Fine-grained security for ES-based API

Elastic Stack Elasticsearch
2

Not a direct answer to your question but I am using a simple abstraction to
implement a fast, very flexible and fine grained security over elastic
search using a percolater proxy.

The idea is to use a proxy (I am usng nginx + lua) to represent each http
request as a json document with top level fields such as 'headers', 'body',
'path', 'session', and 'method', 'time' and then request authorisation for
this request by percolating this document through an index of 'policy'
filters which may or may not match.

For example a policy query could then only be registered

  • allow all requests from a specific IP address
  • Use script filters to allow all Update requests only for documents with
    an 'owner' that match user Id supplied as a parameter
  • all access to docs for a limited time
  • only allow access to docs when specific cookies or tokens are available
    in the header or session.
  • only allow queries which request specific fields
  • only updates to specific fields of docs which a user has read access to.

etc..

If no direct authorization for a request is found, I then the proxy will
fallback to a set of rewrite rules to add/remove query, field and
partial_field parameters to the request to on a per index/type basis. This
allows sensitive fields to be removed from any search results as well as
restricting searches as appropriate.

Thanks,
mat

On Thursday, May 24, 2012 8:56:59 AM UTC-7, Shane Witbeck wrote:

I'm building a minimal abstraction around ES to accomplish fine-grained
security control around searches based on indexed fields. The requirements
are:

  1. allow users to query ES via search but only return indexed
    documents which they have permission to read
  2. filter sensitive fields from the results. I'm doing this via
    something like: searchRequestBuilder.addPartialField("apiFields", null,
    FIELDS_TO_EXCLUDE);

For the implementation I'm basically composing a SearchRequestBuilder via
the Java API.

Given a search query in JSON format, what's the best method to set the
query on the SearchRequestBuilder object while still being able to add my
filter(s) and exclude fields from the search results?

SearchRequestBuilder.setSource and SearchRequestBuilder.setExtraSource
seem to be candidates but it's unclear what exactly they do. Could you
explain them?

Thanks!