Elasticsearch: Doc: Provide an example for substituting an array of roles into role template query

Created on 5 Mar 2018  路  5Comments  路  Source: elastic/elasticsearch

Original comment by @ppf2:

It's common for the template query for roles to be a terms query with multiple roles instead of using a term query with a single role. When using a terms query, it will be nice to provide an example (here, i.e. directly in the DLS section of the x-pack security guide) of using search templates for substituting in an array of _user.roles so users will not have to go figure out how to do this using search template syntax (most users are not familiar with search templates so this will help make the getting started experience better for DLS), e.g., 

        "template": {
          "inline": """{"terms": {"group_names.keyword": {{#toJson}}_user.roles{{/toJson}} }}"""
        }
:SecuritAuthorization >docs
Source
picture elasticmachine

Most helpful comment

@jrodewig

Yes you are right, thanks for PR, now I got it to work this way and this time no deprecation warning as you said : 

POST /_security/role/example3
{
  "indices" : [
    {
      "names" : [ "my-index-000001" ],
      "privileges" : [ "read" ],
      "query" : {
        "template" : {
          "source" : "{ \"terms\": { \"group.statuses\": {{#toJson}}_user.metadata.statuses{{/toJson}} } }"
        }
      }
    }
  ]
}
picture jguay on 15 Oct 2020
🚀1 🎉1

All 5 comments

[docs issue triage] Closing as stale.

jrodewig picture jrodewig on 1 Nov 2019

I would like to reopen as the doc bug still exists here.

Using example3 will return an error containing : 

"type" : "parsing_exception",
"reason" : "[terms] query does not support [group.statuses]",

Example3 currently reads :

POST /_security/role/example3
{
  "indices" : [
    {
      "names" : [ "my-index-000001" ],
      "privileges" : [ "read" ],
      "query" : {
        "template" : {
          "source" : {
            "terms" : { "group.statuses" : "{{#toJson}}_user.metadata.statuses{{/toJson}}" }
          }
        }
      }
    }
  ]
}

This should be replaced with : 

POST /_security/role/example3
{
  "indices" : [
    {
      "names" : [ "my-index-000001" ],
      "privileges" : [ "read" ],
      "query" : {
        "template" : {
            "inline": """{"terms": {"group.statuses": {{#toJson}}_user.metadata.statuses{{/toJson}} }}"""

        }
      }
    }
  ]
}
jguay picture jguay on 15 Oct 2020

Actually this works in 7.9.2 but gives a deprecation warning, this might need to be reviewed to find the right non-deprecated syntax, I am checking further

jguay picture jguay on 15 Oct 2020

Thanks for reopening @jguay. You're right; it looks like the current snippet is missing some escaping in some form.

I'll test this out and open a PR to fix.

jrodewig picture jrodewig on 15 Oct 2020
👍1

@jrodewig

Yes you are right, thanks for PR, now I got it to work this way and this time no deprecation warning as you said : 

POST /_security/role/example3
{
  "indices" : [
    {
      "names" : [ "my-index-000001" ],
      "privileges" : [ "read" ],
      "query" : {
        "template" : {
          "source" : "{ \"terms\": { \"group.statuses\": {{#toJson}}_user.metadata.statuses{{/toJson}} } }"
        }
      }
    }
  ]
}
jguay picture jguay on 15 Oct 2020
🚀1 🎉1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

matthughes picture matthughes  路  3Comments
DhairyashilBhosale picture DhairyashilBhosale  路  3Comments
abrahamduran picture abrahamduran  路  3Comments
rbayliss picture rbayliss  路  3Comments
Praveen82 picture Praveen82  路  3Comments