1491227 – Kibana login problem with usernames having backslash

Bug 1491227 - Kibana login problem with usernames having backslash

Summary: Kibana login problem with usernames having backslash

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Logging
Sub Component:
Version:	3.6.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	3.6.z
Assignee:	Jeff Cantrill
QA Contact:	Anping Li
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-09-13 11:20 UTC by Ruben Romero Montes
Modified:	2020-12-14 10:01 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: openshift-elasticsearch-plugin improperly handles usernames with back slash Consequence: Users are unable to access Elasticsearch Fix: Modify request to convert backslash to forward slash Result: Users are able to access Elasticsearch with usernames that contain back slashes.
Clone Of:
Environment:
Last Closed:	2017-10-25 13:06:40 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
screenshot (152.50 KB, image/png) 2017-09-13 11:22 UTC, Ruben Romero Montes	no flags	Details
Request failed to _mget (155.29 KB, image/png) 2017-09-14 13:16 UTC, Ruben Romero Montes	no flags	Details
View All

Links
System	ID	Priority	Status	Summary	Last Updated
Github	fabric8io openshift-elasticsearch-plugin pull 101	None	None	None	2017-09-14 20:19:08 UTC
Github	openshift origin-aggregated-logging pull 675	None	None	None	2017-09-22 14:29:13 UTC
Red Hat Product Errata	RHBA-2017:3049	normal	SHIPPED_LIVE	OpenShift Container Platform 3.6, 3.5, and 3.4 bug fix and enhancement update	2017-10-25 15:57:15 UTC

Description Ruben Romero Montes 2017-09-13 11:20:07 UTC

Description of problem:
Having a valid OpenShift user with a backslash in the username (e.g. test\user) generally coming from an ActiveDirectory is preventing the users from login in with the following error:

{"type":"log","@timestamp":"2017-09-13T10:55:48Z","tags":["status","plugin:elasticsearch.0","error"],"pid":15,"state":"red","message":"Status changed from green to red - [pattern_syntax_exception] Illegal Unicode escape sequence near index 6\ntest\\user\n      ^","prevState":"green","prevMsg":"Kibana index ready"}

Version-Release number of selected component (if applicable):
    Dockerfile-openshift3-logging-kibana-v3.6.173.0.21-17
  Also reproduced in
    Dockerfile-openshift3-logging-kibana-3.5.0-33

How reproducible:
Always

Steps to Reproduce: (no need to synchronize with AD)
1. htpasswd /etc/origin/master/htpasswd test\user -p test
2. Log in to Openshift with this user
3. Create a project with some demo pod running
4. Click "View Archive"

Actual results:
 Kibana GUI error (see snapshot)
 Kibana Logs: 
{"type":"log","@timestamp":"2017-09-13T10:55:48Z","tags":["status","plugin:elasticsearch.0","error"],"pid":15,"state":"red","message":"Status changed from green to red - [pattern_syntax_exception] Illegal Unicode escape sequence near index 6\ntest\\user\n      ^","prevState":"green","prevMsg":"Kibana index ready"}


Expected results:
 User can view the logs normally in Kibana

Additional info:

Comment 1 Ruben Romero Montes 2017-09-13 11:22:07 UTC

Created attachment 1325317 [details]
screenshot

Comment 2 Jeff Cantrill 2017-09-13 13:38:57 UTC

Is this a duplicate of 1456584?

Comment 3 Ruben Romero Montes 2017-09-13 14:35:05 UTC

It doesn't seem to be the same error. This one is:

 Illegal Unicode escape sequence near index 6
 test\\user
      ^

The other error was related to spaces in the names and the error message was: 
 com.floragunn.searchguard.tokeneval.MalformedConfigurationException: no bypass or execute filters at all

Comment 5 Jeff Cantrill 2017-09-13 15:19:58 UTC

I think the error message is unrelated to the login issue.

Comment 6 Ruben Romero Montes 2017-09-14 13:16:13 UTC

Created attachment 1326005 [details]
Request failed to _mget

The response is the following:
{  
   "error":{  
      "root_cause":[  
         {  
            "type":"pattern_syntax_exception",
            "reason":"Illegal Unicode escape sequence near index 6\ntest\\user\n      ^"
         }
      ],
      "type":"pattern_syntax_exception",
      "reason":"Illegal Unicode escape sequence near index 6\ntest\\user\n      ^"
   },
   "status":400
}

Comment 7 Ruben Romero Montes 2017-09-14 13:18:04 UTC

After that, when I refresh I am redirected to the status page with the following message for the elasticsearch plugin:

elasticsearch	1.0.0	 [pattern_syntax_exception] Illegal Unicode escape sequence near index 6 test\user ^

Comment 9 Jeff Cantrill 2017-09-14 20:19:08 UTC

The issue is in the SG plugin that is unable to handle user names with a slash.  Created: https://github.com/fabric8io/openshift-elasticsearch-plugin/pull/101 which converts the back slash to forward for ES use

Comment 12 Anping Li 2017-10-12 07:19:50 UTC

Verified and pass on images v3.6.173.0.48.

Comment 14 errata-xmlrpc 2017-10-25 13:06:40 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:3049

Note You need to log in before you can comment on or make changes to this bug.