Плагин Kibana Canvas не работает с SearchGuard

Question

Я установил стек ELK с версией 6.3.0, а также установил плагин Canvas в Kibana. Но, похоже, это не работает, потому что есть проблемы с аутентификацией, когда Canvas создает запрос к Elasticsearch. Я использую SearchGuard для аутентификации вместо безопасности X-Pack.

Ниже мои детали установки:

1. Elasticsearch
    Version: 6.3.0
    Plugins: - search-guard-6

2. Kibana
    Version: 6.3.0
    Plugins: - canvas@0.1.2015
             - searchguard@6.3.0-13

А вот вывод журнала kibana:

common/interpret esdocs: invokeChain rejected { Authentication Exception :: {"path":"/memberbebe/_search","query":{},"body":"{\"_source\":[],\"query\":{\"bool\":{\"must\":[{\"query_string\":{\"query\":\"-_index:.kibana\"}}]}},\"size\":100}","statusCode":401,"response":"Unauthorized","wwwAuthenticateDirective":"Basic realm=\"Search Guard\""}
    at respond (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:307:15)
    at checkRespForFailure (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:266:7)
    at HttpConnector.<anonymous> (/usr/share/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:159:7)
    at IncomingMessage.bound (/usr/share/kibana/node_modules/elasticsearch/node_modules/lodash/dist/lodash.js:729:21)
    at emitNone (events.js:111:20)
    at IncomingMessage.emit (events.js:208:7)
    at endReadableNT (_stream_readable.js:1064:12)
    at _combinedTickCallback (internal/process/next_tick.js:138:11)
    at process._tickDomainCallback (internal/process/next_tick.js:218:9)
  status: 401,
  displayName: 'AuthenticationException',
  message: 'Authentication Exception',
  path: '/memberbebe/_search',
  query: {},
  body: 'Unauthorized',
  statusCode: 401,
  response: 'Unauthorized',
  wwwAuthenticateDirective: 'Basic realm="Search Guard"',
  toString: [Function],
  toJSON: [Function],
  isBoom: true,
  isServer: false,
  data: null,
  output: 
   { statusCode: 401,
     payload: 
      { statusCode: 401,
        error: 'Unauthorized',
        message: 'Authentication Exception' },
     headers: { 'WWW-Authenticate': 'Basic realm="Authorization Required"' } },
  reformat: [Function] }
common/interpret esdocs: invokeChain rejected { Authentication Exception :: {"path":"/memberbebe/_search","query":{},"body":"{\"_source\":[],\"query\":{\"bool\":{\"must\":[{\"query_string\":{\"query\":\"-_index:.kibana\"}}]}},\"size\":100}","statusCode":401,"response":"Unauthorized","wwwAuthenticateDirective":"Basic realm=\"Search Guard\""}
    at respond (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:307:15)
    at checkRespForFailure (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:266:7)
    at HttpConnector.<anonymous> (/usr/share/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:159:7)
    at IncomingMessage.bound (/usr/share/kibana/node_modules/elasticsearch/node_modules/lodash/dist/lodash.js:729:21)
    at emitNone (events.js:111:20)
    at IncomingMessage.emit (events.js:208:7)
    at endReadableNT (_stream_readable.js:1064:12)
    at _combinedTickCallback (internal/process/next_tick.js:138:11)
    at process._tickDomainCallback (internal/process/next_tick.js:218:9)
  status: 401,
  displayName: 'AuthenticationException',
  message: 'Authentication Exception',
  path: '/memberbebe/_search',
  query: {},
  body: 'Unauthorized',
  statusCode: 401,
  response: 'Unauthorized',
  wwwAuthenticateDirective: 'Basic realm="Search Guard"',
  toString: [Function],
  toJSON: [Function],
  isBoom: true,
  isServer: false,
  data: null,
  output: 
   { statusCode: 401,
     payload: 
      { statusCode: 401,
        error: 'Unauthorized',
        message: 'Authentication Exception' },
     headers: { 'WWW-Authenticate': 'Basic realm="Authorization Required"' } },
  reformat: [Function] }
common/interpret esdocs: invokeChain rejected { Authentication Exception :: {"path":"/memberbebe/_search","query":{},"body":"{\"_source\":[],\"query\":{\"bool\":{\"must\":[{\"query_string\":{\"query\":\"-_index:.kibana\"}}]}},\"size\":100}","statusCode":401,"response":"Unauthorized","wwwAuthenticateDirective":"Basic realm=\"Search Guard\""}
    at respond (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:307:15)
    at checkRespForFailure (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:266:7)
    at HttpConnector.<anonymous> (/usr/share/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:159:7)
    at IncomingMessage.bound (/usr/share/kibana/node_modules/elasticsearch/node_modules/lodash/dist/lodash.js:729:21)
    at emitNone (events.js:111:20)
    at IncomingMessage.emit (events.js:208:7)
    at endReadableNT (_stream_readable.js:1064:12)
    at _combinedTickCallback (internal/process/next_tick.js:138:11)
    at process._tickDomainCallback (internal/process/next_tick.js:218:9)
  status: 401,
  displayName: 'AuthenticationException',
  message: 'Authentication Exception',
  path: '/memberbebe/_search',
  query: {},
  body: 'Unauthorized',
  statusCode: 401,
  response: 'Unauthorized',
  wwwAuthenticateDirective: 'Basic realm="Search Guard"',
  toString: [Function],
  toJSON: [Function],
  isBoom: true,
  isServer: false,
  data: null,
  output: 
   { statusCode: 401,
     payload: 
      { statusCode: 401,
        error: 'Unauthorized',
        message: 'Authentication Exception' },
     headers: { 'WWW-Authenticate': 'Basic realm="Authorization Required"' } },
  reformat: [Function] }
common/interpret esdocs: invokeChain rejected { Authentication Exception :: {"path":"/memberbebe/_search","query":{},"body":"{\"_source\":[],\"query\":{\"bool\":{\"must\":[{\"query_string\":{\"query\":\"-_index:.kibana\"}}]}},\"size\":100}","statusCode":401,"response":"Unauthorized","wwwAuthenticateDirective":"Basic realm=\"Search Guard\""}
    at respond (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:307:15)
    at checkRespForFailure (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:266:7)
    at HttpConnector.<anonymous> (/usr/share/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:159:7)
    at IncomingMessage.bound (/usr/share/kibana/node_modules/elasticsearch/node_modules/lodash/dist/lodash.js:729:21)
    at emitNone (events.js:111:20)
    at IncomingMessage.emit (events.js:208:7)
    at endReadableNT (_stream_readable.js:1064:12)
    at _combinedTickCallback (internal/process/next_tick.js:138:11)
    at process._tickDomainCallback (internal/process/next_tick.js:218:9)
  status: 401,
  displayName: 'AuthenticationException',
  message: 'Authentication Exception',
  path: '/memberbebe/_search',
  query: {},
  body: 'Unauthorized',
  statusCode: 401,
  response: 'Unauthorized',
  wwwAuthenticateDirective: 'Basic realm="Search Guard"',
  toString: [Function],
  toJSON: [Function],
  isBoom: true,
  isServer: false,
  data: null,
  output: 
   { statusCode: 401,
     payload: 
      { statusCode: 401,
        error: 'Unauthorized',
        message: 'Authentication Exception' },
     headers: { 'WWW-Authenticate': 'Basic realm="Authorization Required"' } },
  reformat: [Function] }
common/interpret esdocs: invokeChain rejected { Authentication Exception :: {"path":"/memberbebe/_search","query":{},"body":"{\"_source\":[],\"query\":{\"bool\":{\"must\":[{\"query_string\":{\"query\":\"-_index:.kibana\"}}]}},\"size\":100}","statusCode":401,"response":"Unauthorized","wwwAuthenticateDirective":"Basic realm=\"Search Guard\""}
    at respond (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:307:15)
    at checkRespForFailure (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:266:7)
    at HttpConnector.<anonymous> (/usr/share/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:159:7)
    at IncomingMessage.bound (/usr/share/kibana/node_modules/elasticsearch/node_modules/lodash/dist/lodash.js:729:21)
    at emitNone (events.js:111:20)
    at IncomingMessage.emit (events.js:208:7)
    at endReadableNT (_stream_readable.js:1064:12)
    at _combinedTickCallback (internal/process/next_tick.js:138:11)
    at process._tickDomainCallback (internal/process/next_tick.js:218:9)
  status: 401,
  displayName: 'AuthenticationException',
  message: 'Authentication Exception',
  path: '/memberbebe/_search',
  query: {},
  body: 'Unauthorized',
  statusCode: 401,
  response: 'Unauthorized',
  wwwAuthenticateDirective: 'Basic realm="Search Guard"',
  toString: [Function],
  toJSON: [Function],
  isBoom: true,
  isServer: false,
  data: null,
  output: 
   { statusCode: 401,
     payload: 
      { statusCode: 401,
        error: 'Unauthorized',
        message: 'Authentication Exception' },
     headers: { 'WWW-Authenticate': 'Basic realm="Authorization Required"' } },
  reformat: [Function] }

Как я могу решить эту проблему? Есть предложения?

Спасибо

Answer 1

Наконец-то я сам нашел временное решение этой проблемы.

Я редактирую файл / plugins / canvas / server / router / socket.js в строке 37:

if (server.plugins.security) request.headers.authorization = authHeader;

до:

request.headers.authorization = "Basic <HASHED_USER_PASS>";

is Имя пользователя SearchGuard: пароль SearchGuard , закодированный с Base64.

Я знаю, что моё решение, возможно, не лучшее решение и нуждается в улучшении, но я надеюсь, что оно может помочь другим пользователям с такой же проблемой.

Спасибо.