Cannot access security settings on 2.17.0

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):

Opensearch v 2.17.0
Chrome Version 135.0.7049.115

Describe the issue:
I can’t access the security settings from the frontend, I’m wanting to add a new user and update roles but it just shows a blank screen. In the browser console I see these errors:

Refused to execute inline script because it violates the following Content Security Policy directive: “script-src ‘unsafe-eval’ ‘self’”. Either the ‘unsafe-inline’ keyword, a hash (‘THE_HASH_REMOVED’), or a nonce (‘nonce-…’) is required to enable inline execution.
Understand this error
bootstrap.js:37 ^ A single error about an inline script not firing due to content security policy is expected!
core.entry.js:15 TypeError: Cannot read properties of undefined (reading ‘call’)
at webpack_require (securityDashboards.plugin.js:1:927)
at async mount (securityDashboards.plugin.js:15:1459493)
at async mount (core.entry.js:15:199016)
mount @ core.entry.js:15Understand this error
core.entry.js:15 TypeError: renderApp is not a function
at mount (securityDashboards.plugin.js:15:1459900)
at async mount (core.entry.js:15:199016)

Configuration:

I’m running this from AWS with a t3.medium.

Relevant Logs or Screenshots:

1 Like

@zeedinstein Could you share the output of the following command?

curl --insecure -u <username>:<password> -XGET https://<OpenSearch_node_IP_or_FQDN>:9200/_plugins/_security/authinfo?pretty

Also please check the below option in your opensearch.yml file. This controls access to security config. All roles in that array will have access to the security plugin configuration.

plugins.security.restapi.roles_enabled: [all_access, security_rest_api_access]
2 Likes