Header "securitytenant" not work properly for select tenant

I’m trying to create diferent index patterns with curl command in different tenants using the -H “securitytenant” header to specify the tenant, but all index-patterns are created in global tenant. I need to configure something more in the curl call? I’m using ODFE 1.9.0

One curl command example is:

curl -X POST
-k -u “user:password”
http://localhost:9200/api/saved_objects/index-pattern/
-H “kbn-xsrf: true”
-H “content-type: application/json; charset=utf-8”
-H “securitytenant: test_tenant
-d ‘{“attributes”:{“title”:“logger-*”,“timeFieldName”:“@timestamp”}}’

Thanks in advance

1 Like

Hi ogallart,

I had the same experience as you! Basically if Kibana(/Opendistro) does not get its headers correctly it will default to the default tenant ( for me it was my private tenant), correct me if I’m wrong.

This is a snippet from my Python code:

url = '/api/saved_objects/index-pattern/' + index_pattern
headers = {
  'kbn-xsrf': 'true',
  'Content-Type': 'application/json',
  'securitytenant': str(role),
  'user-agent': 'create-role.py/0.0.1'
}
data = { "attributes": { "title": index_pattern, "timeFieldName": '@timestamp' } }

If I recall correctly I’m guessing that kbn-xsrf is supposed to be a string and not a boolean, if that does not fix your issue the content-type looks a bit different than mine.

1 Like

Hello @oscark,

Thanks for the answer, I put the header as you say and I can create the index-pattern per tenant succesfully.

1 Like

Hi @oscark

I used your answer, with great success, as follow

curl -u 'admin:xxxxxxxx' -v -X POST -k https://localhost:9200/api/saved_objects/index-pattern/ \
 -H "kbn-xsrf: true"\
 -H "content-type: application/json; charset=utf-8"\
 -H "securitytenant: global_tenant"\
 -H "user-agent: create-role.py/0.0.1"\
 -d '{"attributes": {"title":"logger-*","timeFieldName":"@timestamp"} }'

here is the answer

{
   "_index":"api",
   "_type":"saved_objects",
   "_id":"index-pattern",
   "_version":1,
   "result":"created",
   "_shards":{
      "total":2,
      "successful":1,
      "failed":0
   },
   "_seq_no":0,
   "_primary_term":1
}

However when I connect to kibana (opendistro) the new created index pattern is no where to be find in the index-pattern dashboard both with the global and the admin tenant

What am I missing here please ?

So I have not been thinking about this in the last 5 months, but IMHO your curl does not match the suggestion that I wrote last time.

The url seems to me to be wrong, you probably want it to be /api/saved_objects/index-pattern/logger-*

I also believe that you want want -H 'kbn-xsrf: "true"' is should apparently be a string ( at least according to my last comment)
I also suggested -H '"Content-Type: application/json;"' but that is probably unnecessary.
I think that the user-agent is unnecessary since it will probably be more confusing than beneficial for you.

Please let us if it fixes your issue AND let us know what fixes your issue, so that the next person have an easier time.
Cheers.
(edited: to remove the port number so that nobody copy paste it)

1 Like

Thank for You quick answer

I changes the curl call as follow

curl -u 'admin:xxxxxxxx' -v -X POST -k "https://localhost:9200/api/saved_objects/index-pattern/logger-*" \
 -H "kbn-xsrf: 'true'"\
 -H "content-type: application/json;"\
 -H "securitytenant: global_tenant"\
 -H "user-agent: create-role.py/0.0.1"\
 -d '{"attributes": {"title":"logger-*","timeFieldName":"@timestamp"} }'

but now I am getting the following error

{"error":"no handler found for uri [/api/saved_objects/index-pattern/logger-*] and method [POST]"}

I am surely missing something else :laughing:

IIRC this should be ran against Kibana not Elasticsearch.

1 Like

I changed the URL in the curl call to point to kibana as follow

curl -u 'admin:xxxxxxxx' -v -X POST -k "https://localhost:5601/api/saved_objects/index-pattern/logger-*" \
 -H "kbn-xsrf: 'true'"\
 -H "content-type: application/json;"\
 -H "securitytenant: global_tenant"\
 -H "user-agent: create-role.py/0.0.1"\
 -d '{"attributes": {"title":"logger-*","timeFieldName":"@timestamp"} }'

This do not trigger an error and the result is as follow

{
   "type":"index-pattern",
   "id":"logger-*",
   "attributes":{
      "title":"logger-*",
      "timeFieldName":"@timestamp"
   },
   "references":[
      
   ],
   "migrationVersion":{
      "index-pattern":"7.6.0"
   },
   "updated_at":"2021-05-07T12:34:55.674Z",
   "version":"WzAsMV0=",
   "namespaces":[
      "default"
   ]
}

How ever the index-patter still does not show up neither in global_tenant nor admin_tenant

Surely something is still missing, maybe a kind of update call ?

I’m guessing that it wrote to your “default” tenant (“namespace”).

Here is a comment related to this:

You can find out which tenants you have access to through _opendistro/_security/api/account?pretty

I’m guessing that -H "securitytenant: global_tenant"\ is wrong and it should be 'global_tenant' with citation marks.

I have not tested any of this.

I found that if I add citation marks and I change the securitytenant from ‘global_tenant’ to ‘admin_tenant’ as bellow

curl -u 'admin:xxxxxxxx' -v -X POST -k "https://localhost:5601/api/saved_objects/index-pattern/logger-*" \
 -H "kbn-xsrf: 'true'"\
 -H "content-type: application/json;"\
 -H "securitytenant: 'admin_tenant'"\
 -H "user-agent: create-role.py/0.0.1"\
 -d '{"attributes": {"title":"logger-*","timeFieldName":"@timestamp"} }'

The index-pattern is well created and visible only in admin_tenant (obviously)

That makes me question if it is because admin_tenant is a custom tenant while global_tenant is a reserved one ?

Anyway this do not solve my issue because i wanted these index-pattern to be globally visible to all

Thank you in advance for any help

Hi there,

I wanted to follow up on this as I have hit exactly the same issue (with ODFE 1.12).

Was any solution found to this (ie being able to create an index pattern through the Kibana API via the global_tenant, so the pattern is visible to all).

Thanks, Will.

@Mr_Hedgehog Will, I seem to have it working using the below curl call:

curl --insecure -Ss -u admin:admin -H 'osd-xsrf: true' -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -H "securitytenant: global" -XPOST "http://localhost:5601/api/saved_objects/index-pattern/myid123" -d '
    {
        "attributes" : {
            "title" : "my_pattern"
        }
    }
'

Use global instead of global_tenant.
Does this work for you?