* Search Guard and Elasticsearch version
{
"name" : "vK2vBkK",
"cluster_name" : "elasticsearch",
"cluster_uuid" : "t_EwPLkSRDWMrUAcaae9Uw",
"version" : {
"number" : "5.3.0",
"build_hash" : "3adb13b",
"build_date" : "2017-03-23T03:31:50.652Z",
"build_snapshot" : false,
"lucene_version" : "6.4.1"
},
"tagline" : "You Know, for Search"
}
search-guard-5-5.3.0-11.jar
* JVM version and operating system version
java version "1.8.0_121"
Java(TM) SE Runtime Environment (build 1.8.0_121-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.121-b13, mixed mode)
* Number of nodes in your cluster
3
* Description of the bug
After upgrading to 5.3.0 we started getting errors on our ES servers for permissions errors for data/write/bulk[s] when logging in from our Kibana servers:
[2017-04-06T23:57:08,636][INFO ][c.f.s.c.PrivilegesEvaluator] No perm match for User [name=user, roles=[]] [IndexType [index=.kibana-367, type=*]] [Action [indices:data/write/bulk[s]]] [RolesChecked [sg_kibana_optimizely, sg_public]]
Here is an example of the permissions set in sg_roles.yml.
sg_kibana_user:
cluster:
- '*'
- indices:data/write/bulk* <-- Added after finding an article that seemed related but no change in behavior
indices:
'?kibana-367':
'index-pattern':
- KIBANA_INDEX_PATTERNS
'*':
- KIBANA_INDEX_OTHER
'367-*':
'*':
- SPARK_ORG_USER
- READ
- SEARCH
- indices:admin/mappings/fields/get*
'travelers-367-*':
'*':
- SPARK_ORG_USER
- READ
- SEARCH
- indices:admin/mappings/fields/get*
Unsure if it's related but there was an ES crash before this started happening. I tried to open an issue with ES as well but they closed it immediately citing lack of information.
[2017-04-06T20:10:15,489][ERROR][o.e.b.ElasticsearchUncaughtExceptionHandler] [] fatal error in thread [elasticsearch[MkZ0lPb][bulk][T#1]], exiting
java.lang.StackOverflowError: null
I don't have much else to give you. There's nothing else in the logs that seems related or interesting.