Kibana Multitenancy not working

I successfuly configure multitenancy on kibana but the default tenants are not working, because changes on global and private are shared.

This is the sg_config.yml part for kibana:

kibana:
  server_username: 'kibanaserver'
  multitenancy_enabled: true
  index: ".kibana"
  do_not_fail_on_forbidden: true

``

This is the kibana.yml file configuration:

server.port: 5601
server.host: 0.0.0.0
elasticsearch.url: “https://172.17.0.1:9200/
elasticsearch.ssl.verificationMode: “certificate”
elasticsearch.ssl.certificate: “/usr/share/kibana/kibanaserver.pem”
elasticsearch.ssl.key: “/usr/share/kibana/kibanaserver.key”
elasticsearch.ssl.certificateAuthorities: [ “/usr/share/kibana/root-ca.pem” ]
elasticsearch.username: kibanaserver
elasticsearch.password: password
elasticsearch.requestHeadersWhitelist: [ “sgtenant”, “Authorization”, “authorization” ]
kibana.index: “.kibana”
searchguard.allow_client_certificates: true
searchguard.basicauth.enabled: true
searchguard.multitenancy.enabled: true
searchguard.multitenancy.tenants.enable_global: true
searchguard.multitenancy.tenants.enable_private: true

``

I want the users to have a private tenant for them but when i change create visualizations on private, they also appear on global.

Also i have seen that no new index is created. only .kibana is present.

Thanks for your help. I’m testing search-guard in order to buy a license.

Im using v6.2.4.

PD: I have tried disabling both and using a custom tenant on sg_roles.yml, but looks like the parser doesnt overwrite the ${user_name} on tenant names:

tenants:
“private-${user_name}”: RW

``

Hi, thanks for reporting. This is actually a bug in the current version of the Kibana plugin. It is fixed and will be included in the next release of the Kibana plugin, which is expected early next week.

···

On Thursday, May 24, 2018 at 6:36:17 PM UTC+2, Jordano Moscoso wrote:

I successfuly configure multitenancy on kibana but the default tenants are not working, because changes on global and private are shared.

This is the sg_config.yml part for kibana:

kibana:
  server_username: 'kibanaserver'
  multitenancy_enabled: true
  index: ".kibana"
  do_not_fail_on_forbidden: true

``

This is the kibana.yml file configuration:

server.port: 5601
server.host: 0.0.0.0
elasticsearch.url: “https://172.17.0.1:9200/
elasticsearch.ssl.verificationMode: “certificate”
elasticsearch.ssl.certificate: “/usr/share/kibana/kibanaserver.pem”
elasticsearch.ssl.key: “/usr/share/kibana/kibanaserver.key”
elasticsearch.ssl.certificateAuthorities: [ “/usr/share/kibana/root-ca.pem” ]
elasticsearch.username: kibanaserver
elasticsearch.password: password
elasticsearch.requestHeadersWhitelist: [ “sgtenant”, “Authorization”, “authorization” ]
kibana.index: “.kibana”
searchguard.allow_client_certificates: true
searchguard.basicauth.enabled: true
searchguard.multitenancy.enabled: true
searchguard.multitenancy.tenants.enable_global: true
searchguard.multitenancy.tenants.enable_private: true

``

I want the users to have a private tenant for them but when i change create visualizations on private, they also appear on global.

Also i have seen that no new index is created. only .kibana is present.

Thanks for your help. I’m testing search-guard in order to buy a license.

Im using v6.2.4.

PD: I have tried disabling both and using a custom tenant on sg_roles.yml, but looks like the parser doesnt overwrite the ${user_name} on tenant names:

tenants:
“private-${user_name}”: RW

``

Thanks for response, i will wait for it then. Or can i use the github repo?

El El jue, 24 de may. de 2018 a las 12:06, Jochen Kressin jkressin@floragunn.com escribió:

···

Hi, thanks for reporting. This is actually a bug in the current version of the Kibana plugin. It is fixed and will be included in the next release of the Kibana plugin, which is expected early next week.

On Thursday, May 24, 2018 at 6:36:17 PM UTC+2, Jordano Moscoso wrote:

I successfuly configure multitenancy on kibana but the default tenants are not working, because changes on global and private are shared.

