From 263e6b0d1e6a9fbf08405f68b72d741c6def72bf Mon Sep 17 00:00:00 2001
From: root <root@srv2.soctools.grena.ge>
Date: Mon, 9 Jan 2023 11:32:28 +0400
Subject: [PATCH] configure authentication in haproxy for UI and fix some tags

---
 roles/haproxy/tasks/update-config.yml  | 4 ++--
 roles/haproxy/templates/haproxy.cfg.j2 | 5 +++++
 roles/opensearches/tasks/main.yml      | 8 ++++----
 update-config-soctools.yml             | 2 +-
 4 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/roles/haproxy/tasks/update-config.yml b/roles/haproxy/tasks/update-config.yml
index 58506a4..589af40 100644
--- a/roles/haproxy/tasks/update-config.yml
+++ b/roles/haproxy/tasks/update-config.yml
@@ -15,10 +15,10 @@
   - stats
   - nifi
   - nifiports
-  - odfe
+  - opensearches
   - keycloak
   - thehive
   - cortex
   - misp
   - user-mgmt-ui
-  - kibana
+  - opensearch-dashboards
diff --git a/roles/haproxy/templates/haproxy.cfg.j2 b/roles/haproxy/templates/haproxy.cfg.j2
index a5f25dd..3e3502f 100644
--- a/roles/haproxy/templates/haproxy.cfg.j2
+++ b/roles/haproxy/templates/haproxy.cfg.j2
@@ -16,6 +16,10 @@ defaults
   timeout client  20s
   timeout server  20s
 
+userlist mycredentials
+   user {{soctools_users[0].username}} insecure-password {{lookup('password', '{{playbook_dir}}/secrets/passwords/{{soctools_users[0].username}}')}}
+   user {{soctools_users[0].email}} insecure-password {{lookup('password', '{{playbook_dir}}/secrets/passwords/{{soctools_users[0].username}}')}}
+
 listen stats
         bind 0.0.0.0:8888 ssl crt /etc/ssl/haproxy alpn h2,http/1.1
         stats enable
@@ -134,6 +138,7 @@ listen user-mgmt-ui
         option httplog
         server soctools_server {{ soctools_network_gw }}:8050
 	tcp-request connection reject if !{ src -f /usr/local/etc/haproxy/user-mgmt-ui_whitelist.lst }
+	http-request auth unless { http_auth(mycredentials) }
 
 
 {% for port in range(5000, 5020) %}
diff --git a/roles/opensearches/tasks/main.yml b/roles/opensearches/tasks/main.yml
index 2e7a390..d693c37 100644
--- a/roles/opensearches/tasks/main.yml
+++ b/roles/opensearches/tasks/main.yml
@@ -6,17 +6,17 @@
 - include: start.yml
   tags:
    - start
-   - start-odfees
+   - start-opensearches
    - init
 - include: stop.yml
   tags:
    - stop
-   - stop-odfees
+   - stop-opensearches
 - include: update-config.yml
   tags:
    - update-config
-   - update-odfees-config
+   - update-opensearches-config
 - include: restart.yml
   tags:
    - restart
-   - restart-odfees
+   - restart-opensearches
diff --git a/update-config-soctools.yml b/update-config-soctools.yml
index 742adee..3884667 100644
--- a/update-config-soctools.yml
+++ b/update-config-soctools.yml
@@ -30,7 +30,7 @@
   roles:
     - opensearches
 
-- name: Update Configs for Opensearch Kibana
+- name: Update Configs for Opensearch Dashboards
   hosts: opensearchdashboardscontainers
   roles:
     - opensearch-dashboards
-- 
GitLab