From 11ac27e563a23ba09ba331875138d627cf894eec Mon Sep 17 00:00:00 2001 From: lcawl Date: Thu, 28 Feb 2019 09:46:25 -0800 Subject: [PATCH 01/17] [DOCS] Updates invalidate tokens API --- .../security/invalidate-tokens.asciidoc | 46 +++++++++++-------- 1 file changed, 26 insertions(+), 20 deletions(-) diff --git a/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc b/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc index 4056bb81bed63..41a8f46ff0c77 100644 --- a/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc +++ b/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc @@ -22,7 +22,8 @@ can no longer be used. That time period is defined by the The refresh tokens returned by the <> are only valid for 24 hours. They can also be used exactly once. -If you want to invalidate one or more access or refresh tokens immediately, use this invalidate token API. +If you want to invalidate one or more access or refresh tokens immediately, use +this invalidate token API. ==== Request Body @@ -31,22 +32,25 @@ The following parameters can be specified in the body of a DELETE request and pertain to invalidating tokens: `token` (optional):: -(string) An access token. This parameter cannot be used any of `refresh_token`, `realm_name` or - `username` are used. +(string) An access token. This parameter cannot be used any of `refresh_token`, +`realm_name` or `username` are used. `refresh_token` (optional):: -(string) A refresh token. This parameter cannot be used any of `refresh_token`, `realm_name` or - `username` are used. +(string) A refresh token. This parameter cannot be used any of `refresh_token`, +`realm_name` or `username` are used. `realm_name` (optional):: -(string) The name of an authentication realm. This parameter cannot be used with either `refresh_token` or `token`. +(string) The name of an authentication realm. This parameter cannot be used with +either `refresh_token` or `token`. `username` (optional):: -(string) The username of a user. This parameter cannot be used with either `refresh_token` or `token` +(string) The username of a user. This parameter cannot be used with either +`refresh_token` or `token` -NOTE: While all parameters are optional, at least one of them is required. More specifically, either one of `token` -or `refresh_token` parameters is required. If none of these two are specified, then `realm_name` and/or `username` -need to be specified. +NOTE: While all parameters are optional, at least one of them is required. More +specifically, either one of `token` or `refresh_token` parameters is required. +If none of these two are specified, then `realm_name` and/or `username` need to +be specified. ==== Examples @@ -72,34 +76,36 @@ DELETE /_security/oauth2/token -------------------------------------------------- // NOTCONSOLE -The following example invalidates all access tokens and refresh tokens for the `saml1` realm immediately: +The following example invalidates all access tokens and refresh tokens for the +`saml1` realm immediately: [source,js] -------------------------------------------------- -DELETE /_xpack/security/oauth2/token +DELETE /_security/oauth2/token { "realm_name" : "saml1" } -------------------------------------------------- // NOTCONSOLE -The following example invalidates all access tokens and refresh tokens for the user `myuser` in all realms immediately: +The following example invalidates all access tokens and refresh tokens for the +user `myuser` in all realms immediately: [source,js] -------------------------------------------------- -DELETE /_xpack/security/oauth2/token +DELETE /_security/oauth2/token { "username" : "myuser" } -------------------------------------------------- // NOTCONSOLE -Finally, the following example invalidates all access tokens and refresh tokens for the user `myuser` in - the `saml1` realm immediately: +Finally, the following example invalidates all access tokens and refresh tokens +for the user `myuser` in the `saml1` realm immediately: [source,js] -------------------------------------------------- -DELETE /_xpack/security/oauth2/token +DELETE /_security/oauth2/token { "username" : "myuser", "realm_name" : "saml1" @@ -107,9 +113,9 @@ DELETE /_xpack/security/oauth2/token -------------------------------------------------- // NOTCONSOLE -A successful call returns a JSON structure that contains the number of tokens that were invalidated, the number -of tokens that had already been invalidated, and potentially a list of errors encountered while invalidating -specific tokens. +A successful call returns a JSON structure that contains the number of tokens +that were invalidated, the number of tokens that had already been invalidated, +and potentially a list of errors encountered while invalidating specific tokens. [source,js] -------------------------------------------------- From 9c2f817262e1da0a7349524169d701f81e701458 Mon Sep 17 00:00:00 2001 From: lcawl Date: Thu, 28 Feb 2019 10:21:34 -0800 Subject: [PATCH 02/17] [DOCS] Updates ssl API --- x-pack/docs/en/rest-api/security/ssl.