Merge branch 'develop' into RORDEV-1444-user-info-source-methods-description

Author: Dzuming

eck.md

@@ -169,7 +169,7 @@ ARG ROR_VERSION
 USER elasticsearch
 RUN /usr/share/elasticsearch/bin/elasticsearch-plugin install --batch "https://api.beshu.tech/download/es?esVersion=$ES_VERSION&pluginVersion=$ROR_VERSION&email=[YOUR-EMAIL-ADDRESS]"
 USER root
-RUN /usr/share/elasticsearch/jdk/bin/java -jar /usr/share/elasticsearch/plugins/readonlyrest/ror-tools.jar patch
+RUN /usr/share/elasticsearch/jdk/bin/java -jar /usr/share/elasticsearch/plugins/readonlyrest/ror-tools.jar patch --I_UNDERSTAND_AND_ACCEPT_ES_PATCHING yes
 USER 1000:0
 ```
 

elasticsearch.md

@@ -137,6 +137,8 @@ If you are using Elasticsearch 6.5.x or newer, you need **an extra post-installa
 jdk/bin/java -jar plugins/readonlyrest/ror-tools.jar patch
 ```
 
+**⚠️IMPORTANT**: During patching, user will be prompted for confirmation. Please see the [silent mode](elasticsearch.md#patch-elasticsearch-in-a-silent-mode) is there is a need to bypass this step.
+
 **⚠️IMPORTANT**: for Elasticsearch 8.3.x or newer, the patching operation requires `root` user privileges.
 
 You can verify if Elasticsearch was correctly patched using the command `verify`:
@@ -286,7 +288,18 @@ If you are using Elasticsearch 6.5.x or newer, you need **an extra post-installa
 jdk/bin/java -jar plugins/readonlyrest/ror-tools.jar patch
 ```
 
-**⚠️IMPORTANT**: for Elasticsearch 8.3.x or newer, the patching operation requires `root` user privileges.
+**⚠️IMPORTANT**: When performing the patching operation, user will be asked to confirm (by providing an answer 'yes' to the displayed question),
+that he understands and accepts the implications of ES patching. See the [silent mode](elasticsearch.md#patch-elasticsearch-in-a-silent-mode) if there is a need to bypass this step.
+
+**⚠️IMPORTANT**: For Elasticsearch 8.3.x or newer, the patching operation requires `root` user privileges.
+
+##### Patch Elasticsearch in a silent mode
+To apply patches in ES using ror-tools in non-interactive mode (bypassing prompts), 
+you can provide `--I_UNDERSTAND_AND_ACCEPT_ES_PATCHING=yes` script argument :
+
+```bash
+jdk/bin/java -jar plugins/readonlyrest/ror-tools.jar patch --I_UNDERSTAND_AND_ACCEPT_ES_PATCHING=yes
+```
 
 You can verify if Elasticsearch was correctly patched using the command `verify`:
 

kibana.md

@@ -542,6 +542,19 @@ readonlyrest_kbn.multiTenancyEnabled: false
 
 You can configure an ACL in multi tenancy mode by adding a few ACL blocks containing the `kibana.index` [rule](https://docs.readonlyrest.com/elasticsearch#kibana). See examples and further explanation under our [multi-tenancy guide](examples/multitenancy\_guide.md).
 
+### Extending the Kibana API with the x-ror-tenancy-id header
+([Enterprise](https://readonlyrest.com/enterprise))
+
+To target a specific tenant when making a [Kibana API](https://www.elastic.co/guide/en/kibana/current/api.html) request, include the custom HTTP header `x-ror-tenancy-id`. The value of this header should match one of the [groups rules](/elasticsearch#groups-rules) id defined in your ACL configuration. The first group defined in the ACL for a specific user is used as the default tenancy id.
+
+example usage:
+
+```bash
+curl -X GET "http://localhost:5601/api/saved_objects/_find?type=dashboard" \
+  -H "kbn-xsrf: true" \
+  -H "x-ror-tenancy-id: marketing-team"
+```
+
 #### Session cookie expiration
 
 When a user logs in, ReadonlyREST will write an encrypted cookie in the browser. This cookie has an time to live that can be tweaked with the following configuration key in `kibana.yml`.