All Downloads are FREE. Search and download functionalities are using the official Maven repository.

co.elastic.clients.elasticsearch.security.ElasticsearchSecurityAsyncClient Maven / Gradle / Ivy

The newest version!
/*
 * Licensed to Elasticsearch B.V. under one or more contributor
 * license agreements. See the NOTICE file distributed with
 * this work for additional information regarding copyright
 * ownership. Elasticsearch B.V. licenses this file to you under
 * the Apache License, Version 2.0 (the "License"); you may
 * not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */

package co.elastic.clients.elasticsearch.security;

import co.elastic.clients.ApiClient;
import co.elastic.clients.elasticsearch._types.ErrorResponse;
import co.elastic.clients.transport.ElasticsearchTransport;
import co.elastic.clients.transport.Endpoint;
import co.elastic.clients.transport.JsonEndpoint;
import co.elastic.clients.transport.Transport;
import co.elastic.clients.transport.TransportOptions;
import co.elastic.clients.transport.endpoints.BooleanResponse;
import co.elastic.clients.util.ObjectBuilder;
import java.util.concurrent.CompletableFuture;
import java.util.function.Function;
import javax.annotation.Nullable;

//----------------------------------------------------------------
//       THIS CODE IS GENERATED. MANUAL EDITS WILL BE LOST.
//----------------------------------------------------------------
//
// This code is generated from the Elasticsearch API specification
// at https://github.com/elastic/elasticsearch-specification
//
// Manual updates to this file will be lost when the code is
// re-generated.
//
// If you find a property that is missing or wrongly typed, please
// open an issue or a PR on the API specification repository.
//
//----------------------------------------------------------------

/**
 * Client for the security namespace.
 */
public class ElasticsearchSecurityAsyncClient
		extends
			ApiClient {

	public ElasticsearchSecurityAsyncClient(ElasticsearchTransport transport) {
		super(transport, null);
	}

	public ElasticsearchSecurityAsyncClient(ElasticsearchTransport transport,
			@Nullable TransportOptions transportOptions) {
		super(transport, transportOptions);
	}

	@Override
	public ElasticsearchSecurityAsyncClient withTransportOptions(@Nullable TransportOptions transportOptions) {
		return new ElasticsearchSecurityAsyncClient(this.transport, transportOptions);
	}

	// ----- Endpoint: security.activate_user_profile

	/**
	 * Activate a user profile.
	 * 

* Create or update a user profile on behalf of another user. *

* NOTE: The user profile feature is designed only for use by Kibana and * Elastic's Observability, Enterprise Search, and Elastic Security solutions. * Individual users and external applications should not call this API directly. * The calling application must have either an access_token or a * combination of username and password for the user * that the profile document is intended for. Elastic reserves the right to * change or remove this feature in future releases without prior notice. *

* This API creates or updates a profile document for end users with information * that is extracted from the user's authentication object including * username, full_name, roles, and the * authentication realm. For example, in the JWT access_token case, * the profile user's username is extracted from the JWT token * claim pointed to by the claims.principal setting of the JWT * realm that authenticated the token. *

* When updating a profile document, the API enables the document if it was * disabled. Any updates do not change existing content for either the * labels or data fields. * * @see Documentation * on elastic.co */ public CompletableFuture activateUserProfile(ActivateUserProfileRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) ActivateUserProfileRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Activate a user profile. *

* Create or update a user profile on behalf of another user. *

* NOTE: The user profile feature is designed only for use by Kibana and * Elastic's Observability, Enterprise Search, and Elastic Security solutions. * Individual users and external applications should not call this API directly. * The calling application must have either an access_token or a * combination of username and password for the user * that the profile document is intended for. Elastic reserves the right to * change or remove this feature in future releases without prior notice. *

* This API creates or updates a profile document for end users with information * that is extracted from the user's authentication object including * username, full_name, roles, and the * authentication realm. For example, in the JWT access_token case, * the profile user's username is extracted from the JWT token * claim pointed to by the claims.principal setting of the JWT * realm that authenticated the token. *

* When updating a profile document, the API enables the document if it was * disabled. Any updates do not change existing content for either the * labels or data fields. * * @param fn * a function that initializes a builder to create the * {@link ActivateUserProfileRequest} * @see Documentation * on elastic.co */ public final CompletableFuture activateUserProfile( Function> fn) { return activateUserProfile(fn.apply(new ActivateUserProfileRequest.Builder()).build()); } // ----- Endpoint: security.authenticate /** * Authenticate a user. *

* Authenticates a user and returns information about the authenticated user. * Include the user information in a * basic * auth header. A successful call returns a JSON structure that shows user * information such as their username, the roles that are assigned to the user, * any assigned metadata, and information about the realms that authenticated * and authorized the user. If the user cannot be authenticated, this API * returns a 401 status code. * * @see Documentation * on elastic.co */ public CompletableFuture authenticate() { return this.transport.performRequestAsync(AuthenticateRequest._INSTANCE, AuthenticateRequest._ENDPOINT, this.transportOptions); } // ----- Endpoint: security.bulk_delete_role /** * Bulk delete roles. *

* The role management APIs are generally the preferred way to manage roles, * rather than using file-based role management. The bulk delete roles API * cannot delete roles that are defined in roles files. * * @see Documentation * on elastic.co */ public CompletableFuture bulkDeleteRole(BulkDeleteRoleRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) BulkDeleteRoleRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Bulk delete roles. *

* The role management APIs are generally the preferred way to manage roles, * rather than using file-based role management. The bulk delete roles API * cannot delete roles that are defined in roles files. * * @param fn * a function that initializes a builder to create the * {@link BulkDeleteRoleRequest} * @see Documentation * on elastic.co */ public final CompletableFuture bulkDeleteRole( Function> fn) { return bulkDeleteRole(fn.apply(new BulkDeleteRoleRequest.Builder()).build()); } // ----- Endpoint: security.bulk_put_role /** * Bulk create or update roles. *

* The role management APIs are generally the preferred way to manage roles, * rather than using file-based role management. The bulk create or update roles * API cannot update roles that are defined in roles files. * * @see Documentation * on elastic.co */ public CompletableFuture bulkPutRole(BulkPutRoleRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) BulkPutRoleRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Bulk create or update roles. *

* The role management APIs are generally the preferred way to manage roles, * rather than using file-based role management. The bulk create or update roles * API cannot update roles that are defined in roles files. * * @param fn * a function that initializes a builder to create the * {@link BulkPutRoleRequest} * @see Documentation * on elastic.co */ public final CompletableFuture bulkPutRole( Function> fn) { return bulkPutRole(fn.apply(new BulkPutRoleRequest.Builder()).build()); } // ----- Endpoint: security.bulk_update_api_keys /** * Bulk update API keys. Update the attributes for multiple API keys. *

* IMPORTANT: It is not possible to use an API key as the authentication * credential for this API. To update API keys, the owner user's credentials are * required. *

* This API is similar to the update API key API but enables you to apply the * same update to multiple API keys in one API call. This operation can greatly * improve performance over making individual updates. *

* It is not possible to update expired or invalidated API keys. *

* This API supports updates to API key access scope, metadata and expiration. * The access scope of each API key is derived from the * role_descriptors you specify in the request and a snapshot of * the owner user's permissions at the time of the request. The snapshot of the * owner's permissions is updated automatically on every call. *

* IMPORTANT: If you don't specify role_descriptors in the request, * a call to this API might still change an API key's access scope. This change * can occur if the owner user's permissions have changed since the API key was * created or last modified. *

* A successful request returns a JSON structure that contains the IDs of all * updated API keys, the IDs of API keys that already had the requested changes * and did not require an update, and error details for any failed update. * * @see Documentation * on elastic.co */ public CompletableFuture bulkUpdateApiKeys(BulkUpdateApiKeysRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) BulkUpdateApiKeysRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Bulk update API keys. Update the attributes for multiple API keys. *

* IMPORTANT: It is not possible to use an API key as the authentication * credential for this API. To update API keys, the owner user's credentials are * required. *

* This API is similar to the update API key API but enables you to apply the * same update to multiple API keys in one API call. This operation can greatly * improve performance over making individual updates. *

* It is not possible to update expired or invalidated API keys. *

* This API supports updates to API key access scope, metadata and expiration. * The access scope of each API key is derived from the * role_descriptors you specify in the request and a snapshot of * the owner user's permissions at the time of the request. The snapshot of the * owner's permissions is updated automatically on every call. *

* IMPORTANT: If you don't specify role_descriptors in the request, * a call to this API might still change an API key's access scope. This change * can occur if the owner user's permissions have changed since the API key was * created or last modified. *

* A successful request returns a JSON structure that contains the IDs of all * updated API keys, the IDs of API keys that already had the requested changes * and did not require an update, and error details for any failed update. * * @param fn * a function that initializes a builder to create the * {@link BulkUpdateApiKeysRequest} * @see Documentation * on elastic.co */ public final CompletableFuture bulkUpdateApiKeys( Function> fn) { return bulkUpdateApiKeys(fn.apply(new BulkUpdateApiKeysRequest.Builder()).build()); } // ----- Endpoint: security.change_password /** * Change passwords. *

* Change the passwords of users in the native realm and built-in users. * * @see Documentation * on elastic.co */ public CompletableFuture changePassword(ChangePasswordRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) ChangePasswordRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Change passwords. *

* Change the passwords of users in the native realm and built-in users. * * @param fn * a function that initializes a builder to create the * {@link ChangePasswordRequest} * @see Documentation * on elastic.co */ public final CompletableFuture changePassword( Function> fn) { return changePassword(fn.apply(new ChangePasswordRequest.Builder()).build()); } /** * Change passwords. *

* Change the passwords of users in the native realm and built-in users. * * @see Documentation * on elastic.co */ public CompletableFuture changePassword() { return this.transport.performRequestAsync(new ChangePasswordRequest.Builder().build(), ChangePasswordRequest._ENDPOINT, this.transportOptions); } // ----- Endpoint: security.clear_api_key_cache /** * Clear the API key cache. *

* Evict a subset of all entries from the API key cache. The cache is also * automatically cleared on state changes of the security index. * * @see Documentation * on elastic.co */ public CompletableFuture clearApiKeyCache(ClearApiKeyCacheRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) ClearApiKeyCacheRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Clear the API key cache. *

* Evict a subset of all entries from the API key cache. The cache is also * automatically cleared on state changes of the security index. * * @param fn * a function that initializes a builder to create the * {@link ClearApiKeyCacheRequest} * @see Documentation * on elastic.co */ public final CompletableFuture clearApiKeyCache( Function> fn) { return clearApiKeyCache(fn.apply(new ClearApiKeyCacheRequest.Builder()).build()); } // ----- Endpoint: security.clear_cached_privileges /** * Clear the privileges cache. *

* Evict privileges from the native application privilege cache. The cache is * also automatically cleared for applications that have their privileges * updated. * * @see Documentation * on elastic.co */ public CompletableFuture clearCachedPrivileges( ClearCachedPrivilegesRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) ClearCachedPrivilegesRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Clear the privileges cache. *

* Evict privileges from the native application privilege cache. The cache is * also automatically cleared for applications that have their privileges * updated. * * @param fn * a function that initializes a builder to create the * {@link ClearCachedPrivilegesRequest} * @see Documentation * on elastic.co */ public final CompletableFuture clearCachedPrivileges( Function> fn) { return clearCachedPrivileges(fn.apply(new ClearCachedPrivilegesRequest.Builder()).build()); } // ----- Endpoint: security.clear_cached_realms /** * Clear the user cache. *

* Evict users from the user cache. You can completely clear the cache or evict * specific users. *

* User credentials are cached in memory on each node to avoid connecting to a * remote authentication service or hitting the disk for every incoming request. * There are realm settings that you can use to configure the user cache. For * more information, refer to the documentation about controlling the user * cache. * * @see Documentation * on elastic.co */ public CompletableFuture clearCachedRealms(ClearCachedRealmsRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) ClearCachedRealmsRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Clear the user cache. *

* Evict users from the user cache. You can completely clear the cache or evict * specific users. *

* User credentials are cached in memory on each node to avoid connecting to a * remote authentication service or hitting the disk for every incoming request. * There are realm settings that you can use to configure the user cache. For * more information, refer to the documentation about controlling the user * cache. * * @param fn * a function that initializes a builder to create the * {@link ClearCachedRealmsRequest} * @see Documentation * on elastic.co */ public final CompletableFuture clearCachedRealms( Function> fn) { return clearCachedRealms(fn.apply(new ClearCachedRealmsRequest.Builder()).build()); } // ----- Endpoint: security.clear_cached_roles /** * Clear the roles cache. *

* Evict roles from the native role cache. * * @see Documentation * on elastic.co */ public CompletableFuture clearCachedRoles(ClearCachedRolesRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) ClearCachedRolesRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Clear the roles cache. *

* Evict roles from the native role cache. * * @param fn * a function that initializes a builder to create the * {@link ClearCachedRolesRequest} * @see Documentation * on elastic.co */ public final CompletableFuture clearCachedRoles( Function> fn) { return clearCachedRoles(fn.apply(new ClearCachedRolesRequest.Builder()).build()); } // ----- Endpoint: security.clear_cached_service_tokens /** * Clear service account token caches. *

* Evict a subset of all entries from the service account token caches. Two * separate caches exist for service account tokens: one cache for tokens backed * by the service_tokens file, and another for tokens backed by the * .security index. This API clears matching entries from both * caches. *

* The cache for service account tokens backed by the .security * index is cleared automatically on state changes of the security index. The * cache for tokens backed by the service_tokens file is cleared * automatically on file changes. * * @see Documentation * on elastic.co */ public CompletableFuture clearCachedServiceTokens( ClearCachedServiceTokensRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) ClearCachedServiceTokensRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Clear service account token caches. *

* Evict a subset of all entries from the service account token caches. Two * separate caches exist for service account tokens: one cache for tokens backed * by the service_tokens file, and another for tokens backed by the * .security index. This API clears matching entries from both * caches. *

* The cache for service account tokens backed by the .security * index is cleared automatically on state changes of the security index. The * cache for tokens backed by the service_tokens file is cleared * automatically on file changes. * * @param fn * a function that initializes a builder to create the * {@link ClearCachedServiceTokensRequest} * @see Documentation * on elastic.co */ public final CompletableFuture clearCachedServiceTokens( Function> fn) { return clearCachedServiceTokens(fn.apply(new ClearCachedServiceTokensRequest.Builder()).build()); } // ----- Endpoint: security.create_api_key /** * Create an API key. *

* Create an API key for access without requiring basic authentication. *

* IMPORTANT: If the credential that is used to authenticate this request is an * API key, the derived API key cannot have any privileges. If you specify * privileges, the API returns an error. *

* A successful request returns a JSON structure that contains the API key, its * unique id, and its name. If applicable, it also returns expiration * information for the API key in milliseconds. *

* NOTE: By default, API keys never expire. You can specify expiration * information when you create the API keys. *

* The API keys are created by the Elasticsearch API key service, which is * automatically enabled. To configure or turn off the API key service, refer to * API key service setting documentation. * * @see Documentation * on elastic.co */ public CompletableFuture createApiKey(CreateApiKeyRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) CreateApiKeyRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Create an API key. *

* Create an API key for access without requiring basic authentication. *

* IMPORTANT: If the credential that is used to authenticate this request is an * API key, the derived API key cannot have any privileges. If you specify * privileges, the API returns an error. *

* A successful request returns a JSON structure that contains the API key, its * unique id, and its name. If applicable, it also returns expiration * information for the API key in milliseconds. *

* NOTE: By default, API keys never expire. You can specify expiration * information when you create the API keys. *

* The API keys are created by the Elasticsearch API key service, which is * automatically enabled. To configure or turn off the API key service, refer to * API key service setting documentation. * * @param fn * a function that initializes a builder to create the * {@link CreateApiKeyRequest} * @see Documentation * on elastic.co */ public final CompletableFuture createApiKey( Function> fn) { return createApiKey(fn.apply(new CreateApiKeyRequest.Builder()).build()); } /** * Create an API key. *

* Create an API key for access without requiring basic authentication. *

* IMPORTANT: If the credential that is used to authenticate this request is an * API key, the derived API key cannot have any privileges. If you specify * privileges, the API returns an error. *

* A successful request returns a JSON structure that contains the API key, its * unique id, and its name. If applicable, it also returns expiration * information for the API key in milliseconds. *

* NOTE: By default, API keys never expire. You can specify expiration * information when you create the API keys. *

* The API keys are created by the Elasticsearch API key service, which is * automatically enabled. To configure or turn off the API key service, refer to * API key service setting documentation. * * @see Documentation * on elastic.co */ public CompletableFuture createApiKey() { return this.transport.performRequestAsync(new CreateApiKeyRequest.Builder().build(), CreateApiKeyRequest._ENDPOINT, this.transportOptions); } // ----- Endpoint: security.create_cross_cluster_api_key /** * Create a cross-cluster API key. *

* Create an API key of the cross_cluster type for the API key * based remote cluster access. A cross_cluster API key cannot be * used to authenticate through the REST interface. *

* IMPORTANT: To authenticate this request you must use a credential that is not * an API key. Even if you use an API key that has the required privilege, the * API returns an error. *

* Cross-cluster API keys are created by the Elasticsearch API key service, * which is automatically enabled. *

* NOTE: Unlike REST API keys, a cross-cluster API key does not capture * permissions of the authenticated user. The API key’s effective permission is * exactly as specified with the access property. *

* A successful request returns a JSON structure that contains the API key, its * unique ID, and its name. If applicable, it also returns expiration * information for the API key in milliseconds. *

* By default, API keys never expire. You can specify expiration information * when you create the API keys. *

* Cross-cluster API keys can only be updated with the update cross-cluster API * key API. Attempting to update them with the update REST API key API or the * bulk update REST API keys API will result in an error. * * @see Documentation * on elastic.co */ public CompletableFuture createCrossClusterApiKey( CreateCrossClusterApiKeyRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) CreateCrossClusterApiKeyRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Create a cross-cluster API key. *

* Create an API key of the cross_cluster type for the API key * based remote cluster access. A cross_cluster API key cannot be * used to authenticate through the REST interface. *

* IMPORTANT: To authenticate this request you must use a credential that is not * an API key. Even if you use an API key that has the required privilege, the * API returns an error. *

* Cross-cluster API keys are created by the Elasticsearch API key service, * which is automatically enabled. *

* NOTE: Unlike REST API keys, a cross-cluster API key does not capture * permissions of the authenticated user. The API key’s effective permission is * exactly as specified with the access property. *

* A successful request returns a JSON structure that contains the API key, its * unique ID, and its name. If applicable, it also returns expiration * information for the API key in milliseconds. *

* By default, API keys never expire. You can specify expiration information * when you create the API keys. *

* Cross-cluster API keys can only be updated with the update cross-cluster API * key API. Attempting to update them with the update REST API key API or the * bulk update REST API keys API will result in an error. * * @param fn * a function that initializes a builder to create the * {@link CreateCrossClusterApiKeyRequest} * @see Documentation * on elastic.co */ public final CompletableFuture createCrossClusterApiKey( Function> fn) { return createCrossClusterApiKey(fn.apply(new CreateCrossClusterApiKeyRequest.Builder()).build()); } // ----- Endpoint: security.create_service_token /** * Create a service account token. *

* Create a service accounts token for access without requiring basic * authentication. *

* NOTE: Service account tokens never expire. You must actively delete them if * they are no longer needed. * * @see Documentation * on elastic.co */ public CompletableFuture createServiceToken(CreateServiceTokenRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) CreateServiceTokenRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Create a service account token. *

* Create a service accounts token for access without requiring basic * authentication. *

* NOTE: Service account tokens never expire. You must actively delete them if * they are no longer needed. * * @param fn * a function that initializes a builder to create the * {@link CreateServiceTokenRequest} * @see Documentation * on elastic.co */ public final CompletableFuture createServiceToken( Function> fn) { return createServiceToken(fn.apply(new CreateServiceTokenRequest.Builder()).build()); } // ----- Endpoint: security.delegate_pki /** * Delegate PKI authentication. *

* This API implements the exchange of an X509Certificate chain for an * Elasticsearch access token. The certificate chain is validated, according to * RFC 5280, by sequentially considering the trust configuration of every * installed PKI realm that has delegation.enabled set to * true. A successfully trusted client certificate is also subject * to the validation of the subject distinguished name according to thw * username_pattern of the respective realm. *

* This API is called by smart and trusted proxies, such as Kibana, which * terminate the user's TLS session but still want to authenticate the user by * using a PKI realm—-​as if the user connected directly to Elasticsearch. *

* IMPORTANT: The association between the subject public key in the target * certificate and the corresponding private key is not validated. This is part * of the TLS authentication process and it is delegated to the proxy that calls * this API. The proxy is trusted to have performed the TLS authentication and * this API translates that authentication into an Elasticsearch access token. * * @see Documentation * on elastic.co */ public CompletableFuture delegatePki(DelegatePkiRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) DelegatePkiRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Delegate PKI authentication. *

* This API implements the exchange of an X509Certificate chain for an * Elasticsearch access token. The certificate chain is validated, according to * RFC 5280, by sequentially considering the trust configuration of every * installed PKI realm that has delegation.enabled set to * true. A successfully trusted client certificate is also subject * to the validation of the subject distinguished name according to thw * username_pattern of the respective realm. *

* This API is called by smart and trusted proxies, such as Kibana, which * terminate the user's TLS session but still want to authenticate the user by * using a PKI realm—-​as if the user connected directly to Elasticsearch. *

* IMPORTANT: The association between the subject public key in the target * certificate and the corresponding private key is not validated. This is part * of the TLS authentication process and it is delegated to the proxy that calls * this API. The proxy is trusted to have performed the TLS authentication and * this API translates that authentication into an Elasticsearch access token. * * @param fn * a function that initializes a builder to create the * {@link DelegatePkiRequest} * @see Documentation * on elastic.co */ public final CompletableFuture delegatePki( Function> fn) { return delegatePki(fn.apply(new DelegatePkiRequest.Builder()).build()); } // ----- Endpoint: security.delete_privileges /** * Delete application privileges. *

* To use this API, you must have one of the following privileges: *

    *
  • The manage_security cluster privilege (or a greater * privilege such as all).
  • *
  • The "Manage Application Privileges" global privilege for the * application being referenced in the request.
  • *
* * @see Documentation * on elastic.co */ public CompletableFuture deletePrivileges(DeletePrivilegesRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) DeletePrivilegesRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Delete application privileges. *

* To use this API, you must have one of the following privileges: *

    *
  • The manage_security cluster privilege (or a greater * privilege such as all).
  • *
  • The "Manage Application Privileges" global privilege for the * application being referenced in the request.
  • *
* * @param fn * a function that initializes a builder to create the * {@link DeletePrivilegesRequest} * @see Documentation * on elastic.co */ public final CompletableFuture deletePrivileges( Function> fn) { return deletePrivileges(fn.apply(new DeletePrivilegesRequest.Builder()).build()); } // ----- Endpoint: security.delete_role /** * Delete roles. *

* Delete roles in the native realm. The role management APIs are generally the * preferred way to manage roles, rather than using file-based role management. * The delete roles API cannot remove roles that are defined in roles files. * * @see Documentation * on elastic.co */ public CompletableFuture deleteRole(DeleteRoleRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) DeleteRoleRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Delete roles. *

* Delete roles in the native realm. The role management APIs are generally the * preferred way to manage roles, rather than using file-based role management. * The delete roles API cannot remove roles that are defined in roles files. * * @param fn * a function that initializes a builder to create the * {@link DeleteRoleRequest} * @see Documentation * on elastic.co */ public final CompletableFuture deleteRole( Function> fn) { return deleteRole(fn.apply(new DeleteRoleRequest.Builder()).build()); } // ----- Endpoint: security.delete_role_mapping /** * Delete role mappings. *

* Role mappings define which roles are assigned to each user. The role mapping * APIs are generally the preferred way to manage role mappings rather than * using role mapping files. The delete role mappings API cannot remove role * mappings that are defined in role mapping files. * * @see Documentation * on elastic.co */ public CompletableFuture deleteRoleMapping(DeleteRoleMappingRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) DeleteRoleMappingRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Delete role mappings. *

* Role mappings define which roles are assigned to each user. The role mapping * APIs are generally the preferred way to manage role mappings rather than * using role mapping files. The delete role mappings API cannot remove role * mappings that are defined in role mapping files. * * @param fn * a function that initializes a builder to create the * {@link DeleteRoleMappingRequest} * @see Documentation * on elastic.co */ public final CompletableFuture deleteRoleMapping( Function> fn) { return deleteRoleMapping(fn.apply(new DeleteRoleMappingRequest.Builder()).build()); } // ----- Endpoint: security.delete_service_token /** * Delete service account tokens. *

