Bug 1372277 – The .all index is displayed for ordinary user without cluster-admin right

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1372277 - The .all index is displayed for ordinary user without cluster-admin right

Summary:	The .all index is displayed for ordinary user without cluster-admin right

Status:	CLOSED ERRATA

Aliases:	None

Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Logging (Show other bugs)
Sub Component:
Version:	3.3.0
Hardware:	Unspecified Unspecified

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	ewolinet
QA Contact:	chunchen
Docs Contact:

URL:
Whiteboard:
Keywords:	Regression

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2016-09-01 06:17 EDT by Xia Zhao
Modified:	2017-03-08 13 EST (History)
CC List:	6 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: The OpenShift-Elasticsearch-Plugin did not remove the '.all' Kibana mapping for users that were cluster-admin but then had the role reverted. Consequence: If a user was no longer a cluster-admin they would still be able to view the '.all' Kibana mapping. They wouldn't be able to see the logs for projects they didn't have access to, but they would still incorrectly see the mapping. Fix: Update the OpenShift-Elasticsearch-Plugin to remove the '.all' Kibana mapping to users that are not cluster-admin. Result: Ordinary users are not able to see the '.all' mapping if they are no longer cluster-admins
Story Points:	---
Clone Of:
Environment:
Last Closed:	2016-09-27 05:47:10 EDT
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
deployer_log (60.33 KB, text/plain) 2016-09-01 06:28 EDT, Xia Zhao	no flags	Details
es_log (81.54 KB, text/plain) 2016-09-01 06:28 EDT, Xia Zhao	no flags	Details
kibana_log (190.01 KB, text/plain) 2016-09-01 06:29 EDT, Xia Zhao	no flags	Details
fluentd_log (8.66 KB, text/plain) 2016-09-01 06:29 EDT, Xia Zhao	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2016:1933	normal	SHIPPED_LIVE	Red Hat OpenShift Container Platform 3.3 Release Advisory	2016-09-27 09:24:36 EDT

Groups: None (edit)

Comment 1 Xia Zhao 2016-09-01 06:28 EDT

Created attachment 1196690 [details]
deployer_log

Comment 2 Xia Zhao 2016-09-01 06:28 EDT

Created attachment 1196691 [details]
es_log

Comment 3 Xia Zhao 2016-09-01 06:29 EDT

Created attachment 1196692 [details]
kibana_log

Comment 4 Xia Zhao 2016-09-01 06:29 EDT

Created attachment 1196694 [details]
fluentd_log

Comment 12 Xia Zhao 2016-09-04 21:53:15 EDT

Set to verified according to comment #10

Comment 14 errata-xmlrpc 2016-09-27 05:47:10 EDT

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1933

Note You need to log in before you can comment on or make changes to this bug.