Elasticsearch basic auth

[afilimonov]

Gentics Mesh Version, operating system, or hardware.

• v0.30.5

Operating System

• Linux

JVM

• Provided by Gentics Mesh

Problem

Gentics Mesh cannot Connect to Elasticsearch with enabled security. 401 nonauthorized error.

Reproducer

Elasticsearch search Open Distro with basic auth enabled.

Expected behaviour and actual

Ability to configure/use basic auth credentials with elasticsearch. The credentials can be in the keystone or provided via secret/env variables (Kubernetes setup)

[Jotschi]

@afilimonov Is this related to the now free security features? I did not really follow up on this.

• https://www.elastic.co/de/blog/doubling-down-on-open
• https://www.elastic.co/de/blog/elastic-stack-6-3-0-released

[afilimonov]

We use Open Distro provided by AWS. It includes security plugin which is a fork of Search Gard.

[mephinet]

According to https://www.elastic.co/blog/security-for-elasticsearch-is-now-free, security ("file" and "native" realm) and encryption features are now part of the open source version of ElasticSearch, starting with versions 6.8 and 7.1.
Therefore, Mesh should support TLS communication with Mesh and support the "native" security realm.

[Jotschi]

This first requires the elasticsearch client to be updated. PR is already in place: gentics/elasticsearch-java-client#4

[Jotschi]

Enhancement has been released with 0.36.2