* Delete service account tokens for a service in a specified namespace. * * @see Documentation * on elastic.co */ public CompletableFuture deleteServiceToken(DeleteServiceTokenRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) DeleteServiceTokenRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Delete service account tokens. *

* Delete service account tokens for a service in a specified namespace. * * @param fn * a function that initializes a builder to create the * {@link DeleteServiceTokenRequest} * @see Documentation * on elastic.co */ public final CompletableFuture deleteServiceToken( Function> fn) { return deleteServiceToken(fn.apply(new DeleteServiceTokenRequest.Builder()).build()); } // ----- Endpoint: security.delete_user /** * Delete users. *

* Delete users from the native realm. * * @see Documentation * on elastic.co */ public CompletableFuture deleteUser(DeleteUserRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) DeleteUserRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Delete users. *

* Delete users from the native realm. * * @param fn * a function that initializes a builder to create the * {@link DeleteUserRequest} * @see Documentation * on elastic.co */ public final CompletableFuture deleteUser( Function> fn) { return deleteUser(fn.apply(new DeleteUserRequest.Builder()).build()); } // ----- Endpoint: security.disable_user /** * Disable users. *

* Disable users in the native realm. By default, when you create users, they * are enabled. You can use this API to revoke a user's access to Elasticsearch. * * @see Documentation * on elastic.co */ public CompletableFuture disableUser(DisableUserRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) DisableUserRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Disable users. *

* Disable users in the native realm. By default, when you create users, they * are enabled. You can use this API to revoke a user's access to Elasticsearch. * * @param fn * a function that initializes a builder to create the * {@link DisableUserRequest} * @see Documentation * on elastic.co */ public final CompletableFuture disableUser( Function> fn) { return disableUser(fn.apply(new DisableUserRequest.Builder()).build()); } // ----- Endpoint: security.disable_user_profile /** * Disable a user profile. *

* Disable user profiles so that they are not visible in user profile searches. *

* NOTE: The user profile feature is designed only for use by Kibana and * Elastic's Observability, Enterprise Search, and Elastic Security solutions. * Individual users and external applications should not call this API directly. * Elastic reserves the right to change or remove this feature in future * releases without prior notice. *

* When you activate a user profile, its automatically enabled and visible in * user profile searches. You can use the disable user profile API to disable a * user profile so it’s not visible in these searches. To re-enable a disabled * user profile, use the enable user profile API . * * @see Documentation * on elastic.co */ public CompletableFuture disableUserProfile(DisableUserProfileRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) DisableUserProfileRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Disable a user profile. *

* Disable user profiles so that they are not visible in user profile searches. *

* NOTE: The user profile feature is designed only for use by Kibana and * Elastic's Observability, Enterprise Search, and Elastic Security solutions. * Individual users and external applications should not call this API directly. * Elastic reserves the right to change or remove this feature in future * releases without prior notice. *

* When you activate a user profile, its automatically enabled and visible in * user profile searches. You can use the disable user profile API to disable a * user profile so it’s not visible in these searches. To re-enable a disabled * user profile, use the enable user profile API . * * @param fn * a function that initializes a builder to create the * {@link DisableUserProfileRequest} * @see Documentation * on elastic.co */ public final CompletableFuture disableUserProfile( Function> fn) { return disableUserProfile(fn.apply(new DisableUserProfileRequest.Builder()).build()); } // ----- Endpoint: security.enable_user /** * Enable users. *

* Enable users in the native realm. By default, when you create users, they are * enabled. * * @see Documentation * on elastic.co */ public CompletableFuture enableUser(EnableUserRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) EnableUserRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Enable users. *

* Enable users in the native realm. By default, when you create users, they are * enabled. * * @param fn * a function that initializes a builder to create the * {@link EnableUserRequest} * @see Documentation * on elastic.co */ public final CompletableFuture enableUser( Function> fn) { return enableUser(fn.apply(new EnableUserRequest.Builder()).build()); } // ----- Endpoint: security.enable_user_profile /** * Enable a user profile. *

* Enable user profiles to make them visible in user profile searches. *

* NOTE: The user profile feature is designed only for use by Kibana and * Elastic's Observability, Enterprise Search, and Elastic Security solutions. * Individual users and external applications should not call this API directly. * Elastic reserves the right to change or remove this feature in future * releases without prior notice. *

* When you activate a user profile, it's automatically enabled and visible in * user profile searches. If you later disable the user profile, you can use the * enable user profile API to make the profile visible in these searches again. * * @see Documentation * on elastic.co */ public CompletableFuture enableUserProfile(EnableUserProfileRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) EnableUserProfileRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Enable a user profile. *

* Enable user profiles to make them visible in user profile searches. *

* NOTE: The user profile feature is designed only for use by Kibana and * Elastic's Observability, Enterprise Search, and Elastic Security solutions. * Individual users and external applications should not call this API directly. * Elastic reserves the right to change or remove this feature in future * releases without prior notice. *

* When you activate a user profile, it's automatically enabled and visible in * user profile searches. If you later disable the user profile, you can use the * enable user profile API to make the profile visible in these searches again. * * @param fn * a function that initializes a builder to create the * {@link EnableUserProfileRequest} * @see Documentation * on elastic.co */ public final CompletableFuture enableUserProfile( Function> fn) { return enableUserProfile(fn.apply(new EnableUserProfileRequest.Builder()).build()); } // ----- Endpoint: security.enroll_kibana /** * Enroll Kibana. *

* Enable a Kibana instance to configure itself for communication with a secured * Elasticsearch cluster. *

* NOTE: This API is currently intended for internal use only by Kibana. Kibana * uses this API internally to configure itself for communications with an * Elasticsearch cluster that already has security features enabled. * * @see Documentation * on elastic.co */ public CompletableFuture enrollKibana() { return this.transport.performRequestAsync(EnrollKibanaRequest._INSTANCE, EnrollKibanaRequest._ENDPOINT, this.transportOptions); } // ----- Endpoint: security.enroll_node /** * Enroll a node. *

* Enroll a new node to allow it to join an existing cluster with security * features enabled. *

* The response contains all the necessary information for the joining node to * bootstrap discovery and security related settings so that it can successfully * join the cluster. The response contains key and certificate material that * allows the caller to generate valid signed certificates for the HTTP layer of * all nodes in the cluster. * * @see Documentation * on elastic.co */ public CompletableFuture enrollNode() { return this.transport.performRequestAsync(EnrollNodeRequest._INSTANCE, EnrollNodeRequest._ENDPOINT, this.transportOptions); } // ----- Endpoint: security.get_api_key /** * Get API key information. *

* Retrieves information for one or more API keys. NOTE: If you have only the * manage_own_api_key privilege, this API returns only the API keys * that you own. If you have read_security, * manage_api_key or greater privileges (including * manage_security), this API returns all API keys regardless of * ownership. * * @see Documentation * on elastic.co */ public CompletableFuture getApiKey(GetApiKeyRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) GetApiKeyRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Get API key information. *

* Retrieves information for one or more API keys. NOTE: If you have only the * manage_own_api_key privilege, this API returns only the API keys * that you own. If you have read_security, * manage_api_key or greater privileges (including * manage_security), this API returns all API keys regardless of * ownership. * * @param fn * a function that initializes a builder to create the * {@link GetApiKeyRequest} * @see Documentation * on elastic.co */ public final CompletableFuture getApiKey( Function> fn) { return getApiKey(fn.apply(new GetApiKeyRequest.Builder()).build()); } /** * Get API key information. *

* Retrieves information for one or more API keys. NOTE: If you have only the * manage_own_api_key privilege, this API returns only the API keys * that you own. If you have read_security, * manage_api_key or greater privileges (including * manage_security), this API returns all API keys regardless of * ownership. * * @see Documentation * on elastic.co */ public CompletableFuture getApiKey() { return this.transport.performRequestAsync(new GetApiKeyRequest.Builder().build(), GetApiKeyRequest._ENDPOINT, this.transportOptions); } // ----- Endpoint: security.get_builtin_privileges /** * Get builtin privileges. *

* Get the list of cluster privileges and index privileges that are available in * this version of Elasticsearch. * * @see Documentation * on elastic.co */ public CompletableFuture getBuiltinPrivileges() { return this.transport.performRequestAsync(GetBuiltinPrivilegesRequest._INSTANCE, GetBuiltinPrivilegesRequest._ENDPOINT, this.transportOptions); } // ----- Endpoint: security.get_privileges /** * Get application privileges. *

* To use this API, you must have one of the following privileges: *

    *
  • The read_security cluster privilege (or a greater privilege * such as manage_security or all).
  • *
  • The "Manage Application Privileges" global privilege for the * application being referenced in the request.
  • *
* * @see Documentation * on elastic.co */ public CompletableFuture getPrivileges(GetPrivilegesRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) GetPrivilegesRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Get application privileges. *

* To use this API, you must have one of the following privileges: *

    *
  • The read_security cluster privilege (or a greater privilege * such as manage_security or all).
  • *
  • The "Manage Application Privileges" global privilege for the * application being referenced in the request.
  • *
* * @param fn * a function that initializes a builder to create the * {@link GetPrivilegesRequest} * @see Documentation * on elastic.co */ public final CompletableFuture getPrivileges( Function> fn) { return getPrivileges(fn.apply(new GetPrivilegesRequest.Builder()).build()); } /** * Get application privileges. *

* To use this API, you must have one of the following privileges: *

    *
  • The read_security cluster privilege (or a greater privilege * such as manage_security or all).
  • *
  • The "Manage Application Privileges" global privilege for the * application being referenced in the request.
  • *
* * @see Documentation * on elastic.co */ public CompletableFuture getPrivileges() { return this.transport.performRequestAsync(new GetPrivilegesRequest.Builder().build(), GetPrivilegesRequest._ENDPOINT, this.transportOptions); } // ----- Endpoint: security.get_role /** * Get roles. *

* Get roles in the native realm. The role management APIs are generally the * preferred way to manage roles, rather than using file-based role management. * The get roles API cannot retrieve roles that are defined in roles files. * * @see Documentation * on elastic.co */ public CompletableFuture getRole(GetRoleRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) GetRoleRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Get roles. *

* Get roles in the native realm. The role management APIs are generally the * preferred way to manage roles, rather than using file-based role management. * The get roles API cannot retrieve roles that are defined in roles files. * * @param fn * a function that initializes a builder to create the * {@link GetRoleRequest} * @see Documentation * on elastic.co */ public final CompletableFuture getRole( Function> fn) { return getRole(fn.apply(new GetRoleRequest.Builder()).build()); } /** * Get roles. *

* Get roles in the native realm. The role management APIs are generally the * preferred way to manage roles, rather than using file-based role management. * The get roles API cannot retrieve roles that are defined in roles files. * * @see Documentation * on elastic.co */ public CompletableFuture getRole() { return this.transport.performRequestAsync(new GetRoleRequest.Builder().build(), GetRoleRequest._ENDPOINT, this.transportOptions); } // ----- Endpoint: security.get_role_mapping /** * Get role mappings. *

* Role mappings define which roles are assigned to each user. The role mapping * APIs are generally the preferred way to manage role mappings rather than * using role mapping files. The get role mappings API cannot retrieve role * mappings that are defined in role mapping files. * * @see Documentation * on elastic.co */ public CompletableFuture getRoleMapping(GetRoleMappingRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) GetRoleMappingRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Get role mappings. *

* Role mappings define which roles are assigned to each user. The role mapping * APIs are generally the preferred way to manage role mappings rather than * using role mapping files. The get role mappings API cannot retrieve role * mappings that are defined in role mapping files. * * @param fn * a function that initializes a builder to create the * {@link GetRoleMappingRequest} * @see Documentation * on elastic.co */ public final CompletableFuture getRoleMapping( Function> fn) { return getRoleMapping(fn.apply(new GetRoleMappingRequest.Builder()).build()); } /** * Get role mappings. *

* Role mappings define which roles are assigned to each user. The role mapping * APIs are generally the preferred way to manage role mappings rather than * using role mapping files. The get role mappings API cannot retrieve role * mappings that are defined in role mapping files. * * @see Documentation * on elastic.co */ public CompletableFuture getRoleMapping() { return this.transport.performRequestAsync(new GetRoleMappingRequest.Builder().build(), GetRoleMappingRequest._ENDPOINT, this.transportOptions); } // ----- Endpoint: security.get_service_accounts /** * Get service accounts. *

