root
/
elasticsearch
mirror of https://github.com/elastic/elasticsearch.git
1
0
Fork 0
Code Issues Actions 1 Packages Projects Releases Wiki Activity
elasticsearch/docs/reference/rest-api/security/activate-user-profile.asciidoc

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

136 lines
4.3 KiB
Plaintext
Raw Normal View History

User Profile - Add rest spec files and tests (#83307) This PR adds rest spec files and tests for existing user profile APIs. It also includes stub doc pages so that it does not build doc builds. But the actual content of docs will be handled in a separate PR.
2022-02-07 08:05:01 +08:00
[role="xpack"]
User Profile: Initial beta overview documentations (#83766) Add initial feature overview documentation pages for User Profile and Security Domain. Co-authored-by: Adam Locke <adam.locke@elastic.co> Co-authored-by: Tim Vernum <tim@adjective.org> Co-authored-by: Albert Zaharovits <albert.zaharovits@gmail.com>
2022-04-14 22:38:41 +08:00
[[security-api-activate-user-profile]]
User Profile - Add rest spec files and tests (#83307) This PR adds rest spec files and tests for existing user profile APIs. It also includes stub doc pages so that it does not build doc builds. But the actual content of docs will be handled in a separate PR.
2022-02-07 08:05:01 +08:00
=== Activate user profile API
++++
<titleabbrev>Activate user profile</titleabbrev>
++++
Move user profile status to stable and private (#90439) This PR moves the user profile feature and associated APIs from experimental to stable since higher level features built on top of it are going to be GA. The feature and APIs are still kept private because they are meant to internally support higher level features and we don't expect them to be directly used by end-users. This PR also moves the security domain feature to GA by removing the beta label. Security domain requires user configuration to work so it is not something internally controlled by stack and solutions.
2022-09-29 09:14:09 +08:00
NOTE: The user profile feature is designed only for use by {kib} and
Elastics {observability}, {ents}, and {elastic-sec} solutions. Individual
users and external applications should not call this API directly. Elastic reserves
the right to change or remove this feature in future releases without prior notice.
User Profile - More REST spec, tests, API docs (#84597) This PR adds REST spec, tests and API docs for: * Enable profile API * Disable profile API * Search profile API Note the docs for Search profile API is intentionally basic because the API itself is still in development. Nevertheless it is still useful to have the basic version to facilitate communications to API consumers.
2022-03-15 08:08:25 +08:00
User Profile - Beta docs for APIs (#83495) This PR adds beta docs for the 3 existing APIs: * Activate Profile * Get Profile by ID * Update Profile Data Co-authored-by: Adam Locke <adam.locke@elastic.co>
2022-02-10 07:00:16 +08:00
Creates or updates a user profile on behalf of another user.
[[security-api-activate-user-profile-request]]
==== {api-request-title}
`POST /_security/profile/_activate`
[[security-api-activate-user-profile-prereqs]]
==== {api-prereq-title}
* To use this API, you must have the `manage_user_profile` cluster privilege.
[[security-api-activate-user-profile-desc]]
==== {api-description-title}
The activate user profile API creates or updates a profile document for end
users with information that is extracted from the user's authentication object,
including `username`, `full_name`, `roles`, and the authentication realm.
Support Profile Activate with JWTs with client authn (#105439) Adds support for JWTs with client authentication to the activate user profile API. Closes #105342
2024-02-18 23:37:28 +08:00
For example, in the JWT `access_token` case, the profile user's `username` is
extracted from the JWT token claim pointed to by the `claims.principal`
setting of the JWT realm that authenticated the token.
User Profile - Beta docs for APIs (#83495) This PR adds beta docs for the 3 existing APIs: * Activate Profile * Get Profile by ID * Update Profile Data Co-authored-by: Adam Locke <adam.locke@elastic.co>
2022-02-10 07:00:16 +08:00
When updating a profile document, the API enables the document if it was
User Profile - Rename access to labels for request, response and mappings (#85797) It is agreed that the "access" field should be renamed to the more generic "labels". Data stored in this field are meant to be application specific (similar to "data" but searchable) and ES does not attempt to understand its content or purpose. Hence the more generic name is a better fit.
