Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: 2d4a49af53
Branches Tags
elasticsearch
/
docs
/
reference
/
rest-api
/
security
/
clear-service-token-caches.asciidoc

clear-service-token-caches.asciidoc 2.3 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172 
  1. [role="xpack"]
    2. 

  2. [[security-api-clear-service-token-caches]]
    3. 

  3. === Clear service account token caches API
    4. 

  4. 

  5. ++++
    6. 

  6. <titleabbrev>Clear service account token caches</titleabbrev>
    7. 

  7. ++++
    8. 

  8. 

  9. Evicts a subset of all entries from the  <<service-accounts,service account>>
    10. 

  10. token caches.
    11. 

  11. 

  12. [[security-api-clear-service-token-caches-request]]
    13. 

  13. ==== {api-request-title}
    14. 

  14. 

  15. `POST /_security/service/{namespace}/{service}/credential/token/{token_name}/_clear_cache`
    16. 

  16. 

  17. [[security-api-clear-service-token-caches-prereqs]]
    18. 

  18. ==== {api-prereq-title}
    19. 

  19. 

  20. * To use this API, you must have at least the `manage_security`
    21. 

  21. <<privileges-list-cluster,cluster privilege>>.
    22. 

  22. 

  23. [[security-api-clear-service-token-caches-desc]]
    24. 

  24. ==== {api-description-title}
    25. 

  25. Two, separate caches exist for service account tokens: one cache for tokens
    26. 

  26. backed by the `service_tokens` file, and another for tokens backed by the
    27. 

  27. `.security` index. This API clears matching entries from both caches.
    28. 

  28. 

  29. The cache for service account tokens backed by the `.security` index is cleared
    30. 

  30. automatically on state changes of the security index. The cache for tokens
    31. 

  31. backed by the `service_tokens` file is cleared automatically on file changes.
    32. 

  32. 

  33. See <<service-accounts,Service accounts>> for more information.
    34. 

  34. 

  35. [[security-api-clear-service-token-caches-path-params]]
    36. 

  36. ==== {api-path-parms-title}
    37. 

  37. 

  38. `namespace`::
    39. 

  39. (Required, string) Name of the namespace.
    40. 

  40. 

  41. `service`::
    42. 

  42. (Required, string) Name of the service name.
    43. 

  43. 

  44. `token_name`::
    45. 

  45. (Required, string) Comma-separated list of token names to evict from the
    46. 

  46. service account token caches. Use a wildcard (`*`) to evict all tokens that
    47. 

  47. belong to a service account. Does not support other wildcard patterns.
    48. 

  48. 

  49. [[security-api-clear-service-token-caches-example]]
    50. 

  50. ==== {api-examples-title}
    51. 

  51. The following request clears the service account token cache for the `token1`
    52. 

  52. token:
    53. 

  53. 

  54. [source,console]
    55. 

  55. ----
    56. 

  56. POST /_security/service/elastic/fleet-server/credential/token/token1/_clear_cache
    57. 

  57. ----
    58. 

  58. 

  59. Specify multiple token names as a comma-separated list:
    60. 

  60. 

  61. [source,console]
    62. 

  62. ----
    63. 

  63. POST /_security/service/elastic/fleet-server/credential/token/token1,token2/_clear_cache
    64. 

  64. ----
    65. 

  65. 

  66. To clear all entries from the service account token caches, use a wildcard
    67. 

  67. (`*`) in place of token names:
    68. 

  68. 

  69. [source,console]
    70. 

  70. ----
    71. 

  71. POST /_security/service/elastic/fleet-server/credential/token/*/_clear_cache
    72. 

  72. ----
    73.