Problems with role based access: x_content_parse_exception


(andrea) #1

Hi guys,
I'm facing a strange problem with role based access control. Here is my use case:

INDEX DEFINITION

{
"invoices_status" : {
"aliases" : { },
"mappings" : {
"status" : {
"properties" : {
"company" : {
"type" : "text"
},
"error_type" : {
"type" : "text"
},
"invoice_id" : {
"type" : "text"
}
}
}
},
"settings" : {
"index" : {
"creation_date" : "1536588960795",
"number_of_shards" : "5",
"number_of_replicas" : "1",
"uuid" : "ocN_Tl79SOqW6U7x3X8ONA",
"version" : {
"created" : "6040099"
},
"provided_name" : "invoices_status"
}
}
}
}

BRIEF LIST OF INSERTED DOCUMENTS

  • company: company_1 invoice_id: company_1_22222 error_type: business _id: 2 _type: status _index: invoices_status _score: 1
  • company: company_1 invoice_id: company_1_44444 error_type: technical _id: 4 _type: status _index: invoices_status _score: 1
  • company: company_1 invoice_id: company_1_22222 error_type: business _id: 1 _type: status _index: invoices_status _score: 1
  • company: company_2 invoice_id: company_2_33333 error_type: business _id: 3 _type: status _index: invoices_status _score: 1

ROLE DEFINITION
curl --user elastic:elastic -X GET "localhost:9200/_xpack/security/role/bus_company1_invoice_status?pretty"
{
"bus_company1_invoice_status" : {
"cluster" : [ ],
"indices" : [
{
"names" : [
"invoices_status"
],
"privileges" : [
"all"
],
"field_security" : {
"grant" : [
""
]
},
"query" : ""must": [{"match": {"company": "company_1"}},{"match": {"error_type": "business"}}]"
}
],
"applications" : [
{
"application" : "kibana-.kibana",
"privileges" : [
"all"
],
"resources" : [
"
"
]
}
],
"run_as" : [ ],
"metadata" : { },
"transient_metadata" : {
"enabled" : true
}
}
}

EXPECTED BEHAVIOUR

I expect that when I query for all documents using a bus_company1_invoice_status user, only documents that have company: company_1 and error_type: business will be returned. So, basically, only the following:

  • _id: 1
  • _id: 2

The query definition works fine:

curl --user elastic:elastic -X GET "localhost:9200/invoices_status/status/_search" -H 'Content-Type: application/json' -d'
{
"query": {
"bool": {
"must": [
{ "match": { "company": "company_1" }},
{ "match": { "error_type": "business" }}
]
}
}
}
'

{"took":3,"timed_out":false,"_shards":{"total":5,"successful":5,"skipped":0,"failed":0},"hits":{"total":2,"max_score":0.87546873,"hits":[{"_index":"invoices_status","_type":"status","_id":"2","_score":0.87546873,"_source":
{
"company": "company_1",
"invoice_id": "company_1_22222",
"error_type": "business"
}
},{"_index":"invoices_status","_type":"status","_id":"1","_score":0.5753642,"_source":
{
"company": "company_1",
"invoice_id": "company_1_22222",
"error_type": "business"
}
}]}}[

ACTUAL BEHAVIOUR

curl --user bus_company1_invoice_status:****** -XGET 'localhost:9200/invoices_status/_search?pretty' -H 'Content-Type: application/json' -d'
{
"size": 10000,
"query": {
"match_all": {}
}
}

{
"error" : {
"root_cause" : [
{
"type" : "x_content_parse_exception",
"reason" : "Failed to derive xcontent"
}
],
"type" : "search_phase_execution_exception",
"reason" : "all shards failed",
"phase" : "query",
"grouped" : true,
"failed_shards" : [
{
"shard" : 0,
"index" : "invoices_status",
"node" : "V7dQrUk-RhO_GgWpZ5H8zw",
"reason" : {
"type" : "x_content_parse_exception",
"reason" : "Failed to derive xcontent"
}
}
],
"caused_by" : {
"type" : "x_content_parse_exception",
"reason" : "Failed to derive xcontent",
"caused_by" : {
"type" : "x_content_parse_exception",
"reason" : "Failed to derive xcontent"
}
}
},
"status" : 400
}

