How to specify a tenant during index-pattern creation

Hi,

with the rest saved_object it is trivial to define an index pattern. However creation of a tenant using

PUT _opendistro/_security/api/tenants/<tenant>

doesn’t result in creation of ./kibana_{hash}_{tenant} index. Still the tenant is visible with

GET _opendistro/_security/api/tenants/

So far so good. But the next question is how to create an index-pattern for a particular tenant? and not for the global using the REST API ?

api/saved_objects/index-pattern/${id} \
-H 'kbn-xsrf: true' -H "securitytenant: {tenant}" -H "Content-Type: application/json" -XPOST -d \
'{
	 "attributes": {
	 	"title": "my-index-pattern",
	 	"timeFieldName": "@timestamp"
	 }
}'

Even if the security tenant header is present it still creates the index pattern in the global tenant

Thanks
Niki

2 Likes

I am seeing the same behavior using anonymous user.
Can anyone help ?

User-Agent': 'python-requests/2.25.1', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Connection': 'keep-alive', 'kbn-xsrf': 'true', 'securitytenant': 'tenant-116a30c1-67da-4f01-b736-0c4dd9af825b', 'Cookie': 'security_authentication=Fe26.2**b4f0a09e7716881c8fa45d62c0b0fcc26d461be1f16ae4ed9657cf339ead0aac*u1vwGaA9a6x8ac5cSIeGkg*OOZtnOS1gW1h6N_jTOmoKfNxvF796k861aFqTEpahO0Wr0VODlWyUiu24T9xMBRHE89rhFuczz3xOz8viQp8tk3SeOeKtuqxSq6BFAU2jxySZuJNNZ_dnh2cIeSxYoJi-pZP1OjL7Qhh1oz1GeL8s0RAQsAvI_zQ08iVB-y96DUMCVpD01JS1csQfUw32Ye5pX0AAZ_IghtKc7bp-avvcfCVfWkJqlurXmwO-_Sm5zoeQpeb9vx_N2Q8daZPVhGP**1b26ce6b89f77ea713c8f9c70afbe63f034e23a62aca000501356b6054312cab*sfC_rog6ycPM3OSUhigrF5J5FVTh-HRxR7MWbkLk_hY', 'Content-Length': '103', 'Content-Type': 'application/json', 'Authorization': 'Basic ZWJpcml1a292Ok5Yck5wLVEzX3kyLkpC'}

Header is present and yet it goes to the global tenant

Hi
not sure if the anonymous case is supported but here is what works for authenticated user

Hey,

This does work with an authenticated user but we are using okta with an enforced MFA.
Unfortunately there is no way to bypass this programmatically. This is the reason why i was trying to implement this with an anonymous user.