New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Stack Monitoring] Verify remote cluster client role when CCS is enabled #140738
[Stack Monitoring] Verify remote cluster client role when CCS is enabled #140738
Conversation
@elasticmachine merge upstream |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Small comment, but overall an improvement. The test failure looked unrelated so I kicked off a main merge to see if that helps.
<p> | ||
<FormattedMessage | ||
id="xpack.monitoring.accessDenied.noRemoteClusterClientDescription" | ||
defaultMessage="If the setting `monitoring.ui.ccs.enabled` is set to `true`, make sure your cluster has the `remote_cluster_client` role on at least one node." |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My first thought here is "wouldn't kibana already know if monitoring.ui.ccs.enabled
is true?"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, I just got a little lazy 😊 I'll pull in the config on that page and only show this if it's true!
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Async chunks
Page load bundle
History
To update your PR or re-run it, just comment with: |
…led (elastic#140738) * [Stack Monitoring] Verify remote cluster client role when CCS is enabled (elastic#129546) * Only show UI hint if CCS is enabled Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> (cherry picked from commit f014ca4)
💔 Some backports could not be created
Note: Successful backport PRs will be merged automatically after passing CI. Manual backportTo create the backport manually run:
Questions ?Please refer to the Backport tool documentation |
…led (#140738) (#140801) * [Stack Monitoring] Verify remote cluster client role when CCS is enabled (#129546) * Only show UI hint if CCS is enabled Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> (cherry picked from commit f014ca4) Co-authored-by: Milton Hultgren <milton.hultgren@elastic.co>
This PR missed the 8.4.2 release, so I have updated the labels to reflect this. |
Fixes #129546
Summary
When visiting the Stack Monitoring app, the overview page first tries to load the clusters but if any permissions are missing you get a 403 on that request which causes the app to redirect you to the access denied page.
On this page we now display a helper text stating that you might be missing the
remote_cluster_client
role in your "local" cluster.The access denied page also tries to check with the API what might be missing and if it's been resolved every 5 seconds.
Before this PR, that API check said everything was fine so it would try to return to the overview page again only to bounce back to the access denied page.
In this PR I made the API report a 403 if the remote cluster client role is missing so there is a bit less network traffic until it's resolved.
I've also made this a specific error in the Kibana error log to make it easier to catch.
How to test
Get the changes:
git fetch git@github.com:miltonhultgren/kibana.git 129546-sm-ccs-roles:129546-sm-ccs-roles && git switch 129546-sm-ccs-roles
elasticsearch.yml
of the cluster which the "local" and add this line:node.roles: [master, data, data_content, data_hot, data_warm, data_cold, data_frozen, ingest, ml, transform]
(note that the roleremote_cluster_client
is missing from this list)