[ML] Fixing error when checking privileges for user with no ml_user r…

…ole (elastic#31429) (elastic#31437)
flash1293 · Feb 19, 2019 · 02d6b59 · 02d6b59
1 parent 49ceb63
commit 02d6b59
Showing 1 changed file with 17 additions and 4 deletions.
diff --git a/x-pack/plugins/ml/server/routes/system.js b/x-pack/plugins/ml/server/routes/system.js
@@ -8,6 +8,7 @@
 
 import { callWithRequestFactory } from '../client/call_with_request_factory';
 import { callWithInternalUserFactory } from '../client/call_with_internal_user_factory';
+import { mlLog } from '../client/log';
 
 import { wrapError } from '../client/errors';
 import Boom from 'boom';
@@ -43,10 +44,22 @@ export function systemRoutes(server, commonRouteConfig) {
     async handler(request) {
       const callWithRequest = callWithRequestFactory(server, request);
       try {
-        const info = await callWithRequest('ml.info');
-        // if ml indices are currently being migrated, upgrade_mode will be set to true
-        // pass this back with the privileges to allow for the disabling of UI controls.
-        const upgradeInProgress = (info.upgrade_mode === true);
+        let upgradeInProgress = false;
+        try {
+          const info = await callWithRequest('ml.info');
+          // if ml indices are currently being migrated, upgrade_mode will be set to true
+          // pass this back with the privileges to allow for the disabling of UI controls.
+          upgradeInProgress = (info.upgrade_mode === true);
+        } catch (error) {
+          // if the ml.info check fails, it could be due to the user having insufficient privileges
+          // most likely they do not have the ml_user role and therefore will be blocked from using
+          // ML at all. However, we need to catch this error so the privilege check doesn't fail.
+          if (error.status === 403) {
+            mlLog('info', 'Unable to determine whether upgrade is being performed due to insufficient user privileges');
+          } else {
+            mlLog('warning', 'Unable to determine whether upgrade is being performed');
+          }
+        }
 
         // isSecurityDisabled will return true if it is a basic license
         // this will cause the subsequent ml.privilegeCheck to fail.