Unable to email OpenSearch dashboard

OpenSearch Dashboards Reporting Plugin
1

Versions:

AWS Amazon OpenSearch Service - OpenSearch 2.17

Issue:

Trying to execute following from my Mac terminal:

opensearch-reporting-cli \
-u  https://opensearch.mydomain.com/_dashboards/app/dashboards?security_tenant=global#/view/390a9ea0-15d5-11f0-af5f-5f69415fed48 \
-a saml \
-c userid:password \
-f pdf \
--smtphost myrelay.myco.com \
-e smtp -s myemailid@myco.com -r myemailid@myco.com \
-t global

However, I get following error:

 Downloading report failed. Error: No element found for selector: [name="identifier"]

Not sure what am I missing. Any clues? Also is there a way to print verbose logs for opensearch-reporting-cli utility?

2

@Akshay How did you get this link? As per OpenSearch documentation you should use short URL.

i.e.

https://docker1.pablo.local:5601/goto/8b57d13ca943bc4e9a2f3f82f8f392b9?security_tenant=global

This is my working example.

root@MacBook-Pro .bin # ./opensearch-reporting-cli -u "https://192.168.1.71:5601/goto/8b57d13ca943bc4e9a2f3f82f8f392b9?security_tenant=global" -a basic -c admin:Eliatra123 -f pdf
✔ Fetched argument values
⠋ Connecting to url https://192.168.1.71:5601/goto/8b57d13ca943bc4e9a2f3f82f8f392b9?security_tenant=global(node:21767) NOTE: The AWS SDK for JavaScript (v2) is in maintenance mode.
 SDK releases are limited to address critical bug fixes and security issues only.

Please migrate your code to use AWS SDK for JavaScript (v3).
For more information, check the blog post at https://a.co/cUPnyil
(Use `node --trace-warnings ...` to show where the warning was created)
ℹ Credentials are verified
ℹ Connected to url https://192.168.1.71:5601/goto/8b57d13ca943bc4e9a2f3f82f8f392b9?security_tenant=global
✔ The report is downloaded
3

Hi Pablo
Thanks for your reply, I tried with short URL as well. But still get error like:

Downloading report failed. Error: No element found for selector: input[data-test-subj="user-name"]
4

@Akshay I’ve got similar error when the target object (dashboard) was missing in the OpenSearch Dashboards.

Can you test with basic authentication instead of saml?

Also I had to use double quotes with URL to get it working on my Mac.

5

@Akshay I’ve just repro your issue.

image
image1212×225 28.9 KB

It is caused by the authentication type. Once I switched back to basic, all worked.

6

@Akshay I’ve just check Opensearch Github and found issue related to your problem. It looks like a bug in the opensearch-reporting-cli.

7

Thanks @pablo for following up with more details!

I tried again by specifying -a basic, however it still throws same error:

opensearch-reporting-cli \
-u  https://opensearch.myapp.com/_dashboards/app/dashboards?security_tenant=global#/view/390a9ea0-15d5-11f0-af5f-5f69415fed48 \
-a basic \
-c uid:pwd \
-f pdf \
--smtphost myrelay.myco.com \
-e smtp -s me@myco.com -r me@myco.com \
-t global

output:

✔ Fetched argument values
⠋ Connecting to url https://opensearch.myco.com/_dashboards/app/dashboards?security_tenant=global#/view/390a9ea0-15d5-11f0-af5f-5f69415fed48(node:66191) NOTE: The AWS SDK for JavaScript (v2) is in maintenance mode.
 SDK releases are limited to address critical bug fixes and security issues only.

Please migrate your code to use AWS SDK for JavaScript (v3).
For more information, check the blog post at https://a.co/cUPnyil
(Use `node --trace-warnings ...` to show where the warning was created)
✖ Downloading report failed. Error: No element found for selector: input[data-test-subj="user-name"]

Please note that I did not “switch off” SAML auth from my OpenSearch setup; and I do have both basic and saml auth types enabled (screenshot below).

image
image2950×648 69.5 KB

Is your setup similar?

8

@Akshay If you look at my example, you’ll notice two entries.

ℹ Credentials are verified
ℹ Connected to url https://192.168.1.71:5601/goto/8b57d13ca943bc4e9a2f3f82f8f392b9?security_tenant=global

In your case none of them happened. Which means that opensearch-reporting-cli tool fails to authenticate.

Try the following below and test the connectivity.

curl --insecure -u <username>:<password> https://<OpenSearch_node_IP_or_FQDN>:9200/_plugins/_security/authinfo?pretty

The security config is correct. You can have multiple authentication types configured at the same time. OpenSearch will test your authentication attempts against all configured auth domains.

9

@pablo Here is the output of the command you shared above.

➜ curl --max-time 3 --insecure -u "akshay:p@ssw0rd" https://opensearch.myco.com/_plugins/_security/authinfo\?pretty

{
  "user" : "User [name=akshay, backend_roles=[], requestedTenant=null]",
  "user_name" : "akshay",
  "user_requested_tenant" : null,
  "backend_roles" : [ "" ],
  "custom_attribute_names" : [ ],
  "roles" : [ "all_access" ],
  "tenants" : {
    "global_tenant" : true,
    "akshay" : true
  },
  "principal" : null,
  "peer_certificates" : "0",
  "sso_logout_url" : null
}%
10

I still don’t know how you get this link. Did you copy your link directly from the browser’s address bar?

Your short link should be like the one below.

https://search-mycluster-omczjqsxxwae5tkc25os4yss1u.us-east-1.es.amazonaws.com/_dashboards/goto/0c7c893103aa0a5f2f9bb62cebc3f6fe?security_tenant=global
11

@pablo I had tried the short URL as well.

12

@Akshay

i am facing something similar did you find out what was the issue ?