'

Instead, documents are returned correctly if the search is done using the "elastic" user. What's wrong in it?
Thanks,

Andrea


(Ioannis Kakavas) #2

There seems to be an issue with the query definition here. Please try with

"query" : "{\"must\": [{\"match\": {\"company\": \"company_1\"}},{\"match\": {\"error_type\": \"business\"}}]}"

(andrea) #3

Thank you for your suggestion. Basically you added a pair of braces, but it seems not to work. Here it is exception detail provided by Kibana gui

Error: Request to Elasticsearch failed: {"error":{"root_cause":[{"type":"x_content_parse_exception","reason":"Failed to derive xcontent"}],"type":"search_phase_execution_exception","reason":"all shards failed","phase":"query","grouped":true,"failed_shards":[{"shard":0,"index":"invoices_status","node":"V7dQrUk-RhO_GgWpZ5H8zw","reason":{"type":"x_content_parse_exception","reason":"Failed to derive xcontent"}}],"caused_by":{"type":"x_content_parse_exception","reason":"Failed to derive xcontent","caused_by":{"type":"x_content_parse_exception","reason":"Failed to derive xcontent"}}},"status":400}
KbnError@http://localhost:5601/bundles/commons.bundle.js:3:8333
RequestFailure@http://localhost:5601/bundles/commons.bundle.js:3:8736
callResponseHandlers/<@http://localhost:5601/bundles/commons.bundle.js:3:1094604
Promise.try@http://localhost:5601/bundles/commons.bundle.js:3:807109
Promise.map/<@http://localhost:5601/bundles/commons.bundle.js:3:806472
Promise.map@http://localhost:5601/bundles/commons.bundle.js:3:806437
callResponseHandlers@http://localhost:5601/bundles/commons.bundle.js:3:1093955
fetchSearchResults/<@http://localhost:5601/bundles/commons.bundle.js:3:1079928
processQueue@http://localhost:5601/bundles/vendors.bundle.js:197:199684
scheduleProcessQueue/<@http://localhost:5601/bundles/vendors.bundle.js:197:200647
$RootScopeProvider/this.$get</Scope.prototype.$digest@http://localhost:5601/bundles/vendors.bundle.js:197:210409
$RootScopeProvider/this.$get</Scope.prototype.$evalAsync/<@http://localhost:5601/bundles/vendors.bundle.js:197:212930
completeOutstandingRequest@http://localhost:5601/bundles/vendors.bundle.js:197:64421
Browser/self.defer/timeoutId<@http://localhost:5601/bundles/vendors.bundle.js:197:67265 Blockquote


(Ioannis Kakavas) #4

No, I escaped all internal double-quotes " with a backslash \

"query" : "{\"must\": [{\"match\": {\"company\": \"company_1\"}},{\"match\": {\"error_type\": \"business\"}}]}"

See our documentation also for further examples : https://www.elastic.co/guide/en/elastic-stack-overview/current/defining-roles.html#_example


(andrea) #5

Found the error, this is the right role definition and it works fine! Thank you for your help!

curl --user elastic:elastic -X GET "localhost:9200/_xpack/security/role/bus_company1_invoice_status?pretty"
{
"bus_company1_invoice_status" : {
"cluster" : [ ],
"indices" : [
{
"names" : [
"invoices_status"
],
"privileges" : [
"all"
],
"field_security" : {
"grant" : [
""
]
},
"query" : "{"bool": {"must": [{"match": {"company": "company_1"}},{"match": {"error_type": "business"}}]}}"
}
],
"applications" : [
{
"application" : "kibana-.kibana",
"privileges" : [
"all"
],
"resources" : [
"
"
]
}
],
"run_as" : [ ],
"metadata" : { },
"transient_metadata" : {
"enabled" : true
}
}
}
Blockquote


(system) #6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.