[DOCS] Enable testing for API key examples (#39583)
This commit is contained in:
parent
69f5869707
commit
696cb22e4a
|
@ -1,6 +1,6 @@
|
||||||
[role="xpack"]
|
[role="xpack"]
|
||||||
[[security-api-create-api-key]]
|
[[security-api-create-api-key]]
|
||||||
=== Create API Key API
|
=== Create API key API
|
||||||
++++
|
++++
|
||||||
<titleabbrev>Create API keys</titleabbrev>
|
<titleabbrev>Create API keys</titleabbrev>
|
||||||
++++
|
++++
|
||||||
|
@ -20,14 +20,15 @@ you can explicitly enable the `xpack.security.authc.api_key.enabled` setting. Wh
|
||||||
you are running in production mode, a bootstrap check prevents you from enabling
|
you are running in production mode, a bootstrap check prevents you from enabling
|
||||||
the API key service unless you also enable TLS on the HTTP interface.
|
the API key service unless you also enable TLS on the HTTP interface.
|
||||||
|
|
||||||
A successful create API key API call returns a JSON structure that contains
|
A successful create API key API call returns a JSON structure that contains the
|
||||||
the unique id, the name to identify API key, the API key and the expiration if
|
API key, its unique id, and its name. If applicable, it also returns expiration
|
||||||
applicable for the API key in milliseconds.
|
information for the API key in milliseconds.
|
||||||
|
|
||||||
NOTE: By default API keys never expire. You can specify expiration at the time of
|
NOTE: By default, API keys never expire. You can specify expiration information
|
||||||
creation for the API keys.
|
when you create the API keys.
|
||||||
|
|
||||||
See <<api-key-service-settings>> for configuration settings related to API key service.
|
See <<api-key-service-settings>> for configuration settings related to API key
|
||||||
|
service.
|
||||||
|
|
||||||
==== Request Body
|
==== Request Body
|
||||||
|
|
||||||
|
@ -36,15 +37,16 @@ The following parameters can be specified in the body of a POST or PUT request:
|
||||||
`name`::
|
`name`::
|
||||||
(string) Specifies the name for this API key.
|
(string) Specifies the name for this API key.
|
||||||
|
|
||||||
`role_descriptors`::
|
`role_descriptors` (required)::
|
||||||
(array-of-role-descriptor) Optional array of role descriptor for this API key. The role descriptor
|
(array-of-role-descriptor) An array of role descriptors for this API key. This
|
||||||
must be a subset of permissions of the authenticated user. The structure of role
|
parameter is required but can be an empty array, which applies the permissions
|
||||||
descriptor is same as the request for create role API. For more details on role
|
of the authenticated user. If you supply role descriptors, they must be a subset
|
||||||
see <<security-api-roles, Role Management APIs>>.
|
of the authenticated user's permissions. The structure of role descriptor is the
|
||||||
If the role descriptors are not provided then permissions of the authenticated user are applied.
|
same as the request for create role API. For more details, see
|
||||||
|
<<security-api-roles,role management APIs>>.
|
||||||
|
|
||||||
`expiration`::
|
`expiration`::
|
||||||
(string) Optional expiration time for the API key. By default API keys never expire.
|
(string) Optional expiration time for the API key. By default, API keys never expire.
|
||||||
|
|
||||||
==== Examples
|
==== Examples
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
[role="xpack"]
|
[role="xpack"]
|
||||||
[[security-api-get-api-key]]
|
[[security-api-get-api-key]]
|
||||||
=== Get API Key information API
|
=== Get API key information API
|
||||||
++++
|
++++
|
||||||
<titleabbrev>Get API key information</titleabbrev>
|
<titleabbrev>Get API key information</titleabbrev>
|
||||||
++++
|
++++
|
||||||
|
@ -22,38 +22,70 @@ The following parameters can be specified in the query parameters of a GET reque
|
||||||
pertain to retrieving api keys:
|
pertain to retrieving api keys:
|
||||||
|
|
||||||
`id` (optional)::
|
`id` (optional)::
|
||||||
(string) An API key id. This parameter cannot be used with any of `name`, `realm_name` or
|
(string) An API key id. This parameter cannot be used with any of `name`,
|
||||||
`username` are used.
|
`realm_name` or `username` are used.
|
||||||
|
|
||||||
`name` (optional)::
|
`name` (optional)::
|
||||||
(string) An API key name. This parameter cannot be used with any of `id`, `realm_name` or
|
(string) An API key name. This parameter cannot be used with any of `id`,
|
||||||
`username` are used.
|
`realm_name` or `username` are used.
|
||||||
|
|
||||||
`realm_name` (optional)::
|
`realm_name` (optional)::
|
||||||
(string) The name of an authentication realm. This parameter cannot be used with either `id` or `name`.
