From be5500ffd307e549dcb07797ad2965f1868ae6f2 Mon Sep 17 00:00:00 2001
From: Aytac Ozkan <aytac.ozkan@inra.fr>
Date: Wed, 15 Jul 2020 21:42:30 +0200
Subject: [PATCH] ***

---
 data.sql           | 34 +++++++++++++++++++++++++++++---
 docker-compose.yml | 20 +++++++++----------
 elasticsearch.yml  | 48 +++++++++++++++++++++++-----------------------
 kibana.yml         |  4 ++--
 4 files changed, 67 insertions(+), 39 deletions(-)

diff --git a/data.sql b/data.sql
index 0e12c1e..4e25563 100644
--- a/data.sql
+++ b/data.sql
@@ -45,11 +45,11 @@ CREATE TABLE IF NOT EXISTS policies (
     updatedAt timestamp
 );
 
-
 CREATE TABLE IF NOT EXISTS policy_field(
     id serial PRIMARY KEY, 
     policy_id integer,
     std_field_id integer, 
+    source_id integer, 
 
     CONSTRAINT policy_field_policy_id_fkey FOREIGN KEY (policy_id)
         REFERENCES policies(id) MATCH SIMPLE
@@ -59,11 +59,39 @@ CREATE TABLE IF NOT EXISTS policy_field(
         REFERENCES std_fields(id) MATCH SIMPLE
         ON UPDATE NO ACTION ON DELETE NO ACTION,
 
+    CONSTRAINT policy_field_source_id_fkey FOREIGN KEY (source_id)
+        REFERENCES sources(id) MATCH SIMPLE
+        ON UPDATE NO ACTION ON DELETE NO ACTION,
+
     createdAt timestamp NOT NULL DEFAULT NOW(),
     updatedAt timestamp
 );
 
-CREATE TABLE IF NOT EXISTS policy_user(
+
+CREATE TABLE IF NOT EXISTS group (
+    id serial PRIMARY KEY,
+
+    name varchar(50) NOT NULL,
+
+    createdAt timestamp NOT NULL DEFAULT NOW(),
+    updatedAt timestamp
+); 
+
+CREATE TABLE IF NOT EXISTS group_policy (
+    id serial PRIMARY KEY, 
+
+    createdAt timestamp NOT NULL DEFAULT NOW(),
+    updatedAt timestamp
+); 
+
+CREATE TABLE IF NOT EXISTS group_user (
+    id serial PRIMARY KEY, 
+
+    createdAt timestamp NOT NULL DEFAULT NOW(),
+    updatedAt timestamp
+); 
+
+/* CREATE TABLE IF NOT EXISTS policy_user(
     id serial PRIMARY KEY,
     policy_id integer,
     user_id integer,
@@ -78,7 +106,7 @@ CREATE TABLE IF NOT EXISTS policy_user(
 
     createdAt timestamp NOT NULL DEFAULT NOW(),
     updatedAt timestamp
-); 
+); */
 
 CREATE TABLE IF NOT EXISTS source_sharing(
     id serial PRIMARY KEY,
diff --git a/docker-compose.yml b/docker-compose.yml
index e24ca2c..87e70cf 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -124,11 +124,11 @@ services:
         hard: 65536
     volumes:
       - odfe-data1:/usr/share/elasticsearch/data
-      - ./root-ca.pem:/usr/share/elasticsearch/config/root-ca.pem
-      - ./node.pem:/usr/share/elasticsearch/config/node.pem
-      - ./node-key.pem:/usr/share/elasticsearch/config/node-key.pem
-      - ./admin.pem:/usr/share/elasticsearch/config/admin.pem
-      - ./admin-key.pem:/usr/share/elasticsearch/config/admin-key.pem
+      # - ./root-ca.pem:/usr/share/elasticsearch/config/root-ca.pem
+      # - ./node.pem:/usr/share/elasticsearch/config/node.pem
+      # - ./node-key.pem:/usr/share/elasticsearch/config/node-key.pem
+      # - ./admin.pem:/usr/share/elasticsearch/config/admin.pem
+      # - ./admin-key.pem:/usr/share/elasticsearch/config/admin-key.pem
       - ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
       - ./internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
       - ./roles_mapping.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/roles_mapping.yml
@@ -165,11 +165,11 @@ services:
         hard: 65536
     volumes:
       - odfe-data2:/usr/share/elasticsearch/data
-      - ./root-ca.pem:/usr/share/elasticsearch/config/root-ca.pem
-      - ./node.pem:/usr/share/elasticsearch/config/node.pem
-      - ./node-key.pem:/usr/share/elasticsearch/config/node-key.pem
-      - ./admin.pem:/usr/share/elasticsearch/config/admin.pem
-      - ./admin-key.pem:/usr/share/elasticsearch/config/admin-key.pem
+      # - ./root-ca.pem:/usr/share/elasticsearch/config/root-ca.pem
+      # - ./node.pem:/usr/share/elasticsearch/config/node.pem
+      # - ./node-key.pem:/usr/share/elasticsearch/config/node-key.pem
+      # - ./admin.pem:/usr/share/elasticsearch/config/admin.pem
+      # - ./admin-key.pem:/usr/share/elasticsearch/config/admin-key.pem
       - ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
       - ./internal_users.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml
       - ./roles_mapping.yml:/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/roles_mapping.yml
diff --git a/elasticsearch.yml b/elasticsearch.yml
index f459c7b..a4082f8 100644
--- a/elasticsearch.yml
+++ b/elasticsearch.yml
@@ -1,25 +1,25 @@
-opendistro_security.disabled: true
-opendistro_security.ssl.transport.pemcert_filepath: node.pem
-opendistro_security.ssl.transport.pemkey_filepath: node-key.pem
-opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
-opendistro_security.ssl.transport.enforce_hostname_verification: false
-opendistro_security.ssl.http.enabled: false
-opendistro_security.ssl.http.pemcert_filepath: node.pem
-opendistro_security.ssl.http.pemkey_filepath: node-key.pem
-opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
-opendistro_security.allow_default_init_securityindex: true
-opendistro_security.authcz.admin_dn:
-    - "CN=admin,OU=INSYLVA,O=INRA,L=AVIGNON,ST=PACA,C=FR"
-opendistro_security.nodes_dn:
-    - "CN=insylva.fr,OU=INSYLVA,O=INRA,L=AVIGNON,ST=PACA,C=FR"
-    - "/CN=.*regex/"
-opendistro_security.audit.type: internal_elasticsearch
-opendistro_security.enable_snapshot_restore_privilege: true
-opendistro_security.check_snapshot_restore_write_privileges: true
-opendistro_security.restapi.roles_enabled:
-    ["all_access", "security_rest_api_access"]
-cluster.routing.allocation.disk.threshold_enabled: false
+# opendistro_security.disabled: true
+# opendistro_security.ssl.transport.pemcert_filepath: node.pem
+# opendistro_security.ssl.transport.pemkey_filepath: node-key.pem
+# opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
+# opendistro_security.ssl.transport.enforce_hostname_verification: false
+# opendistro_security.ssl.http.enabled: false
+# opendistro_security.ssl.http.pemcert_filepath: node.pem
+# opendistro_security.ssl.http.pemkey_filepath: node-key.pem
+# opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
+# opendistro_security.allow_default_init_securityindex: true
+# opendistro_security.authcz.admin_dn:
+#   - "CN=admin,OU=INSYLVA,O=INRA,L=AVIGNON,ST=PACA,C=FR"
+# opendistro_security.nodes_dn:
+#    - "CN=insylva.fr,OU=INSYLVA,O=INRA,L=AVIGNON,ST=PACA,C=FR"
+#    - "/CN=.*regex/"
+# opendistro_security.audit.type: internal_elasticsearch
+# opendistro_security.enable_snapshot_restore_privilege: true
+# opendistro_security.check_snapshot_restore_write_privileges: true
+# opendistro_security.restapi.roles_enabled:
+#     ["all_access", "security_rest_api_access"]
+# cluster.routing.allocation.disk.threshold_enabled: false
 node.max_local_storage_nodes: 3
-opendistro_security.audit.config.disabled_rest_categories: NONE
-opendistro_security.audit.config.disabled_transport_categories: NONE
-opendistro_security.allow_unsafe_democertificates: true
+# opendistro_security.audit.config.disabled_rest_categories: NONE
+# opendistro_security.audit.config.disabled_transport_categories: NONE
+# opendistro_security.allow_unsafe_democertificates: true
diff --git a/kibana.yml b/kibana.yml
index 386b1df..aa39a94 100644
--- a/kibana.yml
+++ b/kibana.yml
@@ -15,5 +15,5 @@ elasticsearch.username: "kibanaserver"
 elasticsearch.password: "InSylva146544"
 elasticsearch.requestHeadersWhitelist: ["securitytenant", "Authorization"]
 
-opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"]
-opendistro_security.readonly_mode.roles: ["kibana_read_only"]
+# opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"]
+# opendistro_security.readonly_mode.roles: ["kibana_read_only"]