Can't delete by query

FredericBallot · February 2, 2018, 9:49am

Hello,

After successfully installed RoR elasticsearch and kibana pro and set a multi-tenant configuration, i’m not able to delete a dashboard nor a visualization.

[2018-02-02T09:37:17,775][INFO ][t.b.r.a.b.r.i.KibanaAccessSyncRule] RW access to Kibana, but unrecognized action indices:data/write/delete/byquery reqID: 544440920-565370379#1129
[2018-02-02T09:37:17,778][INFO ][t.b.r.a.ACL ] ESC[35mFORBIDDEN by default req={ ID:544440920-565370379#1129, TYP:DeleteByQueryRequest, CGR:N/A, USR:customer1.admin, BRS:false, ACT:indices:data/write/delete/byquery, OA:172.17.0.5, IDX:.kibana_customer1, MET:POST, PTH:/.kibana_customer1/_delete_by_query?refresh=true, CNT:<OMITTED, LENGTH=352>, HDR:authorization,Connection,Content-Length,content-type,Host,x-forwarded-user, HIS:[localhost->[hosts->false]], [::app::->[auth_key->false]], [::customer1_admin::->[kibana_access->false, proxy_auth->true]], [internal->[hosts->false]], [::legacy::->[proxy_auth->false]], [::KIBANA-SRV::->[auth_key->false]] }

My config:

name: ‘::customer1_admin::’
indices: [‘customer1_data’, ‘.kibana_customer1’ ]
kibana_access: admin
kibana_index: .customer1
proxy_auth: [‘customer1.admin’]
actions: [‘*’]

Does anyone have experience a problem with delete by query ?

Thanks

ld57 · February 2, 2018, 4:31pm

try

actions: ["indices:data/read/*","indices:data/write/*"

etc…
instead of “*”

just to check, could you retry ?

standard commands

indices:data/read/explain
indices:data/read/field_stats
indices:data/read/get
indices:data/read/mget
indices:data/read/msearch
indices:data/read/mtv
indices:data/read/scroll
indices:data/read/scroll/clear
indices:data/read/search
indices:data/read/tv

indices:data/write/bulk
indices:data/write/delete
indices:data/write/index
indices:data/write/update

sscarduzio · February 2, 2018, 5:28pm

Hello @FredericBallot, welcome to the ROR forum!

Two observations on your configuration:

Do you want the kibana index to be “.customer1” or “.kibana_customer1”? Because in the indices rule you are allowing one, and declaring the other on kibana_index rule. Pick one and set it in both indices and kibana_index.
Adding actions: ["*"] in the same rules block has no effect, because inside a block all rules have to check (they are evaluated in logic AND).
PRO TIP: Workarounds in this fashion are possible using a new block with the same “auth” rule, and the action rule.

Please correct 1) and let’s see what happens

FredericBallot · February 5, 2018, 1:50pm

Hi @sscarduzio,

It worked after adding a new rule block with only “auth” and “actions”.

Thanks a lot

sscarduzio · February 5, 2018, 3:07pm

Great!
BTW from the next version of ROR you won’t need that because I’m including all the write and update actions to be allowed in kibana_access: admin/rw for the Kibana index.