Module: ElasticsearchServerless::API::Security::Actions

Defined in:
lib/elasticsearch-serverless/api/security/get_api_key.rb,
lib/elasticsearch-serverless/api/security/authenticate.rb,
lib/elasticsearch-serverless/api/security/create_api_key.rb,
lib/elasticsearch-serverless/api/security/has_privileges.rb,
lib/elasticsearch-serverless/api/security/query_api_keys.rb,
lib/elasticsearch-serverless/api/security/update_api_key.rb,
lib/elasticsearch-serverless/api/security/invalidate_api_key.rb

Instance Method Summary collapse

Instance Method Details

#authenticate(arguments = {}) ⇒ Object

Enables you to submit a request with a basic auth header to authenticate a user and retrieve information about the authenticated user. A successful call returns a JSON structure that shows user information such as their username, the roles that are assigned to the user, any assigned metadata, and information about the realms that authenticated and authorized the user. If the user cannot be authenticated, this API returns a 401 status code.

Parameters:

  • arguments (Hash) (defaults to: {})

    a customizable set of options

Options Hash (arguments):

  • :headers (Hash)

    Custom HTTP headers

See Also:



33
34
35
36
37
38
39
40
41
42
43
44
45
46
 
# File 'lib/elasticsearch-serverless/api/security/authenticate.rb', line 33

def authenticate(arguments = {})
  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = nil

  method = ElasticsearchServerless::API::HTTP_GET
  path   = "_security/_authenticate"
  params = {}

  ElasticsearchServerless::API::Response.new(
    perform_request(method, path, params, body, headers)
  )
end

#create_api_key(arguments = {}) ⇒ Object

Creates an API key for access without requiring basic authentication. A successful request returns a JSON structure that contains the API key, its unique id, and its name. If applicable, it also returns expiration information for the API key in milliseconds. NOTE: By default, API keys never expire. You can specify expiration information when you create the API keys.

Parameters:

  • arguments (Hash) (defaults to: {})

    a customizable set of options

Options Hash (arguments):

  • :refresh (String)

    If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes.

  • :headers (Hash)

    Custom HTTP headers

  • :body (Hash)

    request body

Raises:

  • (ArgumentError)

See Also:



36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
 
# File 'lib/elasticsearch-serverless/api/security/create_api_key.rb', line 36

def create_api_key(arguments = {})
  raise ArgumentError, "Required argument 'body' missing" unless arguments[:body]

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = arguments.delete(:body)

  method = ElasticsearchServerless::API::HTTP_PUT
  path   = "_security/api_key"
  params = Utils.process_params(arguments)

  ElasticsearchServerless::API::Response.new(
    perform_request(method, path, params, body, headers)
  )
end

#get_api_key(arguments = {}) ⇒ Object

Retrieves information for one or more API keys. NOTE: If you have only the manage_own_api_key privilege, this API returns only the API keys that you own. If you have read_security, manage_api_key or greater privileges (including manage_security), this API returns all API keys regardless of ownership.

Parameters:

  • arguments (Hash) (defaults to: {})

    a customizable set of options

Options Hash (arguments):

  • :id (String)

    An API key id. This parameter cannot be used with any of name, realm_name or username.

  • :name (String)

    An API key name. This parameter cannot be used with any of id, realm_name or username. It supports prefix search with wildcard.

  • :owner (Boolean)

    A boolean flag that can be used to query API keys owned by the currently authenticated user. The realm_name or username parameters cannot be specified when this parameter is set to true as they are assumed to be the currently authenticated ones.

  • :realm_name (String)

    The name of an authentication realm. This parameter cannot be used with either id or name or when owner flag is set to true.

  • :username (String)

    The username of a user. This parameter cannot be used with either id or name or when owner flag is set to true.

  • :with_limited_by (Boolean)

    Return the snapshot of the owner user’s role descriptors associated with the API key. An API key’s actual permission is the intersection of its assigned role descriptors and the owner user’s role descriptors.

  • :active_only (Boolean)

    A boolean flag that can be used to query API keys that are currently active. An API key is considered active if it is neither invalidated, nor expired at query time. You can specify this together with other parameters such as owner or name. If active_only is false, the response will include both active and inactive (expired or invalidated) keys.

  • :with_profile_uid (Boolean)

    Determines whether to also retrieve the profile uid, for the API key owner principal, if it exists.

  • :headers (Hash)

    Custom HTTP headers

See Also:



41
42
43
44
45
46
47
48
49
50
51
52
53
54
 
# File 'lib/elasticsearch-serverless/api/security/get_api_key.rb', line 41

def get_api_key(arguments = {})
  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = nil

  method = ElasticsearchServerless::API::HTTP_GET
  path   = "_security/api_key"
  params = Utils.process_params(arguments)

  ElasticsearchServerless::API::Response.new(
    perform_request(method, path, params, body, headers)
  )
end

#has_privileges(arguments = {}) ⇒ Object

Determines whether the specified user has a specified list of privileges.

