Setting xpack.telemetry.enabled to false prevents access to roles ui

If I disable the xpack.telemetry.enabled setting I can't create or edit roles in the kibana ui.
The /app/kibana#/management/security/roles site is accessable,
but /app/kibana#/management/security/roles/edit is not.

Tested with Version 7.3.0 on Windows 10.

No Warning or Error logs.

Elasticsearch's roles API works fine.

Steps:
Download and extract es and kibana zips.
elasticsearch.yml:
xpack.security.enabled: true
Start es
elasticsearch-setup-passwords auto
kibana.yml:
elasticsearch.username: "kibana"
elasticsearch.password: "ThePwd"
xpack.telemetry.enabled: false
Start kibana
Login -> Management -> Roles
Click on "Create Role" -> Nothing happens

Hi

I shall try this setting on my local environment and get back to you. Meanwhile what do the Kibana logs say ? Can you set logging.verbose: true in Kibana.yml Setting this value to true logs all events, including system usage information and all requests.

Thanks
Rashmi

I tried the same config settings with Telemetry disabled on 7.3.0 on my mac, and users and roles work just fine without Telemetry.
Can we get more information?
Browser Console errors, Kibana logs, screenshots would help.

Thanks
Rashmi

@rashmi Thx for the quick reply. :grinning:

Nothing special in the screenshots...
The Error/Info in the console persist across all pages.
Tried it with chrome and firefox.. same result.
It also happens on another machine of mine with a ... "bigger" configuration.

Screenshot before clicking on "Create Role":

Screenshot after clicking on "Create Role":

The browser console text says:
kibana#/home?_g=():372 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'nonce-b5qHXrSTHq59PM2x'". Either the 'unsafe-inline' keyword, a hash ('sha256-SHHSeLc0bp6xt4BoVVyUy+3IbVqp3ujLaR+s+kSP5UI='), or a nonce ('nonce-...') is required to enable inline execution.

bootstrap.js:10 ^ A single error about an inline script not firing due to content security policy is expected!

vendors.bundle.dll.js:600 INFO: 2019-08-13T08:16:09Z Adding connection to http://localhost:5601/elasticsearch

Verbose Level:
vendors.bundle.dll.js:493 [Violation] 'setTimeout' handler took 142ms vendors.bundle.dll.js:499 [Violation] 'load' handler took 152ms vendors.bundle.dll.js:499 [Violation] 'load' handler took 220ms