* Get a list of service accounts that match the provided path parameters. *

* NOTE: Currently, only the elastic/fleet-server service account * is available. * * @see Documentation * on elastic.co */ public CompletableFuture getServiceAccounts(GetServiceAccountsRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) GetServiceAccountsRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Get service accounts. *

* Get a list of service accounts that match the provided path parameters. *

* NOTE: Currently, only the elastic/fleet-server service account * is available. * * @param fn * a function that initializes a builder to create the * {@link GetServiceAccountsRequest} * @see Documentation * on elastic.co */ public final CompletableFuture getServiceAccounts( Function> fn) { return getServiceAccounts(fn.apply(new GetServiceAccountsRequest.Builder()).build()); } /** * Get service accounts. *

* Get a list of service accounts that match the provided path parameters. *

* NOTE: Currently, only the elastic/fleet-server service account * is available. * * @see Documentation * on elastic.co */ public CompletableFuture getServiceAccounts() { return this.transport.performRequestAsync(new GetServiceAccountsRequest.Builder().build(), GetServiceAccountsRequest._ENDPOINT, this.transportOptions); } // ----- Endpoint: security.get_service_credentials /** * Get service account credentials. *

* To use this API, you must have at least the read_security * cluster privilege (or a greater privilege such as * manage_service_account or manage_security). *

* The response includes service account tokens that were created with the * create service account tokens API as well as file-backed tokens from all * nodes of the cluster. *

* NOTE: For tokens backed by the service_tokens file, the API * collects them from all nodes of the cluster. Tokens with the same name from * different nodes are assumed to be the same token and are only counted once * towards the total number of service tokens. * * @see Documentation * on elastic.co */ public CompletableFuture getServiceCredentials( GetServiceCredentialsRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) GetServiceCredentialsRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Get service account credentials. *

* To use this API, you must have at least the read_security * cluster privilege (or a greater privilege such as * manage_service_account or manage_security). *

* The response includes service account tokens that were created with the * create service account tokens API as well as file-backed tokens from all * nodes of the cluster. *

* NOTE: For tokens backed by the service_tokens file, the API * collects them from all nodes of the cluster. Tokens with the same name from * different nodes are assumed to be the same token and are only counted once * towards the total number of service tokens. * * @param fn * a function that initializes a builder to create the * {@link GetServiceCredentialsRequest} * @see Documentation * on elastic.co */ public final CompletableFuture getServiceCredentials( Function> fn) { return getServiceCredentials(fn.apply(new GetServiceCredentialsRequest.Builder()).build()); } // ----- Endpoint: security.get_settings /** * Get security index settings. *

* Get the user-configurable settings for the security internal index * (.security and associated indices). Only a subset of the index * settings — those that are user-configurable—will be shown. This includes: *

    *
  • index.auto_expand_replicas
  • *
  • index.number_of_replicas
  • *
* * @see Documentation * on elastic.co */ public CompletableFuture getSettings(GetSecuritySettingsRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) GetSecuritySettingsRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Get security index settings. *

* Get the user-configurable settings for the security internal index * (.security and associated indices). Only a subset of the index * settings — those that are user-configurable—will be shown. This includes: *

    *
  • index.auto_expand_replicas
  • *
  • index.number_of_replicas
  • *
* * @param fn * a function that initializes a builder to create the * {@link GetSecuritySettingsRequest} * @see Documentation * on elastic.co */ public final CompletableFuture getSettings( Function> fn) { return getSettings(fn.apply(new GetSecuritySettingsRequest.Builder()).build()); } /** * Get security index settings. *

* Get the user-configurable settings for the security internal index * (.security and associated indices). Only a subset of the index * settings — those that are user-configurable—will be shown. This includes: *

    *
  • index.auto_expand_replicas
  • *
  • index.number_of_replicas
  • *
* * @see Documentation * on elastic.co */ public CompletableFuture getSettings() { return this.transport.performRequestAsync(new GetSecuritySettingsRequest.Builder().build(), GetSecuritySettingsRequest._ENDPOINT, this.transportOptions); } // ----- Endpoint: security.get_token /** * Get a token. *

* Create a bearer token for access without requiring basic authentication. The * tokens are created by the Elasticsearch Token Service, which is automatically * enabled when you configure TLS on the HTTP interface. Alternatively, you can * explicitly enable the xpack.security.authc.token.enabled * setting. When you are running in production mode, a bootstrap check prevents * you from enabling the token service unless you also enable TLS on the HTTP * interface. *

* The get token API takes the same parameters as a typical OAuth 2.0 token API * except for the use of a JSON request body. *

* A successful get token API call returns a JSON structure that contains the * access token, the amount of time (seconds) that the token expires in, the * type, and the scope if available. *

* The tokens returned by the get token API have a finite period of time for * which they are valid and after that time period, they can no longer be used. * That time period is defined by the * xpack.security.authc.token.timeout setting. If you want to * invalidate a token immediately, you can do so by using the invalidate token * API. * * @see Documentation * on elastic.co */ public CompletableFuture getToken(GetTokenRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) GetTokenRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Get a token. *

* Create a bearer token for access without requiring basic authentication. The * tokens are created by the Elasticsearch Token Service, which is automatically * enabled when you configure TLS on the HTTP interface. Alternatively, you can * explicitly enable the xpack.security.authc.token.enabled * setting. When you are running in production mode, a bootstrap check prevents * you from enabling the token service unless you also enable TLS on the HTTP * interface. *

* The get token API takes the same parameters as a typical OAuth 2.0 token API * except for the use of a JSON request body. *

* A successful get token API call returns a JSON structure that contains the * access token, the amount of time (seconds) that the token expires in, the * type, and the scope if available. *

* The tokens returned by the get token API have a finite period of time for * which they are valid and after that time period, they can no longer be used. * That time period is defined by the * xpack.security.authc.token.timeout setting. If you want to * invalidate a token immediately, you can do so by using the invalidate token * API. * * @param fn * a function that initializes a builder to create the * {@link GetTokenRequest} * @see Documentation * on elastic.co */ public final CompletableFuture getToken( Function> fn) { return getToken(fn.apply(new GetTokenRequest.Builder()).build()); } /** * Get a token. *

* Create a bearer token for access without requiring basic authentication. The * tokens are created by the Elasticsearch Token Service, which is automatically * enabled when you configure TLS on the HTTP interface. Alternatively, you can * explicitly enable the xpack.security.authc.token.enabled * setting. When you are running in production mode, a bootstrap check prevents * you from enabling the token service unless you also enable TLS on the HTTP * interface. *

* The get token API takes the same parameters as a typical OAuth 2.0 token API * except for the use of a JSON request body. *

* A successful get token API call returns a JSON structure that contains the * access token, the amount of time (seconds) that the token expires in, the * type, and the scope if available. *

* The tokens returned by the get token API have a finite period of time for * which they are valid and after that time period, they can no longer be used. * That time period is defined by the * xpack.security.authc.token.timeout setting. If you want to * invalidate a token immediately, you can do so by using the invalidate token * API. * * @see Documentation * on elastic.co */ public CompletableFuture getToken() { return this.transport.performRequestAsync(new GetTokenRequest.Builder().build(), GetTokenRequest._ENDPOINT, this.transportOptions); } // ----- Endpoint: security.get_user /** * Get users. *

* Get information about users in the native realm and built-in users. * * @see Documentation * on elastic.co */ public CompletableFuture getUser(GetUserRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) GetUserRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Get users. *

* Get information about users in the native realm and built-in users. * * @param fn * a function that initializes a builder to create the * {@link GetUserRequest} * @see Documentation * on elastic.co */ public final CompletableFuture getUser( Function> fn) { return getUser(fn.apply(new GetUserRequest.Builder()).build()); } /** * Get users. *

* Get information about users in the native realm and built-in users. * * @see Documentation * on elastic.co */ public CompletableFuture getUser() { return this.transport.performRequestAsync(new GetUserRequest.Builder().build(), GetUserRequest._ENDPOINT, this.transportOptions); } // ----- Endpoint: security.get_user_privileges /** * Get user privileges. *

* Get the security privileges for the logged in user. All users can use this * API, but only to determine their own privileges. To check the privileges of * other users, you must use the run as feature. To check whether a user has a * specific list of privileges, use the has privileges API. * * @see Documentation * on elastic.co */ public CompletableFuture getUserPrivileges(GetUserPrivilegesRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) GetUserPrivilegesRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Get user privileges. *

* Get the security privileges for the logged in user. All users can use this * API, but only to determine their own privileges. To check the privileges of * other users, you must use the run as feature. To check whether a user has a * specific list of privileges, use the has privileges API. * * @param fn * a function that initializes a builder to create the * {@link GetUserPrivilegesRequest} * @see Documentation * on elastic.co */ public final CompletableFuture getUserPrivileges( Function> fn) { return getUserPrivileges(fn.apply(new GetUserPrivilegesRequest.Builder()).build()); } /** * Get user privileges. *

* Get the security privileges for the logged in user. All users can use this * API, but only to determine their own privileges. To check the privileges of * other users, you must use the run as feature. To check whether a user has a * specific list of privileges, use the has privileges API. * * @see Documentation * on elastic.co */ public CompletableFuture getUserPrivileges() { return this.transport.performRequestAsync(new GetUserPrivilegesRequest.Builder().build(), GetUserPrivilegesRequest._ENDPOINT, this.transportOptions); } // ----- Endpoint: security.get_user_profile /** * Get a user profile. *

* Get a user's profile using the unique profile ID. *

* NOTE: The user profile feature is designed only for use by Kibana and * Elastic's Observability, Enterprise Search, and Elastic Security solutions. * Individual users and external applications should not call this API directly. * Elastic reserves the right to change or remove this feature in future * releases without prior notice. * * @see Documentation * on elastic.co */ public CompletableFuture getUserProfile(GetUserProfileRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) GetUserProfileRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Get a user profile. *

* Get a user's profile using the unique profile ID. *

* NOTE: The user profile feature is designed only for use by Kibana and * Elastic's Observability, Enterprise Search, and Elastic Security solutions. * Individual users and external applications should not call this API directly. * Elastic reserves the right to change or remove this feature in future * releases without prior notice. * * @param fn * a function that initializes a builder to create the * {@link GetUserProfileRequest} * @see Documentation * on elastic.co */ public final CompletableFuture getUserProfile( Function> fn) { return getUserProfile(fn.apply(new GetUserProfileRequest.Builder()).build()); } // ----- Endpoint: security.grant_api_key /** * Grant an API key. *

* Create an API key on behalf of another user. This API is similar to the * create API keys API, however it creates the API key for a user that is * different than the user that runs the API. The caller must have * authentication credentials for the user on whose behalf the API key will be * created. It is not possible to use this API to create an API key without that * user's credentials. The supported user authentication credential types are: *

    *
  • username and password
  • *
  • Elasticsearch access tokens
  • *
  • JWTs
  • *
*

* The user, for whom the authentication credentials is provided, can optionally * "run as" (impersonate) another user. In this case, the API key will * be created on behalf of the impersonated user. *

* This API is intended be used by applications that need to create and manage * API keys for end users, but cannot guarantee that those users have permission * to create API keys on their own behalf. The API keys are created by the * Elasticsearch API key service, which is automatically enabled. *

* A successful grant API key API call returns a JSON structure that contains * the API key, its unique id, and its name. If applicable, it also returns * expiration information for the API key in milliseconds. *

* By default, API keys never expire. You can specify expiration information * when you create the API keys. * * @see Documentation * on elastic.co */ public CompletableFuture grantApiKey(GrantApiKeyRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) GrantApiKeyRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Grant an API key. *

* Create an API key on behalf of another user. This API is similar to the * create API keys API, however it creates the API key for a user that is * different than the user that runs the API. The caller must have * authentication credentials for the user on whose behalf the API key will be * created. It is not possible to use this API to create an API key without that * user's credentials. The supported user authentication credential types are: *

    *
  • username and password
  • *
  • Elasticsearch access tokens
  • *
  • JWTs
  • *
*

* The user, for whom the authentication credentials is provided, can optionally * "run as" (impersonate) another user. In this case, the API key will * be created on behalf of the impersonated user. *

* This API is intended be used by applications that need to create and manage * API keys for end users, but cannot guarantee that those users have permission * to create API keys on their own behalf. The API keys are created by the * Elasticsearch API key service, which is automatically enabled. *

