New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Stack Monitoring] Missing remote_cluster_client role is reported as "access denied" #129546
Comments
Pinging @elastic/infra-monitoring-ui (Team:Infra Monitoring UI) |
I tried a user with |
@liza-mae check if the ES nodes have |
@matschaffer - I have replicated this issue, but even with monitoring.ui.ccs.enabled: false, I was unable to access Stack Monitoring without the remote_cluster_client role assigned to my cluster nodes (2 x nodes) This is a new build of 8.2.1. |
Thanks @bar0n36 Can you provide more details about your test environment? ESTF or ESS? Just regular downloads to a laptop? cluster roles, possibly an ES diagnostic, etc |
…led (elastic#140738) * [Stack Monitoring] Verify remote cluster client role when CCS is enabled (elastic#129546) * Only show UI hint if CCS is enabled Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> (cherry picked from commit f014ca4)
…led (#140738) (#140801) * [Stack Monitoring] Verify remote cluster client role when CCS is enabled (#129546) * Only show UI hint if CCS is enabled Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> (cherry picked from commit f014ca4) Co-authored-by: Milton Hultgren <milton.hultgren@elastic.co>
This was originally reported as #125756 to which #120384 will provide a workaround, but the error case is still quite confusing.
When attempting to load Stack Monitoring UI with
monitoring.ui.ccs.enabled: true
(the current default and proposed ongoing default in #120384) but missing theremote_cluster_client
role, the user will get this error message:Which says nothing about what needs to be done to resolve the error (either disable css or add the
remote_cluster_client
node role).We should update the error handling in our access check to make the error clearer for both the end user, and ourselves fielding support or forum issues like these:
The text was updated successfully, but these errors were encountered: