[RORDEV-1648] showcase

[coutoPL]

Requirements

Docker installed.

Prepare

1. git clone git@github.com:beshu-tech/ror-sandbox.git
2. cd ror-sandbox
3. git checkout reproduction/RORDEV-1648
4. cd ror-demo-cluster

Run docker compose stack

1. Configure PRO license (by setting ROR_ACTIVATION_KEY env or import it manually when the ROR login window is available)
2. clean.sh && ./run.sh

3a. Use ES ROR 1.67.0 (downloaded from the ROR API) and ROR KBN 1.68.0-pre1 (it's in file folder: readonlyrest_kbn_universal-1.68.0-pre1_es8.6.1.zip)

  _____                _  ____        _       _____  ______  _____ _______
 |  __ \              | |/ __ \      | |     |  __ \|  ____|/ ____|__   __|
 | |__) |___  __ _  __| | |  | |_ __ | |_   _| |__) | |__  | (___    | |
 |  _  // _ \/ _| |/ _| | |  | | '_ \| | | | |  _  /|  __|  \___ \   | |
 | | \ \  __/ (_| | (_| | |__| | | | | | |_| | | \ \| |____ ____) |  | |
 |_|  \_\___|\__,_|\__,_|\____/|_| |_|_|\__, |_|  \_\______|_____/   |_|
                                         __/ |

Preparing Elasticsearch & Kibana with ROR environment ...
-----------------
Enter Elasticsearch version (default: 9.1.5): 8.6.1
Use ES ROR (default 1):
1. From API
2. From FILE

Your choice:
Enter ROR Elasticsearch version (default: 1.67.0):
-----------------
Enter Kibana version (default: 8.6.1):
Use KBN ROR (default 1):
 1. From API
 2. From FILE

Your choice: 2
Enter ROR Kibana file path (it has to be placed in ./../utils): readonlyrest_kbn_universal-1.68.0-pre1_es8.6.1.zip
-----------------
Auto-detected ROR_LICENSE_EDITION=PRO
Starting Elasticsearch and Kibana with installed ROR plugins ...

3b. Use ES ROR & KBN ROR 1.67.0 (both downloaded from the ROR API):

  _____                _  ____        _       _____  ______  _____ _______
 |  __ \              | |/ __ \      | |     |  __ \|  ____|/ ____|__   __|
 | |__) |___  __ _  __| | |  | |_ __ | |_   _| |__) | |__  | (___    | |
 |  _  // _ \/ _| |/ _| | |  | | '_ \| | | | |  _  /|  __|  \___ \   | |
 | | \ \  __/ (_| | (_| | |__| | | | | | |_| | | \ \| |____ ____) |  | |
 |_|  \_\___|\__,_|\__,_|\____/|_| |_|_|\__, |_|  \_\______|_____/   |_|
                                         __/ |

Preparing Elasticsearch & Kibana with ROR environment ...
-----------------
Enter Elasticsearch version (default: 9.1.5): 8.6.1
Use ES ROR (default 1):
1. From API
2. From FILE

Your choice:
Enter ROR Elasticsearch version (default: 1.67.0):
-----------------
Enter Kibana version (default: 8.6.1):
Use KBN ROR (default 1):
 1. From API
 2. From FILE

Your choice:
Enter ROR Kibana version (default: 1.67.0):
-----------------
Auto-detected ROR_LICENSE_EDITION=PRO

4. Open https://localhost:15601 and log in as one of the following users:

1. `user1:test` (LDAP groups `ElasticsearchMandRLogs`, `ElasticsearchRestrictedDashboardOnly`)
2. `user2:test` (LDAP groups `ElasticsearchQIMFirewallLogs`, `ElasticsearchRestrictedDashboardOnly`)
3. `user3:test` (LDAP groups `ElasticsearchCipherLogs`, `ElasticsearchRestrictedDashboardOnly`, `ElasticsearchSuperUsers`, `ElasticsearchReadAllIndices`)

5. Visit the Dashboard and Discover sections

Result

a) for ES ROR 1.67.0 and ROR KBN 1.68.0-pre1

b) for ES ROR & KBN ROR 1.67.0

Summary by CodeRabbit

• New Features

  • LDAP-based authentication and group-based access control enabled.
  • Prebuilt dashboards and index patterns for MandR, QIM, and Cipher logs included and importable.

• Improvements

  • Kibana plugin logging increased to trace for deeper diagnostics.
  • Async-search and targeted access rules refined for clearer access behavior.
  • Demo indexes aligned to mandr, qim, and cipher naming.

• Infrastructure

  • Local reverse-proxy and LDAP services added to the demo setup.