The operator privilege feature works by settng a special header in authenticating user's threadContext. This header is not preserved in a mixed version cluster when the request must be rerouted from a local node to a remote node of different version:
|
// re-write the authentication since we want the authentication version to match the version of the connection |
|
securityContext.executeAfterRewritingAuthentication(original -> sendWithUser(connection, action, request, options, |
|
new ContextRestoreResponseHandler<>(threadPool.getThreadContext().wrapRestorable(original), handler), sender), |
|
minVersion); |
When sending request across nodes of different version, only the authentication object of the original request is preserved and other security related information is dropped. This leads to the remote node not recognising the user as an operator and in turns fails with and "unauthorized" (403) error.
The operator privilege feature works by settng a special header in authenticating user's threadContext. This header is not preserved in a mixed version cluster when the request must be rerouted from a local node to a remote node of different version:
elasticsearch/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/transport/SecurityServerTransportInterceptor.java
Lines 104 to 107 in 6895511
When sending request across nodes of different version, only the authentication object of the original request is preserved and other security related information is dropped. This leads to the remote node not recognising the user as an operator and in turns fails with and "unauthorized" (403) error.