[ODFE] Disable java.lang.UnsupportedOperationException log

Hi everyone, as the title, is there any way I can disable that log? Since I’m granting user permission to log in to kibana and query to specific index pattern, not all index. That is why that log throws

[2021-09-14T11:20:07,899][WARN ][stderr                   ] [hostname-odfe-7-8] java.lang.UnsupportedOperationException
[2021-09-14T11:20:07,900][WARN ][stderr                   ] [hostname-odfe-7-8]        at java.base/java.util.Collections$UnmodifiableMap.put(Collections.java:1473)
[2021-09-14T11:20:07,900][WARN ][stderr                   ] [hostname-odfe-7-8]        at com.amazon.opendistroforelasticsearch.security.dlic.rest.api.PermissionsInfoAction$1.accept(PermissionsInfoAction.java:111)
[2021-09-14T11:20:07,900][WARN ][stderr                   ] [hostname-odfe-7-8]        at com.amazon.opendistroforelasticsearch.security.dlic.rest.api.PermissionsInfoAction$1.accept(PermissionsInfoAction.java:95)
[2021-09-14T11:20:07,900][WARN ][stderr                   ] [hostname-odfe-7-8]        at org.elasticsearch.rest.BaseRestHandler.handleRequest(BaseRestHandler.java:115)
[2021-09-14T11:20:07,900][WARN ][stderr                   ] [hostname-odfe-7-8]        at com.amazon.opendistroforelasticsearch.security.filter.OpenDistroSecurityRestFilter$1.handleRequest(OpenDistroSecurityRestFilter.java:116)
[2021-09-14T11:20:07,900][WARN ][stderr                   ] [hostname-odfe-7-8]        at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:236)
[2021-09-14T11:20:07,900][WARN ][stderr                   ] [hostname-odfe-7-8]        at org.elasticsearch.rest.RestController.tryAllHandlers(RestController.java:318)
[2021-09-14T11:20:07,901][WARN ][stderr                   ] [hostname-odfe-7-8]        at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:176)
[2021-09-14T11:20:07,901][WARN ][stderr                   ] [hostname-odfe-7-8]        at org.elasticsearch.http.AbstractHttpServerTransport.dispatchRequest(AbstractHttpServerTransport.java:329)
[2021-09-14T11:20:07,901][WARN ][stderr                   ] [hostname-odfe-7-8]        at org.elasticsearch.http.AbstractHttpServerTransport.handleIncomingRequest(AbstractHttpServerTransport.java:383)
[2021-09-14T11:20:07,901][WARN ][stderr                   ] [hostname-odfe-7-8]        at org.elasticsearch.http.AbstractHttpServerTransport.incomingRequest(AbstractHttpServerTransport.java:308)
[2021-09-14T11:20:07,901][WARN ][stderr                   ] [hostname-odfe-7-8]        at org.elasticsearch.http.netty4.Netty4HttpRequestHandler.channelRead0(Netty4HttpRequestHandler.java:54)
[2021-09-14T11:20:07,901][WARN ][stderr                   ] [hostname-odfe-7-8]        at org.elasticsearch.http.netty4.Netty4HttpRequestHandler.channelRead0(Netty4HttpRequestHandler.java:29)
[2021-09-14T11:20:07,901][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:99)
[2021-09-14T11:20:07,901][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
[2021-09-14T11:20:07,901][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
[2021-09-14T11:20:07,901][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
[2021-09-14T11:20:07,901][WARN ][stderr                   ] [hostname-odfe-7-8]        at org.elasticsearch.http.netty4.Netty4HttpPipeliningHandler.channelRead(Netty4HttpPipeliningHandler.java:58)
[2021-09-14T11:20:07,902][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
[2021-09-14T11:20:07,902][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
[2021-09-14T11:20:07,902][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
[2021-09-14T11:20:07,902][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103)
[2021-09-14T11:20:07,902][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.handler.codec.MessageToMessageCodec.channelRead(MessageToMessageCodec.java:111)
[2021-09-14T11:20:07,902][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
[2021-09-14T11:20:07,902][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
[2021-09-14T11:20:07,902][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
[2021-09-14T11:20:07,902][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103)
[2021-09-14T11:20:07,902][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
[2021-09-14T11:20:07,902][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
[2021-09-14T11:20:07,903][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
[2021-09-14T11:20:07,903][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:103)
[2021-09-14T11:20:07,903][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
[2021-09-14T11:20:07,903][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
[2021-09-14T11:20:07,903][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
[2021-09-14T11:20:07,903][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:324)
[2021-09-14T11:20:07,903][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:296)
[2021-09-14T11:20:07,903][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
[2021-09-14T11:20:07,903][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
[2021-09-14T11:20:07,904][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
[2021-09-14T11:20:07,904][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.handler.timeout.IdleStateHandler.channelRead(IdleStateHandler.java:286)
[2021-09-14T11:20:07,904][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
[2021-09-14T11:20:07,904][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
[2021-09-14T11:20:07,904][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
[2021-09-14T11:20:07,904][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
[2021-09-14T11:20:07,904][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
[2021-09-14T11:20:07,904][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
[2021-09-14T11:20:07,904][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
[2021-09-14T11:20:07,905][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163)
[2021-09-14T11:20:07,905][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:714)
[2021-09-14T11:20:07,905][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:615)
[2021-09-14T11:20:07,905][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:578)
[2021-09-14T11:20:07,905][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493)
[2021-09-14T11:20:07,905][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989)
[2021-09-14T11:20:07,905][WARN ][stderr                   ] [hostname-odfe-7-8]        at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
[2021-09-14T11:20:07,905][WARN ][stderr                   ] [hostname-odfe-7-8]        at java.base/java.lang.Thread.run(Thread.java:832)

Also, I’m doing monitor is check if a line with text WARN appears, It will notify me. But these throws make that check wrong.

