I can't find any information on how to allow access to specific SOLR core just for a single user. I am using SOLR7. This is what I've got:
security.json
{
"authentication": {
"blockUnknown": true,
"class": "solr.BasicAuthPlugin",
"credentials": {
"test_admin": "xxx",
"infographics": "xxx",
"test_user": "xxx"
},
"": {
"v": 0
}
},
"authorization": {
"class": "solr.RuleBasedAuthorizationPlugin",
"permissions": [
{
"name": "all",
"role": "admin",
"index": 1
},
{
"name": "update",
"role": "general",
"index": 2
},
{
"name": "read",
"role": [
"general",
"infographics",
"test_user"
],
"index": 3
},
{
"name": "collection-admin-read",
"role": "general",
"index": 4
},
{
"name": "core-admin-read",
"role": "general",
"index": 5
},
{
"name": "core-specific-permission",
"collection": "test-core",
"role": "test_user",
"before": 3,
"index": 6
}
],
"user-role": {
"test_admin": [
"admin",
"general"
],
"infographics": "infographics",
"test_user": "test_user"
},
"": {
"v": 0
}
}
}
I've added a permission for collection "test-core":
{
"name": "core-specific-permission",
"collection": "test-core",
"role": "test_user",
"before": 3,
"index": 6
}
I authenticate with test_user when calling: /solr/test-core/select?q=*:*, this works fine, but it also can access other cores, for e.g.: /solr/other-core/select?q=*:*.
If I remove test_user from read permission:
{
"name": "read",
"role": [
"general",
"infographics"
],
"index": 3
},
then I am not able to query any core. Getting 403. For test_user I'd like to allow access to only this core /solr/test-core/select?q=*:* and nothing else. Any idea how can I achieve this?
Related
I need to run a query that joins documents from two collections, I wrote an aggregation query but it takes too much time when running in the production database with many documents. Is there any way to write this query in a more efficient way?
Query in Mongo playground: https://mongoplayground.net/p/dLb3hsJHNYt
There are two collections users and activities. I need to run a query to get some users (from users collection), and also their last activity (from activities collection).
Database:
db={
"users": [
{
"_id": 1,
"email": "user1#gmail.com",
"username": "user1",
"country": "BR",
"creation_date": 1646873628
},
{
"_id": 2,
"email": "user2#gmail.com",
"username": "user2",
"country": "US",
"creation_date": 1646006402
}
],
"activities": [
{
"_id": 1,
"email": "user1#gmail.com",
"activity": "like",
"timestamp": 1647564787
},
{
"_id": 2,
"email": "user1#gmail.com",
"activity": "comment",
"timestamp": 1647564834
},
{
"_id": 3,
"email": "user2#gmail.com",
"activity": "like",
"timestamp": 1647564831
}
]
}
Inefficient Query:
db.users.aggregate([
{
// Get users using some filters
"$match": {
"$expr": {
"$and": [
{ "$not": { "$in": [ "$country", [ "AR", "CA" ] ] } },
{ "$gte": [ "$creation_date", 1646006400 ] },
{ "$lte": [ "$creation_date", 1648684800 ] }
]
}
}
},
{
// Get the last activity within the time range
"$lookup": {
"from": "activities",
"as": "last_activity",
"let": { "cur_email": "$email" },
"pipeline": [
{
"$match": {
"$expr": {
"$and": [
{ "$eq": [ "$email", "$$cur_email" ] },
{ "$gte": [ "$timestamp", 1647564787 ] },
{ "$lte": [ "$timestamp", 1647564834 ] }
]
}
}
},
{ "$sort": { "timestamp": -1 } },
{ "$limit": 1 }
]
}
},
{
// Remove users with no activity
"$match": {
"$expr": {
"$gt": [ { "$size": "$last_activity" }, 0 ] }
}
}
])
Result:
[
{
"_id": 1,
"country": "BR",
"creation_date": 1.646873628e+09,
"email": "user1#gmail.com",
"last_activity": [
{
"_id": 2,
"activity": "comment",
"email": "user1#gmail.com",
"timestamp": 1.647564788e+09
}
],
"username": "user1"
},
{
"_id": 2,
"country": "US",
"creation_date": 1.646006402e+09,
"email": "user2#gmail.com",
"last_activity": [
{
"_id": 3,
"activity": "like",
"email": "user2#gmail.com",
"timestamp": 1.647564831e+09
}
],
"username": "user2"
}
]
I'm more familiar with relational databases, so I'm struggling a little to run this query efficiently.
