Merge pull request #1253 from wazuh/unify-unattended-change-dashboard

Dashboards to dashboard rename

tests/unattended/install/pytest.ini

@@ -7,4 +7,4 @@ markers =
     wazuh_worker: test for wazuh cluster worker nodes. It is meant to be executed on the worker nodes.
     indexer: tests to be executed on Wazuh Indexer hosts.
     indexer_cluster: tests to be executed on Wazuh Indexer hosts on distributed installations.
-    dashboards: tests to be executed on Wazuh Dashboards hosts.
+    dashboard: tests to be executed on Wazuh dashboard hosts.

tests/unattended/install/test_unattended.py

@@ -1,21 +1,17 @@
 from datetime import datetime
 import pytest
-import time
-import os
-import re
 import json
 import sys
-import platform
+import tarfile
 from subprocess import Popen, PIPE, check_output
 import yaml
 import requests
-import urllib
 import socket
 from base64 import b64encode
 import warnings
 import subprocess
 from subprocess import check_call
-from bs4 import BeautifulSoup
+
 warnings.filterwarnings('ignore', message='Unverified HTTPS request')
 
 # ----------------------------- Aux functions -----------------------------
@@ -30,24 +26,29 @@ def read_services():
         services = p.stdout
     p.kill()
 
+def get_password(username):
+    pass_dict={'User': {'name': 'tmp_user', 'password': 'tmp_pass'}}
+    tmp_yaml=""
+
+    with tarfile.open("../../../unattended_installer/configurations.tar") as configurations:
+        configurations.extract("./password_file.yml")
+
+    with open("./password_file.yml", 'r') as pass_file:
+        while pass_dict["User"]["name"] != username:
+            for i in range(3):
+                tmp_yaml+=pass_file.readline()
+                pass_dict=yaml.safe_load(tmp_yaml)
+    return pass_dict["User"]["password"]
+
 def get_wazuh_version():
     wazuh_version = None
     wazuh_version = subprocess.getoutput('/var/ossec/bin/wazuh-control info | grep VERSION | cut -d "=" -f2 | sed s/\\"//g')
     return wazuh_version
 
-def get_indexer_password():
-    stream = open("/etc/filebeat/filebeat.yml", 'r')
-    dictionary = yaml.safe_load(stream)
-    return (dictionary.get('output.elasticsearch','password').get('password'))
-
-def get_indexer_username():
-    stream = open("/etc/filebeat/filebeat.yml", 'r')
-    dictionary = yaml.safe_load(stream)
-    return (dictionary.get('output.elasticsearch','username').get('username'))
-
 def get_indexer_ip():
-    stream = open("/etc/wazuh-indexer/opensearch.yml", 'r')
-    dictionary = yaml.safe_load(stream)
+
+    with open("/etc/wazuh-indexer/opensearch.yml", 'r') as stream:
+        dictionary = yaml.safe_load(stream)
     return (dictionary.get('network.host'))
 
 def api_call_elasticsearch(host,query,address,api_protocol,api_user,api_pass,api_port):
@@ -73,29 +74,19 @@ def api_call_elasticsearch(host,query,address,api_protocol,api_user,api_pass,api
     response = resp.json()
     return response
 
-def get_dashboards_password():
-    stream = open("/etc/wazuh-dashboards/dashboards.yml", 'r')
-    dictionary = yaml.safe_load(stream)
-    return (dictionary.get('opensearch.password'))
-
-def get_dashboards_username():
-    stream = open("/etc/wazuh-dashboards/dashboards.yml", 'r')
-    dictionary = yaml.safe_load(stream)
-    return (dictionary.get('opensearch.username'))
-
 def get_elasticsearch_cluster_status():
     ip = get_indexer_ip()
     resp = requests.get('https://'+ip+':9700/_cluster/health',
-                        auth=(get_indexer_username(),
-                        get_indexer_password()),
+                        auth=("admin",
+                        get_password("admin")),
                         verify=False)
     return (resp.json()['status'])
 
-def get_dashboards_status():
+def get_dashboard_status():
     ip = get_indexer_ip()
     resp = requests.get('https://'+ip,
-                        auth=(get_dashboards_username(),
-                        get_dashboards_password()),
+                        auth=("kibanaserver",
+                        get_password("kibanaserver")),
                         verify=False)
     return (resp.status_code)
 
@@ -174,9 +165,9 @@ def test_check_filebeat_process():
 def test_check_elasticsearch_process():
     assert check_call("ps -xa | grep \"/usr/share/wazuh-indexer/jdk/bin/java\" | grep -v grep | cut -d \" \" -f15", shell=True) != ""
 
-@pytest.mark.dashboards
-def test_check_dashboards_process():
-    assert check_call("ps -xa | grep \"/usr/share/wazuh-dashboards/bin/../node/bin/node\" | grep -v grep", shell=True) != ""
+@pytest.mark.dashboard
+def test_check_dashboard_process():
+    assert check_call("ps -xa | grep \"/usr/share/wazuh-dashboard/bin/../node/bin/node\" | grep -v grep", shell=True) != ""
 
