Role mappings of all matched users in Elasticsearch

soumendra · July 12, 2020, 5:53pm

How to fetch all the role mappings of a single user in Elasticsearch.
I have role mapping like this:

"sdbsd21tdsbjvbriuu": {
        "enabled": true,
        "roles": [
            "kibana_dashboard_only_user",
            "5e3bb57222b49800016b666f"
        ],
        "rules": {
            "all": [
                {
                    "field": {
                        "realm.name": "oidc1"
                    }
                },
                {
                    "field": {
                        "username": [
                            "user001@one.com",
                            "User002@two.com",
                            "USER003@three.com"
                        ]
                    }
                }
            ]
        },
        "metadata": {
            "migrated": false
        }
    }

For e.g. user001@one.com can be there across multiple role-mappings. I want to fetch all the role-mappings with user001@one.com. How to do that?
I have tried to search the security-7 index. However, unable to get a single search query for this.

GET .security-7/_search
{
    "query": {
        "bool": {
            "must": [
                {
                    "term": {
                        "doc_type": "role-mapping"
                    }
                }                
            ]
        }
    }
}

Vinayak_Sapre · July 12, 2020, 9:21pm

@soumendra
I am assuming username and roles fields are defined as text with a "keyword" as child field.

See if this works

{
  "query": {
    "bool": {
      "filter": [
        {
          "term": {
            "sdbsd21tdsbjvbriuu.rules.all.field.username.keyword": "User002@two.com"
          }
        }
      ]
    }
  },
  "aggs": {
    "roles": {
      "terms": {
        "field": "sdbsd21tdsbjvbriuu.roles.keyword"
      }
    }
  }
}

If not, can you post .security-7 mappings?

soumendra · July 13, 2020, 4:35am

security-7 index role mapping:

{
    ".security-7": {
        "mappings": {
            "dynamic": "strict",
            "_meta": {
                "security-version": "7.6.2"
            },
            "properties": {
                "access_token": {
                    "properties": {
                        "invalidated": {
                            "type": "boolean"
                        },
                        "realm": {
                            "type": "keyword"
                        },
                        "user_token": {
                            "properties": {
                                "authentication": {
                                    "type": "binary"
                                },
                                "expiration_time": {
                                    "type": "date",
                                    "format": "epoch_millis"
                                },
                                "id": {
                                    "type": "keyword"
                                },
                                "metadata": {
                                    "type": "object",
                                    "dynamic": "false"
                                },
                                "version": {
                                    "type": "integer"
                                }
                            }
                        }
                    }
                },
                "actions": {
                    "type": "keyword"
                },
                "api_key_hash": {
                    "type": "keyword",
                    "index": false,
                    "doc_values": false
                },
                "api_key_invalidated": {
                    "type": "boolean"
                },
                "application": {
                    "type": "keyword"
                },
                "applications": {
                    "properties": {
                        "application": {
                            "type": "keyword"
                        },
                        "privileges": {
                            "type": "keyword"
                        },
                        "resources": {
                            "type": "keyword"
                        }
                    }
                },
                "cluster": {
                    "type": "keyword"
                },
                "creation_time": {
                    "type": "date",
                    "format": "epoch_millis"
                },
                "creator": {
                    "properties": {
                        "metadata": {
                            "type": "object",
                            "dynamic": "false"
                        },
                        "principal": {
                            "type": "keyword"
                        },
                        "realm": {
                            "type": "keyword"
                        }
                    }
                },
                "doc_type": {
                    "type": "keyword"
                },
                "email": {
                    "type": "text",
                    "analyzer": "email"
                },
                "enabled": {
                    "type": "boolean"
                },
                "expiration_time": {
                    "type": "date",
                    "format": "epoch_millis"
                },
                "full_name": {
                    "type": "text"
                },
                "global": {
                    "properties": {
                        "application": {
                            "properties": {
                                "manage": {
                                    "properties": {
                                        "applications": {
                                            "type": "keyword"
                                        }
                                    }
                                }
                            }
                        }
                    }
                },
                "indices": {
                    "properties": {
                        "allow_restricted_indices": {
                            "type": "boolean"
                        },
                        "field_security": {
                            "properties": {
                                "except": {
                                    "type": "keyword"
                                },
                                "grant": {
                                    "type": "keyword"
                                }
                            }
                        },
                        "names": {
                            "type": "keyword"
                        },
                        "privileges": {
                            "type": "keyword"
                        },
                        "query": {
                            "type": "keyword"
                        }
                    }
                },
                "limited_by_role_descriptors": {
                    "type": "object",
                    "enabled": false
                },
                "metadata": {
                    "type": "object",
                    "dynamic": "false"
                },
                "name": {
                    "type": "keyword"
                },
                "password": {
                    "type": "keyword",
                    "index": false,
                    "doc_values": false
                },
                "refresh_token": {
                    "properties": {
                        "client": {
                            "properties": {
                                "realm": {
                                    "type": "keyword"
                                },
                                "type": {
                                    "type": "keyword"
                                },
                                "user": {
                                    "type": "keyword"
                                }
                            }
                        },
                        "invalidated": {
                            "type": "boolean"
                        },
                        "refresh_time": {
                            "type": "date",
                            "format": "epoch_millis"
                        },
                        "refreshed": {
                            "type": "boolean"
                        },
                        "superseding": {
                            "properties": {
                                "encrypted_tokens": {
                                    "type": "binary"
                                },
                                "encryption_iv": {
                                    "type": "binary"
                                },
                                "encryption_salt": {
                                    "type": "binary"
                                }
                            }
                        },
                        "token": {
                            "type": "keyword"
                        }
                    }
                },
                "role_descriptors": {
                    "type": "object",
                    "enabled": false
                },
                "role_templates": {
                    "properties": {
                        "format": {
                            "type": "keyword"
                        },
                        "template": {
                            "type": "text"
                        }
                    }
                },
                "roles": {
                    "type": "keyword"
                },
                "rules": {
                    "type": "object",
                    "dynamic": "false"
                },
                "run_as": {
                    "type": "keyword"
                },
                "type": {
                    "type": "keyword"
                },
                "username": {
                    "type": "keyword"
                },
                "version": {
                    "type": "integer"
                }
            }
        }
    }
}

Vinayak_Sapre · July 13, 2020, 5:11am

Sub-fields of rules are not indexed which contain user info. You can't filter on username.

system · August 10, 2020, 5:11am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
AD User and AD Group in Single Role Mapping Elasticsearch elastic-stack-security	6	617	September 3, 2020
Map / grant roles defined in keycloak to elasticsearch Elasticsearch elastic-stack-security	6	1172	October 6, 2022
Query to find all the users with one role Elasticsearch elastic-stack-security	2	373	April 19, 2023
Bulk delete role mappings Elasticsearch elastic-stack-security	2	468	May 17, 2020
Bulk import role mappings from one cluster to another via API Elasticsearch elastic-stack-security	2	169	October 10, 2023

Role mappings of all matched users in Elasticsearch

Related topics