Kibana Multitenancy not working

[Jordano Moscoso]

I successfuly configure multitenancy on kibana but the default tenants are not working, because changes on global and private are shared.

This is the sg_config.yml part for kibana:

    kibana:
      server_username: 'kibanaserver'
      multitenancy_enabled: true
      index: ".kibana"
      do_not_fail_on_forbidden: true

This is the kibana.yml file configuration:

server.port: 5601
server.host: 0.0.0.0
elasticsearch.url: "https://172.17.0.1:9200/"
elasticsearch.ssl.verificationMode: "certificate"
elasticsearch.ssl.certificate: "/usr/share/kibana/kibanaserver.pem"
elasticsearch.ssl.key: "/usr/share/kibana/kibanaserver.key"
elasticsearch.ssl.certificateAuthorities: [ "/usr/share/kibana/root-ca.pem" ]
elasticsearch.username: kibanaserver
elasticsearch.password: password
elasticsearch.requestHeadersWhitelist: [ "sgtenant", "Authorization", "authorization" ]
kibana.index: ".kibana"
searchguard.allow_client_certificates: true
searchguard.basicauth.enabled: true
searchguard.multitenancy.enabled: true
searchguard.multitenancy.tenants.enable_global: true
searchguard.multitenancy.tenants.enable_private: true

I want the users to have a private tenant for them but when i change create visualizations on private, they also appear on global.

Also i have seen that no new index is created. only .kibana is present.

Thanks for your help. I'm testing search-guard in order to buy a license.

Im using v6.2.4. 

PD: I have tried disabling both and using a custom tenant on sg_roles.yml, but looks like the parser doesnt overwrite the ${user_name} on tenant names:

  tenants:
    "private-${user_name}": RW

[Jochen Kressin]

Hi, thanks for reporting. This is actually a bug in the current version of the Kibana plugin. It is fixed and will be included in the next release of the Kibana plugin, which is expected early next week.

[Jordano Moscoso]

Thanks for response, i will wait for it then. Or can i use the github repo?

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/e9391dfd-facf-42e9-82d8-f4043258867b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Jochen Kressin]

I would not recommend it, the test suites are still running and thus we cannot guarantee a stable state in the HEAD of the repos at this point.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

[Jordano Moscoso]

Ok, Thanks.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.

To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/e9391dfd-facf-42e9-82d8-f4043258867b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.

To post to this group, send email to search...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/7cd72061-3818-4ff4-a77d-acae92ba454d%40googlegroups.com.

[Jordano Moscoso]

Just to comment that i updated kibana plugin and its working fine. Thanks.