in x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/support/SecuritySystemIndices.java [176:693]
private XContentBuilder getMainIndexMappings(SecurityMainIndexMappingVersion mappingVersion) {
try {
final XContentBuilder builder = jsonBuilder();
builder.startObject();
{
builder.startObject("_meta");
builder.field(SECURITY_VERSION_STRING, BWC_MAPPINGS_VERSION); // Only needed for BWC with pre-8.15.0 nodes
builder.field(SystemIndexDescriptor.VERSION_META_KEY, mappingVersion.id);
builder.endObject();
builder.field("dynamic", "strict");
builder.startObject("properties");
{
builder.startObject("username");
builder.field("type", "keyword");
builder.endObject();
builder.startObject("roles");
builder.field("type", "keyword");
builder.endObject();
builder.startObject("role_templates");
{
builder.startObject("properties");
{
builder.startObject("template");
builder.field("type", "text");
builder.endObject();
builder.startObject("format");
builder.field("type", "keyword");
builder.endObject();
}
builder.endObject();
}
builder.endObject();
builder.startObject("password");
builder.field("type", "keyword");
builder.field("index", false);
builder.field("doc_values", false);
builder.endObject();
builder.startObject("full_name");
builder.field("type", "text");
builder.endObject();
builder.startObject("email");
builder.field("type", "text");
builder.field("analyzer", "email");
builder.endObject();
builder.startObject("metadata");
builder.field("type", "object");
builder.field("dynamic", false);
builder.endObject();
builder.startObject("metadata_flattened");
builder.field("type", "flattened");
builder.endObject();
builder.startObject("enabled");
builder.field("type", "boolean");
builder.endObject();
builder.startObject("cluster");
builder.field("type", "keyword");
builder.endObject();
builder.startObject("indices");
{
builder.field("type", "object");
builder.startObject("properties");
{
builder.startObject("field_security");
{
builder.startObject("properties");
{
builder.startObject("grant");
builder.field("type", "keyword");
builder.endObject();
builder.startObject("except");
builder.field("type", "keyword");
builder.endObject();
}
builder.endObject();
}
builder.endObject();
builder.startObject("names");
builder.field("type", "keyword");
builder.endObject();
builder.startObject("privileges");
builder.field("type", "keyword");
builder.endObject();
builder.startObject("query");
builder.field("type", "keyword");
builder.endObject();
builder.startObject("allow_restricted_indices");
builder.field("type", "boolean");
builder.endObject();
}
builder.endObject();
}
builder.endObject();
builder.startObject("remote_indices");
{
builder.field("type", "object");
builder.startObject("properties");
{
builder.startObject("field_security");
{
builder.startObject("properties");
{
builder.startObject("grant");
builder.field("type", "keyword");
builder.endObject();
builder.startObject("except");
builder.field("type", "keyword");
builder.endObject();
}
builder.endObject();
}
builder.endObject();
builder.startObject("names");
builder.field("type", "keyword");
builder.endObject();
builder.startObject("privileges");
builder.field("type", "keyword");
builder.endObject();
builder.startObject("query");
builder.field("type", "keyword");
builder.endObject();
builder.startObject("allow_restricted_indices");
builder.field("type", "boolean");
builder.endObject();
builder.startObject("clusters");
builder.field("type", "keyword");
builder.endObject();
}
builder.endObject();
}
builder.endObject();
if (mappingVersion.onOrAfter(SecurityMainIndexMappingVersion.ADD_REMOTE_CLUSTER_AND_DESCRIPTION_FIELDS)) {
builder.startObject("remote_cluster");
{
builder.field("type", "object");
builder.startObject("properties");
{
builder.startObject("clusters");
builder.field("type", "keyword");
builder.endObject();
builder.startObject("privileges");
builder.field("type", "keyword");
builder.endObject();
}
builder.endObject();
}
builder.endObject();
}
builder.startObject("applications");
{
builder.field("type", "object");
builder.startObject("properties");
{
builder.startObject("application");
builder.field("type", "keyword");
builder.endObject();
builder.startObject("privileges");
builder.field("type", "keyword");
builder.endObject();
builder.startObject("resources");
builder.field("type", "keyword");
builder.endObject();
}
builder.endObject();
}
builder.endObject();
builder.startObject("application");
builder.field("type", "keyword");
builder.endObject();
builder.startObject("global");
{
builder.field("type", "object");
builder.startObject("properties");
{
builder.startObject("application");
{
builder.field("type", "object");
builder.startObject("properties");
{
builder.startObject("manage");
{
builder.field("type", "object");
builder.startObject("properties");
{
builder.startObject("applications");
builder.field("type", "keyword");
builder.endObject();
}
builder.endObject();
}
builder.endObject();
}
builder.endObject();
}
builder.endObject();
builder.startObject("profile");
{
builder.field("type", "object");
builder.startObject("properties");
{
builder.startObject("write");
{
builder.field("type", "object");
builder.startObject("properties");
{
builder.startObject("applications");
builder.field("type", "keyword");
builder.endObject();
}
builder.endObject();
}
builder.endObject();
}
builder.endObject();
}
builder.endObject();
if (mappingVersion.onOrAfter(ADD_MANAGE_ROLES_PRIVILEGE)) {
builder.startObject("role");
{
builder.field("type", "object");
builder.startObject("properties");
{
builder.startObject("manage");
{
builder.field("type", "object");
builder.startObject("properties");
{
