Module: ElasticsearchServerless::API::Security::Actions

Defined in:
lib/elasticsearch-serverless/api/security/get_role.rb,
lib/elasticsearch-serverless/api/security/put_role.rb,
lib/elasticsearch-serverless/api/security/delete_role.rb,
lib/elasticsearch-serverless/api/security/get_api_key.rb,
lib/elasticsearch-serverless/api/security/authenticate.rb,
lib/elasticsearch-serverless/api/security/create_api_key.rb,
lib/elasticsearch-serverless/api/security/has_privileges.rb,
lib/elasticsearch-serverless/api/security/query_api_keys.rb,
lib/elasticsearch-serverless/api/security/invalidate_api_key.rb,
lib/elasticsearch-serverless/api/security/get_builtin_privileges.rb

Instance Method Summary collapse

Instance Method Details

#authenticate(arguments = {}) ⇒ Object

Authenticate a user. Authenticates a user and returns information about the authenticated user. Include the user information in a basic auth header. A successful call returns a JSON structure that shows user information such as their username, the roles that are assigned to the user, any assigned metadata, and information about the realms that authenticated and authorized the user. If the user cannot be authenticated, this API returns a 401 status code.

Parameters:

  • arguments (Hash) (defaults to: {})

    a customizable set of options

Options Hash (arguments):

  • :headers (Hash)

    Custom HTTP headers

See Also:



35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
 
# File 'lib/elasticsearch-serverless/api/security/authenticate.rb', line 35

def authenticate(arguments = {})
  request_opts = { endpoint: arguments[:endpoint] || "security.authenticate" }

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = nil

  method = ElasticsearchServerless::API::HTTP_GET
  path   = "_security/_authenticate"
  params = {}

  ElasticsearchServerless::API::Response.new(
    perform_request(method, path, params, body, headers, request_opts)
  )
end

#create_api_key(arguments = {}) ⇒ Object

Create an API key. Create an API key for access without requiring basic authentication. A successful request returns a JSON structure that contains the API key, its unique id, and its name. If applicable, it also returns expiration information for the API key in milliseconds. NOTE: By default, API keys never expire. You can specify expiration information when you create the API keys.

Parameters:

  • arguments (Hash) (defaults to: {})

    a customizable set of options

Options Hash (arguments):

  • :refresh (String)

    If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes.

  • :headers (Hash)

    Custom HTTP headers

  • :body (Hash)

    request body

Raises:

  • (ArgumentError)

See Also:



37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
 
# File 'lib/elasticsearch-serverless/api/security/create_api_key.rb', line 37

def create_api_key(arguments = {})
  request_opts = { endpoint: arguments[:endpoint] || "security.create_api_key" }

  raise ArgumentError, "Required argument 'body' missing" unless arguments[:body]

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = arguments.delete(:body)

  method = ElasticsearchServerless::API::HTTP_PUT
  path   = "_security/api_key"
  params = Utils.process_params(arguments)

  ElasticsearchServerless::API::Response.new(
    perform_request(method, path, params, body, headers, request_opts)
  )
end

#delete_role(arguments = {}) ⇒ Object

Delete roles. Delete roles in the native realm.

Parameters:

  • arguments (Hash) (defaults to: {})

    a customizable set of options

Options Hash (arguments):

  • :name (String)

    Role name (Required)

  • :refresh (String)

    If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes.

  • :headers (Hash)

    Custom HTTP headers

Raises:

  • (ArgumentError)

See Also:



34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
 
# File 'lib/elasticsearch-serverless/api/security/delete_role.rb', line 34

def delete_role(arguments = {})
  request_opts = { endpoint: arguments[:endpoint] || "security.delete_role" }

  defined_params = [:name].inject({}) do |set_variables, variable|
    set_variables[variable] = arguments[variable] if arguments.key?(variable)
    set_variables
  end
  request_opts[:defined_params] = defined_params unless defined_params.empty?

  raise ArgumentError, "Required argument 'name' missing" unless arguments[:name]

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = nil

  _name = arguments.delete(:name)

  method = ElasticsearchServerless::API::HTTP_DELETE
  path   = "_security/role/#{Utils.listify(_name)}"
  params = Utils.process_params(arguments)

  ElasticsearchServerless::API::Response.new(
    perform_request(method, path, params, body, headers, request_opts)
  )
end

#get_api_key(arguments = {}) ⇒ Object

Get API key information. Retrieves information for one or more API keys. NOTE: If you have only the manage_own_api_key privilege, this API returns only the API keys that you own. If you have read_security, manage_api_key or greater privileges (including manage_security), this API returns all API keys regardless of ownership.

Parameters:

  • arguments (Hash) (defaults to: {})

    a customizable set of options

Options Hash (arguments):

  • :id (String)

    An API key id. This parameter cannot be used with any of name, realm_name or username.

  • :name (String)

    An API key name. This parameter cannot be used with any of id, realm_name or username. It supports prefix search with wildcard.

  • :owner (Boolean)

    A boolean flag that can be used to query API keys owned by the currently authenticated user. The realm_name or username parameters cannot be specified when this parameter is set to true as they are assumed to be the currently authenticated ones.

  • :realm_name (String)

    The name of an authentication realm. This parameter cannot be used with either id or name or when owner flag is set to true.

  • :username (String)

    The username of a user. This parameter cannot be used with either id or name or when owner flag is set to true.

  • :with_limited_by (Boolean)

    Return the snapshot of the owner user’s role descriptors associated with the API key. An API key’s actual permission is the intersection of its assigned role descriptors and the owner user’s role descriptors.

  • :active_only (Boolean)

    A boolean flag that can be used to query API keys that are currently active. An API key is considered active if it is neither invalidated, nor expired at query time. You can specify this together with other parameters such as owner or name. If active_only is false, the response will include both active and inactive (expired or invalidated) keys.

  • :with_profile_uid (Boolean)

    Determines whether to also retrieve the profile uid, for the API key owner principal, if it exists.

  • :headers (Hash)

    Custom HTTP headers

See Also:



51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
 
# File 'lib/elasticsearch-serverless/api/security/get_api_key.rb', line 51

def get_api_key(arguments = {})
  request_opts = { endpoint: arguments[:endpoint] || "security.get_api_key" }

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = nil

  method = ElasticsearchServerless::API::HTTP_GET
  path   = "_security/api_key"
  params = Utils.process_params(arguments)

  ElasticsearchServerless::API::Response.new(
    perform_request(method, path, params, body, headers, request_opts)
  )
end

#get_builtin_privileges(arguments = {}) ⇒ Object

Get builtin privileges. Get the list of cluster privileges and index privileges that are available in this version of Elasticsearch.

Parameters:

  • arguments (Hash) (defaults to: {})

    a customizable set of options

Options Hash (arguments):

  • :headers (Hash)

    Custom HTTP headers

See Also:



32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
 
# File 'lib/elasticsearch-serverless/api/security/get_builtin_privileges.rb', line 32

def get_builtin_privileges(arguments = {})
  request_opts = { endpoint: arguments[:endpoint] || "security.get_builtin_privileges" }

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = nil

  method = ElasticsearchServerless::API::HTTP_GET
  path   = "_security/privilege/_builtin"
  params = {}

  ElasticsearchServerless::API::Response.new(
    perform_request(method, path, params, body, headers, request_opts)
  )
end

#get_role(arguments = {}) ⇒ Object

Get roles. Get roles in the native realm.

Parameters:

  • arguments (Hash) (defaults to: {})

    a customizable set of options

Options Hash (arguments):

  • :name (String, Array<String>)

    The name of the role. You can specify multiple roles as a comma-separated list. If you do not specify this parameter, the API returns information about all roles.

  • :headers (Hash)

    Custom HTTP headers

See Also:



33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
 
# File 'lib/elasticsearch-serverless/api/security/get_role.rb', line 33

def get_role(arguments = {})
  request_opts = { endpoint: arguments[:endpoint] || "security.get_role" }

  defined_params = [:name].inject({}) do |set_variables, variable|
    set_variables[variable] = arguments[variable] if arguments.key?(variable)
    set_variables
  end
  request_opts[:defined_params] = defined_params unless defined_params.empty?

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = nil

  _name = arguments.delete(:name)

  method = ElasticsearchServerless::API::HTTP_GET
  path   = if _name
             "_security/role/#{Utils.listify(_name)}"
           else
             "_security/role"
           end
  params = Utils.process_params(arguments)

  if Array(arguments[:ignore]).include?(404)
    Utils.rescue_from_not_found {
      ElasticsearchServerless::API::Response.new(
        perform_request(method, path, params, body, headers, request_opts)
      )
    }
  else
    ElasticsearchServerless::API::Response.new(
      perform_request(method, path, params, body, headers, request_opts)
    )
  end
end

#has_privileges(arguments = {}) ⇒ Object

Check user privileges. Determine whether the specified user has a specified list of privileges.

Parameters:

  • arguments (Hash) (defaults to: {})

    a customizable set of options

Options Hash (arguments):

  • :user (String)

    Username

  • :headers (Hash)

    Custom HTTP headers

  • :body (Hash)

    request body

Raises:

  • (ArgumentError)

See Also:



34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
# File 'lib/elasticsearch-serverless/api/security/has_privileges.rb', line 34

def has_privileges(arguments = {})
  request_opts = { endpoint: arguments[:endpoint] || "security.has_privileges" }

  defined_params = [:user].inject({}) do |set_variables, variable|
    set_variables[variable] = arguments[variable] if arguments.key?(variable)
    set_variables
  end
  request_opts[:defined_params] = defined_params unless defined_params.empty?

  raise ArgumentError, "Required argument 'body' missing" unless arguments[:body]

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = arguments.delete(:body)

  _user = arguments.delete(:user)

  method = ElasticsearchServerless::API::HTTP_POST
  path   = if _user
             "_security/user/#{Utils.listify(_user)}/_has_privileges"
           else
             "_security/user/_has_privileges"
           end
  params = {}

  ElasticsearchServerless::API::Response.new(
    perform_request(method, path, params, body, headers, request_opts)
  )
end

#invalidate_api_key(arguments = {}) ⇒ Object

Invalidate API keys. This API invalidates API keys created by the create API key or grant API key APIs. Invalidated API keys fail authentication, but they can still be viewed using the get API key information and query API key information APIs, for at least the configured retention period, until they are automatically deleted. The manage_api_key privilege allows deleting any API keys. The manage_own_api_key only allows deleting API keys that are owned by the user. In addition, with the manage_own_api_key privilege, an invalidation request must be issued in one of the three formats:

  • Set the parameter owner=true.

