Integrating REST API call into role template


(Eric Walters) #1

I am trying to implement an ABAC scheme, similar to the link below.

I would like to add on certain functionality - my users authenticate through PKI and their attributes, instead of being hardcoded into Elasticsearch through a metadata field, are stored in and accessible through a third-party API. Using a DN, I can retrieve a JSON object containing the attributes that I need.

My issue is then integrating this JSON object into the mustache template so I can use the fields for terms_set. My idea so far, mostly based off of the example scripting plugin (https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-scripting-engine.html
) is to write a custom ScriptEngine plugin so that I can make the API call and get my JSON object in Java, then retrieve it and access it similar to below.

        "script":{
            "source": "custom_API_call",
            "lang" : "expert_scripts",
            "params": {
                "DN": "CN=test,...,...",
            }
        }

{\"terms\": {{#toJson}}API_JSON_RESULT.metadata.security_attributes{{/toJson}},":...}

Would anybody be able to give me some guidance on how best to do this? I haven't been able to make much headway looking at the Javadocs - I don't really need any of the advanced functionality that many of the plugin classes give. Could the TemplateScript class be used to return what is essentially simple text?

I'm pretty new to this-thanks for the help!