Comments (12)
You are right : it is working fine with both plugins :)
I must have missed something in the documentation, but it is was not clear for me that the ROR_Kibana plugin was mandatory.
Nevermind, it's ok now. I am gonna close this ticket.
Thank you for your time and great job !
from elasticsearch-readonlyrest-plugin.
One more question/remark : why the _bulk_request is classified into "indices:data/write/bulk" ? Is it really a "write" ?
from elasticsearch-readonlyrest-plugin.
Am I the only one with this problem ?
from elasticsearch-readonlyrest-plugin.
Interesting because the http request to action association is hardcoded in Elasticsearch core code, ROR is not involved.
from elasticsearch-readonlyrest-plugin.
are you able to show us the full FORBIDDEN log?
it'd be great if you could enable debug logs (see how to do it) and show us ES logs from the session
from elasticsearch-readonlyrest-plugin.
The rule in readonlyrest.yml :
- name: "::ADMIN-RW::"
hosts: ["192.168.56.104"]
headers_and: ["~authorization:*", "x-elastic-product-origin:kibana", "user-agent:Kibana/8.*"]
proxy_auth:
proxy_auth_config: "LDAP-Group"
users: ["SUPERADMIN"]
api_keys: ["7bhIVmHa1BlltnaFYKHRvEuDnM3CIrLnhRZzL9T8QoTS00wsIYJlwjV1v9c8oALj"]
kibana_access: rw
The debug logs with the last 2 requests (when I try to display a dashboard in Kibana) :
- The one before the last is ALLOW
- The last one is FORBIDDEN
[2023-04-25T12:24:47,872][DEBUG][t.b.r.a.b.r.HostsRule ] [elk-test.test] [1129153076-918955219#13264] address IPs [192.168.56.104/32] resolved to [NonEmptyList(192.168.56.104/32)], allowed addresses [192.168.56.104/32] resolved to [NonEmptyList(192.168.56.104/32)], isMatching=true
[2023-04-25T12:24:47,872][DEBUG][t.b.r.a.b.Block ] [elk-test.test] matched { name: '::ADMIN-RW::', policy: ALLOW, rules: [proxy_auth,kibana_access,hosts,api_keys,headers_and] { found: user=SUPERADMIN;indices=.kibana_8.5.3;kibana_idx=.kibana }
[2023-04-25T12:24:47,874][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [elk-test.test] ALLOWED by { name: '::ADMIN-RW::', policy: ALLOW, rules: [proxy_auth,kibana_access,hosts,api_keys,headers_and] req={ ID:1129153076-918955219#13264, TYP:SearchRequest, CGR:<N/A>, USR:SUPERADMIN, BRS:true, KDX:.kibana, ACT:indices:data/read/search, OA:192.168.56.104/32, XFF:null, DA:192.168.56.104/32, IDX:.kibana_8.5.3, MET:POST, PTH:/.kibana_8.5.3/_search, CNT:{"size":10000,"seq_no_primary_term":true,"from":0,"_source":["index-pattern.title","index-pattern.type","index-pattern.typeMeta","index-pattern.name","namespace","namespaces","type","references","migrationVersion","coreMigrationVersion","updated_at","originId","title","type","typeMeta","name"],"query":{"bool":{"filter":[{"bool":{"should":[{"bool":{"must":[{"term":{"type":"index-pattern"}},{"terms":{"namespaces":["default","*"]}}],"must_not":[{"exists":{"field":"namespace"}}]}}],"minimum_should_match":1}}]}}}, HDR:Connection=keep-alive, Host=192.168.56.104:9200, accept=application/vnd.elasticsearch+json; compatible-with=8, content-length=513, content-type=application/vnd.elasticsearch+json; compatible-with=8, elastic-apm-traceparent=00-e25d4674c00f2b739121834a4d0e0be7-834a99f9f10d1eff-00, traceparent=00-e25d4674c00f2b739121834a4d0e0be7-834a99f9f10d1eff-00, tracestate=es=s:0, user-agent=Kibana/8.5.3, x-api-key=7bhIVmHa1BlltnaFYKHRvEuDnM3CIrLnhRZzL9T8QoTS00wsIYJlwjV1v9c8oALj, x-elastic-client-meta=es=8.3.0p,js=16.18.1,t=8.2.0,hc=16.18.1, x-elastic-product-origin=kibana, x-forwarded-group=SUPERADMIN, x-opaque-id=d74cfd0c-7aac-4cb8-a183-46800e71cd80;kibana:application:dashboards:1ce16080-e34e-11ed-bd66-8b6a2afffbc3, HIS:[::KIBANA::-> RULES:[auth_key_sha512->false] RESOLVED:[indices=.kibana_8.5.3]], [::KIBANA-NOAUTH1::-> RULES:[hosts->true, api_keys->true, headers_and->false] RESOLVED:[indices=.kibana_8.5.3]], [::KIBANA-NOAUTH2::-> RULES:[hosts->true, api_keys->true, headers_and->false] RESOLVED:[indices=.kibana_8.5.3]], [::ADMIN-RW::-> RULES:[proxy_auth->true, kibana_access->true, hosts->true, api_keys->true, headers_and->true] RESOLVED:[user=SUPERADMIN;indices=.kibana_8.5.3;kibana_idx=.kibana]], }
[2023-04-25T12:24:47,874][DEBUG][t.b.r.e.h.r.SearchRequestOps$] [elk-test.test] [1129153076-918955219#13264] No filter applied to query.
