Role mappings of all matched users in Elasticsearch

soumendra · July 12, 2020, 5:53pm

How to fetch all the role mappings of a single user in Elasticsearch.
I have role mapping like this:

"sdbsd21tdsbjvbriuu": {
        "enabled": true,
        "roles": [
            "kibana_dashboard_only_user",
            "5e3bb57222b49800016b666f"
        ],
        "rules": {
            "all": [
                {
                    "field": {
                        "realm.name": "oidc1"
                    }
                },
                {
                    "field": {
                        "username": [
                            "user001@one.com",
                            "User002@two.com",
                            "USER003@three.com"
                        ]
                    }
                }
            ]
        },
        "metadata": {
            "migrated": false
        }
    }

For e.g. user001@one.com can be there across multiple role-mappings. I want to fetch all the role-mappings with user001@one.com. How to do that?
I have tried to search the security-7 index. However, unable to get a single search query for this.

GET .security-7/_search
{
    "query": {
        "bool": {
            "must": [
                {
                    "term": {
                        "doc_type": "role-mapping"
                    }
                }                
            ]
        }
    }
}

Vinayak_Sapre · July 12, 2020, 9:21pm

@soumendra
I am assuming username and roles fields are defined as text with a "keyword" as child field.

See if this works

{
  "query": {
    "bool": {
      "filter": [
        {
          "term": {
            "sdbsd21tdsbjvbriuu.rules.all.field.username.keyword": "User002@two.com"
          }
        }
      ]
    }
  },
  "aggs": {
    "roles": {
      "terms": {
        "field": "sdbsd21tdsbjvbriuu.roles.keyword"
      }
    }
  }
}

If not, can you post .security-7 mappings?

soumendra · July 13, 2020, 4:35am

security-7 index role mapping:

{
    ".security-7": {
        "mappings": {
            "dynamic": "strict",
            "_meta": {
                "security-version": "7.6.2"
            },
            "properties": {
                "access_token": {
                    "properties": {
                        "invalidated": {
                            "type": "boolean"
                        },
                        "realm": {
                            "type": "keyword"
                        },
                        "user_token": {
                            "properties": {
                                "authentication": {
                                    "type": "binary"
                                },
                                "expiration_time": {
                                    "type": "date",
                                    "format": "epoch_millis"
                                },
                                "id": {
                                    "type": "keyword"
                                },
                                "metadata": {
                                    "type": "object",
                                    "dynamic": "false"
                                },
                                "version": {
                                    "type": "integer"
                                }
                            }
                        }
                    }
                },
                "actions": {
                    "type": "keyword"
                },
                "api_key_hash": {
                    "type": "keyword",
                    "index": false,
                    "doc_values": false
                },
                "api_key_invalidated": {
                    "type": "boolean"
                },
                "application": {
                    "type": "keyword"
                },
                "applications": {
                    "properties": {
                        "application": {
                            "type": "keyword"
                        },
                        "privileges": {
                            "type": "keyword"
                        },
                        "resources": {
                            "type": "keyword"
                        }
                    }
                },
                "cluster": {
                    "type": "keyword"
                },
                "creation_time": {
                    "type": "date",
                    "format": "epoch_millis"
                },
                "creator": {
                    "properties": {
                        "metadata": {
                            "type": "object",
                            "dynamic": "false"
                        },
                        "principal": {
                            "type": "keyword"
                        },
                        "realm": {
                            "type": "keyword"
                        }
                    }
                },
                "doc_type": {
                    "type": "keyword"
                },
                "email": {
                    "type": "text",
                    "analyzer": "email"
                },
                "enabled": {
                    "type": "boolean"
                },
                "expiration_time": {
                    "type": "date",
                    "format": "epoch_millis"
                },
                "full_name": {
                    "type": "text"
                },
                "global": {
                    "properties": {
                        "application": {
                            "properties": {
                                "manage": {
                                    "properties": {
                                        "applications": {
                                            "type": "keyword"
                                        }
                                    }
                                }
                            }
                        }
                    }
                },
                "indices": {
                    "properties": {
                        "allow_restricted_indices": {
                            "type": "boolean"
                        },
                        "field_security": {
                            "properties": {
                                "except": {
                                    "type": "keyword"
                                },
                                "grant": {
                                    "type": "keyword"
                                }
                            }
                        },
                        "names": {
                            "type": "keyword"
                        },
                        "privileges": {
                            "type": "keyword"
                        },
                        "query": {
                            "type": "keyword"
                        }
                    }
                },
                "limited_by_role_descriptors": {
                    "type": "object",
                    "enabled": false
                },
                "metadata": {
                    "type": "object",
                    "dynamic": "false"
                },
                "name": {
                    "type": "keyword"
                },
                "password": {
                    "type": "keyword",
                    "index": false,
                    "doc_values": false
                },
                "refresh_token": {
                    "properties": {
                        "client": {
                            "properties": {
                                "realm": {
                                    "type": "keyword"
                                },
                                "type": {
                                    "type": "keyword"
                                },
                                "user": {
                                    "type": "keyword"
                                }
                            }
                        },
                        "invalidated": {
                            "type": "boolean"
                        },
                        "refresh_time": {
                            "type": "date",
                            "format": "epoch_millis"
                        },
                        "refreshed": {
                            "type": "boolean"
                        },
                        "superseding": {
                            "properties": {
                                "encrypted_tokens": {
                                    "type": "binary"
                                },
                                "encryption_iv": {
                                    "type": "binary"
                                },
                                "encryption_salt": {
                                    "type": "binary"
                                }
                            }
                        },
                        "token": {
                            "type": "keyword"
                        }
                    }
                },
                "role_descriptors": {
                    "type": "object",
                    "enabled": false
                },
                "role_templates": {
                    "properties": {
                        "format": {
                            "type": "keyword"
                        },
                        "template": {
                            "type": "text"
                        }
                    }
                },
                "roles": {
                    "type": "keyword"
                },
                "rules": {
                    "type": "object",
                    "dynamic": "false"
                },
                "run_as": {
                    "type": "keyword"
                },
                "type": {
                    "type": "keyword"
                },
                "username": {
                    "type": "keyword"
                },
                "version": {
                    "type": "integer"
                }
            }
        }
    }
}

Vinayak_Sapre · July 13, 2020, 5:11am

Sub-fields of rules are not indexed which contain user info. You can't filter on username.

system · August 10, 2020, 5:11am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.