  • Or, set both username and realm_name to match the user’s identity.

  • Or, if the request is issued by an API key, that is to say an API key invalidates itself, specify its ID in the ids field.

Parameters:

  • arguments (Hash) (defaults to: {})

    a customizable set of options

Options Hash (arguments):

  • :headers (Hash)

    Custom HTTP headers

  • :body (Hash)

    request body

Raises:

  • (ArgumentError)

See Also:



40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
 
# File 'lib/elasticsearch-serverless/api/security/invalidate_api_key.rb', line 40

def invalidate_api_key(arguments = {})
  request_opts = { endpoint: arguments[:endpoint] || "security.invalidate_api_key" }

  raise ArgumentError, "Required argument 'body' missing" unless arguments[:body]

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = arguments.delete(:body)

  method = ElasticsearchServerless::API::HTTP_DELETE
  path   = "_security/api_key"
  params = {}

  ElasticsearchServerless::API::Response.new(
    perform_request(method, path, params, body, headers, request_opts)
  )
end

#put_role(arguments = {}) ⇒ Object

Create or update roles. The role management APIs are generally the preferred way to manage roles in the native realm, rather than using file-based role management. The create or update roles API cannot update roles that are defined in roles files. File-based role management is not available in Elastic Serverless.

Parameters:

  • arguments (Hash) (defaults to: {})

    a customizable set of options

Options Hash (arguments):

  • :name (String)

    The name of the role that is being created or updated. On Elasticsearch Serverless, the role name must begin with a letter or digit and can only contain letters, digits and the characters ‘_’, ‘-’, and ‘.’. Each role must have a unique name, as this will serve as the identifier for that role. (Required)

  • :refresh (String)

    If true (the default) then refresh the affected shards to make this operation visible to search, if wait_for then wait for a refresh to make this operation visible to search, if false then do nothing with refreshes.

  • :headers (Hash)

    Custom HTTP headers

  • :body (Hash)

    request body

Raises:

  • (ArgumentError)

See Also:



37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
# File 'lib/elasticsearch-serverless/api/security/put_role.rb', line 37

def put_role(arguments = {})
  request_opts = { endpoint: arguments[:endpoint] || "security.put_role" }

  defined_params = [:name].inject({}) do |set_variables, variable|
    set_variables[variable] = arguments[variable] if arguments.key?(variable)
    set_variables
  end
  request_opts[:defined_params] = defined_params unless defined_params.empty?

  raise ArgumentError, "Required argument 'body' missing" unless arguments[:body]
  raise ArgumentError, "Required argument 'name' missing" unless arguments[:name]

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = arguments.delete(:body)

  _name = arguments.delete(:name)

  method = ElasticsearchServerless::API::HTTP_PUT
  path   = "_security/role/#{Utils.listify(_name)}"
  params = Utils.process_params(arguments)

  ElasticsearchServerless::API::Response.new(
    perform_request(method, path, params, body, headers, request_opts)
  )
end

#query_api_keys(arguments = {}) ⇒ Object

Find API keys with a query. Get a paginated list of API keys and their information. You can optionally filter the results with a query.

Parameters:

  • arguments (Hash) (defaults to: {})

    a customizable set of options

Options Hash (arguments):

  • :with_limited_by (Boolean)

    Return the snapshot of the owner user’s role descriptors associated with the API key. An API key’s actual permission is the intersection of its assigned role descriptors and the owner user’s role descriptors.

  • :with_profile_uid (Boolean)

    Determines whether to also retrieve the profile uid, for the API key owner principal, if it exists.

  • :typed_keys (Boolean)

    Determines whether aggregation names are prefixed by their respective types in the response.

  • :headers (Hash)

    Custom HTTP headers

  • :body (Hash)

    request body

See Also:



37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
 
# File 'lib/elasticsearch-serverless/api/security/query_api_keys.rb', line 37

def query_api_keys(arguments = {})
  request_opts = { endpoint: arguments[:endpoint] || "security.query_api_keys" }

  arguments = arguments.clone
  headers = arguments.delete(:headers) || {}

  body = arguments.delete(:body)

  method = if body
             ElasticsearchServerless::API::HTTP_POST
           else
             ElasticsearchServerless::API::HTTP_GET
           end

  path   = "_security/_query/api_key"
  params = Utils.process_params(arguments)

  ElasticsearchServerless::API::Response.new(
    perform_request(method, path, params, body, headers, request_opts)
  )
end