 @pytest.mark.indexer
 def test_check_elasticsearch_cluster_status_not_red():
@@ -186,9 +177,9 @@ def test_check_elasticsearch_cluster_status_not_red():
 def test_check_elasticsearch_cluster_status_not_yellow():
     assert get_elasticsearch_cluster_status() != "yellow"
 
-@pytest.mark.dashboards
-def test_check_dashboards_status():
-    assert get_dashboards_status() == 200
+@pytest.mark.dashboard
+def test_check_dashboard_status():
+    assert get_dashboard_status() == 200
 
 @pytest.mark.wazuh
 def test_check_wazuh_api_status():
@@ -261,7 +252,7 @@ def test_check_alerts():
         }
     }
 
-    response = api_call_elasticsearch(get_indexer_ip(),query,get_indexer_ip(),'https',get_indexer_username(),get_indexer_password(),'9700')
+    response = api_call_elasticsearch(get_indexer_ip(),query,get_indexer_ip(),'https',"admin",get_password("admin"),'9700')
 
     print(response)
 

unattended_installer/config/certificate/config.yml

@@ -18,7 +18,7 @@ nodes:
     # ip: <wazuh-manager-ip>
     # node_type: worker
 
-  # Wazuh dashboards node
-  dashboards:
-    name: dashboards
-    ip: <dashboards-node-ip>
+  # Wazuh dashboard node
+  dashboard:
+    name: dashboard
+    ip: <dashboard-node-ip>

unattended_installer/config/certificate/config_aio.yml

@@ -5,6 +5,6 @@ nodes:
   wazuh_servers:
     name: filebeat
     ip: 127.0.0.1
-  dashboards:
-    name: dashboards
+  dashboard:
+    name: dashboard
     ip: 127.0.0.1

unattended_installer/config/dashboards/dashboards.yml → unattended_installer/config/dashboard/dashboard.yml

@@ -2,13 +2,13 @@ server.host: "<kibana-ip>"
 opensearch.hosts: https://<elasticsearch-ip>:9700
 server.port: 443
 opensearch.ssl.verificationMode: certificate
-opensearch.username: kibanaserver
-opensearch.password: kibanaserver
+# opensearch.username: kibanaserver
+# opensearch.password: kibanaserver
 opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
 opensearch_security.multitenancy.enabled: true
 opensearch_security.readonly_mode.roles: ["kibana_read_only"]
 server.ssl.enabled: true
-server.ssl.key: "/etc/wazuh-dashboards/certs/kibana-key.pem"
-server.ssl.certificate: "/etc/wazuh-dashboards/certs/kibana.pem"
-opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboards/certs/root-ca.pem"]
+server.ssl.key: "/etc/wazuh-dashboard/certs/kibana-key.pem"
+server.ssl.certificate: "/etc/wazuh-dashboard/certs/kibana.pem"
+opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
 server.defaultRoute: /app/wazuh?security_tenant=global

unattended_installer/config/dashboards/dashboards_all_in_one.yml → unattended_installer/config/dashboard/dashboard_all_in_one.yml

@@ -2,14 +2,14 @@ server.host: 0.0.0.0
 server.port: 443
 opensearch.hosts: https://localhost:9700
 opensearch.ssl.verificationMode: certificate
-opensearch.username: kibanaserver
-opensearch.password: kibanaserver
+# opensearch.username: kibanaserver
+# opensearch.password: kibanaserver
 opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
 opensearch_security.multitenancy.enabled: true
 opensearch_security.readonly_mode.roles: ["kibana_read_only"]
 server.ssl.enabled: true
-server.ssl.key: "/etc/wazuh-dashboards/certs/kibana-key.pem"
-server.ssl.certificate: "/etc/wazuh-dashboards/certs/kibana.pem"
-opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboards/certs/root-ca.pem"]
+server.ssl.key: "/etc/wazuh-dashboard/certs/kibana-key.pem"
+server.ssl.certificate: "/etc/wazuh-dashboard/certs/kibana.pem"
+opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
 uiSettings.overrides.defaultRoute: /app/wazuh?security_tenant=global
-logging.dest: "/var/log/wazuh-dashboards/wazuh-dashboards.log"
+logging.dest: "/var/log/wazuh-dashboard/wazuh-dashboard.log"

unattended_installer/config/dashboards/dashboards_unattended.yml → unattended_installer/config/dashboard/dashboard_unattended.yml