|
(string) The name of an authentication realm. This parameter cannot be used with
|
||||||
|
either `id` or `name`.
|
||||||
|
|
||||||
`username` (optional)::
|
`username` (optional)::
|
||||||
(string) The username of a user. This parameter cannot be used with either `id` or `name`.
|
(string) The username of a user. This parameter cannot be used with either `id`
|
||||||
|
or `name`.
|
||||||
|
|
||||||
NOTE: While all parameters are optional, at least one of them is required.
|
NOTE: While all parameters are optional, at least one of them is required.
|
||||||
|
|
||||||
==== Examples
|
==== Examples
|
||||||
|
|
||||||
The following example to retrieve the API key identified by specified `id`:
|
If you create an API key as follows:
|
||||||
|
|
||||||
|
[source, js]
|
||||||
|
------------------------------------------------------------
|
||||||
|
POST /_security/api_key
|
||||||
|
{
|
||||||
|
"name": "my-api-key",
|
||||||
|
"role_descriptors": {}
|
||||||
|
}
|
||||||
|
------------------------------------------------------------
|
||||||
|
// CONSOLE
|
||||||
|
// TEST
|
||||||
|
|
||||||
|
A successful call returns a JSON structure that provides
|
||||||
|
API key information. For example:
|
||||||
|
|
||||||
[source,js]
|
[source,js]
|
||||||
--------------------------------------------------
|
--------------------------------------------------
|
||||||
GET /_security/api_key?id=dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==
|
{
|
||||||
|
"id":"VuaCfGcBCdbkQm-e5aOx",
|
||||||
|
"name":"my-api-key",
|
||||||
|
"api_key":"ui2lp2axTNmsyakw9tvNnw"
|
||||||
|
}
|
||||||
--------------------------------------------------
|
--------------------------------------------------
|
||||||
// NOTCONSOLE
|
// TESTRESPONSE[s/VuaCfGcBCdbkQm-e5aOx/$body.id/]
|
||||||
|
// TESTRESPONSE[s/ui2lp2axTNmsyakw9tvNnw/$body.api_key/]
|
||||||
|
|
||||||
whereas the following example to retrieve the API key identified by specified `name`:
|
You can use the following example to retrieve the API key by ID:
|
||||||
|
|
||||||
[source,js]
|
[source,js]
|
||||||
--------------------------------------------------
|
--------------------------------------------------
|
||||||
GET /_security/api_key?name=hadoop_myuser_key
|
GET /_security/api_key?id=VuaCfGcBCdbkQm-e5aOx
|
||||||
--------------------------------------------------
|
--------------------------------------------------
|
||||||
// NOTCONSOLE
|
// CONSOLE
|
||||||
|
// TEST[s/VuaCfGcBCdbkQm-e5aOx/$body.id/]
|
||||||
|
// TEST[continued]
|
||||||
|
|
||||||
|
You can use the following example to retrieve the API key by name:
|
||||||
|
|
||||||
|
[source,js]
|
||||||
|
--------------------------------------------------
|
||||||
|
GET /_security/api_key?name=my-api-key
|
||||||
|
--------------------------------------------------
|
||||||
|
// CONSOLE
|
||||||
|
// TEST[continued]
|
||||||
|
|
||||||
The following example retrieves all API keys for the `native1` realm:
|
The following example retrieves all API keys for the `native1` realm:
|
||||||
|
|
||||||
|
@ -61,7 +93,8 @@ The following example retrieves all API keys for the `native1` realm:
|
||||||
--------------------------------------------------
|
--------------------------------------------------
|
||||||
GET /_security/api_key?realm_name=native1
|
GET /_security/api_key?realm_name=native1
|
||||||
--------------------------------------------------
|
--------------------------------------------------
|
||||||
// NOTCONSOLE
|
// CONSOLE
|
||||||
|
// TEST[continued]
|
||||||
|
|
||||||
The following example retrieves all API keys for the user `myuser` in all realms:
|
The following example retrieves all API keys for the user `myuser` in all realms:
|
||||||
|
|
||||||
|
@ -69,7 +102,8 @@ The following example retrieves all API keys for the user `myuser` in all realms
|
||||||
--------------------------------------------------
|
--------------------------------------------------
|
||||||
GET /_security/api_key?username=myuser
|
GET /_security/api_key?username=myuser
|
||||||
--------------------------------------------------
|
--------------------------------------------------
|
||||||
// NOTCONSOLE
|
// CONSOLE
|
||||||
|
// TEST[continued]
|
||||||
|
|
||||||
Finally, the following example retrieves all API keys for the user `myuser` in
|
Finally, the following example retrieves all API keys for the user `myuser` in
|
||||||
the `native1` realm immediately:
|
the `native1` realm immediately:
|
||||||
|
@ -78,7 +112,8 @@ Finally, the following example retrieves all API keys for the user `myuser` in
|
||||||
--------------------------------------------------
|
--------------------------------------------------
|
||||||
GET /_security/api_key?username=myuser&realm_name=native1
|
GET /_security/api_key?username=myuser&realm_name=native1
|
||||||
--------------------------------------------------
|
--------------------------------------------------
|
||||||
// NOTCONSOLE
|
// CONSOLE
|
||||||
|
// TEST[continued]
|
||||||
|
|
||||||
A successful call returns a JSON structure that contains the information of one or more API keys that were retrieved.
