mirror of
https://github.com/honeymoose/OpenSearch.git
synced 2025-02-06 13:08:29 +00:00
3f8bf7ccc8
This integrates SQL's metadata calls with security by creating `SqlIndicesAction` and routing all of SQL's metadata calls through it. Since it *does* know up from which indices it is working against it can be an `IndicesRequest.Replaceable` and integrate with the existing security infrastructure for filtering indices. This request is implemented fairly similarly to the `GetIndexAction` with the option to read from the master or from a local copy of cluster state. Currently SQL forces it to run on the local copy because the request doesn't properly support serialization. I'd like to implement that in a followup. Original commit: elastic/x-pack-elasticsearch@15f9512820
51 lines
817 B
YAML
51 lines
817 B
YAML
read_all:
|
|
indices:
|
|
- names: test
|
|
privileges: [read]
|
|
- names: bort
|
|
privileges: [read]
|
|
|
|
read_nothing:
|
|
|
|
read_something_else:
|
|
indices:
|
|
- names: something_that_isnt_test
|
|
privileges: [read]
|
|
|
|
read_test_a:
|
|
indices:
|
|
- names: test
|
|
privileges: [read]
|
|
field_security:
|
|
grant: [a]
|
|
|
|
read_test_a_and_b:
|
|
indices:
|
|
- names: test
|
|
privileges: [read]
|
|
field_security:
|
|
grant: ["*"]
|
|
except: [c]
|
|
|
|
read_test_without_c_3:
|
|
indices:
|
|
- names: test
|
|
privileges: [read]
|
|
query: |
|
|
{
|
|
"bool": {
|
|
"must_not": [
|
|
{
|
|
"match": {
|
|
"c": 3
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
|
|
read_bort:
|
|
indices:
|
|
- names: bort
|
|
privileges: [read]
|