delete_by_query authentication error: Action [indices:data/write/bulk[s]] is unauthorized for API key id of user [ ]

[kgeographer]

Elasticsearch version: 7.17.1

elasticsearch-py version: 7.17.1

Please make sure the major version matches the Elasticsearch server you are running.

Description of the problem including expected versus actual behavior:
I routinely access a 7.17.1 index for reads and writes from a Django app with elasticsearch-py, performing snapshots to GCS, etc. This works fine with both on a Mac dev laptop against a copy of the prod index, and the live index on a Ubuntu prod server. All Python access uses an API_KEY and API_ID combo - one set on dev version and another on the prod server. I also use Kibana logged in with a superuser account.

All ES actions in the app work fine on both dev and prod, except a delete_by_query, which fails on the prod server only

The result is this authentication error

elasticsearch7.exceptions.AuthorizationException: 
AuthorizationException(
  403, '
  {	"took":2,
  "timed_out":false,
  "total":1,
  "deleted":0,
  "batches":1,
  "version_conflicts":0,
  "noops":0,
  "retries":{"bulk":0,"search":0},
  "throttled_millis":0,
  "requests_per_second":-1.0,
  "throttled_until_millis":0,
  "failures":[
      {	"index": "myidx",
      "type":"_doc",
      "id":"14192344",
      "cause":{
        "type":"security_exception",
        "reason":
        "action [indices:data/write/bulk[s]] is unauthorized 
        for API key id [{api key id}] of user [{user}] 
        on indices [ myidx ], this action is granted by the index privileges 
        [create_doc,create,delete,index,write,all]"
      },
      "status":403
}]}')

Steps to reproduce:
note: place_id is unique

es.delete_by_query(
  "myindex",
  body={"query": {"terms": {"place_id": ["123456"]}}}
)

The expected behavior is the deletion of the specified doc. This does work fine on my local copy. The only difference between dev and prod actions is different 'api_key': ('{id}', '{key}') values, read from a hidden config.

es = Elasticsearch([{'host': 'localhost',
                     'port': 9200,
                     'api_key': ('{id}', '{key}'),
                     'timeout': 30,
                     'max_retries': 10,
                     'retry_on_timeout': True}])

Note that the same query works fine in Kibana, logged in as the same superuser reported in the above error.

POST /myindex/_delete_by_query
{
  "query": {
    "terms": {
      "place_id": ["123456"]
    }
  }
}

[pquentin]

Hello! And sorry for the very late reply. I'm the new maintainer of the client.

What this error means is that your API Key does not have the correct privileges to run that query. Since this is not a bug in the elasticsearch-py client, I hope you'll understand that I'll be closing that issue.

If you have more questions, I'd suggest posting a new topic in the Elasticsearch Discuss category. Thank you!