Split ROR configuration into multiple files


(Tommy Song) #1

:bulb: Idea Name

Instead of having one large yaml file for ROR configuration, we could split the sections such as ACL, Users, etc… into its own file

:eyes: Example

global.yaml

    readonlyrest:
      enable: true
      response_if_req_forbidden: Forbidden by ReadonlyREST ES plugin
      prompt_for_basic_auth: true

groups.yaml

    access_control_rules:
      - name: "::LOCAL ADMIN::"
        groups: ["admin"]
        kibana_access: admin
        verbosity: error
      - name: "::LDAP ADMIN::"
        kibana_access: admin
        ldap_auth:
          name: "ldap01"
          groups: ["EK_ADMINS"]
        verbosity: error

users.yaml

    users:
      - username: admin
        auth_key_sha256: hash
        groups: ["admin"]

ldap.yaml

    ldaps:
      - name: ldap01
        host: "${LDAP_HOST}"
        port: ${LDAP_PORT}
        ssl_enabled: true
        ssl_trust_all_certs: true
        bind_dn: "${LDAP_BIND_DN}"
        bind_password: "${LDAP_BIND_PASSWORD}"
        search_user_base_DN: "${LDAP_SEARCH_USER_DN}"
        search_groups_base_DN: "${LDAP_SEARCH_GROUP_DN}"
        user_id_attribute: "userPrincipalName"
        unique_member_attribute: "member"

:rocket: Let’s do this?

  • 1
  • 2
  • 3
  • 4
  • 5

0 voters