Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1456413 - Discover: [security_exception] no permissions for.. error when project is empty
Discover: [security_exception] no permissions for.. error when project is empty
Status: CLOSED ERRATA
Product: OpenShift Container Platform
Classification: Red Hat
Component: Logging (Show other bugs)
3.6.0
Unspecified Unspecified
medium Severity medium
: ---
: ---
Assigned To: Jeff Cantrill
Xia Zhao
:
: 1446510 1457292 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-05-29 06:57 EDT by Javier Ramirez
Modified: 2018-01-25 06:30 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Feature: Modify the message displayed to users Reason: This message is from the way the ACL plugin reads Elastic indexes and is really a false positive for not having any data for a mapped index Result: Users will now see a 404 message which informs them their data may not have yet been gathered.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-08-10 01:26:47 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 3222701 None None None 2017-10-23 18:32 EDT
Red Hat Product Errata RHEA-2017:1716 normal SHIPPED_LIVE Red Hat OpenShift Container Platform 3.6 RPM Release Advisory 2017-08-10 05:02:50 EDT

  None (edit)
Description Javier Ramirez 2017-05-29 06:57:39 EDT 
When we try to see an empty index we get the following kibana error:
-----
Discover: [security_exception] no permissions for indices:data/read/field_stats

Error: [security_exception] no permissions for indices:data/read/field_stats
ErrorAbstract@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/kibana.bundle.js?v=10000:64857:20
StatusCodeError@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/kibana.bundle.js?v=10000:65019:6
respond@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/kibana.bundle.js?v=10000:66224:16
checkRespForFailure@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/kibana.bundle.js?v=10000:66187:8
[24]</AngularConnector.prototype.request/<@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/kibana.bundle.js?v=10000:64805:8
processQueue@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/commons.bundle.js?v=10000:41883:29
scheduleProcessQueue/<@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/commons.bundle.js?v=10000:41899:28
$eval@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/commons.bundle.js?v=10000:43127:17
$digest@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/commons.bundle.js?v=10000:42938:16
$apply@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/commons.bundle.js?v=10000:43235:14
done@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/commons.bundle.js?v=10000:37684:37
completeRequest@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/commons.bundle.js?v=10000:37882:8
requestLoaded@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/commons.bundle.js?v=10000:37823:10
-----

and

-----
Discover: [security_exception] no permissions for indices:data/read/msearch

Error: [security_exception] no permissions for indices:data/read/msearch
ErrorAbstract@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/kibana.bundle.js?v=10000:64857:20
StatusCodeError@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/kibana.bundle.js?v=10000:65019:6
respond@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/kibana.bundle.js?v=10000:66224:16
checkRespForFailure@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/kibana.bundle.js?v=10000:66187:8
[24]</AngularConnector.prototype.request/<@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/kibana.bundle.js?v=10000:64805:8
processQueue@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/commons.bundle.js?v=10000:41883:29
scheduleProcessQueue/<@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/commons.bundle.js?v=10000:41899:28
$eval@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/commons.bundle.js?v=10000:43127:17
$digest@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/commons.bundle.js?v=10000:42938:16
$apply@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/commons.bundle.js?v=10000:43235:14
done@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/commons.bundle.js?v=10000:37684:37
completeRequest@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/commons.bundle.js?v=10000:37882:8
requestLoaded@https://kibana-logging.npapps.ocp.es.wcorp.example.com/bundles/commons.bundle.js?v=10000:37823:10
-----

Steps to reproduce:
1- Create a new project and don't deploy anything on it so that it's empty
2- Go to the Kibana dashboard
3- Select the logs of that project
4- Error is there.

The error should be more clear and not say it's a "security_exception" and say the index doesn't exist.

Also, before I said it might be this bug [ 1 ] but I can confirm it's not.

[ 1 ]https://bugzilla.redhat.com/show_bug.cgi?id=1410694#c7
Comment 2 Javier Ramirez 2017-05-29 07:01:28 EDT 
According to:

https://bugzilla.redhat.com/show_bug.cgi?id=1408412#c9

This seems to be expected, but I think that the error message should be one more appropriate.
Comment 3 Jeff Cantrill 2017-06-02 12:16:53 EDT 
PR in dependent Code related to fix: https://github.com/fabric8io/openshift-elasticsearch-plugin/pull/82
Comment 4 Jeff Cantrill 2017-06-09 16:27:55 EDT 
Logging code PR: https://github.com/openshift/origin-aggregated-logging/pull/480
Comment 5 Jeff Cantrill 2017-06-20 11:50:06 EDT 
*** Bug 1457292 has been marked as a duplicate of this bug. ***
Comment 6 openshift-github-bot 2017-06-26 17:11:12 EDT 
Commit pushed to master at https://github.com/openshift/origin-aggregated-logging

https://github.com/openshift/origin-aggregated-logging/commit/4187d2dff2077ffd8c8b3dab3d7d60ba3458b10b
bump openshift-elasticsearch-plugin to 2.4.4.9
bug 1456413. Fix Kibana security error message
bug 1459221. Fix null pointer in KibanaUserReindexAction
fix plugin improper evaluation of index pattern
fix plugin improper evaluation of how to retrieve a user from 2.4.4.6
Comment 8 Xia Zhao 2017-07-03 05:24:40 EDT 
It's fixed. Currently get this error which can be considered to be expected when project is empty, and it disappeared after clicking on ok and no further errors happen on logging UI: 

Discover: [exception] The index 'project..empty-project.*' was not found. This could mean data has not yet been collected.

Error: [exception] The index 'project..empty-project.*' was not found. This could mean data has not yet been collected.
ErrorAbstract@https://kibana.0702-65p.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:95501:20
StatusCodeError@https://kibana.0702-65p.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:95663:6
respond@https://kibana.0702-65p.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:96868:16
checkRespForFailure@https://kibana.0702-65p.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:96831:8
[24]</AngularConnector.prototype.request/<@https://kibana.0702-65p.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:95449:8
processQueue@https://kibana.0702-65p.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:42452:29
scheduleProcessQueue/<@https://kibana.0702-65p.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:42468:28
$RootScopeProvider/this.$get</Scope.prototype.$eval@https://kibana.0702-65p.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:43696:17
$RootScopeProvider/this.$get</Scope.prototype.$digest@https://kibana.0702-65p.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:43507:16
$RootScopeProvider/this.$get</Scope.prototype.$apply@https://kibana.0702-65p.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:43804:14
done@https://kibana.0702-65p.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:38253:37
completeRequest@https://kibana.0702-65p.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:38451:8
requestLoaded@https://kibana.0702-65p.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:38392:1

Test env:
# openshift version
openshift v3.6.131
kubernetes v1.6.1+5115d708d7
etcd 3.2.1


ansible version:
openshift-ansible-playbooks-3.6.131-1.git.0.d87dfaa.el7.noarch

Images tested with:
openshift3/logging-elasticsearch    c601094a6111
openshift3/logging-kibana    c91b7ad68dc7
openshift3/logging-fluentd    82367a1102e0
openshift3/logging-curator    b609245a72f9
openshift3/logging-auth-proxy    39164e25543c
Comment 10 errata-xmlrpc 2017-08-10 01:26:47 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:1716
Comment 11 Jeff Cantrill 2017-09-13 14:49:09 EDT 
*** Bug 1446510 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.