From 25bd87846c8a11386ccd9ca8ec933f74ed4280e6 Mon Sep 17 00:00:00 2001
From: Sven Ketelsen <sven.ketelsen@netgo.de>
Date: Wed, 18 May 2022 19:56:38 +0200
Subject: [PATCH] feat: kibana - default index patterns

- uncategorized-*
- {{ stage }}-*-authlog-*
- {{ stage }}-*-syslog-*
- {{ stage }}-monitoring-*
- {{ stage }}-management-*-connect-*
---
 roles/kibana/defaults/main.yaml               | 47 +++++++++++++++--
 .../kibana/tasks/_configure_indexpattern.yml  | 52 +++++++++++--------
 roles/kibana/tasks/add_technical_users.yml    |  6 +--
 3 files changed, 75 insertions(+), 30 deletions(-)

diff --git a/roles/kibana/defaults/main.yaml b/roles/kibana/defaults/main.yaml
index 48bc848..520b5da 100644
--- a/roles/kibana/defaults/main.yaml
+++ b/roles/kibana/defaults/main.yaml
@@ -80,7 +80,27 @@ kibana_technical_users:
           - actions
           - osquery
           - savedObjectsTagging
-    elastic_index_pattern:
+    elastic_index_patterns:
+      -
+        attributes:
+          fieldAttrs: '{}'
+          fields: "[]"
+          runtimeFieldMap: "{}"
+          timeFieldName: "@timestamp"
+          title: '{{ stage }}-management-*-connect-*'
+          typeMeta: "{}"
+        references: []
+        elastic_state: present
+      -
+        attributes:
+          fieldAttrs: '{}'
+          fields: "[]"
+          runtimeFieldMap: "{}"
+          timeFieldName: "@timestamp"
+          title: 'uncategorized-*'
+          typeMeta: "{}"
+        references: []
+        elastic_state: present
       -
         attributes:
           fieldAttrs: '{}'
@@ -89,8 +109,25 @@ kibana_technical_users:
           timeFieldName: "@timestamp"
           title: '{{ stage }}-*-authlog-*'
           typeMeta: "{}"
-        coreMigrationVersion: 7.16.1
-        migrationVersion:
-          index-pattern: 7.11.0
         references: []
-        type: index-pattern
+        elastic_state: present
+      -
+        attributes:
+          fieldAttrs: '{}'
+          fields: "[]"
+          runtimeFieldMap: "{}"
+          timeFieldName: "@timestamp"
+          title: '{{ stage }}-*-syslog-*'
+          typeMeta: "{}"
+        references: []
+        elastic_state: present
+      -
+        attributes:
+          fieldAttrs: '{}'
+          fields: "[]"
+          runtimeFieldMap: "{}"
+          timeFieldName: "@timestamp"
+          title: '{{ stage }}-monitoring-*'
+          typeMeta: "{}"
+        references: []
+        elastic_state: present
diff --git a/roles/kibana/tasks/_configure_indexpattern.yml b/roles/kibana/tasks/_configure_indexpattern.yml
index 884a3c6..3faf15c 100644
--- a/roles/kibana/tasks/_configure_indexpattern.yml
+++ b/roles/kibana/tasks/_configure_indexpattern.yml
@@ -3,42 +3,50 @@
   set_fact:
     api_path: '/s/{{ es_space }}/api/saved_objects'
     es_object_type: 'index-pattern'
-    indexpattern_exists: False
-    elastic_indexpattern_cleaned: {}
+    index_pattern_exists: False
+    elastic_index_pattern_cleaned: {}
 
-- name: "Get all indexpatterns in elasticsearch"
+- name: "Get all index patterns in elasticsearch"
   delegate_to: localhost
   uri:
-    url: "https://{{ kibana_api_endpoint }}{{ api_path }}/_find?per_page=10000&type=index-pattern"
+    url: "https://{{ kibana_api_endpoint }}{{ api_path }}/_find?per_page=10000&type={{ es_object_type }}"
     method: GET
     status_code: [200]
     user: "{{ elastic_admin_username }}" 
     password: "{{ elastic_admin_password }}"
     force_basic_auth: yes
-  register: all_indexpatterns
+  register: all_index_patterns
   become: false
 
-- name: "Lookup index pattern object if exists"
+- name: "Lookup index pattern <{{ elastic_index_pattern.attributes.title }}>"
   set_fact:
-    lookup_indexpattern_object: '{{ all_indexpatterns.json | community.general.json_query(querystr1) | first | community.general.json_query(indexpattern_query) }}'
+    lookup_indexpattern_object: '{{ all_index_patterns.json | community.general.json_query(querystr1) | first | community.general.json_query(indexpattern_query) }}'
   vars:
     querystr1: "[saved_objects[*]]"
-    indexpattern_query: "[?attributes.title=='{{ elastic_indexpattern.attributes.title }}']"
+    indexpattern_query: "[?attributes.title=='{{ elastic_index_pattern.attributes.title }}']"
 
