Module org.elasticsearch.xcore
Class CrossClusterApiKeyRoleDescriptorBuilder
java.lang.Object
org.elasticsearch.xpack.core.security.action.apikey.CrossClusterApiKeyRoleDescriptorBuilder
-
Field Summary
Fields -
Method Summary
Modifier and TypeMethodDescriptionbuild()static voidcheckForInvalidLegacyRoleDescriptors(String apiKeyId, List<RoleDescriptor> roleDescriptors) Pre-GA versions of RCS 2.0 (8.13-) allowed users to use DLS/FLS for "search" when both "search" and "replication" are both defined.
-
Field Details
-
CCS_CLUSTER_PRIVILEGE_NAMES
-
CCR_CLUSTER_PRIVILEGE_NAMES
-
CCS_AND_CCR_CLUSTER_PRIVILEGE_NAMES
-
CCS_INDICES_PRIVILEGE_NAMES
-
CCR_INDICES_PRIVILEGE_NAMES
-
ROLE_DESCRIPTOR_NAME
- See Also:
-
PARSER
public static final org.elasticsearch.xcontent.ConstructingObjectParser<CrossClusterApiKeyRoleDescriptorBuilder,Void> PARSER
-
-
Method Details
-
build
-
parse
- Throws:
IOException
-
checkForInvalidLegacyRoleDescriptors
public static void checkForInvalidLegacyRoleDescriptors(String apiKeyId, List<RoleDescriptor> roleDescriptors) Pre-GA versions of RCS 2.0 (8.13-) allowed users to use DLS/FLS for "search" when both "search" and "replication" are both defined. Post-GA versions of RCS 2.0 (8.14+) allow users to use DLS/FLS only when "search" is defined. Defining DLS/FLS when both "search" and "replication" are defined in not allowed. Legacy here is in reference to pre-GA CCx API keys. This method should only be called to check the fulfilling cluster's API key role descriptor.
-