How to specify a tenant during index-pattern creation

nickytd · May 17, 2020, 1:55pm

Hi,

with the rest saved_object it is trivial to define an index pattern. However creation of a tenant using

PUT _opendistro/_security/api/tenants/<tenant>

doesn’t result in creation of ./kibana_{hash}_{tenant} index. Still the tenant is visible with

GET _opendistro/_security/api/tenants/

So far so good. But the next question is how to create an index-pattern for a particular tenant? and not for the global using the REST API ?

api/saved_objects/index-pattern/${id} \
-H 'kbn-xsrf: true' -H "securitytenant: {tenant}" -H "Content-Type: application/json" -XPOST -d \
'{
	 "attributes": {
	 	"title": "my-index-pattern",
	 	"timeFieldName": "@timestamp"
	 }
}'

Even if the security tenant header is present it still creates the index pattern in the global tenant

Thanks
Niki

johnmops · March 27, 2021, 9:33am

I am seeing the same behavior using anonymous user.
Can anyone help ?

User-Agent': 'python-requests/2.25.1', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Connection': 'keep-alive', 'kbn-xsrf': 'true', 'securitytenant': 'tenant-116a30c1-67da-4f01-b736-0c4dd9af825b', 'Cookie': 'security_authentication=Fe26.2**b4f0a09e7716881c8fa45d62c0b0fcc26d461be1f16ae4ed9657cf339ead0aac*u1vwGaA9a6x8ac5cSIeGkg*OOZtnOS1gW1h6N_jTOmoKfNxvF796k861aFqTEpahO0Wr0VODlWyUiu24T9xMBRHE89rhFuczz3xOz8viQp8tk3SeOeKtuqxSq6BFAU2jxySZuJNNZ_dnh2cIeSxYoJi-pZP1OjL7Qhh1oz1GeL8s0RAQsAvI_zQ08iVB-y96DUMCVpD01JS1csQfUw32Ye5pX0AAZ_IghtKc7bp-avvcfCVfWkJqlurXmwO-_Sm5zoeQpeb9vx_N2Q8daZPVhGP**1b26ce6b89f77ea713c8f9c70afbe63f034e23a62aca000501356b6054312cab*sfC_rog6ycPM3OSUhigrF5J5FVTh-HRxR7MWbkLk_hY', 'Content-Length': '103', 'Content-Type': 'application/json', 'Authorization': 'Basic ZWJpcml1a292Ok5Yck5wLVEzX3kyLkpC'}

Header is present and yet it goes to the global tenant

nickytd · March 27, 2021, 10:06am

Hi
not sure if the anonymous case is supported but here is what works for authenticated user

github.com

nickytd/kubernetes-logging-helm/blob/f667cc2f12c17e321c5e196df2a7b759308131e2/charts/templates/kibana/kibana-index-patterns-configmap.yaml#L111


      
                -d "{\"attributes\": {\"defaultIndex\": \"${default}\"}}"` 
          
          
  if [ "${result}" == "200" ]; then 
              echo "default index pattern ${tenant}/${default} set successfully"
            else 
              echo "setting default index pattern ${tenant}/${default} failed ${result}"  
            fi    
              
          
          
    
          echo "Import saved objects ${tenant}"
          for f in /saved_objects/* ; do
            result=`curl -s -o /dev/null -w "%{http_code}" -X POST -u$KIBANA_USER_:$KIBANA_PASSWORD_ \
              $KIBANA_URL/api/saved_objects/_import?overwrite=true \
              -H "securitytenant: ${tenant}" -H "kbn-xsrf: true" --form file=@${f}`
            
            if [ "${result}" == "200" ]; then 
              echo "${f} imported"
            else 
              echo "importing ${f} failed ${result}"  
            fi

johnmops · March 27, 2021, 3:13pm

Hey,

This does work with an authenticated user but we are using okta with an enforced MFA.
Unfortunately there is no way to bypass this programmatically. This is the reason why i was trying to implement this with an anonymous user.

Topic		Replies	Views
How to create index-pattern for a specific tenant in Elasticsearch Kibana using API? Security	2	496	November 29, 2021
Tenant saved objects .kibana index General Feedback	7	2070	July 1, 2021
Could not find curl's created index-pattern in Kibana Dashboard Index Management	1	623	May 7, 2021
Import configuration depends on tenant using API Open Source Elasticsearch and Kibana	3	1312	December 14, 2020
Multitenancy behaviour in 1.13.x security plugin Security	2	329	August 16, 2021

How to specify a tenant during index-pattern creation

Related Topics