Negating a set of indices via java regex in the sg_roles

[Christian Moreno Moreno]

Hi all,

is possible negating a set of indices via java regex in the sg_roles?
We tried to do something like:

sg_all_access:
  cluster:
    - UNLIMITED
  indices:
    '/\!seo-*/':
      '*':
        - UNLIMITED
  tenants:
    adm_tenant: RW
    test_tenant_ro: RW


So, every index is permit only "seo-*" not. We tried with some differents systax but any of them run... is not permit negating a couple set of words?

Many Thanks,
Christian Moreno

* Search Guard version: 5.5.0

* Elasticsearch version: 5.5.0-16

* Java Version: java version "1.8.0_144"

* Until now only Free licence

[SG]

you can use whatever java regex supports: https://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html

Try '/(?!seo-.*$).*/' (no guarantees)

> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/a1fec70f-39d6-4147-b396-5125b29de172%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[Chris Cogdon]

On Monday, November 27, 2017 at 9:25:05 AM UTC-8, Search Guard wrote:

you can use whatever java regex supports: https://docs.oracle.com/javase/7/docs/api/java/util/regex/Pattern.html

Try '/(?!seo-.*$).*/' (no guarantees)

I'm having this issue today, too!

I have this:

  indices:

    '/^(?!endpoints$|thing1$|thing2$|thing3$).*/':

      '*':

        - ALL

And there was no match. Debugging says:

[2017-11-29T17:15:24,801][DEBUG][c.f.s.c.PrivilegesEvaluator] ---------- evaluate sg_role: sg_most_access

[2017-11-29T17:15:24,801][DEBUG][c.f.s.c.PrivilegesEvaluator]   Try wildcard match for *

[2017-11-29T17:15:24,801][DEBUG][c.f.s.c.PrivilegesEvaluator]   Wildcard match for *: [endpoints-123]

[2017-11-29T17:15:24,801][DEBUG][c.f.s.c.PrivilegesEvaluator]   matches for *, will check now types [*]

[2017-11-29T17:15:24,801][DEBUG][c.f.s.c.PrivilegesEvaluator] For index * remaining requested indextype: [IndexType [index=endpoints-123, type=*]]

[2017-11-29T17:15:24,801][DEBUG][c.f.s.c.PrivilegesEvaluator]   Try wildcard match for /^(?!endpoints$|thing1$|thing2$|thing3$)

[2017-11-29T17:15:24,801][DEBUG][c.f.s.c.PrivilegesEvaluator]   No wildcard match found for /^(?!endpoints$|thing1$|thing2$|thing3$)

[2017-11-29T17:15:24,801][DEBUG][c.f.s.c.PrivilegesEvaluator] For index /^(?!endpoints$|thing1$|thing2$|thing3$) remaining requested indextype: [IndexType [index=endpoints-123, type=*]]

[2017-11-29T17:15:24,801][DEBUG][c.f.s.c.PrivilegesEvaluator] Added to leftovers sg_most_access=>[IndexType [index=endpoints-123, type=*]]

I've tried the regex through a java regex tester and it had a match. It's as if it's not treating it as a regex. Also odd that the trailing / in the debug output got dropped.

[Chris Cogdon]

NEVERMIND!

I didn't realise the "don't put a dot in the index" actually refers to not having a dot anywhere in the key, since ES will expand that into subkeys.

Once I turned .* into (?:\s|\S)* , it worked a treat.

Oh, I realise now that the "^" is unnecessary, since the code will surround the given pattern with "^" and "$" for you, enforcing a "whole string match".