oadt
1
I am trying to setup document level security in Kibana to restrict documents access to specific user IDs.
If I use the following query in plain text, everything is fine :
{
"query": {
"ids": {
"values": ["dkolDnkBy3prm6DJqjkr", "jkolDnkBy3prm6DJuzlJ"]
}
}
}
But as soon as I use the following parameter substitution :
{
"query": {
"ids": {
"values": ${attr.jwt.IDs}
}
}
}
I get this json_parse_exception : “[ids] failed to parse field [values]”
{
\"query\": {
\"ids\": {
\"values\": [dkolDnkBy3prm6DJqjkr, jkolDnkBy3prm6DJuzlJ]
}
}
However, my JWT contains the following data :
"IDs": [
"dkolDnkBy3prm6DJqjkr",
"jkolDnkBy3prm6DJuzlJ"
]
I understand why Elasticsearch returns the json_parse_exception, but I would like to know why my JWT’s string array is misinterpreted.
Do you have any clue, or know a way to get around this problem?
ralph
2
as you can see in the 2nd example your values are not quoted.
see here: Setting up field and document level security | Elasticsearch Guide [7.10] | Elastic
If your metadata field contains an object or array, you can access it using the {{#toJson}}parameter{{/toJson}} function.
so that means you have to write:
{
"query": {
"ids": {
"values": {{#toJson}}attr.jwt.IDs{{/toJson}}
}
}
and then it should work.
oadt
3
I have already tried it, without success 
{
"query": {
"ids": {
"values": {{#toJson}}attr.jwt.IDs{{/toJson}}
}
}
results in
[ids] values doesn't support values of type: START_OBJECT
I understand that the parsing exception is caused by the missing quotes when the query is interpreted.
I do not understand why the quotes, which are present in the JWT, are stripped away when passed as a variable.
I am quite new to ES. Is there any way to see the output of {{#toJson}}attr.jwt.IDs{{/toJson}} to understand where the error occurs?