Versions:
OpenSearch 1.3.8 to 2.5.0
Describe the issue:
Observed when upgrading a 3 node cluster from OpenSearch 1.3.8 to 2.5.0
I have an admintest user with full permissions that works as expected on a clean install for both 1.3.8 and 2.5.0.
When I perform a rolling upgrade, on the first node to be OpenSearch 2.5.0, the user no longer has full permissions on that node - see curl sample below. I can still search but not perform any cluster queries.
I can still connect to the other 1.3.8 nodes with full access.
If I force all nodes to be 2.5.0 the issue resolves itself but this means we currently have an unwanted workaround in our code.
Configuration:
My admintest user is created as:
{
“password”: “admintest”,
“opendistro_security_roles”: [
“all_access”
],
“backend_roles”: [
“all_access”
],
“attributes”: {
“attribute1”: “value1”,
“attribute2”: “value2”
}
}
Relevant Logs or Screenshots:
curl -k -s “https://:9200/_cat/nodes?v” -u admintest:admintest
{“error”:{“root_cause”:[{“type”:“security_exception”,“reason”:“no permissions for [cluster:monitor/state] and User [name=admintest, backend_roles=[cluster_all, cluster:monitor/state], all_access], requestedTenant=null]”}],“type”:“security_exception”,“reason”:“no permissions for [cluster:monitor/state] and User [name=admintest, backend_roles=[cluster_all, cluster:monitor/state], all_access], requestedTenant=null]”},“status”:403}