disable tenant and admin permitions for ODFE's users

group_vars/all/main.yml

@@ -89,6 +89,11 @@ soctools_users:
     CN: "Bozidar Proevski"
     password: "Pass001"
 
+# Minimum one user is required
+ODFE_ADMIN_USERS:
+  - arne.oslebo
+  - bozidar.proevski
+
 odfees_img: "{{repo}}/odfees:{{version}}{{suffix}}"
 odfekibana_img: "{{repo}}/odfekibana:{{version}}{{suffix}}"
 # GENERATE 32-bit secure value

roles/odfekibana/tasks/main.yml

@@ -123,22 +123,22 @@
   tags:
     - start
 
-- name: Copy tenant.json to container
-  remote_user: kibana
-  copy:
-    src: "files/tenant.json"
-    dest: /tmp/tenant.json
-  tags:
-    - start
-
-- name: change tenant to global
-  shell: 'curl -X "POST" "https://{{dslproxy}}:5601/api/v1/multitenancy/tenant" \
-         -b /tmp/cookie.txt -c /tmp/cookie.txt \
-         -k --user admin:{{ odfees_adminpass }} \
-         -H "kbn-xsrf: reporting" -H "Content-Type: application/json" \
-         -d @/tmp/tenant.json'
-  tags:
-    - start
+#- name: Copy tenant.json to container
+#  remote_user: kibana
+#  copy:
+#    src: "files/tenant.json"
+#    dest: /tmp/tenant.json
+#  tags:
+#    - start
+#
+#- name: change tenant to global
+#  shell: 'curl -X "POST" "https://{{dslproxy}}:5601/api/v1/multitenancy/tenant" \
+#         -b /tmp/cookie.txt -c /tmp/cookie.txt \
+#         -k --user admin:{{ odfees_adminpass }} \
+#         -H "kbn-xsrf: reporting" -H "Content-Type: application/json" \
+#         -d @/tmp/tenant.json'
+#  tags:
+#    - start
 
 - name: Copy kibana_graphs.ndjson to container
   remote_user: kibana
@@ -157,6 +157,23 @@
   tags:
     - start
 
+- name: Copy role modification json to container
+  remote_user: kibana
+  template:
+    src: "role.json.j2"
+    dest: /tmp/role.json
+  tags:
+    - start
+
+- name: Grant admin permissions to users
+  shell: 'curl -X "POST" "https://{{dslproxy}}:5601/api/v1/configuration/rolesmapping/all_access" \
+          -b /tmp/cookie.txt -c /tmp/cookie.txt \
+          -k --user admin:{{ odfees_adminpass }} \
+          -H "kbn-xsrf: reporting" -H "Content-Type: application/json" \
+          -d @/tmp/role.json'
+  tags:
+    - start
+
 #- name: cleanup temporary files for kibana_graph import
 #  shell: '/bin/rm -rf /tmp/cookie.txt /tmp/kibana_graphs.ndjson /tmp/tenant.json'
 #  ignore_errors: true

roles/odfekibana/templates/kibana.yml.j2

@@ -29,8 +29,8 @@ elasticsearch.username: kibanaserver
 elasticsearch.password: kibanaserver
 elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
 
-opendistro_security.multitenancy.enabled: true
-opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"]
+opendistro_security.multitenancy.enabled: false
+#opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"]
 opendistro_security.readonly_mode.roles: ["kibana_read_only"]
 
 #new in 7.6

roles/odfekibana/templates/role.json.j2

+{
+   "backend_roles":[
+      "admin"
+   ],
+   "hosts":[
+      
+   ],
+   "users":[
+{% for user in ODFE_ADMIN_USERS %}
+      "{{ user }}",
+{% endfor %}
+      "admin"
+   ],
+   "description":"Maps admin to all_access"
+}