Failed to find action [cluster:admin/xpack/security/user/has_privileges] to execute

1

Hello,

After upgrading elastic search + kibana + RoR from version 8.10.3 to version 8.14.1 I am getting the following error without any success to fix it:
[2024-06-20T07:07:00,888][WARN ][r.suppressed ] [logs.example.ro] path: /_async_search/status/FmNUbkppNFd1U3N5MnZteGJibTFSLXceWmp1NzFnbW1TbnlrQml6ZTRvYWcydzozMzA2MTcz, params: {keep_alive=60000ms, id=FmNUbkppNFd1U3N5MnZteGJibTFSLXceWmp1NzFnbW1TbnlrQml6ZTRvYWcydzozMzA2MTcz}, status: 500
java.lang.IllegalStateException: failed to find action [cluster:admin/xpack/security/user/has_privileges] to execute
at org.elasticsearch.client.internal.node.NodeClient.transportAction(NodeClient.java:134) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.client.internal.node.NodeClient.executeLocally(NodeClient.java:107) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.client.internal.node.NodeClient.doExecute(NodeClient.java:83) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.client.internal.support.AbstractClient.execute(AbstractClient.java:357) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.xpack.core.async.AsyncSearchSecurity.hasClusterPrivilege(AsyncSearchSecurity.java:71) ~[?:?]
at org.elasticsearch.xpack.core.async.AsyncSearchSecurity.currentUserCanSeeStatusOfAllSearches(AsyncSearchSecurity.java:59) ~[?:?]
at org.elasticsearch.xpack.core.async.AsyncTaskIndexService.retrieveStatus(AsyncTaskIndexService.java:523) ~[?:?]
at org.elasticsearch.xpack.search.TransportGetAsyncStatusAction.lambda$doExecute$0(TransportGetAsyncStatusAction.java:84) ~[?:?]
at org.elasticsearch.action.ActionListener$2.onResponse(ActionListener.java:171) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.support.ContextPreservingActionListener.onResponse(ContextPreservingActionListener.java:32) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.tasks.TaskManager$1.onResponse(TaskManager.java:202) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.tasks.TaskManager$1.onResponse(TaskManager.java:196) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.ActionListenerImplementations$RunBeforeActionListener.onResponse(ActionListenerImplementations.java:307) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.ActionListenerResponseHandler.handleResponse(ActionListenerResponseHandler.java:48) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.transport.TransportService$ContextRestoreResponseHandler.handleResponse(TransportService.java:1466) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.transport.TransportService$DirectResponseChannel.processResponse(TransportService.java:1563) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.transport.TransportService$DirectResponseChannel.sendResponse(TransportService.java:1537) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.transport.TaskTransportChannel.sendResponse(TaskTransportChannel.java:35) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.support.ChannelActionListener.onResponse(ChannelActionListener.java:32) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.support.ChannelActionListener.onResponse(ChannelActionListener.java:19) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.update.TransportUpdateAction.lambda$shardOperation$2(TransportUpdateAction.java:257) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.ActionListener$2.onResponse(ActionListener.java:171) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.bulk.TransportBulkAction.lambda$unwrappingSingleItemBulkResponse$0(TransportBulkAction.java:226) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.ActionListenerImplementations$ResponseWrappingActionListener.onResponse(ActionListenerImplementations.java:245) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.tasks.TaskManager$1.onResponse(TaskManager.java:202) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.tasks.TaskManager$1.onResponse(TaskManager.java:196) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.ActionListenerImplementations$RunBeforeActionListener.onResponse(ActionListenerImplementations.java:307) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.ActionListenerImplementations$RunBeforeActionListener.onResponse(ActionListenerImplementations.java:307) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.bulk.BulkOperation.completeBulkOperation(BulkOperation.java:321) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.bulk.BulkOperation.redirectFailuresOrCompleteBulkOperation(BulkOperation.java:316) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.core.AbstractRefCounted$1.closeInternal(AbstractRefCounted.java:118) ~[elasticsearch-core-8.14.1.jar:?]
at org.elasticsearch.core.AbstractRefCounted.decRef(AbstractRefCounted.java:70) ~[elasticsearch-core-8.14.1.jar:?]
at org.elasticsearch.action.support.RefCountingRunnable.close(RefCountingRunnable.java:112) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.bulk.BulkOperation$1.completeShardOperation(BulkOperation.java:402) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.bulk.BulkOperation$1.onResponse(BulkOperation.java:380) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.bulk.BulkOperation$1.onResponse(BulkOperation.java:348) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.tasks.TaskManager$1.onResponse(TaskManager.java:202) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.tasks.TaskManager$1.onResponse(TaskManager.java:196) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.ActionListenerImplementations$RunBeforeActionListener.onResponse(ActionListenerImplementations.java:307) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.support.replication.TransportReplicationAction$ReroutePhase.finishOnSuccess(TransportReplicationAction.java:1058) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.support