diff --git a/specification/_doc_ids/table.csv b/specification/_doc_ids/table.csv index ddf3f41cce..6a0a214e4f 100644 --- a/specification/_doc_ids/table.csv +++ b/specification/_doc_ids/table.csv @@ -813,6 +813,7 @@ security-application-privileges,https://www.elastic.co/docs/reference/elasticsea security-encrypt-http,https://www.elastic.co/docs/deploy-manage/security/set-up-basic-security-plus-https#encrypt-http-communication, security-encrypt-internode,https://www.elastic.co/docs/deploy-manage/security/set-up-basic-security#encrypt-internode-communication, security-privileges,https://www.elastic.co/docs/reference/elasticsearch/security-privileges, +security-query-api-keys,https://www.elastic.co/docs/reference/elasticsearch/rest-apis/query-api-keys, security-saml-guide,https://www.elastic.co/docs/deploy-manage/users-roles/cluster-or-deployment-auth/saml, security-settings-api-keys,https://www.elastic.co/docs/reference/elasticsearch/configuration-reference/security-settings#api-key-service-settings, security-settings-hashing,https://www.elastic.co/docs/reference/elasticsearch/configuration-reference/security-settings#hashing-settings, @@ -923,4 +924,4 @@ watcher-api-update-settings,https://www.elastic.co/docs/api/doc/elasticsearch/op watsonx-api-keys,https://cloud.ibm.com/iam/apikeys, watsonx-api-models,https://www.ibm.com/products/watsonx-ai/foundation-models, watsonx-api-version,https://cloud.ibm.com/apidocs/watsonx-ai#active-version-dates, -xpack-rollup,https://www.elastic.co/docs/manage-data/lifecycle/rollup, +xpack-rollup,https://www.elastic.co/docs/manage-data/lifecycle/rollup, \ No newline at end of file diff --git a/specification/security/query_api_keys/QueryApiKeysRequest.ts b/specification/security/query_api_keys/QueryApiKeysRequest.ts index 31b32d423e..a01c9f98bf 100644 --- a/specification/security/query_api_keys/QueryApiKeysRequest.ts +++ b/specification/security/query_api_keys/QueryApiKeysRequest.ts @@ -32,10 +32,12 @@ import { ApiKeyAggregationContainer, ApiKeyQueryContainer } from './types' * To use this API, you must have at least the `manage_own_api_key` or the `read_security` cluster privileges. * If you have only the `manage_own_api_key` privilege, this API returns only the API keys that you own. * If you have the `read_security`, `manage_api_key`, or greater privileges (including `manage_security`), this API returns all API keys regardless of ownership. + * Refer to the linked documentation for examples of how to find API keys: * @rest_spec_name security.query_api_keys * @availability stack since=7.15.0 stability=stable * @availability serverless stability=stable visibility=public * @cluster_privileges manage_own_api_key, read_security + * @ext_doc_id security-query-api-keys * @doc_id security-api-query-api-key */ export interface Request extends RequestBase { diff --git a/specification/security/query_api_keys/examples/request/QueryApiKeysRequestExample2.yaml b/specification/security/query_api_keys/examples/request/QueryApiKeysRequestExample2.yaml deleted file mode 100644 index c593fb136d..0000000000 --- a/specification/security/query_api_keys/examples/request/QueryApiKeysRequestExample2.yaml +++ /dev/null @@ -1,308 +0,0 @@ -summary: Query API keys with pagination -method_request: GET /_security/_query/api_key -description: > - Run `GET /_security/_query/api_key`. Use a `bool` query to issue complex logical conditions and use `from`, `size`, and `sort` to - help paginate the result. For example, the API key name must begin with `app1-key-` and must not be `app1-key-01`. It must be - owned by a username with the wildcard pattern `org-*-user` and the `environment` metadata field must have a `production` value. - The offset to begin the search result is the twentieth (zero-based index) API key. The page size of the response is 10 API keys. - The result is first sorted by creation date in descending order, then by name in ascending order. -# type: request -value: |- - { - "query": { - "bool": { - "must": [ - { - "prefix": { - "name": "app1-key-" - } - }, - { - "term": { - "invalidated": "false" - } - } - ], - "must_not": [ - { - "term": { - "name": "app1-key-01" - } - } - ], - "filter": [ - { - "wildcard": { - "username": "org-*-user" - } - }, - { - "term": { - "metadata.environment": "production" - } - } - ] - } - }, - "from": 20, - "size": 10, - "sort": [ - { "creation": { "order": "desc", "format": "date_time" } }, - "name" - ] - } -alternatives: - - language: Python - code: |- - resp = client.security.query_api_keys( - query={ - "bool": { - "must": [ - { - "prefix": { - "name": "app1-key-" - } - }, - { - "term": { - "invalidated": "false" - } - } - ], - "must_not": [ - { - "term": { - "name": "app1-key-01" - } - } - ], - "filter": [ - { - "wildcard": { - "username": "org-*-user" - } - }, - { - "term": { - "metadata.environment": "production" - } - } - ] - } - }, - from=20, - size=10, - sort=[ - { - "creation": { - "order": "desc", - "format": "date_time" - } - }, - "name" - ], - ) - - language: JavaScript - code: |- - const response = await client.security.queryApiKeys({ - query: { - bool: { - must: [ - { - prefix: { - name: "app1-key-", - }, - }, - { - term: { - invalidated: "false", - }, - }, - ], - must_not: [ - { - term: { - name: "app1-key-01", - }, - }, - ], - filter: [ - { - wildcard: { - username: "org-*-user", - }, - }, - { - term: { - "metadata.environment": "production", - }, - }, - ], - }, - }, - from: 20, - size: 10, - sort: [ - { - creation: { - order: "desc", - format: "date_time", - }, - }, - "name", - ], - }); - - language: Ruby - code: |- - response = client.security.query_api_keys( - body: { - "query": { - "bool": { - "must": [ - { - "prefix": { - "name": "app1-key-" - } - }, - { - "term": { - "invalidated": "false" - } - } - ], - "must_not": [ - { - "term": { - "name": "app1-key-01" - } - } - ], - "filter": [ - { - "wildcard": { - "username": "org-*-user" - } - }, - { - "term": { - "metadata.environment": "production" - } - } - ] - } - }, - "from": 20, - "size": 10, - "sort": [ - { - "creation": { - "order": "desc", - "format": "date_time" - } - }, - "name" - ] - } - ) - - language: PHP - code: |- - $resp = $client->security()->queryApiKeys([ - "body" => [ - "query" => [ - "bool" => [ - "must" => array( - [ - "prefix" => [ - "name" => "app1-key-", - ], - ], - [ - "term" => [ - "invalidated" => "false", - ], - ], - ), - "must_not" => array( - [ - "term" => [ - "name" => "app1-key-01", - ], - ], - ), - "filter" => array( - [ - "wildcard" => [ - "username" => "org-*-user", - ], - ], - [ - "term" => [ - "metadata.environment" => "production", - ], - ], - ), - ], - ], - "from" => 20, - "size" => 10, - "sort" => array( - [ - "creation" => [ - "order" => "desc", - "format" => "date_time", - ], - ], - "name", - ), - ], - ]); - - language: curl - code: - "curl -X GET -H \"Authorization: ApiKey $ELASTIC_API_KEY\" -H \"Content-Type: application/json\" -d - '{\"query\":{\"bool\":{\"must\":[{\"prefix\":{\"name\":\"app1-key-\"}},{\"term\":{\"invalidated\":\"false\"}}],\"must_not\":[{\ - \"term\":{\"name\":\"app1-key-01\"}}],\"filter\":[{\"wildcard\":{\"username\":\"org-*-user\"}},{\"term\":{\"metadata.environm\ - ent\":\"production\"}}]}},\"from\":20,\"size\":10,\"sort\":[{\"creation\":{\"order\":\"desc\",\"format\":\"date_time\"}},\"na\ - me\"]}' \"$ELASTICSEARCH_URL/_security/_query/api_key\"" - - language: Java - code: | - client.security().queryApiKeys(q -> q - .from(20) - .query(qu -> qu - .bool(b -> b - .filter(List.of(Query.of(que -> que - .wildcard(w -> w - .field("username") - .value("org-*-user") - )),Query.of(quer -> quer - .term(t -> t - .field("metadata.environment") - .value(FieldValue.of("production")) - )))) - .must(List.of(Query.of(query -> query - .prefix(p -> p - .field("name") - .value("app1-key-") - )),Query.of(query1 -> query1 - .term(t -> t - .field("invalidated") - .value(FieldValue.of("false")) - )))) - .mustNot(m -> m - .term(t -> t - .field("name") - .value(FieldValue.of("app1-key-01")) - ) - ) - ) - ) - .size(10) - .sort(List.of(SortOptions.of(s -> s - .field(f -> f - .field("creation") - .order(SortOrder.Desc) - .format("date_time") - )),SortOptions.of(so -> so - .field(f -> f - .field("name") - )))) - ); diff --git a/specification/security/query_api_keys/examples/request/QueryApiKeysRequestExample3.yaml b/specification/security/query_api_keys/examples/request/QueryApiKeysRequestExample3.yaml deleted file mode 100644 index 0040fb82a5..0000000000 --- a/specification/security/query_api_keys/examples/request/QueryApiKeysRequestExample3.yaml +++ /dev/null @@ -1,77 +0,0 @@ -summary: Query API keys by name -method_request: GET /_security/_query/api_key -description: Run `GET /_security/_query/api_key` to retrieve the API key by name. -# type: request -value: |- - { - "query": { - "term": { - "name": { - "value": "application-key-1" - } - } - } - } -alternatives: - - language: Python - code: |- - resp = client.security.query_api_keys( - query={ - "term": { - "name": { - "value": "application-key-1" - } - } - }, - ) - - language: JavaScript - code: |- - const response = await client.security.queryApiKeys({ - query: { - term: { - name: { - value: "application-key-1", - }, - }, - }, - }); - - language: Ruby - code: |- - response = client.security.query_api_keys( - body: { - "query": { - "term": { - "name": { - "value": "application-key-1" - } - } - } - } - ) - - language: PHP - code: |- - $resp = $client->security()->queryApiKeys([ - "body" => [ - "query" => [ - "term" => [ - "name" => [ - "value" => "application-key-1", - ], - ], - ], - ], - ]); - - language: curl - code: - 'curl -X GET -H "Authorization: ApiKey $ELASTIC_API_KEY" -H "Content-Type: application/json" -d - ''{"query":{"term":{"name":{"value":"application-key-1"}}}}'' "$ELASTICSEARCH_URL/_security/_query/api_key"' - - language: Java - code: | - client.security().queryApiKeys(q -> q - .query(qu -> qu - .term(t -> t - .field("name") - .value(FieldValue.of("application-key-1")) - ) - ) - ); diff --git a/specification/security/query_api_keys/examples/response/QueryApiKeysResponseExample1.yaml b/specification/security/query_api_keys/examples/response/QueryApiKeysResponseExample1.yaml deleted file mode 100644 index 8bc50ab61c..0000000000 --- a/specification/security/query_api_keys/examples/response/QueryApiKeysResponseExample1.yaml +++ /dev/null @@ -1,53 +0,0 @@ -summary: Query API keys by ID -description: > - A successful response from `GET /_security/_query/api_key?with_limited_by=true`. - The `limited_by` details are the owner user's permissions associated with the API key. - It is a point-in-time snapshot captured at creation and subsequent updates. - An API key's effective permissions are an intersection of its assigned privileges and the owner user's permissions. -# type: response -# response_code: -value: |- - { - "api_keys": [ - { - "id": "VuaCfGcBCdbkQm-e5aOx", - "name": "application-key-1", - "creation": 1548550550158, - "expiration": 