PNG  IHDRX cHRMz&u0`:pQ<bKGD pHYsodtIME MeqIDATxw]Wug^Qd˶ 6`!N:!@xI~)%7%@Bh&`lnjVF29gΨ4E$|>cɚ{gk= %,a KX%,a KX%,a KX%,a KX%,a KX%,a KX%, b` ǟzeאfp]<!SJmɤY޲ڿ,%c ~ع9VH.!Ͳz&QynֺTkRR.BLHi٪:l;@(!MԴ=žI,:o&N'Kù\vRmJ雵֫AWic H@" !: Cé||]k-Ha oݜ:y F())u]aG7*JV@J415p=sZH!=!DRʯvɱh~V\}v/GKY$n]"X"}t@ xS76^[bw4dsce)2dU0 CkMa-U5tvLƀ~mlMwfGE/-]7XAƟ`׮g ewxwC4\[~7@O-Q( a*XGƒ{ ՟}$_y3tĐƤatgvێi|K=uVyrŲlLӪuܿzwk$m87k( `múcE)"@rK( z4$D; 2kW=Xb$V[Ru819קR~qloѱDyįݎ*mxw]y5e4K@ЃI0A D@"BDk_)N\8͜9dz"fK0zɿvM /.:2O{ Nb=M=7>??Zuo32 DLD@D| &+֎C #B8ַ`bOb $D#ͮҪtx]%`ES`Ru[=¾!@Od37LJ0!OIR4m]GZRJu$‡c=%~s@6SKy?CeIh:[vR@Lh | (BhAMy=݃  G"'wzn޺~8ԽSh ~T*A:xR[ܹ?X[uKL_=fDȊ؂p0}7=D$Ekq!/t.*2ʼnDbŞ}DijYaȲ(""6HA;:LzxQ‘(SQQ}*PL*fc\s `/d'QXW, e`#kPGZuŞuO{{wm[&NBTiiI0bukcA9<4@SӊH*؎4U/'2U5.(9JuDfrޱtycU%j(:RUbArLֺN)udA':uGQN"-"Is.*+k@ `Ojs@yU/ H:l;@yyTn}_yw!VkRJ4P)~y#)r,D =ě"Q]ci'%HI4ZL0"MJy 8A{ aN<8D"1#IJi >XjX֔#@>-{vN!8tRݻ^)N_╗FJEk]CT՟ YP:_|H1@ CBk]yKYp|og?*dGvzنzӴzjֺNkC~AbZƷ`.H)=!QͷVTT(| u78y֮}|[8-Vjp%2JPk[}ԉaH8Wpqhwr:vWª<}l77_~{s۴V+RCģ%WRZ\AqHifɤL36: #F:p]Bq/z{0CU6ݳEv_^k7'>sq*+kH%a`0ԣisqにtү04gVgW΂iJiS'3w.w}l6MC2uԯ|>JF5`fV5m`Y**Db1FKNttu]4ccsQNnex/87+}xaUW9y>ͯ骵G{䩓Գ3+vU}~jJ.NFRD7<aJDB1#ҳgSb,+CS?/ VG J?|?,2#M9}B)MiE+G`-wo߫V`fio(}S^4e~V4bHOYb"b#E)dda:'?}׮4繏`{7Z"uny-?ǹ;0MKx{:_pÚmFמ:F " .LFQLG)Q8qN q¯¯3wOvxDb\. BKD9_NN &L:4D{mm o^tֽ:q!ƥ}K+<"m78N< ywsard5+Š²z~mnG)=}lYݧNj'QJS{S :UYS-952?&O-:W}(!6Mk4+>A>j+i|<<|;ر^߉=HE|V#F)Emm#}/"y GII웻Jі94+v뾧xu~5C95~ūH>c@덉pʃ1/4-A2G%7>m;–Y,cyyaln" ?ƻ!ʪ<{~h~i y.zZB̃/,雋SiC/JFMmBH&&FAbϓO^tubbb_hZ{_QZ-sύodFgO(6]TJA˯#`۶ɟ( %$&+V'~hiYy>922 Wp74Zkq+Ovn錄c>8~GqܲcWꂎz@"1A.}T)uiW4="jJ2W7mU/N0gcqܗOO}?9/wìXžΏ0 >֩(V^Rh32!Hj5`;O28؇2#ݕf3 ?sJd8NJ@7O0 b־?lldщ̡&|9C.8RTWwxWy46ah嘦mh٤&l zCy!PY?: CJyв]dm4ǜҐR޻RլhX{FƯanшQI@x' ao(kUUuxW_Ñ줮[w8 FRJ(8˼)_mQ _!RJhm=!cVmm ?sFOnll6Qk}alY}; "baӌ~M0w,Ggw2W:G/k2%R,_=u`WU R.9T"v,<\Ik޽/2110Ӿxc0gyC&Ny޽JҢrV6N ``یeA16"J³+Rj*;BϜkZPJaÍ<Jyw:NP8/D$ 011z֊Ⱳ3ι֘k1V_"h!JPIΣ'ɜ* aEAd:ݺ>y<}Lp&PlRfTb1]o .2EW\ͮ]38؋rTJsǏP@芎sF\> P^+dYJLbJ C-xϐn> ι$nj,;Ǖa FU *择|h ~izť3ᤓ`K'-f tL7JK+vf2)V'-sFuB4i+m+@My=O҈0"|Yxoj,3]:cо3 $#uŘ%Y"y죯LebqtҢVzq¼X)~>4L׶m~[1_k?kxֺQ`\ |ٛY4Ѯr!)N9{56(iNq}O()Em]=F&u?$HypWUeB\k]JɩSع9 Zqg4ZĊo oMcjZBU]B\TUd34ݝ~:7ڶSUsB0Z3srx 7`:5xcx !qZA!;%͚7&P H<WL!džOb5kF)xor^aujƍ7 Ǡ8/p^(L>ὴ-B,{ۇWzֺ^k]3\EE@7>lYBȝR.oHnXO/}sB|.i@ɥDB4tcm,@ӣgdtJ!lH$_vN166L__'Z)y&kH;:,Y7=J 9cG) V\hjiE;gya~%ks_nC~Er er)muuMg2;֫R)Md) ,¶ 2-wr#F7<-BBn~_(o=KO㭇[Xv eN_SMgSҐ BS헃D%g_N:/pe -wkG*9yYSZS.9cREL !k}<4_Xs#FmҶ:7R$i,fi!~' # !6/S6y@kZkZcX)%5V4P]VGYq%H1!;e1MV<!ϐHO021Dp= HMs~~a)ަu7G^];git!Frl]H/L$=AeUvZE4P\.,xi {-~p?2b#amXAHq)MWǾI_r`S Hz&|{ +ʖ_= (YS(_g0a03M`I&'9vl?MM+m~}*xT۲(fY*V4x@29s{DaY"toGNTO+xCAO~4Ϳ;p`Ѫ:>Ҵ7K 3}+0 387x\)a"/E>qpWB=1 ¨"MP(\xp߫́A3+J] n[ʼnӼaTbZUWb={~2ooKױӰp(CS\S筐R*JغV&&"FA}J>G֐p1ٸbk7 ŘH$JoN <8s^yk_[;gy-;߉DV{c B yce% aJhDȶ 2IdйIB/^n0tNtџdcKj4϶v~- CBcgqx9= PJ) dMsjpYB] GD4RDWX +h{y`,3ꊕ$`zj*N^TP4L:Iz9~6s) Ga:?y*J~?OrMwP\](21sZUD ?ܟQ5Q%ggW6QdO+\@ ̪X'GxN @'4=ˋ+*VwN ne_|(/BDfj5(Dq<*tNt1х!MV.C0 32b#?n0pzj#!38}޴o1KovCJ`8ŗ_"]] rDUy޲@ Ȗ-;xџ'^Y`zEd?0„ DAL18IS]VGq\4o !swV7ˣι%4FѮ~}6)OgS[~Q vcYbL!wG3 7띸*E Pql8=jT\꘿I(z<[6OrR8ºC~ډ]=rNl[g|v TMTղb-o}OrP^Q]<98S¤!k)G(Vkwyqyr޽Nv`N/e p/~NAOk \I:G6]4+K;j$R:Mi #*[AȚT,ʰ,;N{HZTGMoּy) ]%dHء9Պ䠬|<45,\=[bƟ8QXeB3- &dҩ^{>/86bXmZ]]yޚN[(WAHL$YAgDKp=5GHjU&99v簪C0vygln*P)9^͞}lMuiH!