Class CrossClusterApiKeyRoleDescriptorBuilder

java.lang.Object
org.elasticsearch.xpack.core.security.action.apikey.CrossClusterApiKeyRoleDescriptorBuilder

public class CrossClusterApiKeyRoleDescriptorBuilder extends Object
  • Field Details

    • CCS_CLUSTER_PRIVILEGE_NAMES

      public static final String[] CCS_CLUSTER_PRIVILEGE_NAMES
    • CCR_CLUSTER_PRIVILEGE_NAMES

      public static final String[] CCR_CLUSTER_PRIVILEGE_NAMES
    • CCS_AND_CCR_CLUSTER_PRIVILEGE_NAMES

      public static final String[] CCS_AND_CCR_CLUSTER_PRIVILEGE_NAMES
    • CCS_INDICES_PRIVILEGE_NAMES

      public static final String[] CCS_INDICES_PRIVILEGE_NAMES
    • CCR_INDICES_PRIVILEGE_NAMES

      public static final String[] CCR_INDICES_PRIVILEGE_NAMES
    • ROLE_DESCRIPTOR_NAME

      public static final String ROLE_DESCRIPTOR_NAME
      See Also:
    • PARSER

      public static final org.elasticsearch.xcontent.ConstructingObjectParser<CrossClusterApiKeyRoleDescriptorBuilder,Void> PARSER
  • Method Details

    • build

      public RoleDescriptor build()
    • parse

      public static CrossClusterApiKeyRoleDescriptorBuilder parse(String access) throws IOException
      Throws:
      IOException
    • checkForInvalidLegacyRoleDescriptors

      public static void checkForInvalidLegacyRoleDescriptors(String apiKeyId, List<RoleDescriptor> roleDescriptors)
      Pre-GA versions of RCS 2.0 (8.13-) allowed users to use DLS/FLS for "search" when both "search" and "replication" are both defined. Post-GA versions of RCS 2.0 (8.14+) allow users to use DLS/FLS only when "search" is defined. Defining DLS/FLS when both "search" and "replication" are defined in not allowed. Legacy here is in reference to pre-GA CCx API keys. This method should only be called to check the fulfilling cluster's API key role descriptor.