mirror of
https://github.com/honeymoose/OpenSearch.git
synced 2025-03-09 14:34:43 +00:00
7969fbb4ab
Getting the API key document form the security index is the most time consuing part of the API Key authentication flow (>60% if index is local and >90% if index is remote). This traffic is now avoided by caching added with this PR. Additionally, we add a cache invalidator registry so that clearing of different caches will be managed in a single place (requires follow-up PRs).
70 lines
2.2 KiB
Plaintext
70 lines
2.2 KiB
Plaintext
[role="xpack"]
|
|
[[security-api-clear-cache]]
|
|
=== Clear cache API
|
|
++++
|
|
<titleabbrev>Clear cache</titleabbrev>
|
|
++++
|
|
|
|
Evicts users from the user cache. You can completely clear
|
|
the cache or evict specific users.
|
|
|
|
[[security-api-clear-request]]
|
|
==== {api-request-title}
|
|
|
|
`POST /_security/realm/<realms>/_clear_cache` +
|
|
|
|
`POST /_security/realm/<realms>/_clear_cache?usernames=<usernames>`
|
|
|
|
|
|
[[security-api-clear-desc]]
|
|
==== {api-description-title}
|
|
|
|
User credentials are cached in memory on each node to avoid connecting to a
|
|
remote authentication service or hitting the disk for every incoming request.
|
|
There are realm settings that you can use to configure the user cache. For more
|
|
information, see
|
|
<<controlling-user-cache>>.
|
|
|
|
To evict roles from the role cache, see the
|
|
<<security-api-clear-role-cache,Clear roles cache API>>.
|
|
To evict privileges from the privilege cache, see the
|
|
<<security-api-clear-privilege-cache,Clear privileges cache API>>.
|
|
To evict API keys from the API key cache, see the
|
|
<<security-api-clear-api-key-cache,Clear API key cache API>>.
|
|
|
|
[[security-api-clear-path-params]]
|
|
==== {api-path-parms-title}
|
|
|
|
`realms`::
|
|
(Required, list) A comma-separated list of the realms to clear.
|
|
|
|
`usernames`::
|
|
(Optional, list) A comma-separated list of the users to clear from the cache.
|
|
If you do not specify this parameter, the API evicts all users from the user
|
|
cache.
|
|
|
|
[[security-api-clear-example]]
|
|
==== {api-examples-title}
|
|
|
|
For example, to evict all users cached by the `file` realm:
|
|
|
|
[source,console]
|
|
--------------------------------------------------
|
|
POST /_security/realm/default_file/_clear_cache
|
|
--------------------------------------------------
|
|
|
|
To evict selected users, specify the `usernames` parameter:
|
|
|
|
[source,console]
|
|
--------------------------------------------------
|
|
POST /_security/realm/default_file/_clear_cache?usernames=rdeniro,alpacino
|
|
--------------------------------------------------
|
|
|
|
To clear the caches for multiple realms, specify the realms as a comma-delimited
|
|
list:
|
|
|
|
[source,console]
|
|
------------------------------------------------------------
|
|
POST /_security/realm/default_file,ldap1/_clear_cache
|
|
------------------------------------------------------------
|