diff --git a/ror-demo-cluster/conf/es/elasticsearch.yml b/ror-demo-cluster/conf/es/elasticsearch.yml index e723ed4..afbea83 100644 --- a/ror-demo-cluster/conf/es/elasticsearch.yml +++ b/ror-demo-cluster/conf/es/elasticsearch.yml @@ -5,28 +5,30 @@ network.host: 0.0.0.0 path.repo: /tmp/repositories # XPACK SSL -xpack.security.enabled: true -xpack.security.http.ssl.enabled: true -xpack.security.http.ssl.key: elasticsearch.key -xpack.security.http.ssl.certificate: elasticsearch.crt -xpack.security.http.ssl.certificate_authorities: ca.crt -xpack.security.http.ssl.verification_mode: certificate -xpack.security.http.ssl.client_authentication: optional -xpack.security.transport.ssl.enabled: true -xpack.security.transport.ssl.key: elasticsearch.key -xpack.security.transport.ssl.certificate: elasticsearch.crt -xpack.security.transport.ssl.certificate_authorities: ca.crt -xpack.security.transport.ssl.verification_mode: certificate -xpack.security.transport.ssl.client_authentication: optional +#xpack.security.enabled: true +#xpack.security.http.ssl.enabled: true +#xpack.security.http.ssl.key: elasticsearch.key +#xpack.security.http.ssl.certificate: elasticsearch.crt +#xpack.security.http.ssl.certificate_authorities: ca.crt +#xpack.security.http.ssl.verification_mode: certificate +#xpack.security.http.ssl.client_authentication: optional +#xpack.security.transport.ssl.enabled: true +#xpack.security.transport.ssl.key: elasticsearch.key +#xpack.security.transport.ssl.certificate: elasticsearch.crt +#xpack.security.transport.ssl.certificate_authorities: ca.crt +#xpack.security.transport.ssl.verification_mode: certificate +#xpack.security.transport.ssl.client_authentication: optional # ROR SSL -#xpack.security.enabled: false +xpack.security.enabled: false #http.type: ssl_netty4 +#transport.type: ror_ssl_internode +# #readonlyrest.ssl.enable: true #readonlyrest.ssl.keystore_file: "ror-keystore.jks" #readonlyrest.ssl.keystore_pass: readonlyrest #readonlyrest.ssl.key_pass: readonlyrest -#transport.type: ror_ssl_internode +# #readonlyrest.ssl_internode.enable: true #readonlyrest.ssl_internode.keystore_file: "ror-keystore.jks" #readonlyrest.ssl_internode.keystore_pass: readonlyrest diff --git a/ror-demo-cluster/conf/es/log4j2.properties b/ror-demo-cluster/conf/es/log4j2.properties index 1865d8e..9962a38 100644 --- a/ror-demo-cluster/conf/es/log4j2.properties +++ b/ror-demo-cluster/conf/es/log4j2.properties @@ -81,5 +81,5 @@ logger.index_indexing_slowlog.level=trace logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref=index_indexing_slowlog_rolling logger.index_indexing_slowlog.additivity=false -logger.ror.name=tech.beshu.ror.accesscontrol.blocks.rules.elasticsearch.indices +logger.ror.name=tech.beshu.ror.accesscontrol logger.ror.level=info \ No newline at end of file diff --git a/ror-demo-cluster/conf/es/readonlyrest.yml b/ror-demo-cluster/conf/es/readonlyrest.yml index 252c463..b14b6eb 100644 --- a/ror-demo-cluster/conf/es/readonlyrest.yml +++ b/ror-demo-cluster/conf/es/readonlyrest.yml @@ -12,61 +12,156 @@ readonlyrest: verbosity: error - name: "Admins" - groups: [Administrators] - kibana: - access: admin - - - name: "End users" - groups: ["EndUsers"] - indices: ["frontend_logs", "kibana_sample_data_*"] - kibana: - index: .kibana_end_@{user} - access: rw - hide_apps: ["Security", "Observability"] - - - name: "Business users" - groups: ["BusinessUsers"] - indices: ["business_logs", "kibana_sample_data_*"] - kibana: - index: .kibana_business_@{user} - access: rw - hide_apps: ["Security", "Observability"] - - users: - - username: admin auth_key: admin:admin - groups: - - id: "Administrators" - name: "Administrators" - - id: "EndUsers" - name: "End Users" - - id: "BusinessUsers" - name: "Business Users" - - - username: user1 - auth_key: user1:test - groups: - - id: "EndUsers" - name: "End Users" - - id: "BusinessUsers" - name: "Business Users" - - - username: user2 - auth_key: user2:test - groups: - - id: "EndUsers" - name: "End Users" - - - username: "*" - ror_kbn_auth: - name: "kbn1" - groups: ["*"] - groups: - - local_group: - id: "EndUsers" - name: "End Users" - external_group_ids: [ "*" ] - - ror_kbn: - - name: kbn1 - signature_key: "9yzBfnLaTYLfGPzyKW9es76RKYhUVgmuv6ZtehaScj5msGpBpa5FWpwk295uJYaaffTFnQC5tsknh2AguVDaTrqCLfM5zCTqdE4UGNL73h28Bg4dPrvTAFQyygQqv4xfgnevBED6VZYdfjXAQLc8J8ywaHQQSmprZqYCWGE6sM3vzNUEWWB3kmGrEKa4sGbXhmXZCvL6NDnEJhXPDJAzu9BMQxn8CzVLqrx6BxDgPYF8gZCxtyxMckXwCaYXrxAGbjkYH69F4wYhuAdHSWgRAQCuWwYmWCA6g39j4VPge5pv962XYvxwJpvn23Y5KvNZ5S5c6crdG4f4gTCXnU36x92fKMQzsQV9K4phcuNvMWkpqVB6xMA5aPzUeHcGytD93dG8D52P5BxsgaJJE6QqDrk3Y2vyLw9ZEbJhPRJxbuBKVCBtVx26Ldd46dq5eyyzmNEyQGLrjQ4qd978VtG8TNT5rkn4ETJQEju5HfCBbjm3urGLFVqxhGVawecT4YM9Rry4EqXWkRJGTFQWQRnweUFbKNbVTC9NxcXEp6K5rSPEy9trb5UYLYhhMJ9fWSBMuenGRjNSJxeurMRCaxPpNppBLFnp8qW5ezfHgCBpEjkSNNzP4uXMZFAXmdUfJ8XQdPTWuYfdHYc5TZWnzrdq9wcfFQRDpDB2zX5Myu96krDt9vA7wNKfYwkSczA6qUQV66jA8nV4Cs38cDAKVBXnxz22ddAVrPv8ajpu7hgBtULMURjvLt94Nc5FDKw79CTTQxffWEj9BJCDCpQnTufmT8xenywwVJvtj49yv2MP2mGECrVDRmcGUAYBKR8G6ZnFAYDVC9UhY46FGWDcyVX3HKwgtHeb45Ww7dsW8JdMnZYctaEU585GZmqTJp2LcAWRcQPH25JewnPX8pjzVpJNcy7avfA2bcU86bfASvQBDUCrhjgRmK2ECR6vzPwTsYKRgFrDqb62FeMdrKgJ9vKs435T5ACN7MNtdRXHQ4fj5pNpUMDW26Wd7tt9bkBTqEGf" + verbosity: error + + - name: "huh, weird, need to permit certain stuff on async_search" + actions: [ "indices:data/read/async_search/delete", "indices:data/read/async_search/get", "indices:data/read/close_point_in_time" ] + type: allow + + + + #- name: "Deny other than ElasticsearchMandRLogs groups to access MandR firewall logs" + # ldap_auth: + # name: "ourQIMdomain" + # groups_not_any_of: [ "ElasticsearchMandRLogs" ] + # indices: ["mandr-*"] + # actions: ["indices:data/read/*"] + # type: forbid + + - name: "Permit specific group to MandR firewall logs" + ldap_auth: + name: "ourQIMdomain" + groups: [ "ElasticsearchMandRLogs" ] + indices: ["mandr-*"] + actions: ["indices:data/read/*"] + type: allow + + - name: "Deny everyone else to MandR" + ldap_authentication: + name: "ourQIMdomain" + indices: ["mandr-*"] + actions: ["indices:data/read/*"] + type: forbid + + + + + #- name: "Deny other than ElasticsearchQIMFirewallLogs groups to access QIM firewall logs" + # ldap_auth: + # name: "ourQIMdomain" + # groups_not_any_of: [ "ElasticsearchQIMFirewallLogs" ] + # indices: ["qim-paloaltonew-*"] + # actions: ["indices:data/read/*"] + # type: forbid + + - name: "Permit specific group to QIM firewall logs" + ldap_auth: + name: "ourQIMdomain" + groups: [ "ElasticsearchQIMFirewallLogs" ] + indices: ["qim-paloaltonew-*"] + actions: ["indices:data/read/*"] + type: allow + + - name: "Deny everyone else to QIM firewall logs" + ldap_authentication: + name: "ourQIMdomain" + indices: ["qim-paloaltonew-*"] + actions: ["indices:data/read/*"] + type: forbid + + + + + #- name: "Deny other than ElasticsearchQIMFirewallLogs groups to access Cipher app logs" + # ldap_auth: + # name: "ourQIMdomain" + # groups_not_any_of: [ "ElasticsearchCipherLogs" ] + # indices: ["cipherlogs-*"] + # actions: ["indices:data/read/*"] + # type: forbid + + - name: "Permit specific group to Cipher app logs" + ldap_auth: + name: "ourQIMdomain" + groups: [ "ElasticsearchCipherLogs" ] + indices: ["cipherlogs-*"] + actions: ["indices:data/read/*"] + type: allow + + - name: "Deny everyone else to Cipher app logs" + ldap_authentication: + name: "ourQIMdomain" + indices: ["cipherlogs-*"] + actions: ["indices:data/read/*"] + type: forbid + + - name: "ElasticsearchRestrictedDashboardOnly group member 1 of 2" + ldap_auth: + name: "ourQIMdomain" + groups: [ "ElasticsearchRestrictedDashboardOnly" ] + indices: ["*"] + kibana_access: ro + kibana_hide_apps: [ "Observability", "Management", "ROR Manage Kibana", "ROR Security Settings" ] + + - name: "ElasticsearchRestrictedDashboardOnly group member 2 of 2" + ldap_auth: + name: "ourQIMdomain" + groups: [ "ElasticsearchRestrictedDashboardOnly" ] + indices: ["*"] + actions: ["*"] + + + + - name: "ElasticsearchSuperUsers group 1 of 2" + ldap_auth: + name: "ourQIMdomain" + groups: [ "ElasticsearchSuperUsers" ] + indices: ["*"] + kibana_access: rw + kibana_hide_apps: [ "ROR Security Settings" ] + + - name: "ElasticsearchSuperUsers group 2 of 2" + ldap_auth: + name: "ourQIMdomain" + groups: [ "ElasticsearchSuperUsers" ] + indices: ["*"] + actions: ["*"] + + + + - name: "ElasticsearchReadAllIndices group 1 of 2" + ldap_auth: + name: "ourQIMdomain" + groups: [ "ElasticsearchReadAllIndices" ] + indices: ["*"] + kibana_access: rw + kibana_hide_apps: [ "ROR Security Settings" ] + + - name: "ElasticsearchReadAllIndices group 2 of 2" + ldap_auth: + name: "ourQIMdomain" + groups: [ "ElasticsearchReadAllIndices" ] + indices: ["*"] + actions: ["indices:data/read/*","cluster:monitor/*", "cluster:admin/rradmin/refreshsettings"] + + ldaps: + + - name: ourQIMdomain + host: ldap + port: 389 + ssl_enabled: false # default true + ssl_trust_all_certs: true # default false + bind_dn: "cn=admin,dc=example,dc=com" # skip for anonymous bind + bind_password: "password" # skip for anonymous bind + connection_pool_size: 10 # default 30 + connection_timeout: 10s # default 1 + request_timeout: 10s # default 1 + cache_ttl: 60s # default 0 - cache disabled + search_user_base_DN: "dc=example,dc=com" + search_groups_base_DN: "dc=example,dc=com" + user_id_attribute: "uid" + unique_member_attribute: "uniqueMember" + group_search_filter: "(cn=*)" + group_name_attribute: "cn" + nested_groups_depth: 3 \ No newline at end of file diff --git a/ror-demo-cluster/conf/kbn/pro-ror-newplatform-kibana.yml b/ror-demo-cluster/conf/kbn/pro-ror-newplatform-kibana.yml index 3df3d8e..10da3ce 100644 --- a/ror-demo-cluster/conf/kbn/pro-ror-newplatform-kibana.yml +++ b/ror-demo-cluster/conf/kbn/pro-ror-newplatform-kibana.yml @@ -12,5 +12,5 @@ server.ssl.certificate: /usr/share/kibana/config/kibana.crt server.ssl.key: /usr/share/kibana/config/kibana.key