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/docs/en/rest-api/security/ssl.asciidoc b/x-pack/docs/en/rest-api/security/ssl.asciidoc index d3480ac8bc006..d2f8ddf39c9e6 100644 --- a/x-pack/docs/en/rest-api/security/ssl.asciidoc +++ b/x-pack/docs/en/rest-api/security/ssl.asciidoc @@ -78,7 +78,7 @@ node of {es}: [source,js] -------------------------------------------------- -GET /_xpack/certificates +GET /_ssl/certificates -------------------------------------------------- // CONSOLE // TEST[skip:todo] From bd614eec3956bccb7c5f765187c76eb4d2cd3aee Mon Sep 17 00:00:00 2001 From: lcawl Date: Thu, 28 Feb 2019 10:59:41 -0800 Subject: [PATCH 03/17] [DOCS] Enables code snippet testing on SSL certificate API --- x-pack/docs/en/rest-api/security/ssl.asciidoc | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/x-pack/docs/en/rest-api/security/ssl.asciidoc b/x-pack/docs/en/rest-api/security/ssl.asciidoc index d2f8ddf39c9e6..d2982db437ec6 100644 --- a/x-pack/docs/en/rest-api/security/ssl.asciidoc +++ b/x-pack/docs/en/rest-api/security/ssl.asciidoc @@ -81,9 +81,16 @@ node of {es}: GET /_ssl/certificates -------------------------------------------------- // CONSOLE -// TEST[skip:todo] +// TEST The API returns the following results: +//// +[source,js] +---- +[ ] +---- +// TESTRESPONSE +//// [source,js] ---- [ @@ -116,4 +123,4 @@ The API returns the following results: } ] ---- -// NOTCONSOLE \ No newline at end of file +// NOTCONSOLE From d2961c159c737eac088f25369d6425f670536817 Mon Sep 17 00:00:00 2001 From: lcawl Date: Thu, 28 Feb 2019 12:07:31 -0800 Subject: [PATCH 04/17] [DOCS] Enables testing for invalidate token API --- .../security/invalidate-tokens.asciidoc | 42 ++++++++++++++++++- 1 file changed, 41 insertions(+), 1 deletion(-) diff --git a/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc b/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc index 41a8f46ff0c77..256c0b7afb0e5 100644 --- a/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc +++ b/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc @@ -54,6 +54,30 @@ be specified. ==== Examples +For example, if you create the following token: + +[source,js] +-------------------------------------------------- +POST /_security/oauth2/token +{ + "grant_type" : "client_credentials" +} +-------------------------------------------------- +// CONSOLE + +The API returns the following information about the access token: + +[source,js] +-------------------------------------------------- +{ + "access_token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==", + "type" : "Bearer", + "expires_in" : 1200 +} +-------------------------------------------------- +// TESTRESPONSE[s/dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==/$body.access_token/] + + The following example invalidates the specified token immediately: [source,js] @@ -63,9 +87,25 @@ DELETE /_security/oauth2/token "token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==" } -------------------------------------------------- +// CONSOLE +// TEST[s/dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==/$body.access_token/] +// TEST[continued] + +If you used the `password` grant type to obtain a token for a user, the response +contains a refresh token. For example: + +[source,js] +-------------------------------------------------- +POST /_security/oauth2/token +{ + "grant_type" : "password", + "username" : "test_admin", + "password" : "x-pack-test-password" +} +-------------------------------------------------- // NOTCONSOLE -whereas the following example invalidates the specified refresh token immediately: +The following example invalidates the specified refresh token immediately: [source,js] -------------------------------------------------- From f0241b7980310a8b503db8799d0263ba19d5deb7 Mon Sep 17 00:00:00 2001 From: lcawl Date: Thu, 28 Feb 2019 14:39:36 -0800 Subject: [PATCH 05/17] [DOCS] Omit testing for SSL API --- x-pack/docs/build.gradle | 1 + x-pack/docs/en/rest-api/security/ssl.asciidoc | 8 +------- 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/x-pack/docs/build.gradle b/x-pack/docs/build.gradle index f64f70459a1d1..5e56414afed24 100644 --- a/x-pack/docs/build.gradle +++ b/x-pack/docs/build.gradle @@ -92,6 +92,7 @@ buildRestTests.docs = fileTree(projectDir) { exclude 'build' // These file simply doesn't