This is the sg_config.yml part for kibana:

kibana:
  server_username: 'kibanaserver'
  multitenancy_enabled: true
  index: ".kibana"
  do_not_fail_on_forbidden: true

``

This is the kibana.yml file configuration:

server.port: 5601
server.host: 0.0.0.0
elasticsearch.url: “https://172.17.0.1:9200/
elasticsearch.ssl.verificationMode: “certificate”
elasticsearch.ssl.certificate: “/usr/share/kibana/kibanaserver.pem”
elasticsearch.ssl.key: “/usr/share/kibana/kibanaserver.key”
elasticsearch.ssl.certificateAuthorities: [ “/usr/share/kibana/root-ca.pem” ]
elasticsearch.username: kibanaserver
elasticsearch.password: password
elasticsearch.requestHeadersWhitelist: [ “sgtenant”, “Authorization”, “authorization” ]
kibana.index: “.kibana”
searchguard.allow_client_certificates: true
searchguard.basicauth.enabled: true
searchguard.multitenancy.enabled: true
searchguard.multitenancy.tenants.enable_global: true
searchguard.multitenancy.tenants.enable_private: true

``

I want the users to have a private tenant for them but when i change create visualizations on private, they also appear on global.

Also i have seen that no new index is created. only .kibana is present.

Thanks for your help. I’m testing search-guard in order to buy a license.

Im using v6.2.4.

PD: I have tried disabling both and using a custom tenant on sg_roles.yml, but looks like the parser doesnt overwrite the ${user_name} on tenant names:

tenants:
“private-${user_name}”: RW

``

You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/e9391dfd-facf-42e9-82d8-f4043258867b%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

I would not recommend it, the test suites are still running and thus we cannot guarantee a stable state in the HEAD of the repos at this point.

···

On Thursday, May 24, 2018 at 8:59:48 PM UTC+2, Jordano Moscoso wrote:

Thanks for response, i will wait for it then. Or can i use the github repo?

El El jue, 24 de may. de 2018 a las 12:06, Jochen Kressin jkressin@floragunn.com escribió:

Hi, thanks for reporting. This is actually a bug in the current version of the Kibana plugin. It is fixed and will be included in the next release of the Kibana plugin, which is expected early next week.

On Thursday, May 24, 2018 at 6:36:17 PM UTC+2, Jordano Moscoso wrote:

I successfuly configure multitenancy on kibana but the default tenants are not working, because changes on global and private are shared.

This is the sg_config.yml part for kibana:

kibana:
  server_username: 'kibanaserver'
  multitenancy_enabled: true
  index: ".kibana"
  do_not_fail_on_forbidden: true

``

This is the kibana.yml file configuration:

server.port: 5601
server.host: 0.0.0.0
elasticsearch.url: “https://172.17.0.1:9200/
elasticsearch.ssl.verificationMode: “certificate”
elasticsearch.ssl.certificate: “/usr/share/kibana/kibanaserver.pem”
elasticsearch.ssl.key: “/usr/share/kibana/kibanaserver.key”
elasticsearch.ssl.certificateAuthorities: [ “/usr/share/kibana/root-ca.pem” ]
elasticsearch.username: kibanaserver
elasticsearch.password: password
elasticsearch.requestHeadersWhitelist: [ “sgtenant”, “Authorization”, “authorization” ]
kibana.index: “.kibana”
searchguard.allow_client_certificates: true
searchguard.basicauth.enabled: true
searchguard.multitenancy.enabled: true
searchguard.multitenancy.tenants.enable_global: true
searchguard.multitenancy.tenants.enable_private: true

``

I want the users to have a private tenant for them but when i change create visualizations on private, they also appear on global.

Also i have seen that no new index is created. only .kibana is present.

Thanks for your help. I’m testing search-guard in order to buy a license.

Im using v6.2.4.

PD: I have tried disabling both and using a custom tenant on sg_roles.yml, but looks like the parser doesnt overwrite the ${user_name} on tenant names:

tenants:
“private-${user_name}”: RW

``

You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/e9391dfd-facf-42e9-82d8-f4043258867b%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Ok, Thanks.

El El jue, 24 de may. de 2018 a las 17:31, Jochen Kressin jkressin@floragunn.com escribió:

···

I would not recommend it, the test suites are still running and thus we cannot guarantee a stable state in the HEAD of the repos at this point.

On Thursday, May 24, 2018 at 8:59:48 PM UTC+2, Jordano Moscoso wrote:

Thanks for response, i will wait for it then. Or can i use the github repo?

El El jue, 24 de may. de 2018 a las 12:06, Jochen Kressin jkressin@floragunn.com escribió:

Hi, thanks for reporting. This is actually a bug in the current version of the Kibana plugin. It is fixed and will be included in the next release of the Kibana plugin, which is expected early next week.

On Thursday, May 24, 2018 at 6:36:17 PM UTC+2, Jordano Moscoso wrote:

I successfuly configure multitenancy on kibana but the default tenants are not working, because changes on global and private are shared.