server.ssl.redirectHttpFromPort: 80 -readonlyrest_kbn.logLevel: info +readonlyrest_kbn.logLevel: trace readonlyrest_kbn.cookiePass: '12312313123213123213123abcdefghijklm' diff --git a/ror-demo-cluster/conf/ldap/example-com.ldif b/ror-demo-cluster/conf/ldap/example-com.ldif new file mode 100644 index 0000000..c6f7ee1 --- /dev/null +++ b/ror-demo-cluster/conf/ldap/example-com.ldif @@ -0,0 +1,85 @@ +version: 1 + +dn: ou=People,dc=example,dc=com +objectClass: top +objectClass: organizationalUnit +ou: People + +dn: cn=User1,ou=People,dc=example,dc=com +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: inetOrgPerson +cn: User1 +sn: User1 +uid: user1 +userPassword: test + +dn: cn=User2,ou=People,dc=example,dc=com +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: inetOrgPerson +cn: User2 +sn: User2 +uid: user2 +userPassword: test + +dn: cn=User3,ou=People,dc=example,dc=com +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: inetOrgPerson +cn: User3 +sn: User3 +uid: user3 +userPassword: test + +dn: ou=Groups,dc=example,dc=com +objectClass: top +objectClass: organizationalUnit +ou: Groups + +dn: cn=ElasticsearchMandRLogs,ou=Groups,dc=example,dc=com +objectClass: top +objectClass: groupOfUniqueNames +cn: ElasticsearchMandRLogs +o: ElasticsearchMandRLogs +uniqueMember: cn=User1,ou=People,dc=example,dc=com + +dn: cn=ElasticsearchQIMFirewallLogs,ou=Groups,dc=example,dc=com +objectClass: top +objectClass: groupOfUniqueNames +cn: ElasticsearchQIMFirewallLogs +o: ElasticsearchQIMFirewallLogs +uniqueMember: cn=User2,ou=People,dc=example,dc=com + +dn: cn=ElasticsearchCipherLogs,ou=Groups,dc=example,dc=com +objectClass: top +objectClass: groupOfUniqueNames +cn: ElasticsearchCipherLogs +o: ElasticsearchCipherLogs +uniqueMember: cn=User3,ou=People,dc=example,dc=com + +dn: cn=ElasticsearchRestrictedDashboardOnly,ou=Groups,dc=example,dc=com +objectClass: top +objectClass: groupOfUniqueNames +cn: ElasticsearchRestrictedDashboardOnly +o: ElasticsearchRestrictedDashboardOnly +uniqueMember: cn=User3,ou=People,dc=example,dc=com +uniqueMember: cn=User2,ou=People,dc=example,dc=com +uniqueMember: cn=User1,ou=People,dc=example,dc=com + +dn: cn=ElasticsearchSuperUsers,ou=Groups,dc=example,dc=com +objectClass: top +objectClass: groupOfUniqueNames +cn: ElasticsearchSuperUsers +o: ElasticsearchSuperUsers +uniqueMember: cn=User3,ou=People,dc=example,dc=com + +dn: cn=ElasticsearchReadAllIndices,ou=Groups,dc=example,dc=com +objectClass: top +objectClass: groupOfUniqueNames +cn: ElasticsearchReadAllIndices +o: ElasticsearchReadAllIndices +uniqueMember: cn=User3,ou=People,dc=example,dc=com diff --git a/ror-demo-cluster/docker-compose.yml b/ror-demo-cluster/docker-compose.yml index f907d81..7fce530 100644 --- a/ror-demo-cluster/docker-compose.yml +++ b/ror-demo-cluster/docker-compose.yml @@ -43,7 +43,7 @@ services: - "ES_JAVA_OPTS=-Xms512m -Xmx512m -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005" - ES_VERSION=${ES_VERSION:-ES_VERSION_NOT_CONFIGURED} healthcheck: - test: ["CMD-SHELL", "curl -fksS --connect-timeout 3 --max-time 5 --retry 2 --retry-connrefused -u admin:admin https://127.0.0.1:9200/_cluster/health >/dev/null || exit 1"] + test: ["CMD-SHELL", "curl -fksS --connect-timeout 3 --max-time 5 --retry 2 --retry-connrefused -u admin:admin http://127.0.0.1:9200/_cluster/health >/dev/null || exit 1"] interval: 10s timeout: 10s retries: 30 @@ -55,6 +55,15 @@ services: soft: -1 hard: -1 + es-ror-proxy: + image: mitmproxy/mitmproxy + command: + mitmdump --set validate_inbound_headers=false --mode reverse:http://es-ror:9200 --verbose + depends_on: + - es-ror + networks: + - es-ror-network + kbn-ror: build: context: . @@ -67,13 +76,15 @@ services: depends_on: es-ror: condition: service_healthy + es-ror-proxy: + condition: service_started keycloak: condition: service_healthy required: false ports: - "15601:5601" environment: - ELASTICSEARCH_HOSTS: https://es-ror:9200 + ELASTICSEARCH_HOSTS: http://es-ror-proxy:8080 ROR_ACTIVATION_KEY: $ROR_ACTIVATION_KEY healthcheck: test: ["CMD-SHELL", "curl -fksS --connect-timeout 3 --max-time 5 --retry 2 --retry-connrefused -u admin:admin https://127.0.0.1:5601/api/features >/dev/null || exit 1"] @@ -98,7 +109,8 @@ services: kbn-ror: condition: service_healthy environment: - ELASTICSEARCH_ADDRESS: https://es-ror:9200 + ELASTICSEARCH_ADDRESS: http://es-ror:9200 + KIBANA_ADDRESS: https://kbn-ror:5601 ELASTICSEARCH_USER: kibana ELASTICSEARCH_PASSWORD: kibana healthcheck: @@ -112,6 +124,20 @@ services: networks: - es-ror-network + ldap: + image: osixia/openldap:1.3.0 + command: [--copy-service] + volumes: + - ./conf/ldap/example-com.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom/example-com.ldif + ports: + - "389:389" + - "636:636" + environment: + - LDAP_ADMIN_PASSWORD=password + - LDAP_DOMAIN=example.com + networks: + - es-ror-network + networks: es-ror-network: driver: bridge diff --git a/ror-demo-cluster/images/es/install-ror-es-using-file.sh b/ror-demo-cluster/images/es/install-ror-es-using-file.sh index 5b45b1e..5f4943b 100755 --- a/ror-demo-cluster/images/es/install-ror-es-using-file.sh +++ b/ror-demo-cluster/images/es/install-ror-es-using-file.sh @@ -1,4 +1,4 @@ -#!/bin/bash -e +#!/bin/bash -ex function greater_than_or_equal() { # Strip the -pre part (or any suffix starting with -) from both versions @@ -14,7 +14,7 @@ fi echo "Installing ES ROR from file..." /usr/share/elasticsearch/bin/elasticsearch-plugin install --batch file:///tmp/ror.zip -ROR_VERSION=$(unzip -p /tmp/ror.zip plugin-descriptor.properties | grep -oP '^version=\K.*') +ROR_VERSION=$(unzip -p /tmp/ror.zip '*/plugin-descriptor.properties' | grep -oP '^version=\K.*') if [[ ! -v ROR_VERSION || -z "$ROR_VERSION" ]]; then echo "No ROR_VERSION variable is set" diff --git a/ror-demo-cluster/init-scripts/init.sh b/ror-demo-cluster/init-scripts/init.sh index 70164aa..62fb5fa 100755 --- a/ror-demo-cluster/init-scripts/init.sh +++ b/ror-demo-cluster/init-scripts/init.sh @@ -35,6 +35,8 @@ function index_documents() { done } -generate_log_documents 100 | index_documents "frontend_logs" -generate_log_documents 50 | index_documents "business_logs" -generate_log_documents 60 | index_documents "system_logs" \ No newline at end of file +generate_log_documents 100 | index_documents "mandr-logs" +generate_log_documents 50 | index_documents "qim-paloaltonew-logs" +generate_log_documents 60 | index_documents "cipherlogs-logs" + +importSavedObjects "saved_objects.ndjson" \ No newline at end of file diff --git a/ror-demo-cluster/init-scripts/saved_objects.ndjson b/ror-demo-cluster/init-scripts/saved_objects.ndjson