̍#DoRBn9l@ xA/_v=ȺT{7Yt2N"4!YN`ae >Q<XMydEB`VU}u]嫇.%e^ánE87Mu\t`cP=AD/G)sI"@MP;)]%fH9'FNsj1pVhY&9=0pfuJ&gޤx+k:!r˭wkl03׼Ku C &ѓYt{.O.zҏ z}/tf_wEp2gvX)GN#I ݭ߽v/ .& и(ZF{e"=V!{zW`, ]+LGz"(UJp|j( #V4, 8B 0 9OkRrlɱl94)'VH9=9W|>PS['G(*I1==C<5"Pg+x'K5EMd؞Af8lG ?D FtoB[je?{k3zQ vZ;%Ɠ,]E>KZ+T/ EJxOZ1i #T<@ I}q9/t'zi(EMqw`mYkU6;[t4DPeckeM;H}_g pMww}k6#H㶏+b8雡Sxp)&C $@'b,fPߑt$RbJ'vznuS ~8='72_`{q纶|Q)Xk}cPz9p7O:'|G~8wx(a 0QCko|0ASD>Ip=4Q, d|F8RcU"/KM opKle M3#i0c%<7׿p&pZq[TR"BpqauIp$ 8~Ĩ!8Սx\ւdT>>Z40ks7 z2IQ}ItԀ<-%S⍤};zIb$I 5K}Q͙D8UguWE$Jh )cu4N tZl+[]M4k8֦Zeq֮M7uIqG 1==tLtR,ƜSrHYt&QP윯Lg' I,3@P'}'R˪e/%-Auv·ñ\> vDJzlӾNv5:|K/Jb6KI9)Zh*ZAi`?S {aiVDԲuy5W7pWeQJk֤#5&V<̺@/GH?^τZL|IJNvI:'P=Ϛt"¨=cud S Q.Ki0 !cJy;LJR;G{BJy޺[^8fK6)=yʊ+(k|&xQ2`L?Ȓ2@Mf 0C`6-%pKpm')c$׻K5[J*U[/#hH!6acB JA _|uMvDyk y)6OPYjœ50VT K}cǻP[ $:]4MEA.y)|B)cf-A?(e|lɉ#P9V)[9t.EiQPDѠ3ϴ;E:+Օ t ȥ~|_N2,ZJLt4! %ա]u {+=p.GhNcŞQI?Nd'yeh n7zi1DB)1S | S#ًZs2|Ɛy$F SxeX{7Vl.Src3E℃Q>b6G ўYCmtկ~=K0f(=LrAS GN'ɹ9<\!a`)֕y[uՍ[09` 9 +57ts6}b4{oqd+J5fa/,97J#6yν99mRWxJyѡyu_TJc`~W>l^q#Ts#2"nD1%fS)FU w{ܯ R{ ˎ󅃏џDsZSQS;LV;7 Od1&1n$ N /.q3~eNɪ]E#oM~}v֯FڦwyZ=<<>Xo稯lfMFV6p02|*=tV!c~]fa5Y^Q_WN|Vs 0ҘދU97OI'N2'8N֭fgg-}V%y]U4 峧p*91#9U kCac_AFңĪy뚇Y_AiuYyTTYЗ-(!JFLt›17uTozc. S;7A&&<ԋ5y;Ro+:' *eYJkWR[@F %SHWP 72k4 qLd'J "zB6{AC0ƁA6U.'F3:Ȅ(9ΜL;D]m8ڥ9}dU "v!;*13Rg^fJyShyy5auA?ɩGHRjo^]׽S)Fm\toy 4WQS@mE#%5ʈfFYDX ~D5Ϡ9tE9So_aU4?Ѽm%&c{n>.KW1Tlb}:j uGi(JgcYj0qn+>) %\!4{LaJso d||u//P_y7iRJ߬nHOy) l+@$($VFIQ9%EeKʈU. ia&FY̒mZ=)+qqoQn >L!qCiDB;Y<%} OgBxB!ØuG)WG9y(Ą{_yesuZmZZey'Wg#C~1Cev@0D $a@˲(.._GimA:uyw֬%;@!JkQVM_Ow:P.s\)ot- ˹"`B,e CRtaEUP<0'}r3[>?G8xU~Nqu;Wm8\RIkբ^5@k+5(By'L&'gBJ3ݶ!/㮻w҅ yqPWUg<e"Qy*167΃sJ\oz]T*UQ<\FԎ`HaNmڜ6DysCask8wP8y9``GJ9lF\G g's Nn͵MLN֪u$| /|7=]O)6s !ĴAKh]q_ap $HH'\1jB^s\|- W1:=6lJBqjY^LsPk""`]w)󭃈,(HC ?䔨Y$Sʣ{4Z+0NvQkhol6C.婧/u]FwiVjZka&%6\F*Ny#8O,22+|Db~d ~Çwc N:FuuCe&oZ(l;@ee-+Wn`44AMK➝2BRՈt7g*1gph9N) *"TF*R(#'88pm=}X]u[i7bEc|\~EMn}P瘊J)K.0i1M6=7'_\kaZ(Th{K*GJyytw"IO-PWJk)..axӝ47"89Cc7ĐBiZx 7m!fy|ϿF9CbȩV 9V-՛^pV̌ɄS#Bv4-@]Vxt-Z, &ֺ*diؠ2^VXbs֔Ìl.jQ]Y[47gj=幽ex)A0ip׳ W2[ᎇhuE^~q흙L} #-b۸oFJ_QP3r6jr+"nfzRJTUqoaۍ /$d8Mx'ݓ= OՃ| )$2mcM*cЙj}f };n YG w0Ia!1Q.oYfr]DyISaP}"dIӗթO67jqR ҊƐƈaɤGG|h;t]䗖oSv|iZqX)oalv;۩meEJ\!8=$4QU4Xo&VEĊ YS^E#d,yX_> ۘ-e\ "Wa6uLĜZi`aD9.% w~mB(02G[6y.773a7 /=o7D)$Z 66 $bY^\CuP. (x'"J60׿Y:Oi;F{w佩b+\Yi`TDWa~|VH)8q/=9!g߆2Y)?ND)%?Ǐ`k/sn:;O299yB=a[Ng 3˲N}vLNy;*?x?~L&=xyӴ~}q{qE*IQ^^ͧvü{Huu=R|>JyUlZV, B~/YF!Y\u_ݼF{_C)LD]m {H 0ihhadd nUkf3oٺCvE\)QJi+֥@tDJkB$1!Đr0XQ|q?d2) Ӣ_}qv-< FŊ߫%roppVBwü~JidY4:}L6M7f٬F "?71<2#?Jyy4뷢<_a7_=Q E=S1И/9{+93֮E{ǂw{))?maÆm(uLE#lïZ  ~d];+]h j?!|$F}*"4(v'8s<ŏUkm7^7no1w2ؗ}TrͿEk>p'8OB7d7R(A 9.*Mi^ͳ; eeUwS+C)uO@ =Sy]` }l8^ZzRXj[^iUɺ$tj))<sbDJfg=Pk_{xaKo1:-uyG0M ԃ\0Lvuy'ȱc2Ji AdyVgVh!{]/&}}ċJ#%d !+87<;qN޼Nفl|1N:8ya  8}k¾+-$4FiZYÔXk*I&'@iI99)HSh4+2G:tGhS^繿 Kتm0 вDk}֚+QT4;sC}rՅE,8CX-e~>G&'9xpW,%Fh,Ry56Y–hW-(v_,? ; qrBk4-V7HQ;ˇ^Gv1JVV%,ik;D_W!))+BoS4QsTM;gt+ndS-~:11Sgv!0qRVh!"Ȋ(̦Yl.]PQWgٳE'`%W1{ndΗBk|Ž7ʒR~,lnoa&:ü$ 3<a[CBݮwt"o\ePJ=Hz"_c^Z.