Kibana ROR 1.19.5 issue

Diana · June 4, 2020, 12:14pm

Hello,

We-ve updated our ROR to v.1.19.5 Enterprise for both Kibana and ES(v 7.2.0). We are encountering an issue when trying to login with basic auth , we receive an 403 error.

We use proxy auth for authentication, but for example, for an user which does not have access with proxy auth and needs to login with basic auth, it won’t work.

The ROR config below:

>   readonlyrest:
>   prompt_for_basic_auth: false
>   access_control_rules:
>     - name: "Full Admin Users"
>       groups: ["full-admin"]
>     - name: "Forbidden for .readonlyrest index"
>       groups: ["client_admin"]
>       type: "forbid"
>       indices: [".readonlyrest"]
>       methods: ["PUT", "POST", "DELETE"]
>     - name: "Client Admin Group Kibana"
>       groups: ["client_admin"]
>       indices: ["*"]
>       kibana_access: "admin"
>       # kibana_hide_apps: ["readonlyrest_kbn"]
>     - name: "Client Admin Group"
>       groups: ["client_admin"]
>     - name: "Data Group Kibana"
>       groups: ["data_injection"]
>       indices: ["*"]
>       kibana_access: "admin"
>       kibana_hide_apps: ["readonlyrest_kbn"]
>     - name: "Data Group 0"
>       groups: ["data_injection"]
>       indices: ["metricbeat*", "<metricbeat*", "metrics-monitoring"]
>       actions:
>         [
>           "indices:data/write/*",
>           "cluster:admin/ilm/*",
>           "indices:admin/create",
>           "indices:admin/template/put",
>         ]
>   proxy_auth_configs:
>     - name: "px1"
>       user_id_header: "x-forwarded-user"
>   users:
>     - username: "clientadmin"
>       groups: ["client_admin"]
>       auth_key_sha256: "c6469804fc686990915a9f92aa714b6f2bf33f10163f583474f9fc39f41228c0"
>     - username: "fulladmin"
>       groups: ["full-admin"]
>       auth_key: "fulladmin:password"
>     - username: "kibana"
>       groups: ["full-admin"]
>       auth_key_sha256: "fff0f7fa02f346e545609caa0f44313b9f1fe4dda55ace8d14c8a77921b84f63"
>     - username: "monitoring"
>       groups: ["data_injection"]
>       auth_key_sha256: "c4607464dfc76905515f5cec33c2185dcffebafdcacd9c6eef34ca747ec13e00"
>     - username: "sspo"
>       groups: ["full-admin"]
>       auth_key_sha256: "329e5fcc91b9d519e7682612dc7acb6ffa179e043ab92bcf2f540ad82ab244c9"
>     - username: "proyuser"
>       groups: ["client_admin"]
>       proxy_auth:
>         proxy_auth_config: "px1"
>         users: ["proxyuser"]

sscarduzio · June 4, 2020, 12:29pm

Please have a look in elasticsearch logs and grep the line with the string “FORBIDDEN” associated to the 403 code you receive while attempting to login.

Identify the ACL block name you think should have matched, and see in the “HIS:” (history) field of that log line what rules inside that block didn’t match.

Diana · June 4, 2020, 2:31pm

Hello,

ES logs seem to resolve all my ACLs:

[2020-06-04T11:16:11,334][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [es-host] ALLOWED by { name: ‘Full Admin Users’, policy: ALLOW, rules: [groups] req={ ID:349497748-695856833#2839, TYP:MainRequest, CGR:N/A, USR:fulladmin, BRS:true, KDX:null, ACT:cluster:monitor/main, OA:172.24.135.156/32, XFF:null, DA:172.24.135.156/32, IDX:<N/A>, MET:GET, PTH:/, CNT:<N/A>, HDR:Accept-Encoding=gzip, Authorization=, Host=es-ost:9200, User-Agent=Go-http-client/1.1, content-length=0, HIS:[Full Admin Users-> RULES:[groups->true], RESOLVED:[user=fulladmin;group=full-admin;av_groups=full-admin]] }

