Hello,
I wanted to test the Field Level Security feature with version 1.16.20_es6.2.4
I have the following config:
- name: test with FLS
type: allow
auth_key_sha256: 3fc024c352d161d0603230608d883b58ece6f76f4fa6457a3a19ee3e6035db51
fields: ["~price"]
indices: ["test_*"]
verbosity: info
I see the following in the log
ALLOWED by { name: ‘test with FLS’, policy: ALLOW} req={ ID:935108978-1233956613#41, TYP:GetRequest, CGR:N/A, USR:acm_test_ro, BRS:true, KDX:null, ACT:indices:data/read/get, OA:172.31.0.70, DA:157.168.95.17, IDX:test_xfwb, MET:GET, PTH:/test_xfwb/_doc/3, CNT:<N/A>, HDR:{Authorization=, content-length=0, Connection=Keep-Alive, User-Agent=Apache-HttpClient/4.1.1 (java 1.5), Host=ch13x467:9200, Accept-Encoding=gzip,deflate}, HIS:[test with FLS->[auth_key_sha256->true, indices->true, fields->true]] }
But the response contains the field price:
GET /test_xfwb/_doc/3
{
“_index”: “test_xfwb”,
“_type”: “_doc”,
“_id”: “3”,
“_version”: 3,
“found”: true,
“_source”: {
“price”: 1222,
“name”: “Jeff”
}
}
Am I doing something wrong?