@@ -2,14 +2,14 @@ server.host: 0.0.0.0
 opensearch.hosts: https://127.0.0.1:9700
 server.port: 443
 opensearch.ssl.verificationMode: certificate
-opensearch.username: kibanaserver
-opensearch.password: kibanaserver
+# opensearch.username: kibanaserver
+# opensearch.password: kibanaserver
 opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
 opensearch_security.multitenancy.enabled: true
 opensearch_security.readonly_mode.roles: ["kibana_read_only"]
 server.ssl.enabled: true
-server.ssl.key: "/etc/wazuh-dashboards/certs/dashboards-key.pem"
-server.ssl.certificate: "/etc/wazuh-dashboards/certs/dashboards.pem"
-opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboards/certs/root-ca.pem"]
+server.ssl.key: "/etc/wazuh-dashboard/certs/dashboard-key.pem"
+server.ssl.certificate: "/etc/wazuh-dashboard/certs/dashboard.pem"
+opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
 uiSettings.overrides.defaultRoute: /app/wazuh?security_tenant=global
-logging.dest: "/var/log/wazuh-dashboards/wazuh-dashboards.log"
+logging.dest: "/var/log/wazuh-dashboard/wazuh-dashboard.log"

unattended_installer/config/dashboard/dashboard_unattended_distributed.yml

@@ -0,0 +1,14 @@
+server.port: 443
+opensearch.ssl.verificationMode: certificate
+# opensearch.username: kibanaserver
+# opensearch.password: kibanaserver
+opensearch.requestHeadersWhitelist: ["securitytenant","Authorization"]
+opensearch_security.multitenancy.enabled: true
+opensearch_security.readonly_mode.roles: ["kibana_read_only"]
+server.ssl.enabled: true
+server.ssl.key: "/etc/wazuh-dashboard/certs/dashboard-key.pem"
+server.ssl.certificate: "/etc/wazuh-dashboard/certs/dashboard.pem"
+opensearch.ssl.certificateAuthorities: ["/etc/wazuh-dashboard/certs/root-ca.pem"]
+uiSettings.overrides.defaultRoute: /app/wazuh?security_tenant=global
+logging.dest: "/var/log/wazuh-dashboard/wazuh-dashboard.log"
+

unattended_installer/config/filebeat/filebeat.yml

@@ -2,8 +2,8 @@
 output.elasticsearch:
   hosts: ["<elasticsearch_ip>:9700"]
   protocol: https
-  username: "admin"
-  password: "admin"
+  username: ${username}
+  password: ${password}
   ssl.certificate_authorities:
     - /etc/filebeat/certs/root-ca.pem
   ssl.certificate: "/etc/filebeat/certs/filebeat.pem"

unattended_installer/config/filebeat/filebeat_all_in_one.yml

@@ -2,8 +2,8 @@
 output.elasticsearch:
   hosts: ["127.0.0.1:9700"]
   protocol: https
-  username: "admin"
-  password: "admin"
+  username: ${username}
+  password: ${password}
   ssl.certificate_authorities:
     - /etc/filebeat/certs/root-ca.pem
   ssl.certificate: "/etc/filebeat/certs/filebeat.pem"

unattended_installer/config/filebeat/filebeat_distributed.yml

@@ -1,8 +1,8 @@
 # Wazuh - Filebeat configuration file
 output.elasticsearch:
   protocol: https
-  username: admin
-  password: admin
+  username: ${username}
+  password: ${password}
   ssl.certificate_authorities:
     - /etc/filebeat/certs/root-ca.pem
   ssl.certificate: "/etc/filebeat/certs/filebeat.pem"

unattended_installer/config/filebeat/filebeat_elastic_cluster.yml

@@ -2,8 +2,8 @@
 output.elasticsearch:
   hosts: ["<elasticsearch_ip_node_1>:9700", "<elasticsearch_ip_node_2>:9700", "<elasticsearch_ip_node_3>:9700"]
   protocol: https
-  username: "admin"
-  password: "admin"
+  username: ${username}
+  password: ${password}
   ssl.certificate_authorities:
     - /etc/filebeat/certs/root-ca.pem
   ssl.certificate: "/etc/filebeat/certs/filebeat.pem"

unattended_installer/config/filebeat/filebeat_unattended.yml

@@ -6,8 +6,8 @@ output.elasticsearch.hosts:
 
 output.elasticsearch:
   protocol: https
-  username: "admin"
-  password: "admin"
+  username: ${username}
+  password: ${password}
   ssl.certificate_authorities:
     - /etc/filebeat/certs/root-ca.pem
   ssl.certificate: "/etc/filebeat/certs/filebeat.pem"

unattended_installer/config/indexer/roles/roles.yml

@@ -2,7 +2,7 @@ _meta:
   type: "roles"
   config_version: 2
 
-# Restrict users so they can only view visualization and dashboards on kibana
+# Restrict users so they can only view visualization and dashboard on kibana
 kibana_read_only:
   reserved: true
 

unattended_installer/config/indexer/roles/roles_mapping.yml

@@ -33,7 +33,7 @@ kibana_user:
   - "kibanauser"
   users:
   - "wazuh_user"
-  - "wazuh_admin"    
+  - "wazuh_admin"
   description: "Maps kibanauser to kibana_user"
 
 readall: