| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290 |
- [role="xpack"]
- [[security-api-get-service-accounts]]
- === Get service accounts API
- ++++
- <titleabbrev>Get service accounts</titleabbrev>
- ++++
- .New API reference
- [sidebar]
- --
- For the most up-to-date API details, refer to {api-es}/group/endpoint-security[Security APIs].
- --
- Retrieves information about <<service-accounts,service accounts>>.
- NOTE: Currently, only the `elastic/fleet-server` service account is available.
- [[security-api-get-service-accounts-request]]
- ==== {api-request-title}
- `GET /_security/service`
- `GET /_security/service/<namespace>`
- `GET /_security/service/<namespace>/<service>`
- [[security-api-get-service-accounts-prereqs]]
- ==== {api-prereq-title}
- * To use this API, you must have at least the `manage_service_account`
- <<privileges-list-cluster,cluster privilege>>.
- [[security-api-get-service-accounts-desc]]
- ==== {api-description-title}
- This API returns a list of service accounts that match the provided path parameter(s).
- [[security-api-get-service-accounts-path-params]]
- ==== {api-path-parms-title}
- `namespace`::
- (Optional, string) Name of the namespace. Omit this parameter to retrieve information about all service accounts. If you omit this parameter, you must also omit the `service` parameter.
- `service`::
- (Optional, string) Name of the service name. Omit this parameter to
- retrieve information about all service accounts that belong to the specified
- `namespace`.
- [[security-api-get-service-accounts-response-body]]
- ==== {api-response-body-title}
- A successful call returns a JSON object of service accounts. The API returns an
- empty object if no service account is found.
- [[security-api-get-service-accounts-example]]
- ==== {api-examples-title}
- To following request retrieves a service account for the `elastic/fleet-server`
- service account:
- [source,console]
- ----
- GET /_security/service/elastic/fleet-server
- ----
- [source,console-result]
- ----
- {
- "elastic/fleet-server": {
- "role_descriptor": {
- "cluster": [
- "monitor",
- "manage_own_api_key",
- "read_fleet_secrets"
- ],
- "indices": [
- {
- "names": [
- "logs-*",
- "metrics-*",
- "traces-*",
- ".logs-endpoint.diagnostic.collection-*",
- ".logs-endpoint.action.responses-*",
- ".logs-endpoint.heartbeat-*"
- ],
- "privileges": [
- "write",
- "create_index",
- "auto_configure"
- ],
- "allow_restricted_indices": false
- },
- {
- "names": [
- "profiling-*"
- ],
- "privileges": [
- "read",
- "write"
- ],
- "allow_restricted_indices": false
- },
- {
- "names": [
- "traces-apm.sampled-*"
- ],
- "privileges": [
- "read",
- "monitor",
- "maintenance"
- ],
- "allow_restricted_indices": false
- },
- {
- "names": [
- ".fleet-secrets*"
- ],
- "privileges": [
- "read"
- ],
- "allow_restricted_indices": true
- },
- {
- "names": [
- ".fleet-actions*"
- ],
- "privileges": [
- "read",
- "write",
- "monitor",
- "create_index",
- "auto_configure",
- "maintenance"
- ],
- "allow_restricted_indices": true
- },
- {
- "names": [
- ".fleet-agents*"
- ],
- "privileges": [
- "read",
- "write",
- "monitor",
- "create_index",
- "auto_configure",
- "maintenance"
- ],
- "allow_restricted_indices": true
- },
- {
- "names": [
- ".fleet-artifacts*"
- ],
- "privileges": [
- "read",
- "write",
- "monitor",
- "create_index",
- "auto_configure",
- "maintenance"
- ],
- "allow_restricted_indices": true
- },
- {
- "names": [
- ".fleet-enrollment-api-keys*"
- ],
- "privileges": [
- "read",
- "write",
- "monitor",
- "create_index",
- "auto_configure",
- "maintenance"
- ],
- "allow_restricted_indices": true
- },
- {
- "names": [
- ".fleet-policies*"
- ],
- "privileges": [
- "read",
- "write",
- "monitor",
- "create_index",
- "auto_configure",
- "maintenance"
- ],
- "allow_restricted_indices": true
- },
- {
- "names": [
- ".fleet-policies-leader*"
- ],
- "privileges": [
- "read",
- "write",
- "monitor",
- "create_index",
- "auto_configure",
- "maintenance"
- ],
- "allow_restricted_indices": true
- },
- {
- "names": [
- ".fleet-servers*"
- ],
- "privileges": [
- "read",
- "write",
- "monitor",
- "create_index",
- "auto_configure",
- "maintenance"
- ],
- "allow_restricted_indices": true
- },
- {
- "names": [
- ".fleet-fileds*"
- ],
- "privileges": [
- "read",
- "write",
- "monitor",
- "create_index",
- "auto_configure",
- "maintenance"
- ],
- "allow_restricted_indices": true
- },
- {
- "names": [
- "synthetics-*"
- ],
- "privileges": [
- "read",
- "write",
- "create_index",
- "auto_configure"
- ],
- "allow_restricted_indices": false
- },
- {
- "names": [
- "agentless-*",
- ],
- "privileges": [
- "read",
- "write",
- "monitor",
- "create_index",
- "auto_configure",
- "maintenance",
- "view_index_metadata"
- ],
- "allow_restricted_indices": false
- }
- ],
- "applications": [
- {
- "application": "kibana-*",
- "privileges": [
- "reserved_fleet-setup"
- ],
- "resources": [
- "*"
- ]
- }
- ],
- "run_as": [],
- "metadata": {},
- "transient_metadata": {
- "enabled": true
- }
- }
- }
- }
- ----
- Omit the `namespace` and `service` to retrieve all service accounts:
- [source,console]
- ----
- GET /_security/service
- ----
|
