Log REST target with 403

[elasticmachine]

Original comment by @PhaedrusTheGreek:

It's very common when debugging security to see a message like this:

[403] {\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"action [indices:data/write/bulk] is unauthorized for user [logstash4]\"}],\"type\":\"security_exception\",\"reason\":\"action [indices:data/write/bulk] is unauthorized for user [logstash4]\"},\"status\":403}

Without further exploration, it's not obvious which request has failed. We can see that it is a _bulk request, but on which index? Seeing the index and/or the full REST target with this error message would really be helpful!

[ashishguptak]

Is this being worked upon? I can pick it up if not. I am a newbie, any pointers are much appreciated.

[jucaleb4]

Hi, I'm a newbie and also am looking to start. @ashishguptak have you gotten far with this yet?

[jucaleb4]

@PhaedrusTheGreek which Java file can we get started with to fix this, and how can we reproduce this error

[adityasraghav]

anyone working on this ? If not I'd like to give it a go.

[TCalise]

@adityasraghav Will you be working on this? if not, I wouldn't mind taking it.

[biglandm]

Is this anybody currently working on this?

[minglinlu]

How to fix this problem? I wanna learn.

[elasticmachine]

Pinging @elastic/es-core-features

[fdartayre]

Reproduced in 7.3. The index actions (for instance [indices:data/write/bulk], [indices:admin/create], [indices:data/write/index] and [indices:admin/delete]) don't inform the name of the index in the response in case of failure, which can make debugging challenging.

Is there any update on this?

[fdartayre]

Related: the name of the index is not logged either, even under the DEBUG logging level. It is only under the TRACE level of the o.e.t.TaskManager logger, so not really usable.