
co.elastic.clients.elasticsearch.security.ElasticsearchSecurityClient Maven / Gradle / Ivy
Show all versions of org.apache.servicemix.bundles.elasticsearch-java
/*
* Licensed to Elasticsearch B.V. under one or more contributor
* license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright
* ownership. Elasticsearch B.V. licenses this file to you under
* the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package co.elastic.clients.elasticsearch.security;
import co.elastic.clients.ApiClient;
import co.elastic.clients.elasticsearch._types.ElasticsearchException;
import co.elastic.clients.elasticsearch._types.ErrorResponse;
import co.elastic.clients.transport.ElasticsearchTransport;
import co.elastic.clients.transport.Endpoint;
import co.elastic.clients.transport.JsonEndpoint;
import co.elastic.clients.transport.Transport;
import co.elastic.clients.transport.TransportOptions;
import co.elastic.clients.transport.endpoints.BooleanResponse;
import co.elastic.clients.util.ObjectBuilder;
import java.io.IOException;
import java.util.function.Function;
import javax.annotation.Nullable;
//----------------------------------------------------------------
// THIS CODE IS GENERATED. MANUAL EDITS WILL BE LOST.
//----------------------------------------------------------------
//
// This code is generated from the Elasticsearch API specification
// at https://github.com/elastic/elasticsearch-specification
//
// Manual updates to this file will be lost when the code is
// re-generated.
//
// If you find a property that is missing or wrongly typed, please
// open an issue or a PR on the API specification repository.
//
//----------------------------------------------------------------
/**
* Client for the security namespace.
*/
public class ElasticsearchSecurityClient extends ApiClient {
public ElasticsearchSecurityClient(ElasticsearchTransport transport) {
super(transport, null);
}
public ElasticsearchSecurityClient(ElasticsearchTransport transport, @Nullable TransportOptions transportOptions) {
super(transport, transportOptions);
}
@Override
public ElasticsearchSecurityClient withTransportOptions(@Nullable TransportOptions transportOptions) {
return new ElasticsearchSecurityClient(this.transport, transportOptions);
}
// ----- Endpoint: security.activate_user_profile
/**
* Activate a user profile.
*
* Create or update a user profile on behalf of another user.
*
* NOTE: The user profile feature is designed only for use by Kibana and
* Elastic's Observability, Enterprise Search, and Elastic Security solutions.
* Individual users and external applications should not call this API directly.
* The calling application must have either an access_token
or a
* combination of username
and password
for the user
* that the profile document is intended for. Elastic reserves the right to
* change or remove this feature in future releases without prior notice.
*
* This API creates or updates a profile document for end users with information
* that is extracted from the user's authentication object including
* username
, full_name,
roles
, and the
* authentication realm. For example, in the JWT access_token
case,
* the profile user's username
is extracted from the JWT token
* claim pointed to by the claims.principal
setting of the JWT
* realm that authenticated the token.
*
* When updating a profile document, the API enables the document if it was
* disabled. Any updates do not change existing content for either the
* labels
or data
fields.
*
* @see Documentation
* on elastic.co
*/
public ActivateUserProfileResponse activateUserProfile(ActivateUserProfileRequest request)
throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) ActivateUserProfileRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Activate a user profile.
*
* Create or update a user profile on behalf of another user.
*
* NOTE: The user profile feature is designed only for use by Kibana and
* Elastic's Observability, Enterprise Search, and Elastic Security solutions.
* Individual users and external applications should not call this API directly.
* The calling application must have either an access_token
or a
* combination of username
and password
for the user
* that the profile document is intended for. Elastic reserves the right to
* change or remove this feature in future releases without prior notice.
*
* This API creates or updates a profile document for end users with information
* that is extracted from the user's authentication object including
* username
, full_name,
roles
, and the
* authentication realm. For example, in the JWT access_token
case,
* the profile user's username
is extracted from the JWT token
* claim pointed to by the claims.principal
setting of the JWT
* realm that authenticated the token.
*
* When updating a profile document, the API enables the document if it was
* disabled. Any updates do not change existing content for either the
* labels
or data
fields.
*
* @param fn
* a function that initializes a builder to create the
* {@link ActivateUserProfileRequest}
* @see Documentation
* on elastic.co
*/
public final ActivateUserProfileResponse activateUserProfile(
Function> fn)
throws IOException, ElasticsearchException {
return activateUserProfile(fn.apply(new ActivateUserProfileRequest.Builder()).build());
}
// ----- Endpoint: security.authenticate
/**
* Authenticate a user.
*
* Authenticates a user and returns information about the authenticated user.
* Include the user information in a
* basic
* auth header. A successful call returns a JSON structure that shows user
* information such as their username, the roles that are assigned to the user,
* any assigned metadata, and information about the realms that authenticated
* and authorized the user. If the user cannot be authenticated, this API
* returns a 401 status code.
*
* @see Documentation
* on elastic.co
*/
public AuthenticateResponse authenticate() throws IOException, ElasticsearchException {
return this.transport.performRequest(AuthenticateRequest._INSTANCE, AuthenticateRequest._ENDPOINT,
this.transportOptions);
}
// ----- Endpoint: security.bulk_delete_role
/**
* Bulk delete roles.
*
* The role management APIs are generally the preferred way to manage roles,
* rather than using file-based role management. The bulk delete roles API
* cannot delete roles that are defined in roles files.
*
* @see Documentation
* on elastic.co
*/
public BulkDeleteRoleResponse bulkDeleteRole(BulkDeleteRoleRequest request)
throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) BulkDeleteRoleRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Bulk delete roles.
*
* The role management APIs are generally the preferred way to manage roles,
* rather than using file-based role management. The bulk delete roles API
* cannot delete roles that are defined in roles files.
*
* @param fn
* a function that initializes a builder to create the
* {@link BulkDeleteRoleRequest}
* @see Documentation
* on elastic.co
*/
public final BulkDeleteRoleResponse bulkDeleteRole(
Function> fn)
throws IOException, ElasticsearchException {
return bulkDeleteRole(fn.apply(new BulkDeleteRoleRequest.Builder()).build());
}
// ----- Endpoint: security.bulk_put_role
/**
* Bulk create or update roles.
*
* The role management APIs are generally the preferred way to manage roles,
* rather than using file-based role management. The bulk create or update roles
* API cannot update roles that are defined in roles files.
*
* @see Documentation
* on elastic.co
*/
public BulkPutRoleResponse bulkPutRole(BulkPutRoleRequest request) throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) BulkPutRoleRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Bulk create or update roles.
*
* The role management APIs are generally the preferred way to manage roles,
* rather than using file-based role management. The bulk create or update roles
* API cannot update roles that are defined in roles files.
*
* @param fn
* a function that initializes a builder to create the
* {@link BulkPutRoleRequest}
* @see Documentation
* on elastic.co
*/
public final BulkPutRoleResponse bulkPutRole(
Function> fn)
throws IOException, ElasticsearchException {
return bulkPutRole(fn.apply(new BulkPutRoleRequest.Builder()).build());
}
// ----- Endpoint: security.bulk_update_api_keys
/**
* Bulk update API keys. Update the attributes for multiple API keys.
*
* IMPORTANT: It is not possible to use an API key as the authentication
* credential for this API. To update API keys, the owner user's credentials are
* required.
*
* This API is similar to the update API key API but enables you to apply the
* same update to multiple API keys in one API call. This operation can greatly
* improve performance over making individual updates.
*
* It is not possible to update expired or invalidated API keys.
*
* This API supports updates to API key access scope, metadata and expiration.
* The access scope of each API key is derived from the
* role_descriptors
you specify in the request and a snapshot of
* the owner user's permissions at the time of the request. The snapshot of the
* owner's permissions is updated automatically on every call.
*
* IMPORTANT: If you don't specify role_descriptors
in the request,
* a call to this API might still change an API key's access scope. This change
* can occur if the owner user's permissions have changed since the API key was
* created or last modified.
*
* A successful request returns a JSON structure that contains the IDs of all
* updated API keys, the IDs of API keys that already had the requested changes
* and did not require an update, and error details for any failed update.
*
* @see Documentation
* on elastic.co
*/
public BulkUpdateApiKeysResponse bulkUpdateApiKeys(BulkUpdateApiKeysRequest request)
throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) BulkUpdateApiKeysRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Bulk update API keys. Update the attributes for multiple API keys.
*
* IMPORTANT: It is not possible to use an API key as the authentication
* credential for this API. To update API keys, the owner user's credentials are
* required.
*
* This API is similar to the update API key API but enables you to apply the
* same update to multiple API keys in one API call. This operation can greatly
* improve performance over making individual updates.
*
* It is not possible to update expired or invalidated API keys.
*
* This API supports updates to API key access scope, metadata and expiration.
* The access scope of each API key is derived from the
* role_descriptors
you specify in the request and a snapshot of
* the owner user's permissions at the time of the request. The snapshot of the
* owner's permissions is updated automatically on every call.
*
* IMPORTANT: If you don't specify role_descriptors
in the request,
* a call to this API might still change an API key's access scope. This change
* can occur if the owner user's permissions have changed since the API key was
* created or last modified.
*
* A successful request returns a JSON structure that contains the IDs of all
* updated API keys, the IDs of API keys that already had the requested changes
* and did not require an update, and error details for any failed update.
*
* @param fn
* a function that initializes a builder to create the
* {@link BulkUpdateApiKeysRequest}
* @see Documentation
* on elastic.co
*/
public final BulkUpdateApiKeysResponse bulkUpdateApiKeys(
Function> fn)
throws IOException, ElasticsearchException {
return bulkUpdateApiKeys(fn.apply(new BulkUpdateApiKeysRequest.Builder()).build());
}
// ----- Endpoint: security.change_password
/**
* Change passwords.
*
* Change the passwords of users in the native realm and built-in users.
*
* @see Documentation
* on elastic.co
*/
public ChangePasswordResponse changePassword(ChangePasswordRequest request)
throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) ChangePasswordRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Change passwords.
*
* Change the passwords of users in the native realm and built-in users.
*
* @param fn
* a function that initializes a builder to create the
* {@link ChangePasswordRequest}
* @see Documentation
* on elastic.co
*/
public final ChangePasswordResponse changePassword(
Function> fn)
throws IOException, ElasticsearchException {
return changePassword(fn.apply(new ChangePasswordRequest.Builder()).build());
}
/**
* Change passwords.
*
* Change the passwords of users in the native realm and built-in users.
*
* @see Documentation
* on elastic.co
*/
public ChangePasswordResponse changePassword() throws IOException, ElasticsearchException {
return this.transport.performRequest(new ChangePasswordRequest.Builder().build(),
ChangePasswordRequest._ENDPOINT, this.transportOptions);
}
// ----- Endpoint: security.clear_api_key_cache
/**
* Clear the API key cache.
*
* Evict a subset of all entries from the API key cache. The cache is also
* automatically cleared on state changes of the security index.
*
* @see Documentation
* on elastic.co
*/
public ClearApiKeyCacheResponse clearApiKeyCache(ClearApiKeyCacheRequest request)
throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) ClearApiKeyCacheRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Clear the API key cache.
*
* Evict a subset of all entries from the API key cache. The cache is also
* automatically cleared on state changes of the security index.
