Module org.elasticsearch.security
Class ApiKeyBoolQueryBuilder
java.lang.Object
org.elasticsearch.index.query.AbstractQueryBuilder<BoolQueryBuilder>
org.elasticsearch.index.query.BoolQueryBuilder
org.elasticsearch.xpack.security.support.ApiKeyBoolQueryBuilder
- All Implemented Interfaces:
NamedWriteable,VersionedNamedWriteable,Writeable,QueryBuilder,Rewriteable<QueryBuilder>,org.elasticsearch.xcontent.ToXContent,org.elasticsearch.xcontent.ToXContentObject
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.elasticsearch.xcontent.ToXContent
org.elasticsearch.xcontent.ToXContent.DelegatingMapParams, org.elasticsearch.xcontent.ToXContent.MapParams, org.elasticsearch.xcontent.ToXContent.ParamsNested classes/interfaces inherited from interface org.elasticsearch.common.io.stream.Writeable
Writeable.Reader<V>, Writeable.Writer<V> -
Field Summary
Fields inherited from class org.elasticsearch.index.query.BoolQueryBuilder
ADJUST_PURE_NEGATIVE_DEFAULT, NAMEFields inherited from class org.elasticsearch.index.query.AbstractQueryBuilder
boost, BOOST_FIELD, DEFAULT_BOOST, NAME_FIELD, queryNameFields inherited from interface org.elasticsearch.index.query.Rewriteable
MAX_REWRITE_ROUNDSFields inherited from interface org.elasticsearch.xcontent.ToXContent
EMPTY, EMPTY_PARAMS -
Method Summary
Modifier and TypeMethodDescriptionstatic ApiKeyBoolQueryBuilderbuild(QueryBuilder queryBuilder, Consumer<String> fieldNameVisitor, Authentication authentication) Build a bool query that is specialised for query API keys information from the security index.protected QueryBuilderdoRewrite(QueryRewriteContext queryRewriteContext) protected org.apache.lucene.search.QuerydoToQuery(SearchExecutionContext context) Methods inherited from class org.elasticsearch.index.query.BoolQueryBuilder
adjustPureNegative, adjustPureNegative, doEquals, doHashCode, doWriteTo, doXContent, extractInnerHitBuilders, filter, filter, fromXContent, getMinimalSupportedVersion, getWriteableName, hasClauses, minimumShouldMatch, minimumShouldMatch, minimumShouldMatch, must, must, mustNot, mustNot, shallowCopy, should, shouldMethods inherited from class org.elasticsearch.index.query.AbstractQueryBuilder
addValidationError, boost, boost, boostAndQueryNameToXContent, checkNegativeBoost, declareStandardFields, doCoordinatorRewrite, doIndexMetadataRewrite, doInnerHitsRewrite, doSearchRewrite, equals, getMaxNestedDepth, getName, hashCode, parseInnerQueryBuilder, parseTopLevelQuery, parseTopLevelQuery, printBoostAndQueryName, queryName, queryName, readQueries, requireValue, rewrite, setMaxNestedDepth, throwParsingExceptionOnMultipleFields, toQuery, toString, toXContent, writeQueries, writeToMethods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, waitMethods inherited from interface org.elasticsearch.xcontent.ToXContentObject
isFragmentMethods inherited from interface org.elasticsearch.common.io.stream.VersionedNamedWriteable
supportsVersion
-
Method Details
-
build
public static ApiKeyBoolQueryBuilder build(QueryBuilder queryBuilder, Consumer<String> fieldNameVisitor, @Nullable Authentication authentication) Build a bool query that is specialised for query API keys information from the security index. The method processes the given QueryBuilder to ensure: * Only fields from an allowlist are queried * Only query types from an allowlist are used * Field names used in the Query DSL get translated into corresponding names used at the index level. This helps decouple the user facing and implementation level changes. * User's security context gets applied when necessary * Not exposing any other types of documents stored in the same security index- Parameters:
queryBuilder- This represents the query parsed directly from the user input. It is validated and transformed (see above).fieldNameVisitor- ThisConsumeris invoked with all the (index-level) field names referred to in the passed-in query.authentication- The user's authentication object. If present, it will be used to filter the results to only include API keys owned by the user.- Returns:
- A specialised query builder for API keys that is safe to run on the security index.
-
doToQuery
protected org.apache.lucene.search.Query doToQuery(SearchExecutionContext context) throws IOException - Overrides:
doToQueryin classBoolQueryBuilder- Throws:
IOException
-
doRewrite
- Overrides:
doRewritein classBoolQueryBuilder- Throws:
IOException
-