Thanks!
I have secured Solr (8.7.0) using JWTAuthTPlugin so I can use AAD from auth. I want to whitelist healthcheck metrics. I get 401 on all whitelisted request. I can login on Solr Admin using AAD
here's my security.json
{
"authentication": {
"class": "solr.JWTAuthPlugin",
"blockUnknown": false,
"wellKnownUrl": "https://login.microsoftonline.com/myTenant/v2.0/.well-known/openid-configuration",
"clientId": "myClientId",
"adminUiScope": "openid api://myAPIid/solr"
},
"authorization":{
"class":"solr.RuleBasedAuthorizationPlugin",
"permissions":[ {
"collection": null,
"name": "healthcheckv2",
"path": "/api/node/health",
"role": null
}, {
"collection": null,
"name": "healthcheckv1",
"path": "/solr/admin/info/health",
"role": null
}, {
"collection": null,
"name": "infosystem",
"path": "/solr/admin/info/system",
"role": null
}, {
"collection": null,
"name": "metrics",
"path": "/admin/metrics",
"role": null
}, {
"name": "security-edit",
"role": "admin"
}, {
"name": "collection-admin-edit",
"role": "admin"
}, {
"name": "core-admin-edit",
"role": "admin"
}, {
"name": "all",
"role": "*"
}],
"user-role": {
"solr": "admin"
}
}
}
What I'm missing?
Thanks!
After debugging Solr, seems that a RuleContainer rewrote the path to health check :
2021-06-14 18:19:52.941 DEBUG (qtp1581267786-21) [ ] o.e.j.r.h.RuleContainer rewrote /api/node/health to /solr/____v2/node/health
so we need to adjust the permission accordingly:
{
"collection": null,
"name": "healthcheckv2Rewrite",
"path": "/____v2/node/health",
"role": null
}
I am trying to get dynamic data from the slot
As per documentation and my basic test I am sending directive from launch request as like :
{'version': '1.0', 'response': {'outputSpeech': {'type': 'SSML', 'ssml': '<speak> Hi, welcome to developement dynamic slot. <break time="800ms"/>Please tell me the product name you would be interested in</speak>'}, 'card': {'type': 'Simple', 'title': 'Choose a Medicine.', 'content': 'Pick a Medicine.'}, 'reprompt': {'outputSpeech': {'type': 'SSML', 'ssml': '<speak><break time="5s"/>I am HERE to help You, Please tell me the product and country names you would be interested in.</speak>'}}, 'shouldEndSession': False}, 'directives': [{'type': 'Dialog.UpdateDynamicEntities', 'updateBehavior': 'REPLACE', 'types': [{'name': 'products', 'values': [{'id': 'grnTea', 'name': {'value': 'green tea', 'synonyms': ['matcha']}}, {'id': 'oolTea', 'name': {'value': 'oolong', 'synonyms': ['chinese tea', 'black dragon tea']}}]}]}]}
and when I'm trying to get data which is not statically store in a slot but added in directive slot value.
returns following output :
{ "version": "1.0", "session": { "new": false, "sessionId": "amzn1.echo-api.session.671181ed-1e50-4e4c-b70e-4d854fe7cb78", "application": { "applicationId": "amzn1.ask.skill.c35cd12c-6845-473e-be58-9b1139ee0adb" }, "user": { "userId": "amzn1.ask.account.sadasdsa", "permissions": { "consentToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjEifQ..XyWgyUIjDzzlZ12CR0lbZid6GxwZZYBgarlV-9difbkFjOTxrcvS9lJYWo-Db3wo-fIdXb_jZkCAJBtYPggqnJhLyyC-EDa0_u9aARKthF1_nkbLh5zDOHDb8MyyOYro4BJlqm4XBNd1qyeQUV2M4fdca1YSEnbEun_6kWOKeFRS-14zcwMj5E-MHcBbeDX799A_kay82kS8VGeMhSUsXPTZFrwOKHcFweJTqXFNOkBxME8kAFfS1JB5MNbA3TujVIsIgTBSNQaJeHRksConKt0u06ATrjffzFkcmbxDT5HoJH4NqDgS0y_GdtaeXQM3LJ-MN0-_DMX2QVEaL6kUUw" } } }, "context": { "System": { "application": { "applicationId": "amzn1.ask.skill.c35cd12c-6845-473e-be58-9b1139ee0adb" }, "user": { "userId": "amzn1.ask.account.aasdasdasdasdas", "permissions": { "consentToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjEifQ.asdjaskdhas.XyWgyUIjDzzlZ12CR0lbZid6GxwZZYBgarlV-9difbkFjOTxrcvS9lJYWo-Db3wo-fIdXb_jZkCAJBtYPggqnJhLyyC-EDa0_u9aARKthF1_nkbLh5zDOHDb8MyyOYro4BJlqm4XBNd1qyeQUV2M4fdca1YSEnbEun_6kWOKeFRS-14zcwMj5E-MHcBbeDX799A_kay82kS8VGeMhSUsXPTZFrwOKHcFweJTqXFNOkBxME8kAFfS1JB5MNbA3TujVIsIgTBSNQaJeHRksConKt0u06ATrjffzFkcmbxDT5HoJH4NqDgS0y_GdtaeXQM3LJ-MN0-_DMX2QVEaL6kUUw" } }, "device": { "deviceId": "amzn1.ask.device.ajshdjkhasjkhdkjsahkasdhjasd", "supportedInterfaces": {} }, "apiEndpoint": "https://api.eu.amazonalexa.com", "apiAccessToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjEifQ.asdhjashjdhajsd.RQhzWmnhN9K_dCbsFXBPPoLVzuwe5BWjAruwJNF1pVr11PiygVgQ64W3CNng2sK1thT2tl6r3GuRtG-1133Aw1KPWtMuHElu7CTrFfgAqW8blpK37PJIvPMOUGBw1rbrgCTMdy8Ua7qSFV_Y_wlOJaV3-apDGBqhQKE_-dE-ntWYZuIySlY3l8hBs_66eELS-LiL5DEDJk1hfvC2C6ZFB7A7P8mx4Hb71km-lYaElJS0-FDP0C-LdSp6dCbzV23W4JehtTGL4kJ1JEQgWyuNAAkt_HmPcEYlPp8T5RFceDuVuz-ZZBFyiVKuAN8VmxyFsmnC3SXi4yb3RKm1SCcorg" }, "Viewport": { "experiences": [ { "arcMinuteWidth": 246, "arcMinuteHeight": 144, "canRotate": false, "canResize": false } ], "shape": "RECTANGLE", "pixelWidth": 1024, "pixelHeight": 600, "dpi": 160, "currentPixelWidth": 1024, "currentPixelHeight": 600, "touch": [ "SINGLE" ], "video": { "codecs": [ "H_264_42", "H_264_41" ] } }, "Viewports": [ { "type": "APL", "id": "main", "shape": "RECTANGLE", "dpi": 160, "presentationType": "STANDARD", "canRotate": false, "configuration": { "current": { "video": { "codecs": [ "H_264_42", "H_264_41" ] }, "size": { "type": "DISCRETE", "pixelWidth": 1024, "pixelHeight": 600 } } } } ] }, "request": { "type": "IntentRequest", "requestId": "amzn1.echo-api.request.0f3b51f1-880b-483f-8410-3210e81e5b59", "timestamp": "2020-01-01T11:48:09Z", "locale": "en-IN", "intent": { "name": "productcheck", "confirmationStatus": "NONE", "slots": { "products": { "name": "products", "value": "green tea", "resolutions": { "resolutionsPerAuthority": [ { "authority": "amzn1.er-authority.echo-sdk.amzn1.ask.skill.c35cd12c-6845-473e-be58-9b1139ee0adb.products", "status": { "code": "ER_SUCCESS_NO_MATCH" } } ] }, "confirmationStatus": "NONE", "source": "USER" } } } } }
It's not added resolutions resolutionsPerAuthority's second(dynamic) element in the list.
anybody can help me out from this problem?
I tested your added directive exactly as pasted and the dynamic entity resolved as expected:
"slots": {
"products": {
"name": "products",
"value": "matcha",
"resolutions": {
"resolutionsPerAuthority": [
{
"authority": "amzn1.er-authority.echo-sdk.amzn1.ask.skill.****.products",
"status": {
"code": "ER_SUCCESS_NO_MATCH"
}
},
{
"authority": "amzn1.er-authority.echo-sdk.dynamic.amzn1.ask.skill.****.products",
"status": {
"code": "ER_SUCCESS_MATCH"
},
"values": [
{
"value": {
"name": "green tea",
"id": "grnTea"
}
}
]
}
]
},
"confirmationStatus": "NONE",
"source": "USER"
}
}
Could you share your skill's interaction model to investigate further?
How can I extract only the objects id and name from this JSON via jq?
The output should be look like the format below. This is just an example for the required output, the real one that I need is to catch the whole values id and name like in the JSON source.
This is the required output:
{
"name": "Auto Body Styles",
"id": "1.1"}
{
"name": "Convertible",
"id": "1.1.2"
}
This is the JSON source file:
{
"name": "Automotive",
"id": "1",
"categories": [
{
"name": "Auto Body Styles",
"id": "1.1",
"categories": [
{
"name": "Commercial Trucks",
"id": "1.1.1"
},
{
"name": "Convertible",
"id": "1.1.2"
},
{
"name": "Coupe",
"id": "1.1.3"
},
{
"name": "Crossover",
"id": "1.1.4"
},
{
"name": "Hatchback",
"id": "1.1.5"
},
{
"name": "Microcar",
"id": "1.1.6"
},
{
"name": "Minivan",
"id": "1.1.7"
},
{
"name": "Off-Road Vehicles",
"id": "1.1.8"
},
{
"name": "Pickup Trucks",
"id": "1.1.9"
},
{
"name": "Sedan",
"id": "1.1.10"
},
{
"name": "Station Wagon",
"id": "1.1.11"
},
{
"name": "SUV",
"id": "1.1.12"
},
{
"name": "Van",
"id": "1.1.13"
}
]
},
{
"name": "Auto Buying and Selling",
"id": "1.2"
},
{
"name": "Auto Insurance",
"id": "1.3"
},
{
"name": "Auto Parts",
"id": "1.4"
},
{
"name": "Auto Recalls",
"id": "1.5"
},
{
"name": "Auto Repair",
"id": "1.6"
},
{
"name": "Auto Safety",
"id": "1.7"
},
{
"name": "Auto Shows",
"id": "1.8"
},
{
"name": "Auto Technology",
"id": "1.9",
"categories": [
{
"name": "Auto Infotainment Technologies",
"id": "1.9.1"
},
{
"name": "Auto Navigation Systems",
"id": "1.9.2"
},
{
"name": "Auto Safety Technologies",
"id": "1.9.3"
}
]
},
{
"name": "Auto Type",
"id": "1.10",
"categories": [
{
"name": "Budget Cars",
"id": "1.10.1"
},
{
"name": "Certified Pre-Owned Cars",
"id": "1.10.2"
},
{
"name": "Classic Cars",
"id": "1.10.3"
},
{
"name": "Concept Cars",
"id": "1.10.4"
},
{
"name": "Driverless Cars",
"id": "1.10.5"
},
{
"name": "Green Vehicles",
"id": "1.10.6"
}
]
} ] }
i think what you want is Recursive Descent: ..
cat car.json | jq -r '.. | [.name?, .id?] | select(length>0) | #tsv'
to produce something like in your example,
cat car.json | jq -r '.. | {name:.name?, id:.id?}'
I have been working on Salesforce to Docusign Integration. I have multiple documents with Specific signer for each document i.e. one document should be send to one specific user, not all. But I want to do this in one Rest API call to docusign! The documents are stored in Accounts attachments which are created dynamically for each user which are specific to user.