1548551550158, - "invalidated": false, - "username": "myuser", - "realm": "native1", - "realm_type": "native", - "metadata": { - "application": "my-application" - }, - "role_descriptors": { }, - "limited_by": [ - { - "role-power-user": { - "cluster": [ - "monitor" - ], - "indices": [ - { - "names": [ - "*" - ], - "privileges": [ - "read" - ], - "allow_restricted_indices": false - } - ], - "applications": [ ], - "run_as": [ ], - "metadata": { }, - "transient_metadata": { - "enabled": true - } - } - } - ] - } - ] - } diff --git a/specification/security/query_api_keys/examples/response/QueryApiKeysResponseExample2.yaml b/specification/security/query_api_keys/examples/response/QueryApiKeysResponseExample2.yaml deleted file mode 100644 index c932dd950f..0000000000 --- a/specification/security/query_api_keys/examples/response/QueryApiKeysResponseExample2.yaml +++ /dev/null @@ -1,46 +0,0 @@ -summary: Query API keys with pagination -description: > - An abbreviated response from `GET /_security/_query/api_key` that contains a list of matched API keys along with their sort values. - The first sort value is creation time, which is displayed in `date_time` format. - The second sort value is the API key name. -# type: response -# response_code: -value: |- - { - "total": 100, - "count": 10, - "api_keys": [ - { - "id": "CLXgVnsBOGkf8IyjcXU7", - "name": "app1-key-79", - "creation": 1629250154811, - "invalidated": false, - "username": "org-admin-user", - "realm": "native1", - "metadata": { - "environment": "production" - }, - "role_descriptors": { }, - "_sort": [ - "2021-08-18T01:29:14.811Z", - "app1-key-79" - ] - }, - { - "id": "BrXgVnsBOGkf8IyjbXVB", - "name": "app1-key-78", - "creation": 1629250153794, - "invalidated": false, - "username": "org-admin-user", - "realm": "native1", - "metadata": { - "environment": "production" - }, - "role_descriptors": { }, - "_sort": [ - "2021-08-18T01:29:13.794Z", - "app1-key-78" - ] - } - ] - } diff --git a/specification/security/query_api_keys/examples/response/QueryApiKeysResponseExample3.yaml b/specification/security/query_api_keys/examples/response/QueryApiKeysResponseExample3.yaml deleted file mode 100644 index 5108837276..0000000000 --- a/specification/security/query_api_keys/examples/response/QueryApiKeysResponseExample3.yaml +++ /dev/null @@ -1,65 +0,0 @@ -summary: Query all API keys -description: > - A successful response from `GET /_security/_query/api_key`. - It includes the role descriptors that are assigned to each API key when it was created or last updated. - Note that an API key's effective permissions are an intersection of its assigned privileges and the point-in-time snapshot of the owner user's permissions. - An empty role descriptors object means the API key inherits the owner user's permissions. -# type: response -# response_code: -value: |- - { - "total": 3, - "count": 3, - "api_keys": [ - { - "id": "nkvrGXsB8w290t56q3Rg", - "name": "my-api-key-1", - "creation": 1628227480421, - "expiration": 1629091480421, - "invalidated": false, - "username": "elastic", - "realm": "reserved", - "realm_type": "reserved", - "metadata": { - "letter": "a" - }, - "role_descriptors": { - "role-a": { - "cluster": [ - "monitor" - ], - "indices": [ - { - "names": [ - "index-a" - ], - "privileges": [ - "read" - ], - "allow_restricted_indices": false - } - ], - "applications": [ ], - "run_as": [ ], - "metadata": { }, - "transient_metadata": { - "enabled": true - } - } - } - }, - { - "id": "oEvrGXsB8w290t5683TI", - "name": "my-api-key-2", - "creation": 1628227498953, - "expiration": 1628313898953, - "invalidated": false, - "username": "elastic", - "realm": "reserved", - "metadata": { - "letter": "b" - }, - "role_descriptors": { } - } - ] - }