new file mode 100644 index 0000000..3120c0d --- /dev/null +++ b/ror-demo-cluster/init-scripts/saved_objects.ndjson @@ -0,0 +1,7 @@ +{"attributes":{"fieldAttrs":"{}","fieldFormatMap":"{}","fields":"[]","name":"qim","runtimeFieldMap":"{}","sourceFilters":"[]","timeFieldName":"timestamp","title":"qim*","typeMeta":"{}"},"coreMigrationVersion":"8.6.1","created_at":"2025-10-15T12:18:32.481Z","id":"c632ed5c-031f-4ccb-b3b9-6ea0c66fcdce","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"type":"index-pattern","updated_at":"2025-10-15T12:18:32.481Z","version":"WzY0LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.6.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":15,\"i\":\"001a09e9-da43-4f96-8578-46e84790d30e\"},\"panelIndex\":\"001a09e9-da43-4f96-8578-46e84790d30e\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"c632ed5c-031f-4ccb-b3b9-6ea0c66fcdce\",\"name\":\"indexpattern-datasource-layer-84966304-8ea2-4e36-a029-0c6514b5131f\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"84966304-8ea2-4e36-a029-0c6514b5131f\",\"accessors\":[\"fb59e78f-3496-4637-81d9-01acbf1ad14b\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"afa622bb-7d9b-4fde-9974-147e0b06cf12\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"84966304-8ea2-4e36-a029-0c6514b5131f\":{\"columns\":{\"afa622bb-7d9b-4fde-9974-147e0b06cf12\":{\"label\":\"Top 5 values of message.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"message.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"fb59e78f-3496-4637-81d9-01acbf1ad14b\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"fb59e78f-3496-4637-81d9-01acbf1ad14b\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"afa622bb-7d9b-4fde-9974-147e0b06cf12\",\"fb59e78f-3496-4637-81d9-01acbf1ad14b\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}}]","timeRestore":false,"title":"qim dashboard","version":1},"coreMigrationVersion":"8.6.1","created_at":"2025-10-15T12:20:23.421Z","id":"52f75ad0-a9c1-11f0-984f-113cd8534ff2","migrationVersion":{"dashboard":"8.6.0"},"references":[{"id":"c632ed5c-031f-4ccb-b3b9-6ea0c66fcdce","name":"001a09e9-da43-4f96-8578-46e84790d30e:indexpattern-datasource-layer-84966304-8ea2-4e36-a029-0c6514b5131f","type":"index-pattern"}],"type":"dashboard","updated_at":"2025-10-15T12:20:23.421Z","version":"WzEwNiwxXQ=="} +{"attributes":{"fieldAttrs":"{}","fieldFormatMap":"{}","fields":"[]","name":"mandr","runtimeFieldMap":"{}","sourceFilters":"[]","timeFieldName":"timestamp","title":"mandr*","typeMeta":"{}"},"coreMigrationVersion":"8.6.1","created_at":"2025-10-15T12:18:18.871Z","id":"4e8f2a9a-dac8-4ebf-9b78-c599f63acb8f","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"type":"index-pattern","updated_at":"2025-10-15T12:18:18.871Z","version":"WzU1LDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.6.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":15,\"i\":\"faada2c4-525e-4970-9088-e96d471cf007\"},\"panelIndex\":\"faada2c4-525e-4970-9088-e96d471cf007\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"4e8f2a9a-dac8-4ebf-9b78-c599f63acb8f\",\"name\":\"indexpattern-datasource-layer-3eb2fc68-b821-42fc-a54e-67f9a7b181ea\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"3eb2fc68-b821-42fc-a54e-67f9a7b181ea\",\"accessors\":[\"b0ede3f8-22b2-49b5-9d02-3c43fe3143b7\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"c19ab537-1ea1-4205-b38c-e55be7996a21\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3eb2fc68-b821-42fc-a54e-67f9a7b181ea\":{\"columns\":{\"c19ab537-1ea1-4205-b38c-e55be7996a21\":{\"label\":\"Top 5 values of message.