Hello, ELK 8.5.3 ROR 1.47.0_es8.5.3 Everything

The rule in readonlyrest.yml : <div class="snippet-clipboard-content notranslate p

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Thank you for your time <a class="user-mention notranslate" data-hovercard-type="user"

kibana_access is not working (_bulk_resolve are blocked),about sscarduzio/elasticsearch-readonlyrest-plugin

Comments (12)

CedricP-AM commented on June 14, 2024 1

You are right : it is working fine with both plugins :)
I must have missed something in the documentation, but it is was not clear for me that the ROR_Kibana plugin was mandatory.

Nevermind, it's ok now. I am gonna close this ticket.
Thank you for your time and great job !

from elasticsearch-readonlyrest-plugin.

CedricP-AM commented on June 14, 2024

One more question/remark : why the _bulk_request is classified into "indices:data/write/bulk" ? Is it really a "write" ?

from elasticsearch-readonlyrest-plugin.

CedricP-AM commented on June 14, 2024

Am I the only one with this problem ?

from elasticsearch-readonlyrest-plugin.

sscarduzio commented on June 14, 2024

Interesting because the http request to action association is hardcoded in Elasticsearch core code, ROR is not involved.

from elasticsearch-readonlyrest-plugin.

coutoPL commented on June 14, 2024

are you able to show us the full FORBIDDEN log?
it'd be great if you could enable debug logs (see how to do it) and show us ES logs from the session

from elasticsearch-readonlyrest-plugin.

CedricP-AM commented on June 14, 2024

The rule in readonlyrest.yml :

    - name: "::ADMIN-RW::"
      hosts: ["192.168.56.104"]
      headers_and: ["~authorization:*", "x-elastic-product-origin:kibana", "user-agent:Kibana/8.*"]
      proxy_auth:
        proxy_auth_config: "LDAP-Group"
        users: ["SUPERADMIN"]
      api_keys: ["7bhIVmHa1BlltnaFYKHRvEuDnM3CIrLnhRZzL9T8QoTS00wsIYJlwjV1v9c8oALj"]
      kibana_access: rw

The debug logs with the last 2 requests (when I try to display a dashboard in Kibana) :

The one before the last is ALLOW
The last one is FORBIDDEN

[2023-04-25T12:24:47,872][DEBUG][t.b.r.a.b.r.HostsRule    ] [elk-test.test] [1129153076-918955219#13264] address IPs [192.168.56.104/32] resolved to [NonEmptyList(192.168.56.104/32)], allowed addresses [192.168.56.104/32] resolved to [NonEmptyList(192.168.56.104/32)], isMatching=true
[2023-04-25T12:24:47,872][DEBUG][t.b.r.a.b.Block          ] [elk-test.test] matched { name: '::ADMIN-RW::', policy: ALLOW, rules: [proxy_auth,kibana_access,hosts,api_keys,headers_and] { found: user=SUPERADMIN;indices=.kibana_8.5.3;kibana_idx=.kibana }
[2023-04-25T12:24:47,874][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [elk-test.test] ALLOWED by { name: '::ADMIN-RW::', policy: ALLOW, rules: [proxy_auth,kibana_access,hosts,api_keys,headers_and] req={ ID:1129153076-918955219#13264, TYP:SearchRequest, CGR:<N/A>, USR:SUPERADMIN, BRS:true, KDX:.kibana, ACT:indices:data/read/search, OA:192.168.56.104/32, XFF:null, DA:192.168.56.104/32, IDX:.kibana_8.5.3, MET:POST, PTH:/.kibana_8.5.3/_search, CNT:{"size":10000,"seq_no_primary_term":true,"from":0,"_source":["index-pattern.title","index-pattern.type","index-pattern.typeMeta","index-pattern.name","namespace","namespaces","type","references","migrationVersion","coreMigrationVersion","updated_at","originId","title","type","typeMeta","name"],"query":{"bool":{"filter":[{"bool":{"should":[{"bool":{"must":[{"term":{"type":"index-pattern"}},{"terms":{"namespaces":["default","*"]}}],"must_not":[{"exists":{"field":"namespace"}}]}}],"minimum_should_match":1}}]}}}, HDR:Connection=keep-alive, Host=192.168.56.104:9200, accept=application/vnd.elasticsearch+json; compatible-with=8, content-length=513, content-type=application/vnd.elasticsearch+json; compatible-with=8, elastic-apm-traceparent=00-e25d4674c00f2b739121834a4d0e0be7-834a99f9f10d1eff-00, traceparent=00-e25d4674c00f2b739121834a4d0e0be7-834a99f9f10d1eff-00, tracestate=es=s:0, user-agent=Kibana/8.5.3, x-api-key=7bhIVmHa1BlltnaFYKHRvEuDnM3CIrLnhRZzL9T8QoTS00wsIYJlwjV1v9c8oALj, x-elastic-client-meta=es=8.3.0p,js=16.18.1,t=8.2.0,hc=16.18.1, x-elastic-product-origin=kibana, x-forwarded-group=SUPERADMIN, x-opaque-id=d74cfd0c-7aac-4cb8-a183-46800e71cd80;kibana:application:dashboards:1ce16080-e34e-11ed-bd66-8b6a2afffbc3, HIS:[::KIBANA::-> RULES:[auth_key_sha512->false] RESOLVED:[indices=.kibana_8.5.3]], [::KIBANA-NOAUTH1::-> RULES:[hosts->true, api_keys->true, headers_and->false] RESOLVED:[indices=.kibana_8.5.3]], [::KIBANA-NOAUTH2::-> RULES:[hosts->true, api_keys->true, headers_and->false] RESOLVED:[indices=.kibana_8.5.3]], [::ADMIN-RW::-> RULES:[proxy_auth->true, kibana_access->true, hosts->true, api_keys->true, headers_and->true] RESOLVED:[user=SUPERADMIN;indices=.kibana_8.5.3;kibana_idx=.kibana]], }
[2023-04-25T12:24:47,874][DEBUG][t.b.r.e.h.r.SearchRequestOps$] [elk-test.test] [1129153076-918955219#13264] No filter applied to query.
[2023-04-25T12:24:47,874][DEBUG][t.b.r.e.h.RegularRequestHandler] [elk-test.test] [1129153076-918955219#13264] Request processing time: 14ms


