Get Service Account Credentials API

edit

Get Service Account Credentials Request

edit

Retrieving all credentials for a service account can be performed by setting the namespace and service-name on GetServiceAccountCredentialsRequest:

final GetServiceAccountCredentialsRequest getServiceAccountCredentialsRequest =
    new GetServiceAccountCredentialsRequest("elastic", "fleet-server");

Synchronous execution

edit

When executing a GetServiceAccountCredentialsRequest in the following manner, the client waits for the GetServiceAccountCredentialsResponse to be returned before continuing with code execution:

final GetServiceAccountCredentialsResponse getServiceAccountCredentialsResponse =
    client.security().getServiceAccountCredentials(getServiceAccountCredentialsRequest, RequestOptions.DEFAULT);

Synchronous calls may throw an IOException in case of either failing to parse the REST response in the high-level REST client, the request times out or similar cases where there is no response coming back from the server.

In cases where the server returns a 4xx or 5xx error code, the high-level client tries to parse the response body error details instead and then throws a generic ElasticsearchException and adds the original ResponseException as a suppressed exception to it.

Asynchronous execution

edit

Executing a GetServiceAccountCredentialsRequest can also be done in an asynchronous fashion so that the client can return directly. Users need to specify how the response or potential failures will be handled by passing the request and a listener to the asynchronous get-service-account-credentials method:

client.security().getServiceAccountCredentialsAsync(
    getServiceAccountCredentialsRequest, RequestOptions.DEFAULT, listener); 

The GetServiceAccountCredentialsRequest to execute and the ActionListener to use when the execution completes

The asynchronous method does not block and returns immediately. Once it is completed the ActionListener is called back using the onResponse method if the execution successfully completed or using the onFailure method if it failed. Failure scenarios and expected exceptions are the same as in the synchronous execution case.

A typical listener for get-service-account-credentials looks like:

listener = new ActionListener<GetServiceAccountCredentialsResponse>() {
    @Override
    public void onResponse(GetServiceAccountCredentialsResponse getServiceAccountCredentialsResponse) {
        
    }

    @Override
    public void onFailure(Exception e) {
        
    }
};

Called when the execution is successfully completed.

Called when the whole GetServiceAccountCredentialsRequest fails.

Get Service Account Credentials Response

edit

The returned GetServiceAccountCredentialsResponse contains service tokens for the requested service account.

final String principal = getServiceAccountCredentialsResponse.getPrincipal(); 
final List<ServiceTokenInfo> indexTokenInfos = getServiceAccountCredentialsResponse.getIndexTokenInfos(); 
final String tokenName = indexTokenInfos.get(0).getName(); 
final String tokenSource = indexTokenInfos.get(0).getSource(); 
final Collection<String> nodeNames = indexTokenInfos.get(0).getNodeNames(); 
final List<ServiceTokenInfo> fileTokenInfos
    = getServiceAccountCredentialsResponse.getNodesResponse().getFileTokenInfos(); 
final NodesResponseHeader fileTokensResponseHeader
    = getServiceAccountCredentialsResponse.getNodesResponse().getHeader(); 
final int nSuccessful = fileTokensResponseHeader.getSuccessful(); 
final int nFailed = fileTokensResponseHeader.getFailed(); 

Principal of the service account

List of index-based service token information

Name of the first service token

Source of the first service token. The value is either file or index.

For file service tokens, names of the nodes where the information is collected.

List of file-based service token information

Response header containing the information about the execution of collecting file service tokens.

Number of nodes that successful complete the request of retrieving file-backed service tokens

Number of nodes that fail to complete the request of retrieving file-backed service tokens