The KB logs, instead are giving a 304 status code

Jun 4 11:16:19 localhost kibana[23438]: {“type”:“response”,“@timestamp”:“2020-06-04T11:16:19Z”,“tags”:,“pid”:23438,“method”:“get”,“statusCode”:304,“req”:{“url”:“/plugins/readonlyrest_kbn/session_probe.txt”,“method”:“get”,“headers”:{“host”:“localhost:5601”,“accept”:“/”,“x-requested-with”:“XMLHttpRequest”,“kbn-xsrf”:“7.2.0”,“kbn-version”:“7.2.0”,“user-agent”:“Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36”,“sec-fetch-site”:“same-origin”,“sec-fetch-mode”:“cors”,“sec-fetch-dest”:“empty”,“referer”:“https://localhost:5601/app/kibana",“accept-encoding”:"gzip, deflate, br”,“accept-language”:“en-US,en;q=0.9,ro;q=0.8,fr;q=0.7”,“if-none-match”:“"7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb"”,“if-modified-since”:“Thu, 04 Jun 2020 08:59:13 GMT”,“x-client-ip”:“10.115.64.97”,“x-forwarded-proto”:“https”,“x-forwarded-for”:“10.115.64.97, 172.24.135.178",“username”:“pbtp6209”,“x-forwarded-user”:“pbtp6209”,“email”:"daniel.albu@orange.com”,“firstname”:“Name”,“lastname”:“Name”,“x-forwarded-host”:“localhost:5601”,“x-forwarded-server”:“portal.com”,“connection”:“close”},“remoteAddress”:“x.x.x.x”,“userAgent”:“x.x.x.x”,“referer”:“https://localhost:5601/app/kibana"},“res”:{“statusCode”:304,“responseTime”:3,“contentLength”:9},“message”:"GET /plugins/readonlyrest_kbn/session_probe.txt 304 3ms - 9.0B”}

sscarduzio · June 4, 2020, 2:37pm

This is not a login request, this is just a random ping to Elasticsearch. The request you are looking for should have this path: PTH:/_readonlyrest/metadata/current_user and should say “FORBIDDEN” in the beginning, not “ALLOWED”.
I suggest to re attempt the login with the local user credentials as you did before (which ones did you use?), and look for the log line again.

Diana · June 5, 2020, 1:23pm

Hello,

Elasticsearch logs do not show anything with FORBIDDEN when trying to login with the fulladmin user. Actually if trying to curl the ES I get a 200 OK:

curl -k -v -u fulladmin:password https://localhost:9200

which makes me believe that the problem is with the Kibana plugin.

From what i understand from the kibana log below, my assumption is that i get authenticated with proxy auth, and the cookie for this user is not being release in order to be able to login with basic auth. Take into account that this user is not in the proxy auth users and needs basic auth authentication.

Jun 5 13:06:23 kibana-01 kibana[23241]: {“type”:“response”,“@timestamp”:“2020-06-05T13:06:23Z”,“tags”:,“pid”:23241,“method”:“get”,“statusCode”:404,“req”:{“url”:“/k/plugins/readonlyrest_kbn/css/armata_montserrat_font.css”,“method”:“get”,“headers”:{“host”:“kibana:5601”,“user-agent”:“Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36”,“accept”:“text/css,/;q=0.1”,“sec-fetch-site”:“same-origin”,“sec-fetch-mode”:“no-cors”,“sec-fetch-dest”:“style”,“accept-encoding”:“gzip, deflate, br”,“accept-language”:“en-US,en;q=0.9”,“x-client-ip”:“x.x.x.x”,“x-forwarded-proto”:“https”,“x-forwarded-for”:“x.x.x.x, x.x.x.x",“username”:“user1”,“x-forwarded-user”:“user1”,“email”:"user1@example.com”,“firstname”:“User1”,“lastname”:“User1”,“x-forwarded-host”:“kibana-01”,“x-forwarded-server”:“portal.example”,“connection”:“close”},“remoteAddress”:“x.x.x.x”,“userAgent”:“x.x.x.x”},“res”:{“statusCode”:404,“responseTime”:24,“contentLength”:9},“message”:“GET /k/plugins/readonlyrest_kbn/css/armata_montserrat_font.css 404 24ms - 9.0B”}

Thanks!

sscarduzio · June 5, 2020, 1:32pm

The log line with 404 is unrelated: it’s just a missing CSS file, it’s a known cosmetic bug which is actually fixed (will be available on next release).

