Module org.elasticsearch.security
Class ServiceAccountService
java.lang.Object
org.elasticsearch.xpack.security.authc.service.ServiceAccountService
-
Constructor Summary
ConstructorsConstructorDescriptionServiceAccountService(Client client, FileServiceAccountTokenStore fileServiceAccountTokenStore, IndexServiceAccountTokenStore indexServiceAccountTokenStore) -
Method Summary
Modifier and TypeMethodDescriptionvoidauthenticateToken(ServiceAccountToken serviceAccountToken, String nodeName, ActionListener<Authentication> listener) voidcreateIndexToken(Authentication authentication, CreateServiceAccountTokenRequest request, ActionListener<CreateServiceAccountTokenResponse> listener) voiddeleteIndexToken(DeleteServiceAccountTokenRequest request, ActionListener<Boolean> listener) voidfindTokensFor(GetServiceAccountCredentialsRequest request, ActionListener<GetServiceAccountCredentialsResponse> listener) static voidgetRoleDescriptor(Authentication authentication, ActionListener<RoleDescriptor> listener) static voidgetRoleDescriptorForPrincipal(String principal, ActionListener<RoleDescriptor> listener) static Collection<String> static Map<String, ServiceAccount> static booleanisServiceAccountPrincipal(String principal) static ServiceAccountTokentryParseToken(SecureString bearerString) Parses a token object from the content of aServiceAccountToken.asBearerString()bearer string}.
-
Constructor Details
-
ServiceAccountService
public ServiceAccountService(Client client, FileServiceAccountTokenStore fileServiceAccountTokenStore, IndexServiceAccountTokenStore indexServiceAccountTokenStore)
-
-
Method Details
-
isServiceAccountPrincipal
-
getServiceAccountPrincipals
-
getServiceAccounts
-
tryParseToken
Parses a token object from the content of aServiceAccountToken.asBearerString()bearer string}. This bearer string would typically be extracted from an HTTP authorization header.This method does not validate the credential, it simply parses it. There is no guarantee that the
secretis valid, or even that theaccountexists.- Parameters:
bearerString- A raw token string (if this is from an HTTP header, then the"Bearer "prefix must be removed before calling this method.- Returns:
- An unvalidated token object.
-
authenticateToken
public void authenticateToken(ServiceAccountToken serviceAccountToken, String nodeName, ActionListener<Authentication> listener) -
createIndexToken
public void createIndexToken(Authentication authentication, CreateServiceAccountTokenRequest request, ActionListener<CreateServiceAccountTokenResponse> listener) -
deleteIndexToken
public void deleteIndexToken(DeleteServiceAccountTokenRequest request, ActionListener<Boolean> listener) -
findTokensFor
public void findTokensFor(GetServiceAccountCredentialsRequest request, ActionListener<GetServiceAccountCredentialsResponse> listener) -
getRoleDescriptor
public static void getRoleDescriptor(Authentication authentication, ActionListener<RoleDescriptor> listener) -
getRoleDescriptorForPrincipal
public static void getRoleDescriptorForPrincipal(String principal, ActionListener<RoleDescriptor> listener)
-