github-mirrors/elasticsearch
1
0
Fork 0
mirror of https://github.com/elastic/elasticsearch.git synced 2025-06-29 18:03:32 -04:00
Code Issues Projects Releases Packages Wiki Activity
elasticsearch/docs/reference/rest-api/security/get-service-accounts.asciidoc
Orestis Floros 3c184b912c
Permissions required for stateful agentless integrations (#118644) 
Closes elastic/security-team#11102
Closes elastic/security-team#11104

This allows agentless integrations (via elastic/beats#41446, elastic/kibana#203810) to write to agentless-* indices. Each index is created on-demand by the filebeat client and kibana conditionally extends the API key permissions to allow writing to the index.
2025-01-10 16:30:11 +00:00

322 lines
7.4 KiB
Text
Raw Blame History

[role="xpack"]
[[security-api-get-service-accounts]]
=== Get service accounts API
++++
<titleabbrev>Get service accounts</titleabbrev>
++++
.New API reference
[sidebar]
--
For the most up-to-date API details, refer to {api-es}/group/endpoint-security[Security APIs].
--
Retrieves information about <<service-accounts,service accounts>>.
NOTE: Currently, only the `elastic/fleet-server` service account is available.
[[security-api-get-service-accounts-request]]
==== {api-request-title}
`GET /_security/service`
`GET /_security/service/<namespace>`
`GET /_security/service/<namespace>/<service>`
[[security-api-get-service-accounts-prereqs]]
==== {api-prereq-title}
* To use this API, you must have at least the `manage_service_account`
<<privileges-list-cluster,cluster privilege>>.
[[security-api-get-service-accounts-desc]]
==== {api-description-title}
This API returns a list of service accounts that match the provided path parameter(s).
[[security-api-get-service-accounts-path-params]]
==== {api-path-parms-title}
`namespace`::
(Optional, string) Name of the namespace. Omit this parameter to retrieve information about all service accounts. If you omit this parameter, you must also omit the `service` parameter.
`service`::
(Optional, string) Name of the service name. Omit this parameter to
retrieve information about all service accounts that belong to the specified
`namespace`.
[[security-api-get-service-accounts-response-body]]
==== {api-response-body-title}
A successful call returns a JSON object of service accounts. The API returns an
empty object if no service account is found.
[[security-api-get-service-accounts-example]]
==== {api-examples-title}
To following request retrieves a service account for the `elastic/fleet-server`
service account:
[source,console]
----
GET /_security/service/elastic/fleet-server
----
[source,console-result]
----
{
"elastic/fleet-server": {
"role_descriptor": {
"cluster": [
"monitor",
"manage_own_api_key",
"read_fleet_secrets",
"cluster:admin/xpack/connector/*"
],
"indices": [
{
"names": [
"logs-*",
"metrics-*",
"traces-*",
".logs-endpoint.diagnostic.collection-*",
".logs-endpoint.action.responses-*",
".logs-endpoint.heartbeat-*"
],
"privileges": [
"write",
"create_index",
"auto_configure"
],
"allow_restricted_indices": false
},
{
"names": [
"profiling-*"
],
"privileges": [
"read",
"write"
],
"allow_restricted_indices": false
},
{
"names": [
"traces-apm.sampled-*"
],
"privileges": [
"read",
"monitor",
"maintenance"
],
"allow_restricted_indices": false
},
{
"names": [
".fleet-secrets*"
],
"privileges": [
"read"
],
"allow_restricted_indices": true
},
{
"names": [
".fleet-actions*"
],
"privileges": [
"read",
"write",
"monitor",
"create_index",
"auto_configure",
"maintenance"
],
"allow_restricted_indices": true
},
{
"names": [
".fleet-agents*"
],
"privileges": [
"read",
"write",
"monitor",
"create_index",
"auto_configure",
"maintenance"
],
"allow_restricted_indices": true
},
{
"names": [
".fleet-artifacts*"
],
"privileges": [
"read",
"write",
"monitor",
"create_index",
"auto_configure",
"maintenance"
],
"allow_restricted_indices": true
},
{
"names": [
".fleet-enrollment-api-keys*"
],
"privileges": [
"read",
"write",
"monitor",
"create_index",
"auto_configure",
"maintenance"
],
"allow_restricted_indices": true
},
{
"names": [
".fleet-policies*"
],
"privileges": [
"read",
"write",
"monitor",
"create_index",
"auto_configure",
"maintenance"
],
"allow_restricted_indices": true
},
{
"names": [
".fleet-policies-leader*"
],
"privileges": [
"read",
"write",
"monitor",
"create_index",
"auto_configure",
"maintenance"
],
"allow_restricted_indices": true
},
{
"names": [
".fleet-servers*"
],
"privileges": [
"read",
"write",
"monitor",
"create_index",
"auto_configure",
"maintenance"
],
"allow_restricted_indices": true
},
{
"names": [
".fleet-fileds*"
],
"privileges": [
"read",
"write",
"monitor",
"create_index",
"auto_configure",
"maintenance"
],
"allow_restricted_indices": true
},
{
"names": [
"synthetics-*"
],
"privileges": [
"read",
"write",
"create_index",
"auto_configure"
],
"allow_restricted_indices": false
},
{
"names": [
".elastic-connectors*"
],
"privileges": [
"read",
"write",
"monitor",
"create_index",
"auto_configure",
"maintenance",
"view_index_metadata"
],
"allow_restricted_indices": false
},
{
"names": [
"content-*",
".search-acl-filter-*"
],
"privileges": [
"read",
"write",
"monitor",
"create_index",
"auto_configure",
"maintenance",
"view_index_metadata"
],
"allow_restricted_indices": false
},
{
"names": [
"agentless-*",
],
"privileges": [
"read",
"write",
"monitor",
"create_index",
"auto_configure",
"maintenance",
"view_index_metadata"
],
"allow_restricted_indices": false
}
],
"applications": [
{
"application": "kibana-*",
"privileges": [
"reserved_fleet-setup"
],
"resources": [
"*"
]
}
],
"run_as": [],
"metadata": {},
"transient_metadata": {
"enabled": true
}
}
}
}
----
Omit the `namespace` and `service` to retrieve all service accounts:
[source,console]
----
GET /_security/service
----
Reference in a new issue View git blame Copy permalink