Skip to content

[Docs] Update Query Roles API documentation #120740

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Jan 28, 2025
Merged

[Docs] Update Query Roles API documentation #120740

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
ccc7e93
[Docs] Update Query Roles API documentation
slobodanadamovic Jan 23, 2025
4772a16
fix docs yaml test responses
slobodanadamovic Jan 23, 2025
332632d
fix note section
slobodanadamovic Jan 23, 2025
a48ce85
Merge branch 'main' into sa-query-api-built-in-docs
slobodanadamovic Jan 28, 2025
1dd8f95
Update query-role.asciidoc
slobodanadamovic Jan 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion docs/build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,6 @@ testClusters.matching { it.name == "yamlRestTest"}.configureEach {
// TODO: remove this once cname is prepended to transport.publish_address by default in 8.0
systemProperty 'es.transport.cname_in_publish_address', 'true'

systemProperty 'es.queryable_built_in_roles_enabled', 'false'

requiresFeature 'es.index_mode_feature_flag_registered', Version.fromString("8.0.0")
requiresFeature 'es.failure_store_feature_flag_enabled', Version.fromString("8.12.0")
Expand Down
19 changes: 17 additions & 2 deletions docs/reference/rest-api/security/query-role.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,9 +31,13 @@ Retrieves roles with <<query-dsl,Query DSL>> in a <<paginate-search-results,pagi

The role management APIs are generally the preferred way to manage roles, rather than using
<<roles-management-file,file-based role management>>.
The query roles API does not retrieve roles that are defined in roles files, nor <<built-in-roles,built-in>> ones.
The query roles API does not retrieve roles that are defined in `roles.yml` files.
You can optionally filter the results with a query. Also, the results can be paginated and sorted.

NOTE: As of Elasticsearch version *8.18.0*, this API automatically returns <<built-in-roles,built-in>> roles as well.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: not sure if we want to mention an ES version here. Wouldn't current docs be >=8.18 already?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point! I'll remove it.

The built-in roles can be filtered out by using the `metadata._reserved` field in the query.
See <<security-api-query-role-example,example>> below.

[[security-api-query-role-request-body]]
==== {api-request-body-title}

Expand Down Expand Up @@ -127,12 +131,21 @@ It contains the array of values that have been used for sorting.
[[security-api-query-role-example]]
==== {api-examples-title}

The following request lists all roles, sorted by the role name:
The following request lists all roles (except built-in ones), sorted by the role name:

[source,console]
----
POST /_security/_query/role
{
"query": {
"bool": {
"must_not": {
"term": {
"metadata._reserved": true
}
}
}
},
"sort": ["name"]
}
----
Expand Down Expand Up @@ -222,6 +235,7 @@ retrieved for one or more roles:
]
}
----
// TESTRESPONSE[s/"total": 2/"total" : $body.total/]
// TEST[continued]

<1> The list of roles that were retrieved for this request
Expand Down Expand Up @@ -287,3 +301,4 @@ POST /_security/_query/role
]
}
----
// TESTRESPONSE[s/"total": 2/"total" : $body.total/]