* A successful grant API key API call returns a JSON structure that contains * the API key, its unique id, and its name. If applicable, it also returns * expiration information for the API key in milliseconds. *

* By default, API keys never expire. You can specify expiration information * when you create the API keys. * * @param fn * a function that initializes a builder to create the * {@link GrantApiKeyRequest} * @see Documentation * on elastic.co */ public final CompletableFuture grantApiKey( Function> fn) { return grantApiKey(fn.apply(new GrantApiKeyRequest.Builder()).build()); } // ----- Endpoint: security.has_privileges /** * Check user privileges. *

* Determine whether the specified user has a specified list of privileges. All * users can use this API, but only to determine their own privileges. To check * the privileges of other users, you must use the run as feature. * * @see Documentation * on elastic.co */ public CompletableFuture hasPrivileges(HasPrivilegesRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) HasPrivilegesRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Check user privileges. *

* Determine whether the specified user has a specified list of privileges. All * users can use this API, but only to determine their own privileges. To check * the privileges of other users, you must use the run as feature. * * @param fn * a function that initializes a builder to create the * {@link HasPrivilegesRequest} * @see Documentation * on elastic.co */ public final CompletableFuture hasPrivileges( Function> fn) { return hasPrivileges(fn.apply(new HasPrivilegesRequest.Builder()).build()); } /** * Check user privileges. *

* Determine whether the specified user has a specified list of privileges. All * users can use this API, but only to determine their own privileges. To check * the privileges of other users, you must use the run as feature. * * @see Documentation * on elastic.co */ public CompletableFuture hasPrivileges() { return this.transport.performRequestAsync(new HasPrivilegesRequest.Builder().build(), HasPrivilegesRequest._ENDPOINT, this.transportOptions); } // ----- Endpoint: security.has_privileges_user_profile /** * Check user profile privileges. *

* Determine whether the users associated with the specified user profile IDs * have all the requested privileges. *

* NOTE: The user profile feature is designed only for use by Kibana and * Elastic's Observability, Enterprise Search, and Elastic Security solutions. * Individual users and external applications should not call this API directly. * Elastic reserves the right to change or remove this feature in future * releases without prior notice. * * @see Documentation * on elastic.co */ public CompletableFuture hasPrivilegesUserProfile( HasPrivilegesUserProfileRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) HasPrivilegesUserProfileRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Check user profile privileges. *

* Determine whether the users associated with the specified user profile IDs * have all the requested privileges. *

* NOTE: The user profile feature is designed only for use by Kibana and * Elastic's Observability, Enterprise Search, and Elastic Security solutions. * Individual users and external applications should not call this API directly. * Elastic reserves the right to change or remove this feature in future * releases without prior notice. * * @param fn * a function that initializes a builder to create the * {@link HasPrivilegesUserProfileRequest} * @see Documentation * on elastic.co */ public final CompletableFuture hasPrivilegesUserProfile( Function> fn) { return hasPrivilegesUserProfile(fn.apply(new HasPrivilegesUserProfileRequest.Builder()).build()); } // ----- Endpoint: security.invalidate_api_key /** * Invalidate API keys. *

* This API invalidates API keys created by the create API key or grant API key * APIs. Invalidated API keys fail authentication, but they can still be viewed * using the get API key information and query API key information APIs, for at * least the configured retention period, until they are automatically deleted. *

* To use this API, you must have at least the manage_security, * manage_api_key, or manage_own_api_key cluster * privileges. The manage_security privilege allows deleting any * API key, including both REST and cross cluster API keys. The * manage_api_key privilege allows deleting any REST API key, but * not cross cluster API keys. The manage_own_api_key only allows * deleting REST API keys that are owned by the user. In addition, with the * manage_own_api_key privilege, an invalidation request must be * issued in one of the three formats: *

    *
  • Set the parameter owner=true.
  • *
  • Or, set both username and realm_name to match * the user's identity.
  • *
  • Or, if the request is issued by an API key, that is to say an API key * invalidates itself, specify its ID in the ids field.
  • *
* * @see Documentation * on elastic.co */ public CompletableFuture invalidateApiKey(InvalidateApiKeyRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) InvalidateApiKeyRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Invalidate API keys. *

* This API invalidates API keys created by the create API key or grant API key * APIs. Invalidated API keys fail authentication, but they can still be viewed * using the get API key information and query API key information APIs, for at * least the configured retention period, until they are automatically deleted. *

* To use this API, you must have at least the manage_security, * manage_api_key, or manage_own_api_key cluster * privileges. The manage_security privilege allows deleting any * API key, including both REST and cross cluster API keys. The * manage_api_key privilege allows deleting any REST API key, but * not cross cluster API keys. The manage_own_api_key only allows * deleting REST API keys that are owned by the user. In addition, with the * manage_own_api_key privilege, an invalidation request must be * issued in one of the three formats: *

    *
  • Set the parameter owner=true.
  • *
  • Or, set both username and realm_name to match * the user's identity.
  • *
  • Or, if the request is issued by an API key, that is to say an API key * invalidates itself, specify its ID in the ids field.
  • *
* * @param fn * a function that initializes a builder to create the * {@link InvalidateApiKeyRequest} * @see Documentation * on elastic.co */ public final CompletableFuture invalidateApiKey( Function> fn) { return invalidateApiKey(fn.apply(new InvalidateApiKeyRequest.Builder()).build()); } /** * Invalidate API keys. *

* This API invalidates API keys created by the create API key or grant API key * APIs. Invalidated API keys fail authentication, but they can still be viewed * using the get API key information and query API key information APIs, for at * least the configured retention period, until they are automatically deleted. *

* To use this API, you must have at least the manage_security, * manage_api_key, or manage_own_api_key cluster * privileges. The manage_security privilege allows deleting any * API key, including both REST and cross cluster API keys. The * manage_api_key privilege allows deleting any REST API key, but * not cross cluster API keys. The manage_own_api_key only allows * deleting REST API keys that are owned by the user. In addition, with the * manage_own_api_key privilege, an invalidation request must be * issued in one of the three formats: *

    *
  • Set the parameter owner=true.
  • *
  • Or, set both username and realm_name to match * the user's identity.
  • *
  • Or, if the request is issued by an API key, that is to say an API key * invalidates itself, specify its ID in the ids field.
  • *
* * @see Documentation * on elastic.co */ public CompletableFuture invalidateApiKey() { return this.transport.performRequestAsync(new InvalidateApiKeyRequest.Builder().build(), InvalidateApiKeyRequest._ENDPOINT, this.transportOptions); } // ----- Endpoint: security.invalidate_token /** * Invalidate a token. *

* The access tokens returned by the get token API have a finite period of time * for which they are valid. After that time period, they can no longer be used. * The time period is defined by the * xpack.security.authc.token.timeout setting. *

* The refresh tokens returned by the get token API are only valid for 24 hours. * They can also be used exactly once. If you want to invalidate one or more * access or refresh tokens immediately, use this invalidate token API. *

* NOTE: While all parameters are optional, at least one of them is required. * More specifically, either one of token or * refresh_token parameters is required. If none of these two are * specified, then realm_name and/or username need to * be specified. * * @see Documentation * on elastic.co */ public CompletableFuture invalidateToken(InvalidateTokenRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) InvalidateTokenRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Invalidate a token. *

* The access tokens returned by the get token API have a finite period of time * for which they are valid. After that time period, they can no longer be used. * The time period is defined by the * xpack.security.authc.token.timeout setting. *

* The refresh tokens returned by the get token API are only valid for 24 hours. * They can also be used exactly once. If you want to invalidate one or more * access or refresh tokens immediately, use this invalidate token API. *

* NOTE: While all parameters are optional, at least one of them is required. * More specifically, either one of token or * refresh_token parameters is required. If none of these two are * specified, then realm_name and/or username need to * be specified. * * @param fn * a function that initializes a builder to create the * {@link InvalidateTokenRequest} * @see Documentation * on elastic.co */ public final CompletableFuture invalidateToken( Function> fn) { return invalidateToken(fn.apply(new InvalidateTokenRequest.Builder()).build()); } /** * Invalidate a token. *

* The access tokens returned by the get token API have a finite period of time * for which they are valid. After that time period, they can no longer be used. * The time period is defined by the * xpack.security.authc.token.timeout setting. *

* The refresh tokens returned by the get token API are only valid for 24 hours. * They can also be used exactly once. If you want to invalidate one or more * access or refresh tokens immediately, use this invalidate token API. *

* NOTE: While all parameters are optional, at least one of them is required. * More specifically, either one of token or * refresh_token parameters is required. If none of these two are * specified, then realm_name and/or username need to * be specified. * * @see Documentation * on elastic.co */ public CompletableFuture invalidateToken() { return this.transport.performRequestAsync(new InvalidateTokenRequest.Builder().build(), InvalidateTokenRequest._ENDPOINT, this.transportOptions); } // ----- Endpoint: security.oidc_authenticate /** * Authenticate OpenID Connect. *

* Exchange an OpenID Connect authentication response message for an * Elasticsearch internal access token and refresh token that can be * subsequently used for authentication. *

* Elasticsearch exposes all the necessary OpenID Connect related functionality * with the OpenID Connect APIs. These APIs are used internally by Kibana in * order to provide OpenID Connect based authentication, but can also be used by * other, custom web applications or other clients. * * @see Documentation * on elastic.co */ public CompletableFuture oidcAuthenticate(OidcAuthenticateRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) OidcAuthenticateRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Authenticate OpenID Connect. *

* Exchange an OpenID Connect authentication response message for an * Elasticsearch internal access token and refresh token that can be * subsequently used for authentication. *

* Elasticsearch exposes all the necessary OpenID Connect related functionality * with the OpenID Connect APIs. These APIs are used internally by Kibana in * order to provide OpenID Connect based authentication, but can also be used by * other, custom web applications or other clients. * * @param fn * a function that initializes a builder to create the * {@link OidcAuthenticateRequest} * @see Documentation * on elastic.co */ public final CompletableFuture oidcAuthenticate( Function> fn) { return oidcAuthenticate(fn.apply(new OidcAuthenticateRequest.Builder()).build()); } // ----- Endpoint: security.oidc_logout /** * Logout of OpenID Connect. *

* Invalidate an access token and a refresh token that were generated as a * response to the /_security/oidc/authenticate API. *

* If the OpenID Connect authentication realm in Elasticsearch is accordingly * configured, the response to this call will contain a URI pointing to the end * session endpoint of the OpenID Connect Provider in order to perform single * logout. *

* Elasticsearch exposes all the necessary OpenID Connect related functionality * with the OpenID Connect APIs. These APIs are used internally by Kibana in * order to provide OpenID Connect based authentication, but can also be used by * other, custom web applications or other clients. * * @see Documentation * on elastic.co */ public CompletableFuture oidcLogout(OidcLogoutRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) OidcLogoutRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Logout of OpenID Connect. *

* Invalidate an access token and a refresh token that were generated as a * response to the /_security/oidc/authenticate API. *

* If the OpenID Connect authentication realm in Elasticsearch is accordingly * configured, the response to this call will contain a URI pointing to the end * session endpoint of the OpenID Connect Provider in order to perform single * logout. *

* Elasticsearch exposes all the necessary OpenID Connect related functionality * with the OpenID Connect APIs. These APIs are used internally by Kibana in * order to provide OpenID Connect based authentication, but can also be used by * other, custom web applications or other clients. * * @param fn * a function that initializes a builder to create the * {@link OidcLogoutRequest} * @see Documentation * on elastic.co */ public final CompletableFuture oidcLogout( Function> fn) { return oidcLogout(fn.apply(new OidcLogoutRequest.Builder()).build()); } // ----- Endpoint: security.oidc_prepare_authentication /** * Prepare OpenID connect authentication. *

* Create an oAuth 2.0 authentication request as a URL string based on the * configuration of the OpenID Connect authentication realm in Elasticsearch. *

* The response of this API is a URL pointing to the Authorization Endpoint of * the configured OpenID Connect Provider, which can be used to redirect the * browser of the user in order to continue the authentication process. *

* Elasticsearch exposes all the necessary OpenID Connect related functionality * with the OpenID Connect APIs. These APIs are used internally by Kibana in * order to provide OpenID Connect based authentication, but can also be used by * other, custom web applications or other clients. * * @see Documentation * on elastic.co */ public CompletableFuture oidcPrepareAuthentication( OidcPrepareAuthenticationRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) OidcPrepareAuthenticationRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Prepare OpenID connect authentication. *