2022-04-14 06:47:34 +08:00
disabled. Any updates do not change existing content for either the `labels` or
User Profile - Beta docs for APIs (#83495) This PR adds beta docs for the 3 existing APIs: * Activate Profile * Get Profile by ID * Update Profile Data Co-authored-by: Adam Locke <adam.locke@elastic.co>
2022-02-10 07:00:16 +08:00
`data` fields.
User Profile - More REST spec, tests, API docs (#84597) This PR adds REST spec, tests and API docs for: * Enable profile API * Disable profile API * Search profile API Note the docs for Search profile API is intentionally basic because the API itself is still in development. Nevertheless it is still useful to have the basic version to facilitate communications to API consumers.
2022-03-15 08:08:25 +08:00
This API is intended only for use by applications (such as {kib}) that need to
User Profile - Beta docs for APIs (#83495) This PR adds beta docs for the 3 existing APIs: * Activate Profile * Get Profile by ID * Update Profile Data Co-authored-by: Adam Locke <adam.locke@elastic.co>
2022-02-10 07:00:16 +08:00
create or update profiles for end users.
IMPORTANT: The calling application must have either an `access_token`, or a
combination of `username` and `password` for the user that the profile document
is intended for.
[role="child_attributes"]
[[security-api-activate-user-profile-request-body]]
==== {api-request-body-title}
`access_token`::
(Required*, string)
Support Profile Activate with JWTs with client authn (#105439) Adds support for JWTs with client authentication to the activate user profile API. Closes #105342
2024-02-18 23:37:28 +08:00
The user's <<security-api-get-token, {es} access token>>, or JWT. Both <<jwt-realm-oauth2, access>> and
<<jwt-realm-oidc, id>> JWT token types are supported, and they depend on the underlying JWT realm configuration.
If you specify the `access_token` grant type, this parameter is required. It is not valid with other grant types.
include::client-authentication.asciidoc[]
User Profile - Beta docs for APIs (#83495) This PR adds beta docs for the 3 existing APIs: * Activate Profile * Get Profile by ID * Update Profile Data Co-authored-by: Adam Locke <adam.locke@elastic.co>
2022-02-10 07:00:16 +08:00
`grant_type`::
(Required, string)
The type of grant.
+
.Valid values for `grant_type`
[%collapsible%open]
====
`access_token`::
Support Profile Activate with JWTs with client authn (#105439) Adds support for JWTs with client authentication to the activate user profile API. Closes #105342
2024-02-18 23:37:28 +08:00
In this type of grant, you must supply either an access token, that was created by the
{es} token service (see <<security-api-get-token>> and <<encrypt-http-communication>>),
or a <<jwt-auth-realm, JWT>> (either a JWT `access_token` or a JWT `id_token`).
User Profile - Beta docs for APIs (#83495) This PR adds beta docs for the 3 existing APIs: * Activate Profile * Get Profile by ID * Update Profile Data Co-authored-by: Adam Locke <adam.locke@elastic.co>
2022-02-10 07:00:16 +08:00
`password`::
In this type of grant, you must supply the `username` and `password` for the
user that you want to create the API key for.
====
`password`::
Support Profile Activate with JWTs with client authn (#105439) Adds support for JWTs with client authentication to the activate user profile API. Closes #105342
2024-02-18 23:37:28 +08:00
(Required*, string)
User Profile - Beta docs for APIs (#83495) This PR adds beta docs for the 3 existing APIs: * Activate Profile * Get Profile by ID * Update Profile Data Co-authored-by: Adam Locke <adam.locke@elastic.co>
2022-02-10 07:00:16 +08:00
The user's password. If you specify the `password` grant type, this parameter is
required. It is not valid with other grant types.
