Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kibana crashing when xpack.security.sessionTimeout is set to a string #54172

Closed
jportner opened this issue Jan 7, 2020 · 3 comments · Fixed by #54177
Closed

Kibana crashing when xpack.security.sessionTimeout is set to a string #54172

jportner opened this issue Jan 7, 2020 · 3 comments · Fixed by #54177
Assignees
@jportner
Labels
bug Fixes for quality problems that affect the customer experience Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!

Comments

@jportner
Copy link
Contributor

jportner commented Jan 7, 2020

Kibana version: 7.x / 8.0

Describe the bug: Kibana crashes when using a string to specify a session timeout

Steps to reproduce:

Set config:

xpack.security.sessionTimeout: "12345"

Run Kibana:

 FATAL  Error: [config validation of [xpack.security].session.idleTimeout]: types that failed validation:
- [config validation of [xpack.security].session.idleTimeout.0]: Failed to parse [12345] as time value. Format must be <count>[ms|s|m|h|d|w|M|Y] (e.g. '70ms', '5s', '3d', '1Y')
- [config validation of [xpack.security].session.idleTimeout.1]: expected value to equal [null] but got [12345]

This doesn't happen if you use a sessionTimeout without quotes:

xpack.security.sessionTimeout: 12345

Any additional context: Unintentional breaking change caused by #53768. Previous Kibana behavior would read a string and coerce it to a number.

Reported by @nachogiljaldo (thanks!)
@jportner jportner added bug Fixes for quality problems that affect the customer experience Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! labels Jan 7, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security (Team:Security)

@jportner jportner self-assigned this Jan 7, 2020
@jportner
Copy link
Contributor Author

jportner commented Jan 7, 2020

I think the correct fix for this is to change duration to handle strings that don't have a time format qualifier, and assume that those strings are milliseconds. @azasypkin what do you think?

@jportner jportner mentioned this issue Jan 7, 2020
Merged
@mieciu
Copy link
Contributor

mieciu commented Jan 8, 2020

I've been hit by this today trying to run 7.6.0-SNAPSHOT in Cloud.

strings that don't have a time format qualifier, and assume that those strings are milliseconds

Sounds good. Backwards compatible plus AFAIR also consistent with other settings we have (xpack.reporting.capture.loadDelay, elasticsearch.requestTimeout to name a few). 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jportner jportner

Labels
bug Fixes for quality problems that affect the customer experience Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update schemas boolean, byteSize, and duration to coerce strings jportner/kibana
3 participants
@mieciu @jportner @elasticmachine