-
Notifications
You must be signed in to change notification settings - Fork 284
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Duplicate name for roles and actiongroups leading to stackoverflow error during bootup #1389
Comments
This seems like two bugs to me:
Regarding 2, it can happen if: |
This issue is impacting clusters on startup, not currently running clusters. |
Closing the issue with merging #1868. |
Note; we do not plan to fix issues with the recursive definition from in a configuration file as the node was never operational comparted to a functioning cluster going down, if there is interest we would be happy to review a pull request that addresses the configuration loading issue, thanks! |
Describe the bug
The same name used for role and actiongroups create a recursive loop while loading them into the memory. It eventually leads to Stackoverflow error as it recursively tries to evaluate roles and actiongroup indefinitely.
To Reproduce
Action Group
"VzReadOnlyKibanaRole":{"reserved":false,"hidden":false,"allowed_actions":["kibana_all_read","read","VzReadOnlyKibanaRole","ultrawarm_index_read","cluster:monitor/nodes/hot_threads","indices:data/read/explain","indices:data/read/field_caps","indices:data/read/field_caps*","indices:data/read/get","indices:data/read/mget","indices:data/read/mget*","indices:data/read/msearch","indices:data/read/msearch/template","indices:data/read/mtv","indices:data/read/mtv*","indices:data/read/scroll","indices:data/read/scroll/clear","indices:data/read/search","indices:data/read/search*","indices:data/read/search/template","indices:data/read/tv","indices:data/write/index"],"static":false}
Roles
"VZReadOnlyKibanaRole":{"reserved":false,"hidden":false,"cluster_permissions":["VzReadOnlyKibanaRole"],"index_permissions":[{"index_patterns":["*"],"dls":"","fls":[],"masked_fields":[],"allowed_actions":["VzReadOnlyKibanaRole"]}],"tenant_permissions":[{"tenant_patterns":["global_tenant"],"allowed_actions":["kibana_all_write"]}],"static":false}
Expected behavior
The config should be loaded into memory without any issue.
Plugins
Security
Screenshots
If applicable, add screenshots to help explain your problem.
Host/Environment (please complete the following information):
Additional context
Error Details
[2021-08-03T22:19:47,285][INFO ][c.a.c.e.logger ] [f18f5b0460d773e958c85f374f5d4445] GET /_nodes filter_path=nodes..version%2Cnodes..http.publish_address%2Cnodes.*.ip 503 SERVICE_UNAVAILABLE 255 1
[2021-08-03T22:19:49,147][ERROR][c.a.o.s.s.ConfigModelV7 ] [f18f5b0460d773e958c85f374f5d4445] Error while updating roles: java.lang.StackOverflowError
java.lang.StackOverflowError: null
at java.util.HashMap.hash(HashMap.java:339) ~[?:?]
at java.util.HashMap.put(HashMap.java:607) ~[?:?]
at java.util.HashSet.add(HashSet.java:220) ~[?:?]
at com.amazon.opendistroforelasticsearch.security.securityconf.ConfigModelV7$1.resolve(ConfigModelV7.java:164) ~[?:?]
at com.amazon.opendistroforelasticsearch.security.securityconf.ConfigModelV7$1.resolve(ConfigModelV7.java:162) ~[?:?]
at com.amazon.opendistroforelasticsearch.security.securityconf.ConfigModelV7$1.resolve(ConfigModelV7.java:162) ~[?:?]
at com.amazon.opendistroforelasticsearch.security.securityconf.ConfigModelV7$1.resolve(ConfigModelV7.java:162) ~[?:?]
The text was updated successfully, but these errors were encountered: