Hello,
I'm trying to add a query match for a role in XPACK and it doesn't seem to be working. I believe this is due to the match part getting wrapped in quotes.
POST _xpack/security/role/kibana_readall
{
"cluster": [],
"indices": [
{
"names": [ "aws*" ],
"privileges": [ "read" ],
"query": {
"term": {"class": "elb"}
}
}
],
"transient_metadata": {
"enabled": true
}
}
As you can see this should lock this role to the aws index AND documents that have class:elb but when I request the role back to me it's adding quotes:
GET _xpack/security/role/kibana_readall
{
"kibana_readall": {
"cluster": [],
"indices": [
{
"names": [
"aws*"
],
"privileges": [
"read"
],
"query": """{"term":{"class":"elb"}}"""
}
],
"run_as": [],
"metadata": {},
"transient_metadata": {
"enabled": true
}
}
}
This leads to a failure in Kibana when the user tries to search this index:
Error: Request to Elasticsearch failed: {"error":{"root_cause":[{"type":"exception","reason":"com.fasterxml.jackson.core.JsonParseException: Unexpected character ('\\' (code 92)): was expecting double-quote to start field name\n at [Source: { \\\"match\\\": { \\\"class\\\": \\\"elb\\\"}}; line: 1, column: 4]"}],"type":"search_phase_execution_exception","reason":"all shards failed","phase":"can_match","grouped":true,"failed_shards":[{"shard":0,"index":"aws-2018.05.18.10-1","node":"VYoBnbxiQECN9XLKQoE46Q","reason":{"type":"exception","reason":"com.fasterxml.jackson.core.JsonParseException: Unexpected character ('\\' (code 92)): was expecting double-quote to start field name\n at [Source: { \\\"match\\\": { \\\"class\\\": \\\"elb\\\"}}; line: 1, column: 4]","caused_by":{"type":"i_o_exception","reason":"Unexpected character ('\\' (code 92)): was expecting double-quote to start field name\n at [Source: { \\\"match\\\": { \\\"class\\\": \\\"elb\\\"}}; line: 1, column: 4]"}}}]},"status":500}
at https://kibana.myteksi.net/bundles/commons.bundle.js?v=16627:21:581063
at Function.Promise.try (https://kibana.myteksi.net/bundles/commons.bundle.js?v=16627:21:479643)
at https://kibana.myteksi.net/bundles/commons.bundle.js?v=16627:21:479031
at Array.map (<anonymous>)
at Function.Promise.map (https://kibana.myteksi.net/bundles/commons.bundle.js?v=16627:21:478989)
at callResponseHandlers (https://kibana.myteksi.net/bundles/commons.bundle.js?v=16627:21:580641)
at https://kibana.myteksi.net/bundles/commons.bundle.js?v=16627:21:569987
at processQueue (https://kibana.myteksi.net/bundles/vendors.bundle.js?v=16627:116:132456)
at https://kibana.myteksi.net/bundles/vendors.bundle.js?v=16627:116:133349
at Scope.$digest (https://kibana.myteksi.net/bundles/vendors.bundle.js?v=16627:116:144239)
at Scope.$apply (https://kibana.myteksi.net/bundles/vendors.bundle.js?v=16627:116:147018)
at done (https://kibana.myteksi.net/bundles/vendors.bundle.js?v=16627:116:100026)
at completeRequest (https://kibana.myteksi.net/bundles/vendors.bundle.js?v=16627:116:104697)
at XMLHttpRequest.xhr.onload (https://kibana.myteksi.net/bundles/vendors.bundle.js?v=16627:116:105435)