Elasticsearch: Security: Migrate tool throws a NPE when not using a password
Original comment by @gmoskovicz:
x-pack version: 6.0 and 6.1
If you run the migration tool command without a password you get a NullPointerException:
bin/x-pack/migrate native -U http://localhost:9200 -u elastic
Response:
starting migration of users and roles...
importing users from [/Users/Gabriel/Documents/ElasticSearch/elasticsearch-6.0.0/config/x-pack/users]...
Exception in thread "main" ElasticsearchException[failed to get users that already exist, skipping user import]; nested: NullPointerException;
at org.elasticsearch.xpack.security.authc.esnative.ESNativeRealmMigrateTool$MigrateUserOrRoles.importUsers(ESNativeRealmMigrateTool.java:272)
at org.elasticsearch.xpack.security.authc.esnative.ESNativeRealmMigrateTool$MigrateUserOrRoles.execute(ESNativeRealmMigrateTool.java:149)
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:69)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:134)
at org.elasticsearch.cli.MultiCommand.execute(MultiCommand.java:69)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:134)
at org.elasticsearch.cli.Command.main(Command.java:90)
at org.elasticsearch.xpack.security.authc.esnative.ESNativeRealmMigrateTool.main(ESNativeRealmMigrateTool.java:91)
Caused by: java.lang.NullPointerException
at org.elasticsearch.xpack.security.authc.esnative.ESNativeRealmMigrateTool$MigrateUserOrRoles.postURL(ESNativeRealmMigrateTool.java:179)
at org.elasticsearch.xpack.security.authc.esnative.ESNativeRealmMigrateTool$MigrateUserOrRoles.getUsersThatExist(ESNativeRealmMigrateTool.java:218)
at org.elasticsearch.xpack.security.authc.esnative.ESNativeRealmMigrateTool$MigrateUserOrRoles.importUsers(ESNativeRealmMigrateTool.java:270)
... 7 more
This is because LINK REDACTED
new SecureString(password.value(options).toCharArray())));
elasticmachine
All 9 comments
Hello, Can I take up this bug? any pointers are much appreciated
ashishguptak
on 1 May 2018
@ashishguptak
You can work on this if you like.
The exception is throw from here: https://github.com/elastic/elasticsearch/blob/6.x/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeRealmMigrateTool.java#L166-L168 which assumes that there is always a username and password.
I think the best fix is to make the username and password required. The x-pack user and roles APIs aren't available unless security is enabled, so the tool should always be called with the -u and -p options specified.
joptsimple includes a mechanism for marking arguments as required. That should be sufficient to solve this bug.
tvernum
on 1 May 2018
thank you @tvernum for the inputs
ashishguptak
on 1 May 2018
Any working on this? Or shall I take it up?
thiyagu06
on 8 Jun 2018
Hi, I would like to take this up. Is this one still relevant?
MargaritaSolovyeva
on 26 Jul 2018
Hi, Can I take this up ?
ramneetb
on 30 Aug 2018
At this point in time, it does not appear that anyone is working on this. Feel free to take it up.
tvernum
on 31 Aug 2018
Hi,
i would like to work on this issue, can I? Any help will be appreciated!
MiguelFerreira1998
on 11 Nov 2018
@MiguelFerreira1998 There is already a PR open for this issue, sorry.
tvernum
on 11 Nov 2018
Related issues
brwe
路
3Comments
abtpst
路
3Comments
martijnvg
路
3Comments
DhairyashilBhosale
路
3Comments
rbayliss
路
3Comments