Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1512495 - [3.6.1]some indices name miss in kibana
Summary: [3.6.1]some indices name miss in kibana
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Logging
Version: 3.6.1
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 3.6.z
Assignee: Rich Megginson
QA Contact: Anping Li
URL:
Whiteboard:
Depends On: 1511432 1530866
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-11-13 11:12 UTC by Anping Li
Modified: 2018-06-01 17:32 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: The multi tenancy plugin in Elasticsearch was inadvertently changed, while fixing another bug, not to look up projects for the user upon every login. Consequence: The list of projects was not displayed properly. Fix: The multi tenancy plugin in Elasticsearch was changed back to look up projects for the user upon every login Result: The list of projects is displayed properly.
Clone Of: 1511432
Environment:
Last Closed: 2018-06-01 17:32:04 UTC
Target Upstream Version:


Attachments (Terms of Use)
project indices could be found on kibana UI. (deleted)
2017-11-22 09:29 UTC, Junqi Zhao
no flags Details

Comment 2 Rich Megginson 2017-11-13 19:48:50 UTC
see https://bugzilla.redhat.com/attachment.cgi?id=1351670&action=edit

I've removed the TestBlocker flag as I am not aware of any functionality which is prevented by this issue.

It might also not be a Regression, depending on if this new behavior is intentional.

Comment 3 Anping Li 2017-11-17 05:48:39 UTC
@Rich, it is not a test block. We can continue following https://bugzilla.redhat.com/show_bug.cgi?id=1511432#c15.
   It should be a regression bug expect for we don't suggest logging in in using kibana route.

Comment 4 Anping Li 2017-11-17 07:50:02 UTC
The issue exists in logging-elasticsearch:v3.6.173.0.63, logging-kibana:      v3.6.173.0.63,logging-fluentd:v3.6.173.0.63

Comment 5 Junqi Zhao 2017-11-20 09:22:52 UTC
user can see the project indices by using workaround
https://bugzilla.redhat.com/show_bug.cgi?id=1511432#c15

But if there are a lot of projects, it will make customers disappointed if we let customers do the workaround manually

Comment 6 Junqi Zhao 2017-11-22 09:21:26 UTC
Tested with v3.6.173.0.78-1 logging images, these images contain the fix of https://bugzilla.redhat.com/show_bug.cgi?id=1510118
(MBARGOED CVE-2017-12195 security: OpenShift Enterprise 3: authentication bypass for elasticsearch with external routes [openshift-enterprise-3.6])

project indices could be found in kibana UI, see the attached file

Comment 7 Junqi Zhao 2017-11-22 09:29:10 UTC
Created attachment 1357322 [details]
project indices could be found on kibana UI.

Comment 8 Steven Walter 2018-01-22 21:51:54 UTC
What permissions are required for the workaround in #c15 of parent bug: https://bugzilla.redhat.com/show_bug.cgi?id=1511432 ? I created 2 users, "biguser" and "littleuser". I gave "admin" role to "biguser" and "view" role to "littleuser" and neither were able to configure the pattern "project.*". I had assumed they would be able to see the pattern but only projects they have access to would work.

Giving cluster-admin to biguser allows it to see project.*, of course. Is there another workaround for non-cluster-admin users?

For context, customer was trying to use project.* to workaround another issue where when trying to look at individual project index they get messages like:

As a cluster-admin:
Discover: "project.example.4e03e3cb-f0c2-11e7-9a3d-001a4aa86606.*" is not a configured pattern. Using the default index pattern: ".all"
I do still see log data.

An unprivileged user sees this:
Discover: "project.example.4e03e3cb-f0c2-11e7-9a3d-001a4aa86606.*" is not a configured pattern. Using the default index pattern: "project.empty-project.*"
They do not see any log data.


I put this here instead of parent bug because it is 3.6

Comment 9 Anping Li 2018-01-23 02:07:37 UTC
The issue wasn't in 3.6.173.0.96 which will be release soon.

Comment 10 Jeff Cantrill 2018-04-11 14:45:32 UTC
Moving this to 'ON_QA' based on c#9


Note You need to log in before you can comment on or make changes to this bug.