Parameters:

  • arguments (Hash) (defaults to: {})

    a customizable set of options

Options Hash (arguments):

  • :user (String)

    Username

  • :headers (Hash)

    Custom HTTP headers

  • :body (Hash)

    request body

Raises:

  • (ArgumentError)

See Also:



33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
 
# File 'lib/elasticsearch-serverless/api/security/has_privileges.rb', line 33

def has_privileges(arguments = {})
  raise ArgumentError, "Required argument 'body' missing" unless arguments[:body]

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = arguments.delete(:body)

  _user = arguments.delete(:user)

  method = ElasticsearchServerless::API::HTTP_POST
  path   = if _user
             "_security/user/#{Utils.listify(_user)}/_has_privileges"
           else
             "_security/user/_has_privileges"
           end
  params = {}

  ElasticsearchServerless::API::Response.new(
    perform_request(method, path, params, body, headers)
  )
end

#invalidate_api_key(arguments = {}) ⇒ Object

Invalidates one or more API keys. The manage_api_key privilege allows deleting any API keys. The manage_own_api_key only allows deleting API keys that are owned by the user. In addition, with the manage_own_api_key privilege, an invalidation request must be issued in one of the three formats:

  • Set the parameter owner=true.

  • Or, set both username and realm_name to match the user’s identity.

  • Or, if the request is issued by an API key, i.e. an API key invalidates itself, specify its ID in the ids field.

Parameters:

  • arguments (Hash) (defaults to: {})

    a customizable set of options

Options Hash (arguments):

  • :headers (Hash)

    Custom HTTP headers

  • :body (Hash)

    request body

Raises:

  • (ArgumentError)

See Also:



38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
# File 'lib/elasticsearch-serverless/api/security/invalidate_api_key.rb', line 38

def invalidate_api_key(arguments = {})
  raise ArgumentError, "Required argument 'body' missing" unless arguments[:body]

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = arguments.delete(:body)

  method = ElasticsearchServerless::API::HTTP_DELETE
  path   = "_security/api_key"
  params = {}

  ElasticsearchServerless::API::Response.new(
    perform_request(method, path, params, body, headers)
  )
end

#query_api_keys(arguments = {}) ⇒ Object

Retrieves information for API keys in a paginated manner. You can optionally filter the results with a query.

Parameters:

  • arguments (Hash) (defaults to: {})

    a customizable set of options

Options Hash (arguments):

  • :with_limited_by (Boolean)

    Return the snapshot of the owner user’s role descriptors associated with the API key. An API key’s actual permission is the intersection of its assigned role descriptors and the owner user’s role descriptors.

  • :with_profile_uid (Boolean)

    Determines whether to also retrieve the profile uid, for the API key owner principal, if it exists.

  • :typed_keys (Boolean)

    Determines whether aggregation names are prefixed by their respective types in the response.

  • :headers (Hash)

    Custom HTTP headers

  • :body (Hash)

    request body

See Also:



35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
 
# File 'lib/elasticsearch-serverless/api/security/query_api_keys.rb', line 35

def query_api_keys(arguments = {})
  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = arguments.delete(:body)

  method = if body
             ElasticsearchServerless::API::HTTP_POST
           else
             ElasticsearchServerless::API::HTTP_GET
           end

  path   = "_security/_query/api_key"
  params = Utils.process_params(arguments)

  ElasticsearchServerless::API::Response.new(
    perform_request(method, path, params, body, headers)
  )
end

#update_api_key(arguments = {}) ⇒ Object

Updates attributes of an existing API key. Users can only update API keys that they created or that were granted to them. Use this API to update API keys created by the create API Key or grant API Key APIs. If you need to apply the same update to many API keys, you can use bulk update API Keys to reduce overhead. It’s not possible to update expired API keys, or API keys that have been invalidated by invalidate API Key. This API supports updates to an API key’s access scope and metadata. The access scope of an API key is derived from the role_descriptors you specify in the request, and a snapshot of the owner user’s permissions at the time of the request. The snapshot of the owner’s permissions is updated automatically on every call. If you don’t specify role_descriptors in the request, a call to this API might still change the API key’s access scope. This change can occur if the owner user’s permissions have changed since the API key was created or last modified. To update another user’s API key, use the run_as feature to submit a request on behalf of another user. IMPORTANT: It’s not possible to use an API key as the authentication credential for this API. To update an API key, the owner user’s credentials are required.

Parameters:

  • arguments (Hash) (defaults to: {})

    a customizable set of options

Options Hash (arguments):

  • :id (String)

    The ID of the API key to update. (Required)

  • :headers (Hash)

    Custom HTTP headers

  • :body (Hash)

    request body

Raises:

  • (ArgumentError)

See Also:



45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
 
# File 'lib/elasticsearch-serverless/api/security/update_api_key.rb', line 45

def update_api_key(arguments = {})
  raise ArgumentError, "Required argument 'id' missing" unless arguments[:id]

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = arguments.delete(:body)

  _id = arguments.delete(:id)

  method = ElasticsearchServerless::API::HTTP_PUT
  path   = "_security/api_key/#{Utils.listify(_id)}"
  params = {}

  ElasticsearchServerless::API::Response.new(
    perform_request(method, path, params, body, headers)
  )
end