However, maybe now I understood better what you mean: basically the issue is that when a login request comes through the proxy, the x-forwarded-user header will take priority over login form credentials?

Diana · June 5, 2020, 1:45pm

Exactly, i suppose this is the issue.

sscarduzio · June 5, 2020, 7:06pm

OK will have a look and notify back here

sscarduzio · June 7, 2020, 9:55pm

Hi @Diana,

We refactored a bit the code, now it works like this:

If the session comes through the proxy to Kibana, it will skip the login form (nothing changed)
When users press logout, they go to the login form (instead of pointlessly automatcally re-login)
We introduced a special URL “/login?autologin=false” where a userwill be shown the login form even when having a valid “x-forwarded-user” header (or a valid jwt query parameter).

I will send you a direct message in this forum with a new build, please notify me if you have troubles obtaining it.

cristianr · June 22, 2020, 10:27am

Hello,
Unfortunately kibana 7.6.2 won’t start with readonlyrest_kbn_enterprise-1.20.0-pre3_es7.6.2

Both Kibana and ES were tested with 7.6.2 version

Can you help us ? Many thanks

share/kibana/plugins/readonlyrest_kbn/public/less/main.less.ts doesn\\'t exist\\n      .tsx\\n        Field \\'browser\\' doesn\\'t contain a valid alias configuration\\n        /usr/share/kibana/plugins/readonlyrest_kbn/public/less/main.less.tsx doesn\\'t exist\\n      .json\\n        Field \\'browser\\' doesn\\'t contain a valid alias configuration\\n        /usr/share/kibana/plugins/readonlyrest_kbn/public/less/main.less.json doesn\\'t exist\\n      as directory\\n        /usr/share/kibana/plugins/readonlyrest_kbn/public/less/main.less doesn\\'t exist\\n[/usr/share/kibana/plugins/readonlyrest_kbn/public/less/main.less]\\n[/usr/share/kibana/plugins/readonlyrest_kbn/public/less/main.less.js]\\n[/usr/share/kibana/plugins/readonlyrest_kbn/public/less/main.less.ts]\\n[/usr/share/kibana/plugins/readonlyrest_kbn/public/less/main.less.tsx]\\n[/usr/share/kibana/plugins/readonlyrest_kbn/public/less/main.less.json]\\n @ ./plugins/readonlyrest_kbn/public/app.js 5:0-27\\n @ ./optimize/bundles/readonlyrest_kbn.entry.js' ],\n     warnings: [],\n     version: '4.41.0',\n     hash: '1b1babfef39eea789a40',\n     time: 151843,\n     builtAt: 1592820442367,\n     publicPath: '__REPLACE_WITH_PUBLIC_PATH__',\n     outputPath: '/usr/share/kibana/optimize/bundles',\n     assetsByChunkName:\n      { commons: [Array],\n        apm: [Array],\n        canvas: [Array],\n        core: 'core.bundle.js',\n        dark_theme: [Array],\n        dashboardViewer: 'dashboardViewer.bundle.js',\n        infra: 'infra.bundle.js',\n        kibana: [Array],\n        lens: 'lens.bundle.js',\n        light_theme: [Array],\n        maps: 'maps.bundle.js',\n        monitoring: [Array],\n        'plugin/advancedUiActions': 'plugin/advancedUiActions.bundle.js',\n        'plugin/bfetch': 'plugin/bfetch.bundle.js',\n        'plugin/cloud': 'plugin/cloud.bundle.js',\n        'plugin/dashboard_embeddable_container': [Array],\n        'plugin/data': 'plugin/data.bundle.js',\n        'plugin/dev_tools': 'plugin/dev_tools.bundle.js',\n        'plugin/embeddable': 'plugin/embeddable.bundle.js',\n        'plugin/eui_utils': 'plugin/eui_utils.bundle.js',\n        'plugin/expressions': 'plugin/expressions.bundle.js',\n        'plugin/graph': 'plugin/graph.bundle.js',\n        'plugin/home': 'plugin/home.bundle.js',\n        'plugin/inspector': 'plugin/inspector.bundle.js',\n        'plugin/kibana_legacy': 'plugin/kibana_legacy.bundle.js',\n        'plugin/licensing': 'plugin/licensing.bundle.js',\n        'plugin/management': 'plugin/management.bundle.js',\n        'plugin/navigation': 'plugin/navigation.bundle.js',\n        'plugin/newsfeed': 'plugin/newsfeed.bundle.js',\n        'plugin/reporting': 'plugin/reporting.bundle.js',\n        'plugin/security': 'plugin/security.bundle.js',\n        'plugin/share': 'plugin/share.bundle.js',\n        'plugin/status_page': 'plugin/status_page.bundle.js',\n        'plugin/uiActions': 'plugin/uiActions.bundle.js',\n        'plugin/usageCollection': 'plugin/usageCollection.bundle.js',\n        'plugin/visualizations': 'plugin/visualizations.bundle.js',\n        readonlyrest_kbn: 'readonlyrest_kbn.bundle.js',\n        siem: 'siem.bundle.js',\n        space_selector: 'space_selector.bundle.js',\n        stateSessionStorageRedirect: 'stateSessionStorageRedirect.bundle.js',\n        status_page: 'status_page.bundle.js',\n        timelion: 'timelion.bundle.js',\n        uptime: 'uptime.bundle.js' },\n     assets:\n      [ [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        ... 