Enroll Kibana API uses Service Accounts (#76370)

This commit changes the Enroll Kibana API to create and return a token for this service account, instead of setting and returning the password of the kibana_system built-in user. Both the token name and value are returned in the response of the API.
2025-06-28 09:28:55 -04:00 · 2021-08-17 14:41:35 +03:00 · 2021-08-17 14:41:35 +03:00 · a59684835d
commit a59684835d
parent 031d9bb433
17 changed files with 436 additions and 293 deletions
--- a/docs/java-rest/high-level/security/enroll_kibana.asciidoc
+++ b/docs/java-rest/high-level/security/enroll_kibana.asciidoc
@ -19,11 +19,15 @@ executed operation as follows:

 ["source","java",subs="attributes,callouts,macros"]
 --------------------------------------------------
-include-tagged::{doc-tests-file}[{api-kibana-response]
+include-tagged::{doc-tests}/EnrollmentDocumentationIT.java[{api}-response]
 --------------------------------------------------
-<1> The password for the `kibana_system` user
-<2> The CA certificate that has signed the certificate that the cluster uses for TLS on the HTTP layer,
-as a Base64 encoded string of the ASN.1 DER encoding of the certificate.
+<1> The bearer token for the `elastic/kibana` service account.
+Use this token to {ref}/service-accounts.html#authenticate-with-service-account-token[authenticate the service account] with {es}.
+<2> The value of the bearer token for the `elastic/kibana` service account.
+<3> The CA certificate used to sign the node certificates that {es} uses for TLS
+on the HTTP layer. The certificate is returned as a Base64 encoded string of the
+ASN.1 DER encoding of the certificate.
+

 [id="{upid}-{api}-execute-async"]
 ==== Asynchronous Execution
@ -33,14 +37,14 @@ method:

 ["source","java",subs="attributes,callouts,macros"]
 --------------------------------------------------
-include-tagged::{doc-tests-file}[{api}-execute-async]
+include-tagged::{doc-tests}/EnrollmentDocumentationIT.java[{api}-execute-async]
 --------------------------------------------------

 A typical listener for a `KibanaEnrollmentResponse` looks like:

 ["source","java",subs="attributes,callouts,macros"]
 --------------------------------------------------
-include-tagged::{doc-tests-file}[{api}-execute-listener]
+include-tagged::{doc-tests}/EnrollmentDocumentationIT.java[{api}-execute-listener]
 --------------------------------------------------
 <1> Called when the execution is successfully completed. The response is
 provided as an argument
--- a/docs/java-rest/high-level/security/enroll_node.asciidoc
+++ b/docs/java-rest/high-level/security/enroll_node.asciidoc
@ -27,7 +27,7 @@ executed operation as follows:

 ["source","java",subs="attributes,callouts,macros"]
 --------------------------------------------------
-include-tagged::{doc-tests-file}[{api}-response]
+include-tagged::{doc-tests}/EnrollmentDocumentationIT.java[{api}-response]
 --------------------------------------------------
 <1> The CA private key that can be used by the new node in order to sign its certificate
 for the HTTP layer, as a Base64 encoded string of the ASN.1 DER encoding of the key.
@ -49,14 +49,14 @@ method:

 ["source","java",subs="attributes,callouts,macros"]
 --------------------------------------------------
-include-tagged::{doc-tests-file}[{api}-execute-async]
+include-tagged::{doc-tests}/EnrollmentDocumentationIT.java[{api}-execute-async]
 --------------------------------------------------

 A typical listener for a `NodeEnrollmentResponse` looks like:

 ["source","java",subs="attributes,callouts,macros"]
 --------------------------------------------------
-include-tagged::{doc-tests-file}[{api}-execute-listener]
+include-tagged::{doc-tests}/EnrollmentDocumentationIT.java[{api}-execute-listener]
 --------------------------------------------------
 <1> Called when the execution is successfully completed. The response is
 provided as an argument