From b0c5a6ecc847c18549c8fd637d6a6b2f277a9999 Mon Sep 17 00:00:00 2001 From: Dario Gieselaar Date: Thu, 25 Jun 2020 08:20:15 +0200 Subject: [PATCH] [APM] Catch annotations index permission error and log warning Relates to #69642. If the user doesn't have the appropriate privileges for the annotations index, instead of failing with a 500, we now catch the error and log a warning to the console. --- .../services/annotations/get_stored_annotations.ts | 12 +++++++++++- .../apm/server/lib/services/annotations/index.ts | 5 ++++- x-pack/plugins/apm/server/routes/services.ts | 1 + 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/x-pack/plugins/apm/server/lib/services/annotations/get_stored_annotations.ts b/x-pack/plugins/apm/server/lib/services/annotations/get_stored_annotations.ts index 2409da59d66ae..e77307a3f9db1 100644 --- a/x-pack/plugins/apm/server/lib/services/annotations/get_stored_annotations.ts +++ b/x-pack/plugins/apm/server/lib/services/annotations/get_stored_annotations.ts @@ -4,7 +4,7 @@ * you may not use this file except in compliance with the Elastic License. */ -import { APICaller } from 'kibana/server'; +import { APICaller, Logger } from 'kibana/server'; import { SERVICE_NAME } from '../../../../common/elasticsearch_fieldnames'; import { ESSearchResponse } from '../../../../typings/elasticsearch'; import { ScopedAnnotationsClient } from '../../../../../observability/server'; @@ -19,12 +19,14 @@ export async function getStoredAnnotations({ environment, apiCaller, annotationsClient, + logger, }: { setup: Setup & SetupTimeRange; serviceName: string; environment?: string; apiCaller: APICaller; annotationsClient: ScopedAnnotationsClient; + logger: Logger; }): Promise { try { const environmentFilter = getEnvironmentUiFilterES(environment); @@ -71,6 +73,14 @@ export async function getStoredAnnotations({ if (error.body?.error?.type === 'index_not_found_exception') { return []; } + + if (error.body?.error?.type === 'security_exception') { + logger.warn( + `Unable to get stored annotations due to a security exception. Please make sure that the user has 'indices:data/read/search' permissions for ${annotationsClient.index}` + ); + return []; + } + throw error; } } diff --git a/x-pack/plugins/apm/server/lib/services/annotations/index.ts b/x-pack/plugins/apm/server/lib/services/annotations/index.ts index 9365213a87f6e..e2b6e74d4d65a 100644 --- a/x-pack/plugins/apm/server/lib/services/annotations/index.ts +++ b/x-pack/plugins/apm/server/lib/services/annotations/index.ts @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -import { APICaller } from 'kibana/server'; +import { APICaller, Logger } from 'kibana/server'; import { ScopedAnnotationsClient } from '../../../../../observability/server'; import { getDerivedServiceAnnotations } from './get_derived_service_annotations'; import { Setup, SetupTimeRange } from '../../helpers/setup_request'; @@ -15,12 +15,14 @@ export async function getServiceAnnotations({ environment, annotationsClient, apiCaller, + logger, }: { serviceName: string; environment?: string; setup: Setup & SetupTimeRange; annotationsClient?: ScopedAnnotationsClient; apiCaller: APICaller; + logger: Logger; }) { // start fetching derived annotations (based on transactions), but don't wait on it // it will likely be significantly slower than the stored annotations @@ -37,6 +39,7 @@ export async function getServiceAnnotations({ environment, annotationsClient, apiCaller, + logger, }) : []; diff --git a/x-pack/plugins/apm/server/routes/services.ts b/x-pack/plugins/apm/server/routes/services.ts index 8672c6c108c4c..08eba00251e26 100644 --- a/x-pack/plugins/apm/server/routes/services.ts +++ b/x-pack/plugins/apm/server/routes/services.ts @@ -105,6 +105,7 @@ export const serviceAnnotationsRoute = createRoute(() => ({ environment, annotationsClient, apiCaller: context.core.elasticsearch.legacy.client.callAsCurrentUser, + logger: context.logger, }); }, }));