ホーム エクスプローラ ヘルプ
登録 サインイン
lqb
/
elasticsearch
同期ミラー https://gitee.com/mirrors/elasticsearch.git
1
0
フォーク 0
ファイル 課題 0 Wiki
ツリー: 442fc1f3b6
ブランチ タグ
elasticsearch
/
docs
/
reference
/
rest-api
/
security
/
clear-service-token-caches.asciidoc

clear-service-token-caches.asciidoc 2.4 KB
履歴 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778 
  1. [role="xpack"]
    2. 

  2. [[security-api-clear-service-token-caches]]
    3. 

  3. === Clear service account token caches API
    4. 

  4. 

  5. ++++
    6. 

  6. <titleabbrev>Clear service account token caches</titleabbrev>
    7. 

  7. ++++
    8. 

  8. 

  9. .New API reference
    10. 

  10. [sidebar]
    11. 

  11. --
    12. 

  12. For the most up-to-date API details, refer to {api-es}/group/endpoint-security[Security APIs].
    13. 

  13. --
    14. 

  14. 

  15. Evicts a subset of all entries from the  <<service-accounts,service account>>
    16. 

  16. token caches.
    17. 

  17. 

  18. [[security-api-clear-service-token-caches-request]]
    19. 

  19. ==== {api-request-title}
    20. 

  20. 

  21. `POST /_security/service/{namespace}/{service}/credential/token/{token_name}/_clear_cache`
    22. 

  22. 

  23. [[security-api-clear-service-token-caches-prereqs]]
    24. 

  24. ==== {api-prereq-title}
    25. 

  25. 

  26. * To use this API, you must have at least the `manage_security`
    27. 

  27. <<privileges-list-cluster,cluster privilege>>.
    28. 

  28. 

  29. [[security-api-clear-service-token-caches-desc]]
    30. 

  30. ==== {api-description-title}
    31. 

  31. Two, separate caches exist for service account tokens: one cache for tokens
    32. 

  32. backed by the `service_tokens` file, and another for tokens backed by the
    33. 

  33. `.security` index. This API clears matching entries from both caches.
    34. 

  34. 

  35. The cache for service account tokens backed by the `.security` index is cleared
    36. 

  36. automatically on state changes of the security index. The cache for tokens
    37. 

  37. backed by the `service_tokens` file is cleared automatically on file changes.
    38. 

  38. 

  39. See <<service-accounts,Service accounts>> for more information.
    40. 

  40. 

  41. [[security-api-clear-service-token-caches-path-params]]
    42. 

  42. ==== {api-path-parms-title}
    43. 

  43. 

  44. `namespace`::
    45. 

  45. (Required, string) Name of the namespace.
    46. 

  46. 

  47. `service`::
    48. 

  48. (Required, string) Name of the service name.
    49. 

  49. 

  50. `token_name`::
    51. 

  51. (Required, string) Comma-separated list of token names to evict from the
    52. 

  52. service account token caches. Use a wildcard (`*`) to evict all tokens that
    53. 

  53. belong to a service account. Does not support other wildcard patterns.
    54. 

  54. 

  55. [[security-api-clear-service-token-caches-example]]
    56. 

  56. ==== {api-examples-title}
    57. 

  57. The following request clears the service account token cache for the `token1`
    58. 

  58. token:
    59. 

  59. 

  60. [source,console]
    61. 

  61. ----
    62. 

  62. POST /_security/service/elastic/fleet-server/credential/token/token1/_clear_cache
    63. 

  63. ----
    64. 

  64. 

  65. Specify multiple token names as a comma-separated list:
    66. 

  66. 

  67. [source,console]
    68. 

  68. ----
    69. 

  69. POST /_security/service/elastic/fleet-server/credential/token/token1,token2/_clear_cache
    70. 

  70. ----
    71. 

  71. 

  72. To clear all entries from the service account token caches, use a wildcard
    73. 

  73. (`*`) in place of token names:
    74. 

  74. 

  75. [source,console]
    76. 

  76. ----
    77. 

  77. POST /_security/service/elastic/fleet-server/credential/token/*/_clear_cache
    78. 

  78. ----
    79.