Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] Username containing pipe character (|) causes permission check failure in OpenSearch Dashboards report generation #1045

Open
arshiamoghimi opened this issue Oct 28, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@arshiamoghimi
Copy link

What is the bug?
Pipe character (|) in the username causes the existing reports to not show up and attempting to generate a new report will fail with the error: "Insufficient permissions. Reach out to your OpenSearch Dashboards administrator", despite having the sufficient permission.

Here is the error log:

{"type":"log","@timestamp":"2024-10-28T04:54:51Z","tags":["error","plugins","reportsDashboards"],"pid":7,"message":"Failed to create report definition: [status_exception] Permission denied for ObservabilityObject creation :: {\"path\":\"/_plugins/_reports/definition\",\"query\":{},\"body\":\"{\\\"reportDefinition\\\":{\\\"name\\\":\\\"test\\\",\\\"isEnabled\\\":true,\\\"source\\\":{\\\"description\\\":\\\"\\\",\\\"type\\\":\\\"Visualization\\\",\\\"id\\\":\\\"884e77f0-3b49-11ef-a023-41d21826da8f\\\",\\\"origin\\\":\\\"http://0.0.0.0:5601/_dashboards\\\"},\\\"format\\\":{\\\"duration\\\":\\\"PT30M\\\",\\\"fileFormat\\\":\\\"Pdf\\\"},\\\"trigger\\\":{\\\"triggerType\\\":\\\"OnDemand\\\"},\\\"delivery\\\":{\\\"configIds\\\":[],\\\"title\\\":\\\"\\\",\\\"textDescription\\\":\\\"\\\",\\\"htmlDescription\\\":\\\"\\\"}}}\",\"statusCode\":403,\"response\":\"{\\\"error\\\":{\\\"root_cause\\\":[{\\\"type\\\":\\\"status_exception\\\",\\\"reason\\\":\\\"Permission denied for ObservabilityObject creation\\\"}],\\\"type\\\":\\\"status_exception\\\",\\\"reason\\\":\\\"Permission denied for ObservabilityObject creation\\\"},\\\"status\\\":403}\"}"}

How can one reproduce the bug?
Steps to reproduce the behavior:

  1. Create an internal user that has the | character. e.g. test|test
  2. Map the necessary roles (I assigned all_access)
  3. Go to the reports dashboard (/_dashboards/app/reports-dashboards#/)
  4. The list of reports will be empty and attempting to generate a new report will fail

What is the expected behavior?
The list of reports show the available reports and generating reports actually generate reports

What is your host/environment?

  • Version 2.15.0
  • Tested on both a self-hosted opensearch dashboards and an AWS-hosted opensearch dashboards.

Do you have any screenshots?

  1. List of reports for any normal user:
image 2. List of reports for the `test|test` user: image 3. Error when creating a new report with the `test|test` user: ![image](https://github.com/user-attachments/assets/b804f896-931a-4f6d-a707-d169cb64eabf)
@arshiamoghimi arshiamoghimi added bug Something isn't working untriaged labels Oct 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants