It would be nice if the rules could contain some variables that are passed in the http headers. The idea would be that in the fields of the rules (like groups, hosts, uri_re, indices, kibana_index on index_rewrite we could put things like:
indices:
my_index@{MY_VAR1},
and MY_VAR1 was in fact read from the HTTP headers
Specially if it goes toward a more general mini key-value store attached to the request where rules can save useful information for those ahead in the evaluation chain.
Could be handy for the jwt_auth idea I’m about to post
Thanks a lot for working on this one, and for the very fast prototype! This looks very promising.
We’ve been testing the prototype, and ran into a couple of issues:
lowercase/uppercase. It looks like in the elasticsearch.yaml, the name of the variable has to be lowercase
The current approach is to have @var_name . In this model, how can we specify a suffix? Would it be possible to do something like @{var_name}, so that we can define exactly where the variable name ends?
Imagine that the rule refers to a non-existent header. At the moment, this will keep it with ‘@var_name’, which might not be what we want. Would it be possible to delete the entry if the variable does not exist in the header?