builder.startObject("indices");
{
builder.startObject("properties");
{
builder.startObject("names");
builder.field("type", "keyword");
builder.endObject();
builder.startObject("privileges");
builder.field("type", "keyword");
builder.endObject();
}
builder.endObject();
}
builder.endObject();
}
builder.endObject();
}
builder.endObject();
}
builder.endObject();
}
builder.endObject();
}
}
builder.endObject();
}
builder.endObject();
builder.startObject("name");
builder.field("type", "keyword");
builder.endObject();
if (mappingVersion.onOrAfter(SecurityMainIndexMappingVersion.ADD_REMOTE_CLUSTER_AND_DESCRIPTION_FIELDS)) {
builder.startObject("description");
builder.field("type", "text");
builder.endObject();
}
builder.startObject("run_as");
builder.field("type", "keyword");
builder.endObject();
builder.startObject("doc_type");
builder.field("type", "keyword");
builder.endObject();
builder.startObject("type");
builder.field("type", "keyword");
builder.endObject();
builder.startObject("actions");
builder.field("type", "keyword");
builder.endObject();
builder.startObject("expiration_time");
builder.field("type", "date");
builder.field("format", "epoch_millis");
builder.endObject();
builder.startObject("creation_time");
builder.field("type", "date");
builder.field("format", "epoch_millis");
builder.endObject();
builder.startObject("invalidation_time");
builder.field("type", "date");
builder.field("format", "epoch_millis");
builder.endObject();
builder.startObject("api_key_hash");
builder.field("type", "keyword");
builder.field("index", false);
builder.field("doc_values", false);
builder.endObject();
builder.startObject("api_key_invalidated");
builder.field("type", "boolean");
builder.endObject();
builder.startObject("role_descriptors");
builder.field("type", "object");
builder.field("enabled", false);
builder.endObject();
builder.startObject("limited_by_role_descriptors");
builder.field("type", "object");
builder.field("enabled", false);
builder.endObject();
builder.startObject("version");
builder.field("type", "integer");
builder.endObject();
builder.startObject("creator");
{
builder.field("type", "object");
builder.startObject("properties");
{
builder.startObject("principal");
builder.field("type", "keyword");
builder.endObject();
builder.startObject("full_name");
builder.field("type", "text");
builder.endObject();
builder.startObject("email");
builder.field("type", "text");
builder.field("analyzer", "email");
builder.endObject();
builder.startObject("metadata");
builder.field("type", "object");
builder.field("dynamic", false);
builder.endObject();
builder.startObject("realm");
builder.field("type", "keyword");
builder.endObject();
builder.startObject("realm_type");
builder.field("type", "keyword");
builder.endObject();
defineRealmDomain(builder, "realm_domain");
}
builder.endObject();
}
builder.endObject();
builder.startObject("rules");
builder.field("type", "object");
builder.field("dynamic", false);
builder.endObject();
builder.startObject("refresh_token");
{
builder.field("type", "object");
builder.startObject("properties");
{
builder.startObject("token");
builder.field("type", "keyword");
builder.endObject();
builder.startObject("refreshed");
builder.field("type", "boolean");
builder.endObject();
builder.startObject("refresh_time");
builder.field("type", "date");
builder.field("format", "epoch_millis");
builder.endObject();
builder.startObject("superseding");
{
builder.field("type", "object");
builder.startObject("properties");
{
builder.startObject("encrypted_tokens");
builder.field("type", "binary");
builder.endObject();
builder.startObject("encryption_iv");
builder.field("type", "binary");
builder.endObject();
builder.startObject("encryption_salt");
builder.field("type", "binary");
builder.endObject();
}
builder.endObject();
}
builder.endObject();
builder.startObject("invalidated");
builder.field("type", "boolean");
builder.endObject();
builder.startObject("client");
{
builder.field("type", "object");
builder.startObject("properties");
{
builder.startObject("type");
builder.field("type", "keyword");
builder.endObject();
builder.startObject("user");
builder.field("type", "keyword");
builder.endObject();
builder.startObject("realm");
builder.field("type", "keyword");
builder.endObject();
}
builder.endObject();
}
builder.endObject();
}
builder.endObject();
}
builder.endObject();
builder.startObject("access_token");
{
builder.field("type", "object");
builder.startObject("properties");
{
builder.startObject("user_token");
{
builder.field("type", "object");
builder.startObject("properties");
{
builder.startObject("id");
builder.field("type", "keyword");
builder.endObject();
builder.startObject("expiration_time");
builder.field("type", "date");
builder.field("format", "epoch_millis");
builder.endObject();
builder.startObject("version");
builder.field("type", "integer");
builder.endObject();
builder.startObject("metadata");
builder.field("type", "object");
builder.field("dynamic", false);
builder.endObject();
builder.startObject("authentication");
builder.field("type", "binary");
builder.endObject();
}
builder.endObject();
}
builder.endObject();
builder.startObject("invalidated");
builder.field("type", "boolean");
builder.endObject();
builder.startObject("realm");
builder.field("type", "keyword");
builder.endObject();
}
builder.endObject();
}
builder.endObject();
}
builder.endObject();
}
builder.endObject();
return builder;
} catch (IOException e) {
logger.fatal("Failed to build " + MAIN_INDEX_CONCRETE_NAME + " index mappings", e);
throw new UncheckedIOException("Failed to build " + MAIN_INDEX_CONCRETE_NAME + " index mappings", e);
}
}