github-mirrors/elasticsearch
1
0
Fork 0
mirror of https://github.com/elastic/elasticsearch.git synced 2025-04-24 23:27:25 -04:00
Code Issues Projects Releases Packages Wiki Activity

[DOCS] Edits transform secondary auth header details (#86815)

Browse source
This commit is contained in:
Lisa Cawley 2022-05-17 07:25:23 -07:00 committed by GitHub
parent 8bdfd6ea04
commit adb391bd6d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 25 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

16
docs/reference/transform/apis/preview-transform.asciidoc
View file

@ -30,12 +30,7 @@ Requires the following privileges:
* cluster: `manage_transform` (the `transform_admin` built-in role grants this * cluster: `manage_transform` (the `transform_admin` built-in role grants this
privilege) privilege)
* source indices: `read`, `view_index_metadata`. * source indices: `read`, `view_index_metadata`.
+
--
NOTE: If you provide
<<http-clients-secondary-authorization,secondary authorization headers>>, those
credentials are used.
--
[[preview-transform-desc]] [[preview-transform-desc]]
== {api-description-title} == {api-description-title}
@ -57,6 +52,15 @@ or an index template with your preferred mappings before you start the
You must choose either the `latest` or `pivot` method for your {transform}; you You must choose either the `latest` or `pivot` method for your {transform}; you
cannot use both in a single {transform}. cannot use both in a single {transform}.
IMPORTANT: When you preview a {transform}, it uses the credentials of the user
calling the API. When you start a {transform}, it uses the roles of the last
user to create or update it. If the two sets of roles differ, the preview may
not accurately reflect the behavior of the {transform}. To avoid such problems,
the same user that creates or updates the {transform} should preview it to
ensure it is returning the expected data. Alternatively, use
<<http-clients-secondary-authorization,secondary authorization headers>> to
supply the credentials
[role="child_attributes"] [role="child_attributes"]
[[preview-transform-path-params]] [[preview-transform-path-params]]

25
docs/reference/transform/apis/put-transform.asciidoc
View file

@ -24,12 +24,6 @@ Requires the following privileges:
* source indices: `read`, `view_index_metadata` * source indices: `read`, `view_index_metadata`
* destination index: `read`, `create_index`, `index`. If a `retention_policy` is configured, the `delete` privilege is * destination index: `read`, `create_index`, `index`. If a `retention_policy` is configured, the `delete` privilege is
also required. also required.
+
--
NOTE: If you provide
<<http-clients-secondary-authorization,secondary authorization headers>>, those
credentials are used.
--
[[put-transform-desc]] [[put-transform-desc]]
== {api-description-title} == {api-description-title}
@ -52,18 +46,25 @@ and a check that the destination index is not part of the source index pattern.
You can use the `defer_validation` parameter to skip these checks. You can use the `defer_validation` parameter to skip these checks.
Deferred validations are always run when the {transform} is started, with the Deferred validations are always run when the {transform} is started, with the
exception of privilege checks. When {es} {security-features} are enabled, the exception of privilege checks.
{transform} remembers which roles the user that created it had at the time of
creation and uses those same roles. If those roles do not have the required
privileges on the source and destination indices, the {transform} fails when it
attempts unauthorized operations.
IMPORTANT: You must use {kib} or this API to create a {transform}. Do not add a [IMPORTANT]
====
* The {transform} remembers which roles the user that created it had at the time
of creation and uses those same roles. If those roles do not have the required
privileges on the source and destination indices, the {transform} fails when it
attempts unauthorized operations. If you provide
<<http-clients-secondary-authorization,secondary authorization headers>>, those
credentials are used instead.
* You must use {kib} or this API to create a {transform}. Do not add a
{transform} directly into any `.transform-internal*` indices using the {es} {transform} directly into any `.transform-internal*` indices using the {es}
index API. If {es} {security-features} are enabled, do not give users any index API. If {es} {security-features} are enabled, do not give users any
privileges on `.transform-internal*` indices. If you used {transforms} prior to privileges on `.transform-internal*` indices. If you used {transforms} prior to
7.5, also do not give users any privileges on `.data-frame-internal*` indices. 7.5, also do not give users any privileges on `.data-frame-internal*` indices.
====
You must choose either the latest or pivot method for your {transform}; you You must choose either the latest or pivot method for your {transform}; you
cannot use both in a single {transform}. cannot use both in a single {transform}.

5
docs/reference/transform/apis/update-transform.asciidoc
View file

@ -42,9 +42,8 @@ each checkpoint.
[IMPORTANT] [IMPORTANT]
==== ====
* When {es} {security-features} are enabled, your {transform} remembers which * Your {transform} remembers which roles the user who updated it had at the time
roles the user who updated it had at the time of update and runs with those of update and runs with those privileges. If you provide
privileges. If you provide
<<http-clients-secondary-authorization,secondary authorization headers>>, those <<http-clients-secondary-authorization,secondary authorization headers>>, those
credentials are used instead. credentials are used instead.
* You must use {kib} or this API to update a {transform}. Do not update a * You must use {kib} or this API to update a {transform}. Do not update a