in example-apps/internal-knowledge-search/api/app.py [0:0]
def api_key():
search_app_name = request.args.get("app_name")
role_name = search_app_name + "-key-role"
default_role_descriptor = {}
default_role_descriptor[role_name] = {
"cluster": [],
"indices": [
{
"names": [search_app_name],
"privileges": ["read"],
"allow_restricted_indices": False,
}
],
"applications": [],
"run_as": [],
"metadata": {},
"transient_metadata": {"enabled": True},
"restriction": {"workflows": ["search_application_query"]},
}
identities_index = get_identities_index(search_app_name)
try:
persona = request.args.get("persona")
if persona == "":
raise ValueError("No persona specified")
role_descriptor = {}
if persona == "admin":
role_descriptor = default_role_descriptor
else:
identity = elasticsearch_client.get(index=identities_index, id=persona)
permissions = identity["_source"]["query"]["template"]["params"][
"access_control"
]
role_descriptor = {
"dls-role": {
"cluster": ["all"],
"indices": [
{
"names": [search_app_name],
"privileges": ["read"],
"query": {
"template": {
"params": {"access_control": permissions},
"source": """{