Disable elastic user in development
#52036
Labels
chore
Feature:Hardening
Harding of Kibana from a security perspective
Team:Security
Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Comments
kobelb
added
the
Team:Security
|
Pinging @elastic/kibana-security (Team:Security) |
exalate-issue-sync
bot
added
impact:low
legrego
removed
EnableJiraSync
loe:small
legrego
added
the
Feature:Hardening
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Using the
elasticuser for development is super common. #48247 barred developers from running the Kibana server as theelasticuser. However, it's still possible to login to Kibana using theelasticuser.When running KIbana in development mode, we can automatically create a user and role before disabling the
elasticuser and requiring the custom user/role be used instead.This can be further elaborated upon by allowing developers to specify their own users/roles they'd like to be created in a dotfile. The APM team has created something along these lines to automatically create the various "archetypes" they plan to manually test their application with: https://github.com/elastic/kibana/blob/f7f72cb737e03b0c5b12af7f3d89f03bc34fba31/x-pack/legacy/plugins/apm/scripts/kibana-security/setup-custom-kibana-user-role.ts
Initially, I was thinking that this could be part of
yarn run es. However, this introduces some complexities... Ideally, we'd be using the Kibana Role Management APIs, but these aren't available until Kibana has fully started up. Additionally, APM uses a Cloud environment and doesn't useyarn run esat all. The other obvious candidate is to add this tonode ./scripts/kibana.js --dev, but something about that approach feels off since we normally don't do this type of operation there.The text was updated successfully, but these errors were encountered: