When we try to see an empty index we get the following kibana error: ----- Discover: [security_exception] no permissions for indices:data/read/field_stats Error: [security_exception] no permissions for indices:data/read/field_stats ErrorAbstract@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/kibana.bundle.js?v=10000:64857:20 StatusCodeError@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/kibana.bundle.js?v=10000:65019:6 respond@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/kibana.bundle.js?v=10000:66224:16 checkRespForFailure@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/kibana.bundle.js?v=10000:66187:8 [24]</AngularConnector.prototype.request/<@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/kibana.bundle.js?v=10000:64805:8 processQueue@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/commons.bundle.js?v=10000:41883:29 scheduleProcessQueue/<@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/commons.bundle.js?v=10000:41899:28 $eval@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/commons.bundle.js?v=10000:43127:17 $digest@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/commons.bundle.js?v=10000:42938:16 $apply@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/commons.bundle.js?v=10000:43235:14 done@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/commons.bundle.js?v=10000:37684:37 completeRequest@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/commons.bundle.js?v=10000:37882:8 requestLoaded@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/commons.bundle.js?v=10000:37823:10 ----- and ----- Discover: [security_exception] no permissions for indices:data/read/msearch Error: [security_exception] no permissions for indices:data/read/msearch ErrorAbstract@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/kibana.bundle.js?v=10000:64857:20 StatusCodeError@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/kibana.bundle.js?v=10000:65019:6 respond@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/kibana.bundle.js?v=10000:66224:16 checkRespForFailure@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/kibana.bundle.js?v=10000:66187:8 [24]</AngularConnector.prototype.request/<@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/kibana.bundle.js?v=10000:64805:8 processQueue@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/commons.bundle.js?v=10000:41883:29 scheduleProcessQueue/<@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/commons.bundle.js?v=10000:41899:28 $eval@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/commons.bundle.js?v=10000:43127:17 $digest@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/commons.bundle.js?v=10000:42938:16 $apply@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/commons.bundle.js?v=10000:43235:14 done@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/commons.bundle.js?v=10000:37684:37 completeRequest@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/commons.bundle.js?v=10000:37882:8 requestLoaded@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/commons.bundle.js?v=10000:37823:10 ----- Steps to reproduce: 1- Create a new project and don't deploy anything on it so that it's empty 2- Go to the Kibana dashboard 3- Select the logs of that project 4- Error is there. The error should be more clear and not say it's a "security_exception" and say the index doesn't exist. Also, before I said it might be this bug [ 1 ] but I can confirm it's not. [ 1 ]https://bugzilla.redhat.com/show_bug.cgi?id=1410694#c7
According to: https://bugzilla.redhat.com/show_bug.cgi?id=1408412#c9 This seems to be expected, but I think that the error message should be one more appropriate.
PR in dependent Code related to fix: https://github.com/fabric8io/openshift-elasticsearch-plugin/pull/82
Logging code PR: https://github.com/openshift/origin-aggregated-logging/pull/480
*** Bug 1457292 has been marked as a duplicate of this bug. ***
Commit pushed to master at https://github.com/openshift/origin-aggregated-logging https://github.com/openshift/origin-aggregated-logging/commit/4187d2dff2077ffd8c8b3dab3d7d60ba3458b10b bump openshift-elasticsearch-plugin to 2.4.4.9 bug 1456413. Fix Kibana security error message bug 1459221. Fix null pointer in KibanaUserReindexAction fix plugin improper evaluation of index pattern fix plugin improper evaluation of how to retrieve a user from 2.4.4.6
It's fixed. Currently get this error which can be considered to be expected when project is empty, and it disappeared after clicking on ok and no further errors happen on logging UI: Discover: [exception] The index 'project..empty-project.*' was not found. This could mean data has not yet been collected. Error: [exception] The index 'project..empty-project.*' was not found. This could mean data has not yet been collected. ErrorAbstract@https://kibana.0702-65p.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:95501:20 StatusCodeError@https://kibana.0702-65p.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:95663:6 respond@https://kibana.0702-65p.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:96868:16 checkRespForFailure@https://kibana.0702-65p.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:96831:8 [24]</AngularConnector.prototype.request/<@https://kibana.0702-65p.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:95449:8 processQueue@https://kibana.0702-65p.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:42452:29 scheduleProcessQueue/<@https://kibana.0702-65p.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:42468:28 $RootScopeProvider/this.$get</Scope.prototype.$eval@https://kibana.0702-65p.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:43696:17 $RootScopeProvider/this.$get</Scope.prototype.$digest@https://kibana.0702-65p.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:43507:16 $RootScopeProvider/this.$get</Scope.prototype.$apply@https://kibana.0702-65p.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:43804:14 done@https://kibana.0702-65p.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:38253:37 completeRequest@https://kibana.0702-65p.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:38451:8 requestLoaded@https://kibana.0702-65p.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:38392:1 Test env: # openshift version openshift v3.6.131 kubernetes v1.6.1+5115d708d7 etcd 3.2.1 ansible version: openshift-ansible-playbooks-3.6.131-1.git.0.d87dfaa.el7.noarch Images tested with: openshift3/logging-elasticsearch c601094a6111 openshift3/logging-kibana c91b7ad68dc7 openshift3/logging-fluentd 82367a1102e0 openshift3/logging-curator b609245a72f9 openshift3/logging-auth-proxy 39164e25543c
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:1716
*** Bug 1446510 has been marked as a duplicate of this bug. ***