*
* @param fn
* a function that initializes a builder to create the
* {@link ClearApiKeyCacheRequest}
* @see Documentation
* on elastic.co
*/
public final ClearApiKeyCacheResponse clearApiKeyCache(
Function> fn)
throws IOException, ElasticsearchException {
return clearApiKeyCache(fn.apply(new ClearApiKeyCacheRequest.Builder()).build());
}
// ----- Endpoint: security.clear_cached_privileges
/**
* Clear the privileges cache.
*
* Evict privileges from the native application privilege cache. The cache is
* also automatically cleared for applications that have their privileges
* updated.
*
* @see Documentation
* on elastic.co
*/
public ClearCachedPrivilegesResponse clearCachedPrivileges(ClearCachedPrivilegesRequest request)
throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) ClearCachedPrivilegesRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Clear the privileges cache.
*
* Evict privileges from the native application privilege cache. The cache is
* also automatically cleared for applications that have their privileges
* updated.
*
* @param fn
* a function that initializes a builder to create the
* {@link ClearCachedPrivilegesRequest}
* @see Documentation
* on elastic.co
*/
public final ClearCachedPrivilegesResponse clearCachedPrivileges(
Function> fn)
throws IOException, ElasticsearchException {
return clearCachedPrivileges(fn.apply(new ClearCachedPrivilegesRequest.Builder()).build());
}
// ----- Endpoint: security.clear_cached_realms
/**
* Clear the user cache.
*
* Evict users from the user cache. You can completely clear the cache or evict
* specific users.
*
* User credentials are cached in memory on each node to avoid connecting to a
* remote authentication service or hitting the disk for every incoming request.
* There are realm settings that you can use to configure the user cache. For
* more information, refer to the documentation about controlling the user
* cache.
*
* @see Documentation
* on elastic.co
*/
public ClearCachedRealmsResponse clearCachedRealms(ClearCachedRealmsRequest request)
throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) ClearCachedRealmsRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Clear the user cache.
*
* Evict users from the user cache. You can completely clear the cache or evict
* specific users.
*
* User credentials are cached in memory on each node to avoid connecting to a
* remote authentication service or hitting the disk for every incoming request.
* There are realm settings that you can use to configure the user cache. For
* more information, refer to the documentation about controlling the user
* cache.
*
* @param fn
* a function that initializes a builder to create the
* {@link ClearCachedRealmsRequest}
* @see Documentation
* on elastic.co
*/
public final ClearCachedRealmsResponse clearCachedRealms(
Function> fn)
throws IOException, ElasticsearchException {
return clearCachedRealms(fn.apply(new ClearCachedRealmsRequest.Builder()).build());
}
// ----- Endpoint: security.clear_cached_roles
/**
* Clear the roles cache.
*
* Evict roles from the native role cache.
*
* @see Documentation
* on elastic.co
*/
public ClearCachedRolesResponse clearCachedRoles(ClearCachedRolesRequest request)
throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) ClearCachedRolesRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Clear the roles cache.
*
* Evict roles from the native role cache.
*
* @param fn
* a function that initializes a builder to create the
* {@link ClearCachedRolesRequest}
* @see Documentation
* on elastic.co
*/
public final ClearCachedRolesResponse clearCachedRoles(
Function> fn)
throws IOException, ElasticsearchException {
return clearCachedRoles(fn.apply(new ClearCachedRolesRequest.Builder()).build());
}
// ----- Endpoint: security.clear_cached_service_tokens
/**
* Clear service account token caches.
*
* Evict a subset of all entries from the service account token caches. Two
* separate caches exist for service account tokens: one cache for tokens backed
* by the service_tokens
file, and another for tokens backed by the
* .security
index. This API clears matching entries from both
* caches.
*
* The cache for service account tokens backed by the .security
* index is cleared automatically on state changes of the security index. The
* cache for tokens backed by the service_tokens
file is cleared
* automatically on file changes.
*
* @see Documentation
* on elastic.co
*/
public ClearCachedServiceTokensResponse clearCachedServiceTokens(ClearCachedServiceTokensRequest request)
throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) ClearCachedServiceTokensRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Clear service account token caches.
*
* Evict a subset of all entries from the service account token caches. Two
* separate caches exist for service account tokens: one cache for tokens backed
* by the service_tokens
file, and another for tokens backed by the
* .security
index. This API clears matching entries from both
* caches.
*
* The cache for service account tokens backed by the .security
* index is cleared automatically on state changes of the security index. The
* cache for tokens backed by the service_tokens
file is cleared
* automatically on file changes.
*
* @param fn
* a function that initializes a builder to create the
* {@link ClearCachedServiceTokensRequest}
* @see Documentation
* on elastic.co
*/
public final ClearCachedServiceTokensResponse clearCachedServiceTokens(
Function> fn)
throws IOException, ElasticsearchException {
return clearCachedServiceTokens(fn.apply(new ClearCachedServiceTokensRequest.Builder()).build());
}
// ----- Endpoint: security.create_api_key
/**
* Create an API key.
*
* Create an API key for access without requiring basic authentication.
*
* IMPORTANT: If the credential that is used to authenticate this request is an
* API key, the derived API key cannot have any privileges. If you specify
* privileges, the API returns an error.
*
* A successful request returns a JSON structure that contains the API key, its
* unique id, and its name. If applicable, it also returns expiration
* information for the API key in milliseconds.
*
* NOTE: By default, API keys never expire. You can specify expiration
* information when you create the API keys.
*
* The API keys are created by the Elasticsearch API key service, which is
* automatically enabled. To configure or turn off the API key service, refer to
* API key service setting documentation.
*
* @see Documentation
* on elastic.co
*/
public CreateApiKeyResponse createApiKey(CreateApiKeyRequest request) throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) CreateApiKeyRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Create an API key.
*
* Create an API key for access without requiring basic authentication.
*
* IMPORTANT: If the credential that is used to authenticate this request is an
* API key, the derived API key cannot have any privileges. If you specify
* privileges, the API returns an error.
*
* A successful request returns a JSON structure that contains the API key, its
* unique id, and its name. If applicable, it also returns expiration
* information for the API key in milliseconds.
*
* NOTE: By default, API keys never expire. You can specify expiration
* information when you create the API keys.
*
* The API keys are created by the Elasticsearch API key service, which is
* automatically enabled. To configure or turn off the API key service, refer to
* API key service setting documentation.
*
* @param fn
* a function that initializes a builder to create the
* {@link CreateApiKeyRequest}
* @see Documentation
* on elastic.co
*/
public final CreateApiKeyResponse createApiKey(
Function> fn)
throws IOException, ElasticsearchException {
return createApiKey(fn.apply(new CreateApiKeyRequest.Builder()).build());
}
/**
* Create an API key.
*
* Create an API key for access without requiring basic authentication.
*
* IMPORTANT: If the credential that is used to authenticate this request is an
* API key, the derived API key cannot have any privileges. If you specify
* privileges, the API returns an error.
*
* A successful request returns a JSON structure that contains the API key, its
* unique id, and its name. If applicable, it also returns expiration
* information for the API key in milliseconds.
*
* NOTE: By default, API keys never expire. You can specify expiration
* information when you create the API keys.
*
* The API keys are created by the Elasticsearch API key service, which is
* automatically enabled. To configure or turn off the API key service, refer to
* API key service setting documentation.
*
* @see Documentation
* on elastic.co
*/
public CreateApiKeyResponse createApiKey() throws IOException, ElasticsearchException {
return this.transport.performRequest(new CreateApiKeyRequest.Builder().build(), CreateApiKeyRequest._ENDPOINT,
this.transportOptions);
}
// ----- Endpoint: security.create_cross_cluster_api_key
/**
* Create a cross-cluster API key.
*
* Create an API key of the cross_cluster
type for the API key
* based remote cluster access. A cross_cluster
API key cannot be
* used to authenticate through the REST interface.
*
* IMPORTANT: To authenticate this request you must use a credential that is not
* an API key. Even if you use an API key that has the required privilege, the
* API returns an error.
*
* Cross-cluster API keys are created by the Elasticsearch API key service,
* which is automatically enabled.
*
* NOTE: Unlike REST API keys, a cross-cluster API key does not capture
* permissions of the authenticated user. The API key’s effective permission is
* exactly as specified with the access
property.
*
* A successful request returns a JSON structure that contains the API key, its
* unique ID, and its name. If applicable, it also returns expiration
* information for the API key in milliseconds.
*
* By default, API keys never expire. You can specify expiration information
* when you create the API keys.
*
* Cross-cluster API keys can only be updated with the update cross-cluster API
* key API. Attempting to update them with the update REST API key API or the
* bulk update REST API keys API will result in an error.
*
* @see Documentation
* on elastic.co
*/
public CreateCrossClusterApiKeyResponse createCrossClusterApiKey(CreateCrossClusterApiKeyRequest request)
throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) CreateCrossClusterApiKeyRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Create a cross-cluster API key.
*
* Create an API key of the cross_cluster
type for the API key
* based remote cluster access. A cross_cluster
API key cannot be
* used to authenticate through the REST interface.
*
* IMPORTANT: To authenticate this request you must use a credential that is not
* an API key. Even if you use an API key that has the required privilege, the
* API returns an error.
*
* Cross-cluster API keys are created by the Elasticsearch API key service,
* which is automatically enabled.
*
* NOTE: Unlike REST API keys, a cross-cluster API key does not capture
* permissions of the authenticated user. The API key’s effective permission is
* exactly as specified with the access
property.
*
* A successful request returns a JSON structure that contains the API key, its
* unique ID, and its name. If applicable, it also returns expiration
* information for the API key in milliseconds.
*
* By default, API keys never expire. You can specify expiration information
* when you create the API keys.
*
* Cross-cluster API keys can only be updated with the update cross-cluster API
* key API. Attempting to update them with the update REST API key API or the
* bulk update REST API keys API will result in an error.
*
* @param fn
* a function that initializes a builder to create the
* {@link CreateCrossClusterApiKeyRequest}
* @see Documentation
* on elastic.co
*/
public final CreateCrossClusterApiKeyResponse createCrossClusterApiKey(
Function> fn)
throws IOException, ElasticsearchException {
return createCrossClusterApiKey(fn.apply(new CreateCrossClusterApiKeyRequest.Builder()).build());
}
// ----- Endpoint: security.create_service_token
/**
* Create a service account token.
*
* Create a service accounts token for access without requiring basic
* authentication.
*
* NOTE: Service account tokens never expire. You must actively delete them if
* they are no longer needed.
*
* @see Documentation
* on elastic.co
*/
public CreateServiceTokenResponse createServiceToken(CreateServiceTokenRequest request)
throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) CreateServiceTokenRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Create a service account token.
*
* Create a service accounts token for access without requiring basic
* authentication.
*
* NOTE: Service account tokens never expire. You must actively delete them if
* they are no longer needed.
*
* @param fn
* a function that initializes a builder to create the
* {@link CreateServiceTokenRequest}
* @see Documentation
* on elastic.co
*/
public final CreateServiceTokenResponse createServiceToken(
Function> fn)
throws IOException, ElasticsearchException {
return createServiceToken(fn.apply(new CreateServiceTokenRequest.Builder()).build());
}
// ----- Endpoint: security.delegate_pki
/**
* Delegate PKI authentication.
*
* This API implements the exchange of an X509Certificate chain for an
* Elasticsearch access token. The certificate chain is validated, according to
* RFC 5280, by sequentially considering the trust configuration of every
* installed PKI realm that has delegation.enabled
set to
* true
. A successfully trusted client certificate is also subject
* to the validation of the subject distinguished name according to thw
* username_pattern
of the respective realm.
