I am new to the community and I am attempting to extend some functionality for my product into Kibana. I currently have Kibana setup with Elasticsearch, where me end users will each have their own pre-made kibana index, usually something like:
.kibana-[user unique ID]
I am attempting to modifying the Kibana source code to support this dynamic redirect, and currently have a HTTPInterceptor which sets the HTTP Authorization header to the appropriate kibana index. In the Express.js side, I wrote a middleware which simply reads the HTTP Authorization header, and sets the config.kibana.kibana-index as the contents of the header.
But the issue is that there are other places in the AngularJS side which makes requests to the express.js side, and I cannot find them at all. A output log on the Express.js side shows that nearly all the initial requests (startup requests) have an undefined value for the Authorization header. Can anyone help me out.
Currently the data flow is as such:
Cookie is set on end-user browser with their unique kibana index
AngularJS aspect of Kibana reads the cookie, and sets the Authorization header (only in the main Kibana module)
Express.JS middleware reads the Authorization header of each request and attempts to modify the kibana-index on the fly.
Ultimately, what are you trying to achieve? If it's a multi-tenant Kibana deployment, you may be interested in a discussion that takes a slightly different approach here: Kibana 4 dashboards access control with Shield
Thanks for the response! I did read through that the other day, but I don't need "dashboard access control", I need each user that hits Kibana to only see and have access to a single kibana index that is decided based upon some external factors (data from my application database).
Based upon that thread above, I believe palmerabollo's response:
My indexes are ".kibana-". I use nginx to authenticate the user, so I can use ngx.var.remote_user in my lua code.
My requirements are simpler than yours, I only have to restrict access to indexes in a way that users can only see their data (each user has a "index-", without using Shield. What I'm doing right now is:
replacing ".kibana" with ".kibana-" .. ngx.var.remote_user both in the requested uri and in the request body (lua)
replacing the name of the index requested by the user with "index-" in the request body (lua)
modifying validateRequest.js to allow creation of ".kibana-*" indexes (nodejs)
might be the way to do it from my end o.0, though I am not sure how to set that proxy stuff up in Nginx, time to learn I suppose!
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.