The verbose kibana output while clicking on "Roles" and then on "Create Role":
ops [08:33:09.663] memory: 213.7MB uptime: 0:19:59 load: [0.00 0.00 0.00] delay: 0.098
log [08:33:09.815] [debug][plugin] Checking Elasticsearch version
log [08:33:11.737] [debug][kibana-monitoring][monitoring] Received Kibana Ops event data
log [08:33:11.738] [debug][kibana-monitoring][monitoring] Received Kibana Ops event data
log [08:33:11.739] [debug][basic][security] Trying to authenticate user request to /api/security/v1/me.
log [08:33:11.740] [debug][basic][security] Trying to authenticate via login attempt.
log [08:33:11.740] [debug][basic][security] Username and password not found in payload.
log [08:33:11.740] [debug][basic][security] Trying to authenticate via header.
log [08:33:11.741] [debug][basic][security] Authorization header is not presented.
log [08:33:11.741] [debug][basic][security] Trying to authenticate via state.
log [08:33:11.743] [debug][basic][security] Request has been authenticated via state.
respons [08:33:11.738] GET /api/security/v1/me 200 14ms - 9.0B
log [08:33:12.011] [debug][basic][security] Trying to authenticate user request to /api/security/role.
log [08:33:12.011] [debug][basic][security] Trying to authenticate via login attempt.
log [08:33:12.011] [debug][basic][security] Username and password not found in payload.
log [08:33:12.012] [debug][basic][security] Trying to authenticate via header.
log [08:33:12.012] [debug][basic][security] Authorization header is not presented.
log [08:33:12.013] [debug][basic][security] Trying to authenticate via state.
log [08:33:12.033] [debug][basic][security] Request has been authenticated via state.
respons [08:33:12.010] GET /api/security/role 200 35ms - 9.0B
log [08:33:12.326] [debug][plugin] Checking Elasticsearch version
log [08:33:13.142] [debug][kibana-monitoring][monitoring] Received Kibana Ops event data
log [08:33:13.143] [debug][kibana-monitoring][monitoring] Received Kibana Ops event data
log [08:33:13.372] [debug][basic][security] Trying to authenticate user request to /api/security/v1/users.
log [08:33:13.373] [debug][basic][security] Trying to authenticate via login attempt.
log [08:33:13.373] [debug][basic][security] Username and password not found in payload.
log [08:33:13.374] [debug][basic][security] Trying to authenticate via header.
log [08:33:13.375] [debug][basic][security] Authorization header is not presented.
log [08:33:13.375] [debug][basic][security] Trying to authenticate via state.
log [08:33:13.377] [debug][basic][security] Request has been authenticated via state.
respons [08:33:13.371] GET /api/security/v1/users 200 21ms - 9.0B
log [08:33:13.396] [debug][basic][security] Trying to authenticate user request to /api/security/v1/me.
log [08:33:13.398] [debug][basic][security] Trying to authenticate via login attempt.
log [08:33:13.399] [debug][basic][security] Username and password not found in payload.
log [08:33:13.399] [debug][basic][security] Trying to authenticate via header.
log [08:33:13.400] [debug][basic][security] Authorization header is not presented.
log [08:33:13.400] [debug][basic][security] Trying to authenticate via state.
log [08:33:13.402] [debug][basic][security] Request has been authenticated via state.
respons [08:33:13.395] GET /api/security/v1/me 200 15ms - 9.0B
log [08:33:13.414] [debug][basic][security] Trying to authenticate user request to /api/saved_objects/_find?type=index-pattern&per_page=10000.
log [08:33:13.415] [debug][basic][security] Trying to authenticate via login attempt.
log [08:33:13.416] [debug][basic][security] Username and password not found in payload.
log [08:33:13.417] [debug][basic][security] Trying to authenticate via header.
log [08:33:13.417] [debug][basic][security] Authorization header is not presented.
log [08:33:13.418] [debug][basic][security] Trying to authenticate via state.
log [08:33:13.420] [debug][basic][security] Request has been authenticated via state.
respons [08:33:13.412] GET /api/saved_objects/_find?type=index-pattern&per_page=10000&page=1&default_search_operator=OR 200 27ms - 9.0B
log [08:33:13.442] [debug][basic][security] Trying to authenticate user request to /api/security/privileges?includeActions=true.
log [08:33:13.443] [debug][basic][security] Trying to authenticate via login attempt.
log [08:33:13.443] [debug][basic][security] Username and password not found in payload.
log [08:33:13.444] [debug][basic][security] Trying to authenticate via header.
log [08:33:13.444] [debug][basic][security] Authorization header is not presented.
log [08:33:13.444] [debug][basic][security] Trying to authenticate via state.
log [08:33:13.449] [debug][basic][security] Request has been authenticated via state.
respons [08:33:13.441] GET /api/security/privileges?includeActions=true 200 35ms - 9.0B
log [08:33:13.506] [debug][basic][security] Trying to authenticate user request to /api/features/v1.
log [08:33:13.508] [debug][basic][security] Trying to authenticate via login attempt.
log [08:33:13.508] [debug][basic][security] Username and password not found in payload.
log [08:33:13.518] [debug][basic][security] Trying to authenticate via header.
log [08:33:13.520] [debug][basic][security] Authorization header is not presented.
log [08:33:13.537] [debug][basic][security] Trying to authenticate via state.
log [08:33:13.548] [debug][basic][security] Request has been authenticated via state.
respons [08:33:13.493] [access:features] GET /api/features/v1 200 108ms - 9.0B
ops [08:33:14.661] memory: 196.7MB uptime: 0:20:04 load: [0.00 0.00 0.00] delay: 0.097
log [08:33:14.828] [debug][plugin] Checking Elasticsearch version

Seems interesting, can you please get a HAR file of the operation ?
https://confluence.atlassian.com/kb/generating-har-files-and-analyzing-web-requests-720420612.html

cc @Brandon_Kobel
Thanks
Rashmi

Able to replicate on 7.3 and master by Brandon. @Philos - its a bug. Can you please file it https://github.com/elastic/kibana/issues/new?template=Bug_report.md

Never mind, I already filed it: https://github.com/elastic/kibana/issues/43208 our team will look into it.

Thank you
Rashmi

1 Like