search

opensearch-project / security

🔐 Secure your cluster with TLS, numerous authentication backends, data masking, audit logging as well as role-based access control on indices, documents, and fields
https://opensearch.org/docs/latest/security-plugin/index/
Apache License 2.0
189 stars 272 forks source link

Add set security user ingest processor #4644

Open ng-druid opened 1 month ago

ng-druid commented 1 month ago

Is your feature request related to a problem? Please describe

I would like to include the authenticated user id as part of a document using an ingest pipeline processor. Additionally, roles even claims in the token used to authenticate.

Describe the solution you'd like

Elasticsearch provides a set security processor already.

https://www.elastic.co/guide/en/elasticsearch/reference/current/ingest-node-set-security-user-processor.html

I think this would satisfy user id but uncertain on roles, claims.

Ideally, have an option to embed specific user info, entire object with exclusions as either a standard nested object or flat object.

Describe alternatives you've considered

none

Additional context

It could be that the set security processor exists just needs to be added to the docs.

stephen-crawford commented 3 weeks ago

[Triage] Hi @ng-druid, thanks for filing this issue. This seems like a good feature request. Going to mark as triaged.