@BlackMetalz
Can you provide your configs? (in particular config.yaml and roles.yaml)
Also which version of odfe are you using?

Hi, thanks for reply. I’m using ODFE 7.8

Here is content of config.yaml

---
_meta:
  type: "config"
  config_version: 2
config:
  dynamic:
    http:
      anonymous_auth_enabled: false
      xff:
        enabled: false
        internalProxies: "192\\.168\\.0\\.10|192\\.168\\.0\\.11"
    authc:
      kerberos_auth_domain:
        http_enabled: false
        transport_enabled: false
        order: 6
        http_authenticator:
          type: "kerberos"
          challenge: true
          config:
            krb_debug: false
            strip_realm_from_principal: true
        authentication_backend:
          type: "noop"
      basic_internal_auth_domain:
        description: "Authenticate via HTTP Basic against internal users database"
        http_enabled: true
        transport_enabled: true
        order: 4
        http_authenticator:
          type: "basic"
          challenge: true
        authentication_backend:
          type: "intern"
      proxy_auth_domain:
        description: "Authenticate via proxy"
        http_enabled: false
        transport_enabled: false
        order: 3
        http_authenticator:
          type: "proxy"
          challenge: false
          config:
            user_header: "x-proxy-user"
            roles_header: "x-proxy-roles"
        authentication_backend:
          type: "noop"
      jwt_auth_domain:
        description: "Authenticate via Json Web Token"
        http_enabled: false
        transport_enabled: false
        order: 0
        http_authenticator:
          type: "jwt"
          challenge: false
          config:
            signing_key: "base64 encoded HMAC key or public RSA/ECDSA pem key"
            jwt_header: "Authorization"
            jwt_url_parameter: null
            roles_key: null
            subject_key: null
        authentication_backend:
          type: "noop"
      clientcert_auth_domain:
        description: "Authenticate via SSL client certificates"
        http_enabled: false
        transport_enabled: false
        order: 2
        http_authenticator:
          type: "clientcert"
          config:
            username_attribute: "cn"
          challenge: false
        authentication_backend:
          type: "noop"
      ldap:
        description: "Authenticate via LDAP or Active Directory"
        http_enabled: false
        transport_enabled: false
        order: 5
        http_authenticator:
          type: "basic"
          challenge: false
        authentication_backend:
          type: "ldap"
          config:
            enable_ssl: false
            enable_start_tls: false
            enable_ssl_client_auth: false
            verify_hostnames: true
            hosts:
            - "localhost:8389"
            bind_dn: null
            password: null
            userbase: "ou=people,dc=example,dc=com"
            usersearch: "(sAMAccountName={0})"
            username_attribute: null
    authz:
      roles_from_myldap:
        description: "Authorize via LDAP or Active Directory"
        http_enabled: false
        transport_enabled: false
        authorization_backend:
          type: "ldap"
          config:
            enable_ssl: false
            enable_start_tls: false
            enable_ssl_client_auth: false
            verify_hostnames: true
            hosts:
            - "localhost:8389"
            bind_dn: null
            password: null
            rolebase: "ou=groups,dc=example,dc=com"
            rolesearch: "(member={0})"
            userroleattribute: null
            userrolename: "disabled"
            rolename: "cn"
            resolve_nested_roles: true
            userbase: "ou=people,dc=example,dc=com"
            usersearch: "(uid={0})"
      roles_from_another_ldap:
        description: "Authorize via another Active Directory"
        http_enabled: false
        transport_enabled: false
        authorization_backend:
          type: "ldap"

and roles.yaml ( a common user when login and warn log raised )

da_user:
  reserved: false
  hidden: false
  cluster_permissions:
  - "cluster_composite_ops_ro"
  - "cluster_monitor"
  - "indices:data/read/scroll/clear"
  index_permissions:
  - index_patterns:
    - "index-pattern-logs*"
    dls: ""
    fls: []
    masked_fields: []
    allowed_actions:
    - "read"
    - "indices_monitor"
    - "indices:admin/mappings/get"
  tenant_permissions:
  - tenant_patterns:
    - "global_tenant"
    allowed_actions:
    - "kibana_all_read"
  static: false

Haha, btw I never get the idea until I wrote it down xD
As the current issue, adding kibana_user ( in ODFE 7.8 ) or kibanauser ( in ODFE 7.10 )
into Backend Roles of user mapping would resolve the problem since i tried to login and no warn log appear because i think i did give the user permission to access kibana index.

Another question. Is it is a good practice for user authorization? Since there is multiple user in my cluster.

@BlackMetalz kibana_user should be mapped to any user that will be using kibana, it provides a set of different permissions needed to navigate kibana.

Hope this answers your question

Thank you for answer my question