Kibana ROR 1.19.5 issue

sscarduzio · June 7, 2020, 9:55pm

Hi @Diana,

We refactored a bit the code, now it works like this:

If the session comes through the proxy to Kibana, it will skip the login form (nothing changed)
When users press logout, they go to the login form (instead of pointlessly automatcally re-login)
We introduced a special URL “/login?autologin=false” where a userwill be shown the login form even when having a valid “x-forwarded-user” header (or a valid jwt query parameter).

I will send you a direct message in this forum with a new build, please notify me if you have troubles obtaining it.

cristianr · June 22, 2020, 10:27am

Hello,
Unfortunately kibana 7.6.2 won’t start with readonlyrest_kbn_enterprise-1.20.0-pre3_es7.6.2

Both Kibana and ES were tested with 7.6.2 version

Can you help us ? Many thanks

share/kibana/plugins/readonlyrest_kbn/public/less/main.less.ts doesn\\'t exist\\n      .tsx\\n        Field \\'browser\\' doesn\\'t contain a valid alias configuration\\n        /usr/share/kibana/plugins/readonlyrest_kbn/public/less/main.less.tsx doesn\\'t exist\\n      .json\\n        Field \\'browser\\' doesn\\'t contain a valid alias configuration\\n        /usr/share/kibana/plugins/readonlyrest_kbn/public/less/main.less.json doesn\\'t exist\\n      as directory\\n        /usr/share/kibana/plugins/readonlyrest_kbn/public/less/main.less doesn\\'t exist\\n[/usr/share/kibana/plugins/readonlyrest_kbn/public/less/main.less]\\n[/usr/share/kibana/plugins/readonlyrest_kbn/public/less/main.less.js]\\n[/usr/share/kibana/plugins/readonlyrest_kbn/public/less/main.less.ts]\\n[/usr/share/kibana/plugins/readonlyrest_kbn/public/less/main.less.tsx]\\n[/usr/share/kibana/plugins/readonlyrest_kbn/public/less/main.less.json]\\n @ ./plugins/readonlyrest_kbn/public/app.js 5:0-27\\n @ ./optimize/bundles/readonlyrest_kbn.entry.js' ],\n     warnings: [],\n     version: '4.41.0',\n     hash: '1b1babfef39eea789a40',\n     time: 151843,\n     builtAt: 1592820442367,\n     publicPath: '__REPLACE_WITH_PUBLIC_PATH__',\n     outputPath: '/usr/share/kibana/optimize/bundles',\n     assetsByChunkName:\n      { commons: [Array],\n        apm: [Array],\n        canvas: [Array],\n        core: 'core.bundle.js',\n        dark_theme: [Array],\n        dashboardViewer: 'dashboardViewer.bundle.js',\n        infra: 'infra.bundle.js',\n        kibana: [Array],\n        lens: 'lens.bundle.js',\n        light_theme: [Array],\n        maps: 'maps.bundle.js',\n        monitoring: [Array],\n        'plugin/advancedUiActions': 'plugin/advancedUiActions.bundle.js',\n        'plugin/bfetch': 'plugin/bfetch.bundle.js',\n        'plugin/cloud': 'plugin/cloud.bundle.js',\n        'plugin/dashboard_embeddable_container': [Array],\n        'plugin/data': 'plugin/data.bundle.js',\n        'plugin/dev_tools': 'plugin/dev_tools.bundle.js',\n        'plugin/embeddable': 'plugin/embeddable.bundle.js',\n        'plugin/eui_utils': 'plugin/eui_utils.bundle.js',\n        'plugin/expressions': 'plugin/expressions.bundle.js',\n        'plugin/graph': 'plugin/graph.bundle.js',\n        'plugin/home': 'plugin/home.bundle.js',\n        'plugin/inspector': 'plugin/inspector.bundle.js',\n        'plugin/kibana_legacy': 'plugin/kibana_legacy.bundle.js',\n        'plugin/licensing': 'plugin/licensing.bundle.js',\n        'plugin/management': 'plugin/management.bundle.js',\n        'plugin/navigation': 'plugin/navigation.bundle.js',\n        'plugin/newsfeed': 'plugin/newsfeed.bundle.js',\n        'plugin/reporting': 'plugin/reporting.bundle.js',\n        'plugin/security': 'plugin/security.bundle.js',\n        'plugin/share': 'plugin/share.bundle.js',\n        'plugin/status_page': 'plugin/status_page.bundle.js',\n        'plugin/uiActions': 'plugin/uiActions.bundle.js',\n        'plugin/usageCollection': 'plugin/usageCollection.bundle.js',\n        'plugin/visualizations': 'plugin/visualizations.bundle.js',\n        readonlyrest_kbn: 'readonlyrest_kbn.bundle.js',\n        siem: 'siem.bundle.js',\n        space_selector: 'space_selector.bundle.js',\n        stateSessionStorageRedirect: 'stateSessionStorageRedirect.bundle.js',\n        status_page: 'status_page.bundle.js',\n        timelion: 'timelion.bundle.js',\n        uptime: 'uptime.bundle.js' },\n     assets:\n      [ [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        ... 8 more items ],\n     filteredAssets: 0,\n     entrypoints:\n      { core: [Object],\n        monitoring: [Object],\n        space_selector: [Object],\n        dashboardViewer: [Object],\n        apm: [Object],\n        maps: [Object],\n        canvas: [Object],\n        infra: [Object],\n        siem: [Object],\n        uptime: [Object],\n        lens: [Object],\n        readonlyrest_kbn: [Object],\n        kibana: [Object],\n        stateSessionStorageRedirect: [Object],\n        status_page: [Object],\n        timelion: [Object],\n        'plugin/dashboard_embeddable_container': [Object],\n        'plugin/bfetch': [Object],\n        'plugin/data': [Object],\n        'plugin/dev_tools': [Object],\n        'plugin/eui_utils': [Object],\n        'plugin/embeddable': [Object],\n        'plugin/home': [Object],\n        'plugin/expressions': [Object],\n        'plugin/inspector': [Object],\n        'plugin/kibana_legacy': [Object],\n        'plugin/navigation': [Object],\n        'plugin/management': [Object],\n        'plugin/newsfeed': [Object],\n        'plugin/status_page': [Object],\n        'plugin/share': [Object],\n        'plugin/uiActions': [Object],\n        'plugin/visualizations': [Object],\n        'plugin/advancedUiActions': [Object],\n        'plugin/graph': [Object],\n        'plugin/reporting': [Object],\n        'plugin/usageCollection': [Object],\n        'plugin/cloud': [Object],\n        'plugin/licensing': [Object],\n        'plugin/security': [Object],\n        light_theme: [Object],\n        dark_theme: [Object] },\n     namedChunkGroups:\n      { core: [Object],\n        monitoring: [Object],\n        space_selector: [Object],\n        dashboardViewer: [Object],\n        apm: [Object],\n        maps: [Object],\n        canvas: [Object],\n        infra: [Object],\n        siem: [Object],\n        uptime: [Object],\n        lens: [Object],\n        readonlyrest_kbn: [Object],\n        kibana: [Object],\n        stateSessionStorageRedirect: [Object],\n        status_page: [Object],\n        timelion: [Object],\n        'plugin/dashboard_embeddable_container': [Object],\n        'plugin/bfetch': [Object],\n        'plugin/data': [Object],\n        'plugin/dev_tools': [Object],\n        'plugin/eui_utils': [Object],\n        'plugin/embeddable': [Object],\n        'plugin/home': [Object],\n        'plugin/expressions': [Object],\n        'plugin/inspector': [Object],\n        'plugin/kibana_legacy': [Object],\n        'plugin/navigation': [Object],\n        'plugin/management': [Object],\n        'plugin/newsfeed': [Object],\n        'plugin/status_page': [Object],\n        'plugin/share': [Object],\n        'plugin/uiActions': [Object],\n        'plugin/visualizations': [Object],\n        'plugin/advancedUiActions': [Object],\n        'plugin/graph': [Object],\n        'plugin/reporting': [Object],\n        'plugin/usageCollection': [Object],\n        'plugin/cloud': [Object],\n        'plugin/licensing': [Object],\n        'plugin/security': [Object],\n        light_theme: [Object],\n        dark_theme: [Object] },\n     chunks:\n      [ [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object] ],\n     modules:\n      [ [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        ... 7979 more items ],\n     filteredModules: 0,\n     logging: { 'webpack.buildChunkGraph.visitModules': [Object] },\n     children:\n      [ [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object],\n        [Object] ] },\n  isBoom: true,\n  isServer: true,\n  output:\n   { statusCode: 500,\n     payload:\n      { statusCode: 500,\n        error: 'Internal Server Error',\n        message: 'An internal server error occurred' },\n     headers: {} },\n  reformat: [Function],\n  typeof: [Function: internal] }"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins-system"],"pid":6,"message":"Stopping all plugins."}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","bfetch"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","graph"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","apm"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","cloud"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","spaces"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","home"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","share"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","data"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","translations"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","apm_oss"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","features"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","timelion"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","canvas"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","metrics"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","usageCollection"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","code"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","encryptedSavedObjects"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","infra"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","licensing"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","taskManager"],"pid":6,"message":"Stopping plugin"}
{"type":"log","@timestamp":"2020-06-22T10:07:23Z","tags":["info","plugins","siem"],"pid":6,"message":"Stopping plugin"}

 FATAL  Error: Optimizations failure.
   8079 modules
    
    ERROR in ./plugins/readonlyrest_kbn/public/icons.js
    Module not found: Error: Can't resolve './components/rorMenu' in '/usr/share/kibana/plugins/readonlyrest_kbn/public'
    
    ERROR in ./plugins/readonlyrest_kbn/public/hidden_apps_hack.js
    Module not found: Error: Can't resolve './less/main.less' in '/usr/share/kibana/plugins/readonlyrest_kbn/public'
    
    ERROR in ./plugins/readonlyrest_kbn/public/groups_hack.js
    Module not found: Error: Can't resolve './less/main.less' in '/usr/share/kibana/plugins/readonlyrest_kbn/public'
    
    ERROR in ./plugins/readonlyrest_kbn/public/app.js
    Module not found: Error: Can't resolve './less/main.less' in '/usr/share/kibana/plugins/readonlyrest_kbn/public'

sscarduzio · June 22, 2020, 1:37pm

yeah that build seems defective, I will send you the latest one in PM. Sorry about the issue.

Diana · June 23, 2020, 4:56pm

Hello,

I build a cluster with KB and ES v7.6.2 and ROR ES 1.19.5, ROR KB the prelease version you provided. I get to authenticate OK with proxy auth and basic auth. But i’ve encountered another issue. If, for example, i configure metricbeat to work with a full-admin user, for my proxy auth user, i am not able to access the Discover tab. I click on it, but i don’t get redirected to it, i cannot see the data metricbeat provides. This didn’t use to happen with v1.18.9 of ROR. Elasticsearch does not log anything when i click on this tab. Do you have any suggestions, please?

sscarduzio · June 23, 2020, 5:13pm

Do you see any error in the javascript console?

Diana · June 24, 2020, 10:05am

Hello,

So, i got the error in KB logs below:

Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: {“type”:“log”,"@timestamp":“2020-06-24T09:57:54Z”,“tags”:[“error”,“readonlyrest_kbn:onPreResponse”],“pid”:1242,“message”:“got an error [403] Forbidden for path /api/saved_objects/_bulk_get”}
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: >> WILL CONTINUE ON 403 { [undefined] forbidden, with { due_to={ 0=“FORBIDDEN_BY_BLOCK” } } :: {“path”:"/.kibana/_mget",“query”:{},“body”:"{“docs”:[{"_id":“index-pattern:297b2030-b569-11ea-9d25-45c7cefeee64”,"_index":".kibana"}]}",“statusCode”:403,“response”:"{“error”:{“root_cause”:[{“reason”:“forbidden”,“due_to”:[“FORBIDDEN_BY_BLOCK”]}],“reason”:“forbidden”,“due_to”:[“FORBIDDEN_BY_BLOCK”],“status”:403}}"}
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: at respond (/opt/application/Kibana/kibana-7.6.2-linux-x86_64/node_modules/elasticsearch/src/lib/transport.js:349:15)
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: at checkRespForFailure (/opt/application/Kibana/kibana-7.6.2-linux-x86_64/node_modules/elasticsearch/src/lib/transport.js:306:7)
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: at HttpConnector. (/opt/application/Kibana/kibana-7.6.2-linux-x86_64/node_modules/elasticsearch/src/lib/connectors/http.js:173:7)
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: at IncomingMessage.wrapper (/opt/application/Kibana/kibana-7.6.2-linux-x86_64/node_modules/elasticsearch/node_modules/lodash/lodash.js:4929:19)
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: at IncomingMessage.emit (events.js:203:15)
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: at endReadableNT (_stream_readable.js:1145:12)
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: at process._tickCallback (internal/process/next_tick.js:63:19)
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: status: 403,
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: displayName: ‘AuthorizationException’,
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: message:
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: ‘forbidden: [undefined] forbidden, with { due_to={ 0=“FORBIDDEN_BY_BLOCK” } }’,
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: path: ‘/.kibana/_mget’,
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: query: {},
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: body:
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: { error:
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: { root_cause: [Array],
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: reason: ‘forbidden’,
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: due_to: [Array],
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: status: 403 } },
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: statusCode: 403,
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: response:
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: ‘{“error”:{“root_cause”:[{“reason”:“forbidden”,“due_to”:[“FORBIDDEN_BY_BLOCK”]}],“reason”:“forbidden”,“due_to”:[“FORBIDDEN_BY_BLOCK”],“status”:403}}’,
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: toString: [Function],
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: toJSON: [Function],
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: isBoom: true,
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: isServer: false,
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: data: null,
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: output:
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: { statusCode: 403,
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: payload:
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: { message:
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: ‘forbidden: [undefined] forbidden, with { due_to={ 0=“FORBIDDEN_BY_BLOCK” } }’,
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: statusCode: 403,
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: error: ‘Forbidden’ },
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: headers:
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: { ‘kbn-name’: ‘008kb022’,
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: ‘kbn-license-sig’:
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: ‘6a481172595d7ee926268fb5044ccce7666ed1f6b53f855509e9bb3fbc78cd4d’,
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: ‘kbn-xpack-sig’: ‘e33a1d18dc869ce2f2cc0378531d931a’ } },
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: reformat: [Function],
Jun 24 09:57:54 di-esaas-fe-p008c022k-01 kibana[1242]: [Symbol(SavedObjectsClientErrorCode)]: ‘SavedObjectsClient/forbidden’ }

