Inject a term filter for basic security

(Tristan Carel) #1


I am using Kibana 4 and Elasticsearch 1.7 to search across logs of several users. I want those users to only see their documents, based on a "user" field set of each document.

Kibana is proxied by a Python Flask application doing, among others things, authentication. The proxy provides Kibana the authenticated user name thru HTTP headers.

I currently have an Elasticsearch plugin catching this HTTP header, and an ActionFilter that registers the filter as string (for example: "term user john.doe") in the SearchRequest context. But then I am stuck. I don't find a suitable module to tweak the query afterward.

Do you have any clue how to achieve this?
I still have a workaround, by putting a proxy in front of Elasticsearch to inject the filter in the _search and _msearch API methods, but that would not be very elegant.

I saw it was possible to register post-filters in 1.6, it seems both not supported and not efficient because run during aggregation.

Best regards

(system) #2