[APM] Authorization exception on Kibana startup #45610
Comments
liza-mae
added
bug
|
Pinging @elastic/apm-ui |
|
Ouch, this sounds like something we really need fixed before the release. From the stacktrace I can't see exactly where the error occurs: But I'd assume it is this line: If that's the case I'm a bit surprised. Because that call uses @ogupte Is this something you are able to repo? |
|
@ogupte Could it be that you need to give the internal user access to the |
|
@liza-mae I was only able to reproduce this problem if I created a new user that didn't have the elasticsearch.username: myuser
elasticsearch.password: mypasswordWith the default user I didn't get any errors. Can you elaborate a bit on which user Kibana is running with, and which roles this user has? |
|
@ogupte Regardless why this happens we should probably wrap |
|
Turns out that the default Additionally we need to add access checks to the endpoints that return agent configuration data: kibana/x-pack/legacy/plugins/apm/server/routes/create_api/index.ts Lines 57 to 59 in 19262a8 |
Kibana version: 7.4.0 BC4
Elasticsearch version: 7.4.0 BC4
Server OS version: Linux
Browser version: Chrome Latest
Original install method (e.g. download page, yum, from source, etc.):
staging
Description of the problem including expected versus actual behavior:
Kibana error message on startup, not sure what it means and if it is expected or not.
Steps to reproduce:
{"type":"error","@timestamp":"2019-09-13T02:10:25Z","tags":["warning","process"],"pid":2033,"level":"error","error":{"message":"Authorization Exception :: {"path":"/.apm-agent-configuration","query":{},"statusCode":403,"response":""}\n at respond (/tmp/kibana-7.4.0-linux-x86_64/node_modules/elasticsearch/src/lib/transport.js:315:15)\n at checkRespForFailure (/tmp/kibana-7.4.0-linux-x86_64/node_modules/elasticsearch/src/lib/transport.js:274:7)\n at HttpConnector. (/tmp/kibana-7.4.0-linux-x86_64/node_modules/elasticsearch/src/lib/connectors/http.js:166:7)\n at IncomingMessage.wrapper (/tmp/kibana-7.4.0-linux-x86_64/node_modules/elasticsearch/node_modules/lodash/lodash.js:4929:19)\n at IncomingMessage.emit (events.js:194:15)\n at endReadableNT (_stream_readable.js:1103:12)\n at process._tickCallback (internal/process/next_tick.js:63:19)","name":"UnhandledPromiseRejectionWarning","stack":"UnhandledPromiseRejectionWarning: Authorization Exception :: {"path":"/.apm-agent-configuration","query":{},"statusCode":403,"response":""}\n at respond (/tmp/kibana-7.4.0-linux-x86_64/node_modules/elasticsearch/src/lib/transport.js:315:15)\n at checkRespForFailure (/tmp/kibana-7.4.0-linux-x86_64/node_modules/elasticsearch/src/lib/transport.js:274:7)\n at HttpConnector. (/tmp/kibana-7.4.0-linux-x86_64/node_modules/elasticsearch/src/lib/connectors/http.js:166:7)\n at IncomingMessage.wrapper (/tmp/kibana-7.4.0-linux-x86_64/node_modules/elasticsearch/node_modules/lodash/lodash.js:4929:19)\n at IncomingMessage.emit (events.js:194:15)\n at endReadableNT (_stream_readable.js:1103:12)\n at process._tickCallback (internal/process/next_tick.js:63:19)\n at emitWarning (internal/process/promises.js:81:15)\n at emitPromiseRejectionWarnings (internal/process/promises.js:120:9)\n at process._tickCallback (internal/process/next_tick.js:69:34)"},"message":"Authorization Exception :: {"path":"/.apm-agent-configuration","query":{},"statusCode":403,"response":""}\n at respond (/tmp/kibana-7.4.0-linux-x86_64/node_modules/elasticsearch/src/lib/transport.js:315:15)\n at checkRespForFailure (/tmp/kibana-7.4.0-linux-x86_64/node_modules/elasticsearch/src/lib/transport.js:274:7)\n at HttpConnector. (/tmp/kibana-7.4.0-linux-x86_64/node_modules/elasticsearch/src/lib/connectors/http.js:166:7)\n at IncomingMessage.wrapper (/tmp/kibana-7.4.0-linux-x86_64/node_modules/elasticsearch/node_modules/lodash/lodash.js:4929:19)\n at IncomingMessage.emit (events.js:194:15)\n at endReadableNT (_stream_readable.js:1103:12)\n at process._tickCallback (internal/process/next_tick.js:63:19)"}
{"type":"error","@timestamp":"2019-09-13T02:10:25Z","tags":["warning","process"],"pid":2033,"level":"error","error":{"message":"Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)","name":"UnhandledPromiseRejectionWarning","stack":"Authorization Exception :: {"path":"/.apm-agent-configuration","query":{},"statusCode":403,"response":""}\n at respond (/tmp/kibana-7.4.0-linux-x86_64/node_modules/elasticsearch/src/lib/transport.js:315:15)\n at checkRespForFailure (/tmp/kibana-7.4.0-linux-x86_64/node_modules/elasticsearch/src/lib/transport.js:274:7)\n at HttpConnector. (/tmp/kibana-7.4.0-linux-x86_64/node_modules/elasticsearch/src/lib/connectors/http.js:166:7)\n at IncomingMessage.wrapper (/tmp/kibana-7.4.0-linux-x86_64/node_modules/elasticsearch/node_modules/lodash/lodash.js:4929:19)\n at IncomingMessage.emit (events.js:194:15)\n at endReadableNT (_stream_readable.js:1103:12)\n at process._tickCallback (internal/process/next_tick.js:63:19)"},"message":"Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)"}
The text was updated successfully, but these errors were encountered: