Kibana 7.10.2 gives Syntax Error after Patch

Billy · June 17, 2022, 3:37am

Hi,
I’m trying to build Kibana 7.10.2 and RoR 1.40.0 docker image. node/bin/node plugins/readonlyrestkbn/ror-tools.js patch is also needed by this Kibana version.
And I’ve got Syntax Error when runing Kibana:

[ROR] - serve.js - intercepting config
Configuring logger failed: /usr/share/kibana/plugins/readonlyrestkbn/node_modules/openid-client/lib/issuer.js:32
  #metadata;
  ^

SyntaxError: Invalid or unexpected token
    at Module._compile (internal/modules/cjs/loader.js:723:23)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:789:10)
    at Module.load (internal/modules/cjs/loader.js:653:32)
    at tryModuleLoad (internal/modules/cjs/loader.js:593:12)
    at Function.Module._load (internal/modules/cjs/loader.js:585:3)
    at Module.require (internal/modules/cjs/loader.js:692:17)
    at Module.Hook._require.Module.require (/usr/share/kibana/node_modules/require-in-the-middle/index.js:80:39)
    at Module.Hook._require.Module.require (/usr/share/kibana/node_modules/require-in-the-middle/index.js:80:39)
    at Module.Hook._require.Module.require (/usr/share/kibana/node_modules/require-in-the-middle/index.js:80:39)
    at Module.Hook._require.Module.require (/usr/share/kibana/node_modules/require-in-the-middle/index.js:80:39)

 FATAL  SyntaxError: Invalid or unexpected token

In the file /usr/share/kibana/plugins/readonlyrestkbn/node_modules/openid-client/lib/issuer.js

class Issuer {
  #metadata;  // Error is here
  constructor(meta = {}) {
    const aadIssValidation = meta[AAD_MULTITENANT];
    delete meta[AAD_MULTITENANT];
    ['introspection', 'revocation'].forEach((endpoint) => {
      // if intro/revocation endpoint auth specific meta is missing use the token ones if they
      // are defined
      if (
        meta[`${endpoint}_endpoint`] &&
        meta[`${endpoint}_endpoint_auth_methods_supported`] === undefined &&
        meta[`${endpoint}_endpoint_auth_signing_alg_values_supported`] === undefined
      ) {
        if (meta.token_endpoint_auth_methods_supported) {
          meta[`${endpoint}_endpoint_auth_methods_supported`] =
            meta.token_endpoint_auth_methods_supported;
        }
        if (meta.token_endpoint_auth_signing_alg_values_supported) {
          meta[`${endpoint}_endpoint_auth_signing_alg_values_supported`] =
            meta.token_endpoint_auth_signing_alg_values_supported;
        }
      }
    });

And also found other #metadata in /usr/share/kibana/plugins/readonlyrestkbn/node_modules/openid-client/lib/issuer.js

    this.#metadata = new Map();

    Object.entries(meta).forEach(([key, value]) => {
      this.#metadata.set(key, value);
      if (!this[key]) {
        Object.defineProperty(this, key, {
          get() {
            return this.#metadata.get(key);
          },
          enumerable: true,
        });
      }
    });

sscarduzio · June 17, 2022, 7:44am

Thank you @Billy for reporting this.
That #metadata is an interestingly named class field in the Issuer class of the node-openid-connect library.

Not sure the patcher is the culprit here. Maybe our transpiler is not taking care of it appropriately? @Dzuming WDYT?

Dzuming · June 19, 2022, 4:42am

Yes, that’s the problem with openid-client library and using the private class property JavaScript feature Private class features - JavaScript | MDN. It’s supported by node 12 and newer, but kibana 7.10,2 use node 10.23.1.

We need to transpile this feature somehow. I’m able to reproduce this issue and will take care of it.

Billy · June 20, 2022, 3:46am

Thanks a lot.
I’m wondering if there any way I can avoid this error temporarily. Cause I got an ELK cluster with fixed version.

sscarduzio · June 21, 2022, 8:04am

Hi @Billy,
Today @Dzuming found a nice solution to this problem: we will continue supporting OIDC authentication with Kibana < 7.12.0, using the older version of the OIDC client.

However, we will print a fat warning log about it at Kibana start up time where we warmly suggest to upgrade to a newer Kibana version in order to get the up-to-date OIDC client with all security fixes in place.

Please expect a pre build with this fix in place in a private message here in the forum.

Billy · June 21, 2022, 10:35am

Thanks a lot and with at least 20 characters LOL