Features does not work with new version 1.32.0 of ROR for read mode

belotfi · August 4, 2021, 6:45pm

Hello
After switching to the new version of ES 7.12.1 and ROR 1.32.0 (entreprise version ReadonlyRest), I have the error below. is it possible to help me please, Thank you very much

The problematic config section in readonlyrest.yml is :

name: “::Kibana-Lecture::”
type: allow
ldap_authentication: “ldap_elasticstack”
indices: [“index*”]
kibana_index: “.kibana_publique”
kibana_access: ro
kibana_hide_apps: [“readonlyrest_kbn”, “Analytics|Maps”, “Analytics|Canvas”, “Analytics|Overview”, “Enterprise Search”, “Observability”,“Security”, “Management”]

When I access with KIBANA I have this error in screen :
Error: Unauthorized
at fetch_Fetch.fetchResponse (https://serveur:5601/39457/bundles/core/core.entry.js:6:33030)
at async interceptResponse (https://serveur:5601/39457/bundles/core/core.entry.js:6:28637)
at async https://serveur:5601/39457/bundles/core/core.entry.js:6:31117

And error in log is:
{“type”:“log”,“@timestamp”:“2021-08-04T14:08:23-04:00”,“tags”:[“error”,“http”],“pid”:22107,“message”:“ResponseError: forbidden: Response Error\n at onBody (/usr/share/kibana/node_modules/@elastic/elasticsearch/lib/Transport.js:337:23)\n at IncomingMessage.onEnd (/usr/share/kibana/node_modules/@elastic/elasticsearch/lib/Transport.js:264:11)\n at IncomingMessage.emit (events.js:327:22)\n at endReadableNT (internal/streams/readable.js:1327:12)\n at processTicksAndRejections (internal/process/task_queues.js:80:21) {\n meta: {\n body: { error: [Object] },\n statusCode: 401,\n headers: {\n ‘x-opaque-id’: ‘a5086837-362f-4dc3-b276-26ab95e27c9e’,\n ‘www-authenticate’: ‘Basic’,\n ‘content-type’: ‘application/json; charset=UTF-8’,\n ‘content-length’: ‘153’,\n date: ‘Wed, 04 Aug 2021 18:08:23 GMT’,\n connection: ‘keep-alive’,\n ‘keep-alive’: ‘timeout=5’\n },\n meta: {\n context: null,\n request: [Object],\n name: ‘elasticsearch-js’,\n connection: [Object],\n attempts: 0,\n aborted: false\n }\n },\n isBoom: true,\n isServer: false,\n data: null,\n output: {\n statusCode: 401,\n payload: {\n message: ‘forbidden: Response Error’,\n statusCode: 401,\n error: ‘Unauthorized’\n },\n headers: {}\n },\n [Symbol(SavedObjectsClientErrorCode)]: ‘SavedObjectsClient/notAuthorized’\n}”}
{“type”:“response”,“@timestamp”:“2021-08-04T14:08:23-04:00”,“tags”:,“pid”:22107,“method”:“put”,“statusCode”:401,“req”:{“url”:“/api/telemetry/v2/userHasSeenNotice”,“method”:“put”,“headers”:{“host”:“serveur:5601”,“kbn-version”:“7.12.1”,“user-agent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.82 Safari/537.36”,“content-type”:“application/json”,“accept”:“/”,“origin”:“https:/serveur:5601”,“sec-fetch-site”:“same-origin”,“sec-fetch-mode”:“cors”,“sec-fetch-dest”:“empty”,“referer”:“https://serveur:5601/app/home",“accept-encoding”:"gzip, deflate, br”,“accept-language”:“fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7”,“connection”:“close”,“x-ror-pkp-kibana-token”:“edncdr80lg7ofd53brrb1tiniqbboj”,“content-length”:“0”,“accept-charset”:“utf-8”},“remoteAddress”:“127.0.0.1”,“userAgent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.82 Safari/537.36”,“referer”:“https://serveur:5601/app/home"},“res”:{“statusCode”:401,“responseTime”:68,“contentLength”:79},“message”:"PUT /api/telemetry/v2/userHasSeenNotice 401 68ms - 79.0B”}

sscarduzio · August 4, 2021, 8:27pm

Please disable telemetry in kibana entirely. It messes up with ror ACL.

Add to kibana.yml

telemetry.enabled: false

belotfi · August 4, 2021, 9:05pm

That’s right Simone, I saw this setup in the docs and I got the wrong file, I used elasticsearch.yml instead of kibana.yml
Thank you very much, it works now,
Another point please (problem), I have several tenants, and when I create a space in one tenant, it appears in all the other tenants, space created should appear only in tenant where it was created.
I didn’t change anything in my configuration which worked with es 7.6.2 and ror 1.19.4
actually i use es 7.12.1 and ror 1.32.0
Thank you for help

belotfi · August 6, 2021, 1:59pm

Another issue , I have several tenants, and when I create a space in one tenant, it appears in all the other tenants, space created should appear only in tenant where it was created.
I didn’t change anything in my configuration which worked with es 7.6.2 and ror 1.19.4
actually i use es 7.12.1 and ror 1.32.0
Thank you for help

sscarduzio · August 6, 2021, 3:35pm

This should be fixed now I will send you a pre build so you can test. I will send you now the build link in a private message in this forum.