Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't create new Index Pattern on Kibana 6.2.4 with ROR free #367

Closed
daboom opened this issue Jun 6, 2018 · 5 comments
Closed

Can't create new Index Pattern on Kibana 6.2.4 with ROR free #367

daboom opened this issue Jun 6, 2018 · 5 comments

Comments

@daboom
Copy link

daboom commented Jun 6, 2018

After upgrading from 5.6.5 to 6.2.4 (with ROR 1.16.19), when I try to create or delete an Index Pattern from Kibana interface, I get:

Error: [object Object]: [undefined] Forbidden by ReadonlyREST ES plugin
    at http://localhost:5601/bundles/commons.bundle.js?v=16627:1:688862
    at processQueue (http://localhost:5601/bundles/vendors.bundle.js?v=16627:58:132456)
    at http://localhost:5601/bundles/vendors.bundle.js?v=16627:58:133349
    at Scope.$digest (http://localhost:5601/bundles/vendors.bundle.js?v=16627:58:144239)
    at Scope.$apply (http://localhost:5601/bundles/vendors.bundle.js?v=16627:58:147018)
    at done (http://localhost:5601/bundles/vendors.bundle.js?v=16627:58:100026)
    at completeRequest (http://localhost:5601/bundles/vendors.bundle.js?v=16627:58:104697)
    at XMLHttpRequest.xhr.onload (http://localhost:5601/bundles/vendors.bundle.js?v=16627:58:105435)

Looking at the logs, I think it does not pass Auth params...

    [2018-06-05T17:32:33,641][INFO ][t.b.r.a.ACL              ] �[35mFORBIDDEN by default req={ ID:70774177-1016607869#11765, TYP:FieldCapabilitiesRequest, CGR:N/A, USR:[no basic auth header], BRS:false, KDX:null, ACT: , OA:127.0.0.1, DA:127.0.0.1, IDX:eurora*, MET:POST, PTH:/eurora*/_field_caps?fields=*&ignore_unavailable=true&allow_no_indices=false, CNT:<N/A>, HDR:{Connection=keep-alive, Content-Length=0, Host=localhost:9200}, HIS:[00 - kibana->[auth_key->false]], [01 - admin->[ldap_authentication->false]] } �[0m

Disabling the plugin let me do the action correctly.
@sscarduzio
Copy link
Owner

Hi @daboom,
Are you using also our Kibana plugin?

@daboom
Copy link
Author

daboom commented Jun 6, 2018

No, just the Elasticsearch plugin (FREE version). Are you saying I must use Kibana plugin because it only works with token authentication?
This will be so sad.

@sscarduzio
Copy link
Owner

@daboom are you aware of the Kibana issue 9583?
If you use basic auth, some requests will not carry the credentials. This is a defect in Kibana, which made me so angry I wrote readonlyrest for Kibana, which instead uses encrypted cookies.

@daboom
Copy link
Author

daboom commented Jun 6, 2018

Long lasting bug, as I see from Kibana issue 9583. Looks like this merged pull request 17725 will finally solve it in the next 6.3 release, isn't it?

@ihardzeenka
Copy link

As a workaround I passed custom header in Kibana config
elasticsearch.customHeaders: {Authorization: Basic Qy1OMlVMODk3QG5........................................m0uY29tOnZtaG12M3R4Myo=}

This will be added in all requests to elastic. But in this case you will loose access control in Kibana.
Everyone who can reach Kibana will have same access.
In my case it is not important because I'm showing only logs.

@coutoPL coutoPL closed this as completed Dec 19, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@coutoPL @sscarduzio @daboom @ihardzeenka