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"message.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"b0ede3f8-22b2-49b5-9d02-3c43fe3143b7\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"b0ede3f8-22b2-49b5-9d02-3c43fe3143b7\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"c19ab537-1ea1-4205-b38c-e55be7996a21\",\"b0ede3f8-22b2-49b5-9d02-3c43fe3143b7\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}}]","timeRestore":false,"title":"mandr dashboard","version":1},"coreMigrationVersion":"8.6.1","created_at":"2025-10-15T12:20:01.221Z","id":"45bbe750-a9c1-11f0-984f-113cd8534ff2","migrationVersion":{"dashboard":"8.6.0"},"references":[{"id":"4e8f2a9a-dac8-4ebf-9b78-c599f63acb8f","name":"faada2c4-525e-4970-9088-e96d471cf007:indexpattern-datasource-layer-3eb2fc68-b821-42fc-a54e-67f9a7b181ea","type":"index-pattern"}],"type":"dashboard","updated_at":"2025-10-15T12:20:01.221Z","version":"Wzk3LDFd"} +{"attributes":{"fieldAttrs":"{}","fieldFormatMap":"{}","fields":"[]","name":"cipher","runtimeFieldMap":"{}","sourceFilters":"[]","timeFieldName":"timestamp","title":"cipher*","typeMeta":"{}"},"coreMigrationVersion":"8.6.1","created_at":"2025-10-15T12:18:06.824Z","id":"56cb416a-de2c-4707-af1c-2cbf3a123d6a","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"type":"index-pattern","updated_at":"2025-10-15T12:18:06.824Z","version":"WzQzLDFd"} +{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"8.6.1\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":15,\"i\":\"ed1075b6-1ee6-40e4-8799-88f992044685\"},\"panelIndex\":\"ed1075b6-1ee6-40e4-8799-88f992044685\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"56cb416a-de2c-4707-af1c-2cbf3a123d6a\",\"name\":\"indexpattern-datasource-layer-a0d5b9e4-8c53-4611-9831-e7abf3ae0b62\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"a0d5b9e4-8c53-4611-9831-e7abf3ae0b62\",\"accessors\":[\"9be48b54-b97e-46a3-b3c6-aed68a7c31d2\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"51f00e4e-ecf5-4686-93ad-fbaf86cd01d3\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"a0d5b9e4-8c53-4611-9831-e7abf3ae0b62\":{\"columns\":{\"51f00e4e-ecf5-4686-93ad-fbaf86cd01d3\":{\"label\":\"Top 5 values of message.keyword\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"message.keyword\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"9be48b54-b97e-46a3-b3c6-aed68a7c31d2\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"9be48b54-b97e-46a3-b3c6-aed68a7c31d2\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"51f00e4e-ecf5-4686-93ad-fbaf86cd01d3\",\"9be48b54-b97e-46a3-b3c6-aed68a7c31d2\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}}]","timeRestore":false,"title":"cipher dashboard","version":1},"coreMigrationVersion":"8.6.1","created_at":"2025-10-15T12:19:38.232Z","id":"3807e870-a9c1-11f0-984f-113cd8534ff2","migrationVersion":{"dashboard":"8.6.0"},"references":[{"id":"56cb416a-de2c-4707-af1c-2cbf3a123d6a","name":"ed1075b6-1ee6-40e4-8799-88f992044685:indexpattern-datasource-layer-a0d5b9e4-8c53-4611-9831-e7abf3ae0b62","type":"index-pattern"}],"type":"dashboard","updated_at":"2025-10-15T12:19:38.232Z","version":"Wzg3LDFd"} +{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":6,"missingRefCount":0,"missingReferences":[]} \ No newline at end of file diff --git a/ror-demo-cluster/init-scripts/utils/lib.sh b/ror-demo-cluster/init-scripts/utils/lib.sh index fd0e7b8..e65a0b5 100755 --- a/ror-demo-cluster/init-scripts/utils/lib.sh +++ b/ror-demo-cluster/init-scripts/utils/lib.sh @@ -9,23 +9,23 @@ function pick_randomly() { function putDocument() { if [ "$#" -ne 2 ]; then - echo "ERROR: Three parameters required: 1) index name, 2) document JSON string" + echo "ERROR: Two parameters required: 1) index name, 2) document JSON string" return 1 fi if ! [ -v ELASTICSEARCH_ADDRESS ] || [ -z "$ELASTICSEARCH_ADDRESS" ]; then echo "ERROR: required variable ELASTICSEARCH_ADDRESS not set or empty" - exit 2 + return 2 fi if ! [ -v ELASTICSEARCH_USER ] || [ -z "$ELASTICSEARCH_USER" ]; then echo "ERROR: required variable ELASTICSEARCH_USER not set or empty" - exit 3 + return 3 fi if ! [ -v ELASTICSEARCH_PASSWORD ] || [ -z "$ELASTICSEARCH_PASSWORD" ]; then echo "ERROR: required variable ELASTICSEARCH_PASSWORD not set or empty" - exit 4 + return 4 fi INDEX_NAME=$1 @@ -48,3 +48,43 @@ set -x return 0 } + +function importSavedObjects() { + if [ "$#" -ne 1 ]; then + echo "ERROR: One parameter required: 1) saved objects file" + return 1 + fi + + SAVED_OBJECTS_FILE=$1 + + if ! [ -v KIBANA_ADDRESS ] || [ -z "$KIBANA_ADDRESS" ]; then + echo "ERROR: required variable KIBANA_ADDRESS not set or empty" + return 2 + fi + + if ! [ -v ELASTICSEARCH_USER ] || [ -z "$ELASTICSEARCH_USER" ]; then + echo "ERROR: required variable ELASTICSEARCH_USER not set or empty" + return 3 + fi + + if ! [ -v ELASTICSEARCH_PASSWORD ] || [ -z "$ELASTICSEARCH_PASSWORD" ]; then + echo "ERROR: required variable ELASTICSEARCH_PASSWORD not set or empty" + return 4 + fi + + RESPONSE=$(curl -k -s -L -w "\n%{http_code}" -u "$ELASTICSEARCH_USER:$ELASTICSEARCH_PASSWORD" \ + -X POST "$KIBANA_ADDRESS/api/saved_objects/_import?overwrite=true" \ + -H "kbn-xsrf: true" \ + -F "file=@${SAVED_OBJECTS_FILE}" + ) + + HTTP_STATUS=$(echo "$RESPONSE" | tail -n 1) + RESPONSE_BODY=$(echo "$RESPONSE" | sed \$d) + + if [[ "$HTTP_STATUS" != 2* ]] ; then + echo "ERROR: Cannot import saved objects from file [$SAVED_OBJECTS_FILE].\nHTTP status: $HTTP_STATUS, response body: $RESPONSE_BODY" + return 5 + fi + + return 0 +} \ No newline at end of file diff --git a/ror-demo-cluster/readonlyrest-1.47.0_es8.6.1.zip b/ror-demo-cluster/readonlyrest-1.47.0_es8.6.1.zip new file mode 100644 index 0000000..31128e8 Binary files /dev/null and b/ror-demo-cluster/readonlyrest-1.47.0_es8.6.1.zip differ diff --git a/ror-demo-cluster/readonlyrest_kbn_universal-1.47.0_es8.6.1.zip b/ror-demo-cluster/readonlyrest_kbn_universal-1.47.0_es8.6.1.zip new file mode 100644 index 0000000..68a4ea2 Binary files /dev/null and b/ror-demo-cluster/readonlyrest_kbn_universal-1.47.0_es8.6.1.zip differ diff --git a/ror-demo-cluster/readonlyrest_kbn_universal-1.68.0-pre1_es8.6.1.zip b/ror-demo-cluster/readonlyrest_kbn_universal-1.68.0-pre1_es8.6.1.zip new file mode 100644 index 0000000..3fcbcb5 Binary files /dev/null and b/ror-demo-cluster/readonlyrest_kbn_universal-1.68.0-pre1_es8.6.1.zip differ