* Create an oAuth 2.0 authentication request as a URL string based on the * configuration of the OpenID Connect authentication realm in Elasticsearch. *

* The response of this API is a URL pointing to the Authorization Endpoint of * the configured OpenID Connect Provider, which can be used to redirect the * browser of the user in order to continue the authentication process. *

* Elasticsearch exposes all the necessary OpenID Connect related functionality * with the OpenID Connect APIs. These APIs are used internally by Kibana in * order to provide OpenID Connect based authentication, but can also be used by * other, custom web applications or other clients. * * @param fn * a function that initializes a builder to create the * {@link OidcPrepareAuthenticationRequest} * @see Documentation * on elastic.co */ public final CompletableFuture oidcPrepareAuthentication( Function> fn) { return oidcPrepareAuthentication(fn.apply(new OidcPrepareAuthenticationRequest.Builder()).build()); } /** * Prepare OpenID connect authentication. *

* Create an oAuth 2.0 authentication request as a URL string based on the * configuration of the OpenID Connect authentication realm in Elasticsearch. *

* The response of this API is a URL pointing to the Authorization Endpoint of * the configured OpenID Connect Provider, which can be used to redirect the * browser of the user in order to continue the authentication process. *

* Elasticsearch exposes all the necessary OpenID Connect related functionality * with the OpenID Connect APIs. These APIs are used internally by Kibana in * order to provide OpenID Connect based authentication, but can also be used by * other, custom web applications or other clients. * * @see Documentation * on elastic.co */ public CompletableFuture oidcPrepareAuthentication() { return this.transport.performRequestAsync(new OidcPrepareAuthenticationRequest.Builder().build(), OidcPrepareAuthenticationRequest._ENDPOINT, this.transportOptions); } // ----- Endpoint: security.put_privileges /** * Create or update application privileges. *

* To use this API, you must have one of the following privileges: *

    *
  • The manage_security cluster privilege (or a greater * privilege such as all).
  • *
  • The "Manage Application Privileges" global privilege for the * application being referenced in the request.
  • *
*

* Application names are formed from a prefix, with an optional suffix that * conform to the following rules: *

    *
  • The prefix must begin with a lowercase ASCII letter.
  • *
  • The prefix must contain only ASCII letters or digits.
  • *
  • The prefix must be at least 3 characters long.
  • *
  • If the suffix exists, it must begin with either a dash - or * _.
  • *
  • The suffix cannot contain any of the following characters: * \, /, *, ?, * ", <, >, |, * ,, *.
  • *
  • No part of the name can contain whitespace.
  • *
*

* Privilege names must begin with a lowercase ASCII letter and must contain * only ASCII letters and digits along with the characters _, * -, and .. *

* Action names can contain any number of printable ASCII characters and must * contain at least one of the following characters: /, * *, :. * * @see Documentation * on elastic.co */ public CompletableFuture putPrivileges(PutPrivilegesRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) PutPrivilegesRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Create or update application privileges. *

* To use this API, you must have one of the following privileges: *

    *
  • The manage_security cluster privilege (or a greater * privilege such as all).
  • *
  • The "Manage Application Privileges" global privilege for the * application being referenced in the request.
  • *
*

* Application names are formed from a prefix, with an optional suffix that * conform to the following rules: *

    *
  • The prefix must begin with a lowercase ASCII letter.
  • *
  • The prefix must contain only ASCII letters or digits.
  • *
  • The prefix must be at least 3 characters long.
  • *
  • If the suffix exists, it must begin with either a dash - or * _.
  • *
  • The suffix cannot contain any of the following characters: * \, /, *, ?, * ", <, >, |, * ,, *.
  • *
  • No part of the name can contain whitespace.
  • *
*

* Privilege names must begin with a lowercase ASCII letter and must contain * only ASCII letters and digits along with the characters _, * -, and .. *

* Action names can contain any number of printable ASCII characters and must * contain at least one of the following characters: /, * *, :. * * @param fn * a function that initializes a builder to create the * {@link PutPrivilegesRequest} * @see Documentation * on elastic.co */ public final CompletableFuture putPrivileges( Function> fn) { return putPrivileges(fn.apply(new PutPrivilegesRequest.Builder()).build()); } /** * Create or update application privileges. *

* To use this API, you must have one of the following privileges: *

    *
  • The manage_security cluster privilege (or a greater * privilege such as all).
  • *
  • The "Manage Application Privileges" global privilege for the * application being referenced in the request.
  • *
*

* Application names are formed from a prefix, with an optional suffix that * conform to the following rules: *

    *
  • The prefix must begin with a lowercase ASCII letter.
  • *
  • The prefix must contain only ASCII letters or digits.
  • *
  • The prefix must be at least 3 characters long.
  • *
  • If the suffix exists, it must begin with either a dash - or * _.
  • *
  • The suffix cannot contain any of the following characters: * \, /, *, ?, * ", <, >, |, * ,, *.
  • *
  • No part of the name can contain whitespace.
  • *
*

* Privilege names must begin with a lowercase ASCII letter and must contain * only ASCII letters and digits along with the characters _, * -, and .. *

* Action names can contain any number of printable ASCII characters and must * contain at least one of the following characters: /, * *, :. * * @see Documentation * on elastic.co */ public CompletableFuture putPrivileges() { return this.transport.performRequestAsync(new PutPrivilegesRequest.Builder().build(), PutPrivilegesRequest._ENDPOINT, this.transportOptions); } // ----- Endpoint: security.put_role /** * Create or update roles. *

* The role management APIs are generally the preferred way to manage roles in * the native realm, rather than using file-based role management. The create or * update roles API cannot update roles that are defined in roles files. * File-based role management is not available in Elastic Serverless. * * @see Documentation * on elastic.co */ public CompletableFuture putRole(PutRoleRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) PutRoleRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Create or update roles. *

* The role management APIs are generally the preferred way to manage roles in * the native realm, rather than using file-based role management. The create or * update roles API cannot update roles that are defined in roles files. * File-based role management is not available in Elastic Serverless. * * @param fn * a function that initializes a builder to create the * {@link PutRoleRequest} * @see Documentation * on elastic.co */ public final CompletableFuture putRole( Function> fn) { return putRole(fn.apply(new PutRoleRequest.Builder()).build()); } // ----- Endpoint: security.put_role_mapping /** * Create or update role mappings. *

* Role mappings define which roles are assigned to each user. Each mapping has * rules that identify users and a list of roles that are granted to those * users. The role mapping APIs are generally the preferred way to manage role * mappings rather than using role mapping files. The create or update role * mappings API cannot update role mappings that are defined in role mapping * files. *

* NOTE: This API does not create roles. Rather, it maps users to existing * roles. Roles can be created by using the create or update roles API or roles * files. *

* Role templates *

* The most common use for role mappings is to create a mapping from a known * value on the user to a fixed role name. For example, all users in the * cn=admin,dc=example,dc=com LDAP group should be given the * superuser role in Elasticsearch. The roles field is used for * this purpose. *

* For more complex needs, it is possible to use Mustache templates to * dynamically determine the names of the roles that should be granted to the * user. The role_templates field is used for this purpose. *

* NOTE: To use role templates successfully, the relevant scripting feature must * be enabled. Otherwise, all attempts to create a role mapping with role * templates fail. *

* All of the user fields that are available in the role mapping rules are also * available in the role templates. Thus it is possible to assign a user to a * role that reflects their username, their groups, or the name of the realm to * which they authenticated. *

* By default a template is evaluated to produce a single string that is the * name of the role which should be assigned to the user. If the format of the * template is set to "json" then the template is expected to produce * a JSON string or an array of JSON strings for the role names. * * @see Documentation * on elastic.co */ public CompletableFuture putRoleMapping(PutRoleMappingRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) PutRoleMappingRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Create or update role mappings. *

* Role mappings define which roles are assigned to each user. Each mapping has * rules that identify users and a list of roles that are granted to those * users. The role mapping APIs are generally the preferred way to manage role * mappings rather than using role mapping files. The create or update role * mappings API cannot update role mappings that are defined in role mapping * files. *

* NOTE: This API does not create roles. Rather, it maps users to existing * roles. Roles can be created by using the create or update roles API or roles * files. *

* Role templates *

* The most common use for role mappings is to create a mapping from a known * value on the user to a fixed role name. For example, all users in the * cn=admin,dc=example,dc=com LDAP group should be given the * superuser role in Elasticsearch. The roles field is used for * this purpose. *

* For more complex needs, it is possible to use Mustache templates to * dynamically determine the names of the roles that should be granted to the * user. The role_templates field is used for this purpose. *

* NOTE: To use role templates successfully, the relevant scripting feature must * be enabled. Otherwise, all attempts to create a role mapping with role * templates fail. *

* All of the user fields that are available in the role mapping rules are also * available in the role templates. Thus it is possible to assign a user to a * role that reflects their username, their groups, or the name of the realm to * which they authenticated. *

* By default a template is evaluated to produce a single string that is the * name of the role which should be assigned to the user. If the format of the * template is set to "json" then the template is expected to produce * a JSON string or an array of JSON strings for the role names. * * @param fn * a function that initializes a builder to create the * {@link PutRoleMappingRequest} * @see Documentation * on elastic.co */ public final CompletableFuture putRoleMapping( Function> fn) { return putRoleMapping(fn.apply(new PutRoleMappingRequest.Builder()).build()); } // ----- Endpoint: security.put_user /** * Create or update users. *

* Add and update users in the native realm. A password is required for adding a * new user but is optional when updating an existing user. To change a user's * password without updating any other fields, use the change password API. * * @see Documentation * on elastic.co */ public CompletableFuture putUser(PutUserRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) PutUserRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Create or update users. *

* Add and update users in the native realm. A password is required for adding a * new user but is optional when updating an existing user. To change a user's * password without updating any other fields, use the change password API. * * @param fn * a function that initializes a builder to create the * {@link PutUserRequest} * @see Documentation * on elastic.co */ public final CompletableFuture putUser( Function> fn) { return putUser(fn.apply(new PutUserRequest.Builder()).build()); } // ----- Endpoint: security.query_api_keys /** * Find API keys with a query. *

* Get a paginated list of API keys and their information. You can optionally * filter the results with a query. *

* To use this API, you must have at least the manage_own_api_key * or the read_security cluster privileges. If you have only the * manage_own_api_key privilege, this API returns only the API keys * that you own. If you have the read_security, * manage_api_key, or greater privileges (including * manage_security), this API returns all API keys regardless of * ownership. * * @see Documentation * on elastic.co */ public CompletableFuture queryApiKeys(QueryApiKeysRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) QueryApiKeysRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Find API keys with a query. *

* Get a paginated list of API keys and their information. You can optionally * filter the results with a query. *

* To use this API, you must have at least the manage_own_api_key * or the read_security cluster privileges. If you have only the * manage_own_api_key privilege, this API returns only the API keys * that you own. If you have the read_security, * manage_api_key, or greater privileges (including * manage_security), this API returns all API keys regardless of * ownership. * * @param fn * a function that initializes a builder to create the * {@link QueryApiKeysRequest} * @see Documentation * on elastic.co */ public final CompletableFuture queryApiKeys( Function> fn) { return queryApiKeys(fn.apply(new QueryApiKeysRequest.Builder()).build()); } /** * Find API keys with a query. *

* Get a paginated list of API keys and their information. You can optionally * filter the results with a query. *

* To use this API, you must have at least the manage_own_api_key * or the read_security cluster privileges. If you have only the * manage_own_api_key privilege, this API returns only the API keys * that you own. If you have the read_security, * manage_api_key, or greater privileges (including * manage_security), this API returns all API keys regardless of * ownership. * * @see Documentation * on elastic.co */ public CompletableFuture queryApiKeys() { return this.transport.performRequestAsync(new QueryApiKeysRequest.Builder().build(), QueryApiKeysRequest._ENDPOINT, this.transportOptions); } // ----- Endpoint: security.query_role /** * Find roles with a query. *

* Get roles in a paginated manner. The role management APIs are generally the * preferred way to manage roles, rather than using file-based role management. * The query roles API does not retrieve roles that are defined in roles files, * nor built-in ones. You can optionally filter the results with a query. Also, * the results can be paginated and sorted. * * @see Documentation * on elastic.co */ public CompletableFuture queryRole(QueryRoleRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) QueryRoleRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Find roles with a query. *