[2023-04-25T12:24:47,874][DEBUG][t.b.r.e.h.RegularRequestHandler] [elk-test.test] [1129153076-918955219#13264] Request processing time: 14ms
[2023-04-25T12:24:48,017][DEBUG][t.b.r.a.b.Block ] [elk-test.test] [::ADMIN-RW::] the request matches no rules in this block: { ID:956443883-1620119178#13283, TYP:BulkRequest, CGR:<N/A>, USR:[no info about user], BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:192.168.56.104/32, XFF:null, DA:192.168.56.104/32, IDX:.kibana_8.5.3, MET:POST, PTH:/_bulk, CNT:{"update":{"_id":"legacy-url-alias:default:index-pattern:7642ebba-626e-42b2-95c5-8afc2804d62d","_index":".kibana_8.5.3","_source":true}}{"script":{"source":"\n if (ctx._source[params.type].disabled != true) {\n if (ctx._source[params.type].resolveCounter == null) {\n ctx._source[params.type].resolveCounter = 1;\n }\n else {\n ctx._source[params.type].resolveCounter += 1;\n }\n ctx._source[params.type].lastResolved = params.time;\n ctx._source.updated_at = params.time;\n }\n ","lang":"painless","params":{"type":"legacy-url-alias","time":"2023-04-25T10:24:48.009Z"}}}, HDR:Connection=keep-alive, Host=192.168.56.104:9200, accept=application/vnd.elasticsearch+json; compatible-with=8, content-length=712, content-type=application/vnd.elasticsearch+x-ndjson; compatible-with=8, elastic-apm-traceparent=00-9d05ddadb9fc9838912a43acb9841c0d-910bacefae352291-00, traceparent=00-9d05ddadb9fc9838912a43acb9841c0d-910bacefae352291-00, tracestate=es=s:0, user-agent=Kibana/8.5.3, x-api-key=7bhIVmHa1BlltnaFYKHRvEuDnM3CIrLnhRZzL9T8QoTS00wsIYJlwjV1v9c8oALj, x-elastic-client-meta=es=8.3.0p,js=16.18.1,t=8.2.0,hc=16.18.1, x-elastic-product-origin=kibana, x-forwarded-group=SUPERADMIN, x-opaque-id=c3c9046b-c42c-422f-a6fe-e14ba61108b2;kibana:application:dashboards:1ce16080-e34e-11ed-bd66-8b6a2afffbc3, HIS:[::ADMIN-RW::-> RULES:[proxy_auth->true, kibana_access->false] RESOLVED:[user=SUPERADMIN;indices=.kibana_8.5.3]], }
[2023-04-25T12:24:48,024][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [elk-test.test] FORBIDDEN by default req={ ID:956443883-1620119178#13283, TYP:BulkRequest, CGR:<N/A>, USR:[no info about user], BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:192.168.56.104/32, XFF:null, DA:192.168.56.104/32, IDX:.kibana_8.5.3, MET:POST, PTH:/_bulk, CNT:{"update":{"_id":"legacy-url-alias:default:index-pattern:7642ebba-626e-42b2-95c5-8afc2804d62d","_index":".kibana_8.5.3","_source":true}}{"script":{"source":"\n if (ctx._source[params.type].disabled != true) {\n if (ctx._source[params.type].resolveCounter == null) {\n ctx._source[params.type].resolveCounter = 1;\n }\n else {\n ctx._source[params.type].resolveCounter += 1;\n }\n ctx._source[params.type].lastResolved = params.time;\n ctx._source.updated_at = params.time;\n }\n ","lang":"painless","params":{"type":"legacy-url-alias","time":"2023-04-25T10:24:48.009Z"}}}, HDR:Connection=keep-alive, Host=192.168.56.104:9200, accept=application/vnd.elasticsearch+json; compatible-with=8, content-length=712, content-type=application/vnd.elasticsearch+x-ndjson; compatible-with=8, elastic-apm-traceparent=00-9d05ddadb9fc9838912a43acb9841c0d-910bacefae352291-00, traceparent=00-9d05ddadb9fc9838912a43acb9841c0d-910bacefae352291-00, tracestate=es=s:0, user-agent=Kibana/8.5.3, x-api-key=7bhIVmHa1BlltnaFYKHRvEuDnM3CIrLnhRZzL9T8QoTS00wsIYJlwjV1v9c8oALj, x-elastic-client-meta=es=8.3.0p,js=16.18.1,t=8.2.0,hc=16.18.1, x-elastic-product-origin=kibana, x-forwarded-group=SUPERADMIN, x-opaque-id=c3c9046b-c42c-422f-a6fe-e14ba61108b2;kibana:application:dashboards:1ce16080-e34e-11ed-bd66-8b6a2afffbc3, HIS:[::KIBANA::-> RULES:[auth_key_sha512->false] RESOLVED:[indices=.kibana_8.5.3]], [::KIBANA-NOAUTH1::-> RULES:[hosts->true, api_keys->true, headers_and->false] RESOLVED:[indices=.kibana_8.5.3]], [::KIBANA-NOAUTH2::-> RULES:[hosts->true, api_keys->true, headers_and->false] RESOLVED:[indices=.kibana_8.5.3]], [::ADMIN-RW::-> RULES:[proxy_auth->true, kibana_access->false] RESOLVED:[user=SUPERADMIN;indices=.kibana_8.5.3]], }
[2023-04-25T12:24:48,026][DEBUG][r.suppressed ] [elk-test.test] path: /_bulk, params: {require_alias=true, refresh=false}
tech.beshu.ror.es.handler.response.ForbiddenResponse: Not enough privileges
at tech.beshu.ror.es.handler.response.ForbiddenResponse$.create(ForbiddenResponse.scala:75) ~[?:?]
at tech.beshu.ror.es.handler.RegularRequestHandler.onForbidden(RegularRequestHandler.scala:110) ~[?:?]
at tech.beshu.ror.es.handler.RegularRequestHandler.$anonfun$commitResult$1(RegularRequestHandler.scala:71) ~[?:?]
at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:23) ~[?:?]
at scala.util.Try$.apply(Try.scala:213) ~[?:?]
at tech.beshu.ror.es.handler.RegularRequestHandler.commitResult(RegularRequestHandler.scala:65) ~[?:?]
at tech.beshu.ror.es.handler.RegularRequestHandler.$anonfun$handle$2(RegularRequestHandler.scala:57) ~[?:?]
at tech.beshu.ror.es.handler.RegularRequestHandler.$anonfun$handle$2$adapted(RegularRequestHandler.scala:56) ~[?:?]
at tech.beshu.ror.utils.ScalaOps$AutoCloseableOps$.bracket$extension(ScalaOps.scala:182) ~[?:?]
at tech.beshu.ror.es.handler.RegularRequestHandler.$anonfun$handle$1(RegularRequestHandler.scala:56) ~[?:?]
at tech.beshu.ror.es.handler.RegularRequestHandler.$anonfun$handle$1$adapted(RegularRequestHandler.scala:55) ~[?:?]
at scala.Function1.$anonfun$andThen$1(Function1.scala:57) ~[?:?]
at monix.eval.Task$Map.apply(Task.scala:4514) ~[?:?]
