Error when I try save a policy in "Index Lifecycle"

rebertty · September 15, 2021, 3:18pm

When I try edit or make a new policy return this message:

Error saving lifecycle policy logs

400: Bad Request. [request body._meta]: definition for this key is missing

This is my config:

readonlyrest:
    audit_collector: true
    access_control_rules:


    - name: "::LOGSTASH::"
      auth_key: logstash:logstash
      verbosity: error

    - name: "::APM::"
      auth_key: apmserver:apmserver
      verbosity: error

    - name: "::KIBANA-SRV::"
      auth_key: kibana:kibana
      kibana_access: unrestricted

    - name: "::FILEBEAT::"
      auth_key: filebeat:filebeat
      verbosity: error

    - name: "::RO::"
      auth_key: ro:dev
      kibana_access: ro
      indices: [ ".kibana", "logstash-*"]
      kibana_hide_apps: [ "Security", "Enterprise Search"]

    - name: "::RW::"
      auth_key: rw:dev
      kibana_access: rw
      indices: [".kibana", "logstash-*"]
      kibana_hide_apps: [ "Security", "Enterprise Search"]


    - name: "::ADMIN::"
      auth_key: elastic:teste
      # KIBANA ADMIN ACCESS NEEDED TO EDIT SECURITY SETTINGS IN ROR KIBANA APP!

    - name: "::WEBSITE SEARCH BOX::"
      indices: ["public"]
      actions: ["indices:data/read/*"]

    - name: "ldapA"
      type: allow
      ldap_auth:
        name: "ldap1"
        groups: ["GG_ApoioTecnologico"]

    - name: "ldapU"
      type: allow
      ldap_auth:
        name: "ldap1"
        groups: ["GG_ELK_IGESP"]
      kibana_access: ro
      indices: [ ".kibana", "*igesp*"]
      kibana_hide_apps: [ "Security", "Enterprise Search"]

    ldaps:
.
.
.

sscarduzio · September 16, 2021, 8:18pm

When you get that error while you try to to interact with index lifecycle, what are you trying to do? And what user are you? With what kibana_access level?

Can you see if you have a “FORBIDDEN” in elasticsearch.log while you test this? If yes, please show us.

rebertty · September 20, 2021, 11:01am

I am using a user without kibana_access:

user

This is my error when I save the new rule or modify any other,

This is the log in elasticsearch with a filter “ilm”:

sscarduzio · September 21, 2021, 9:13pm

Just tried to reproduce what I see in the screenshot provided, even with `kibana_access: unrestricted´ the following test case is working:

Navigate to /app/management/data/index_lifecycle_management/policies
Create new with hot phase, rollover enabled 20 megabytes
hit save

Policy created successfully in my case.
@rebertty please advise if my test case is not the same as what you are doing to reproduce the issue.

Your logs show the ILM requests are being accepted, very weird Kibana is seeing a response different than the one it’s expecting.

It would be interesting to see what Kibana is getting as a response. @rebertty are you able to go to Network tab in Chrome dev tools and try to observe the response to this request?

rebertty · September 23, 2021, 11:19am

Hi, insert “kibana_access: unrestricted” solves my problem, thanks for the attention.