New elasticsearch.AuthorizationError after upgrading to 1.60

We are using Elasticsearch & Kibana 8.15.3 and ROR 1.60

We are seeing new, intermittent AuthorizationErrors on the close_indices API call.

We close indices 1 by 1.
Here is the access policy we are currently utilizing. Is this a known issue, or are there any ways to workaround this. We did not see this prior to the upgrade (we were on 1.54.0 and ES 8.12.0).

• name: ‘Allow group snapshot restore’
  groups: [‘snapshot_restore’]
  actions:
  • cluster:admin/repository/*
  • cluster:admin/snapshot/*
  • cluster:admin/slm/*
  • cluster:manage_slm/*
  • cluster:monitor/*
  • indices:monitor/*
  • indices:admin/settings/*
  • indices:admin/open
  • indices:admin/close
  • indices:admin/get

What do you mean by „intermittent AuthorizationErrors”? Do you see any exception in ES log?
Did you tested ROR 1.60.0 with the old ES version you used? Maybe you didn’t add proper action related to the close indices API? Did you check that?

What do you mean by „intermittent AuthorizationErrors”?

If I have 10 indices, some close, then 1 unexpectedly fails. If I try again I can close all of them, so it is not consistent.

Do you see any exception in ES log?

I don’t see anything specific related to this query

Did you tested ROR 1.60.0 with the old ES version you used?

Yes, we saw this issue with 8.12.0 as well + ROR 1.60.

Maybe you didn’t add proper action related to the close indices API? Did you check that?

Yes I did, you see in my original post that I have the close indices action listed in the policy.

I tried to reproduce the problem on my side and I think all works well.
I used ROR Sandbox for testing. Please take a look: [RORDEV-1321] reproduction attempt by coutoPL · Pull Request #56 · beshu-tech/ror-sandbox · GitHub

In the PR there is a description of how to run the stack and how to call the ES API using curl. Do you see any differences (ROR settings or curl or anything else) in relation to your environment and tests?