|
A successful call returns a JSON structure that contains the information of one or more API keys that were retrieved.
|
||||||
|
|
||||||
|
@ -112,7 +147,8 @@ A successful call returns a JSON structure that contains the information of one
|
||||||
<2> Id for the API key
|
<2> Id for the API key
|
||||||
<3> Name of the API key
|
<3> Name of the API key
|
||||||
<4> Creation time for the API key in milliseconds
|
<4> Creation time for the API key in milliseconds
|
||||||
<5> optional expiration time for the API key in milliseconds
|
<5> Optional expiration time for the API key in milliseconds
|
||||||
<6> invalidation status for the API key, `true` if the key has been invalidated else `false`
|
<6> Invalidation status for the API key. If the key has been invalidated, it has
|
||||||
<7> principal for which this API key was created
|
a value of `true`. Otherwise, it is `false`.
|
||||||
<8> realm name of the principal for which this API key was created
|
<7> Principal for which this API key was created
|
||||||
|
<8> Realm name of the principal for which this API key was created
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
[role="xpack"]
|
[role="xpack"]
|
||||||
[[security-api-invalidate-api-key]]
|
[[security-api-invalidate-api-key]]
|
||||||
=== Invalidate API Key API
|
=== Invalidate API key API
|
||||||
++++
|
++++
|
||||||
<titleabbrev>Invalidate API key</titleabbrev>
|
<titleabbrev>Invalidate API key</titleabbrev>
|
||||||
++++
|
++++
|
||||||
|
@ -13,8 +13,8 @@ Invalidates one or more API keys.
|
||||||
|
|
||||||
==== Description
|
==== Description
|
||||||
|
|
||||||
The API keys created by <<security-api-create-api-key,create API Key>> can be invalidated
|
The API keys created by <<security-api-create-api-key,create API Key>> can be
|
||||||
using this API.
|
invalidated using this API.
|
||||||
|
|
||||||
==== Request Body
|
==== Request Body
|
||||||
|
|
||||||
|
@ -22,46 +22,79 @@ The following parameters can be specified in the body of a DELETE request and
|
||||||
pertain to invalidating api keys:
|
pertain to invalidating api keys:
|
||||||
|
|
||||||
`id` (optional)::
|
`id` (optional)::
|
||||||
(string) An API key id. This parameter cannot be used with any of `name`, `realm_name` or
|
(string) An API key id. This parameter cannot be used with any of `name`,
|
||||||
`username` are used.
|
`realm_name` or `username` are used.
|
||||||
|
|
||||||
`name` (optional)::
|
`name` (optional)::
|
||||||
(string) An API key name. This parameter cannot be used with any of `id`, `realm_name` or
|
(string) An API key name. This parameter cannot be used with any of `id`,
|
||||||
`username` are used.
|
`realm_name` or `username` are used.
|
||||||
|
|
||||||
`realm_name` (optional)::
|
`realm_name` (optional)::
|
||||||
(string) The name of an authentication realm. This parameter cannot be used with either `api_key_id` or `api_key_name`.
|
(string) The name of an authentication realm. This parameter cannot be used with
|
||||||
|
either `api_key_id` or `api_key_name`.
|
||||||
|
|
||||||
`username` (optional)::
|
`username` (optional)::
|
||||||
(string) The username of a user. This parameter cannot be used with either `api_key_id` or `api_key_name`.
|
(string) The username of a user. This parameter cannot be used with either
|
||||||
|
`api_key_id` or `api_key_name`.
|
||||||
|
|
||||||
NOTE: While all parameters are optional, at least one of them is required.
|
NOTE: While all parameters are optional, at least one of them is required.