.replication.TransportReplicationAction$ReroutePhase$1.handleResponse(TransportReplicationAction.java:970) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.support.replication.TransportReplicationAction$ReroutePhase$1.handleResponse(TransportReplicationAction.java:956) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.transport.TransportService$ContextRestoreResponseHandler.handleResponse(TransportService.java:1466) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.transport.TransportService$DirectResponseChannel.processResponse(TransportService.java:1563) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.transport.TransportService$DirectResponseChannel.sendResponse(TransportService.java:1537) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.transport.TaskTransportChannel.sendResponse(TaskTransportChannel.java:35) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.support.ChannelActionListener.onResponse(ChannelActionListener.java:32) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.support.ChannelActionListener.onResponse(ChannelActionListener.java:19) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.ActionListenerImplementations$RunBeforeActionListener.onResponse(ActionListenerImplementations.java:307) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.support.replication.TransportReplicationAction$AsyncPrimaryAction.lambda$runWithPrimaryShardReference$3(TransportReplicationAction.java:497) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.ActionListener$2.onResponse(ActionListener.java:171) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.ActionListenerImplementations$MappedActionListener.onResponse(ActionListenerImplementations.java:95) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.support.replication.ReplicationOperation.finish(ReplicationOperation.java:476) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.support.replication.ReplicationOperation.decPendingAndFinishIfNeeded(ReplicationOperation.java:463) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.support.replication.ReplicationOperation$1.lambda$onResponse$0(ReplicationOperation.java:183) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.support.replication.ReplicationOperation.updateCheckPoints(ReplicationOperation.java:363) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.support.replication.ReplicationOperation$1.onResponse(ReplicationOperation.java:179) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.support.replication.ReplicationOperation$1.onResponse(ReplicationOperation.java:174) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.support.replication.TransportWriteAction$WritePrimaryResult$1.onSuccess(TransportWriteAction.java:313) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.support.replication.TransportWriteAction$AsyncAfterWriteAction.maybeFinish(TransportWriteAction.java:470) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.support.replication.TransportWriteAction$AsyncAfterWriteAction.lambda$run$0(TransportWriteAction.java:522) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.common.util.concurrent.AsyncIOProcessor.notifyList(AsyncIOProcessor.java:111) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.common.util.concurrent.AsyncIOProcessor.drainAndProcessAndRelease(AsyncIOProcessor.java:89) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.common.util.concurrent.AsyncIOProcessor.put(AsyncIOProcessor.java:73) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.index.engine.InternalEngine.asyncEnsureTranslogSynced(InternalEngine.java:707) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.index.shard.IndexShard.syncAfterWrite(IndexShard.java:3802) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.support.replication.TransportWriteAction$AsyncAfterWriteAction.run(TransportWriteAction.java:520) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.support.replication.TransportWriteAction$WritePrimaryResult.runPostReplicationActions(TransportWriteAction.java:320) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.support.replication.ReplicationOperation.handlePrimaryResult(ReplicationOperation.java:174) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.ActionListener$2.onResponse(ActionListener.java:171) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.ActionListener.completeWith(ActionListener.java:276) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.bulk.TransportShardBulkAction$2.finishRequest(TransportShardBulkAction.java:287) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.bulk.TransportShardBulkAction$2.doRun(TransportShardBulkAction.java:248) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:26) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.bulk.TransportShardBulkAction.performOnPrimary(TransportShardBulkAction.java:300) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.bulk.TransportShardBulkAction.dispatchedShardOperationOnPrimary(TransportShardBulkAction.java:151) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.bulk.TransportShardBulkAction.dispatchedShardOperationOnPrimary(TransportShardBulkAction.java:79) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.action.support.replication.TransportWriteAction$1.doRun(TransportWriteAction.java:217) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:26) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.common.util.concurrent.TimedRunnable.doRun(TimedRunnable.java:33) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.doRun(ThreadContext.java:984) ~[elasticsearch-8.14.1.jar:?]
at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:26) ~[elasticsearch-8.14.1.jar:?]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144) ~[?:?]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642) ~[?:?]
at java.lang.Thread.run(Thread.java:1570) ~[?:?]

