From a01c57e9a18f973d4f495f2d799260bd5bc06bb0 Mon Sep 17 00:00:00 2001 From: James Rodewig <40268737+jrodewig@users.noreply.github.com> Date: Mon, 25 Jan 2021 10:28:27 -0500 Subject: [PATCH] [DOCS] Add security privileges to document API docs (#67843) (#67914) --- docs/reference/docs/bulk.asciidoc | 26 ++++++++++++++++++ docs/reference/docs/delete-by-query.asciidoc | 10 +++++++ docs/reference/docs/delete.asciidoc | 7 +++++ docs/reference/docs/get.asciidoc | 6 +++++ docs/reference/docs/index_.asciidoc | 21 +++++++++++++++ docs/reference/docs/multi-get.asciidoc | 6 +++++ .../reference/docs/multi-termvectors.asciidoc | 6 +++++ docs/reference/docs/reindex.asciidoc | 27 +++++++++++++++++++ docs/reference/docs/termvectors.asciidoc | 6 +++++ docs/reference/docs/update-by-query.asciidoc | 10 +++++++ docs/reference/docs/update.asciidoc | 7 +++++ 11 files changed, 132 insertions(+) diff --git a/docs/reference/docs/bulk.asciidoc b/docs/reference/docs/bulk.asciidoc index e4192350f7e..4c812bbc669 100644 --- a/docs/reference/docs/bulk.asciidoc +++ b/docs/reference/docs/bulk.asciidoc @@ -26,6 +26,32 @@ POST _bulk `POST //_bulk` +[[docs-bulk-api-prereqs]] +==== {api-prereq-title} + +* If the {es} {security-features} are enabled, you must have the following +<> for the target data stream, index, +or index alias: + +** To use the `create` action, you must have the `create_doc`, `create`, +`index`, or `write` index privilege. Data streams support only the `create` +action. + +** To use the `index` action, you must have the `create`, `index`, or `write` +index privilege. + +** To use the `delete` action, you must have the `delete` or `write` index +privilege. + +** To use the `update` action, you must have the `index` or `write` index +privilege. + +** To automatically create a data stream or index with a bulk API request, you +must have the `auto_configure`, `create_index`, or `manage` index privilege. + +* Automatic data stream creation requires a matching index template with data +stream enabled. See <>. + [[docs-bulk-api-desc]] ==== {api-description-title} diff --git a/docs/reference/docs/delete-by-query.asciidoc b/docs/reference/docs/delete-by-query.asciidoc index aa58e600d97..43f423018b9 100644 --- a/docs/reference/docs/delete-by-query.asciidoc +++ b/docs/reference/docs/delete-by-query.asciidoc @@ -49,6 +49,16 @@ POST /my-index-000001/_delete_by_query `POST //_delete_by_query` +[[docs-delete-by-query-api-prereqs]] +==== {api-prereq-title} + +* If the {es} {security-features} are enabled, you must have the following +<> for the target data stream, index, +or index alias: + +** `read` +** `delete` or `write` + [[docs-delete-by-query-api-desc]] ==== {api-description-title} diff --git a/docs/reference/docs/delete.asciidoc b/docs/reference/docs/delete.asciidoc index b866e662f5a..04d70a1d1be 100644 --- a/docs/reference/docs/delete.asciidoc +++ b/docs/reference/docs/delete.asciidoc @@ -11,6 +11,13 @@ Removes a JSON document from the specified index. `DELETE //_doc/<_id>` +[[docs-delete-api-prereqs]] +==== {api-prereq-title} + +* If the {es} {security-features} are enabled, you must have the `delete` or +`write` <> for the target index or +index alias. + [[docs-delete-api-desc]] ==== {api-description-title} diff --git a/docs/reference/docs/get.asciidoc b/docs/reference/docs/get.asciidoc index 7264bc64864..2ce71c2692f 100644 --- a/docs/reference/docs/get.asciidoc +++ b/docs/reference/docs/get.asciidoc @@ -23,6 +23,12 @@ GET my-index-000001/_doc/0 `HEAD /_source/<_id>` +[[docs-get-api-prereqs]] +==== {api-prereq-title} + +* If the {es} {security-features} are enabled, you must have the `read` +<> for the target index or index alias. + [[docs-get-api-desc]] ==== {api-description-title} You use GET to retrieve a document and its source or stored fields from a diff --git a/docs/reference/docs/index_.asciidoc b/docs/reference/docs/index_.asciidoc index acd70629a4d..40575db62a0 100644 --- a/docs/reference/docs/index_.asciidoc +++ b/docs/reference/docs/index_.asciidoc @@ -30,6 +30,27 @@ IMPORTANT: You cannot add new documents to a data stream using the `PUT //_create/<_id>` format instead. See <>. +[[docs-index-api-prereqs]] +==== {api-prereq-title} + +* If the {es} {security-features} are enabled, you must have the following +<> for the target data stream, index, +or index alias: + +** To add or overwrite a document using the `PUT //_doc/<_id>` request +format, you must have the `create`, `index`, or `write` index privilege. + +** To add a document using the `POST //_doc/`, +`PUT //_create/<_id>`, or `POST //_create/<_id>` request +formats, you must have the `create_doc`, `create`, `index`, or `write` index +privilege. + +** To automatically create a data stream or index with an index API request, you +must have the `auto_configure`, `create_index`, or `manage` index privilege. + +* Automatic data stream creation requires a matching index template with data +stream enabled. See <>. + [[docs-index-api-path-params]] ==== {api-path-parms-title} diff --git a/docs/reference/docs/multi-get.asciidoc b/docs/reference/docs/multi-get.asciidoc index 28cbb77ebfe..ae29c645702 100644 --- a/docs/reference/docs/multi-get.asciidoc +++ b/docs/reference/docs/multi-get.asciidoc @@ -31,6 +31,12 @@ GET /_mget `GET //_mget` +[[docs-multi-get-api-prereqs]] +==== {api-prereq-title} + +* If the {es} {security-features} are enabled, you must have the `read` +<> for the target index or index alias. + [[docs-multi-get-api-desc]] ==== {api-description-title} diff --git a/docs/reference/docs/multi-termvectors.asciidoc b/docs/reference/docs/multi-termvectors.asciidoc index 4b5fe39c6b1..90b31238a5c 100644 --- a/docs/reference/docs/multi-termvectors.asciidoc +++ b/docs/reference/docs/multi-termvectors.asciidoc @@ -35,6 +35,12 @@ POST /_mtermvectors `POST //_mtermvectors` +[[docs-multi-termvectors-api-prereqs]] +==== {api-prereq-title} + +* If the {es} {security-features} are enabled, you must have the `read` +<> for the target index or index alias. + [[docs-multi-termvectors-api-desc]] ==== {api-description-title} diff --git a/docs/reference/docs/reindex.asciidoc b/docs/reference/docs/reindex.asciidoc index 8d2ea91d381..4c3b96fd9c5 100644 --- a/docs/reference/docs/reindex.asciidoc +++ b/docs/reference/docs/reindex.asciidoc @@ -68,6 +68,33 @@ POST _reindex `POST /_reindex` +[[docs-reindex-api-prereqs]] +==== {api-prereq-title} + +* If the {es} {security-features} are enabled, you must have the the following +security privileges: + +** The `read` <> for the source data +stream, index, or index alias. + +** The `write` index privilege for the destination data stream, index, or index +alias. + +** To automatically create a data stream or index with an reindex API request, +you must have the `auto_configure`, `create_index`, or `manage` index +privilege for the destination data stream, index, or index alias. + +** If reindexing from a remote cluster, the `source.remote.user` must have the +`monitor` <> and the `read` index +privilege for the source data stream, index, or index alias. + +* If reindexing from a remote cluster, you must explicitly allow the remote host +in the `reindex.remote.whitelist` setting of `elasticsearch.yml`. See +<>. + +* Automatic data stream creation requires a matching index template with data +stream enabled. See <>. + [[docs-reindex-api-desc]] ==== {api-description-title} diff --git a/docs/reference/docs/termvectors.asciidoc b/docs/reference/docs/termvectors.asciidoc index 3c6439e3316..8cd4e11232e 100644 --- a/docs/reference/docs/termvectors.asciidoc +++ b/docs/reference/docs/termvectors.asciidoc @@ -17,6 +17,12 @@ GET /my-index-000001/_termvectors/1 `GET //_termvectors/<_id>` +[[docs-termvectors-api-prereqs]] +==== {api-prereq-title} + +* If the {es} {security-features} are enabled, you must have the `read` +<> for the target index or index alias. + [[docs-termvectors-api-desc]] ==== {api-description-title} diff --git a/docs/reference/docs/update-by-query.asciidoc b/docs/reference/docs/update-by-query.asciidoc index 8167fa5fa14..72e52071b9a 100644 --- a/docs/reference/docs/update-by-query.asciidoc +++ b/docs/reference/docs/update-by-query.asciidoc @@ -46,6 +46,16 @@ POST my-index-000001/_update_by_query?conflicts=proceed `POST //_update_by_query` +[[docs-update-by-query-api-prereqs]] +==== {api-prereq-title} + +* If the {es} {security-features} are enabled, you must have the following +<> for the target data stream, index, +or index alias: + +** `read` +** `index` or `write` + [[docs-update-by-query-api-desc]] ==== {api-description-title} diff --git a/docs/reference/docs/update.asciidoc b/docs/reference/docs/update.asciidoc index f511748c838..a4998eab61d 100644 --- a/docs/reference/docs/update.asciidoc +++ b/docs/reference/docs/update.asciidoc @@ -11,6 +11,13 @@ Updates a document using the specified script. `POST //_update/<_id>` +[[docs-update-api-prereqs]] +==== {api-prereq-title} + +* If the {es} {security-features} are enabled, you must have the `index` or +`write` <> for the target index or +index alias. + [[update-api-desc]] ==== {api-description-title}