openshift · openshift-merge-robot · Oct 16, 2020 · Sep 16, 2020
diff --git a/kibana/Dockerfile b/kibana/Dockerfile
@@ -21,6 +21,7 @@ USER 0
 
 COPY vendored_tar_src/kibana-oss-6.8.1 ${HOME}/
 COPY vendored_tar_src/opendistro_security_kibana_plugin-0.10.0.4/ ${HOME}/plugins/opendistro_security_kibana_plugin-0.10.0.4/
+COPY lib/openshift_logging_plugin/ ${HOME}/plugins/openshift_logging_plugin/
 
 RUN chmod -R og+w ${HOME}/
 ADD probe/ /usr/share/kibana/probe/

diff --git a/kibana/Dockerfile.centos7 b/kibana/Dockerfile.centos7
@@ -21,6 +21,7 @@ USER 0
 
 COPY vendored_tar_src/kibana-oss-6.8.1 ${HOME}/
 COPY vendored_tar_src/opendistro_security_kibana_plugin-0.10.0.4/ ${HOME}/plugins/opendistro_security_kibana_plugin-0.10.0.4/
+COPY lib/openshift_logging_plugin/ ${HOME}/plugins/openshift_logging_plugin/
 
 RUN chmod -R og+w ${HOME}/
 ADD probe/ /usr/share/kibana/probe/

diff --git a/kibana/kibana.yml b/kibana/kibana.yml
@@ -24,6 +24,10 @@
 # The Kibana server's name.  This is used for display purposes.
 #server.name: "your-hostname"
 
+#Bug 1832783 - CVE-2020-10743 kibana: X-Frame-Option not set by default might lead to clickjacking
+#override www-authenticate to keep browser auth box from popping
+server.customResponseHeaders: {"x-frame-options":"deny", "www-authenticate":"proxy"}
+
 # The URLs of the Elasticsearch instances to use for all your queries.
 elasticsearch.hosts: ["https://elasticsearch.openshift-logging.svc.cluster.local:9200"]
 
@@ -123,4 +127,4 @@ opendistro_security.multitenancy.tenants.enable_private: true
 
 # addresses https://access.redhat.com/security/cve/CVE-2020-7013
 # addresses https://access.redhat.com/security/cve/CVE-2020-7015
-metrics.enabled: false
+metrics.enabled: false
diff --git a/kibana/lib/openshift_logging_plugin/.eslintrc b/kibana/lib/openshift_logging_plugin/.eslintrc
@@ -0,0 +1,2 @@
+---
+extends: "@elastic/kibana"
diff --git a/kibana/lib/openshift_logging_plugin/.gitignore b/kibana/lib/openshift_logging_plugin/.gitignore
@@ -0,0 +1,3 @@
+npm-debug.log*
+node_modules
+/build/
diff --git a/kibana/lib/openshift_logging_plugin/README.md b/kibana/lib/openshift_logging_plugin/README.md
@@ -0,0 +1,23 @@
+# openshift_logging_plugin
+
+> OpenShift Logging addons for Kibana
+
+---
+
+## Development
+
+See the [kibana contributing guide](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md) for instructions setting up your development environment. Once you have completed that, use the following npm tasks.
+
+  - `npm start`
+
+    Start kibana and have it include this plugin
+
+  - `npm start -- --config kibana.yml`
+
+    You can pass any argument that you would normally send to `bin/kibana` by putting them after `--` when running `npm start`
+
+  - `npm run build`
+
+    Build a distributable archive
+
+For more information about any of these commands run `npm run ${task} -- --help`.
diff --git a/kibana/lib/openshift_logging_plugin/index.js b/kibana/lib/openshift_logging_plugin/index.js
@@ -0,0 +1,28 @@
+import { resolve } from 'path';
+
+export default function (kibana) {
+  return new kibana.Plugin({
+    name: 'openshift_logging',
+    id: 'openshift_logging',
+    require: ['elasticsearch'],
+
+    uiExports: {
+
+      hacks: [
+        //the path here is misleading as it matches the 'name' not actual path
+        'plugins/openshift_logging/interceptors'
+      ]
+
+    },
+
+    config(Joi) {
+      return Joi.object({
+        enabled: Joi.boolean().default(true),
+      }).default();
+    },
+
+    init(server, options) {
+    }
+
+  });
+};