8 more items ],\n     filteredAssets: 0,\n     entrypoints:\n      { core: [Object],\n        monitoring: [Object],\n        space_selector: [Object],\n        dashboardViewer: [Object],\n        apm: [Object],\n        maps: [Object],\n        canvas: [Object],\n        infra: [Object],\n        siem: [Object],\n        uptime: [Object],\n        lens: [Object],\n        readonlyrest_kbn: [Object],\n        kibana: [Object],\n        stateSessionStorageRedirect: [Object],\n        status_page: [Object],\n        timelion: [Object],\n        'plugin/dashboard_embeddable_container': [Object],\n        'plugin/bfetch': [Object],\n        'plugin/data': [Object],\n        'plugin/dev_tools': [Object],\n        'plugin/eui_utils': [Object],\n        'plugin/embeddable': [Object],\n        'plugin/home': [Object],\n        'plugin/expressions': [Object],\n        'plugin/inspector': [Object],\n        'plugin/kibana_legacy': [Object],\n        'plugin/navigation': [Object],\n        'plugin/management': [Object],\n        'plugin/newsfeed': [Object],\n        'plugin/status_page': [Object],\n        'plugin/share': [Object],\n        'plugin/uiActions': [Object],\n        'plugin/visualizations': [Object],\n        'plugin/advancedUiActions': [Object],\n        'plugin/graph': [Object],\n        'plugin/reporting': [Object],\n        'plugin/usageCollection': [Object],\n        'plugin/cloud': [Object],\n        'plugin/licensing': [Object],\n        'plugin/security': [Object],\n        light_theme: [Object],\n        dark_theme: [Object] },\n     namedChunkGroups:\n      { core: [Object],\n        monitoring: [Object],\n        space_selector: [Object],\n        dashboardViewer: [Object],\n        apm: [Object],\n        maps: [Object],\n        canvas: [Object],\n        infra: [Object],\n        siem: [Object],\n        uptime: [Object],\n        lens: [Object],\n        readonlyrest_kbn: [Object],\n        kibana: [Object],\n        stateSessionStorageRedirect: [Object],\n        status_page: [Object],\n        timelion: [Object],\n        'plugin/dashboard_embeddable_container': [Object],\n        'plugin/bfetch': [Object],\n        'plugin/data': [Object],\n        'plugin/dev_tools': [Object],\n        'plugin/eui_utils': [Object],\n        'plugin/embeddable': [Object],\n        'plugin/home': [Object],\n        'plugin/expressions': [Object],\n        'plugin/inspector': [Object],\n        'plugin/kibana_legacy': [Object],\n        'plugin/navigation': [Object],\n        'plugin/management': [Object],\n        'plugin/newsfeed': [Object],\n        'plugin/status_page': [Object],\n        'plugin/share': [Object],\n        'plugin/uiActions': [Object],\n        'plugin/visualizations': [Object],\n        'plugin/advancedUiActions': [Object],\n        'plugin/graph': [Object],\n        'plugin/reporting': [Object],\n        'plugin/usageCollection': [Object],\n        'plugin/cloud': [Object],\n        'plugin/licensing': [Object],\n        'plugin/security': [Object],\n        light_theme: [Object],\n        dark_theme: [Object] },\n     chunks:\n      [ [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object] ],\n     modules:\n      [ [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        ... 7979 more items ],\n     filteredModules: 0,\n     logging: { 'webpack.buildChunkGraph.visitModules': [Object] },\n     children:\n      [ [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object] ] },\n  isBoom: true,\n  isServer: true,\n  output:\n   { statusCode: 500,\n     payload:\n      { statusCode: 500,\n        error: 'Internal Server Error',\n        message: 'An internal server error occurred' },\n     headers: {} },\n  reformat: [Function],\n  typeof: [Function: internal] }"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins-system"],"pid":6,"message":"Stopping all plugins."}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","bfetch"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","graph"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","apm"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","cloud"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","spaces"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","home"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","share"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","data"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","translations"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","apm_oss"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","features"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","timelion"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","canvas"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","metrics"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","usageCollection"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","code"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","encryptedSavedObjects"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","infra"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","licensing"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","taskManager"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","siem"],"pid":6,"message":"Stopping plugin"}