at monix.eval.Task$Map.apply(Task.scala:4510) ~[?:?]
at monix.eval.internal.TaskRunLoop$.startLight(TaskRunLoop.scala:331) ~[?:?]
at monix.eval.Task.runAsyncOptF(Task.scala:811) ~[?:?]
at monix.eval.Task.runAsyncOpt(Task.scala:709) ~[?:?]
at monix.eval.Task.runAsync(Task.scala:659) ~[?:?]
at tech.beshu.ror.es.IndexLevelActionFilter.handleRequest(IndexLevelActionFilter.scala:175) ~[?:?]
at tech.beshu.ror.es.IndexLevelActionFilter.proceedByRorEngine(IndexLevelActionFilter.scala:161) ~[?:?]
at tech.beshu.ror.es.IndexLevelActionFilter.proceed(IndexLevelActionFilter.scala:147) ~[?:?]
at tech.beshu.ror.es.IndexLevelActionFilter.$anonfun$apply$1(IndexLevelActionFilter.scala:120) ~[?:?]
at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:23) ~[?:?]
at tech.beshu.ror.utils.AccessControllerHelper$$anon$1.run(AccessControllerHelper.scala:26) ~[?:?]
at java.security.AccessController.doPrivileged(AccessController.java:318) ~[?:?]
at tech.beshu.ror.utils.AccessControllerHelper$.doPrivileged(AccessControllerHelper.scala:25) ~[?:?]
at tech.beshu.ror.es.IndexLevelActionFilter.apply(IndexLevelActionFilter.scala:115) ~[?:?]
at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:84) ~[elasticsearch-8.5.3.jar:?]
at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:61) ~[elasticsearch-8.5.3.jar:?]
at org.elasticsearch.tasks.TaskManager.registerAndExecute(TaskManager.java:202) ~[elasticsearch-8.5.3.jar:?]
at org.elasticsearch.client.internal.node.NodeClient.executeLocally(NodeClient.java:112) ~[elasticsearch-8.5.3.jar:?]
at org.elasticsearch.client.internal.node.NodeClient.doExecute(NodeClient.java:90) ~[elasticsearch-8.5.3.jar:?]
at org.elasticsearch.client.internal.support.AbstractClient.execute(AbstractClient.java:380) ~[elasticsearch-8.5.3.jar:?]
at org.elasticsearch.client.internal.support.AbstractClient.bulk(AbstractClient.java:460) ~[elasticsearch-8.5.3.jar:?]
at org.elasticsearch.rest.action.document.RestBulkAction.lambda$prepareRequest$0(RestBulkAction.java:94) ~[elasticsearch-8.5.3.jar:?]
at org.elasticsearch.rest.BaseRestHandler.handleRequest(BaseRestHandler.java:103) ~[elasticsearch-8.5.3.jar:?]
at org.elasticsearch.xpack.security.rest.SecurityRestFilter.handleRequest(SecurityRestFilter.java:119) ~[?:?]
at tech.beshu.ror.es.ReadonlyRestPlugin$ChannelInterceptingRestHandlerDecorator.handleRequest(ReadonlyRestPlugin.scala:271) ~[?:?]
at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:397) ~[elasticsearch-8.5.3.jar:?]
at org.elasticsearch.rest.RestController.tryAllHandlers(RestController.java:531) ~[elasticsearch-8.5.3.jar:?]
at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:312) ~[elasticsearch-8.5.3.jar:?]
at org.elasticsearch.http.AbstractHttpServerTransport.dispatchRequest(AbstractHttpServerTransport.java:379) ~[elasticsearch-8.5.3.jar:?]
at org.elasticsearch.http.AbstractHttpServerTransport.handleIncomingRequest(AbstractHttpServerTransport.java:460) ~[elasticsearch-8.5.3.jar:?]
at org.elasticsearch.http.AbstractHttpServerTransport.incomingRequest(AbstractHttpServerTransport.java:353) ~[elasticsearch-8.5.3.jar:?]
at org.elasticsearch.http.netty4.Netty4HttpPipeliningHandler.handlePipelinedRequest(Netty4HttpPipeliningHandler.java:128) ~[?:?]
at org.elasticsearch.http.netty4.Netty4HttpPipeliningHandler.channelRead(Netty4HttpPipeliningHandler.java:118) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[?:?]
at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103) ~[?:?]
at io.netty.handler.codec.MessageToMessageCodec.channelRead(MessageToMessageCodec.java:111) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[?:?]
at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[?:?]
at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[?:?]
at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:346) ~[?:?]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:318) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[?:?]
at io.netty.handler.timeout.IdleStateHandler.channelRead(IdleStateHandler.java:286) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[?:?]
at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[?:?]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1373) ~[?:?]
at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1236) ~[?:?]
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1285) ~[?:?]
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:529) ~[?:?]
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468) ~[?:?]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[?:?]
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?]
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) ~[?:?]
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166) ~[?:?]
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:788) ~[?:?]
at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:689) ~[?:?]
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:652) ~[?:?]
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562) ~[?:?]
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997) ~[?:?]
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[?:?]
at java.lang.Thread.run(Thread.java:1589) ~[?:?]
from elasticsearch-readonlyrest-plugin.
Just to know : am I the only one with this issue ?
This problem is blocking and prevent to use the product.
from elasticsearch-readonlyrest-plugin.
@CedricP-AM I have a problem reproducing the issue. Are you able to use our ror-sandbox
to help us with reproduction? (see the link above). You can push your changes to the branch or create your own branch.
from elasticsearch-readonlyrest-plugin.
Thank you for your time @coutoPL.
First time with docker but I could easily start the ror-sandbox
.
I cannot reproduce either the issue in the ror-sandbox
. But there is a major difference between the sandbox and my environnement : I don't install ROR-Kibana in my environnement, only ROR-Elasticsearch (because I don't need ROR-Kibana features).
I used to install only the ROR-Elasticsearch plugin in version 6.5.4 and the "basic" Kibana was working fine with it.
Is it now mandatory to install the ROR-Kibana plugin in order to use Kibana in front of ROR-Elasticsearch ?
from elasticsearch-readonlyrest-plugin.
Yes, generally speaking the times where you deploy ROR in Elasticsearch together with the vanilla Kibana, and you expect a Kibana session to work without problems after passing basic auth credentials to the browser are long gone.
ROR has a forever-free plugin to take care of this. However, the free plugin is available for Kibana 7.9.0 onwards. For earlier Kibana versions, we can offer the PRO and Enterprise plugins only, but they're not free.
from elasticsearch-readonlyrest-plugin.
In 1.19.1 there was released KBN ROR Free. In the same version support for the basic auth window was abandoned. One of the reasons for introducing the Free version of ROR Kibana was the problems our users had with Kibana and the basic auth window (see eg this thread).
Moreover, rules like kibana_access
were always intended for ROR Kibana. The rule simply won't work as expected without ROR Kibana installed.
So, I think you should download and install both plugins and it should work like a charm ;)
from elasticsearch-readonlyrest-plugin.
We will review the docs and try to improve them. Thanks for sharing your thoughts
from elasticsearch-readonlyrest-plugin.
Related Issues (20)
- Does this work on ES 7.10.0? HOT 2
- Support for certificates in PEM format, in addition to keystore format HOT 3
- despite force_load_from_file=true, ROR plugin tries to load .readonlyrest index HOT 2
- Kibana Short url creation not recognised on Kibana 7.8.1 HOT 4
- When user access a forbidden resource, the user cannot access to kibana dashboards in 7.5.1 HOT 3
- Can't Update Kibana to 7.12.0 with ROR enabled HOT 6
- Curator can't create backup with ROR enabled HOT 7
- 请问配置更新有api吗? HOT 3
- Potential security issue HOT 7
- elasticsearch7.15.1 安装后启动报错
- Why are 403 response codes sent while ROR plugin isn't initiated? HOT 5
- No Tag in Github for Version v1.39.0-pre4_es7.17.3 HOT 4
- Indices rule not working for data stream ES 7.17 HOT 11
- How configure in docker compose with this plugin HOT 3
- Unable to make field private static final java.util.Map
- Error while installing ror plugin inside docker container HOT 2
- Unable to connect to LDAP server HOT 2
- Can't able to authenticate with LDAP HOT 14
- Kibana ::1:<port> ECONNREFUSED HOT 15
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from elasticsearch-readonlyrest-plugin.