|Summary:||[3.6.1]some indices name miss in kibana|
|Product:||OpenShift Container Platform||Reporter:||Anping Li <anli>|
|Component:||Logging||Assignee:||Rich Megginson <rmeggins>|
|Status:||CLOSED CURRENTRELEASE||QA Contact:||Anping Li <anli>|
|Version:||3.6.1||CC:||aos-bugs, bleanhar, jcantril, juzhao, pweil, rmeggins, stwalter, wsun|
|Fixed In Version:||Doc Type:||Bug Fix|
Cause: The multi tenancy plugin in Elasticsearch was inadvertently changed, while fixing another bug, not to look up projects for the user upon every login. Consequence: The list of projects was not displayed properly. Fix: The multi tenancy plugin in Elasticsearch was changed back to look up projects for the user upon every login Result: The list of projects is displayed properly.
|Last Closed:||2018-06-01 17:32:04 UTC||Type:||Bug|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
|Bug Depends On:||1511432, 1530866|
Comment 2 Rich Megginson 2017-11-13 19:48:50 UTC
see https://bugzilla.redhat.com/attachment.cgi?id=1351670&action=edit I've removed the TestBlocker flag as I am not aware of any functionality which is prevented by this issue. It might also not be a Regression, depending on if this new behavior is intentional.
Comment 3 Anping Li 2017-11-17 05:48:39 UTC
@Rich, it is not a test block. We can continue following https://bugzilla.redhat.com/show_bug.cgi?id=1511432#c15. It should be a regression bug expect for we don't suggest logging in in using kibana route.
Comment 4 Anping Li 2017-11-17 07:50:02 UTC
The issue exists in logging-elasticsearch:v184.108.40.206.63, logging-kibana: v220.127.116.11.63,logging-fluentd:v18.104.22.168.63
Comment 5 Junqi Zhao 2017-11-20 09:22:52 UTC
user can see the project indices by using workaround https://bugzilla.redhat.com/show_bug.cgi?id=1511432#c15 But if there are a lot of projects, it will make customers disappointed if we let customers do the workaround manually
Comment 6 Junqi Zhao 2017-11-22 09:21:26 UTC
Tested with v22.214.171.124.78-1 logging images, these images contain the fix of https://bugzilla.redhat.com/show_bug.cgi?id=1510118 (MBARGOED CVE-2017-12195 security: OpenShift Enterprise 3: authentication bypass for elasticsearch with external routes [openshift-enterprise-3.6]) project indices could be found in kibana UI, see the attached file
Comment 7 Junqi Zhao 2017-11-22 09:29:10 UTC
Created attachment 1357322 [details] project indices could be found on kibana UI.
Comment 8 Steven Walter 2018-01-22 21:51:54 UTC
What permissions are required for the workaround in #c15 of parent bug: https://bugzilla.redhat.com/show_bug.cgi?id=1511432 ? I created 2 users, "biguser" and "littleuser". I gave "admin" role to "biguser" and "view" role to "littleuser" and neither were able to configure the pattern "project.*". I had assumed they would be able to see the pattern but only projects they have access to would work. Giving cluster-admin to biguser allows it to see project.*, of course. Is there another workaround for non-cluster-admin users? For context, customer was trying to use project.* to workaround another issue where when trying to look at individual project index they get messages like: As a cluster-admin: Discover: "project.example.4e03e3cb-f0c2-11e7-9a3d-001a4aa86606.*" is not a configured pattern. Using the default index pattern: ".all" I do still see log data. An unprivileged user sees this: Discover: "project.example.4e03e3cb-f0c2-11e7-9a3d-001a4aa86606.*" is not a configured pattern. Using the default index pattern: "project.empty-project.*" They do not see any log data. I put this here instead of parent bug because it is 3.6
Comment 9 Anping Li 2018-01-23 02:07:37 UTC
The issue wasn't in 126.96.36.199.96 which will be release soon.
Comment 10 Jeff Cantrill 2018-04-11 14:45:32 UTC
Moving this to 'ON_QA' based on c#9