`username`::
Support Profile Activate with JWTs with client authn (#105439) Adds support for JWTs with client authentication to the activate user profile API. Closes #105342
2024-02-18 23:37:28 +08:00
(Required*, string)
User Profile - Beta docs for APIs (#83495) This PR adds beta docs for the 3 existing APIs: * Activate Profile * Get Profile by ID * Update Profile Data Co-authored-by: Adam Locke <adam.locke@elastic.co>
2022-02-10 07:00:16 +08:00
The username that identifies the user. If you specify the `password` grant type,
this parameter is required. It is not valid with other grant types.
*Indicates that the setting is required in some, but not all situations.
[[security-api-activate-user-profile-response-body]]
==== {api-response-body-title}
A successful activate user profile API call returns a JSON structure that contains
the profile unique ID, user information, timestamp for the operation and version
control numbers.
[[security-api-activate-user-profile-example]]
==== {api-examples-title}
[source,console]
----
POST /_security/profile/_activate
{
"grant_type": "password",
"username" : "jacknich",
"password" : "l0ng-r4nd0m-p@ssw0rd"
}
----
// TEST[setup:jacknich_user]
The API returns the following response:
User Profile - Add rest spec files and tests (#83307) This PR adds rest spec files and tests for existing user profile APIs. It also includes stub doc pages so that it does not build doc builds. But the actual content of docs will be handled in a separate PR.
2022-02-07 08:05:01 +08:00
User Profile - Beta docs for APIs (#83495) This PR adds beta docs for the 3 existing APIs: * Activate Profile * Get Profile by ID * Update Profile Data Co-authored-by: Adam Locke <adam.locke@elastic.co>
2022-02-10 07:00:16 +08:00
[source,console-result]
----
{
[Doc] User Profile - Improve docs for user profile APIs (#87382) This PR adds docs for the new hint parameter of the suggestProfiles API. It also creates proper test setup so that most API call examples in user profile docs are now runnable.
2022-06-04 21:23:20 +08:00
"uid": "u_79HkWkwmnBH5gqFKwoxggWPjEBOur1zLPXQPEl1VBW0_0",
User Profile - Beta docs for APIs (#83495) This PR adds beta docs for the 3 existing APIs: * Activate Profile * Get Profile by ID * Update Profile Data Co-authored-by: Adam Locke <adam.locke@elastic.co>
2022-02-10 07:00:16 +08:00
"enabled": true,
"last_synchronized": 1642650651037,
"user": {
"username": "jacknich",
"roles": [
"admin", "other_role1"
],
"realm_name": "native",
"full_name": "Jack Nicholson",
User Profile - Remove profile.user.active field (#85856) The profile document has two boolean fields, profile.enabled and profile.user.active. The intention was that profile.enabled=false means the profile is not searchable (somewhat equivalent to being deleted) and profile.user.active=false means the profile is searchable but may not be assignable (in Kibana). However we don't currently have a concrete requirement for the later. Also we don't provide an API so far to set profile.user.active to false. Hence we agree to leave this field out till we have a better requirement for it.
2022-04-14 06:50:38 +08:00
"email": "jacknich@example.com"
User Profile - Beta docs for APIs (#83495) This PR adds beta docs for the 3 existing APIs: * Activate Profile * Get Profile by ID * Update Profile Data Co-authored-by: Adam Locke <adam.locke@elastic.co>
2022-02-10 07:00:16 +08:00
},
User Profile - Rename access to labels for request, response and mappings (#85797) It is agreed that the "access" field should be renamed to the more generic "labels". Data stored in this field are meant to be application specific (similar to "data" but searchable) and ES does not attempt to understand its content or purpose. Hence the more generic name is a better fit.
2022-04-14 06:47:34 +08:00
"labels": {},
User Profile - Beta docs for APIs (#83495) This PR adds beta docs for the 3 existing APIs: * Activate Profile * Get Profile by ID * Update Profile Data Co-authored-by: Adam Locke <adam.locke@elastic.co>
2022-02-10 07:00:16 +08:00
"data": {},
"_doc": {
"_primary_term": 88,
"_seq_no": 66
}
}
----
// TESTRESPONSE[s/1642650651037/$body.last_synchronized/]
// TESTRESPONSE[s/88/$body._doc._primary_term/]
// TESTRESPONSE[s/66/$body._doc._seq_no/]