Xpack Query Match Not working

djtecha · May 24, 2018, 7:07pm

Hello,
I'm trying to add a query match for a role in XPACK and it doesn't seem to be working. I believe this is due to the match part getting wrapped in quotes.

POST _xpack/security/role/kibana_readall
{
    "cluster": [],
    "indices": [
      {
        "names": [ "aws*" ],
        "privileges": [ "read" ],
        "query": {
          "term": {"class": "elb"}
        }
      }
    ],
    "transient_metadata": {
      "enabled": true
    }
 }

As you can see this should lock this role to the aws index AND documents that have class:elb but when I request the role back to me it's adding quotes:

GET _xpack/security/role/kibana_readall
 {
  "kibana_readall": {
    "cluster": [],
    "indices": [
      {
        "names": [
          "aws*"
        ],
        "privileges": [
          "read"
        ],
        "query": """{"term":{"class":"elb"}}"""
      }
    ],
    "run_as": [],
    "metadata": {},
    "transient_metadata": {
      "enabled": true
    }
  }
}

This leads to a failure in Kibana when the user tries to search this index:

    Error: Request to Elasticsearch failed: {"error":{"root_cause":[{"type":"exception","reason":"com.fasterxml.jackson.core.JsonParseException: Unexpected character ('\\' (code 92)): was expecting double-quote to start field name\n at [Source: { \\\"match\\\": { \\\"class\\\": \\\"elb\\\"}}; line: 1, column: 4]"}],"type":"search_phase_execution_exception","reason":"all shards failed","phase":"can_match","grouped":true,"failed_shards":[{"shard":0,"index":"aws-2018.05.18.10-1","node":"VYoBnbxiQECN9XLKQoE46Q","reason":{"type":"exception","reason":"com.fasterxml.jackson.core.JsonParseException: Unexpected character ('\\' (code 92)): was expecting double-quote to start field name\n at [Source: { \\\"match\\\": { \\\"class\\\": \\\"elb\\\"}}; line: 1, column: 4]","caused_by":{"type":"i_o_exception","reason":"Unexpected character ('\\' (code 92)): was expecting double-quote to start field name\n at [Source: { \\\"match\\\": { \\\"class\\\": \\\"elb\\\"}}; line: 1, column: 4]"}}}]},"status":500}
    at https://kibana.myteksi.net/bundles/commons.bundle.js?v=16627:21:581063
    at Function.Promise.try (https://kibana.myteksi.net/bundles/commons.bundle.js?v=16627:21:479643)
    at https://kibana.myteksi.net/bundles/commons.bundle.js?v=16627:21:479031
    at Array.map (<anonymous>)
    at Function.Promise.map (https://kibana.myteksi.net/bundles/commons.bundle.js?v=16627:21:478989)
    at callResponseHandlers (https://kibana.myteksi.net/bundles/commons.bundle.js?v=16627:21:580641)
    at https://kibana.myteksi.net/bundles/commons.bundle.js?v=16627:21:569987
    at processQueue (https://kibana.myteksi.net/bundles/vendors.bundle.js?v=16627:116:132456)
    at https://kibana.myteksi.net/bundles/vendors.bundle.js?v=16627:116:133349
    at Scope.$digest (https://kibana.myteksi.net/bundles/vendors.bundle.js?v=16627:116:144239)
    at Scope.$apply (https://kibana.myteksi.net/bundles/vendors.bundle.js?v=16627:116:147018)
    at done (https://kibana.myteksi.net/bundles/vendors.bundle.js?v=16627:116:100026)
    at completeRequest (https://kibana.myteksi.net/bundles/vendors.bundle.js?v=16627:116:104697)
    at XMLHttpRequest.xhr.onload (https://kibana.myteksi.net/bundles/vendors.bundle.js?v=16627:116:105435)

system · June 21, 2018, 7:10pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.