‏how to grant access to discover menu?

mpniel · January 30, 2024, 8:05pm

‏how to grant access to discover menu in readonlyrest.ylm file?
When I try to open Discover menu I get Error
=“OPERATION_NOT_ALLOWED” } } .status 401.

coutoPL · January 30, 2024, 8:30pm

please show us the FORBIDDEN log from the ES logs.

mpniel · January 31, 2024, 7:58pm

I searched for FORBIDDEN in the log file located in /var/log/elasticsearch/“cluster_name”.log .
I can find several log records for the time I tried to open the discover.
These log records doesn’t have my username as USR but the following: USR:[no info about user]

coutoPL · January 31, 2024, 8:02pm

please show us the full FORBIDDEN log entry

mpniel · January 31, 2024, 11:20pm

‏i have several log entries that took place in the same one or two minutes when i used the discover menu, which have inside the forbidden.
‏How could i know which of them is the one that caused the error?

coutoPL · February 1, 2024, 7:06pm

you can check x-ror-kibana-request-path header from HDR part of the log to see what part of Kibana it relates to.

but you can show us more than one entry, obivously

mpniel · February 4, 2024, 6:46pm

There is no such a string in the entire log file.
I can find the string USR:myusername in the log records with the timestamp I got the discover error.

coutoPL · February 4, 2024, 7:14pm

sorry, I cannot help you if you don’t show us your logs.

mpniel · February 4, 2024, 7:19pm

It is OK to show you all logs created since I got the forbidden error until 2 minutes after.?
dev_cls_blk.log (1.4 MB)

coutoPL · February 4, 2024, 8:25pm

please show us your readonlyrest.yml too

mpniel · February 5, 2024, 4:12pm

The user that gets the error is Mordi and it belongs to Elastic-Admins AD group.
readonlyrest_dev_7.5.blk.txt (16.0 KB)

coutoPL · February 5, 2024, 7:33pm

which user do you have configured as elasticsearch.username and elasticsearch.password in kibana.yml?

mpniel · February 11, 2024, 2:09pm

The username is elk, in kibana.yml.
the same as in the “allow all” section in readonlyrest.yml.

coutoPL · February 11, 2024, 7:19pm

I cannot reproduce your problem. But you can use our docker-based ROR-sandbox to reproduce it and create a PR we can analyze (probably you will want to change readonlyrest.yml, elasticsearch.yml or/and kibana.yml). We will help you when you are able to reproduce it with the ROR-sandbox.

mpniel · February 11, 2024, 8:41pm

‏Why did you ask about elasticsearch username,password in kibana.yml ?

coutoPL · February 12, 2024, 6:41pm

because the user used by Kibana should not be restricted. I wanted to see what block is matched for the internal Kibana requests

mpniel · February 13, 2024, 10:49am

The elasticsearch username/password in readonlyrest.yml are in the “allow all” name section.
Should the elasticsearch password be the same as in kibana.yml file?
If it is not equal then could it be the cause of the discover forbidden error I got?

coutoPL · February 13, 2024, 6:45pm

Using the information provided I cannot reproduce your issue. As I mentioned, you can use our ROR-sandbox, modify readonlyrest.yml, and create a PR. We will check it and try to advise sth or provide a fix.

mpniel · February 14, 2024, 5:12pm

I am an elasticsearch beginner not an expert. I don’t know how to reproduce the issue.

coutoPL · February 14, 2024, 7:07pm

But you experience the issue, right? So, try to use your ROR setup in ROR sandbox and see what happens.