*
* This API is called by smart and trusted proxies, such as Kibana, which
* terminate the user's TLS session but still want to authenticate the user by
* using a PKI realm—-as if the user connected directly to Elasticsearch.
*
* IMPORTANT: The association between the subject public key in the target
* certificate and the corresponding private key is not validated. This is part
* of the TLS authentication process and it is delegated to the proxy that calls
* this API. The proxy is trusted to have performed the TLS authentication and
* this API translates that authentication into an Elasticsearch access token.
*
* @see Documentation
* on elastic.co
*/
public DelegatePkiResponse delegatePki(DelegatePkiRequest request) throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) DelegatePkiRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Delegate PKI authentication.
*
* This API implements the exchange of an X509Certificate chain for an
* Elasticsearch access token. The certificate chain is validated, according to
* RFC 5280, by sequentially considering the trust configuration of every
* installed PKI realm that has delegation.enabled
set to
* true
. A successfully trusted client certificate is also subject
* to the validation of the subject distinguished name according to thw
* username_pattern
of the respective realm.
*
* This API is called by smart and trusted proxies, such as Kibana, which
* terminate the user's TLS session but still want to authenticate the user by
* using a PKI realm—-as if the user connected directly to Elasticsearch.
*
* IMPORTANT: The association between the subject public key in the target
* certificate and the corresponding private key is not validated. This is part
* of the TLS authentication process and it is delegated to the proxy that calls
* this API. The proxy is trusted to have performed the TLS authentication and
* this API translates that authentication into an Elasticsearch access token.
*
* @param fn
* a function that initializes a builder to create the
* {@link DelegatePkiRequest}
* @see Documentation
* on elastic.co
*/
public final DelegatePkiResponse delegatePki(
Function> fn)
throws IOException, ElasticsearchException {
return delegatePki(fn.apply(new DelegatePkiRequest.Builder()).build());
}
// ----- Endpoint: security.delete_privileges
/**
* Delete application privileges.
*
* To use this API, you must have one of the following privileges:
*
* - The
manage_security
cluster privilege (or a greater
* privilege such as all
).
* - The "Manage Application Privileges" global privilege for the
* application being referenced in the request.
*
*
* @see Documentation
* on elastic.co
*/
public DeletePrivilegesResponse deletePrivileges(DeletePrivilegesRequest request)
throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) DeletePrivilegesRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Delete application privileges.
*
* To use this API, you must have one of the following privileges:
*
* - The
manage_security
cluster privilege (or a greater
* privilege such as all
).
* - The "Manage Application Privileges" global privilege for the
* application being referenced in the request.
*
*
* @param fn
* a function that initializes a builder to create the
* {@link DeletePrivilegesRequest}
* @see Documentation
* on elastic.co
*/
public final DeletePrivilegesResponse deletePrivileges(
Function> fn)
throws IOException, ElasticsearchException {
return deletePrivileges(fn.apply(new DeletePrivilegesRequest.Builder()).build());
}
// ----- Endpoint: security.delete_role
/**
* Delete roles.
*
* Delete roles in the native realm. The role management APIs are generally the
* preferred way to manage roles, rather than using file-based role management.
* The delete roles API cannot remove roles that are defined in roles files.
*
* @see Documentation
* on elastic.co
*/
public DeleteRoleResponse deleteRole(DeleteRoleRequest request) throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) DeleteRoleRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Delete roles.
*
* Delete roles in the native realm. The role management APIs are generally the
* preferred way to manage roles, rather than using file-based role management.
* The delete roles API cannot remove roles that are defined in roles files.
*
* @param fn
* a function that initializes a builder to create the
* {@link DeleteRoleRequest}
* @see Documentation
* on elastic.co
*/
public final DeleteRoleResponse deleteRole(Function> fn)
throws IOException, ElasticsearchException {
return deleteRole(fn.apply(new DeleteRoleRequest.Builder()).build());
}
// ----- Endpoint: security.delete_role_mapping
/**
* Delete role mappings.
*
* Role mappings define which roles are assigned to each user. The role mapping
* APIs are generally the preferred way to manage role mappings rather than
* using role mapping files. The delete role mappings API cannot remove role
* mappings that are defined in role mapping files.
*
* @see Documentation
* on elastic.co
*/
public DeleteRoleMappingResponse deleteRoleMapping(DeleteRoleMappingRequest request)
throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) DeleteRoleMappingRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Delete role mappings.
*
* Role mappings define which roles are assigned to each user. The role mapping
* APIs are generally the preferred way to manage role mappings rather than
* using role mapping files. The delete role mappings API cannot remove role
* mappings that are defined in role mapping files.
*
* @param fn
* a function that initializes a builder to create the
* {@link DeleteRoleMappingRequest}
* @see Documentation
* on elastic.co
*/
public final DeleteRoleMappingResponse deleteRoleMapping(
Function> fn)
throws IOException, ElasticsearchException {
return deleteRoleMapping(fn.apply(new DeleteRoleMappingRequest.Builder()).build());
}
// ----- Endpoint: security.delete_service_token
/**
* Delete service account tokens.
*
* Delete service account tokens for a service in a specified namespace.
*
* @see Documentation
* on elastic.co
*/
public DeleteServiceTokenResponse deleteServiceToken(DeleteServiceTokenRequest request)
throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) DeleteServiceTokenRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Delete service account tokens.
*
* Delete service account tokens for a service in a specified namespace.
*
* @param fn
* a function that initializes a builder to create the
* {@link DeleteServiceTokenRequest}
* @see Documentation
* on elastic.co
*/
public final DeleteServiceTokenResponse deleteServiceToken(
Function> fn)
throws IOException, ElasticsearchException {
return deleteServiceToken(fn.apply(new DeleteServiceTokenRequest.Builder()).build());
}
// ----- Endpoint: security.delete_user
/**
* Delete users.
*
* Delete users from the native realm.
*
* @see Documentation
* on elastic.co
*/
public DeleteUserResponse deleteUser(DeleteUserRequest request) throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) DeleteUserRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Delete users.
*
* Delete users from the native realm.
*
* @param fn
* a function that initializes a builder to create the
* {@link DeleteUserRequest}
* @see Documentation
* on elastic.co
*/
public final DeleteUserResponse deleteUser(Function> fn)
throws IOException, ElasticsearchException {
return deleteUser(fn.apply(new DeleteUserRequest.Builder()).build());
}
// ----- Endpoint: security.disable_user
/**
* Disable users.
*
* Disable users in the native realm. By default, when you create users, they
* are enabled. You can use this API to revoke a user's access to Elasticsearch.
*
* @see Documentation
* on elastic.co
*/
public DisableUserResponse disableUser(DisableUserRequest request) throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) DisableUserRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Disable users.
*
* Disable users in the native realm. By default, when you create users, they
* are enabled. You can use this API to revoke a user's access to Elasticsearch.
*
* @param fn
* a function that initializes a builder to create the
* {@link DisableUserRequest}
* @see Documentation
* on elastic.co
*/
public final DisableUserResponse disableUser(
Function> fn)
throws IOException, ElasticsearchException {
return disableUser(fn.apply(new DisableUserRequest.Builder()).build());
}
// ----- Endpoint: security.disable_user_profile
/**
* Disable a user profile.
*
* Disable user profiles so that they are not visible in user profile searches.
*
* NOTE: The user profile feature is designed only for use by Kibana and
* Elastic's Observability, Enterprise Search, and Elastic Security solutions.
* Individual users and external applications should not call this API directly.
* Elastic reserves the right to change or remove this feature in future
* releases without prior notice.
*
* When you activate a user profile, its automatically enabled and visible in
* user profile searches. You can use the disable user profile API to disable a
* user profile so it’s not visible in these searches. To re-enable a disabled
* user profile, use the enable user profile API .
*
* @see Documentation
* on elastic.co
*/
public DisableUserProfileResponse disableUserProfile(DisableUserProfileRequest request)
throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) DisableUserProfileRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Disable a user profile.
*
* Disable user profiles so that they are not visible in user profile searches.
*
* NOTE: The user profile feature is designed only for use by Kibana and
* Elastic's Observability, Enterprise Search, and Elastic Security solutions.
* Individual users and external applications should not call this API directly.
* Elastic reserves the right to change or remove this feature in future
* releases without prior notice.
*
* When you activate a user profile, its automatically enabled and visible in
* user profile searches. You can use the disable user profile API to disable a
* user profile so it’s not visible in these searches. To re-enable a disabled
* user profile, use the enable user profile API .
*
* @param fn
* a function that initializes a builder to create the
* {@link DisableUserProfileRequest}
* @see Documentation
* on elastic.co
*/
public final DisableUserProfileResponse disableUserProfile(
Function> fn)
throws IOException, ElasticsearchException {
return disableUserProfile(fn.apply(new DisableUserProfileRequest.Builder()).build());
}
// ----- Endpoint: security.enable_user
/**
* Enable users.
*
* Enable users in the native realm. By default, when you create users, they are
* enabled.
*
* @see Documentation
* on elastic.co
*/
public EnableUserResponse enableUser(EnableUserRequest request) throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) EnableUserRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Enable users.
*
* Enable users in the native realm. By default, when you create users, they are
* enabled.
*
* @param fn
* a function that initializes a builder to create the
* {@link EnableUserRequest}
* @see Documentation
* on elastic.co
*/
public final EnableUserResponse enableUser(Function> fn)
throws IOException, ElasticsearchException {
return enableUser(fn.apply(new EnableUserRequest.Builder()).build());
}
// ----- Endpoint: security.enable_user_profile
/**
* Enable a user profile.
*
* Enable user profiles to make them visible in user profile searches.
*
* NOTE: The user profile feature is designed only for use by Kibana and
* Elastic's Observability, Enterprise Search, and Elastic Security solutions.
* Individual users and external applications should not call this API directly.
* Elastic reserves the right to change or remove this feature in future
* releases without prior notice.
*
* When you activate a user profile, it's automatically enabled and visible in
* user profile searches. If you later disable the user profile, you can use the
* enable user profile API to make the profile visible in these searches again.
*
* @see Documentation
* on elastic.co
*/
public EnableUserProfileResponse enableUserProfile(EnableUserProfileRequest request)
throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) EnableUserProfileRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Enable a user profile.
*
* Enable user profiles to make them visible in user profile searches.
*
* NOTE: The user profile feature is designed only for use by Kibana and
* Elastic's Observability, Enterprise Search, and Elastic Security solutions.
* Individual users and external applications should not call this API directly.
* Elastic reserves the right to change or remove this feature in future
* releases without prior notice.
*
* When you activate a user profile, it's automatically enabled and visible in
* user profile searches. If you later disable the user profile, you can use the
* enable user profile API to make the profile visible in these searches again.
*
* @param fn
* a function that initializes a builder to create the
* {@link EnableUserProfileRequest}
* @see Documentation
* on elastic.co
*/
public final EnableUserProfileResponse enableUserProfile(
Function> fn)
throws IOException, ElasticsearchException {
return enableUserProfile(fn.apply(new EnableUserProfileRequest.Builder()).build());
}
// ----- Endpoint: security.enroll_kibana
/**
* Enroll Kibana.
*
* Enable a Kibana instance to configure itself for communication with a secured
* Elasticsearch cluster.
*
* NOTE: This API is currently intended for internal use only by Kibana. Kibana
* uses this API internally to configure itself for communications with an
* Elasticsearch cluster that already has security features enabled.
