1512495 – [3.6.1]some indices name miss in kibana

Bug 1512495 - [3.6.1]some indices name miss in kibana

Summary: [3.6.1]some indices name miss in kibana

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Logging
Sub Component:
Version:	3.6.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	3.6.z
Assignee:	Rich Megginson
QA Contact:	Anping Li
Docs Contact:
URL:
Whiteboard:
Depends On:	1511432 1530866
Blocks:
TreeView+	depends on / blocked

Reported:	2017-11-13 11:12 UTC by Anping Li
Modified:	2021-06-10 13:33 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: The multi tenancy plugin in Elasticsearch was inadvertently changed, while fixing another bug, not to look up projects for the user upon every login. Consequence: The list of projects was not displayed properly. Fix: The multi tenancy plugin in Elasticsearch was changed back to look up projects for the user upon every login Result: The list of projects is displayed properly.
Clone Of:	1511432
Environment:
Last Closed:	2018-06-01 17:32:04 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
project indices could be found on kibana UI. (222.99 KB, image/png) 2017-11-22 09:29 UTC, Junqi Zhao	no flags	Details
View All

Comment 2 Rich Megginson 2017-11-13 19:48:50 UTC

see https://bugzilla.redhat.com/attachment.cgi?id=1351670&action=edit

I've removed the TestBlocker flag as I am not aware of any functionality which is prevented by this issue.

It might also not be a Regression, depending on if this new behavior is intentional.

Comment 3 Anping Li 2017-11-17 05:48:39 UTC

@Rich, it is not a test block. We can continue following https://bugzilla.redhat.com/show_bug.cgi?id=1511432#c15.
   It should be a regression bug expect for we don't suggest logging in in using kibana route.

Comment 4 Anping Li 2017-11-17 07:50:02 UTC

The issue exists in logging-elasticsearch:v3.6.173.0.63, logging-kibana:      v3.6.173.0.63,logging-fluentd:v3.6.173.0.63

Comment 5 Junqi Zhao 2017-11-20 09:22:52 UTC

user can see the project indices by using workaround
https://bugzilla.redhat.com/show_bug.cgi?id=1511432#c15

But if there are a lot of projects, it will make customers disappointed if we let customers do the workaround manually

Comment 6 Junqi Zhao 2017-11-22 09:21:26 UTC

Tested with v3.6.173.0.78-1 logging images, these images contain the fix of https://bugzilla.redhat.com/show_bug.cgi?id=1510118
(MBARGOED CVE-2017-12195 security: OpenShift Enterprise 3: authentication bypass for elasticsearch with external routes [openshift-enterprise-3.6])

project indices could be found in kibana UI, see the attached file

Comment 7 Junqi Zhao 2017-11-22 09:29:10 UTC

Created attachment 1357322 [details]
project indices could be found on kibana UI.

Comment 8 Steven Walter 2018-01-22 21:51:54 UTC

What permissions are required for the workaround in #c15 of parent bug: https://bugzilla.redhat.com/show_bug.cgi?id=1511432 ? I created 2 users, "biguser" and "littleuser". I gave "admin" role to "biguser" and "view" role to "littleuser" and neither were able to configure the pattern "project.*". I had assumed they would be able to see the pattern but only projects they have access to would work.

Giving cluster-admin to biguser allows it to see project.*, of course. Is there another workaround for non-cluster-admin users?

For context, customer was trying to use project.* to workaround another issue where when trying to look at individual project index they get messages like:

As a cluster-admin:
Discover: "project.example.4e03e3cb-f0c2-11e7-9a3d-001a4aa86606.*" is not a configured pattern. Using the default index pattern: ".all"
I do still see log data.

An unprivileged user sees this:
Discover: "project.example.4e03e3cb-f0c2-11e7-9a3d-001a4aa86606.*" is not a configured pattern. Using the default index pattern: "project.empty-project.*"
They do not see any log data.


I put this here instead of parent bug because it is 3.6

Comment 9 Anping Li 2018-01-23 02:07:37 UTC

The issue wasn't in 3.6.173.0.96 which will be release soon.

Comment 10 Jeff Cantrill 2018-04-11 14:45:32 UTC

Moving this to 'ON_QA' based on c#9

Note You need to log in before you can comment on or make changes to this bug.