package Elasticsearch
- Alphabetic
- Public
- Protected
Type Members
- case class Application(application: String, privileges: Option[List[String]] = Option.empty, resources: Option[List[String]] = Option.empty) extends Product with Serializable
- application
The name of the application to which this entry applies.
- privileges
A list of application privileges or actions.
- resources
A list resources to which the privileges are applied.
- case class Connection(url: String, username: String, password: String, caCert: String, caPath: String, clientCert: String, clientKey: String, tlsServerName: String, insecure: Boolean = false, verifyConnection: Boolean = true, allowedRoles: Array[String] = Array.empty) extends BaseConnection with Product with Serializable
- url
The URL for Elasticsearch's API (eg: "http://localhost:9200").
- username
The username to be used in the connection URL.
- password
The password to be used in the connection URL.
- caCert
The path to a PEM-encoded CA cert file to use to verify the Elasticsearch server's identity.
- caPath
The path to a directory of PEM-encoded CA cert files to use to verify the Elasticsearch server's identity.
- clientCert
The path to the certificate for the Elasticsearch client to present for communication.
- clientKey
The path to the key for the Elasticsearch client to use for communication.
- tlsServerName
This, if set, is used to set the SNI host when connecting via TLS.
- insecure
If set to true SSL verification will be disabled.
- verifyConnection
Specifies if the connection is verified during initial configuration. Defaults to true.
- allowedRoles
List of the roles allowed to use this connection. Defaults to empty (no roles), if contains a "*" any role can use this connection.
- case class Indice(names: List[String], privileges: List[String], fieldSecurity: Option[JsonObject] = Option.empty, query: Option[JsonObject] = Option.empty, allowRestrictedIndices: Boolean = false) extends Product with Serializable
- names
A list of indices (or index name patterns) to which the permissions in this entry apply.
- privileges
The index level privileges that the owners of the role have on the specified indices.
- fieldSecurity
he document fields that the owners of the role have read access to. For more information, see Setting up field and document level security.
- query
A search query that defines the documents the owners of the role have read access to. A document within the specified indices must match this query in order for it to be accessible by the owners of the role.
- final case class Role(dbName: String, creationStatementsJson: JsonObject, defaultTtl: Duration, maxTtl: Duration) extends BaseRole with Product with Serializable
- dbName
the name of the database connection to use for this role.
- creationStatementsJson
Using JSON, either defines an
elasticsearch_role_definition
or a group of pre-existingelasticsearch_roles
. The object specified by theelasticsearch_role_definition
is the JSON directly passed through to the Elasticsearch API, so you can pass through anything shown here.- defaultTtl
the TTL for the leases associated with this role. Defaults to system/engine default TTL time.
- maxTtl
the maximum TTL for the leases associated with this role. Defaults to system/mount default TTL time; this value is allowed to be less than the mount max TTL (or, if not set, the system max TTL), but it is not allowed to be longer.
- See also
RoleDefinition For
elasticsearch_roles
, add the names of the roles only. They must pre-exist in Elasticsearch. Defining roles in Vault is more secure than using pre-existing roles because a privilege escalation could be performed by editing the roles used out-of-band in Elasticsearch.See also The TTL General Case.
- case class RoleDefinition(runAs: List[String] = List.empty, cluster: List[String] = List.empty, global: Option[JsonObject] = Option.empty, indices: List[Indice] = List.empty, applications: List[Application] = List.empty, metadata: Option[JsonObject] = Option.empty) extends Product with Serializable
- runAs
A list of users that the owners of this role can impersonate. For more information, see Submitting requests on behalf of other users.
- cluster
A list of cluster privileges. These privileges define the cluster level actions that users with this role are able to execute.
- global
An object defining global privileges. A global privilege is a form of cluster privilege that is request-aware. Support for global privileges is currently limited to the management of application privileges. This field is optional.
- indices
A list of indices permissions entries.
- applications
A list of application privilege entries.
- metadata
Optional meta-data. Within the metadata object, keys that begin with _ are reserved for system usage.
Value Members
- object Application extends Serializable
- object Connection extends BaseConnectionObject[Connection] with Serializable
- object Indice extends Serializable
- object Role extends Serializable
- object RoleDefinition extends Serializable