Allow access to authorized indices and filter unauthorized from list
it should be possible to read data when making request as
curl -XGET '/__es/logs-uninett-authorized-2016.04.14,logs-uninett-unauthorized-2016.04.14/_search?pretty' -d '{ "facets": { "0": { "date_histogram": { "field": "@timestamp", "interval": "30s" }, "global": true, "facet_filter": { "fquery": { "query": { "filtered": { "query": { "query_string": { "query": "*" } }, "filter": { "bool": { "must": [ { "range": { "@timestamp": { "from": 1460618361887, "to": 1460621961887 } } } ] } } } } } } } }, "size": 0 }'
To get data back from authorized index and filter our unauthorized one. This can be implemented as sending 302 redirect to client with rewritten url after filtering that index.
Let try to do this currently only for GET request with indices in the URI itself, not for multi search API (https://www.elastic.co/guide/en/elasticsearch/reference/1.7/search-multi-search.html).