[2023-04-25T12:24:48,017][DEBUG][t.b.r.a.b.Block          ] [elk-test.test] [::ADMIN-RW::] the request matches no rules in this block: { ID:956443883-1620119178#13283, TYP:BulkRequest, CGR:<N/A>, USR:[no info about user], BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:192.168.56.104/32, XFF:null, DA:192.168.56.104/32, IDX:.kibana_8.5.3, MET:POST, PTH:/_bulk, CNT:{"update":{"_id":"legacy-url-alias:default:index-pattern:7642ebba-626e-42b2-95c5-8afc2804d62d","_index":".kibana_8.5.3","_source":true}}{"script":{"source":"\n            if (ctx._source[params.type].disabled != true) {\n              if (ctx._source[params.type].resolveCounter == null) {\n                ctx._source[params.type].resolveCounter = 1;\n              }\n              else {\n                ctx._source[params.type].resolveCounter += 1;\n              }\n              ctx._source[params.type].lastResolved = params.time;\n              ctx._source.updated_at = params.time;\n            }\n          ","lang":"painless","params":{"type":"legacy-url-alias","time":"2023-04-25T10:24:48.009Z"}}}, HDR:Connection=keep-alive, Host=192.168.56.104:9200, accept=application/vnd.elasticsearch+json; compatible-with=8, content-length=712, content-type=application/vnd.elasticsearch+x-ndjson; compatible-with=8, elastic-apm-traceparent=00-9d05ddadb9fc9838912a43acb9841c0d-910bacefae352291-00, traceparent=00-9d05ddadb9fc9838912a43acb9841c0d-910bacefae352291-00, tracestate=es=s:0, user-agent=Kibana/8.5.3, x-api-key=7bhIVmHa1BlltnaFYKHRvEuDnM3CIrLnhRZzL9T8QoTS00wsIYJlwjV1v9c8oALj, x-elastic-client-meta=es=8.3.0p,js=16.18.1,t=8.2.0,hc=16.18.1, x-elastic-product-origin=kibana, x-forwarded-group=SUPERADMIN, x-opaque-id=c3c9046b-c42c-422f-a6fe-e14ba61108b2;kibana:application:dashboards:1ce16080-e34e-11ed-bd66-8b6a2afffbc3, HIS:[::ADMIN-RW::-> RULES:[proxy_auth->true, kibana_access->false] RESOLVED:[user=SUPERADMIN;indices=.kibana_8.5.3]], }
[2023-04-25T12:24:48,024][INFO ][t.b.r.a.l.AccessControlLoggingDecorator] [elk-test.test] FORBIDDEN by default req={ ID:956443883-1620119178#13283, TYP:BulkRequest, CGR:<N/A>, USR:[no info about user], BRS:true, KDX:null, ACT:indices:data/write/bulk, OA:192.168.56.104/32, XFF:null, DA:192.168.56.104/32, IDX:.kibana_8.5.3, MET:POST, PTH:/_bulk, CNT:{"update":{"_id":"legacy-url-alias:default:index-pattern:7642ebba-626e-42b2-95c5-8afc2804d62d","_index":".kibana_8.5.3","_source":true}}{"script":{"source":"\n            if (ctx._source[params.type].disabled != true) {\n              if (ctx._source[params.type].resolveCounter == null) {\n                ctx._source[params.type].resolveCounter = 1;\n              }\n              else {\n                ctx._source[params.type].resolveCounter += 1;\n              }\n              ctx._source[params.type].lastResolved = params.time;\n              ctx._source.updated_at = params.time;\n            }\n          ","lang":"painless","params":{"type":"legacy-url-alias","time":"2023-04-25T10:24:48.009Z"}}}, HDR:Connection=keep-alive, Host=192.168.56.104:9200, accept=application/vnd.elasticsearch+json; compatible-with=8, content-length=712, content-type=application/vnd.elasticsearch+x-ndjson; compatible-with=8, elastic-apm-traceparent=00-9d05ddadb9fc9838912a43acb9841c0d-910bacefae352291-00, traceparent=00-9d05ddadb9fc9838912a43acb9841c0d-910bacefae352291-00, tracestate=es=s:0, user-agent=Kibana/8.5.3, x-api-key=7bhIVmHa1BlltnaFYKHRvEuDnM3CIrLnhRZzL9T8QoTS00wsIYJlwjV1v9c8oALj, x-elastic-client-meta=es=8.3.0p,js=16.18.1,t=8.2.0,hc=16.18.1, x-elastic-product-origin=kibana, x-forwarded-group=SUPERADMIN, x-opaque-id=c3c9046b-c42c-422f-a6fe-e14ba61108b2;kibana:application:dashboards:1ce16080-e34e-11ed-bd66-8b6a2afffbc3, HIS:[::KIBANA::-> RULES:[auth_key_sha512->false] RESOLVED:[indices=.kibana_8.5.3]], [::KIBANA-NOAUTH1::-> RULES:[hosts->true, api_keys->true, headers_and->false] RESOLVED:[indices=.kibana_8.5.3]], [::KIBANA-NOAUTH2::-> RULES:[hosts->true, api_keys->true, headers_and->false] RESOLVED:[indices=.kibana_8.5.3]], [::ADMIN-RW::-> RULES:[proxy_auth->true, kibana_access->false] RESOLVED:[user=SUPERADMIN;indices=.kibana_8.5.3]], }
[2023-04-25T12:24:48,026][DEBUG][r.suppressed             ] [elk-test.test] path: /_bulk, params: {require_alias=true, refresh=false}
tech.beshu.ror.es.handler.response.ForbiddenResponse: Not enough privileges
        at tech.beshu.ror.es.handler.response.ForbiddenResponse$.create(ForbiddenResponse.scala:75) ~[?:?]
        at tech.beshu.ror.es.handler.RegularRequestHandler.onForbidden(RegularRequestHandler.scala:110) ~[?:?]
        at tech.beshu.ror.es.handler.RegularRequestHandler.$anonfun$commitResult$1(RegularRequestHandler.scala:71) ~[?:?]
        at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:23) ~[?:?]
        at scala.util.Try$.apply(Try.scala:213) ~[?:?]
        at tech.beshu.ror.es.handler.RegularRequestHandler.commitResult(RegularRequestHandler.scala:65) ~[?:?]
        at tech.beshu.ror.es.handler.RegularRequestHandler.$anonfun$handle$2(RegularRequestHandler.scala:57) ~[?:?]
        at tech.beshu.ror.es.handler.RegularRequestHandler.$anonfun$handle$2$adapted(RegularRequestHandler.scala:56) ~[?:?]
        at tech.beshu.ror.utils.ScalaOps$AutoCloseableOps$.bracket$extension(ScalaOps.scala:182) ~[?:?]
        at tech.beshu.ror.es.handler.RegularRequestHandler.$anonfun$handle$1(RegularRequestHandler.scala:56) ~[?:?]
        at tech.beshu.ror.es.handler.RegularRequestHandler.$anonfun$handle$1$adapted(RegularRequestHandler.scala:55) ~[?:?]
        at scala.Function1.$anonfun$andThen$1(Function1.scala:57) ~[?:?]
        at monix.eval.Task$Map.apply(Task.scala:4514) ~[?:?]
        at monix.eval.Task$Map.apply(Task.scala:4510) ~[?:?]
        at monix.eval.internal.TaskRunLoop$.startLight(TaskRunLoop.scala:331) ~[?:?]
        at monix.eval.Task.runAsyncOptF(Task.scala:811) ~[?:?]
        at monix.eval.Task.runAsyncOpt(Task.scala:709) ~[?:?]
        at monix.eval.Task.runAsync(Task.scala:659) ~[?:?]
        at tech.beshu.ror.es.IndexLevelActionFilter.handleRequest(IndexLevelActionFilter.scala:175) ~[?:?]
        at tech.beshu.ror.es.IndexLevelActionFilter.proceedByRorEngine(IndexLevelActionFilter.scala:161) ~[?:?]
        at tech.beshu.ror.es.IndexLevelActionFilter.proceed(IndexLevelActionFilter.scala:147) ~[?:?]
        at tech.beshu.ror.es.IndexLevelActionFilter.$anonfun$apply$1(IndexLevelActionFilter.scala:120) ~[?:?]
        at scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:23) ~[?:?]
        at tech.beshu.ror.utils.AccessControllerHelper$$anon$1.run(AccessControllerHelper.scala:26) ~[?:?]
        at java.security.AccessController.doPrivileged(AccessController.java:318) ~[?:?]
        at tech.beshu.ror.utils.AccessControllerHelper$.doPrivileged(AccessControllerHelper.scala:25) ~[?:?]
        at tech.beshu.ror.es.IndexLevelActionFilter.apply(IndexLevelActionFilter.scala:115) ~[?:?]
        at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:84) ~[elasticsearch-8.5.3.jar:?]
        at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:61) ~[elasticsearch-8.5.3.jar:?]
        at org.elasticsearch.tasks.TaskManager.registerAndExecute(TaskManager.java:202) ~[elasticsearch-8.5.3.jar:?]
        at org.elasticsearch.client.internal.node.NodeClient.executeLocally(NodeClient.java:112) ~[elasticsearch-8.5.3.jar:?]
        at org.elasticsearch.client.internal.node.NodeClient.doExecute(NodeClient.java:90) ~[elasticsearch-8.5.3.jar:?]
        at org.elasticsearch.client.internal.support.AbstractClient.execute(AbstractClient.java:380) ~[elasticsearch-8.5.3.jar:?]