I have been trying this using CompositeTemplates, what I am doing is, adding document and Signer in each inlineTemplate, But it is sending all the documents to all the users in sequence.
I don't want to show all document to all the user, they should see only document specific to them.
Below is the JSON which I am sending:
{
"status": "Sent",
"compositeTemplates": [
{
"inlineTemplates": [
{
"sequence": "1",
"recipients": {
"signers": [
{
"roleName": "Signer 1",
"recipientId": "1",
"name": "Anmol",
"email": "test#gmail.com"
}
]
},
"envelope": {
"status": "Sent",
"emailSubject": "test1"
},
"documents": [
{
"name": "Doc 1",
"fileExtension": "doc",
"documentId": "1",
"documentBase64": "JVBERi0xLjQKJeLjz9MKN58HkeCg8gJEomcWGJdEFtOYYklsXV2dlT6R6Owc+FXFMNSlpckKM6M/ioTGkROkEjkxBDrgthySkvMxGpQJYapHKWwcwXtRU9GCg=="
}
],
"customFields": {
"listCustomFields": [
{
"value": "00128000003tPKB",
"show": "true",
"required": "false",
"name": "Account",
"fieldId": "1",
"configurationType": "salesforce"
}
]
}
}
],
"compositeTemplateId": "1"
},
{
"inlineTemplates": [
{
"sequence": "1",
"recipients": {
"signers": [
{
"roleName": "Signer 2",
"recipientId": "1",
"name": "Anmol",
"email": "test1#gmail.com"
}
]
},
"envelope": {
"status": "Sent",
"emailSubject": "test2"
},
"documents": [
{
"name": "Doc 2",
"fileExtension": "doc",
"documentId": "2",
"documentBase64": "JVBERi0xLjYNJeLjz9MNCjEzIDAgb2JqDTw8L0xpbmVhcmlmDQoxMTYNCiUlRU9GDQo="
}
],
"customFields": {
"listCustomFields": [
{
"value": "00128000003tPKB",
"show": "true",
"required": "false",
"name": "Account",
"fieldId": "1",
"configurationType": "salesforce"
}
]
}
}
],
"compositeTemplateId": "2"
}
]
}
Any doc, code or suggestions about the approach I am following for this will be very helpful.
To do it in a single api call, specify the excludedDocuments property in the EnvelopeCreate request
excludedDocuments: Specifies the documents that are not visible to the recipient. Document Visibility must be enabled for the account and the enforceSignerVisibility property must be set to true for the envelope to use this.
Here is a sample Json for POST /v2/accounts/{accountId}/envelopes
Note: I have combined both your inline templates into a single inlineTemplate.
{
"status": "Sent",
"emailSubject": "Email Subject to all recipients",
"emailBlurb": "Email body to all recipients",
"compositeTemplates": [
{
"inlineTemplates": [
{
"sequence": "1",
"recipients": {
"signers": [
{
"recipientId": "1",
"name": "recipient one",
"email": "recipientone#dsxtr.com",
"excludedDocuments": [ "2" ]
},
{
"recipientId": "2",
"name": "recipient two",
"email": "recipienttwo#dsxtr.com",
"excludedDocuments": [ "1" ]
}
]
},
"documents": [
{
"name": "Doc 1",
"fileExtension": "doc",
"documentId": "1",
"documentBase64": ""
},
{
"name": "Doc 2",
"fileExtension": "doc",
"documentId": "2",
"documentBase64": ""
}
]
}
],
"compositeTemplateId": "1"
}
]
}
I believe you're looking for documentVisibility on the create envelope call.
There are other supporting documentVisibility endpoints here.