pass yet. We should figure out how to fix them. exclude 'en/watcher/reference/actions.asciidoc' + exclude 'en/rest-api/security/ssl.asciidoc' } Map setups = buildRestTests.setups diff --git a/x-pack/docs/en/rest-api/security/ssl.asciidoc b/x-pack/docs/en/rest-api/security/ssl.asciidoc index d2982db437ec6..932bbe6014d7a 100644 --- a/x-pack/docs/en/rest-api/security/ssl.asciidoc +++ b/x-pack/docs/en/rest-api/security/ssl.asciidoc @@ -84,13 +84,7 @@ GET /_ssl/certificates // TEST The API returns the following results: -//// -[source,js] ----- -[ ] ----- -// TESTRESPONSE -//// + [source,js] ---- [ From 896e39a9937c98981e6fb3d201b2e848d4577d6e Mon Sep 17 00:00:00 2001 From: lcawl Date: Thu, 28 Feb 2019 14:49:48 -0800 Subject: [PATCH 06/17] [DOCS] Enables more examples in invalidate token API --- .../security/invalidate-tokens.asciidoc | 26 ++++++++++++++++--- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc b/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc index 256c0b7afb0e5..f93becaea1ade 100644 --- a/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc +++ b/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc @@ -103,18 +103,36 @@ POST /_security/oauth2/token "password" : "x-pack-test-password" } -------------------------------------------------- -// NOTCONSOLE +// CONSOLE +// TEST + +The API returns the following information: + +[source,js] +-------------------------------------------------- +{ + "access_token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==", + "type" : "Bearer", + "expires_in" : 1200, + "refresh_token": "vLBPvmAB6KvwvJZr27cS" +} +-------------------------------------------------- +// TESTRESPONSE[s/dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==/$body.access_token/] +// TESTRESPONSE[s/vLBPvmAB6KvwvJZr27cS/$body.refresh_token/] -The following example invalidates the specified refresh token immediately: +You can invalidate the specified refresh token as follows: [source,js] -------------------------------------------------- DELETE /_security/oauth2/token { - "refresh_token" : "movUJjPGRRC0PQ7+NW0eag" + "refresh_token" : "vLBPvmAB6KvwvJZr27cS" } -------------------------------------------------- -// NOTCONSOLE +// CONSOLE +// TEST[s/vLBPvmAB6KvwvJZr27cS/$body.refresh_token/] +// TEST[continued] + The following example invalidates all access tokens and refresh tokens for the `saml1` realm immediately: From b4d80a75de2fe579976d1978cab6e61282cd273a Mon Sep 17 00:00:00 2001 From: lcawl Date: Thu, 28 Feb 2019 14:59:17 -0800 Subject: [PATCH 07/17] [DOCS] Enables final example in invalidate token API --- .../docs/en/rest-api/security/invalidate-tokens.asciidoc | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc b/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc index f93becaea1ade..ff032714b1e3a 100644 --- a/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc +++ b/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc @@ -144,7 +144,8 @@ DELETE /_security/oauth2/token "realm_name" : "saml1" } -------------------------------------------------- -// NOTCONSOLE +// CONSOLE +// TEST The following example invalidates all access tokens and refresh tokens for the user `myuser` in all realms immediately: @@ -156,7 +157,7 @@ DELETE /_security/oauth2/token "username" : "myuser" } -------------------------------------------------- -// NOTCONSOLE +// CONSOLE Finally, the following example invalidates all access tokens and refresh tokens for the user `myuser` in the `saml1` realm immediately: @@ -169,7 +170,7 @@ DELETE /_security/oauth2/token "realm_name" : "saml1" } -------------------------------------------------- -// NOTCONSOLE +// CONSOLE A successful call returns a JSON structure that contains the number of tokens that were invalidated, the number of tokens that had already been invalidated, From ada09638f8b7d81c86cd9fa5229f106b5ab386dd Mon Sep 17 00:00:00 2001 From: Ioannis Kakavas Date: Fri, 1 Mar 2019 10:42:06 -0800 Subject: [PATCH 08/17] Update x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc Co-Authored-By: lcawl --- x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc b/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc index ff032714b1e3a..d92fa2f748646 100644 --- a/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc +++ b/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc @@ -54,7 +54,8 @@ be specified. ==== Examples -For example, if you create the following token: +For example, if you create a token using the +`client_credentials` `grant_type` as follows: [source,js] -------------------------------------------------- From 5c623dee72d66292949bf137d2321b95d078ee48 Mon Sep 17 00:00:00 2001 From: Ioannis Kakavas Date: Fri, 1 