DOCS: Add password_hash & refresh to Put User API (#35574)

PR #35242 formalised support for the password_hash field in the body
of the Put User security API.
Since this field is now validated and tested, it can also be
documented.

The Put User API also supports a "refresh" query parameter that was
not documented. This commit adds it to the docs.
This commit is contained in:
Tim Vernum 2018-11-20 13:03:22 +11:00 committed by GitHub
parent 3bba9a56de
commit d367894c31
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 26 additions and 2 deletions

View File

@ -35,6 +35,12 @@ printable symbols in the https://en.wikipedia.org/wiki/Basic_Latin_(Unicode_bloc
--
==== Query Parameters
`refresh`::
(string) One of `true`, `false`, or `wait_for`.
These values have the same meaning as in the <<docs-refresh, Index API>>,
but the default value for this API (Put User) is `true`.
==== Request Body
@ -52,8 +58,26 @@ The following parameters can be specified in the body of a POST or PUT request:
`metadata`::
(object) Arbitrary metadata that you want to associate with the user.
`password` (required)::
`password` ::
(string) The user's password. Passwords must be at least 6 characters long.
+
When adding a user, one of `password` or `password_hash` is required.
When updating an existing user, the password is optional, so that other
fields on the user (such as their roles) may be updated without modifying
the user's password.
`password_hash` ::
(string) A _hash_ of the user's password. This must be produced using the
same hashing algorithm as has been configured for password storage. For more
details, see the explanation of the
`xpack.security.authc.password_hashing.algorithm` setting in
<<hashing-settings>>.
+
Using this parameter allows the client to pre-hash the password for
performance and/or confidentiality reasons.
+
The `password` parameter and the `password_hash` parameter cannot be
used in the same request.
`roles` (required)::
(list) A set of roles the user has. The roles determine the user's access