弹性搜索中所有匹配用户的角色映射
弹性搜索中所有匹配用户的角色映射
提问于 2020-07-12 17:50:37
如何在Elasticsearch中获取单个用户的所有角色映射。
我有这样的角色映射:
"sdbsd21tdsbjvbriuu": {
"enabled": true,
"roles": [
"kibana_dashboard_only_user",
"5e3bb57222b49800016b666f"
],
"rules": {
"all": [
{
"field": {
"realm.name": "oidc1"
}
},
{
"field": {
"username": [
"user001@one.com",
"User002@two.com",
"USER003@three.com"
]
}
}
]
},
"metadata": {
"migrated": false
}
}例如,user001@one.com可以存在于多个角色映射中。我想用user001@one.com获取所有的角色映射。怎么做?
我试图搜索security-7索引。但是,无法获得对此的单个搜索查询。
GET .security-7/_search
{
"query": {
"bool": {
"must": [
{
"term": {
"doc_type": "role-mapping"
}
}
]
}
}
}.security-7索引的映射是:
{
".security-7": {
"mappings": {
"dynamic": "strict",
"_meta": {
"security-version": "7.6.2"
},
"properties": {
"access_token": {
"properties": {
"invalidated": {
"type": "boolean"
},
"realm": {
"type": "keyword"
},
"user_token": {
"properties": {
"authentication": {
"type": "binary"
},
"expiration_time": {
"type": "date",
"format": "epoch_millis"
},
"id": {
"type": "keyword"
},
"metadata": {
"type": "object",
"dynamic": "false"
},
"version": {
"type": "integer"
}
}
}
}
},
"actions": {
"type": "keyword"
},
"api_key_hash": {
"type": "keyword",
"index": false,
"doc_values": false
},
"api_key_invalidated": {
"type": "boolean"
},
"application": {
"type": "keyword"
},
"applications": {
"properties": {
"application": {
"type": "keyword"
},
"privileges": {
"type": "keyword"
},
"resources": {
"type": "keyword"
}
}
},
"cluster": {
"type": "keyword"
},
"creation_time": {
"type": "date",
"format": "epoch_millis"
},
"creator": {
"properties": {
"metadata": {
"type": "object",
"dynamic": "false"
},
"principal": {
"type": "keyword"
},
"realm": {
"type": "keyword"
}
}
},
"doc_type": {
"type": "keyword"
},
"email": {
"type": "text",
"analyzer": "email"
},
"enabled": {
"type": "boolean"
},
"expiration_time": {
"type": "date",
"format": "epoch_millis"
},
"full_name": {
"type": "text"
},
"global": {
"properties": {
"application": {
"properties": {
"manage": {
"properties": {
"applications": {
"type": "keyword"
}
}
}
}
}
}
},
"indices": {
"properties": {
"allow_restricted_indices": {
"type": "boolean"
},
"field_security": {
"properties": {
"except": {
"type": "keyword"
},
"grant": {
"type": "keyword"
}
}
},
"names": {
"type": "keyword"
},
"privileges": {
"type": "keyword"
},
"query": {
"type": "keyword"
}
}
},
"limited_by_role_descriptors": {
"type": "object",
"enabled": false
},
"metadata": {
"type": "object",
"dynamic": "false"
},
"name": {
"type": "keyword"
},
"password": {
"type": "keyword",
"index": false,
"doc_values": false
},
"refresh_token": {
"properties": {
"client": {
"properties": {
"realm": {
"type": "keyword"
},
"type": {
"type": "keyword"
},
"user": {
"type": "keyword"
}
}
},
"invalidated": {
"type": "boolean"
},
"refresh_time": {
"type": "date",
"format": "epoch_millis"
},
"refreshed": {
"type": "boolean"
},
"superseding": {
"properties": {
"encrypted_tokens": {
"type": "binary"
},
"encryption_iv": {
"type": "binary"
},
"encryption_salt": {
"type": "binary"
}
}
},
"token": {
"type": "keyword"
}
}
},
"role_descriptors": {
"type": "object",
"enabled": false
},
"role_templates": {
"properties": {
"format": {
"type": "keyword"
},
"template": {
"type": "text"
}
}
},
"roles": {
"type": "keyword"
},
"rules": {
"type": "object",
"dynamic": "false"
},
"run_as": {
"type": "keyword"
},
"type": {
"type": "keyword"
},
"username": {
"type": "keyword"
},
"version": {
"type": "integer"
}
}
}
}
}编辑:
对这个问题的所有未来读者,我已经跟进了Elasticsearch团队。因为我有基于OIDC领域的角色映射。截至ElasticSearch7.8,我的问题没有解决办法。最好的方法是解析响应JSON。我已经采用了这种方法。。
回答 1
Stack Overflow用户
发布于 2020-07-13 04:39:34
您可以使用get用户API,为此您需要点击_security而不是.security-7索引,
当启用x-pack时,我创建了如下所示:
URL http://{{hostname}}:{{port}}/_security/user/foo
{
"username": "foo",
"full_name": "foo bar",
"email": "foo@gmail.com",
"password": "123456",
"roles": [
"ADMIN"
]
}然后使用get用户API,我可以获得它的详细信息:
只需将上面的方法更改为GET,您就会得到低于o/p的值,在这里您可以看到它的角色也显示出来了。
{
"foo": {
"username": "foo",
"roles": [
"ADMIN"
],
"full_name": "foo bar",
"email": "foo@gmail.com",
"metadata": {},
"enabled": true
}
}页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/62864570
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号