"root_cause" : [
{
"type" : "illegal_argument_exception",
"reason" : "Wildcard expressions or all indices are not allowed"
}
],
"type" : "illegal_argument_exception",
"reason" : "Wildcard expressions or all indices are not allowed"
},
"status" : 400
}
This reproduces on 7.10.2 and master for me.
Steps to reproduce
Reproducing on the command line of a fresh 7.10.2 installation:
- Add
xpack.security.enabled: true and action.destructive_requires_name to config/elasticsearch.yml.
- Start elasticsearch and set the password for the
elastic user to `changeme.
- Run the following command:
curl -s -XDELETE 'http://elastic:changeme@localhost:9200/functional-test-actions-index?ignore_unavailable=true&pretty'
Reproducing using a YAML test:
- Add the following file to your Elasticsearch repo:
rest-api-spec/src/main/resources/rest-api-spec/test/indices.delete/20_destructive_wildcard.yml
---
setup:
- do:
cluster.put_settings:
body:
transient:
action.destructive_requires_name: "true"
flat_settings: true
---
teardown:
- do:
cluster.put_settings:
body:
transient:
action.destructive_requires_name: "false"
flat_settings: true
---
"Delete nonexistent concrete index with wildcard expansion disallowed":
- do:
indices.delete:
index: index3
ignore_unavailable: true
- Non-security yaml rest tests should pass:
./gradlew :rest-api-spec:yamlRestTest -Dtests.method="test {yaml=indices.delete/20*}"
- ...but the ones with security enabled will fail.
./gradlew ':x-pack:qa:core-rest-tests-with-security:integTest' --tests "org.elasticsearch.xpack.security.CoreWithSecurityClientYamlTestSuiteIT" -Dtests.method="test {yaml=indices.delete/20*}"
Description of the problem including expected versus actual behavior
@spalger discovered this issue while doing some testing around the
action.destructive_requires_namesetting: #66908 (comment)In short, if you run Elasticsearch with security enabled and
action.destructive_requires_nameset totrue, and you're ignoring unavailable indices, you can get a wildcard warning from an index deletion request that doesn't include a wildcard.This reproduces on 7.10.2 and master for me.
Steps to reproduce
Reproducing on the command line of a fresh 7.10.2 installation:
xpack.security.enabled: trueandaction.destructive_requires_nametoconfig/elasticsearch.yml.elasticuser to `changeme.Reproducing using a YAML test:
rest-api-spec/src/main/resources/rest-api-spec/test/indices.delete/20_destructive_wildcard.yml
./gradlew :rest-api-spec:yamlRestTest -Dtests.method="test {yaml=indices.delete/20*}"