Giters

sscarduzio / elasticsearch-readonlyrest-plugin

Free Elasticsearch security plugin and Kibana security plugin: super-easy Kibana multi-tenancy, Encryption, Authentication, Authorization, Auditing

Home Page:https://readonlyrest.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Kibana Short url creation not recognised on Kibana 7.8.1

pchesneau opened this issue · comments

commented

Hello!
It seems the url for short url creation has been modified in Elasticsearch/Kibana 7.8.1.
I got a rejection when trying to create short url with ro profile.

From my investigation : the new url format for creation seem to be /.kibana/_create/url:710d2a92ef849fc282bcb8a216f39046 while the regex used to recognized such operation seem to be ^/@kibana_index/(url|config/.*/_create|index-pattern|doc/index-pattern.*|doc/url.*)/.*|^/_template/.*|^/@kibana_index/doc/telemetry.*|^/@kibana_index/(_update/index-pattern.*|_update/url.*)

I would be happy to create a PR for this, if you confirm there is a mismatch. 🙂

Below a log that shows the new url for saved search .
{"type": "server", "timestamp": "2021-01-27T17:54:44,546+01:00", "level": "DEBUG", "component": "t.b.r.a.b.Block", "cluster.name": "om-kibana-client", "node.name": "elasticsearch-14-nl8wx", "message": "\u001B[33m[Allow HealthCheck] the request matches no rules in this block: { ID:1584853573-1885598663#1375238, TYP:IndexRequest, CGR:N/A, USR:admin (attempted), BRS:false, KDX:null, ACT:indices:data/write/index, OA:172.22.16.233/32, XFF:null, DA:172.22.17.108/32, IDX:.kibana, MET:POST, PTH:/.kibana/_create/url:710d2a92ef849fc282bcb8a216f39046, CNT:{\"url\":{\"url\":\"/app/kibana#/discover?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-15m,to:now))&_a=(columns:!(_source),filters:!(),index:e1c6e5b0-b150-11ea-8c75-ab5ec0583946,interval:auto,query:(language:kuery,query:%27%27),sort:!())\",\"accessCount\":0,\"createDate\":1611766484541,\"accessDate\":1611766484541},\"type\":\"url\",\"references\":[],\"updated_at\":\"2021-01-27T16:54:44.541Z\"}, HDR:Authorization=<OMITTED>, Connection=keep-alive, Content-Length=395, Host=elasticsearch-service.infratools-qualif-multi.svc:9200, content-type=application/json, x-ror-kibana-request-method=post, x-ror-kibana-request-path=/api/shorten_url, HIS:[Allow HealthCheck-> RULES:[methods->false] RESOLVED:[indices=.kibana]], } \u001B[0m", "cluster.uuid": "5mXw0oHVQW-duXD2fXb3rw", "node.id": "9jTi6WbxQum8Nasm_6RblQ" }

commented

Good catch @pchesneau!

I would add a new pattern between the "|" in the regex, without removing any existing ones, as this piece of code is in "core", and it is common to all ES versions, including the old ones.

commented

Thanks for thé feedback! I will prepare this

commented

Just to be sure, except saved search, what else is supposed to work while connected as a RO user? Maybe index patterns?

commented

No, index patterns are created by rw users.