        at org.elasticsearch.client.internal.support.AbstractClient.bulk(AbstractClient.java:460) ~[elasticsearch-8.5.3.jar:?]
        at org.elasticsearch.rest.action.document.RestBulkAction.lambda$prepareRequest$0(RestBulkAction.java:94) ~[elasticsearch-8.5.3.jar:?]
        at org.elasticsearch.rest.BaseRestHandler.handleRequest(BaseRestHandler.java:103) ~[elasticsearch-8.5.3.jar:?]
        at org.elasticsearch.xpack.security.rest.SecurityRestFilter.handleRequest(SecurityRestFilter.java:119) ~[?:?]
        at tech.beshu.ror.es.ReadonlyRestPlugin$ChannelInterceptingRestHandlerDecorator.handleRequest(ReadonlyRestPlugin.scala:271) ~[?:?]
        at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:397) ~[elasticsearch-8.5.3.jar:?]
        at org.elasticsearch.rest.RestController.tryAllHandlers(RestController.java:531) ~[elasticsearch-8.5.3.jar:?]
        at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:312) ~[elasticsearch-8.5.3.jar:?]
        at org.elasticsearch.http.AbstractHttpServerTransport.dispatchRequest(AbstractHttpServerTransport.java:379) ~[elasticsearch-8.5.3.jar:?]
        at org.elasticsearch.http.AbstractHttpServerTransport.handleIncomingRequest(AbstractHttpServerTransport.java:460) ~[elasticsearch-8.5.3.jar:?]
        at org.elasticsearch.http.AbstractHttpServerTransport.incomingRequest(AbstractHttpServerTransport.java:353) ~[elasticsearch-8.5.3.jar:?]
        at org.elasticsearch.http.netty4.Netty4HttpPipeliningHandler.handlePipelinedRequest(Netty4HttpPipeliningHandler.java:128) ~[?:?]
        at org.elasticsearch.http.netty4.Netty4HttpPipeliningHandler.channelRead(Netty4HttpPipeliningHandler.java:118) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[?:?]
        at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103) ~[?:?]
        at io.netty.handler.codec.MessageToMessageCodec.channelRead(MessageToMessageCodec.java:111) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[?:?]
        at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[?:?]
        at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[?:?]
        at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:346) ~[?:?]
        at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:318) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[?:?]
        at io.netty.handler.timeout.IdleStateHandler.channelRead(IdleStateHandler.java:286) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:442) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[?:?]
        at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[?:?]
        at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1373) ~[?:?]
        at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1236) ~[?:?]
        at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1285) ~[?:?]
        at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:529) ~[?:?]
        at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468) ~[?:?]
        at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[?:?]
        at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440) ~[?:?]
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?]
        at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) ~[?:?]
        at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166) ~[?:?]
        at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:788) ~[?:?]
        at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:689) ~[?:?]
        at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:652) ~[?:?]
        at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562) ~[?:?]
        at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997) ~[?:?]
        at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[?:?]
        at java.lang.Thread.run(Thread.java:1589) ~[?:?]

