Cannot see non-reserved users and roles since 6.1 upgrade

Elastic Stack Elasticsearch
1

We upgraded from 5.x to 6.1 and since then I cannot see any of the manually created users and roles anymore under Management -> Users / Roles. I cannot see them on the dev console using the GET /_xpack/security/user endpoint either, but I can see them when accessing a user directly using the GET /_xpack/security/user/<username> endpoint. These "invisible" user can log in just fine.

I assumed an updated permission and gave my own user the superuser role and now I can see my own user in the list, but not the others.

It almost seems like v6.1 has introduced additional data structures for users that were not created properly during the migration but are created when I "touch" a user ?!?

Appreciate your help!

Simon

2

Do you have an active support subscription?
If so, it might be easier to resolve this through the support process, as it will allow us to dig into security details that you probably don't want to provide in public.

If not, let's see what we can debug here:

Firstly, did you run the migration assistant before upgrading?
It make some changes to the security indices that are needed for 6.1 to work correctly.

Can you run each of the following and provide the results. None of the output should contain anything sensitive, but please double check before you post your results.

(You can replace -u elastic with another superuser if you want, but it needs to be a superuser)

curl -u elastic 'http://localhost:9200/.security?pretty' 

curl -u elastic 'http://localhost:9200/.security/user/_count?pretty'

curl -u elastic 'http://localhost:9200/.security/doc/_count?pretty'

curl -XGET -u elastic 'http://localhost:9200/.security/doc/_count?pretty' -d '{ "query": { "term": { "type": "user" } } }'  -H "Content-Type: application/json"
3

Thanks a lot for the swift reply. Unfortunately we're on the "forum only" startup plan.

Here are the results:

/.security?pretty
Response 
{
  ".security-6": {
    "aliases": {
      ".security": {}
    },
    "mappings": {
      "doc": {
        "dynamic": "strict",
        "_meta": {
          "security-version": "6.1.2"
        },
        "properties": {
          "cluster": {
            "type": "keyword"
          },
          "doc_type": {
            "type": "keyword"
          },
          "email": {
            "type": "text",
            "analyzer": "email"
          },
          "enabled": {
            "type": "boolean"
          },
          "expiration_time": {
            "type": "date",
            "format": "epoch_millis"
          },
          "full_name": {
            "type": "text"
          },
          "indices": {
            "properties": {
              "field_security": {
                "properties": {
                  "except": {
                    "type": "keyword"
                  },
                  "grant": {
                    "type": "keyword"
                  }
                }
              },
              "names": {
                "type": "keyword"
              },
              "privileges": {
                "type": "keyword"
              },
              "query": {
                "type": "keyword"
              }
            }
          },
          "metadata": {
            "type": "object",
            "dynamic": "true"
          },
          "name": {
            "type": "keyword"
          },
          "password": {
            "type": "keyword",
            "index": false,
            "doc_values": false
          },
          "roles": {
            "type": "keyword"
          },
          "rules": {
            "type": "object",
            "dynamic": "true"
          },
          "run_as": {
            "type": "keyword"
          },
          "type": {
            "type": "keyword"
          },
          "username": {
            "type": "keyword"
          }
        }
      }
    },
    "settings": {
      "index": {
        "number_of_shards": "1",
        "auto_expand_replicas": "0-all",
        "provided_name": ".security-6",
        "format": "6",
        "creation_date": "1516910549388",
        "analysis": {
          "filter": {
            "email": {
              "type": "pattern_capture",
              "preserve_original": "true",
              "patterns": [
                "([^@]+)",
                "(\\p{L}+)",
                "(\\d+)",
                "@(.+)"
              ]
            }
          },
          "analyzer": {
            "email": {
              "filter": [
                "email",
                "lowercase",
                "unique"
              ],
              "tokenizer": "uax_url_email"
            }
          }
        },
        "priority": "1000",
        "number_of_replicas": "0",
        "uuid": "lLLaDHaiTuSRvpMwRaAvsw",
        "version": {
          "created": "6010299"
        }
      }
    }
  }
}

/.security/user/_count?pretty
Response 
{
  "count": 0,
  "_shards": {
    "total": 1,
    "successful": 1,
    "skipped": 0,
    "failed": 0
  }
}

/.security/doc/_count?pretty
Response 
{
  "count": 53,
  "_shards": {
    "total": 1,
    "successful": 1,
    "skipped": 0,
    "failed": 0
  }
}

/.security/doc/_count?pretty
{ "query": { "term": { "type": "user" } } }
Response 
{
  "count": 1,
  "_shards": {
    "total": 1,
    "successful": 1,
    "skipped": 0,
    "failed": 0
  }
}

We did run the migration assistant and did migrate all indices without any errors we were aware of.

Thanks for you help!
Simon

4

@TimV can you see from the queries how we can make our users visible again?

5

Sorry, Discourse can be somewhat unreliable about sending email replies so I only just saw your post.

I really don't understand what is happening here, I'll send you a private messages.

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.