I am using elasticsearch 5.6 with xpack plugin.
my kibana user connects to elstic with read_only role.
"read_only": {
"cluster": [
"monitor"
],
"indices" : [
{
"names" : [ "my-index-*" ],
"privileges" : ["read", "view_index_metadata"]
},
{
"names" : [ ".kibana*"],
"privileges" : ["read", "view_index_metadata"]
}
]
}
"kibana_system": {
"cluster": [
"monitor",
"cluster:admin/xpack/monitoring/bulk"
],
"indices": [
{
"names": [
".kibana*",
".reporting-*"
],
"privileges": [
"all"
]
},
{
"names": [
".monitoring-*"
],
"privileges": [
"read"
]
}
],
"run_as": [],
"metadata": {
"_reserved": true
},
"transient_metadata": {
"enabled": true
}
}
It succeed to connect only if I added "kibana_system" role to the user in addition to "read_only" role.
What does "kibana_system" role for?
How can I grant less permission to my user? without "kibana_system" I need read only for my-index-*
You just need to add the kibana_user role and the monitoring_user role to your user and you'll be good to go.
No change necessary to the read_only role.
From the same page, the kibana_system role...
...should not be assigned to users as the granted permissions may change between releases.
Related
I am following the guides here to create a token for the elastic/fleet-server service account.
I successfully created the token with the command:
bin/elasticsearch-service-tokens create elastic/fleet-server fleet-token
and try to execute the request http://localhost:9200/_security/_authenticate with the bearer authorization. I receive the following error:
{
"error": {
"root_cause": [
{
"type": "security_exception",
"reason": "failed to authenticate service account [elastic/fleet-server] with token name [fleet-token]",
"header": {
"WWW-Authenticate": [
"Basic realm=\"security\" charset=\"UTF-8\"",
"ApiKey"
]
}
}
],
"type": "security_exception",
"reason": "failed to authenticate service account [elastic/fleet-server] with token name [fleet-token]",
"header": {
"WWW-Authenticate": [
"Basic realm=\"security\" charset=\"UTF-8\"",
"ApiKey"
]
}
},
"status": 401
}
It clearly understands the token because it provides the token name in the error message. The permissions for that service account are below:
"elastic/fleet-server" : {
"role_descriptor" : {
"cluster" : [
"monitor",
"manage_own_api_key"
],
"indices" : [
{
"names" : [
"logs-*",
"metrics-*",
"traces-*",
"synthetics-*",
".logs-endpoint.diagnostic.collection-*",
".logs-endpoint.action.responses-*"
],
"privileges" : [
"write",
"create_index",
"auto_configure"
],
"allow_restricted_indices" : false
},
{
"names" : [
".fleet-*"
],
"privileges" : [
"read",
"write",
"monitor",
"create_index",
"auto_configure",
"maintenance"
],
"allow_restricted_indices" : false
}
],
"applications" : [
{
"application" : "kibana-*",
"privileges" : [
"reserved_fleet-setup"
],
"resources" : [
"*"
]
}
],
"run_as" : [ ],
"metadata" : { },
"transient_metadata" : {
"enabled" : true
}
}
}
I am running Elastic/Kibana/Elastic-Agent with Docker, version 7.17.6.
The documentation seems fairly straight forward so not sure where to go from here. Any thoughts?
I use Kibana to show data about automated test cases stored in a single elastic search index.
These tests can be repeated multiple times during the day and right now are identified by a build number that comes from Jenkins. So, if I want to see the latest results, I need to add a filter in my dashboards where I set the last known value of the build number.
Is there a way to automatically show in a dashboard the values about the last build?
Thank you.
