Copying the commands in this document and I get the error in the title when I login as a user and do a search. Anybody know why?
https://www.elastic.co/blog/attribute-based-access-control-with-xpack?blade=tw&hulk=social
Copying the commands in this document and I get the error in the title when I login as a user and do a search. Anybody know why?
https://www.elastic.co/blog/attribute-based-access-control-with-xpack?blade=tw&hulk=social
Hi
Can you try the following query and let me know if you still have any issues
GET /my-index/_search
{
"query": {
"terms_set": {
"security_attributes" : {
"terms" : ["living", "in a van", "down by the river"],
"minimum_should_match_script": {
"source": "params.num_terms"
}
}
}
}
}
Regards
Works but doesn't return any documents
In addition to @ESamir's change to use { "source": "params.num_terms" }
, the blog post assumes that security_attributes
is mapped as keyword
data type. If the mapping has been inferred, the following query will work, using the keyword
sub-field (of a multi-field) on security_attributes
GET my_index/_search
{
"query": {
"terms_set": {
"security_attributes.keyword": {
"terms": ["living", "in a van", "down by the river"],
"minimum_should_match_script": {
"source": "params.num_terms"
}
}
}
}
}
which returns
{
"took": 1,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"skipped": 0,
"failed": 0
},
"hits": {
"total": 1,
"max_score": 0.8630463,
"hits": [
{
"_index": "my_index",
"_type": "doc",
"_id": "1",
"_score": 0.8630463,
"_source": {
"security_attributes": [
"living",
"in a van",
"down by the river"
],
"body": "you're not going to amount to jack squat"
}
}
]
}
}
Thanks to @forloop the following is what is required to get the demo working:
DELETE my_index
PUT my_index
{
"mappings" : {
"doc" : {
"properties" : {
"body" : { "type" : "text" },
"security_attributes":{"type": "keyword"}
}
}
}
}
PUT my_index/doc/1
{
"security_attributes": ["living", "in a van", "down by the river"],
"body": "you're not going to amount to jack squat"
}
PUT my_index/doc/2
{
"security_attributes": ["living", "in a house", "down by the river"],
"body": "keep calm, carry on"
}
GET my_index/_search
{
"query": {
"terms_set": {
"security_attributes": {
"terms": [
"living",
"in a van",
"down by the river"
],
"minimum_should_match_script": {
"source": "params.num_terms"
}
}
}
}
}
The Json for creating the users in that post is also incorrect, here's the correct version:
PUT _xpack/security/user/matt_foley
{
"username": "matt_foley",
"password":"password1",
"roles": ["my_policy"],
"full_name": "Matt Foley",
"email": "mf@rivervan.com",
"metadata": {
"security_attributes": ["living", "in a van", "down by the river"]
}
}
PUT _xpack/security/user/jack_black
{
"username": "jack_black",
"password":"password1",
"roles": ["my_policy"],
"full_name": "Jack Black",
"email": "jb@tenaciousd.com",
"metadata": {
"security_attributes": ["living", "in a house", "down by the river"]
}
}
Oh and also the role json is wrong, the query should be
{"template":{"source":"{\"bool\": {\"filter\": [{\"terms_set\": {\"security_attributes\": {\"terms\": {{#toJson}}_user.metadata.security_attributes{{/toJson}},\"minimum_should_match_script\": {\"source\":\"params.num_terms\"}}}}]}}"}}
Thanks @jchannon, the blog post has now been updated
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.