This is the sg_config.yml part for kibana:

kibana:
  server_username: 'kibanaserver'
  multitenancy_enabled: true
  index: ".kibana"
  do_not_fail_on_forbidden: true

``

This is the kibana.yml file configuration:

server.port: 5601
server.host: 0.0.0.0
elasticsearch.url: “https://172.17.0.1:9200/
elasticsearch.ssl.verificationMode: “certificate”
elasticsearch.ssl.certificate: “/usr/share/kibana/kibanaserver.pem”
elasticsearch.ssl.key: “/usr/share/kibana/kibanaserver.key”
elasticsearch.ssl.certificateAuthorities: [ “/usr/share/kibana/root-ca.pem” ]
elasticsearch.username: kibanaserver
elasticsearch.password: password
elasticsearch.requestHeadersWhitelist: [ “sgtenant”, “Authorization”, “authorization” ]
kibana.index: “.kibana”
searchguard.allow_client_certificates: true
searchguard.basicauth.enabled: true
searchguard.multitenancy.enabled: true
searchguard.multitenancy.tenants.enable_global: true
searchguard.multitenancy.tenants.enable_private: true

``

I want the users to have a private tenant for them but when i change create visualizations on private, they also appear on global.

Also i have seen that no new index is created. only .kibana is present.

Thanks for your help. I’m testing search-guard in order to buy a license.

Im using v6.2.4.

PD: I have tried disabling both and using a custom tenant on sg_roles.yml, but looks like the parser doesnt overwrite the ${user_name} on tenant names:

tenants:
“private-${user_name}”: RW

``

You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/e9391dfd-facf-42e9-82d8-f4043258867b%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/7cd72061-3818-4ff4-a77d-acae92ba454d%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Just to comment that i updated kibana plugin and its working fine. Thanks.

El El vie, 25 de may. de 2018 a las 10:28, Jordano Moscoso osmondhacks@gmail.com escribió:

···

Ok, Thanks.

El El jue, 24 de may. de 2018 a las 17:31, Jochen Kressin jkressin@floragunn.com escribió:

I would not recommend it, the test suites are still running and thus we cannot guarantee a stable state in the HEAD of the repos at this point.

On Thursday, May 24, 2018 at 8:59:48 PM UTC+2, Jordano Moscoso wrote:

Thanks for response, i will wait for it then. Or can i use the github repo?

El El jue, 24 de may. de 2018 a las 12:06, Jochen Kressin jkressin@floragunn.com escribió:

Hi, thanks for reporting. This is actually a bug in the current version of the Kibana plugin. It is fixed and will be included in the next release of the Kibana plugin, which is expected early next week.

On Thursday, May 24, 2018 at 6:36:17 PM UTC+2, Jordano Moscoso wrote:

I successfuly configure multitenancy on kibana but the default tenants are not working, because changes on global and private are shared.

This is the sg_config.yml part for kibana:

kibana:
  server_username: 'kibanaserver'
  multitenancy_enabled: true
  index: ".kibana"
  do_not_fail_on_forbidden: true

``

This is the kibana.yml file configuration:

server.port: 5601
server.host: 0.0.0.0
elasticsearch.url: “https://172.17.0.1:9200/
elasticsearch.ssl.verificationMode: “certificate”
elasticsearch.ssl.certificate: “/usr/share/kibana/kibanaserver.pem”
elasticsearch.ssl.key: “/usr/share/kibana/kibanaserver.key”
elasticsearch.ssl.certificateAuthorities: [ “/usr/share/kibana/root-ca.pem” ]
elasticsearch.username: kibanaserver
elasticsearch.password: password
elasticsearch.requestHeadersWhitelist: [ “sgtenant”, “Authorization”, “authorization” ]
kibana.index: “.kibana”
searchguard.allow_client_certificates: true
searchguard.basicauth.enabled: true
searchguard.multitenancy.enabled: true
searchguard.multitenancy.tenants.enable_global: true
searchguard.multitenancy.tenants.enable_private: true

``

I want the users to have a private tenant for them but when i change create visualizations on private, they also appear on global.

Also i have seen that no new index is created. only .kibana is present.

Thanks for your help. I’m testing search-guard in order to buy a license.

Im using v6.2.4.

PD: I have tried disabling both and using a custom tenant on sg_roles.yml, but looks like the parser doesnt overwrite the ${user_name} on tenant names:

tenants:
“private-${user_name}”: RW

``

You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/e9391dfd-facf-42e9-82d8-f4043258867b%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/7cd72061-3818-4ff4-a77d-acae92ba454d%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.