Hi,
Using elastic 6.1.2 and search guard 6.1.2-20.1, and setting up a solution which includes the following DSL configuration
sg_some_role:
indices:
'some_index':
'*':
- UNLIMITED
_dls_: '{"term": {"a_field": "${attr.jwt.a_claim}"}}'
This works fine, any result where the field does not match is excluded.
However, the type being filtered contains nested objects, and the search includes a nested query on this type. I notice that when the dsl is applied I loose all nested hits in the query result. Removing the dsl solves the problem.
Im guessing the solution is related to how the dsl query is applied? Any suggestions?
Regards,
Andreas