Is there a programmatic way to bootstrap a superuser?

[jakubgs]

Work Environment

Question	Answer
OS version (server)	Ubuntu
OS version (client)	20.04.1
Cortex version / git hash	3.1.0
Package Type	Binary

Problem Description

I'm installing Cortex with Ansible and I'd like to be able to programmatically create both the superuser and then the user and token that will be used by The Hive.

I looked ad the API docs:
https://github.com/TheHive-Project/CortexDocs/blob/master/api/api-guide.md

And as far as I can tell there is no method dedicated to this. And no environment variables that would facilitate this.

Possible Solutions

Exposing an API call to create a superuser when service is first started might be a bit dangerous, so most services provide environment variables that can be set and used at startup to create the admin user. Something like:

SUPER_ADMIN_USERNAME='admin'
SUPER_ADMIN_PASWORD='muh-super-secret-password'

And this would allow a tool like Ansible to start creating other users necessary to bootstrap other services like The Hive.

[jakubgs]

I appears that the /api/user path is available without auth when the service is initially set up.
https://github.com/TheHive-Project/CortexDocs/blob/master/api/api-guide.md#create-1
So you can just make the normal user creating POST but without Authorization header.

[jakubgs]

Oh, but when I try to create the API key it fails:

 >  curl -s localhost:9001/api/user/admin/key/renew -X POST
{"type":"AuthenticationError","message":"Authentication failure"}

So I'm not sure how I'm supposed to get the key.

[jakubgs]

Is there a way to make API calls without having to use the API key? The key cannot be controlled by setting it, it can only be generated, and it's necessary to check if the Super Admin user already exists to not fail creating it.

How could I authenticate with the user and their password?

[jakubgs]

Using basic auth doesn't seem to work:

 > curl -si localhost:9001/api/user/admin -u "admin:${ADMIN_PASS}" 
HTTP/1.1 401 Unauthorized
Date: Fri, 13 Nov 2020 16:14:06 GMT
Content-Type: application/json
Content-Length: 65

{"type":"AuthenticationError","message":"Authentication failure"}

[jakubgs]

Oh, I see, it has to be enabled:
https://github.com/TheHive-Project/CortexDocs/blob/master/api/api-guide.md#using-basic-authentication
Using:

auth.method.basic=true

[jakubgs]

Yep, there we go:

 > curl -s localhost:9001/api/user/admin -u "admin:${ADMIN_PASS}" | jq .
{
  "organization": "cortex",
  "name": "admin",
  "updatedAt": 1605284260826,
  "roles": [
    "superadmin"
  ],
  "status": "Ok",
  "createdAt": 1605284259912,
  "createdBy": "init",
  "updatedBy": "init",
  "_type": "user",
  "_routing": "admin",
  "_parent": null,
  "_id": "admin",
  "_seqNo": 1,
  "_primaryTerm": 1,
  "id": "admin",
  "hasKey": false,
  "hasPassword": true
}

Now it works.