Merge pull request #6195 from Security-Onion-Solutions/issue/6146

Issue/6146
2025-12-06 09:12:45 +01:00 · 2021-11-11 11:47:33 -05:00
parent f91a6d3cb6 8da2133cff
commit 22959f0260
4 changed files with 15 additions and 2 deletions
--- a/pillar/top.sls
+++ b/pillar/top.sls
@@ -110,6 +110,9 @@ base:
    - elasticsearch.eval
 {% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/elasticsearch/auth.sls') %}
    - elasticsearch.auth
+{% endif %}
+{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/kibana/secrets.sls') %}
+    - kibana.secrets
 {% endif %}
    - global
    - minions.{{ grains.id }}
--- a/salt/kibana/config.map.jinja
+++ b/salt/kibana/config.map.jinja
@@ -6,8 +6,10 @@
  {% do KIBANACONFIG.kibana.config.xpack.update({'security': {'authc': {'providers': {'anonymous': {'anonymous1': {'order': 0, 'credentials': 'elasticsearch_anonymous_user'}}}}}}) %}
 {% endif %}

-{% if salt['file.file_exists']('/opt/so/saltstack/local/pillar/kibana/secrets.sls') %}
-  {% do KIBANACONFIG.kibana.config.xpack.update({'encryptedSavedObjects': {'encryptionKey': pillar['kibana']['secrets']['encryptedSavedObjects']['encryptionKey'] }}) %}
+{% if salt['pillar.get']('kibana:secrets') %}
+  {% do KIBANACONFIG.kibana.config.xpack.update({'encryptedSavedObjects': {'encryptionKey': pillar['kibana']['secrets']['encryptedSavedObjects']['encryptionKey']}}) %}
+  {% do KIBANACONFIG.kibana.config.xpack.security.update({'encryptionKey': pillar['kibana']['secrets']['security']['encryptionKey']}) %}
+  {% do KIBANACONFIG.kibana.config.xpack.update({'reporting': {'encryptionKey': pillar['kibana']['secrets']['reporting']['encryptionKey']}}) %}
 {% endif %}

 {% set KIBANACONFIG = salt['pillar.get']('kibana:config', default=KIBANACONFIG.kibana.config, merge=True) %}
--- a/salt/kibana/defaults.yaml
+++ b/salt/kibana/defaults.yaml
@@ -30,3 +30,5 @@ kibana:
    xpack:
      ml:
        enabled: False
+      security:
+        secureCookies: True
--- a/salt/kibana/secrets.sls
+++ b/salt/kibana/secrets.sls
@@ -2,6 +2,8 @@
 {% if sls in allowed_states %}

  {% set kibana_encryptedSavedObjects_encryptionKey = salt['pillar.get']('kibana:secrets:encryptedSavedObjects:encryptionKey', salt['random.get_str'](72)) %}
+  {% set kibana_security_encryptionKey = salt['pillar.get']('kibana:secrets:security:encryptionKey', salt['random.get_str'](72)) %}
+  {% set kibana_reporting_encryptionKey = salt['pillar.get']('kibana:secrets:reporting:encryptionKey', salt['random.get_str'](72)) %}

 kibana_pillar_directory:
  file.directory:
@@ -17,6 +19,10 @@ kibana_secrets_pillar:
          secrets:
            encryptedSavedObjects:
              encryptionKey: {{ kibana_encryptedSavedObjects_encryptionKey }}
+            security:
+              encryptionKey: {{ kibana_security_encryptionKey }}
+            reporting:
+              encryptionKey: {{ kibana_reporting_encryptionKey }}
    - show_changes: False

 {% else %}