Implement create enrollment token API #71438
Description
Create enrollment token API
As part of the security on be default project, we will be offering an enrollment process that allows new nodes to join a cluster, or clients to bootstrap their configuration to communicate with a cluster that is already running with security enabled. This enrollment process is based on the use of enrollment tokens.
Create enrollment token API can be called by the startup process or a user with appropriate privileges while elasticsearch is in the enrollment mode to obtain an enrollment token used to enroll a new node to the cluster or configure a new client to communicate with the cluster.
The API specification is as follows:
Request
POST /_cluster/enrollment_token
Prerequisites
The caller of the API needs to authenticate themselves as a user who is granted the manage_enrollment privilege
Response body
enrollment_token
A string that contains the enrollment token that can be used by other nodes and kibana.
Example request
curl -uelastic:password -X 'Content-Type: application/json' -XPOST https://192.168.0.43/_cluster/enrollment_token
Example response
{ "enrollment_token":"eyJhZHIiOiIxOTIuMTY4LjEuNDM6OTIwMSIsImZnciI6IjQ4OkNDOjZDOkY4Ojc2OjQzOjNDOjk3Ojg1OkI2OjI0OjQ1OjVCOkZGOkJEOjQwOjRCOkQ2OjM1OjgxOjUxOkU3OkE5Ojk5OjYwOkU0OjBBOkM4OjhEOkFFOjVDOjREIiwia2V5IjoiVnVhQ2ZHY0JDZGJrUW0tZTVhT3g6dWkybHAyYXhUTm1zeWFrdzl0dk5udyJ9Cg==" }
Related: #71437