I also tried adding this in kibana.yml:

readonlyrest_kbn.whitelistedPaths: [".*/api/saved_objects$"]

but with no success.

Thanks!

sscarduzio · June 24, 2020, 10:46am

@coutoPL can this be the silent 403 issue you fixed last week?

coutoPL · June 24, 2020, 2:01pm

yes, I’d recommend to test 1.20.0. Will be available to download today evening.

coutoPL · June 24, 2020, 3:25pm

1.20.0 is available …

Diana · June 25, 2020, 12:58pm

Hello,

I tested the new v1.20.0. I got the same error below:

Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: {“type”:“log”,"@timestamp":“2020-06-25T10:53:09Z”,“tags”:[“error”,“readonlyrest_kbn:onPreResponse”],“pid”:30131,“message”:“got an error [403] Forbidden for path /api/saved_objects/_bulk_get”}
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: >> WILL CONTINUE ON 403 { [undefined] forbidden, with { due_to={ 0=“FORBIDDEN_BY_BLOCK” } } :: {“path”:"/.kibana/_mget",“query”:{},“body”:"{“docs”:[{"_id":“index-pattern:dc20f930-b6d1-11ea-ac67-c7958664fc6f”,"_index":".kibana"}]}",“statusCode”:403,“response”:"{“error”:{“root_cause”:[{“reason”:“forbidden”,“due_to”:[“FORBIDDEN_BY_BLOCK”]}],“reason”:“forbidden”,“due_to”:[“FORBIDDEN_BY_BLOCK”],“status”:403}}"}
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: at respond (/opt/application/Kibana/kibana-7.6.2-linux-x86_64/node_modules/elasticsearch/src/lib/transport.js:349:15)
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: at checkRespForFailure (/opt/application/Kibana/kibana-7.6.2-linux-x86_64/node_modules/elasticsearch/src/lib/transport.js:306:7)
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: at HttpConnector. (/opt/application/Kibana/kibana-7.6.2-linux-x86_64/node_modules/elasticsearch/src/lib/connectors/http.js:173:7)
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: at IncomingMessage.wrapper (/opt/application/Kibana/kibana-7.6.2-linux-x86_64/node_modules/elasticsearch/node_modules/lodash/lodash.js:4929:19)
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: at IncomingMessage.emit (events.js:203:15)
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: at endReadableNT (_stream_readable.js:1145:12)
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: at process._tickCallback (internal/process/next_tick.js:63:19)
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: status: 403,
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: displayName: ‘AuthorizationException’,
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: message:
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: ‘forbidden: [undefined] forbidden, with { due_to={ 0=“FORBIDDEN_BY_BLOCK” } }’,
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: path: ‘/.kibana/_mget’,
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: query: {},
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: body:
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: { error:
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: { root_cause: [Array],
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: reason: ‘forbidden’,
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: due_to: [Array],
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: status: 403 } },
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: statusCode: 403,
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: response:
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: ‘{“error”:{“root_cause”:[{“reason”:“forbidden”,“due_to”:[“FORBIDDEN_BY_BLOCK”]}],“reason”:“forbidden”,“due_to”:[“FORBIDDEN_BY_BLOCK”],“status”:403}}’,
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: toString: [Function],
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: toJSON: [Function],
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: isBoom: true,
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: isServer: false,
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: data: null,
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: output:
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: { statusCode: 403,
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: payload:
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: { message:
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: ‘forbidden: [undefined] forbidden, with { due_to={ 0=“FORBIDDEN_BY_BLOCK” } }’,
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: statusCode: 403,
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: error: ‘Forbidden’ },
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: headers:
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: { ‘kbn-name’: ‘003kb008’,
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: ‘kbn-license-sig’:
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: ‘11cdbb4ef044cdbe56e3609466b57eb207eb3e99e73b5249f9b2f27fd5cc30f3’,
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: ‘kbn-xpack-sig’: ‘74e5ee183098adf89bea72eb0d0bf62a’ } },
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: reformat: [Function],
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: [Symbol(SavedObjectsClientErrorCode)]: ‘SavedObjectsClient/forbidden’ }
Jun 25 10:53:09 di-esaas-fe-p003c008k-01 kibana[30131]: {“type”:“response”,"@timestamp":“2020-06-25T10:53:09Z”,“tags”:[],“pid”:30131,“method”:“post”,“statusCode”:400,“req”:{“url”:"/api/saved_objects/_bulk_get",“method”:“post”,"