*
* @see Documentation
* on elastic.co
*/
public EnrollKibanaResponse enrollKibana() throws IOException, ElasticsearchException {
return this.transport.performRequest(EnrollKibanaRequest._INSTANCE, EnrollKibanaRequest._ENDPOINT,
this.transportOptions);
}
// ----- Endpoint: security.enroll_node
/**
* Enroll a node.
*
* Enroll a new node to allow it to join an existing cluster with security
* features enabled.
*
* The response contains all the necessary information for the joining node to
* bootstrap discovery and security related settings so that it can successfully
* join the cluster. The response contains key and certificate material that
* allows the caller to generate valid signed certificates for the HTTP layer of
* all nodes in the cluster.
*
* @see Documentation
* on elastic.co
*/
public EnrollNodeResponse enrollNode() throws IOException, ElasticsearchException {
return this.transport.performRequest(EnrollNodeRequest._INSTANCE, EnrollNodeRequest._ENDPOINT,
this.transportOptions);
}
// ----- Endpoint: security.get_api_key
/**
* Get API key information.
*
* Retrieves information for one or more API keys. NOTE: If you have only the
* manage_own_api_key
privilege, this API returns only the API keys
* that you own. If you have read_security
,
* manage_api_key
or greater privileges (including
* manage_security
), this API returns all API keys regardless of
* ownership.
*
* @see Documentation
* on elastic.co
*/
public GetApiKeyResponse getApiKey(GetApiKeyRequest request) throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) GetApiKeyRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Get API key information.
*
* Retrieves information for one or more API keys. NOTE: If you have only the
* manage_own_api_key
privilege, this API returns only the API keys
* that you own. If you have read_security
,
* manage_api_key
or greater privileges (including
* manage_security
), this API returns all API keys regardless of
* ownership.
*
* @param fn
* a function that initializes a builder to create the
* {@link GetApiKeyRequest}
* @see Documentation
* on elastic.co
*/
public final GetApiKeyResponse getApiKey(Function> fn)
throws IOException, ElasticsearchException {
return getApiKey(fn.apply(new GetApiKeyRequest.Builder()).build());
}
/**
* Get API key information.
*
* Retrieves information for one or more API keys. NOTE: If you have only the
* manage_own_api_key
privilege, this API returns only the API keys
* that you own. If you have read_security
,
* manage_api_key
or greater privileges (including
* manage_security
), this API returns all API keys regardless of
* ownership.
*
* @see Documentation
* on elastic.co
*/
public GetApiKeyResponse getApiKey() throws IOException, ElasticsearchException {
return this.transport.performRequest(new GetApiKeyRequest.Builder().build(), GetApiKeyRequest._ENDPOINT,
this.transportOptions);
}
// ----- Endpoint: security.get_builtin_privileges
/**
* Get builtin privileges.
*
* Get the list of cluster privileges and index privileges that are available in
* this version of Elasticsearch.
*
* @see Documentation
* on elastic.co
*/
public GetBuiltinPrivilegesResponse getBuiltinPrivileges() throws IOException, ElasticsearchException {
return this.transport.performRequest(GetBuiltinPrivilegesRequest._INSTANCE,
GetBuiltinPrivilegesRequest._ENDPOINT, this.transportOptions);
}
// ----- Endpoint: security.get_privileges
/**
* Get application privileges.
*
* To use this API, you must have one of the following privileges:
*
* - The
read_security
cluster privilege (or a greater privilege
* such as manage_security
or all
).
* - The "Manage Application Privileges" global privilege for the
* application being referenced in the request.
*
*
* @see Documentation
* on elastic.co
*/
public GetPrivilegesResponse getPrivileges(GetPrivilegesRequest request)
throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) GetPrivilegesRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Get application privileges.
*
* To use this API, you must have one of the following privileges:
*
* - The
read_security
cluster privilege (or a greater privilege
* such as manage_security
or all
).
* - The "Manage Application Privileges" global privilege for the
* application being referenced in the request.
*
*
* @param fn
* a function that initializes a builder to create the
* {@link GetPrivilegesRequest}
* @see Documentation
* on elastic.co
*/
public final GetPrivilegesResponse getPrivileges(
Function> fn)
throws IOException, ElasticsearchException {
return getPrivileges(fn.apply(new GetPrivilegesRequest.Builder()).build());
}
/**
* Get application privileges.
*
* To use this API, you must have one of the following privileges:
*
* - The
read_security
cluster privilege (or a greater privilege
* such as manage_security
or all
).
* - The "Manage Application Privileges" global privilege for the
* application being referenced in the request.
*
*
* @see Documentation
* on elastic.co
*/
public GetPrivilegesResponse getPrivileges() throws IOException, ElasticsearchException {
return this.transport.performRequest(new GetPrivilegesRequest.Builder().build(), GetPrivilegesRequest._ENDPOINT,
this.transportOptions);
}
// ----- Endpoint: security.get_role
/**
* Get roles.
*
* Get roles in the native realm. The role management APIs are generally the
* preferred way to manage roles, rather than using file-based role management.
* The get roles API cannot retrieve roles that are defined in roles files.
*
* @see Documentation
* on elastic.co
*/
public GetRoleResponse getRole(GetRoleRequest request) throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) GetRoleRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Get roles.
*
* Get roles in the native realm. The role management APIs are generally the
* preferred way to manage roles, rather than using file-based role management.
* The get roles API cannot retrieve roles that are defined in roles files.
*
* @param fn
* a function that initializes a builder to create the
* {@link GetRoleRequest}
* @see Documentation
* on elastic.co
*/
public final GetRoleResponse getRole(Function> fn)
throws IOException, ElasticsearchException {
return getRole(fn.apply(new GetRoleRequest.Builder()).build());
}
/**
* Get roles.
*
* Get roles in the native realm. The role management APIs are generally the
* preferred way to manage roles, rather than using file-based role management.
* The get roles API cannot retrieve roles that are defined in roles files.
*
* @see Documentation
* on elastic.co
*/
public GetRoleResponse getRole() throws IOException, ElasticsearchException {
return this.transport.performRequest(new GetRoleRequest.Builder().build(), GetRoleRequest._ENDPOINT,
this.transportOptions);
}
// ----- Endpoint: security.get_role_mapping
/**
* Get role mappings.
*
* Role mappings define which roles are assigned to each user. The role mapping
* APIs are generally the preferred way to manage role mappings rather than
* using role mapping files. The get role mappings API cannot retrieve role
* mappings that are defined in role mapping files.
*
* @see Documentation
* on elastic.co
*/
public GetRoleMappingResponse getRoleMapping(GetRoleMappingRequest request)
throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) GetRoleMappingRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Get role mappings.
*
* Role mappings define which roles are assigned to each user. The role mapping
* APIs are generally the preferred way to manage role mappings rather than
* using role mapping files. The get role mappings API cannot retrieve role
* mappings that are defined in role mapping files.
*
* @param fn
* a function that initializes a builder to create the
* {@link GetRoleMappingRequest}
* @see Documentation
* on elastic.co
*/
public final GetRoleMappingResponse getRoleMapping(
Function> fn)
throws IOException, ElasticsearchException {
return getRoleMapping(fn.apply(new GetRoleMappingRequest.Builder()).build());
}
/**
* Get role mappings.
*
* Role mappings define which roles are assigned to each user. The role mapping
* APIs are generally the preferred way to manage role mappings rather than
* using role mapping files. The get role mappings API cannot retrieve role
* mappings that are defined in role mapping files.
*
* @see Documentation
* on elastic.co
*/
public GetRoleMappingResponse getRoleMapping() throws IOException, ElasticsearchException {
return this.transport.performRequest(new GetRoleMappingRequest.Builder().build(),
GetRoleMappingRequest._ENDPOINT, this.transportOptions);
}
// ----- Endpoint: security.get_service_accounts
/**
* Get service accounts.
*
* Get a list of service accounts that match the provided path parameters.
*
* NOTE: Currently, only the elastic/fleet-server
service account
* is available.
*
* @see Documentation
* on elastic.co
*/
public GetServiceAccountsResponse getServiceAccounts(GetServiceAccountsRequest request)
throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) GetServiceAccountsRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Get service accounts.
*
* Get a list of service accounts that match the provided path parameters.
*
* NOTE: Currently, only the elastic/fleet-server
service account
* is available.
*
* @param fn
* a function that initializes a builder to create the
* {@link GetServiceAccountsRequest}
* @see Documentation
* on elastic.co
*/
public final GetServiceAccountsResponse getServiceAccounts(
Function> fn)
throws IOException, ElasticsearchException {
return getServiceAccounts(fn.apply(new GetServiceAccountsRequest.Builder()).build());
}
/**
* Get service accounts.
*
* Get a list of service accounts that match the provided path parameters.
*
* NOTE: Currently, only the elastic/fleet-server
service account
* is available.
*
* @see Documentation
* on elastic.co
*/
public GetServiceAccountsResponse getServiceAccounts() throws IOException, ElasticsearchException {
return this.transport.performRequest(new GetServiceAccountsRequest.Builder().build(),
GetServiceAccountsRequest._ENDPOINT, this.transportOptions);
}
// ----- Endpoint: security.get_service_credentials
/**
* Get service account credentials.
*
* To use this API, you must have at least the read_security
* cluster privilege (or a greater privilege such as
* manage_service_account
or manage_security
).
*
* The response includes service account tokens that were created with the
* create service account tokens API as well as file-backed tokens from all
* nodes of the cluster.
*
* NOTE: For tokens backed by the service_tokens
file, the API
* collects them from all nodes of the cluster. Tokens with the same name from
* different nodes are assumed to be the same token and are only counted once
* towards the total number of service tokens.
*
* @see Documentation
* on elastic.co
*/
public GetServiceCredentialsResponse getServiceCredentials(GetServiceCredentialsRequest request)
throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) GetServiceCredentialsRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Get service account credentials.
*
* To use this API, you must have at least the read_security
* cluster privilege (or a greater privilege such as
* manage_service_account
or manage_security
).
*
* The response includes service account tokens that were created with the
* create service account tokens API as well as file-backed tokens from all
* nodes of the cluster.
*
* NOTE: For tokens backed by the service_tokens
file, the API
* collects them from all nodes of the cluster. Tokens with the same name from
* different nodes are assumed to be the same token and are only counted once
* towards the total number of service tokens.
*
* @param fn
* a function that initializes a builder to create the
* {@link GetServiceCredentialsRequest}
* @see Documentation
* on elastic.co
*/
public final GetServiceCredentialsResponse getServiceCredentials(
Function> fn)
throws IOException, ElasticsearchException {
return getServiceCredentials(fn.apply(new GetServiceCredentialsRequest.Builder()).build());
}
// ----- Endpoint: security.get_settings
/**
* Get security index settings.
*
* Get the user-configurable settings for the security internal index
* (.security
and associated indices). Only a subset of the index
* settings — those that are user-configurable—will be shown. This includes:
*
* index.auto_expand_replicas
* index.number_of_replicas
*
*
* @see Documentation
* on elastic.co
*/
public GetSecuritySettingsResponse getSettings(GetSecuritySettingsRequest request)
throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) GetSecuritySettingsRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Get security index settings.