 - name: "Set switch VAR"
   set_fact:
-    indexpattern_exists: True 
+    index_pattern_exists: True 
   when:
     - lookup_indexpattern_object | length > 0
 
 - name: "Drop not needed key from dict"
   set_fact:
-    elastic_indexpattern_cleaned: "{{ elastic_indexpattern_cleaned | combine({item.key: item.value}) }}"
-  with_dict: '{{ elastic_indexpattern }}'
+    elastic_index_pattern_cleaned: "{{ elastic_index_pattern_cleaned | combine({item.key: item.value}) }}"
+  with_dict: '{{ elastic_index_pattern }}'
   when:
     - item.key not in ['elastic_state']
 
-- name: "Create {{ es_object_type }} <<{{ elastic_indexpattern.attributes.title }}>>"
+- name: "Create <{{ es_object_type }}> <{{ elastic_index_pattern.attributes.title }}>"
+  debug:
+    msg: "{{ elastic_index_pattern_cleaned }}"
+  become: false
+  when:
+    - not index_pattern_exists
+    - elastic_index_pattern.elastic_state == 'present'
+
+- name: "Create <{{ es_object_type }}> <{{ elastic_index_pattern.attributes.title }}>"
   delegate_to: localhost
   uri:
     url: "https://{{ kibana_api_endpoint }}{{ api_path }}/{{ es_object_type }}"
@@ -51,13 +59,13 @@
       Content-Type: application/json
       kbn-xsrf: true
     body_format: json
-    body: '{{ elastic_indexpattern_cleaned | to_json }}'
+    body: '{{ elastic_index_pattern_cleaned | to_json }}'
   become: false
   when:
-    - not indexpattern_exists
-    - elastic_indexpattern.elastic_state == 'present'
+    - not index_pattern_exists
+    - elastic_index_pattern.elastic_state == 'present'
 
-- name: "Update {{ es_object_type }} <<{{ elastic_indexpattern.attributes.title }}>>"
+- name: "Update {{ es_object_type }} <<{{ elastic_index_pattern.attributes.title }}>>"
   delegate_to: localhost
   uri:
     url: 'https://{{ kibana_api_endpoint }}{{ api_path }}/{{ es_object_type }}/{{ lookup_indexpattern_object[0]["id"] }}'
@@ -70,13 +78,13 @@
       Content-Type: application/json
       kbn-xsrf: true
     body_format: json
-    body: '{{ elastic_indexpattern_cleaned | to_json }}'
+    body: '{{ elastic_index_pattern_cleaned | to_json }}'
   become: false
   when:
-    - indexpattern_exists
-    - elastic_indexpattern.elastic_state == 'present'
+    - index_pattern_exists
+    - elastic_index_pattern.elastic_state == 'present'
 
-- name: "DELETE {{ es_object_type }} <<{{ elastic_indexpattern.attributes.title }}>>"
+- name: "DELETE {{ es_object_type }} <<{{ elastic_index_pattern.attributes.title }}>>"
   delegate_to: localhost
   uri:
     url: 'https://{{ kibana_api_endpoint }}{{ api_path }}/{{ es_object_type }}/{{ lookup_indexpattern_object[0]["id"] }}'
@@ -90,5 +98,5 @@
       kbn-xsrf: true
   become: false
   when:
-    - indexpattern_exists
-    - elastic_indexpattern.elastic_state == 'absent'
+    - index_pattern_exists
+    - elastic_index_pattern.elastic_state == 'absent'
diff --git a/roles/kibana/tasks/add_technical_users.yml b/roles/kibana/tasks/add_technical_users.yml
index cbce7ba..d35d304 100644
--- a/roles/kibana/tasks/add_technical_users.yml
+++ b/roles/kibana/tasks/add_technical_users.yml
@@ -23,12 +23,12 @@
   loop_control:
     loop_var: elastic_user
 
-- name: "Do some stuff in elastic with indexpattern ..."
+- name: "Do some stuff in elastic with index pattern ..."
   vars:
-    es_space: technical_user.elastic_index_pattern
+    es_space: "default"
   include_role:
     name: kibana
     tasks_from: _configure_indexpattern.yml
-  loop: "{{ technical_user.elastic_index_pattern }}"
+  loop: "{{ technical_user.elastic_index_patterns }}"
   loop_control:
     loop_var: elastic_index_pattern