Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failing ES Promotion: apis Kerberos security Kerberos authentication finishing SPNEGO should properly set cookie and authenticate user #68720

Closed
tylersmalley opened this issue Jun 9, 2020 · 6 comments
Closed

Failing ES Promotion: apis Kerberos security Kerberos authentication finishing SPNEGO should properly set cookie and authenticate user #68720

tylersmalley opened this issue Jun 9, 2020 · 6 comments
Labels
failed-es-promotion Feature:Security/Authentication Platform Security - Authentication skipped-test Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!

Comments

@tylersmalley
Copy link
Contributor

This failure is preventing the promotion of the current Elasticsearch nightly snapshot.

master/8.0: https://kibana-ci.elastic.co/job/elasticsearch+snapshots+verify/875/execution/node/407/log/?consoleFull

For more information on the Elasticsearch snapshot promotion process: https://www.elastic.co/guide/en/kibana/master/development-es-snapshots.html

Related to #68624

13:50:32    1) apis Kerberos
13:50:32         security
13:50:32           Kerberos authentication
13:50:32             finishing SPNEGO
13:50:32               should properly set cookie and authenticate user:
13:50:32  
13:50:32        Error: expected { username: 'tester@TEST.ELASTIC.CO',
13:50:32    roles: [ 'kibana_admin', 'superuser_anonymous' ],
13:50:32    full_name: null,
13:50:32    email: null,
13:50:32    metadata:
13:50:32     { kerberos_user_principal_name: 'tester@TEST.ELASTIC.CO',
13:50:32       kerberos_realm: 'TEST.ELASTIC.CO' },
13:50:32    enabled: true,
13:50:32    authentication_realm: { name: 'kerb1', type: 'kerberos' },
13:50:32    lookup_realm: { name: 'kerb1', type: 'kerberos' },
13:50:32    authentication_provider: 'kerberos' } response body, got { username: 'tester@TEST.ELASTIC.CO',
13:50:32    roles: [ 'kibana_admin' ],
13:50:32    full_name: null,
13:50:32    email: null,
13:50:32    metadata:
13:50:32     { kerberos_user_principal_name: 'tester@TEST.ELASTIC.CO',
13:50:32       kerberos_realm: 'TEST.ELASTIC.CO' },
13:50:32    enabled: true,
13:50:32    authentication_realm: { name: 'kerb1', type: 'kerberos' },
13:50:32    lookup_realm: { name: 'kerb1', type: 'kerberos' },
13:50:32    authentication_provider: 'kerberos' }
13:50:32        + expected - actual
13:50:32  
13:50:32             "kerberos_user_principal_name": "tester@TEST.ELASTIC.CO"
13:50:32           }
13:50:32           "roles": [
13:50:32             "kibana_admin"
13:50:32        +    "superuser_anonymous"
13:50:32           ]
13:50:32           "username": "tester@TEST.ELASTIC.CO"
13:50:32         }
13:50:32        
13:50:32        at error (/dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:301:13)
13:50:32        at Test._assertBody (/dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:205:14)
13:50:32        at Test._assertFunction (/dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:283:11)
13:50:32        at Test.assert (/dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:173:18)
13:50:32        at assert (/dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:131:12)
13:50:32        at /dev/shm/workspace/kibana/node_modules/supertest/lib/test.js:128:5
13:50:32        at Test.Request.callback (/dev/shm/workspace/kibana/node_modules/superagent/lib/node/index.js:706:12)
13:50:32        at parser (/dev/shm/workspace/kibana/node_modules/superagent/lib/node/index.js:906:18)
13:50:32        at IncomingMessage.res.on (/dev/shm/workspace/kibana/node_modules/superagent/lib/node/parsers/json.js:19:7)
13:50:32        at endReadableNT (_stream_readable.js:1145:12)
13:50:32        at process._tickCallback (internal/process/next_tick.js:63:19)
13:50:32  
13:50:32                   └- ✖ fail: "apis Kerberos security Kerberos authentication finishing SPNEGO should properly set cookie and authenticate user"
@tylersmalley tylersmalley added Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! Feature:Security/Authentication Platform Security - Authentication failed-es-promotion labels Jun 9, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security (Team:Security)

tylersmalley pushed a commit that referenced this issue Jun 10, 2020
[skip test] apis Kerberos security Kerberos authentication finishing …
d00e91a 
…SPNEGO should properly set cookie and authenticate user

#68720

Signed-off-by: Tyler Smalley <tyler.smalley@elastic.co>
@tylersmalley
Copy link
Contributor Author

tylersmalley commented Jun 10, 2020
edited
Loading

Skipped:

master/8.0: d00e91a

I only skipped this in master as 7.x/7.9 was promoted successfully.

@azasypkin
Copy link
Member

azasypkin commented Jun 10, 2020
edited
Loading

I only skipped this in master as 7.x/7.9 was promoted successfully.

Yep, that's expected, ES revert was just merged into 7.x.

I'll go ahead and skip this test in 7.x/7.8.0 for now in #68738.

@azasypkin azasypkin mentioned this issue Jun 10, 2020
Closed
tylersmalley pushed a commit that referenced this issue Jun 10, 2020
[skip test] apis Kerberos security Kerberos authentication finishing …
79cef11 
…SPNEGO should properly set cookie and authenticate user

#68720

Signed-off-by: Tyler Smalley <tyler.smalley@elastic.co>
tylersmalley pushed a commit that referenced this issue Jun 10, 2020
[skip test] apis Kerberos security Kerberos authentication finishing …
07f801e 
…SPNEGO should properly set cookie and authenticate user

#68720

Signed-off-by: Tyler Smalley <tyler.smalley@elastic.co>
@tylersmalley
Copy link
Contributor Author

@azasypkin, I realized it also had failed the 7.8 promotion. So I went ahead and cherry picked them into both of those branches as well.

7.x/7.9: 79cef11
7.8: 07f801e

@azasypkin
Copy link
Member

👍 thanks, will re-enable them once snapshots are promoted.

@azasypkin azasypkin mentioned this issue Jun 11, 2020
Closed
@azasypkin
Copy link
Member

I think we finally sorted this out and test is now enabled on all required branches (via #69123 and #68624): master/7.x/7.8.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
failed-es-promotion Feature:Security/Authentication Platform Security - Authentication skipped-test Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tylersmalley @azasypkin @elasticmachine