Open albertzaharovits opened 2 weeks ago
Currently, the query roles API (_security/_query/role) uses a query-time runtime field when the queries refer to the role name. https://github.com/elastic/elasticsearch/blob/27b177938f9e78fa341a523bc8ff333e04939222/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/action/role/TransportQueryRoleAction.java#L87-L89
_security/_query/role
That's because the role name is not indexed, it becomes part of the doc's _id, which doesn't store field data that's necessary for querying. We should be indexing the role name to make it searchable without recurring to runtime fields.
I discussed it with @jfreden and we could either add a new migration or extend the existing role migration: https://github.com/elastic/elasticsearch/blob/27b177938f9e78fa341a523bc8ff333e04939222/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/support/SecurityMigrations.java#L71
Pinging @elastic/es-security (Team:Security)
Currently, the query roles API (
_security/_query/role
) uses a query-time runtime field when the queries refer to the role name. https://github.com/elastic/elasticsearch/blob/27b177938f9e78fa341a523bc8ff333e04939222/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/action/role/TransportQueryRoleAction.java#L87-L89That's because the role name is not indexed, it becomes part of the doc's _id, which doesn't store field data that's necessary for querying. We should be indexing the role name to make it searchable without recurring to runtime fields.
I discussed it with @jfreden and we could either add a new migration or extend the existing role migration: https://github.com/elastic/elasticsearch/blob/27b177938f9e78fa341a523bc8ff333e04939222/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/support/SecurityMigrations.java#L71