|
||||||
|
|
||||||
==== Examples
|
==== Examples
|
||||||
|
|
||||||
|
If you create an API key as follows:
|
||||||
|
|
||||||
|
[source, js]
|
||||||
|
------------------------------------------------------------
|
||||||
|
POST /_security/api_key
|
||||||
|
{
|
||||||
|
"name": "my-api-key",
|
||||||
|
"role_descriptors": {}
|
||||||
|
}
|
||||||
|
------------------------------------------------------------
|
||||||
|
// CONSOLE
|
||||||
|
// TEST
|
||||||
|
|
||||||
|
A successful call returns a JSON structure that provides
|
||||||
|
API key information. For example:
|
||||||
|
|
||||||
|
[source,js]
|
||||||
|
--------------------------------------------------
|
||||||
|
{
|
||||||
|
"id":"VuaCfGcBCdbkQm-e5aOx",
|
||||||
|
"name":"my-api-key",
|
||||||
|
"api_key":"ui2lp2axTNmsyakw9tvNnw"
|
||||||
|
}
|
||||||
|
--------------------------------------------------
|
||||||
|
// TESTRESPONSE[s/VuaCfGcBCdbkQm-e5aOx/$body.id/]
|
||||||
|
// TESTRESPONSE[s/ui2lp2axTNmsyakw9tvNnw/$body.api_key/]
|
||||||
|
|
||||||
The following example invalidates the API key identified by specified `id` immediately:
|
The following example invalidates the API key identified by specified `id` immediately:
|
||||||
|
|
||||||
[source,js]
|
[source,js]
|
||||||
--------------------------------------------------
|
--------------------------------------------------
|
||||||
DELETE /_security/api_key
|
DELETE /_security/api_key
|
||||||
{
|
{
|
||||||
"id" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ=="
|
"id" : "VuaCfGcBCdbkQm-e5aOx"
|
||||||
}
|
}
|
||||||
--------------------------------------------------
|
--------------------------------------------------
|
||||||
// NOTCONSOLE
|
// CONSOLE
|
||||||
|
// TEST[s/VuaCfGcBCdbkQm-e5aOx/$body.id/]
|
||||||
|
// TEST[continued]
|
||||||
|
|
||||||
whereas the following example invalidates the API key identified by specified `name` immediately:
|
The following example invalidates the API key identified by specified `name` immediately:
|
||||||
|
|
||||||
[source,js]
|
[source,js]
|
||||||
--------------------------------------------------
|
--------------------------------------------------
|
||||||
DELETE /_security/api_key
|
DELETE /_security/api_key
|
||||||
{
|
{
|
||||||
"name" : "hadoop_myuser_key"
|
"name" : "my-api-key"
|
||||||
}
|
}
|
||||||
--------------------------------------------------
|
--------------------------------------------------
|
||||||
// NOTCONSOLE
|
// CONSOLE
|
||||||
|
// TEST
|
||||||
|
|
||||||
The following example invalidates all API keys for the `native1` realm immediately:
|
The following example invalidates all API keys for the `native1` realm
|
||||||
|
immediately:
|
||||||
|
|
||||||
[source,js]
|
[source,js]
|
||||||
--------------------------------------------------
|
--------------------------------------------------
|
||||||
|
@ -70,9 +103,11 @@ DELETE /_security/api_key
|
||||||
"realm_name" : "native1"
|
"realm_name" : "native1"
|
||||||
}
|
}
|
||||||
--------------------------------------------------
|
--------------------------------------------------
|
||||||
// NOTCONSOLE
|
// CONSOLE
|
||||||
|
// TEST
|
||||||
|
|
||||||
The following example invalidates all API keys for the user `myuser` in all realms immediately:
|
The following example invalidates all API keys for the user `myuser` in all
|
||||||
|
realms immediately:
|
||||||
|
|
||||||
[source,js]
|
[source,js]
|
||||||
--------------------------------------------------
|
--------------------------------------------------
|
||||||
|
@ -81,7 +116,8 @@ DELETE /_security/api_key
|
||||||
"username" : "myuser"
|
"username" : "myuser"
|
||||||
}
|
}
|
||||||
--------------------------------------------------
|
--------------------------------------------------
|
||||||
// NOTCONSOLE
|
// CONSOLE
|
||||||
|
// TEST
|
||||||
|
|
||||||
Finally, the following example invalidates all API keys for the user `myuser` in
|
Finally, the following example invalidates all API keys for the user `myuser` in
|
||||||
the `native1` realm immediately:
|
the `native1` realm immediately:
|
||||||
|
@ -94,7 +130,8 @@ DELETE /_security/api_key
|
||||||
"realm_name" : "native1"
|
"realm_name" : "native1"
|
||||||
}
|
}
|
||||||
--------------------------------------------------
|
--------------------------------------------------
|
||||||
// NOTCONSOLE
|
// CONSOLE
|
||||||
|
// TEST
|
||||||
|
|
||||||
A successful call returns a JSON structure that contains the ids of the API keys that were invalidated, the ids
|
A successful call returns a JSON structure that contains the ids of the API keys that were invalidated, the ids
|
||||||
of the API keys that had already been invalidated, and potentially a list of errors encountered while invalidating
|
of the API keys that had already been invalidated, and potentially a list of errors encountered while invalidating
|
||||||
|
|
Loading…
Reference in New Issue