diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml index bda2eaa91698954b2b35b668c70e5332c0a5e259..d8f242a60fa9a291f6c2f0cf5817eddab0b32a75 100644 --- a/group_vars/all/main.yml +++ b/group_vars/all/main.yml @@ -89,6 +89,11 @@ soctools_users: CN: "Bozidar Proevski" password: "Pass001" +# Minimum one user is required +ODFE_ADMIN_USERS: + - arne.oslebo + - bozidar.proevski + odfees_img: "{{repo}}/odfees:{{version}}{{suffix}}" odfekibana_img: "{{repo}}/odfekibana:{{version}}{{suffix}}" # GENERATE 32-bit secure value diff --git a/roles/odfekibana/tasks/main.yml b/roles/odfekibana/tasks/main.yml index c0854140c7d172dc700f010fb756728b5c296f55..49924ee700e2752e4c1141b68eed4f410ddf3ace 100644 --- a/roles/odfekibana/tasks/main.yml +++ b/roles/odfekibana/tasks/main.yml @@ -123,22 +123,22 @@ tags: - start -- name: Copy tenant.json to container - remote_user: kibana - copy: - src: "files/tenant.json" - dest: /tmp/tenant.json - tags: - - start - -- name: change tenant to global - shell: 'curl -X "POST" "https://{{dslproxy}}:5601/api/v1/multitenancy/tenant" \ - -b /tmp/cookie.txt -c /tmp/cookie.txt \ - -k --user admin:{{ odfees_adminpass }} \ - -H "kbn-xsrf: reporting" -H "Content-Type: application/json" \ - -d @/tmp/tenant.json' - tags: - - start +#- name: Copy tenant.json to container +# remote_user: kibana +# copy: +# src: "files/tenant.json" +# dest: /tmp/tenant.json +# tags: +# - start +# +#- name: change tenant to global +# shell: 'curl -X "POST" "https://{{dslproxy}}:5601/api/v1/multitenancy/tenant" \ +# -b /tmp/cookie.txt -c /tmp/cookie.txt \ +# -k --user admin:{{ odfees_adminpass }} \ +# -H "kbn-xsrf: reporting" -H "Content-Type: application/json" \ +# -d @/tmp/tenant.json' +# tags: +# - start - name: Copy kibana_graphs.ndjson to container remote_user: kibana @@ -157,6 +157,23 @@ tags: - start +- name: Copy role modification json to container + remote_user: kibana + template: + src: "role.json.j2" + dest: /tmp/role.json + tags: + - start + +- name: Grant admin permissions to users + shell: 'curl -X "POST" "https://{{dslproxy}}:5601/api/v1/configuration/rolesmapping/all_access" \ + -b /tmp/cookie.txt -c /tmp/cookie.txt \ + -k --user admin:{{ odfees_adminpass }} \ + -H "kbn-xsrf: reporting" -H "Content-Type: application/json" \ + -d @/tmp/role.json' + tags: + - start + #- name: cleanup temporary files for kibana_graph import # shell: '/bin/rm -rf /tmp/cookie.txt /tmp/kibana_graphs.ndjson /tmp/tenant.json' # ignore_errors: true diff --git a/roles/odfekibana/templates/kibana.yml.j2 b/roles/odfekibana/templates/kibana.yml.j2 index 0d670073c5d8f8515075abcea316f02d4863df25..55210f56dff446b1348f11163f64399901833032 100644 --- a/roles/odfekibana/templates/kibana.yml.j2 +++ b/roles/odfekibana/templates/kibana.yml.j2 @@ -29,8 +29,8 @@ elasticsearch.username: kibanaserver elasticsearch.password: kibanaserver elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"] -opendistro_security.multitenancy.enabled: true -opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"] +opendistro_security.multitenancy.enabled: false +#opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"] opendistro_security.readonly_mode.roles: ["kibana_read_only"] #new in 7.6 diff --git a/roles/odfekibana/templates/role.json.j2 b/roles/odfekibana/templates/role.json.j2 new file mode 100644 index 0000000000000000000000000000000000000000..9d67a52fb225237029d74bcaa8b381857a3f1eb2 --- /dev/null +++ b/roles/odfekibana/templates/role.json.j2 @@ -0,0 +1,15 @@ +{ + "backend_roles":[ + "admin" + ], + "hosts":[ + + ], + "users":[ +{% for user in ODFE_ADMIN_USERS %} + "{{ user }}", +{% endfor %} + "admin" + ], + "description":"Maps admin to all_access" +}