honeymoose/OpenSearch
1
0
Fork 0
mirror of https://github.com/honeymoose/OpenSearch.git synced 2025-02-05 20:48:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
OpenSearch/docs/reference/ingest/processors/set-security-user.asciidoc
Yang Wang 16ba59e9d1
Expose more authentication info to ingest pipeline (#51305) (#52119) 
The changes add more granularity for identiying the data ingestion user.
The ingest pipeline can now be configure to record authentication realm and
type. It can also record API key name and ID when one is in use. 
This improves traceability when data are being ingested from multiple agents
and will become more relevant with the incoming support of required
pipelines (#46847)

Resolves: #49106
2020-02-11 23:05:01 +11:00

42 lines
1.8 KiB
Plaintext
Raw Blame History

[[ingest-node-set-security-user-processor]]
=== Set Security User Processor
Sets user-related details (such as `username`, `roles`, `email`, `full_name`,
`metadata`, `api_key`, `realm` and `authentication_type`) from the current
authenticated user to the current document by pre-processing the ingest.
The `api_key` property exists only if the user authenticates with an
API key. It is an object containing the `id` and `name` fields of the API key.
The `realm` property is also an object with two fields, `name` and `type`.
When using API key authentication, the `realm` property refers to the realm
from which the API key is created.
The `authentication_type` property is a string that can take value from
`REALM`, `API_KEY`, `TOKEN` and `ANONYMOUS`.
IMPORTANT: Requires an authenticated user for the index request.
[[set-security-user-options]]
.Set Security User Options
[options="header"]
|======
| Name | Required | Default | Description
| `field` | yes | - | The field to store the user information into.
| `properties` | no | [`username`, `roles`, `email`, `full_name`, `metadata`, `api_key`, `realm`, `authentication_type`] | Controls what user related properties are added to the `field`.
include::common-options.asciidoc[]
|======
The following example adds all user details for the current authenticated user
to the `user` field for all documents that are processed by this pipeline:
[source,js]
--------------------------------------------------
{
"processors" : [
{
"set_security_user": {
"field": "user"
}
}
]
}
--------------------------------------------------
// NOTCONSOLE
Reference in New Issue View Git Blame Copy Permalink