Bug #45607
openCeph Elasticsearch sync module not working with rgw_keystone_implicit_tenants=true
0%
Description
rgw_keystone_implicit_tenants = true implies that a bucket is saved as PROJECT_ID$BUCKET_NAME.
the payload of RGW tier ES that sends a search request to ES is formed and comes out like this:
{
"query": {
"bool": {
"must": [ {
"term": {
"bucket": "test"
}
}, {
"bool": {
"must": [ {
"term": {
"permissions": "xxxxxxxx$yyyyyyyy"
}
}, {
"term": {
"name": "little023"
}
}
]
}
}
]
}
}
}
'
The problem with this is that the standard ES analyzer breaks that string into two words, xxxxxxx and yyyyyyy. There is no way (that I found) to configure properly ES because "permissions" is a array of texts, so I was not able to do a proper mapping and relative explicit analyzer or search_analyzer. Putting the full index as analyzer keyword did not work for me.
I think the only solution is to modify the call to elasticsearch that instead of permission, calls permission.keyword as such:
curl -X GET "localhost:9200/objectstorage-metadata/_search?pretty" -H 'Content-Type: application/json' -d'
{
"query": {
"bool": {
"must": [
{
"term": {
"bucket": "obo5"
}
},
{
"bool": {
"must": [
{
"term": {
"permissions.keyword": "xxxxxxxxx$yyyyyyyyyy"
}
},
{
"term": {
"name": "little023"
}
}
]
}
}
]
}
}
}
'
Using permission.keyword solves the $ problem and correctly finds the permissions. As it is, the ES Sync module cannot work with rgw_keystone_implicit_tenants=true.
Any chance someone could have a look at this and eventually providing a patch? It should be a very very easy change.
Thanks,
Regards