EDIT: Here's a data sample:
{
"_index": "data",
"_type": "_doc",
"_id": "33rugH0B0CwJH7IcV11v",
"_score": 1,
"_source": {
"market": "FRA",
"price_code": "DIS22FREH1003",
"test_case_id": "NPM_14",
"environment": "PROD",
"cruise_id": "DI20220707CPVCP1",
"jenkins_job_name": "MonitoringNPM_14",
"#timestamp": "2021-12-03T16:34:03.360+0100",
"jenkins_job_number": 8,
"agency": "FR900000",
"fail_code": "IncorrectGuarantee",
"build_number": 8,
"category": "IR2"
},
"fields": {
"environment.keyword": [
"PROD"
],
"test_case_id": [
"NPM_14"
],
"category.keyword": [
"IR2"
],
"price_code": [
"DIS22FREH1003"
],
"cruise_id": [
"DI20220707CPVCP1"
],
"price_code.keyword": [
"DIS22FREH1003"
],
"agency": [
"FR900000"
],
"jenkins_job_number": [
"8"
],
"agency.keyword": [
"FR900000"
],
"jenkins_job_number.keyword": [
"8"
],
"market": [
"FRA"
],
"jenkins_job_name.keyword": [
"MonitoringNPM_14"
],
"test_case_id.keyword": [
"NPM_14"
],
"environment": [
"PROD"
],
"#timestamp": [
"2021-12-03T15:34:03.360Z"
],
"jenkins_job_name": [
"MonitoringNPM_14"
],
"fail_code.keyword": [
"IncorrectGuarantee"
],
"fail_code": [
"IncorrectGuarantee"
],
"build_number": [
8
],
"market.keyword": [
"FRA"
],
"cruise_id.keyword": [
"DI20220707CPVCP1"
],
"category": [
"IR2"
]
}
}
I would like to use the ApiKey authentication to create a reverse proxy for Kibana. The Reverse Proxy is needed to inject a custom role with some filters.
The proxy creates an ApiKey first with this post:
POST /_security/api_key
{
"name": "kb-1234-9876",
"expiration": "1d",
"role_descriptors": {
"role-a": {
"cluster": ["all"],
"indices": [
{
"names": ["*"],
"privileges": ["read"],
"query": "\"bool\": { \"filter\": { \"terms\": { \"customer.id_customer\": [ \"1234\", \"9876\" ] } }}"
}
]
}
}
After that the authentication header with the APIKEY Base64 string is passed to the backend.
Apparently the ApiKey does not have permission to access the Kibana Dashboard.
Is there any way to create the Kibana feature authorisation within the ApiKey as described in Kibana Role Management API?
Some other workaround?
I found that the "old" Kibana authorisation with the applications privileges work. So my new Post of the ApiKey is like this:
POST /_security/api_key
{
"name": "kb-1234-9876",
"expiration": "1d",
"role_descriptors": {
"role-a": {
"cluster": ["all"],
"indices": [
{
"names": ["*"],
"privileges": ["read"],
"query": "\"bool\": { \"filter\": { \"terms\": { \"customer.id_customer\": [ \"1234\", \"9876\" ] } }}"
}
],
"applications": [
{
"application": "kibana-.kibana",
"privileges": [
"read"
],
"resources": ["*"]
}
]
}
}
}
I am trying to create a Distill alert and have used the field selector to create the following code. I am trying to exclude the following field from the page comparison:
/div[contains(#class,'MUxGbd')]/span[contains(#class,'MUxGbd')]
This code is the same throughout the page, but the path changes for each result.
How can I modify the code to be 'any' path - for example:
//div[#id='rso']/**any**/div[contains(#class,'MUxGbd')]/span[contains(#class,'MUxGbd')]
Thanks,
{
"selections": [
{
"frames": [
{
"index": 0,
"excludes": [
{
"type": "xpath",
"expr": "//div[#id='rso']/div[#class='hlcw0c']/div[#class='g']//div[#class='tF2Cxc']/div[#class='IsZvec']/div[contains(#class,'MUxGbd')]/span[contains(#class,'MUxGbd')]"
},
{
"type": "xpath",
"expr": "//div[#id='rso']/div[#class='g']//div[#class='tF2Cxc']/div[#class='IsZvec']/div[contains(#class,'MUxGbd')]/span[contains(#class,'MUxGbd')]"
}
],
"includes": [
{
"type": "xpath",
"expr": "//div[#id='rso']"
}
]
}
],
"dynamic": true,
"delay": 0
}
],
"ignoreEmptyText": true,
"includeStyle": false,
"dataAttr": "text"
}
have you tried
"//div[#id='rso']//div[contains(#class,'MUxGbd')]/span[contains(#class,'MUxGbd')]"
?
I had seen in the Crossbar.io documentation, that we can set role to publish only to specific topic. But how can I set a role to publish exactly matching two topics rather than pattern based matching.
You can use a configuration like this (see Static Authorization in the docs):
"realms": [
{
"name": "realm1",
"roles": [
{
"name": "role1",
"permissions": [
{
"uri": "com.example.topic1",
"publish": true
},
{
"uri": "com.example.topic2",
"publish": true
}
]
}
]
}
]