 FATAL  Error: Optimizations failure.
   8079 modules
    
    ERROR in ./plugins/readonlyrest_kbn/public/icons.js
    Module not found: Error: Can't resolve './components/rorMenu' in '/usr/share/kibana/plugins/readonlyrest_kbn/public'
    
    ERROR in ./plugins/readonlyrest_kbn/public/hidden_apps_hack.js
    Module not found: Error: Can't resolve './less/main.less' in '/usr/share/kibana/plugins/readonlyrest_kbn/public'
    
    ERROR in ./plugins/readonlyrest_kbn/public/groups_hack.js
    Module not found: Error: Can't resolve './less/main.less' in '/usr/share/kibana/plugins/readonlyrest_kbn/public'
    
    ERROR in ./plugins/readonlyrest_kbn/public/app.js
    Module not found: Error: Can't resolve './less/main.less' in '/usr/share/kibana/plugins/readonlyrest_kbn/public'

sscarduzio · June 22, 2020, 1:37pm

yeah that build seems defective, I will send you the latest one in PM. Sorry about the issue.

Diana · June 23, 2020, 4:56pm

Hello,

I build a cluster with KB and ES v7.6.2 and ROR ES 1.19.5, ROR KB the prelease version you provided. I get to authenticate OK with proxy auth and basic auth. But i’ve encountered another issue. If, for example, i configure metricbeat to work with a full-admin user, for my proxy auth user, i am not able to access the Discover tab. I click on it, but i don’t get redirected to it, i cannot see the data metricbeat provides. This didn’t use to happen with v1.18.9 of ROR. Elasticsearch does not log anything when i click on this tab. Do you have any suggestions, please?

sscarduzio · June 23, 2020, 5:13pm

Do you see any error in the javascript console?

Diana · June 24, 2020, 10:05am

Hello,

So, i got the error in KB logs below:

Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: {“type”:“log”,"@timestamp":“2020-06-24T09:57:54Z”,“tags”:[“error”,“readonlyrest_kbn:onPreResponse”],“pid”:1242,“message”:“got an error [403] Forbidden for path /api/saved_objects/_bulk_get”}
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: >> WILL CONTINUE ON 403 { [undefined] forbidden, with { due_to={ 0=“FORBIDDEN_BY_BLOCK” } } :: {“path”:"/.kibana/_mget",“query”:{},“body”:"{“docs”:[{"_id":“index-pattern:297b2030-b569-11ea-9d25-45c7cefeee64”,"_index":".kibana"}]}",“statusCode”:403,“response”:"{“error”:{“root_cause”:[{“reason”:“forbidden”,“due_to”:[“FORBIDDEN_BY_BLOCK”]}],“reason”:“forbidden”,“due_to”:[“FORBIDDEN_BY_BLOCK”],“status”:403}}"}
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: at respond (/opt/application/Kibana/kibana-7.6.2-linux-x86_64/node_modules/elasticsearch/src/lib/transport.js:349:15)
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: at checkRespForFailure (/opt/application/Kibana/kibana-7.6.2-linux-x86_64/node_modules/elasticsearch/src/lib/transport.js:306:7)
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: at HttpConnector. (/opt/application/Kibana/kibana-7.6.2-linux-x86_64/node_modules/elasticsearch/src/lib/connectors/http.js:173:7)
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: at IncomingMessage.wrapper (/opt/application/Kibana/kibana-7.6.2-linux-x86_64/node_modules/elasticsearch/node_modules/lodash/lodash.js:4929:19)
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: at IncomingMessage.emit (events.js:203:15)
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: at endReadableNT (_stream_readable.js:1145:12)
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: at process._tickCallback (internal/process/next_tick.js:63:19)
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: status: 403,
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: displayName: ‘AuthorizationException’,
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: message:
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: ‘forbidden: [undefined] forbidden, with { due_to={ 0=“FORBIDDEN_BY_BLOCK” } }’,
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: path: ‘/.kibana/_mget’,
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: query: {},
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: body:
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: { error:
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: { root_cause: [Array],
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: reason: ‘forbidden’,
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: due_to: [Array],
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: status: 403 } },
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: statusCode: 403,
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: response:
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: ‘{“error”:{“root_cause”:[{“reason”:“forbidden”,“due_to”:[“FORBIDDEN_BY_BLOCK”]}],“reason”:“forbidden”,“due_to”:[“FORBIDDEN_BY_BLOCK”],“status”:403}}’,
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: toString: [Function],
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: toJSON: [Function],
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: isBoom: true,
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: isServer: false,
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: data: null,
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: output:
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: { statusCode: 403,
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: payload:
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: { message:
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: ‘forbidden: [undefined] forbidden, with { due_to={ 0=“FORBIDDEN_BY_BLOCK” } }’,
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: statusCode: 403,
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: error: ‘Forbidden’ },
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: headers:
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: { ‘kbn-name’: ‘008kb022’,
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: ‘kbn-license-sig’:
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: ‘6a481172595d7ee926268fb5044ccce7666ed1f6b53f855509e9bb3fbc78cd4d’,
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: ‘kbn-xpack-sig’: ‘e33a1d18dc869ce2f2cc0378531d931a’ } },
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: reformat: [Function],
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: [Symbol(SavedObjectsClientErrorCode)]: ‘SavedObjectsClient/forbidden’ }

I also tried adding this in kibana.yml:

readonlyrest_kbn.whitelistedPaths: [".*/api/saved_objects$"]

but with no success.