*
* Get the user-configurable settings for the security internal index
* (.security
and associated indices). Only a subset of the index
* settings — those that are user-configurable—will be shown. This includes:
*
* index.auto_expand_replicas
* index.number_of_replicas
*
*
* @param fn
* a function that initializes a builder to create the
* {@link GetSecuritySettingsRequest}
* @see Documentation
* on elastic.co
*/
public final GetSecuritySettingsResponse getSettings(
Function> fn)
throws IOException, ElasticsearchException {
return getSettings(fn.apply(new GetSecuritySettingsRequest.Builder()).build());
}
/**
* Get security index settings.
*
* Get the user-configurable settings for the security internal index
* (.security
and associated indices). Only a subset of the index
* settings — those that are user-configurable—will be shown. This includes:
*
* index.auto_expand_replicas
* index.number_of_replicas
*
*
* @see Documentation
* on elastic.co
*/
public GetSecuritySettingsResponse getSettings() throws IOException, ElasticsearchException {
return this.transport.performRequest(new GetSecuritySettingsRequest.Builder().build(),
GetSecuritySettingsRequest._ENDPOINT, this.transportOptions);
}
// ----- Endpoint: security.get_token
/**
* Get a token.
*
* Create a bearer token for access without requiring basic authentication. The
* tokens are created by the Elasticsearch Token Service, which is automatically
* enabled when you configure TLS on the HTTP interface. Alternatively, you can
* explicitly enable the xpack.security.authc.token.enabled
* setting. When you are running in production mode, a bootstrap check prevents
* you from enabling the token service unless you also enable TLS on the HTTP
* interface.
*
* The get token API takes the same parameters as a typical OAuth 2.0 token API
* except for the use of a JSON request body.
*
* A successful get token API call returns a JSON structure that contains the
* access token, the amount of time (seconds) that the token expires in, the
* type, and the scope if available.
*
* The tokens returned by the get token API have a finite period of time for
* which they are valid and after that time period, they can no longer be used.
* That time period is defined by the
* xpack.security.authc.token.timeout
setting. If you want to
* invalidate a token immediately, you can do so by using the invalidate token
* API.
*
* @see Documentation
* on elastic.co
*/
public GetTokenResponse getToken(GetTokenRequest request) throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) GetTokenRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Get a token.
*
* Create a bearer token for access without requiring basic authentication. The
* tokens are created by the Elasticsearch Token Service, which is automatically
* enabled when you configure TLS on the HTTP interface. Alternatively, you can
* explicitly enable the xpack.security.authc.token.enabled
* setting. When you are running in production mode, a bootstrap check prevents
* you from enabling the token service unless you also enable TLS on the HTTP
* interface.
*
* The get token API takes the same parameters as a typical OAuth 2.0 token API
* except for the use of a JSON request body.
*
* A successful get token API call returns a JSON structure that contains the
* access token, the amount of time (seconds) that the token expires in, the
* type, and the scope if available.
*
* The tokens returned by the get token API have a finite period of time for
* which they are valid and after that time period, they can no longer be used.
* That time period is defined by the
* xpack.security.authc.token.timeout
setting. If you want to
* invalidate a token immediately, you can do so by using the invalidate token
* API.
*
* @param fn
* a function that initializes a builder to create the
* {@link GetTokenRequest}
* @see Documentation
* on elastic.co
*/
public final GetTokenResponse getToken(Function> fn)
throws IOException, ElasticsearchException {
return getToken(fn.apply(new GetTokenRequest.Builder()).build());
}
/**
* Get a token.
*
* Create a bearer token for access without requiring basic authentication. The
* tokens are created by the Elasticsearch Token Service, which is automatically
* enabled when you configure TLS on the HTTP interface. Alternatively, you can
* explicitly enable the xpack.security.authc.token.enabled
* setting. When you are running in production mode, a bootstrap check prevents
* you from enabling the token service unless you also enable TLS on the HTTP
* interface.
*
* The get token API takes the same parameters as a typical OAuth 2.0 token API
* except for the use of a JSON request body.
*
* A successful get token API call returns a JSON structure that contains the
* access token, the amount of time (seconds) that the token expires in, the
* type, and the scope if available.
*
* The tokens returned by the get token API have a finite period of time for
* which they are valid and after that time period, they can no longer be used.
* That time period is defined by the
* xpack.security.authc.token.timeout
setting. If you want to
* invalidate a token immediately, you can do so by using the invalidate token
* API.
*
* @see Documentation
* on elastic.co
*/
public GetTokenResponse getToken() throws IOException, ElasticsearchException {
return this.transport.performRequest(new GetTokenRequest.Builder().build(), GetTokenRequest._ENDPOINT,
this.transportOptions);
}
// ----- Endpoint: security.get_user
/**
* Get users.
*
* Get information about users in the native realm and built-in users.
*
* @see Documentation
* on elastic.co
*/
public GetUserResponse getUser(GetUserRequest request) throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) GetUserRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Get users.
*
* Get information about users in the native realm and built-in users.
*
* @param fn
* a function that initializes a builder to create the
* {@link GetUserRequest}
* @see Documentation
* on elastic.co
*/
public final GetUserResponse getUser(Function> fn)
throws IOException, ElasticsearchException {
return getUser(fn.apply(new GetUserRequest.Builder()).build());
}
/**
* Get users.
*
* Get information about users in the native realm and built-in users.
*
* @see Documentation
* on elastic.co
*/
public GetUserResponse getUser() throws IOException, ElasticsearchException {
return this.transport.performRequest(new GetUserRequest.Builder().build(), GetUserRequest._ENDPOINT,
this.transportOptions);
}
// ----- Endpoint: security.get_user_privileges
/**
* Get user privileges.
*
* Get the security privileges for the logged in user. All users can use this
* API, but only to determine their own privileges. To check the privileges of
* other users, you must use the run as feature. To check whether a user has a
* specific list of privileges, use the has privileges API.
*
* @see Documentation
* on elastic.co
*/
public GetUserPrivilegesResponse getUserPrivileges(GetUserPrivilegesRequest request)
throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) GetUserPrivilegesRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Get user privileges.
*
* Get the security privileges for the logged in user. All users can use this
* API, but only to determine their own privileges. To check the privileges of
* other users, you must use the run as feature. To check whether a user has a
* specific list of privileges, use the has privileges API.
*
* @param fn
* a function that initializes a builder to create the
* {@link GetUserPrivilegesRequest}
* @see Documentation
* on elastic.co
*/
public final GetUserPrivilegesResponse getUserPrivileges(
Function> fn)
throws IOException, ElasticsearchException {
return getUserPrivileges(fn.apply(new GetUserPrivilegesRequest.Builder()).build());
}
/**
* Get user privileges.
*
* Get the security privileges for the logged in user. All users can use this
* API, but only to determine their own privileges. To check the privileges of
* other users, you must use the run as feature. To check whether a user has a
* specific list of privileges, use the has privileges API.
*
* @see Documentation
* on elastic.co
*/
public GetUserPrivilegesResponse getUserPrivileges() throws IOException, ElasticsearchException {
return this.transport.performRequest(new GetUserPrivilegesRequest.Builder().build(),
GetUserPrivilegesRequest._ENDPOINT, this.transportOptions);
}
// ----- Endpoint: security.get_user_profile
/**
* Get a user profile.
*
* Get a user's profile using the unique profile ID.
*
* NOTE: The user profile feature is designed only for use by Kibana and
* Elastic's Observability, Enterprise Search, and Elastic Security solutions.
* Individual users and external applications should not call this API directly.
* Elastic reserves the right to change or remove this feature in future
* releases without prior notice.
*
* @see Documentation
* on elastic.co
*/
public GetUserProfileResponse getUserProfile(GetUserProfileRequest request)
throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) GetUserProfileRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Get a user profile.
*
* Get a user's profile using the unique profile ID.
*
* NOTE: The user profile feature is designed only for use by Kibana and
* Elastic's Observability, Enterprise Search, and Elastic Security solutions.
* Individual users and external applications should not call this API directly.
* Elastic reserves the right to change or remove this feature in future
* releases without prior notice.
*
* @param fn
* a function that initializes a builder to create the
* {@link GetUserProfileRequest}
* @see Documentation
* on elastic.co
*/
public final GetUserProfileResponse getUserProfile(
Function> fn)
throws IOException, ElasticsearchException {
return getUserProfile(fn.apply(new GetUserProfileRequest.Builder()).build());
}
// ----- Endpoint: security.grant_api_key
/**
* Grant an API key.
*
* Create an API key on behalf of another user. This API is similar to the
* create API keys API, however it creates the API key for a user that is
* different than the user that runs the API. The caller must have
* authentication credentials for the user on whose behalf the API key will be
* created. It is not possible to use this API to create an API key without that
* user's credentials. The supported user authentication credential types are:
*
* - username and password
* - Elasticsearch access tokens
* - JWTs
*
*
* The user, for whom the authentication credentials is provided, can optionally
* "run as" (impersonate) another user. In this case, the API key will
* be created on behalf of the impersonated user.
*
* This API is intended be used by applications that need to create and manage
* API keys for end users, but cannot guarantee that those users have permission
* to create API keys on their own behalf. The API keys are created by the
* Elasticsearch API key service, which is automatically enabled.
*
* A successful grant API key API call returns a JSON structure that contains
* the API key, its unique id, and its name. If applicable, it also returns
* expiration information for the API key in milliseconds.
*
* By default, API keys never expire. You can specify expiration information
* when you create the API keys.
*
* @see Documentation
* on elastic.co
*/
public GrantApiKeyResponse grantApiKey(GrantApiKeyRequest request) throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) GrantApiKeyRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Grant an API key.
*
* Create an API key on behalf of another user. This API is similar to the
* create API keys API, however it creates the API key for a user that is
* different than the user that runs the API. The caller must have
* authentication credentials for the user on whose behalf the API key will be
* created. It is not possible to use this API to create an API key without that
* user's credentials. The supported user authentication credential types are:
*
* - username and password
* - Elasticsearch access tokens
* - JWTs
*
*
* The user, for whom the authentication credentials is provided, can optionally
* "run as" (impersonate) another user. In this case, the API key will
* be created on behalf of the impersonated user.
*
* This API is intended be used by applications that need to create and manage
* API keys for end users, but cannot guarantee that those users have permission
* to create API keys on their own behalf. The API keys are created by the
* Elasticsearch API key service, which is automatically enabled.
*
* A successful grant API key API call returns a JSON structure that contains
* the API key, its unique id, and its name. If applicable, it also returns
* expiration information for the API key in milliseconds.
*
* By default, API keys never expire. You can specify expiration information
* when you create the API keys.
*
* @param fn
* a function that initializes a builder to create the
* {@link GrantApiKeyRequest}
* @see Documentation
* on elastic.co
*/
public final GrantApiKeyResponse grantApiKey(
Function> fn)
throws IOException, ElasticsearchException {
return grantApiKey(fn.apply(new GrantApiKeyRequest.Builder()).build());
}
// ----- Endpoint: security.has_privileges
/**
* Check user privileges.
*
* Determine whether the specified user has a specified list of privileges. All
* users can use this API, but only to determine their own privileges. To check
* the privileges of other users, you must use the run as feature.
*
* @see Documentation
* on elastic.co
*/
public HasPrivilegesResponse hasPrivileges(HasPrivilegesRequest request)
throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) HasPrivilegesRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Check user privileges.
*
* Determine whether the specified user has a specified list of privileges. All
* users can use this API, but only to determine their own privileges. To check
* the privileges of other users, you must use the run as feature.