2

Hi @razvan1

Thanks for reporting this. Could you please confirm you use the latest ROR version (1.57.3)?

3

Hello @coutoPL ,

I am using readonlyrest-1.57.3_es8.14.1.zip and readonlyrest_kbn_universal-1.57.3_es8.14.1.zip.

Thanks

4

ok, great.
Are you able to tell us when you experience this error?

5

When I access Discover from all spaces.
Url is https://example.com/s/spacename/app/discover#/?_g=(filters:!(),refreshInterval:(pause:!t,value:60000),time:(from:now-15m,to:now))&_a=(columns:!(),filters:!(),index:prod-data,interval:auto,query:(language:kuery,query:‘’),sort:!(!(‘@timestamp’,desc)))
Also Access level: unrestricted
Hope this helps.

6

Ok, one more question: could you please show us your ReadonlyREST settings?

7

This is fixed. The pre-build to test: ROR 1.59.0-pre1 for ES 8.14.1

8

Hi @coutoPL,
Sorry for my late answer, I was in vacation.
ROR config is:

readonlyrest:
    audit:
      enabled: true
    outputs:
    - type: index
      serializer: tech.beshu.ror.requestcontext.QueryAuditLogSerializer

    access_control_rules:

    - name: "::KIBANA::"
      auth_key: kibana:xxx
      indices: ["*"]

    - name: "::REMOTE SERVERS::"
      api_keys: [xxx]
      indices: ["*"]

    - name: "::ELASTICSEARCH::"
      auth_key: elastic:xxx
      indices: ["*"]

    - name: Accept requests from users in group admins on all indexes
      ldap_auth:
        name: "ldap1"
        groups: ["admins"]
      indices: ["*"]
      kibana:
        access: unrestricted

    - name: Accept requests from users in group desi on index xxx
      ldap_auth:
        name: "ldap1"
        groups: ["logs_xxx"]
      indices: ["*xxx*", ".kibana*"]
      kibana:
        access: rw

    ldaps:

    - name: ldap1
      host: "xxx"
      port: 389
      ssl_enabled: false
      ssl_trust_all_certs: true
      ignore_ldap_connectivity_problems: true
      bind_dn: "uid=bind,cn=users,cn=accounts,dc=xxx,dc=xxx"
      bind_password: "xxx"
      search_user_base_DN: "cn=users,cn=accounts,dc=xxx,dc=xxx"
      search_groups_base_DN: "cn=groups,cn=accounts,dc=xx,dc=xx"
      user_id_attribute: "uid"
      unique_member_attribute: "member"
      group_name_attribute: "cn"
      group_search_filter: "(objectclass=top)"

Download link return me

<Error>
<Code>AccessDenied</Code>
<Message>Request has expired</Message>
<X-Amz-Expires>604800</X-Amz-Expires>
<Expires>2024-07-20T15:16:08Z</Expires>
<ServerTime>2024-07-20T20:27:08Z</ServerTime>
<RequestId>XNND4PX1TDYG1C2Q</RequestId>
<HostId>
ZpVL+87g6FIZ44ccb88h57yxUJ4OGJ9gr78qYnwkmRfgJzhHXA+ohCdwBJYNNO5V9OT7gOhu7YQ=
</HostId>
</Error>

Can you share it again please?

Thanks

9

Sure, here it’s:
ROR 1.59.0-pre1 for ES 8.14.1

10

Hi @coutoPL ,

It works with this version.
Do you know when will be released stable version?

Thanks

11

It will be a part of ROR 1.59.0. We are working on one important fix and when it’s done we will be able to release the new version. It should happen within 2 weeks or so.

1 Like
12

ROR 1.59.0 with the fix is released