[ROR ENTERPRISE] Feature Preview: Group/Tenancy Selector (Video)

sscarduzio · August 30, 2017, 1:26pm

️ MULTITENANCY ONLY WORKS WITH KIBANA 5.5.x OR GREATER ️

Hello all,

This is a demo of the latest developments in Enterprise-land. I’d love to hear your feedback!

This is the YAML configuration listed in the video.

http.type: ssl_netty4

readonlyrest:

    ssl:
      keystore_file: "keystore.jks"
      keystore_pass: readonlyrest
      key_pass: readonlyrest

    prompt_for_basic_auth: false

    audit_collector: true

    access_control_rules:

    # MACHINES ##################
    - name: "::Kafka::"
      auth_key: kafka:kafka123

    - name: "::LOGSTASH::"
      auth_key: logstash:logstash
      actions: ["indices:data/read/*","indices:data/write/*","indices:admin/template/*","indices:admin/create"]
      indices: ["logstash-*"]

    - name: "::KIBANA-SRV::"
      auth_key: kibana:kibana
      verbosity: error


    # GROUPS ####################

    - name: "::PERSONAL_GRP::"
      groups: ["Personal"]
      kibana_access: rw
      kibana_hide_apps: ["readonlyrest_kbn", "timelion"]
      kibana_index: ".kibana_@{user}"

    - name: "::ADMIN_GRP::"
      groups: ["ROR (admin)"]
      kibana_access: admin

    - name: "::Infosec::"
      groups: ["Infosec"]
      kibana_access: rw
      kibana_hide_apps: ["readonlyrest_kbn", "timelion"]
      kibana_index: ".kibana_infosec"

    # USERS TO GROUPS ############
    users:
    - username: admin
      auth_key: admin:dev
      groups: ["ROR (admin)", "Infosec"]

    - username: simone
      auth_key: simone:dev
      groups: ["ROR (admin)", "Personal", "Infosec"]

Thanks!

_Simone

nan008 · August 31, 2017, 1:24pm

Only Enterprise users? No friendly neighborhood PROs? You said in the video multi tenancy was released few days ago - is that KBN 0.1.6? Will it be released for ELK 5.4.1?

awesome job!!!

sscarduzio · August 31, 2017, 2:07pm

Haha @nan008 PRO users (together with Enterprise ones) are going to receive a good deal of love in the next iteration, I promise! In my defense, I can say the 1.16.10 release will include a bunch of fixes also for PRO users, especially in the SSL department.

The multi-tenancy and group selector are part of readonlyrest_kbn 1.16.10 enterprise (yes, the Kibana plugin versioning system is now synchronous with the main plugin).

I said “released” but instead it’s just been beta tested by a pair of selected enterprise customers. My bad

I’m preparing the release the stable version of the main plugin & the Kibana by tomorrow. The announcement email instead is going out on Monday

ld57 · March 27, 2018, 12:55pm

let’s try to make this running with ldap auth and autorisation. in progress