search

wtakase / kibana-own-home

Multi-tenancy for Kibana
Other
249 stars 79 forks source link

Multy-tenancy not working on Kibana 7 #150

Open jpazsedano opened 5 years ago

jpazsedano commented 5 years ago

I'm using Kibana 7.1.2-SNAPSHOT because, as described on issue #149, the plugin only works if you compile Kibana from source and the only source for 7.1.x that elastic provides is 7.1.2-SNAPSHOT. Also, I'm using the pure Apache 2 licensed version because that's a requirement.

As a proxy, I'm using nginx with the following cofiguration

server {
    listen 80;

    location / {
        proxy_pass http://kibana:5601;
        auth_basic  "Login to application";
        auth_basic_user_file /etc/nginx/.htpasswd;
        proxy_set_header "X-Proxy-User" $remote_user;
    }
}

I'm working on docker, and the proxy, kibana and elasticsearch are on different containers. I've created 2 users for the .htpasswd file: testuser and guest.

My kibana.yml file is this:

server.name: kibana
server.host: "0"
elasticsearch.hosts:
  - http://elasticsearch-master:9200

own_home.elasticsearch.url: http://elasticsearch-master:9200
own_home.remote_user: 'header'
own_home.session.isSecure: false

And the problem: The expected behaviour is that Kibana creates a .kibana_\<user> index for each user, and uses it save the user's saved objects. So each user can only see its saved objects and can't see other's.

The actual behaviour is the following. No kibana_\<user> index is created. I've indexed a few documents and created an index pattern, and when I check the indices on the server, this is what I get.

curl localhost:9200/_cat/indices
green  open .kibana_1 OQPSCoaUTYSFT6uOfbfr7Q 1 0 2 2  20kb  20kb
yellow open twitter   ntEeUdl6RiqErktC617j7g 1 1 1 1 9.9kb 9.9kb

The saved objects of testuser are not stored on the .kibana_testuser index, but in .kibana_1. Both users use that index, so both can see each other's objects. Just like in pluginless kibana. Own Home can detect the user, because in it's app I have this output

Multi-tenancy for Kibana
Select tenant (kibana.index)
You can switch a tenant (kibana.index) for personal or group use.
Created objects are saved to the selected index.
Your name: guest
Current tenant (kibana.index): .kibana_guest
Available Tenants
Personal tenant
.kibana_guest
Shared tenants
.kibana_public
.kibana_sandbox
Go back to Top page.

But it does nothing else.

pchakour commented 4 years ago

I didn't read everything but the configuration of your elasticsearch.hosts must be the address of the own-home proxy.