Mar 2019 10:42:29 -0800 Subject: [PATCH 09/17] Update x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc Co-Authored-By: lcawl --- x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc b/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc index d92fa2f748646..36245bf201179 100644 --- a/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc +++ b/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc @@ -66,7 +66,7 @@ POST /_security/oauth2/token -------------------------------------------------- // CONSOLE -The API returns the following information about the access token: +The Get Token API returns the following information about the access token: [source,js] -------------------------------------------------- From a3e75d648d136a20678a5e1304c7901a09c88360 Mon Sep 17 00:00:00 2001 From: Ioannis Kakavas Date: Fri, 1 Mar 2019 10:43:35 -0800 Subject: [PATCH 10/17] Update x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc Co-Authored-By: lcawl --- x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc b/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc index 36245bf201179..92b6c4011c353 100644 --- a/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc +++ b/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc @@ -93,7 +93,7 @@ DELETE /_security/oauth2/token // TEST[continued] If you used the `password` grant type to obtain a token for a user, the response -contains a refresh token. For example: +might also contain a refresh token. For example: [source,js] -------------------------------------------------- From 49aefcb3f48d0ef207e87f4fd4e83bd8eb3d6b64 Mon Sep 17 00:00:00 2001 From: Ioannis Kakavas Date: Fri, 1 Mar 2019 10:43:50 -0800 Subject: [PATCH 11/17] Update x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc Co-Authored-By: lcawl --- x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc b/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc index 92b6c4011c353..c0b7f8a36de67 100644 --- a/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc +++ b/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc @@ -107,7 +107,7 @@ POST /_security/oauth2/token // CONSOLE // TEST -The API returns the following information: +The Get Token API returns the following information: [source,js] -------------------------------------------------- From a1fe03d1bfff31e8dc16b5550f90a387bc3a037b Mon Sep 17 00:00:00 2001 From: Ioannis Kakavas Date: Fri, 1 Mar 2019 10:44:24 -0800 Subject: [PATCH 12/17] Update x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc Co-Authored-By: lcawl --- x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc b/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc index c0b7f8a36de67..ea952736d7ed8 100644 --- a/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc +++ b/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc @@ -121,7 +121,8 @@ The Get Token API returns the following information: // TESTRESPONSE[s/dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==/$body.access_token/] // TESTRESPONSE[s/vLBPvmAB6KvwvJZr27cS/$body.refresh_token/] -You can invalidate the specified refresh token as follows: +The refresh token can now also be immediately invalidated as shown +in the following example:" [source,js] -------------------------------------------------- From 263109cc2ad7aa1c1830edf09e09ae35b44fb4ca Mon Sep 17 00:00:00 2001 From: lcawl Date: Fri, 1 Mar 2019 10:49:34 -0800 Subject: [PATCH 13/17] [DOCS] Addresses additional feedback --- .../rest-api/security/invalidate-tokens.asciidoc | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc b/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc index ea952736d7ed8..123451616e7f2 100644 --- a/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc +++ b/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc @@ -54,8 +54,8 @@ be specified. ==== Examples -For example, if you create a token using the -`client_credentials` `grant_type` as follows: +For example, if you create a token using the `client_credentials` grant type as +follows: [source,js] -------------------------------------------------- @@ -66,7 +66,7 @@ POST /_security/oauth2/token -------------------------------------------------- // CONSOLE -The Get Token API returns the following information about the access token: +The get token API returns the following information about the access token: [source,js] -------------------------------------------------- @@ -78,8 +78,8 @@ The Get Token API returns the following information about the access token: -------------------------------------------------- // TESTRESPONSE[s/dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==/$body.access_token/] - -The following example invalidates the specified token immediately: +This access token can now be immediately invalidated, as shown in the following +example: [source,js] -------------------------------------------------- @@ -107,7 +107,7 @@ POST /_security/oauth2/token // CONSOLE // TEST -The Get Token API returns the following information: +The get token API returns the following information: [source,js] -------------------------------------------------- @@ -122,7 +122,7 @@ The Get Token API returns the following information: // TESTRESPONSE[s/vLBPvmAB6KvwvJZr27cS/$body.refresh_token/] The refresh token can now also be immediately invalidated as shown -in the following example:" +in the following example: [source,js] -------------------------------------------------- @@ -135,7 +135,6 @@ DELETE /_security/oauth2/token // TEST[s/vLBPvmAB6KvwvJZr27cS/$body.refresh_token/] // TEST[continued] - The following example invalidates all access tokens and refresh tokens for the `saml1` realm immediately: From 9a655b9d31f66056ff14c69bb37f31ddbcec1e78 Mon Sep 17 00:00:00 2001 From: lcawl Date: Fri, 1 Mar 2019 14:07:02 -0800 Subject: [PATCH 14/17] [DOCS] Removed CONSOLE from delete API examples --- .../en/rest-api/security/invalidate-tokens.asciidoc | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc b/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc index 123451616e7f2..67ff5bbc770e6 100644 --- a/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc +++ b/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc @@ -88,7 +88,7 @@ DELETE /_security/oauth2/token "token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==" } -------------------------------------------------- -// CONSOLE +// KIBANA // TEST[s/dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==/$body.access_token/] // TEST[continued] @@ -131,7 +131,7 @@ DELETE /_security/oauth2/token "refresh_token" : "vLBPvmAB6KvwvJZr27cS" } -------------------------------------------------- -// CONSOLE +// KIBANA // TEST[s/vLBPvmAB6KvwvJZr27cS/$body.refresh_token/] // TEST[continued] @@ -145,7 +145,7 @@ DELETE /_security/oauth2/token "realm_name" : "saml1" } -------------------------------------------------- -// CONSOLE +// KIBANA // TEST The following example invalidates all access tokens and refresh tokens for the @@ -158,7 +158,7 @@ DELETE /_security/oauth2/token "username" : "myuser" } -------------------------------------------------- -// CONSOLE +// KIBANA Finally, the following example invalidates all access tokens and refresh tokens for the user `myuser` in the `saml1` realm immediately: @@ -171,7 +171,7 @@ DELETE /_security/oauth2/token "realm_name" : "saml1" } -------------------------------------------------- -// CONSOLE +// KIBANA A successful call returns a JSON structure that contains the number of tokens that were invalidated, the number of tokens that had already been invalidated, From 57f0745a761f757aaca9101e239b766ea9599388 Mon Sep 17 00:00:00 2001 From: lcawl Date: Fri, 1 Mar 2019 15:17:07 -0800 Subject: [PATCH 15/17] [DOCS] Converts all examples to copy-as-curl --- .../docs/en/rest-api/security/invalidate-tokens.asciidoc | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc b/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc index 67ff5bbc770e6..0b74b4b79a125 100644 --- a/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc +++ b/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc @@ -64,7 +64,8 @@ POST /_security/oauth2/token "grant_type" : "client_credentials" } -------------------------------------------------- -// CONSOLE +// KIBANA +// TEST The get token API returns the following information about the access token: @@ -76,6 +77,7 @@ The get token API returns the following information about the access token: "expires_in" : 1200 } -------------------------------------------------- +// KIBANA // TESTRESPONSE[s/dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==/$body.access_token/] This access token can now be immediately invalidated, as shown in the following @@ -104,7 +106,7 @@ POST /_security/oauth2/token "password" : "x-pack-test-password" } -------------------------------------------------- -// CONSOLE +// KIBANA // TEST The get token API returns the following information: @@ -118,6 +120,7 @@ The get token API returns the following information: "refresh_token": "vLBPvmAB6KvwvJZr27cS" } -------------------------------------------------- +// KIBANA // TESTRESPONSE[s/dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==/$body.access_token/] // TESTRESPONSE[s/vLBPvmAB6KvwvJZr27cS/$body.refresh_token/] @@ -159,6 +162,7 @@ DELETE /_security/oauth2/token } -------------------------------------------------- // KIBANA +// TEST Finally, the following