mirror of
https://github.com/elastic/elasticsearch.git
synced 2025-06-29 01:44:36 -04:00
255c9a7f95
**Problem:** For historical reasons, source files for the Elasticsearch Guide's security, watcher, and Logstash API docs are housed in the `x-pack/docs` directory. This can confuse new contributors who expect Elasticsearch Guide docs to be located in `docs/reference`. **Solution:** - Move the security, watcher, and Logstash API doc source files to the `docs/reference` directory - Update doc snippet tests to use security Rel: https://github.com/elastic/platform-docs-team/issues/208
72 lines
2.3 KiB
Text
72 lines
2.3 KiB
Text
[role="xpack"]
|
|
[[security-api-clear-service-token-caches]]
|
|
=== Clear service account token caches API
|
|
|
|
++++
|
|
<titleabbrev>Clear service account token caches</titleabbrev>
|
|
++++
|
|
|
|
Evicts a subset of all entries from the <<service-accounts,service account>>
|
|
token caches.
|
|
|
|
[[security-api-clear-service-token-caches-request]]
|
|
==== {api-request-title}
|
|
|
|
`POST /_security/service/{namespace}/{service}/credential/token/{token_name}/_clear_cache`
|
|
|
|
[[security-api-clear-service-token-caches-prereqs]]
|
|
==== {api-prereq-title}
|
|
|
|
* To use this API, you must have at least the `manage_security`
|
|
<<privileges-list-cluster,cluster privilege>>.
|
|
|
|
[[security-api-clear-service-token-caches-desc]]
|
|
==== {api-description-title}
|
|
Two, separate caches exist for service account tokens: one cache for tokens
|
|
backed by the `service_tokens` file, and another for tokens backed by the
|
|
`.security` index. This API clears matching entries from both caches.
|
|
|
|
The cache for service account tokens backed by the `.security` index is cleared
|
|
automatically on state changes of the security index. The cache for tokens
|
|
backed by the `service_tokens` file is cleared automatically on file changes.
|
|
|
|
See <<service-accounts,Service accounts>> for more information.
|
|
|
|
[[security-api-clear-service-token-caches-path-params]]
|
|
==== {api-path-parms-title}
|
|
|
|
`namespace`::
|
|
(Required, string) Name of the namespace.
|
|
|
|
`service`::
|
|
(Required, string) Name of the service name.
|
|
|
|
`token_name`::
|
|
(Required, string) Comma-separated list of token names to evict from the
|
|
service account token caches. Use a wildcard (`*`) to evict all tokens that
|
|
belong to a service account. Does not support other wildcard patterns.
|
|
|
|
[[security-api-clear-service-token-caches-example]]
|
|
==== {api-examples-title}
|
|
The following request clears the service account token cache for the `token1`
|
|
token:
|
|
|
|
[source,console]
|
|
----
|
|
POST /_security/service/elastic/fleet-server/credential/token/token1/_clear_cache
|
|
----
|
|
|
|
Specify multiple token names as a comma-separated list:
|
|
|
|
[source,console]
|
|
----
|
|
POST /_security/service/elastic/fleet-server/credential/token/token1,token2/_clear_cache
|
|
----
|
|
|
|
To clear all entries from the service account token caches, use a wildcard
|
|
(`*`) in place of token names:
|
|
|
|
[source,console]
|
|
----
|
|
POST /_security/service/elastic/fleet-server/credential/token/*/_clear_cache
|
|
----
|