*
* @param fn
* a function that initializes a builder to create the
* {@link HasPrivilegesRequest}
* @see Documentation
* on elastic.co
*/
public final HasPrivilegesResponse hasPrivileges(
Function> fn)
throws IOException, ElasticsearchException {
return hasPrivileges(fn.apply(new HasPrivilegesRequest.Builder()).build());
}
/**
* Check user privileges.
*
* Determine whether the specified user has a specified list of privileges. All
* users can use this API, but only to determine their own privileges. To check
* the privileges of other users, you must use the run as feature.
*
* @see Documentation
* on elastic.co
*/
public HasPrivilegesResponse hasPrivileges() throws IOException, ElasticsearchException {
return this.transport.performRequest(new HasPrivilegesRequest.Builder().build(), HasPrivilegesRequest._ENDPOINT,
this.transportOptions);
}
// ----- Endpoint: security.has_privileges_user_profile
/**
* Check user profile privileges.
*
* Determine whether the users associated with the specified user profile IDs
* have all the requested privileges.
*
* NOTE: The user profile feature is designed only for use by Kibana and
* Elastic's Observability, Enterprise Search, and Elastic Security solutions.
* Individual users and external applications should not call this API directly.
* Elastic reserves the right to change or remove this feature in future
* releases without prior notice.
*
* @see Documentation
* on elastic.co
*/
public HasPrivilegesUserProfileResponse hasPrivilegesUserProfile(HasPrivilegesUserProfileRequest request)
throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) HasPrivilegesUserProfileRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Check user profile privileges.
*
* Determine whether the users associated with the specified user profile IDs
* have all the requested privileges.
*
* NOTE: The user profile feature is designed only for use by Kibana and
* Elastic's Observability, Enterprise Search, and Elastic Security solutions.
* Individual users and external applications should not call this API directly.
* Elastic reserves the right to change or remove this feature in future
* releases without prior notice.
*
* @param fn
* a function that initializes a builder to create the
* {@link HasPrivilegesUserProfileRequest}
* @see Documentation
* on elastic.co
*/
public final HasPrivilegesUserProfileResponse hasPrivilegesUserProfile(
Function> fn)
throws IOException, ElasticsearchException {
return hasPrivilegesUserProfile(fn.apply(new HasPrivilegesUserProfileRequest.Builder()).build());
}
// ----- Endpoint: security.invalidate_api_key
/**
* Invalidate API keys.
*
* This API invalidates API keys created by the create API key or grant API key
* APIs. Invalidated API keys fail authentication, but they can still be viewed
* using the get API key information and query API key information APIs, for at
* least the configured retention period, until they are automatically deleted.
*
* To use this API, you must have at least the manage_security
,
* manage_api_key
, or manage_own_api_key
cluster
* privileges. The manage_security
privilege allows deleting any
* API key, including both REST and cross cluster API keys. The
* manage_api_key
privilege allows deleting any REST API key, but
* not cross cluster API keys. The manage_own_api_key
only allows
* deleting REST API keys that are owned by the user. In addition, with the
* manage_own_api_key
privilege, an invalidation request must be
* issued in one of the three formats:
*
* - Set the parameter
owner=true
.
* - Or, set both
username
and realm_name
to match
* the user's identity.
* - Or, if the request is issued by an API key, that is to say an API key
* invalidates itself, specify its ID in the
ids
field.
*
*
* @see Documentation
* on elastic.co
*/
public InvalidateApiKeyResponse invalidateApiKey(InvalidateApiKeyRequest request)
throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) InvalidateApiKeyRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Invalidate API keys.
*
* This API invalidates API keys created by the create API key or grant API key
* APIs. Invalidated API keys fail authentication, but they can still be viewed
* using the get API key information and query API key information APIs, for at
* least the configured retention period, until they are automatically deleted.
*
* To use this API, you must have at least the manage_security
,
* manage_api_key
, or manage_own_api_key
cluster
* privileges. The manage_security
privilege allows deleting any
* API key, including both REST and cross cluster API keys. The
* manage_api_key
privilege allows deleting any REST API key, but
* not cross cluster API keys. The manage_own_api_key
only allows
* deleting REST API keys that are owned by the user. In addition, with the
* manage_own_api_key
privilege, an invalidation request must be
* issued in one of the three formats:
*
* - Set the parameter
owner=true
.
* - Or, set both
username
and realm_name
to match
* the user's identity.
* - Or, if the request is issued by an API key, that is to say an API key
* invalidates itself, specify its ID in the
ids
field.
*
*
* @param fn
* a function that initializes a builder to create the
* {@link InvalidateApiKeyRequest}
* @see Documentation
* on elastic.co
*/
public final InvalidateApiKeyResponse invalidateApiKey(
Function> fn)
throws IOException, ElasticsearchException {
return invalidateApiKey(fn.apply(new InvalidateApiKeyRequest.Builder()).build());
}
/**
* Invalidate API keys.
*
* This API invalidates API keys created by the create API key or grant API key
* APIs. Invalidated API keys fail authentication, but they can still be viewed
* using the get API key information and query API key information APIs, for at
* least the configured retention period, until they are automatically deleted.
*
* To use this API, you must have at least the manage_security
,
* manage_api_key
, or manage_own_api_key
cluster
* privileges. The manage_security
privilege allows deleting any
* API key, including both REST and cross cluster API keys. The
* manage_api_key
privilege allows deleting any REST API key, but
* not cross cluster API keys. The manage_own_api_key
only allows
* deleting REST API keys that are owned by the user. In addition, with the
* manage_own_api_key
privilege, an invalidation request must be
* issued in one of the three formats:
*
* - Set the parameter
owner=true
.
* - Or, set both
username
and realm_name
to match
* the user's identity.
* - Or, if the request is issued by an API key, that is to say an API key
* invalidates itself, specify its ID in the
ids
field.
*
*
* @see Documentation
* on elastic.co
*/
public InvalidateApiKeyResponse invalidateApiKey() throws IOException, ElasticsearchException {
return this.transport.performRequest(new InvalidateApiKeyRequest.Builder().build(),
InvalidateApiKeyRequest._ENDPOINT, this.transportOptions);
}
// ----- Endpoint: security.invalidate_token
/**
* Invalidate a token.
*
* The access tokens returned by the get token API have a finite period of time
* for which they are valid. After that time period, they can no longer be used.
* The time period is defined by the
* xpack.security.authc.token.timeout
setting.
*
* The refresh tokens returned by the get token API are only valid for 24 hours.
* They can also be used exactly once. If you want to invalidate one or more
* access or refresh tokens immediately, use this invalidate token API.
*
* NOTE: While all parameters are optional, at least one of them is required.
* More specifically, either one of token
or
* refresh_token
parameters is required. If none of these two are
* specified, then realm_name
and/or username
need to
* be specified.
*
* @see Documentation
* on elastic.co
*/
public InvalidateTokenResponse invalidateToken(InvalidateTokenRequest request)
throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) InvalidateTokenRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Invalidate a token.
*
* The access tokens returned by the get token API have a finite period of time
* for which they are valid. After that time period, they can no longer be used.
* The time period is defined by the
* xpack.security.authc.token.timeout
setting.
*
* The refresh tokens returned by the get token API are only valid for 24 hours.
* They can also be used exactly once. If you want to invalidate one or more
* access or refresh tokens immediately, use this invalidate token API.
*
* NOTE: While all parameters are optional, at least one of them is required.
* More specifically, either one of token
or
* refresh_token
parameters is required. If none of these two are
* specified, then realm_name
and/or username
need to
* be specified.
*
* @param fn
* a function that initializes a builder to create the
* {@link InvalidateTokenRequest}
* @see Documentation
* on elastic.co
*/
public final InvalidateTokenResponse invalidateToken(
Function> fn)
throws IOException, ElasticsearchException {
return invalidateToken(fn.apply(new InvalidateTokenRequest.Builder()).build());
}
/**
* Invalidate a token.
*
* The access tokens returned by the get token API have a finite period of time
* for which they are valid. After that time period, they can no longer be used.
* The time period is defined by the
* xpack.security.authc.token.timeout
setting.
*
* The refresh tokens returned by the get token API are only valid for 24 hours.
* They can also be used exactly once. If you want to invalidate one or more
* access or refresh tokens immediately, use this invalidate token API.
*
* NOTE: While all parameters are optional, at least one of them is required.
* More specifically, either one of token
or
* refresh_token
parameters is required. If none of these two are
* specified, then realm_name
and/or username
need to
* be specified.
*
* @see Documentation
* on elastic.co
*/
public InvalidateTokenResponse invalidateToken() throws IOException, ElasticsearchException {
return this.transport.performRequest(new InvalidateTokenRequest.Builder().build(),
InvalidateTokenRequest._ENDPOINT, this.transportOptions);
}
// ----- Endpoint: security.oidc_authenticate
/**
* Authenticate OpenID Connect.
*
* Exchange an OpenID Connect authentication response message for an
* Elasticsearch internal access token and refresh token that can be
* subsequently used for authentication.
*
* Elasticsearch exposes all the necessary OpenID Connect related functionality
* with the OpenID Connect APIs. These APIs are used internally by Kibana in
* order to provide OpenID Connect based authentication, but can also be used by
* other, custom web applications or other clients.
*
* @see Documentation
* on elastic.co
*/
public OidcAuthenticateResponse oidcAuthenticate(OidcAuthenticateRequest request)
throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) OidcAuthenticateRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Authenticate OpenID Connect.
*
* Exchange an OpenID Connect authentication response message for an
* Elasticsearch internal access token and refresh token that can be
* subsequently used for authentication.
*
* Elasticsearch exposes all the necessary OpenID Connect related functionality
* with the OpenID Connect APIs. These APIs are used internally by Kibana in
* order to provide OpenID Connect based authentication, but can also be used by
* other, custom web applications or other clients.
*
* @param fn
* a function that initializes a builder to create the
* {@link OidcAuthenticateRequest}
* @see Documentation
* on elastic.co
*/
public final OidcAuthenticateResponse oidcAuthenticate(
Function> fn)
throws IOException, ElasticsearchException {
return oidcAuthenticate(fn.apply(new OidcAuthenticateRequest.Builder()).build());
}
// ----- Endpoint: security.oidc_logout
/**
* Logout of OpenID Connect.
*
* Invalidate an access token and a refresh token that were generated as a
* response to the /_security/oidc/authenticate
API.
*
* If the OpenID Connect authentication realm in Elasticsearch is accordingly
* configured, the response to this call will contain a URI pointing to the end
* session endpoint of the OpenID Connect Provider in order to perform single
* logout.
*
* Elasticsearch exposes all the necessary OpenID Connect related functionality
* with the OpenID Connect APIs. These APIs are used internally by Kibana in
* order to provide OpenID Connect based authentication, but can also be used by
* other, custom web applications or other clients.
*
* @see Documentation
* on elastic.co
*/
public OidcLogoutResponse oidcLogout(OidcLogoutRequest request) throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) OidcLogoutRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Logout of OpenID Connect.
*
* Invalidate an access token and a refresh token that were generated as a
* response to the /_security/oidc/authenticate
API.
*
* If the OpenID Connect authentication realm in Elasticsearch is accordingly
* configured, the response to this call will contain a URI pointing to the end
* session endpoint of the OpenID Connect Provider in order to perform single
* logout.
*
* Elasticsearch exposes all the necessary OpenID Connect related functionality
* with the OpenID Connect APIs. These APIs are used internally by Kibana in
* order to provide OpenID Connect based authentication, but can also be used by
* other, custom web applications or other clients.
