[ROR ENTERPRISE] Feature Preview: Group/Tenancy Selector (Video)


(Simone Scarduzio) #1

:warning:️ MULTITENANCY ONLY WORKS WITH KIBANA 5.5.x OR GREATER :warning:


Hello all,

This is a demo of the latest developments in Enterprise-land. I’d love to hear your feedback!

This is the YAML configuration listed in the video.

http.type: ssl_netty4

readonlyrest:

    ssl:
      keystore_file: "keystore.jks"
      keystore_pass: readonlyrest
      key_pass: readonlyrest

    prompt_for_basic_auth: false

    audit_collector: true

    access_control_rules:

    # MACHINES ##################
    - name: "::Kafka::"
      auth_key: kafka:kafka123

    - name: "::LOGSTASH::"
      auth_key: logstash:logstash
      actions: ["indices:data/read/*","indices:data/write/*","indices:admin/template/*","indices:admin/create"]
      indices: ["logstash-*"]

    - name: "::KIBANA-SRV::"
      auth_key: kibana:kibana
      verbosity: error


    # GROUPS ####################

    - name: "::PERSONAL_GRP::"
      groups: ["Personal"]
      kibana_access: rw
      kibana_hide_apps: ["readonlyrest_kbn", "timelion"]
      kibana_index: "[email protected]{user}"

    - name: "::ADMIN_GRP::"
      groups: ["ROR (admin)"]
      kibana_access: admin

    - name: "::Infosec::"
      groups: ["Infosec"]
      kibana_access: rw
      kibana_hide_apps: ["readonlyrest_kbn", "timelion"]
      kibana_index: ".kibana_infosec"

    # USERS TO GROUPS ############
    users:
    - username: admin
      auth_key: admin:dev
      groups: ["ROR (admin)", "Infosec"]

    - username: simone
      auth_key: simone:dev
      groups: ["ROR (admin)", "Personal", "Infosec"]

Thanks!

_Simone


Upgraded from 5.4.0 to 5.6.0 Now wont start
(Simone Scarduzio) #3

(Nan008) #4

Only Enterprise users? No friendly neighborhood PROs? You said in the video multi tenancy was released few days ago - is that KBN 0.1.6? Will it be released for ELK 5.4.1?

:clap: awesome job!!!


(Simone Scarduzio) #5

Haha @nan008 PRO users (together with Enterprise ones) are going to receive a good deal of love in the next iteration, I promise! In my defense, I can say the 1.16.10 release will include a bunch of fixes also for PRO users, especially in the SSL department.

The multi-tenancy and group selector are part of readonlyrest_kbn 1.16.10 enterprise (yes, the Kibana plugin versioning system is now synchronous with the main plugin).

I said “released” but instead it’s just been beta tested by a pair of selected enterprise customers. My bad :slight_smile:

I’m preparing the release the stable version of the main plugin & the Kibana by tomorrow. The announcement email instead is going out on Monday :dart:


(Ld57) #6

let’s try to make this running with ldap auth and autorisation. in progress


(Simone Scarduzio) #7