Hello,
We just installed lates Open Distro for Elasticsearch - 1.0.0 with Security plugin and Kibana.
And we are started to configure ABAC based on the example: https://opendistro.github.io/for-elasticsearch-docs/docs/security-access-control/document-level-security/
We have a user with attributes: ID: “1234”, “12345”
We have a role: User-ID
With the following DLSQ:
{
"terms_set": {
"ID": {
"terms": [
"${attr.internal.ID}"
],
"minimum_should_match_script": {
"source": "1"
}
}
}
}
And it shows the data only when we set only one user attribute and without quotes: ID: 123
, or ID: 456
but not both.
It dowesn’t work with the:
ID: 123, 456
- 0 hits
ID: "123"
- Discover: failed to wrap searcher
ID: "123", "456"
- Discover: failed to wrap searcher
Error: Request to Elasticsearch failed: {"error":{"root_cause":[{"type":"exception","reason":"failed to wrap searcher"}],"type":"search_phase_execution_exception","reason":"all shards failed","phase":"query","grouped":true,"failed_shards":[{"shard":0,"index":"user-log-2019-07-22","node":"IoqM6u52Q8SJBFkgfTe3SZ","reason":{"type":"exception","reason":"failed to wrap searcher","caused_by":{"type":"i_o_exception","reason":"java.util.concurrent.ExecutionException: com.fasterxml.jackson.core.JsonParseException: Unexpected character ('2' (code 50)): was expecting comma to separate Array entries\n at [Source: java.io.StringReader@4875e49a; line: 5, column: 11]","caused_by":{"type":"execution_exception","reason":"execution_exception: com.fasterxml.jackson.core.JsonParseException: Unexpected character ('2' (code 50)): was expecting comma to separate Array entries\n at [Source: java.io.StringReader@4875e49a; line: 5, column: 11]","caused_by":{"type":"i_o_exception","reason":"Unexpected character ('2' (code 50)): was expecting comma to separate Array entries\n at [Source: java.io.StringReader@4875e49a; line: 5, column: 11]"}}}}}]},"status":500}
KbnError@https://kibana.dev/bundles/commons.bundle.js:12:40128
RequestFailure@https://kibana.dev/bundles/commons.bundle.js:12:40632
callResponseHandlers/<@https://kibana.dev/bundles/commons.bundle.js:68:977057
Promise.try@https://kibana.dev/bundles/commons.bundle.js:20:3027968
Promise.map/<@https://kibana.dev/bundles/commons.bundle.js:20:3027334
Promise.map@https://kibana.dev/bundles/commons.bundle.js:20:3027295
callResponseHandlers@https://kibana.dev/bundles/commons.bundle.js:68:976069
fetchSearchResults/<@https://kibana.dev/bundles/commons.bundle.js:68:958029
processQueue@https://kibana.dev/built_assets/dlls/vendors.bundle.dll.js:293:199687
scheduleProcessQueue/<@https://kibana.dev/built_assets/dlls/vendors.bundle.dll.js:293:200650
$digest@https://kibana.dev/built_assets/dlls/vendors.bundle.dll.js:293:210412
$evalAsync/<@https://kibana.dev/built_assets/dlls/vendors.bundle.dll.js:293:212944
completeOutstandingRequest@https://kibana.dev/built_assets/dlls/vendors.bundle.dll.js:293:64425
Browser/self.defer/timeoutId<@https://kibana.dev/built_assets/dlls/vendors.bundle.dll.js:293:67267
But it works fine if we place IDs in the DLSQ:
{
"terms_set": {
"ID": {
"terms": [
"123",
"456"
],
"minimum_should_match_script": {
"source": "1"
}
}
}
}
What may be wrong?
Thank you!