* Get roles in a paginated manner. The role management APIs are generally the * preferred way to manage roles, rather than using file-based role management. * The query roles API does not retrieve roles that are defined in roles files, * nor built-in ones. You can optionally filter the results with a query. Also, * the results can be paginated and sorted. * * @param fn * a function that initializes a builder to create the * {@link QueryRoleRequest} * @see Documentation * on elastic.co */ public final CompletableFuture queryRole( Function> fn) { return queryRole(fn.apply(new QueryRoleRequest.Builder()).build()); } /** * Find roles with a query. *

* Get roles in a paginated manner. The role management APIs are generally the * preferred way to manage roles, rather than using file-based role management. * The query roles API does not retrieve roles that are defined in roles files, * nor built-in ones. You can optionally filter the results with a query. Also, * the results can be paginated and sorted. * * @see Documentation * on elastic.co */ public CompletableFuture queryRole() { return this.transport.performRequestAsync(new QueryRoleRequest.Builder().build(), QueryRoleRequest._ENDPOINT, this.transportOptions); } // ----- Endpoint: security.query_user /** * Find users with a query. *

* Get information for users in a paginated manner. You can optionally filter * the results with a query. *

* NOTE: As opposed to the get user API, built-in users are excluded from the * result. This API is only for native users. * * @see Documentation * on elastic.co */ public CompletableFuture queryUser(QueryUserRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) QueryUserRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Find users with a query. *

* Get information for users in a paginated manner. You can optionally filter * the results with a query. *

* NOTE: As opposed to the get user API, built-in users are excluded from the * result. This API is only for native users. * * @param fn * a function that initializes a builder to create the * {@link QueryUserRequest} * @see Documentation * on elastic.co */ public final CompletableFuture queryUser( Function> fn) { return queryUser(fn.apply(new QueryUserRequest.Builder()).build()); } /** * Find users with a query. *

* Get information for users in a paginated manner. You can optionally filter * the results with a query. *

* NOTE: As opposed to the get user API, built-in users are excluded from the * result. This API is only for native users. * * @see Documentation * on elastic.co */ public CompletableFuture queryUser() { return this.transport.performRequestAsync(new QueryUserRequest.Builder().build(), QueryUserRequest._ENDPOINT, this.transportOptions); } // ----- Endpoint: security.saml_authenticate /** * Authenticate SAML. *

* Submit a SAML response message to Elasticsearch for consumption. *

* NOTE: This API is intended for use by custom web applications other than * Kibana. If you are using Kibana, refer to the documentation for configuring * SAML single-sign-on on the Elastic Stack. *

* The SAML message that is submitted can be: *

    *
  • A response to a SAML authentication request that was previously created * using the SAML prepare authentication API.
  • *
  • An unsolicited SAML message in the case of an IdP-initiated single * sign-on (SSO) flow.
  • *
*

* In either case, the SAML message needs to be a base64 encoded XML document * with a root element of <Response>. *

* After successful validation, Elasticsearch responds with an Elasticsearch * internal access token and refresh token that can be subsequently used for * authentication. This API endpoint essentially exchanges SAML responses that * indicate successful authentication in the IdP for Elasticsearch access and * refresh tokens, which can be used for authentication against Elasticsearch. * * @see Documentation * on elastic.co */ public CompletableFuture samlAuthenticate(SamlAuthenticateRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) SamlAuthenticateRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Authenticate SAML. *

* Submit a SAML response message to Elasticsearch for consumption. *

* NOTE: This API is intended for use by custom web applications other than * Kibana. If you are using Kibana, refer to the documentation for configuring * SAML single-sign-on on the Elastic Stack. *

* The SAML message that is submitted can be: *

    *
  • A response to a SAML authentication request that was previously created * using the SAML prepare authentication API.
  • *
  • An unsolicited SAML message in the case of an IdP-initiated single * sign-on (SSO) flow.
  • *
*

* In either case, the SAML message needs to be a base64 encoded XML document * with a root element of <Response>. *

* After successful validation, Elasticsearch responds with an Elasticsearch * internal access token and refresh token that can be subsequently used for * authentication. This API endpoint essentially exchanges SAML responses that * indicate successful authentication in the IdP for Elasticsearch access and * refresh tokens, which can be used for authentication against Elasticsearch. * * @param fn * a function that initializes a builder to create the * {@link SamlAuthenticateRequest} * @see Documentation * on elastic.co */ public final CompletableFuture samlAuthenticate( Function> fn) { return samlAuthenticate(fn.apply(new SamlAuthenticateRequest.Builder()).build()); } // ----- Endpoint: security.saml_complete_logout /** * Logout of SAML completely. *

* Verifies the logout response sent from the SAML IdP. *

* NOTE: This API is intended for use by custom web applications other than * Kibana. If you are using Kibana, refer to the documentation for configuring * SAML single-sign-on on the Elastic Stack. *

* The SAML IdP may send a logout response back to the SP after handling the * SP-initiated SAML Single Logout. This API verifies the response by ensuring * the content is relevant and validating its signature. An empty response is * returned if the verification process is successful. The response can be sent * by the IdP with either the HTTP-Redirect or the HTTP-Post binding. The caller * of this API must prepare the request accordingly so that this API can handle * either of them. * * @see Documentation * on elastic.co */ public CompletableFuture samlCompleteLogout(SamlCompleteLogoutRequest request) { @SuppressWarnings("unchecked") Endpoint endpoint = (Endpoint) SamlCompleteLogoutRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Logout of SAML completely. *

* Verifies the logout response sent from the SAML IdP. *

* NOTE: This API is intended for use by custom web applications other than * Kibana. If you are using Kibana, refer to the documentation for configuring * SAML single-sign-on on the Elastic Stack. *

* The SAML IdP may send a logout response back to the SP after handling the * SP-initiated SAML Single Logout. This API verifies the response by ensuring * the content is relevant and validating its signature. An empty response is * returned if the verification process is successful. The response can be sent * by the IdP with either the HTTP-Redirect or the HTTP-Post binding. The caller * of this API must prepare the request accordingly so that this API can handle * either of them. * * @param fn * a function that initializes a builder to create the * {@link SamlCompleteLogoutRequest} * @see Documentation * on elastic.co */ public final CompletableFuture samlCompleteLogout( Function> fn) { return samlCompleteLogout(fn.apply(new SamlCompleteLogoutRequest.Builder()).build()); } // ----- Endpoint: security.saml_invalidate /** * Invalidate SAML. *

* Submit a SAML LogoutRequest message to Elasticsearch for consumption. *

* NOTE: This API is intended for use by custom web applications other than * Kibana. If you are using Kibana, refer to the documentation for configuring * SAML single-sign-on on the Elastic Stack. *

* The logout request comes from the SAML IdP during an IdP initiated Single * Logout. The custom web application can use this API to have Elasticsearch * process the LogoutRequest. After successful validation of the * request, Elasticsearch invalidates the access token and refresh token that * corresponds to that specific SAML principal and provides a URL that contains * a SAML LogoutResponse message. Thus the user can be redirected back to their * IdP. * * @see Documentation * on elastic.co */ public CompletableFuture samlInvalidate(SamlInvalidateRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) SamlInvalidateRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Invalidate SAML. *

* Submit a SAML LogoutRequest message to Elasticsearch for consumption. *

* NOTE: This API is intended for use by custom web applications other than * Kibana. If you are using Kibana, refer to the documentation for configuring * SAML single-sign-on on the Elastic Stack. *

* The logout request comes from the SAML IdP during an IdP initiated Single * Logout. The custom web application can use this API to have Elasticsearch * process the LogoutRequest. After successful validation of the * request, Elasticsearch invalidates the access token and refresh token that * corresponds to that specific SAML principal and provides a URL that contains * a SAML LogoutResponse message. Thus the user can be redirected back to their * IdP. * * @param fn * a function that initializes a builder to create the * {@link SamlInvalidateRequest} * @see Documentation * on elastic.co */ public final CompletableFuture samlInvalidate( Function> fn) { return samlInvalidate(fn.apply(new SamlInvalidateRequest.Builder()).build()); } // ----- Endpoint: security.saml_logout /** * Logout of SAML. *

* Submits a request to invalidate an access token and refresh token. *

* NOTE: This API is intended for use by custom web applications other than * Kibana. If you are using Kibana, refer to the documentation for configuring * SAML single-sign-on on the Elastic Stack. *

* This API invalidates the tokens that were generated for a user by the SAML * authenticate API. If the SAML realm in Elasticsearch is configured * accordingly and the SAML IdP supports this, the Elasticsearch response * contains a URL to redirect the user to the IdP that contains a SAML logout * request (starting an SP-initiated SAML Single Logout). * * @see Documentation * on elastic.co */ public CompletableFuture samlLogout(SamlLogoutRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) SamlLogoutRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Logout of SAML. *

* Submits a request to invalidate an access token and refresh token. *

* NOTE: This API is intended for use by custom web applications other than * Kibana. If you are using Kibana, refer to the documentation for configuring * SAML single-sign-on on the Elastic Stack. *

* This API invalidates the tokens that were generated for a user by the SAML * authenticate API. If the SAML realm in Elasticsearch is configured * accordingly and the SAML IdP supports this, the Elasticsearch response * contains a URL to redirect the user to the IdP that contains a SAML logout * request (starting an SP-initiated SAML Single Logout). * * @param fn * a function that initializes a builder to create the * {@link SamlLogoutRequest} * @see Documentation * on elastic.co */ public final CompletableFuture samlLogout( Function> fn) { return samlLogout(fn.apply(new SamlLogoutRequest.Builder()).build()); } // ----- Endpoint: security.saml_prepare_authentication /** * Prepare SAML authentication. *

* Create a SAML authentication request (<AuthnRequest>) as a * URL string based on the configuration of the respective SAML realm in * Elasticsearch. *

* NOTE: This API is intended for use by custom web applications other than * Kibana. If you are using Kibana, refer to the documentation for configuring * SAML single-sign-on on the Elastic Stack. *

* This API returns a URL pointing to the SAML Identity Provider. You can use * the URL to redirect the browser of the user in order to continue the * authentication process. The URL includes a single parameter named * SAMLRequest, which contains a SAML Authentication request that * is deflated and Base64 encoded. If the configuration dictates that SAML * authentication requests should be signed, the URL has two extra parameters * named SigAlg and Signature. These parameters * contain the algorithm used for the signature and the signature value itself. * It also returns a random string that uniquely identifies this SAML * Authentication request. The caller of this API needs to store this identifier * as it needs to be used in a following step of the authentication process. * * @see Documentation * on elastic.co */ public CompletableFuture samlPrepareAuthentication( SamlPrepareAuthenticationRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) SamlPrepareAuthenticationRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Prepare SAML authentication. *

* Create a SAML authentication request (<AuthnRequest>) as a * URL string based on the configuration of the respective SAML realm in * Elasticsearch. *

* NOTE: This API is intended for use by custom web applications other than * Kibana. If you are using Kibana, refer to the documentation for configuring * SAML single-sign-on on the Elastic Stack. *

* This API returns a URL pointing to the SAML Identity Provider. You can use * the URL to redirect the browser of the user in order to continue the * authentication process. The URL includes a single parameter named * SAMLRequest, which contains a SAML Authentication request that * is deflated and Base64 encoded. If the configuration dictates that SAML * authentication requests should be signed, the URL has two extra parameters * named SigAlg and Signature. These parameters * contain the algorithm used for the signature and the signature value itself. * It also returns a random string that uniquely identifies this SAML * Authentication request. The caller of this API needs to store this identifier * as it needs to be used in a following step of the authentication process. * * @param fn * a function that initializes a builder to create the * {@link SamlPrepareAuthenticationRequest} * @see Documentation * on elastic.co */ public final CompletableFuture samlPrepareAuthentication( Function> fn) { return samlPrepareAuthentication(fn.apply(new SamlPrepareAuthenticationRequest.Builder()).build()); } /** * Prepare SAML authentication. *

* Create a SAML authentication request (<AuthnRequest>) as a * URL string based on the configuration of the respective SAML realm in * Elasticsearch. *

* NOTE: This API is intended for use by custom web applications other than * Kibana. If you are using Kibana, refer to the documentation for configuring * SAML single-sign-on on the Elastic Stack. *

