Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing authentication token in Canvas datasources #23303

Closed
cqliu1 opened this issue Sep 18, 2018 · 2 comments
Closed

Missing authentication token in Canvas datasources #23303

cqliu1 opened this issue Sep 18, 2018 · 2 comments
Assignees
@w33ble
Labels
blocker bug Fixes for quality problems that affect the customer experience Feature:Canvas loe:small Small Level of Effort PR sent Team:Presentation Presentation Team for Dashboard, Input Controls, and Canvas Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! v6.5.0

Comments

@cqliu1
Copy link
Contributor

cqliu1 commented Sep 18, 2018

After enabling security in elasticsearch and kibana and logging into the elastic superuser, I got this error when trying to use esdocs.

screen shot 2018-09-18 at 4 48 08 pm

I get the same error when using escount and timelion.
@cqliu1 cqliu1 added bug Fixes for quality problems that affect the customer experience Team:Presentation Presentation Team for Dashboard, Input Controls, and Canvas labels Sep 18, 2018
@w33ble
Copy link
Contributor

w33ble commented Sep 18, 2018

The answer is probably to use https://github.com/elastic/kibana/blob/master/src/ui/public/kfetch/kfetch.ts

@cqliu1 cqliu1 added blocker loe:small Small Level of Effort labels Sep 19, 2018
This was referenced Sep 19, 2018
Merged
Closed
@cqliu1 cqliu1 self-assigned this Sep 27, 2018
@cqliu1
Copy link
Contributor Author

cqliu1 commented Sep 28, 2018

ui/kfetch isn't available as an import in timelion because it's a server function. I went poking around, and it looks like the hacky way we were attaching auth headers no longer works. There was some discussion in #20802 about how this wouldn't work in the new platform. Are we blocked by #18301?

@cqliu1 cqliu1 removed their assignment Sep 28, 2018
@alexfrancoeur alexfrancoeur added the Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! label Oct 10, 2018
@w33ble w33ble mentioned this issue Oct 16, 2018
Merged
@w33ble w33ble self-assigned this Oct 16, 2018
@w33ble w33ble added the PR sent label Oct 17, 2018
@w33ble w33ble added the v6.5.0 label Oct 18, 2018
w33ble added a commit that referenced this issue Oct 24, 2018
@w33ble
Fix: Canvas socket auth (#24094)
5009efd 
## Summary

Closes #23303 ~(@cqliu1 can you confirm this too?)~ confirmed

Fixes the way we capture the request info when configuring the socket and providing it to plugins via `callWithRequest`. Instead of exposing a route that returns the info, simply use the request object that comes back from `server.inject`.

Also adds a check in the `elasticsearchClient` handler exposed to plugins to ensure the session is still valid because using `callWithRequest`.

![screenshot 2018-10-16 10 37 56](https://user-images.githubusercontent.com/404731/47036828-32768c00-d132-11e8-81a0-122b5e83c7ef.png)
*Note:* the actual error message is a bit different, but this is how the failure is exposed to the user
w33ble added a commit that referenced this issue Oct 24, 2018
@w33ble
Fix: Canvas socket auth (#24094)
fe7c9ec 
## Summary

Closes #23303 ~(@cqliu1 can you confirm this too?)~ confirmed

Fixes the way we capture the request info when configuring the socket and providing it to plugins via `callWithRequest`. Instead of exposing a route that returns the info, simply use the request object that comes back from `server.inject`.

Also adds a check in the `elasticsearchClient` handler exposed to plugins to ensure the session is still valid because using `callWithRequest`.

![screenshot 2018-10-16 10 37 56](https://user-images.githubusercontent.com/404731/47036828-32768c00-d132-11e8-81a0-122b5e83c7ef.png)
*Note:* the actual error message is a bit different, but this is how the failure is exposed to the user
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@w33ble w33ble

Labels
blocker bug Fixes for quality problems that affect the customer experience Feature:Canvas loe:small Small Level of Effort PR sent Team:Presentation Presentation Team for Dashboard, Input Controls, and Canvas Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! v6.5.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@w33ble @cqliu1 @marius-dr @alexfrancoeur