example invalidates all access tokens and refresh tokens for the user `myuser` in the `saml1` realm immediately: @@ -172,6 +176,7 @@ DELETE /_security/oauth2/token } -------------------------------------------------- // KIBANA +// TEST A successful call returns a JSON structure that contains the number of tokens that were invalidated, the number of tokens that had already been invalidated, From fa3618fce9d7a7bbcae58207d39616cdf92958a0 Mon Sep 17 00:00:00 2001 From: lcawl Date: Fri, 1 Mar 2019 15:54:33 -0800 Subject: [PATCH 16/17] [DOCS] Adds invalidate token API to gradle exceptions --- x-pack/docs/build.gradle | 1 + 1 file changed, 1 insertion(+) diff --git a/x-pack/docs/build.gradle b/x-pack/docs/build.gradle index 5e56414afed24..db64619726581 100644 --- a/x-pack/docs/build.gradle +++ b/x-pack/docs/build.gradle @@ -93,6 +93,7 @@ buildRestTests.docs = fileTree(projectDir) { // These file simply doesn't pass yet. We should figure out how to fix them. exclude 'en/watcher/reference/actions.asciidoc' exclude 'en/rest-api/security/ssl.asciidoc' + exclude 'en/rest-api/security/invalidate-tokens.asciidoc' } Map setups = buildRestTests.setups From 5365a18cc497d52fc0a3133ae7657b29062f1f44 Mon Sep 17 00:00:00 2001 From: lcawl Date: Thu, 7 Mar 2019 15:23:32 -0800 Subject: [PATCH 17/17] [DOCS] Re-enables console testing --- x-pack/docs/build.gradle | 1 - .../security/invalidate-tokens.asciidoc | 18 +++++++++--------- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/x-pack/docs/build.gradle b/x-pack/docs/build.gradle index db64619726581..5e56414afed24 100644 --- a/x-pack/docs/build.gradle +++ b/x-pack/docs/build.gradle @@ -93,7 +93,6 @@ buildRestTests.docs = fileTree(projectDir) { // These file simply doesn't pass yet. We should figure out how to fix them. exclude 'en/watcher/reference/actions.asciidoc' exclude 'en/rest-api/security/ssl.asciidoc' - exclude 'en/rest-api/security/invalidate-tokens.asciidoc' } Map setups = buildRestTests.setups diff --git a/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc b/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc index 0b74b4b79a125..13465dce6e862 100644 --- a/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc +++ b/x-pack/docs/en/rest-api/security/invalidate-tokens.asciidoc @@ -64,7 +64,7 @@ POST /_security/oauth2/token "grant_type" : "client_credentials" } -------------------------------------------------- -// KIBANA +// CONSOLE // TEST The get token API returns the following information about the access token: @@ -77,7 +77,7 @@ The get token API returns the following information about the access token: "expires_in" : 1200 } -------------------------------------------------- -// KIBANA +// CONSOLE // TESTRESPONSE[s/dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==/$body.access_token/] This access token can now be immediately invalidated, as shown in the following @@ -90,7 +90,7 @@ DELETE /_security/oauth2/token "token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==" } -------------------------------------------------- -// KIBANA +// CONSOLE // TEST[s/dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==/$body.access_token/] // TEST[continued] @@ -106,7 +106,7 @@ POST /_security/oauth2/token "password" : "x-pack-test-password" } -------------------------------------------------- -// KIBANA +// CONSOLE // TEST The get token API returns the following information: @@ -120,7 +120,7 @@ The get token API returns the following information: "refresh_token": "vLBPvmAB6KvwvJZr27cS" } -------------------------------------------------- -// KIBANA +// CONSOLE // TESTRESPONSE[s/dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==/$body.access_token/] // TESTRESPONSE[s/vLBPvmAB6KvwvJZr27cS/$body.refresh_token/] @@ -134,7 +134,7 @@ DELETE /_security/oauth2/token "refresh_token" : "vLBPvmAB6KvwvJZr27cS" } -------------------------------------------------- -// KIBANA +// CONSOLE // TEST[s/vLBPvmAB6KvwvJZr27cS/$body.refresh_token/] // TEST[continued] @@ -148,7 +148,7 @@ DELETE /_security/oauth2/token "realm_name" : "saml1" } -------------------------------------------------- -// KIBANA +// CONSOLE // TEST The following example invalidates all access tokens and refresh tokens for the @@ -161,7 +161,7 @@ DELETE /_security/oauth2/token "username" : "myuser" } -------------------------------------------------- -// KIBANA +// CONSOLE // TEST Finally, the following example invalidates all access tokens and refresh tokens @@ -175,7 +175,7 @@ DELETE /_security/oauth2/token "realm_name" : "saml1" } -------------------------------------------------- -// KIBANA +// CONSOLE // TEST A successful call returns a JSON structure that contains the number of tokens