*
* @param fn
* a function that initializes a builder to create the
* {@link OidcLogoutRequest}
* @see Documentation
* on elastic.co
*/
public final OidcLogoutResponse oidcLogout(Function> fn)
throws IOException, ElasticsearchException {
return oidcLogout(fn.apply(new OidcLogoutRequest.Builder()).build());
}
// ----- Endpoint: security.oidc_prepare_authentication
/**
* Prepare OpenID connect authentication.
*
* Create an oAuth 2.0 authentication request as a URL string based on the
* configuration of the OpenID Connect authentication realm in Elasticsearch.
*
* The response of this API is a URL pointing to the Authorization Endpoint of
* the configured OpenID Connect Provider, which can be used to redirect the
* browser of the user in order to continue the authentication process.
*
* Elasticsearch exposes all the necessary OpenID Connect related functionality
* with the OpenID Connect APIs. These APIs are used internally by Kibana in
* order to provide OpenID Connect based authentication, but can also be used by
* other, custom web applications or other clients.
*
* @see Documentation
* on elastic.co
*/
public OidcPrepareAuthenticationResponse oidcPrepareAuthentication(OidcPrepareAuthenticationRequest request)
throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) OidcPrepareAuthenticationRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Prepare OpenID connect authentication.
*
* Create an oAuth 2.0 authentication request as a URL string based on the
* configuration of the OpenID Connect authentication realm in Elasticsearch.
*
* The response of this API is a URL pointing to the Authorization Endpoint of
* the configured OpenID Connect Provider, which can be used to redirect the
* browser of the user in order to continue the authentication process.
*
* Elasticsearch exposes all the necessary OpenID Connect related functionality
* with the OpenID Connect APIs. These APIs are used internally by Kibana in
* order to provide OpenID Connect based authentication, but can also be used by
* other, custom web applications or other clients.
*
* @param fn
* a function that initializes a builder to create the
* {@link OidcPrepareAuthenticationRequest}
* @see Documentation
* on elastic.co
*/
public final OidcPrepareAuthenticationResponse oidcPrepareAuthentication(
Function> fn)
throws IOException, ElasticsearchException {
return oidcPrepareAuthentication(fn.apply(new OidcPrepareAuthenticationRequest.Builder()).build());
}
/**
* Prepare OpenID connect authentication.
*
* Create an oAuth 2.0 authentication request as a URL string based on the
* configuration of the OpenID Connect authentication realm in Elasticsearch.
*
* The response of this API is a URL pointing to the Authorization Endpoint of
* the configured OpenID Connect Provider, which can be used to redirect the
* browser of the user in order to continue the authentication process.
*
* Elasticsearch exposes all the necessary OpenID Connect related functionality
* with the OpenID Connect APIs. These APIs are used internally by Kibana in
* order to provide OpenID Connect based authentication, but can also be used by
* other, custom web applications or other clients.
*
* @see Documentation
* on elastic.co
*/
public OidcPrepareAuthenticationResponse oidcPrepareAuthentication() throws IOException, ElasticsearchException {
return this.transport.performRequest(new OidcPrepareAuthenticationRequest.Builder().build(),
OidcPrepareAuthenticationRequest._ENDPOINT, this.transportOptions);
}
// ----- Endpoint: security.put_privileges
/**
* Create or update application privileges.
*
* To use this API, you must have one of the following privileges:
*
* - The
manage_security
cluster privilege (or a greater
* privilege such as all
).
* - The "Manage Application Privileges" global privilege for the
* application being referenced in the request.
*
*
* Application names are formed from a prefix, with an optional suffix that
* conform to the following rules:
*
* - The prefix must begin with a lowercase ASCII letter.
* - The prefix must contain only ASCII letters or digits.
* - The prefix must be at least 3 characters long.
* - If the suffix exists, it must begin with either a dash
-
or
* _
.
* - The suffix cannot contain any of the following characters:
*
\
, /
, *
, ?
,
* "
, <
, >
, |
,
* ,
, *
.
* - No part of the name can contain whitespace.
*
*
* Privilege names must begin with a lowercase ASCII letter and must contain
* only ASCII letters and digits along with the characters _
,
* -
, and .
.
*
* Action names can contain any number of printable ASCII characters and must
* contain at least one of the following characters: /
,
* *
, :
.
*
* @see Documentation
* on elastic.co
*/
public PutPrivilegesResponse putPrivileges(PutPrivilegesRequest request)
throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) PutPrivilegesRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Create or update application privileges.
*
* To use this API, you must have one of the following privileges:
*
* - The
manage_security
cluster privilege (or a greater
* privilege such as all
).
* - The "Manage Application Privileges" global privilege for the
* application being referenced in the request.
*
*
* Application names are formed from a prefix, with an optional suffix that
* conform to the following rules:
*
* - The prefix must begin with a lowercase ASCII letter.
* - The prefix must contain only ASCII letters or digits.
* - The prefix must be at least 3 characters long.
* - If the suffix exists, it must begin with either a dash
-
or
* _
.
* - The suffix cannot contain any of the following characters:
*
\
, /
, *
, ?
,
* "
, <
, >
, |
,
* ,
, *
.
* - No part of the name can contain whitespace.
*
*
* Privilege names must begin with a lowercase ASCII letter and must contain
* only ASCII letters and digits along with the characters _
,
* -
, and .
.
*
* Action names can contain any number of printable ASCII characters and must
* contain at least one of the following characters: /
,
* *
, :
.
*
* @param fn
* a function that initializes a builder to create the
* {@link PutPrivilegesRequest}
* @see Documentation
* on elastic.co
*/
public final PutPrivilegesResponse putPrivileges(
Function> fn)
throws IOException, ElasticsearchException {
return putPrivileges(fn.apply(new PutPrivilegesRequest.Builder()).build());
}
/**
* Create or update application privileges.
*
* To use this API, you must have one of the following privileges:
*
* - The
manage_security
cluster privilege (or a greater
* privilege such as all
).
* - The "Manage Application Privileges" global privilege for the
* application being referenced in the request.
*
*
* Application names are formed from a prefix, with an optional suffix that
* conform to the following rules:
*
* - The prefix must begin with a lowercase ASCII letter.
* - The prefix must contain only ASCII letters or digits.
* - The prefix must be at least 3 characters long.
* - If the suffix exists, it must begin with either a dash
-
or
* _
.
* - The suffix cannot contain any of the following characters:
*
\
, /
, *
, ?
,
* "
, <
, >
, |
,
* ,
, *
.
* - No part of the name can contain whitespace.
*
*
* Privilege names must begin with a lowercase ASCII letter and must contain
* only ASCII letters and digits along with the characters _
,
* -
, and .
.
*
* Action names can contain any number of printable ASCII characters and must
* contain at least one of the following characters: /
,
* *
, :
.
*
* @see Documentation
* on elastic.co
*/
public PutPrivilegesResponse putPrivileges() throws IOException, ElasticsearchException {
return this.transport.performRequest(new PutPrivilegesRequest.Builder().build(), PutPrivilegesRequest._ENDPOINT,
this.transportOptions);
}
// ----- Endpoint: security.put_role
/**
* Create or update roles.
*
* The role management APIs are generally the preferred way to manage roles in
* the native realm, rather than using file-based role management. The create or
* update roles API cannot update roles that are defined in roles files.
* File-based role management is not available in Elastic Serverless.
*
* @see Documentation
* on elastic.co
*/
public PutRoleResponse putRole(PutRoleRequest request) throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) PutRoleRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Create or update roles.
*
* The role management APIs are generally the preferred way to manage roles in
* the native realm, rather than using file-based role management. The create or
* update roles API cannot update roles that are defined in roles files.
* File-based role management is not available in Elastic Serverless.
*
* @param fn
* a function that initializes a builder to create the
* {@link PutRoleRequest}
* @see Documentation
* on elastic.co
*/
public final PutRoleResponse putRole(Function> fn)
throws IOException, ElasticsearchException {
return putRole(fn.apply(new PutRoleRequest.Builder()).build());
}
// ----- Endpoint: security.put_role_mapping
/**
* Create or update role mappings.
*
* Role mappings define which roles are assigned to each user. Each mapping has
* rules that identify users and a list of roles that are granted to those
* users. The role mapping APIs are generally the preferred way to manage role
* mappings rather than using role mapping files. The create or update role
* mappings API cannot update role mappings that are defined in role mapping
* files.
*
* NOTE: This API does not create roles. Rather, it maps users to existing
* roles. Roles can be created by using the create or update roles API or roles
* files.
*
* Role templates
*
* The most common use for role mappings is to create a mapping from a known
* value on the user to a fixed role name. For example, all users in the
* cn=admin,dc=example,dc=com
LDAP group should be given the
* superuser role in Elasticsearch. The roles
field is used for
* this purpose.
*
* For more complex needs, it is possible to use Mustache templates to
* dynamically determine the names of the roles that should be granted to the
* user. The role_templates
field is used for this purpose.
*
* NOTE: To use role templates successfully, the relevant scripting feature must
* be enabled. Otherwise, all attempts to create a role mapping with role
* templates fail.
*
* All of the user fields that are available in the role mapping rules are also
* available in the role templates. Thus it is possible to assign a user to a
* role that reflects their username, their groups, or the name of the realm to
* which they authenticated.
*
* By default a template is evaluated to produce a single string that is the
* name of the role which should be assigned to the user. If the format of the
* template is set to "json" then the template is expected to produce
* a JSON string or an array of JSON strings for the role names.
*
* @see Documentation
* on elastic.co
*/
public PutRoleMappingResponse putRoleMapping(PutRoleMappingRequest request)
throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) PutRoleMappingRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Create or update role mappings.
*
* Role mappings define which roles are assigned to each user. Each mapping has
* rules that identify users and a list of roles that are granted to those
* users. The role mapping APIs are generally the preferred way to manage role
* mappings rather than using role mapping files. The create or update role
* mappings API cannot update role mappings that are defined in role mapping
* files.
*
* NOTE: This API does not create roles. Rather, it maps users to existing
* roles. Roles can be created by using the create or update roles API or roles
* files.
*
* Role templates
*
* The most common use for role mappings is to create a mapping from a known
* value on the user to a fixed role name. For example, all users in the
* cn=admin,dc=example,dc=com
LDAP group should be given the
* superuser role in Elasticsearch. The roles
field is used for
* this purpose.
*
* For more complex needs, it is possible to use Mustache templates to
* dynamically determine the names of the roles that should be granted to the
* user. The role_templates
field is used for this purpose.
*
* NOTE: To use role templates successfully, the relevant scripting feature must
* be enabled. Otherwise, all attempts to create a role mapping with role
* templates fail.
*
* All of the user fields that are available in the role mapping rules are also
* available in the role templates. Thus it is possible to assign a user to a
* role that reflects their username, their groups, or the name of the realm to
* which they authenticated.
*
* By default a template is evaluated to produce a single string that is the
* name of the role which should be assigned to the user. If the format of the
* template is set to "json" then the template is expected to produce
* a JSON string or an array of JSON strings for the role names.
*
* @param fn
* a function that initializes a builder to create the
* {@link PutRoleMappingRequest}
* @see Documentation
* on elastic.co
*/
public final PutRoleMappingResponse putRoleMapping(
Function> fn)
throws IOException, ElasticsearchException {
return putRoleMapping(fn.apply(new PutRoleMappingRequest.Builder()).build());
}
// ----- Endpoint: security.put_user
/**
* Create or update users.