* This API returns a URL pointing to the SAML Identity Provider. You can use * the URL to redirect the browser of the user in order to continue the * authentication process. The URL includes a single parameter named * SAMLRequest, which contains a SAML Authentication request that * is deflated and Base64 encoded. If the configuration dictates that SAML * authentication requests should be signed, the URL has two extra parameters * named SigAlg and Signature. These parameters * contain the algorithm used for the signature and the signature value itself. * It also returns a random string that uniquely identifies this SAML * Authentication request. The caller of this API needs to store this identifier * as it needs to be used in a following step of the authentication process. * * @see Documentation * on elastic.co */ public CompletableFuture samlPrepareAuthentication() { return this.transport.performRequestAsync(new SamlPrepareAuthenticationRequest.Builder().build(), SamlPrepareAuthenticationRequest._ENDPOINT, this.transportOptions); } // ----- Endpoint: security.saml_service_provider_metadata /** * Create SAML service provider metadata. *

* Generate SAML metadata for a SAML 2.0 Service Provider. *

* The SAML 2.0 specification provides a mechanism for Service Providers to * describe their capabilities and configuration using a metadata file. This API * generates Service Provider metadata based on the configuration of a SAML * realm in Elasticsearch. * * @see Documentation * on elastic.co */ public CompletableFuture samlServiceProviderMetadata( SamlServiceProviderMetadataRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) SamlServiceProviderMetadataRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Create SAML service provider metadata. *

* Generate SAML metadata for a SAML 2.0 Service Provider. *

* The SAML 2.0 specification provides a mechanism for Service Providers to * describe their capabilities and configuration using a metadata file. This API * generates Service Provider metadata based on the configuration of a SAML * realm in Elasticsearch. * * @param fn * a function that initializes a builder to create the * {@link SamlServiceProviderMetadataRequest} * @see Documentation * on elastic.co */ public final CompletableFuture samlServiceProviderMetadata( Function> fn) { return samlServiceProviderMetadata(fn.apply(new SamlServiceProviderMetadataRequest.Builder()).build()); } // ----- Endpoint: security.suggest_user_profiles /** * Suggest a user profile. *

* Get suggestions for user profiles that match specified search criteria. *

* NOTE: The user profile feature is designed only for use by Kibana and * Elastic's Observability, Enterprise Search, and Elastic Security solutions. * Individual users and external applications should not call this API directly. * Elastic reserves the right to change or remove this feature in future * releases without prior notice. * * @see Documentation * on elastic.co */ public CompletableFuture suggestUserProfiles(SuggestUserProfilesRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) SuggestUserProfilesRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Suggest a user profile. *

* Get suggestions for user profiles that match specified search criteria. *

* NOTE: The user profile feature is designed only for use by Kibana and * Elastic's Observability, Enterprise Search, and Elastic Security solutions. * Individual users and external applications should not call this API directly. * Elastic reserves the right to change or remove this feature in future * releases without prior notice. * * @param fn * a function that initializes a builder to create the * {@link SuggestUserProfilesRequest} * @see Documentation * on elastic.co */ public final CompletableFuture suggestUserProfiles( Function> fn) { return suggestUserProfiles(fn.apply(new SuggestUserProfilesRequest.Builder()).build()); } /** * Suggest a user profile. *

* Get suggestions for user profiles that match specified search criteria. *

* NOTE: The user profile feature is designed only for use by Kibana and * Elastic's Observability, Enterprise Search, and Elastic Security solutions. * Individual users and external applications should not call this API directly. * Elastic reserves the right to change or remove this feature in future * releases without prior notice. * * @see Documentation * on elastic.co */ public CompletableFuture suggestUserProfiles() { return this.transport.performRequestAsync(new SuggestUserProfilesRequest.Builder().build(), SuggestUserProfilesRequest._ENDPOINT, this.transportOptions); } // ----- Endpoint: security.update_api_key /** * Update an API key. *

* Update attributes of an existing API key. This API supports updates to an API * key's access scope, expiration, and metadata. *

* To use this API, you must have at least the manage_own_api_key * cluster privilege. Users can only update API keys that they created or that * were granted to them. To update another user’s API key, use the * run_as feature to submit a request on behalf of another user. *

* IMPORTANT: It's not possible to use an API key as the authentication * credential for this API. The owner user’s credentials are required. *

* Use this API to update API keys created by the create API key or grant API * Key APIs. If you need to apply the same update to many API keys, you can use * the bulk update API keys API to reduce overhead. It's not possible to update * expired API keys or API keys that have been invalidated by the invalidate API * key API. *

* The access scope of an API key is derived from the * role_descriptors you specify in the request and a snapshot of * the owner user's permissions at the time of the request. The snapshot of the * owner's permissions is updated automatically on every call. *

* IMPORTANT: If you don't specify role_descriptors in the request, * a call to this API might still change the API key's access scope. This change * can occur if the owner user's permissions have changed since the API key was * created or last modified. * * @see Documentation * on elastic.co */ public CompletableFuture updateApiKey(UpdateApiKeyRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) UpdateApiKeyRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Update an API key. *

* Update attributes of an existing API key. This API supports updates to an API * key's access scope, expiration, and metadata. *

* To use this API, you must have at least the manage_own_api_key * cluster privilege. Users can only update API keys that they created or that * were granted to them. To update another user’s API key, use the * run_as feature to submit a request on behalf of another user. *

* IMPORTANT: It's not possible to use an API key as the authentication * credential for this API. The owner user’s credentials are required. *

* Use this API to update API keys created by the create API key or grant API * Key APIs. If you need to apply the same update to many API keys, you can use * the bulk update API keys API to reduce overhead. It's not possible to update * expired API keys or API keys that have been invalidated by the invalidate API * key API. *

* The access scope of an API key is derived from the * role_descriptors you specify in the request and a snapshot of * the owner user's permissions at the time of the request. The snapshot of the * owner's permissions is updated automatically on every call. *

* IMPORTANT: If you don't specify role_descriptors in the request, * a call to this API might still change the API key's access scope. This change * can occur if the owner user's permissions have changed since the API key was * created or last modified. * * @param fn * a function that initializes a builder to create the * {@link UpdateApiKeyRequest} * @see Documentation * on elastic.co */ public final CompletableFuture updateApiKey( Function> fn) { return updateApiKey(fn.apply(new UpdateApiKeyRequest.Builder()).build()); } // ----- Endpoint: security.update_cross_cluster_api_key /** * Update a cross-cluster API key. *

* Update the attributes of an existing cross-cluster API key, which is used for * API key based remote cluster access. *

* To use this API, you must have at least the manage_security * cluster privilege. Users can only update API keys that they created. To * update another user's API key, use the run_as feature to submit * a request on behalf of another user. *

* IMPORTANT: It's not possible to use an API key as the authentication * credential for this API. To update an API key, the owner user's credentials * are required. *

* It's not possible to update expired API keys, or API keys that have been * invalidated by the invalidate API key API. *

* This API supports updates to an API key's access scope, metadata, and * expiration. The owner user's information, such as the username * and realm, is also updated automatically on every call. *

* NOTE: This API cannot update REST API keys, which should be updated by either * the update API key or bulk update API keys API. * * @see Documentation * on elastic.co */ public CompletableFuture updateCrossClusterApiKey( UpdateCrossClusterApiKeyRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) UpdateCrossClusterApiKeyRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Update a cross-cluster API key. *

* Update the attributes of an existing cross-cluster API key, which is used for * API key based remote cluster access. *

* To use this API, you must have at least the manage_security * cluster privilege. Users can only update API keys that they created. To * update another user's API key, use the run_as feature to submit * a request on behalf of another user. *

* IMPORTANT: It's not possible to use an API key as the authentication * credential for this API. To update an API key, the owner user's credentials * are required. *

* It's not possible to update expired API keys, or API keys that have been * invalidated by the invalidate API key API. *

* This API supports updates to an API key's access scope, metadata, and * expiration. The owner user's information, such as the username * and realm, is also updated automatically on every call. *

* NOTE: This API cannot update REST API keys, which should be updated by either * the update API key or bulk update API keys API. * * @param fn * a function that initializes a builder to create the * {@link UpdateCrossClusterApiKeyRequest} * @see Documentation * on elastic.co */ public final CompletableFuture updateCrossClusterApiKey( Function> fn) { return updateCrossClusterApiKey(fn.apply(new UpdateCrossClusterApiKeyRequest.Builder()).build()); } // ----- Endpoint: security.update_settings /** * Update security index settings. *

* Update the user-configurable settings for the security internal index * (.security and associated indices). Only a subset of settings * are allowed to be modified. This includes * index.auto_expand_replicas and * index.number_of_replicas. *

* NOTE: If index.auto_expand_replicas is set, * index.number_of_replicas will be ignored during updates. *

* If a specific index is not in use on the system and settings are provided for * it, the request will be rejected. This API does not yet support configuring * the settings for indices before they are in use. * * @see Documentation * on elastic.co */ public CompletableFuture updateSettings(UpdateSettingsRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) UpdateSettingsRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Update security index settings. *

* Update the user-configurable settings for the security internal index * (.security and associated indices). Only a subset of settings * are allowed to be modified. This includes * index.auto_expand_replicas and * index.number_of_replicas. *

* NOTE: If index.auto_expand_replicas is set, * index.number_of_replicas will be ignored during updates. *

* If a specific index is not in use on the system and settings are provided for * it, the request will be rejected. This API does not yet support configuring * the settings for indices before they are in use. * * @param fn * a function that initializes a builder to create the * {@link UpdateSettingsRequest} * @see Documentation * on elastic.co */ public final CompletableFuture updateSettings( Function> fn) { return updateSettings(fn.apply(new UpdateSettingsRequest.Builder()).build()); } /** * Update security index settings. *

* Update the user-configurable settings for the security internal index * (.security and associated indices). Only a subset of settings * are allowed to be modified. This includes * index.auto_expand_replicas and * index.number_of_replicas. *

* NOTE: If index.auto_expand_replicas is set, * index.number_of_replicas will be ignored during updates. *

* If a specific index is not in use on the system and settings are provided for * it, the request will be rejected. This API does not yet support configuring * the settings for indices before they are in use. * * @see Documentation * on elastic.co */ public CompletableFuture updateSettings() { return this.transport.performRequestAsync(new UpdateSettingsRequest.Builder().build(), UpdateSettingsRequest._ENDPOINT, this.transportOptions); } // ----- Endpoint: security.update_user_profile_data /** * Update user profile data. *

* Update specific data for the user profile that is associated with a unique * ID. *

* NOTE: The user profile feature is designed only for use by Kibana and * Elastic's Observability, Enterprise Search, and Elastic Security solutions. * Individual users and external applications should not call this API directly. * Elastic reserves the right to change or remove this feature in future * releases without prior notice. *

* To use this API, you must have one of the following privileges: *

    *
  • The manage_user_profile cluster privilege.
  • *
  • The update_profile_data global privilege for the namespaces * that are referenced in the request.
  • *
*

* This API updates the labels and data fields of an * existing user profile document with JSON objects. New keys and their values * are added to the profile document and conflicting keys are replaced by data * that's included in the request. *

* For both labels and data, content is namespaced by the top-level fields. The * update_profile_data global privilege grants privileges for * updating only the allowed namespaces. * * @see Documentation * on elastic.co */ public CompletableFuture updateUserProfileData( UpdateUserProfileDataRequest request) { @SuppressWarnings("unchecked") JsonEndpoint endpoint = (JsonEndpoint) UpdateUserProfileDataRequest._ENDPOINT; return this.transport.performRequestAsync(request, endpoint, this.transportOptions); } /** * Update user profile data. *

* Update specific data for the user profile that is associated with a unique * ID. *

* NOTE: The user profile feature is designed only for use by Kibana and * Elastic's Observability, Enterprise Search, and Elastic Security solutions. * Individual users and external applications should not call this API directly. * Elastic reserves the right to change or remove this feature in future * releases without prior notice. *

* To use this API, you must have one of the following privileges: *

    *
  • The manage_user_profile cluster privilege.
  • *
  • The update_profile_data global privilege for the namespaces * that are referenced in the request.
  • *
*

* This API updates the labels and data fields of an * existing user profile document with JSON objects. New keys and their values * are added to the profile document and conflicting keys are replaced by data * that's included in the request. *

* For both labels and data, content is namespaced by the top-level fields. The * update_profile_data global privilege grants privileges for * updating only the allowed namespaces. * * @param fn * a function that initializes a builder to create the * {@link UpdateUserProfileDataRequest} * @see Documentation * on elastic.co */ public final CompletableFuture updateUserProfileData( Function> fn) { return updateUserProfileData(fn.apply(new UpdateUserProfileDataRequest.Builder()).build()); } }





© 2015 - 2025 Weber Informatics LLC | Privacy Policy