Commit e69ea59d authored by Jochen Kressin's avatar Jochen Kressin
Browse files

add proxy auth support

parent d16d9f67
#!/bin/bash
PLUGIN_NAME=searchguard-kibana
PLUGIN_VERSION=5.3.1-2
PLUGIN_VERSION=5.3.1-3-SNAPSHOT
KIBANA_VERSION=5.3.1
echo "Building $PLUGIN_NAME-$PLUGIN_VERSION.zip"
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
......
......@@ -29,7 +29,7 @@ module.exports = function (pluginRoot, server, kbnServer, APP_ROOT, API_ROOT) {
path: `${API_ROOT}/v1/auth/authinfo`,
handler: (request, reply) => {
try {
let authinfo = server.plugins.searchguard.getSearchGuardBackend().authinfo(request.headers.authorization);
let authinfo = server.plugins.searchguard.getSearchGuardBackend().authinfo(request.headers);
return reply(authinfo);
} catch(error) {
return reply(Boom.badImplementation());
......
......@@ -15,6 +15,7 @@
*/
import _ from 'lodash';
import filterAuthHeaders from './filter_auth_headers';
import SearchGuardPlugin from './searchguard_plugin';
import AuthenticationError from '../auth/authentication_error';
import User from '../auth/user';
......@@ -25,11 +26,12 @@ import User from '../auth/user';
export default class SearchGuardBackend {
constructor(server) {
const config = Object.assign({ plugins: [SearchGuardPlugin], auth: false }, server.config().get('elasticsearch'));
const config = Object.assign({ plugins: [SearchGuardPlugin], auth: true }, server.config().get('elasticsearch'));
this._cluster = server.plugins.elasticsearch.createCluster('security',
config
);
this._client = this._cluster._client;
this._esconfig = server.config().get('elasticsearch');
}
async authenticate(credentials) {
......@@ -50,12 +52,11 @@ export default class SearchGuardBackend {
}
}
async authinfo(authHeader) {
async authinfo(headers) {
try {
const authHeaders = filterAuthHeaders(headers, this._esconfig.requestHeadersWhitelist);
const response = await this._client.searchguard.authinfo({
headers: {
authorization: authHeader
}
headers: authHeaders
});
return response
} catch(error) {
......@@ -67,12 +68,11 @@ export default class SearchGuardBackend {
}
}
async multitenancyinfo(authHeader) {
async multitenancyinfo(headers) {
try {
const authHeaders = filterAuthHeaders(headers, this._esconfig.requestHeadersWhitelist);
const response = await this._client.searchguard.multitenancyinfo({
headers: {
authorization: authHeader
}
headers: authHeaders
});
return response
} catch(error) {
......@@ -146,4 +146,5 @@ export default class SearchGuardBackend {
// and the preferred tenant is not accessible anymore.
}
}
......@@ -28,13 +28,13 @@ export default function (Client, config, components) {
Client.prototype.searchguard.prototype.authinfo = ca({
url: {
fmt: '_searchguard/authinfo'
fmt: '/_searchguard/authinfo'
}
});
Client.prototype.searchguard.prototype.multitenancyinfo = ca({
url: {
fmt: '_searchguard/kibanainfo'
fmt: '/_searchguard/kibanainfo'
}
});
};
......
......@@ -48,7 +48,7 @@ module.exports = function (pluginRoot, server, kbnServer, APP_ROOT, API_ROOT) {
method: 'GET',
path: `${API_ROOT}/v1/multitenancy/info`,
handler: (request, reply) => {
let mtinfo = server.plugins.searchguard.getSearchGuardBackend().multitenancyinfo(request.headers.authorization);
let mtinfo = server.plugins.searchguard.getSearchGuardBackend().multitenancyinfo(request.headers);
return reply(mtinfo);
}
});
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment