Bug 1491635 - cluster-admin save search records fail
Summary: cluster-admin save search records fail
Keywords:
Status: CLOSED DUPLICATE of bug 1476062
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Logging
Version: 3.6.1
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: ---
Assignee: Jeff Cantrill
QA Contact: Xia Zhao
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-09-14 10:19 UTC by Anping Li
Modified: 2017-09-22 14:51 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-09-21 18:33:28 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Anping Li 2017-09-14 10:19:10 UTC 
Description of problem:
The cluster-admin user couldn't save the search record. 

Version-Release number of selected component (if applicable):
logging v3.6.173.0.33

How reproducible:
always

Steps to Reproduce:
1. oadm policy add-cluster-role-to-user cluster-admin admin
2. login kibana with 'admin'
3. save record
   Discover->save search

Actual results:
Discover: Request to Elasticsearch failed: "[security_exception] no permissions for indices:data/write/index"

Error: Request to Elasticsearch failed: "[security_exception] no permissions for indices:data/write/index"
KbnError@https://kibana.0907-l3h.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:57511:21
RequestFailure@https://kibana.0907-l3h.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:57544:6
__WEBPACK_AMD_DEFINE_RESULT__</</</<@https://kibana.0907-l3h.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:97666:16
processQueue@https://kibana.0907-l3h.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:42452:29
scheduleProcessQueue/<@https://kibana.0907-l3h.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:42468:28
$RootScopeProvider/this.$get</Scope.prototype.$eval@https://kibana.0907-l3h.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:43696:17
$RootScopeProvider/this.$get</Scope.prototype.$digest@https://kibana.0907-l3h.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:43507:16
$RootScopeProvider/this.$get</Scope.prototype.$apply@https://kibana.0907-l3h.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:43804:14
done@https://kibana.0907-l3h.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:38253:37
completeRequest@https://kibana.0907-l3h.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:38451:8
requestLoaded@https://kibana.0907-l3h.qe.rhcloud.com/bundles/commons.bundle.js?v=10229:38392:10

Expected results:


Additional info:
The common user can save record.
Comment 1 Jan Wozniak 2017-09-15 14:49:50 UTC 
I am trying to reproduce and so far unsuccessfully. I can safe the search for both regular user as well as cluster-admin. Could you please provide from project 'logging'

  $ oc get pod -o yaml

and ansible inventory?
Comment 3 Xia Zhao 2017-09-18 08:43:45 UTC 
I meet similar issue on OCP 3.7 when using shared_ops mode -- the unique mode worked fine, as is described here: https://bugzilla.redhat.com/show_bug.cgi?id=1492576
Comment 5 Jan Wozniak 2017-09-18 15:27:23 UTC 
As Xia pointed out, it really is the same issue. Jeff created a fix for this in a PR

https://github.com/openshift/origin-aggregated-logging/pull/641
Comment 6 Jeff Cantrill 2017-09-21 18:33:28 UTC 

*** This bug has been marked as a duplicate of bug 1476062 ***
Comment 7 Anping Li 2017-09-22 01:51:01 UTC 
@Jeff, Won't we fix this issue in v3.6?
Comment 8 Jeff Cantrill 2017-09-22 14:51:36 UTC 
There is an open PR https://github.com/openshift/origin-aggregated-logging/pull/641 to backport to 3.6
Note You need to log in before you can comment on or make changes to this bug.