from elasticsearch-readonlyrest-plugin.

CedricP-AM commented on June 14, 2024

Just to know : am I the only one with this issue ?
This problem is blocking and prevent to use the product.

from elasticsearch-readonlyrest-plugin.

coutoPL commented on June 14, 2024

@CedricP-AM I have a problem reproducing the issue. Are you able to use our ror-sandbox to help us with reproduction? (see the link above). You can push your changes to the branch or create your own branch.

from elasticsearch-readonlyrest-plugin.

CedricP-AM commented on June 14, 2024

Thank you for your time @coutoPL.
First time with docker but I could easily start the ror-sandbox.

I cannot reproduce either the issue in the ror-sandbox. But there is a major difference between the sandbox and my environnement : I don't install ROR-Kibana in my environnement, only ROR-Elasticsearch (because I don't need ROR-Kibana features).

I used to install only the ROR-Elasticsearch plugin in version 6.5.4 and the "basic" Kibana was working fine with it.
Is it now mandatory to install the ROR-Kibana plugin in order to use Kibana in front of ROR-Elasticsearch ?

from elasticsearch-readonlyrest-plugin.

sscarduzio commented on June 14, 2024

Yes, generally speaking the times where you deploy ROR in Elasticsearch together with the vanilla Kibana, and you expect a Kibana session to work without problems after passing basic auth credentials to the browser are long gone.

ROR has a forever-free plugin to take care of this. However, the free plugin is available for Kibana 7.9.0 onwards. For earlier Kibana versions, we can offer the PRO and Enterprise plugins only, but they're not free.

from elasticsearch-readonlyrest-plugin.

coutoPL commented on June 14, 2024

In 1.19.1 there was released KBN ROR Free. In the same version support for the basic auth window was abandoned. One of the reasons for introducing the Free version of ROR Kibana was the problems our users had with Kibana and the basic auth window (see eg this thread).

Moreover, rules like kibana_access were always intended for ROR Kibana. The rule simply won't work as expected without ROR Kibana installed.

So, I think you should download and install both plugins and it should work like a charm ;)

from elasticsearch-readonlyrest-plugin.

coutoPL commented on June 14, 2024

We will review the docs and try to improve them. Thanks for sharing your thoughts

from elasticsearch-readonlyrest-plugin.

kibana_access is not working (_bulk_resolve are blocked) about elasticsearch-readonlyrest-plugin HOT 12 CLOSED

Comments (12)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent