Problems with role based access: x_content_parse_exception

Hi guys,
I'm facing a strange problem with role based access control. Here is my use case:

INDEX DEFINITION

{
"invoices_status" : {
"aliases" : { },
"mappings" : {
"status" : {
"properties" : {
"company" : {
"type" : "text"
},
"error_type" : {
"type" : "text"
},
"invoice_id" : {
"type" : "text"
}
}
}
},
"settings" : {
"index" : {
"creation_date" : "1536588960795",
"number_of_shards" : "5",
"number_of_replicas" : "1",
"uuid" : "ocN_Tl79SOqW6U7x3X8ONA",
"version" : {
"created" : "6040099"
},
"provided_name" : "invoices_status"
}
}
}
}

BRIEF LIST OF INSERTED DOCUMENTS

  • company: company_1 invoice_id: company_1_22222 error_type: business _id: 2 _type: status _index: invoices_status _score: 1
  • company: company_1 invoice_id: company_1_44444 error_type: technical _id: 4 _type: status _index: invoices_status _score: 1
  • company: company_1 invoice_id: company_1_22222 error_type: business _id: 1 _type: status _index: invoices_status _score: 1
  • company: company_2 invoice_id: company_2_33333 error_type: business _id: 3 _type: status _index: invoices_status _score: 1

ROLE DEFINITION
curl --user elastic:elastic -X GET "localhost:9200/_xpack/security/role/bus_company1_invoice_status?pretty"
{
"bus_company1_invoice_status" : {
"cluster" : [ ],
"indices" : [
{
"names" : [
"invoices_status"
],
"privileges" : [
"all"
],
"field_security" : {
"grant" : [
""
]
},
"query" : ""must": [{"match": {"company": "company_1"}},{"match": {"error_type": "business"}}]"
}
],
"applications" : [
{
"application" : "kibana-.kibana",
"privileges" : [
"all"
],
"resources" : [
"
"
]
}
],
"run_as" : [ ],
"metadata" : { },
"transient_metadata" : {
"enabled" : true
}
}
}

EXPECTED BEHAVIOUR

I expect that when I query for all documents using a bus_company1_invoice_status user, only documents that have company: company_1 and error_type: business will be returned. So, basically, only the following:

  • _id: 1
  • _id: 2

The query definition works fine:

curl --user elastic:elastic -X GET "localhost:9200/invoices_status/status/_search" -H 'Content-Type: application/json' -d'
{
"query": {
"bool": {
"must": [
{ "match": { "company": "company_1" }},
{ "match": { "error_type": "business" }}
]
}
}
}
'

{"took":3,"timed_out":false,"_shards":{"total":5,"successful":5,"skipped":0,"failed":0},"hits":{"total":2,"max_score":0.87546873,"hits":[{"_index":"invoices_status","_type":"status","_id":"2","_score":0.87546873,"_source":
{
"company": "company_1",
"invoice_id": "company_1_22222",
"error_type": "business"
}
},{"_index":"invoices_status","_type":"status","_id":"1","_score":0.5753642,"_source":
{
"company": "company_1",
"invoice_id": "company_1_22222",
"error_type": "business"
}
}]}}[

ACTUAL BEHAVIOUR

curl --user bus_company1_invoice_status:****** -XGET 'localhost:9200/invoices_status/_search?pretty' -H 'Content-Type: application/json' -d'
{
"size": 10000,
"query": {
"match_all": {}
}
}

{
"error" : {
"root_cause" : [
{
"type" : "x_content_parse_exception",
"reason" : "Failed to derive xcontent"
}
],
"type" : "search_phase_execution_exception",
"reason" : "all shards failed",
"phase" : "query",
"grouped" : true,
"failed_shards" : [
{
"shard" : 0,
"index" : "invoices_status",
"node" : "V7dQrUk-RhO_GgWpZ5H8zw",
"reason" : {
"type" : "x_content_parse_exception",
"reason" : "Failed to derive xcontent"
}
}
],
"caused_by" : {
"type" : "x_content_parse_exception",
"reason" : "Failed to derive xcontent",
"caused_by" : {
"type" : "x_content_parse_exception",
"reason" : "Failed to derive xcontent"
}
}
},
"status" : 400
}

'

Instead, documents are returned correctly if the search is done using the "elastic" user. What's wrong in it?
Thanks,

Andrea

There seems to be an issue with the query definition here. Please try with

"query" : "{\"must\": [{\"match\": {\"company\": \"company_1\"}},{\"match\": {\"error_type\": \"business\"}}]}"

Thank you for your suggestion. Basically you added a pair of braces, but it seems not to work. Here it is exception detail provided by Kibana gui

Error: Request to Elasticsearch failed: {"error":{"root_cause":[{"type":"x_content_parse_exception","reason":"Failed to derive xcontent"}],"type":"search_phase_execution_exception","reason":"all shards failed","phase":"query","grouped":true,"failed_shards":[{"shard":0,"index":"invoices_status","node":"V7dQrUk-RhO_GgWpZ5H8zw","reason":{"type":"x_content_parse_exception","reason":"Failed to derive xcontent"}}],"caused_by":{"type":"x_content_parse_exception","reason":"Failed to derive xcontent","caused_by":{"type":"x_content_parse_exception","reason":"Failed to derive xcontent"}}},"status":400}
KbnError@http://localhost:5601/bundles/commons.bundle.js:3:8333
RequestFailure@http://localhost:5601/bundles/commons.bundle.js:3:8736
callResponseHandlers/<@http://localhost:5601/bundles/commons.bundle.js:3:1094604
Promise.try@http://localhost:5601/bundles/commons.bundle.js:3:807109
Promise.map/<@http://localhost:5601/bundles/commons.bundle.js:3:806472
Promise.map@http://localhost:5601/bundles/commons.bundle.js:3:806437
callResponseHandlers@http://localhost:5601/bundles/commons.bundle.js:3:1093955
fetchSearchResults/<@http://localhost:5601/bundles/commons.bundle.js:3:1079928
processQueue@http://localhost:5601/bundles/vendors.bundle.js:197:199684
scheduleProcessQueue/<@http://localhost:5601/bundles/vendors.bundle.js:197:200647
$RootScopeProvider/this.$get</Scope.prototype.$digest@http://localhost:5601/bundles/vendors.bundle.js:197:210409
$RootScopeProvider/this.$get</Scope.prototype.$evalAsync/<@http://localhost:5601/bundles/vendors.bundle.js:197:212930
completeOutstandingRequest@http://localhost:5601/bundles/vendors.bundle.js:197:64421
Browser/self.defer/timeoutId<@http://localhost:5601/bundles/vendors.bundle.js:197:67265 Blockquote

No, I escaped all internal double-quotes " with a backslash \

"query" : "{\"must\": [{\"match\": {\"company\": \"company_1\"}},{\"match\": {\"error_type\": \"business\"}}]}"

See our documentation also for further examples : Defining roles | Elastic Stack Overview [7.4] | Elastic

Found the error, this is the right role definition and it works fine! Thank you for your help!

curl --user elastic:elastic -X GET "localhost:9200/_xpack/security/role/bus_company1_invoice_status?pretty"
{
"bus_company1_invoice_status" : {
"cluster" : ,
"indices" : [
{
"names" : [
"invoices_status"
],
"privileges" : [
"all"
],
"field_security" : {
"grant" : [
""
]
},
"query" : "{"bool": {"must": [{"match": {"company": "company_1"}},{"match": {"error_type": "business"}}]}}"
}
],
"applications" : [
{
"application" : "kibana-.kibana",
"privileges" : [
"all"
],
"resources" : [
"
"
]
}
],
"run_as" : ,
"metadata" : { },
"transient_metadata" : {
"enabled" : true
}
}
}
Blockquote

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.