Thanks!

coutoPL · June 25, 2020, 1:50pm

could you please show your ES logs

Diana · June 25, 2020, 2:12pm

ES does not log anything when i do the same operation.

coutoPL · June 25, 2020, 2:15pm

maybe you should enable debug logs?

github.com

beshu-tech/readonlyrest-docs/blob/master/elasticsearch.md#troubleshooting

# For Elasticsearch

## Overview: The ReadonlyREST Suite

ReadonlyREST is a light weight Elasticsearch plugin that adds encryption, authentication, authorization and access control capabilities to Elasticsearch embedded REST API. The core of this plugin is an ACL engine that checks each incoming request through a sequence of **rules** a bit like a firewall. There are a dozen rules that can be grouped in sequences of blocks and form a powerful representation of a logic chain.

The Elasticsearch plugin known as `ReadonlyREST Free` is released under the GPLv3 license, or alternatively, a commercial license \(see [ReadonlyREST Embedded](https://readonlyrest.com/embedded)\) and lays the technological foundations for the companion Kibana plugin which is released in two versions: [ReadonlyREST PRO](https://readonlyrest.com/pro) and [ReadonlyREST Enterprise](https://readonlyrest.com/enterprise).

Unlike the Elasticsearch plugin, the Kibana plugins are commercial only. But rely on the Elasticsearch plugin in order to work.

For a description of the Kibana plugins, skip to the [dedicated documentation page](kibana/) instead.

### ReadonlyREST Free plugin for Elasticsearch

In this document we are going to describe how to operate the Elasticsearch plugin in all its features. Once installed, this plugin will greatly extend the Elasticsearch HTTP API \(port 9200\), adding numerous extra capabilities:

* **Encryption**: transform the Elasticsearch API from HTTP to HTTPS
* **Authentication**: require credentials
* **Authorization**: declare groups of users, permissions and partial access to indices.
* **Access control**: complex logic can be modeled using an ACL \(access control list\) written in YAML.

This file has been truncated. show original

Diana · June 26, 2020, 7:40am

Hello,

I realized i made the upgrade to v 1.20.0 just for KB ROR. So, i made a new rebuild, making an upgrade for ES ROR also. By doing this, i am back to the proxy auth/basic auth login issue @sscarduzio fixed before…

sscarduzio · June 26, 2020, 6:23pm

So when you logout from proxy user, you’re logged in back again in 1.20.0? Will have a look

Diana · June 29, 2020, 7:28am

Hi,

I mean this issue:

when a login request comes through the proxy, the x-forwarded-user header will take priority over login form credentials.

Thanks!

Diana · July 2, 2020, 10:40am

Hello,

Any updates, please?

Thanks!

sscarduzio · July 3, 2020, 10:51am

We will take care of this over the weekend.

Diana · July 7, 2020, 11:50am

Hello,

Do you have a solution for this yet?

Thanks,
Diana

sscarduzio · July 7, 2020, 2:32pm

Hi Diana, yes we know where the bug is, we are wrapping up a fix. Thanks for your patience.