*
* Add and update users in the native realm. A password is required for adding a
* new user but is optional when updating an existing user. To change a user's
* password without updating any other fields, use the change password API.
*
* @see Documentation
* on elastic.co
*/
public PutUserResponse putUser(PutUserRequest request) throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) PutUserRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Create or update users.
*
* Add and update users in the native realm. A password is required for adding a
* new user but is optional when updating an existing user. To change a user's
* password without updating any other fields, use the change password API.
*
* @param fn
* a function that initializes a builder to create the
* {@link PutUserRequest}
* @see Documentation
* on elastic.co
*/
public final PutUserResponse putUser(Function> fn)
throws IOException, ElasticsearchException {
return putUser(fn.apply(new PutUserRequest.Builder()).build());
}
// ----- Endpoint: security.query_api_keys
/**
* Find API keys with a query.
*
* Get a paginated list of API keys and their information. You can optionally
* filter the results with a query.
*
* To use this API, you must have at least the manage_own_api_key
* or the read_security
cluster privileges. If you have only the
* manage_own_api_key
privilege, this API returns only the API keys
* that you own. If you have the read_security
,
* manage_api_key
, or greater privileges (including
* manage_security
), this API returns all API keys regardless of
* ownership.
*
* @see Documentation
* on elastic.co
*/
public QueryApiKeysResponse queryApiKeys(QueryApiKeysRequest request) throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) QueryApiKeysRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Find API keys with a query.
*
* Get a paginated list of API keys and their information. You can optionally
* filter the results with a query.
*
* To use this API, you must have at least the manage_own_api_key
* or the read_security
cluster privileges. If you have only the
* manage_own_api_key
privilege, this API returns only the API keys
* that you own. If you have the read_security
,
* manage_api_key
, or greater privileges (including
* manage_security
), this API returns all API keys regardless of
* ownership.
*
* @param fn
* a function that initializes a builder to create the
* {@link QueryApiKeysRequest}
* @see Documentation
* on elastic.co
*/
public final QueryApiKeysResponse queryApiKeys(
Function> fn)
throws IOException, ElasticsearchException {
return queryApiKeys(fn.apply(new QueryApiKeysRequest.Builder()).build());
}
/**
* Find API keys with a query.
*
* Get a paginated list of API keys and their information. You can optionally
* filter the results with a query.
*
* To use this API, you must have at least the manage_own_api_key
* or the read_security
cluster privileges. If you have only the
* manage_own_api_key
privilege, this API returns only the API keys
* that you own. If you have the read_security
,
* manage_api_key
, or greater privileges (including
* manage_security
), this API returns all API keys regardless of
* ownership.
*
* @see Documentation
* on elastic.co
*/
public QueryApiKeysResponse queryApiKeys() throws IOException, ElasticsearchException {
return this.transport.performRequest(new QueryApiKeysRequest.Builder().build(), QueryApiKeysRequest._ENDPOINT,
this.transportOptions);
}
// ----- Endpoint: security.query_role
/**
* Find roles with a query.
*
* Get roles in a paginated manner. The role management APIs are generally the
* preferred way to manage roles, rather than using file-based role management.
* The query roles API does not retrieve roles that are defined in roles files,
* nor built-in ones. You can optionally filter the results with a query. Also,
* the results can be paginated and sorted.
*
* @see Documentation
* on elastic.co
*/
public QueryRoleResponse queryRole(QueryRoleRequest request) throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) QueryRoleRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Find roles with a query.
*
* Get roles in a paginated manner. The role management APIs are generally the
* preferred way to manage roles, rather than using file-based role management.
* The query roles API does not retrieve roles that are defined in roles files,
* nor built-in ones. You can optionally filter the results with a query. Also,
* the results can be paginated and sorted.
*
* @param fn
* a function that initializes a builder to create the
* {@link QueryRoleRequest}
* @see Documentation
* on elastic.co
*/
public final QueryRoleResponse queryRole(Function> fn)
throws IOException, ElasticsearchException {
return queryRole(fn.apply(new QueryRoleRequest.Builder()).build());
}
/**
* Find roles with a query.
*
* Get roles in a paginated manner. The role management APIs are generally the
* preferred way to manage roles, rather than using file-based role management.
* The query roles API does not retrieve roles that are defined in roles files,
* nor built-in ones. You can optionally filter the results with a query. Also,
* the results can be paginated and sorted.
*
* @see Documentation
* on elastic.co
*/
public QueryRoleResponse queryRole() throws IOException, ElasticsearchException {
return this.transport.performRequest(new QueryRoleRequest.Builder().build(), QueryRoleRequest._ENDPOINT,
this.transportOptions);
}
// ----- Endpoint: security.query_user
/**
* Find users with a query.
*
* Get information for users in a paginated manner. You can optionally filter
* the results with a query.
*
* NOTE: As opposed to the get user API, built-in users are excluded from the
* result. This API is only for native users.
*
* @see Documentation
* on elastic.co
*/
public QueryUserResponse queryUser(QueryUserRequest request) throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) QueryUserRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Find users with a query.
*
* Get information for users in a paginated manner. You can optionally filter
* the results with a query.
*
* NOTE: As opposed to the get user API, built-in users are excluded from the
* result. This API is only for native users.
*
* @param fn
* a function that initializes a builder to create the
* {@link QueryUserRequest}
* @see Documentation
* on elastic.co
*/
public final QueryUserResponse queryUser(Function> fn)
throws IOException, ElasticsearchException {
return queryUser(fn.apply(new QueryUserRequest.Builder()).build());
}
/**
* Find users with a query.
*
* Get information for users in a paginated manner. You can optionally filter
* the results with a query.
*
* NOTE: As opposed to the get user API, built-in users are excluded from the
* result. This API is only for native users.
*
* @see Documentation
* on elastic.co
*/
public QueryUserResponse queryUser() throws IOException, ElasticsearchException {
return this.transport.performRequest(new QueryUserRequest.Builder().build(), QueryUserRequest._ENDPOINT,
this.transportOptions);
}
// ----- Endpoint: security.saml_authenticate
/**
* Authenticate SAML.
*
* Submit a SAML response message to Elasticsearch for consumption.
*
* NOTE: This API is intended for use by custom web applications other than
* Kibana. If you are using Kibana, refer to the documentation for configuring
* SAML single-sign-on on the Elastic Stack.
*
* The SAML message that is submitted can be:
*
* - A response to a SAML authentication request that was previously created
* using the SAML prepare authentication API.
* - An unsolicited SAML message in the case of an IdP-initiated single
* sign-on (SSO) flow.
*
*
* In either case, the SAML message needs to be a base64 encoded XML document
* with a root element of <Response>
.
*
* After successful validation, Elasticsearch responds with an Elasticsearch
* internal access token and refresh token that can be subsequently used for
* authentication. This API endpoint essentially exchanges SAML responses that
* indicate successful authentication in the IdP for Elasticsearch access and
* refresh tokens, which can be used for authentication against Elasticsearch.
*
* @see Documentation
* on elastic.co
*/
public SamlAuthenticateResponse samlAuthenticate(SamlAuthenticateRequest request)
throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint) SamlAuthenticateRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Authenticate SAML.
*
* Submit a SAML response message to Elasticsearch for consumption.
*
* NOTE: This API is intended for use by custom web applications other than
* Kibana. If you are using Kibana, refer to the documentation for configuring
* SAML single-sign-on on the Elastic Stack.
*
* The SAML message that is submitted can be:
*
* - A response to a SAML authentication request that was previously created
* using the SAML prepare authentication API.
* - An unsolicited SAML message in the case of an IdP-initiated single
* sign-on (SSO) flow.
*
*
* In either case, the SAML message needs to be a base64 encoded XML document
* with a root element of <Response>
.
*
* After successful validation, Elasticsearch responds with an Elasticsearch
* internal access token and refresh token that can be subsequently used for
* authentication. This API endpoint essentially exchanges SAML responses that
* indicate successful authentication in the IdP for Elasticsearch access and
* refresh tokens, which can be used for authentication against Elasticsearch.
*
* @param fn
* a function that initializes a builder to create the
* {@link SamlAuthenticateRequest}
* @see Documentation
* on elastic.co
*/
public final SamlAuthenticateResponse samlAuthenticate(
Function> fn)
throws IOException, ElasticsearchException {
return samlAuthenticate(fn.apply(new SamlAuthenticateRequest.Builder()).build());
}
// ----- Endpoint: security.saml_complete_logout
/**
* Logout of SAML completely.
*
* Verifies the logout response sent from the SAML IdP.
*
* NOTE: This API is intended for use by custom web applications other than
* Kibana. If you are using Kibana, refer to the documentation for configuring
* SAML single-sign-on on the Elastic Stack.
*
* The SAML IdP may send a logout response back to the SP after handling the
* SP-initiated SAML Single Logout. This API verifies the response by ensuring
* the content is relevant and validating its signature. An empty response is
* returned if the verification process is successful. The response can be sent
* by the IdP with either the HTTP-Redirect or the HTTP-Post binding. The caller
* of this API must prepare the request accordingly so that this API can handle
* either of them.
*
* @see Documentation
* on elastic.co
*/
public BooleanResponse samlCompleteLogout(SamlCompleteLogoutRequest request)
throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
Endpoint endpoint = (Endpoint) SamlCompleteLogoutRequest._ENDPOINT;
return this.transport.performRequest(request, endpoint, this.transportOptions);
}
/**
* Logout of SAML completely.
*
* Verifies the logout response sent from the SAML IdP.
*
* NOTE: This API is intended for use by custom web applications other than
* Kibana. If you are using Kibana, refer to the documentation for configuring
* SAML single-sign-on on the Elastic Stack.
*
* The SAML IdP may send a logout response back to the SP after handling the
* SP-initiated SAML Single Logout. This API verifies the response by ensuring
* the content is relevant and validating its signature. An empty response is
* returned if the verification process is successful. The response can be sent
* by the IdP with either the HTTP-Redirect or the HTTP-Post binding. The caller
* of this API must prepare the request accordingly so that this API can handle
* either of them.
*
* @param fn
* a function that initializes a builder to create the
* {@link SamlCompleteLogoutRequest}
* @see Documentation
* on elastic.co
*/
public final BooleanResponse samlCompleteLogout(
Function> fn)
throws IOException, ElasticsearchException {
return samlCompleteLogout(fn.apply(new SamlCompleteLogoutRequest.Builder()).build());
}
// ----- Endpoint: security.saml_invalidate
/**
* Invalidate SAML.
*
* Submit a SAML LogoutRequest message to Elasticsearch for consumption.
*
* NOTE: This API is intended for use by custom web applications other than
* Kibana. If you are using Kibana, refer to the documentation for configuring
* SAML single-sign-on on the Elastic Stack.
*
* The logout request comes from the SAML IdP during an IdP initiated Single
* Logout. The custom web application can use this API to have Elasticsearch
* process the LogoutRequest
. After successful validation of the
* request, Elasticsearch invalidates the access token and refresh token that
* corresponds to that specific SAML principal and provides a URL that contains
* a SAML LogoutResponse message. Thus the user can be redirected back to their
* IdP.
*
* @see Documentation
* on elastic.co
*/
public SamlInvalidateResponse samlInvalidate(SamlInvalidateRequest request)
throws IOException, ElasticsearchException {
@SuppressWarnings("unchecked")
JsonEndpoint endpoint = (JsonEndpoint