pub fn wrap_query(
body: &[u8],
filter: &[(FieldName, Value)],
) -> Result<Vec<u8>, RewriteError>Expand description
Wraps the query of a client search body so every match is additionally
constrained by filter term(s) the client cannot remove.
The client’s original query (or an implicit match_all when absent) becomes
the must clause of a freshly constructed bool; the partition filter
terms become its filter clause. All other top-level keys (size, sort,
_source, aggs, …) are preserved untouched.
When filter is non-empty (a shared index, where isolation depends on the
filter), the body is also screened for constructs that escape it, a global
aggregation or a suggest block, and rejected with RewriteError::Unfilterable
(docs/03 §5, NFR-S4). With an empty filter (a dedicated index/cluster, the
whole target belongs to the partition) nothing is screened.
§Errors
Returns RewriteError::InvalidJson if body is non-empty but not valid
JSON, RewriteError::NotAnObject if it is not a JSON object, or
RewriteError::Unfilterable if a partition filter is in force and the body
carries a construct that would bypass it.
§Examples
use osproxy_core::FieldName;
use serde_json::{json, Value};
use osproxy_rewrite::wrap_query;
let wrapped = wrap_query(
br#"{"query":{"match":{"msg":"hi"}}}"#,
&[(FieldName::from("_tenant"), Value::from("acme"))],
)
.unwrap();
let doc: Value = serde_json::from_slice(&wrapped).unwrap();
assert_eq!(doc["query"]["bool"]["filter"][0]["term"]["_tenant"], "acme");
assert_eq!(doc["query"]["bool"]["must"][0]["match"]["msg"], "hi");