Commit Graph

6 Commits

Author SHA1 Message Date
Johannes Fredén 6aad7f4e9f
Add support for invalidation timestamp in QueryApiKey (#102590)
This is a follow up PR from
https://github.com/elastic/elasticsearch/pull/102472. This adds the
ability to use `invalidation` timestamp as a valid [query
value](https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-query-api-key.html#security-api-query-api-key-request-body)
in the QueryApiKey API.
2023-11-27 04:10:51 -05:00
Fabio Busatto 9f1875ee2c
[DOCS] Fix docs for user profiles (#102452)
* [DOCS] Fix docs for user profiles
2023-11-23 10:38:17 +01:00
Albert Zaharovits bd10775b02
Grant API Key API with JWTs (#101904)
Introduces support for JWTs to the grant API Key API.
Callers can now pass-in a JWT in the request, like:
POST /_security/api_key/grant
{
  "grant_type": "access_token",
  "access_token" : "some.signed.JWT",
  "client_authentication": { // optional
    "scheme": "SharedSecret",
    "value": "ES-Client-Authentication header value after scheme"
  }
}
The JWT will be authenticated by a backing JWT realm and
a new API Key will be returned for the authenticated user.
2023-11-21 14:11:08 +02:00
Daniel Mitterdorfer a579504e11
Remove auto_configure privilege for profiling (#101026)
With this commit we remove the `auto_configure` privilege for the Fleet
service account that targets profiling-related indices. This privilege
was needed to automatically create indices and data streams in the past
but as this managed by the Elasticsearch plugin, there is no need to
grant this privilege to Fleet-managed components.
2023-10-23 13:14:14 +02:00
Nhat Nguyen ae17505557
Introduce authorization for enrich in ESQL (#99646)
This change introduces a new privilege monitor_enrich. Users are 
required to have this privilege in order to use the enrich functionality
in ESQL. Additionally, it eliminates the need to use the enrich_origin
when executing enrich lookups. The enrich_origin will only be used when
resolving enrich policies to prevent warnings when accessing system
indices directly.

Closes #98482
2023-09-27 12:45:39 -07:00
James Rodewig 255c9a7f95
[DOCS] Move x-pack docs to `docs/reference` dir (#99209)
**Problem:**
For historical reasons, source files for the Elasticsearch Guide's security, watcher, and Logstash API docs are housed in the `x-pack/docs` directory. This can confuse new contributors who expect Elasticsearch Guide docs to be located in `docs/reference`. 

**Solution:**
- Move the security, watcher, and Logstash API doc source files to the `docs/reference` directory
- Update doc snippet tests to use security

Rel: https://github.com/elastic/platform-docs-team/issues/208
2023-09-12 14:53:41 -04:00