Thanks!

sscarduzio · June 24, 2020, 10:46am

@coutoPL can this be the silent 403 issue you fixed last week?

coutoPL · June 24, 2020, 2:01pm

yes, I’d recommend to test 1.20.0. Will be available to download today evening.

coutoPL · June 24, 2020, 3:25pm

1.20.0 is available …

Diana · June 25, 2020, 12:58pm

Hello,

I tested the new v1.20.0. I got the same error below:

Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: {“type”:“log”,"@timestamp":“2020-06-25T10:53:09Z”,“tags”:[“error”,“readonlyrest_kbn:onPreResponse”],“pid”:30131,“message”:“got an error [403] Forbidden for path /api/saved_objects/_bulk_get”}
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: >> WILL CONTINUE ON 403 { [undefined] forbidden, with { due_to={ 0=“FORBIDDEN_BY_BLOCK” } } :: {“path”:"/.kibana/_mget",“query”:{},“body”:"{“docs”:[{"_id":“index-pattern:dc20f930-b6d1-11ea-ac67-c7958664fc6f”,"_index":".kibana"}]}",“statusCode”:403,“response”:"{“error”:{“root_cause”:[{“reason”:“forbidden”,“due_to”:[“FORBIDDEN_BY_BLOCK”]}],“reason”:“forbidden”,“due_to”:[“FORBIDDEN_BY_BLOCK”],“status”:403}}"}
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: at respond (/opt/application/Kibana/kibana-7.6.2-linux-x86_64/node_modules/elasticsearch/src/lib/transport.js:349:15)
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: at checkRespForFailure (/opt/application/Kibana/kibana-7.6.2-linux-x86_64/node_modules/elasticsearch/src/lib/transport.js:306:7)
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: at HttpConnector. (/opt/application/Kibana/kibana-7.6.2-linux-x86_64/node_modules/elasticsearch/src/lib/connectors/http.js:173:7)
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: at IncomingMessage.wrapper (/opt/application/Kibana/kibana-7.6.2-linux-x86_64/node_modules/elasticsearch/node_modules/lodash/lodash.js:4929:19)
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: at IncomingMessage.emit (events.js:203:15)
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: at endReadableNT (_stream_readable.js:1145:12)
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: at process._tickCallback (internal/process/next_tick.js:63:19)
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: status: 403,
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: displayName: ‘AuthorizationException’,
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: message:
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: ‘forbidden: [undefined] forbidden, with { due_to={ 0=“FORBIDDEN_BY_BLOCK” } }’,
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: path: ‘/.kibana/_mget’,
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: query: {},
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: body:
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: { error:
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: { root_cause: [Array],
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: reason: ‘forbidden’,
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: due_to: [Array],
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: status: 403 } },
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: statusCode: 403,
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: response:
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: ‘{“error”:{“root_cause”:[{“reason”:“forbidden”,“due_to”:[“FORBIDDEN_BY_BLOCK”]}],“reason”:“forbidden”,“due_to”:[“FORBIDDEN_BY_BLOCK”],“status”:403}}’,
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: toString: [Function],
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: toJSON: [Function],
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: isBoom: true,
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: isServer: false,
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: data: null,
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: output:
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: { statusCode: 403,
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: payload:
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: { message:
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: ‘forbidden: [undefined] forbidden, with { due_to={ 0=“FORBIDDEN_BY_BLOCK” } }’,
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: statusCode: 403,
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: error: ‘Forbidden’ },
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: headers:
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: { ‘kbn-name’: ‘003kb008’,
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: ‘kbn-license-sig’:
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: ‘11cdbb4ef044cdbe56e3609466b57eb207eb3e99e73b5249f9b2f27fd5cc30f3’,
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: ‘kbn-xpack-sig’: ‘74e5ee183098adf89bea72eb0d0bf62a’ } },
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: reformat: [Function],
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: [Symbol(SavedObjectsClientErrorCode)]: ‘SavedObjectsClient/forbidden’ }
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: {“type”:“response”,"@timestamp":“2020-06-25T10:53:09Z”,“tags”:[],“pid”:30131,“method”:“post”,“statusCode”:400,“req”:{“url”:"/api/saved_objects/_bulk_get",“method”:“post”,"

Thanks!

coutoPL · June 25, 2020, 1:50pm

could you please show your ES logs

Diana · June 25, 2020, 2:12pm

ES does not log anything when i do the same operation.