#ˆ*x z̝grY]tdkP*:97YľXyBkD4N.C_[;F9`8& !AMO c `@BA& Ost\-\NX+Xp < !bj3C&QL+*&kAQ=04}cC!9~820G'PC9xa!w&bo_1 Sw"ܱ V )Yl3+ס2KoXOx]"`^WOy :3GO0g;%Yv㐫(R/r (s } u B &FeYZh0y> =2<Ϟc/ -u= c&׭,.0"g"7 6T!vl#sc>{u/Oh Bᾈ)۴74]x7 gMӒ"d]U)}" v4co[ ɡs 5Gg=XR14?5A}D "b{0$L .\4y{_fe:kVS\\O]c^W52LSBDM! C3Dhr̦RtArx4&agaN3Cf<Ԉp4~ B'"1@.b_/xQ} _߃҉/gٓ2Qkqp0շpZ2fԫYz< 4L.Cyυι1t@鎫Fe sYfsF}^ V}N<_`p)alٶ "(XEAVZ<)2},:Ir*#m_YӼ R%a||EƼIJ,,+f"96r/}0jE/)s)cjW#w'Sʯ5<66lj$a~3Kʛy 2:cZ:Yh))+a߭K::N,Q F'qB]={.]h85C9cr=}*rk?vwV렵ٸW Rs%}rNAkDv|uFLBkWY YkX מ|)1!$#3%y?pF<@<Rr0}: }\J [5FRxY<9"SQdE(Q*Qʻ)q1E0B_O24[U'],lOb ]~WjHޏTQ5Syu wq)xnw8~)c 쫬gٲߠ H% k5dƝk> kEj,0% b"vi2Wس_CuK)K{n|>t{P1򨾜j>'kEkƗBg*H%'_aY6Bn!TL&ɌOb{c`'d^{t\i^[uɐ[}q0lM˕G:‚4kb祔c^:?bpg… +37stH:0}en6x˟%/<]BL&* 5&fK9Mq)/iyqtA%kUe[ڛKN]Ě^,"`/ s[EQQm?|XJ߅92m]G.E΃ח U*Cn.j_)Tѧj̿30ڇ!A0=͜ar I3$C^-9#|pk!)?7.x9 @OO;WƝZBFU keZ75F6Tc6"ZȚs2y/1 ʵ:u4xa`C>6Rb/Yм)^=+~uRd`/|_8xbB0?Ft||Z\##|K 0>>zxv8۴吅q 8ĥ)"6>~\8:qM}#͚'ĉ#p\׶ l#bA?)|g g9|8jP(cr,BwV (WliVxxᡁ@0Okn;ɥh$_ckCgriv}>=wGzβ KkBɛ[˪ !J)h&k2%07δt}!d<9;I&0wV/ v 0<H}L&8ob%Hi|޶o&h1L|u֦y~󛱢8fٲUsւ)0oiFx2}X[zVYr_;N(w]_4B@OanC?gĦx>мgx>ΛToZoOMp>40>V Oy V9iq!4 LN,ˢu{jsz]|"R޻&'ƚ{53ўFu(<٪9:΋]B;)B>1::8;~)Yt|0(pw2N%&X,URBK)3\zz&}ax4;ǟ(tLNg{N|Ǽ\G#C9g$^\}p?556]/RP.90 k,U8/u776s ʪ_01چ|\N 0VV*3H鴃J7iI!wG_^ypl}r*jɤSR 5QN@ iZ#1ٰy;_\3\BQQ x:WJv츟ٯ$"@6 S#qe딇(/P( Dy~TOϻ<4:-+F`0||;Xl-"uw$Цi󼕝mKʩorz"mϺ$F:~E'ҐvD\y?Rr8_He@ e~O,T.(ފR*cY^m|cVR[8 JҡSm!ΆԨb)RHG{?MpqrmN>߶Y)\p,d#xۆWY*,l6]v0h15M˙MS8+EdI='LBJIH7_9{Caз*Lq,dt >+~ّeʏ?xԕ4bBAŚjﵫ!'\Ը$WNvKO}ӽmSşذqsOy?\[,d@'73'j%kOe`1.g2"e =YIzS2|zŐƄa\U,dP;jhhhaxǶ?КZ՚.q SE+XrbOu%\GتX(H,N^~]JyEZQKceTQ]VGYqnah;y$cQahT&QPZ*iZ8UQQM.qo/T\7X"u?Mttl2Xq(IoW{R^ ux*SYJ! 4S.Jy~ BROS[V|žKNɛP(L6V^|cR7i7nZW1Fd@ Ara{詑|(T*dN]Ko?s=@ |_EvF]׍kR)eBJc" MUUbY6`~V޴dJKß&~'d3i WWWWWW

F1l3 Manager

Current Directory: /opt/alt/python311/lib/python3.11/site-packages/elasticsearch/_sync/client
/opt/alt/python311/lib/python3.11/site-packages/elasticsearch/_sync/client/
Viewing File: /opt/alt/python311/lib/python3.11/site-packages/elasticsearch/_sync/client/security.py
# Licensed to Elasticsearch B.V. under one or more contributor # license agreements. See the NOTICE file distributed with # this work for additional information regarding copyright # ownership. Elasticsearch B.V. licenses this file to you under # the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. import typing as t from elastic_transport import ObjectApiResponse from ._base import NamespacedClient from .utils import SKIP_IN_PATH, _quote, _rewrite_parameters class SecurityClient(NamespacedClient): @_rewrite_parameters( body_fields=("grant_type", "access_token", "password", "username"), ) def activate_user_profile( self, *, grant_type: t.Optional[ t.Union["t.Literal['access_token', 'password']", str] ] = None, access_token: t.Optional[str] = None, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, password: t.Optional[str] = None, pretty: t.Optional[bool] = None, username: t.Optional[str] = None, body: t.Optional[t.Dict[str, t.Any]] = None, ) -> ObjectApiResponse[t.Any]: """ Creates or updates the user profile on behalf of another user. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-activate-user-profile.html>`_ :param grant_type: :param access_token: :param password: :param username: """ if grant_type is None and body is None: raise ValueError("Empty value passed for parameter 'grant_type'") __path_parts: t.Dict[str, str] = {} __path = "/_security/profile/_activate" __query: t.Dict[str, t.Any] = {} __body: t.Dict[str, t.Any] = body if body is not None else {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty if not __body: if grant_type is not None: __body["grant_type"] = grant_type if access_token is not None: __body["access_token"] = access_token if password is not None: __body["password"] = password if username is not None: __body["username"] = username __headers = {"accept": "application/json", "content-type": "application/json"} return self.perform_request( # type: ignore[return-value] "POST", __path, params=__query, headers=__headers, body=__body, endpoint_id="security.activate_user_profile", path_parts=__path_parts, ) @_rewrite_parameters() def authenticate( self, *, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, ) -> ObjectApiResponse[t.Any]: """ Enables authentication as a user and retrieve information about the authenticated user. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-authenticate.html>`_ """ __path_parts: t.Dict[str, str] = {} __path = "/_security/_authenticate" __query: t.Dict[str, t.Any] = {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty __headers = {"accept": "application/json"} return self.perform_request( # type: ignore[return-value] "GET", __path, params=__query, headers=__headers, endpoint_id="security.authenticate", path_parts=__path_parts, ) @_rewrite_parameters( body_fields=("password", "password_hash"), ) def change_password( self, *, username: t.Optional[str] = None, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, password: t.Optional[str] = None, password_hash: t.Optional[str] = None, pretty: t.Optional[bool] = None, refresh: t.Optional[ t.Union["t.Literal['false', 'true', 'wait_for']", bool, str] ] = None, body: t.Optional[t.Dict[str, t.Any]] = None, ) -> ObjectApiResponse[t.Any]: """ Changes the passwords of users in the native realm and built-in users. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-change-password.html>`_ :param username: The user whose password you want to change. If you do not specify this parameter, the password is changed for the current user. :param password: The new password value. Passwords must be at least 6 characters long. :param password_hash: A hash of the new password value. This must be produced using the same hashing algorithm as has been configured for password storage. For more details, see the explanation of the `xpack.security.authc.password_hashing.algorithm` setting. :param refresh: If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes. """ __path_parts: t.Dict[str, str] if username not in SKIP_IN_PATH: __path_parts = {"username": _quote(username)} __path = f'/_security/user/{__path_parts["username"]}/_password' else: __path_parts = {} __path = "/_security/user/_password" __query: t.Dict[str, t.Any] = {} __body: t.Dict[str, t.Any] = body if body is not None else {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty if refresh is not None: __query["refresh"] = refresh if not __body: if password is not None: __body["password"] = password if password_hash is not None: __body["password_hash"] = password_hash __headers = {"accept": "application/json", "content-type": "application/json"} return self.perform_request( # type: ignore[return-value] "PUT", __path, params=__query, headers=__headers, body=__body, endpoint_id="security.change_password", path_parts=__path_parts, ) @_rewrite_parameters() def clear_api_key_cache( self, *, ids: t.Union[str, t.Sequence[str]], error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, ) -> ObjectApiResponse[t.Any]: """ Clear a subset or all entries from the API key cache. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-clear-api-key-cache.html>`_ :param ids: Comma-separated list of API key IDs to evict from the API key cache. To evict all API keys, use `*`. Does not support other wildcard patterns. """ if ids in SKIP_IN_PATH: raise ValueError("Empty value passed for parameter 'ids'") __path_parts: t.Dict[str, str] = {"ids": _quote(ids)} __path = f'/_security/api_key/{__path_parts["ids"]}/_clear_cache' __query: t.Dict[str, t.Any] = {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty __headers = {"accept": "application/json"} return self.perform_request( # type: ignore[return-value] "POST", __path, params=__query, headers=__headers, endpoint_id="security.clear_api_key_cache", path_parts=__path_parts, ) @_rewrite_parameters() def clear_cached_privileges( self, *, application: str, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, ) -> ObjectApiResponse[t.Any]: """ Evicts application privileges from the native application privileges cache. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-clear-privilege-cache.html>`_ :param application: A comma-separated list of application names """ if application in SKIP_IN_PATH: raise ValueError("Empty value passed for parameter 'application'") __path_parts: t.Dict[str, str] = {"application": _quote(application)} __path = f'/_security/privilege/{__path_parts["application"]}/_clear_cache' __query: t.Dict[str, t.Any] = {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty __headers = {"accept": "application/json"} return self.perform_request( # type: ignore[return-value] "POST", __path, params=__query, headers=__headers, endpoint_id="security.clear_cached_privileges", path_parts=__path_parts, ) @_rewrite_parameters() def clear_cached_realms( self, *, realms: t.Union[str, t.Sequence[str]], error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, usernames: t.Optional[t.Sequence[str]] = None, ) -> ObjectApiResponse[t.Any]: """ Evicts users from the user cache. Can completely clear the cache or evict specific users. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-clear-cache.html>`_ :param realms: Comma-separated list of realms to clear :param usernames: Comma-separated list of usernames to clear from the cache """ if realms in SKIP_IN_PATH: raise ValueError("Empty value passed for parameter 'realms'") __path_parts: t.Dict[str, str] = {"realms": _quote(realms)} __path = f'/_security/realm/{__path_parts["realms"]}/_clear_cache' __query: t.Dict[str, t.Any] = {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty if usernames is not None: __query["usernames"] = usernames __headers = {"accept": "application/json"} return self.perform_request( # type: ignore[return-value] "POST", __path, params=__query, headers=__headers, endpoint_id="security.clear_cached_realms", path_parts=__path_parts, ) @_rewrite_parameters() def clear_cached_roles( self, *, name: t.Union[str, t.Sequence[str]], error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, ) -> ObjectApiResponse[t.Any]: """ Evicts roles from the native role cache. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-clear-role-cache.html>`_ :param name: Role name """ if name in SKIP_IN_PATH: raise ValueError("Empty value passed for parameter 'name'") __path_parts: t.Dict[str, str] = {"name": _quote(name)} __path = f'/_security/role/{__path_parts["name"]}/_clear_cache' __query: t.Dict[str, t.Any] = {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty __headers = {"accept": "application/json"} return self.perform_request( # type: ignore[return-value] "POST", __path, params=__query, headers=__headers, endpoint_id="security.clear_cached_roles", path_parts=__path_parts, ) @_rewrite_parameters() def clear_cached_service_tokens( self, *, namespace: str, service: str, name: t.Union[str, t.Sequence[str]], error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, ) -> ObjectApiResponse[t.Any]: """ Evicts tokens from the service account token caches. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-clear-service-token-caches.html>`_ :param namespace: An identifier for the namespace :param service: An identifier for the service name :param name: A comma-separated list of service token names """ if namespace in SKIP_IN_PATH: raise ValueError("Empty value passed for parameter 'namespace'") if service in SKIP_IN_PATH: raise ValueError("Empty value passed for parameter 'service'") if name in SKIP_IN_PATH: raise ValueError("Empty value passed for parameter 'name'") __path_parts: t.Dict[str, str] = { "namespace": _quote(namespace), "service": _quote(service), "name": _quote(name), } __path = f'/_security/service/{__path_parts["namespace"]}/{__path_parts["service"]}/credential/token/{__path_parts["name"]}/_clear_cache' __query: t.Dict[str, t.Any] = {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty __headers = {"accept": "application/json"} return self.perform_request( # type: ignore[return-value] "POST", __path, params=__query, headers=__headers, endpoint_id="security.clear_cached_service_tokens", path_parts=__path_parts, ) @_rewrite_parameters( body_fields=("expiration", "metadata", "name", "role_descriptors"), ) def create_api_key( self, *, error_trace: t.Optional[bool] = None, expiration: t.Optional[t.Union["t.Literal[-1]", "t.Literal[0]", str]] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, metadata: t.Optional[t.Mapping[str, t.Any]] = None, name: t.Optional[str] = None, pretty: t.Optional[bool] = None, refresh: t.Optional[ t.Union["t.Literal['false', 'true', 'wait_for']", bool, str] ] = None, role_descriptors: t.Optional[t.Mapping[str, t.Mapping[str, t.Any]]] = None, body: t.Optional[t.Dict[str, t.Any]] = None, ) -> ObjectApiResponse[t.Any]: """ Creates an API key for access without requiring basic authentication. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-api-key.html>`_ :param expiration: Expiration time for the API key. By default, API keys never expire. :param metadata: Arbitrary metadata that you want to associate with the API key. It supports nested data structure. Within the metadata object, keys beginning with `_` are reserved for system usage. :param name: Specifies the name for this API key. :param refresh: If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes. :param role_descriptors: An array of role descriptors for this API key. This parameter is optional. When it is not specified or is an empty array, then the API key will have a point in time snapshot of permissions of the authenticated user. If you supply role descriptors then the resultant permissions would be an intersection of API keys permissions and authenticated user’s permissions thereby limiting the access scope for API keys. The structure of role descriptor is the same as the request for create role API. For more details, see create or update roles API. """ __path_parts: t.Dict[str, str] = {} __path = "/_security/api_key" __query: t.Dict[str, t.Any] = {} __body: t.Dict[str, t.Any] = body if body is not None else {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty if refresh is not None: __query["refresh"] = refresh if not __body: if expiration is not None: __body["expiration"] = expiration if metadata is not None: __body["metadata"] = metadata if name is not None: __body["name"] = name if role_descriptors is not None: __body["role_descriptors"] = role_descriptors __headers = {"accept": "application/json", "content-type": "application/json"} return self.perform_request( # type: ignore[return-value] "PUT", __path, params=__query, headers=__headers, body=__body, endpoint_id="security.create_api_key", path_parts=__path_parts, ) @_rewrite_parameters() def create_service_token( self, *, namespace: str, service: str, name: t.Optional[str] = None, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, refresh: t.Optional[ t.Union["t.Literal['false', 'true', 'wait_for']", bool, str] ] = None, ) -> ObjectApiResponse[t.Any]: """ Creates a service account token for access without requiring basic authentication. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-create-service-token.html>`_ :param namespace: An identifier for the namespace :param service: An identifier for the service name :param name: An identifier for the token name :param refresh: If `true` then refresh the affected shards to make this operation visible to search, if `wait_for` (the default) then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes. """ if namespace in SKIP_IN_PATH: raise ValueError("Empty value passed for parameter 'namespace'") if service in SKIP_IN_PATH: raise ValueError("Empty value passed for parameter 'service'") __path_parts: t.Dict[str, str] if ( namespace not in SKIP_IN_PATH and service not in SKIP_IN_PATH and name not in SKIP_IN_PATH ): __path_parts = { "namespace": _quote(namespace), "service": _quote(service), "name": _quote(name), } __path = f'/_security/service/{__path_parts["namespace"]}/{__path_parts["service"]}/credential/token/{__path_parts["name"]}' __method = "PUT" elif namespace not in SKIP_IN_PATH and service not in SKIP_IN_PATH: __path_parts = {"namespace": _quote(namespace), "service": _quote(service)} __path = f'/_security/service/{__path_parts["namespace"]}/{__path_parts["service"]}/credential/token' __method = "POST" else: raise ValueError("Couldn't find a path for the given parameters") __query: t.Dict[str, t.Any] = {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty if refresh is not None: __query["refresh"] = refresh __headers = {"accept": "application/json"} return self.perform_request( # type: ignore[return-value] __method, __path, params=__query, headers=__headers, endpoint_id="security.create_service_token", path_parts=__path_parts, ) @_rewrite_parameters() def delete_privileges( self, *, application: str, name: t.Union[str, t.Sequence[str]], error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, refresh: t.Optional[ t.Union["t.Literal['false', 'true', 'wait_for']", bool, str] ] = None, ) -> ObjectApiResponse[t.Any]: """ Removes application privileges. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-delete-privilege.html>`_ :param application: Application name :param name: Privilege name :param refresh: If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes. """ if application in SKIP_IN_PATH: raise ValueError("Empty value passed for parameter 'application'") if name in SKIP_IN_PATH: raise ValueError("Empty value passed for parameter 'name'") __path_parts: t.Dict[str, str] = { "application": _quote(application), "name": _quote(name), } __path = ( f'/_security/privilege/{__path_parts["application"]}/{__path_parts["name"]}' ) __query: t.Dict[str, t.Any] = {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty if refresh is not None: __query["refresh"] = refresh __headers = {"accept": "application/json"} return self.perform_request( # type: ignore[return-value] "DELETE", __path, params=__query, headers=__headers, endpoint_id="security.delete_privileges", path_parts=__path_parts, ) @_rewrite_parameters() def delete_role( self, *, name: str, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, refresh: t.Optional[ t.Union["t.Literal['false', 'true', 'wait_for']", bool, str] ] = None, ) -> ObjectApiResponse[t.Any]: """ Removes roles in the native realm. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-delete-role.html>`_ :param name: Role name :param refresh: If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes. """ if name in SKIP_IN_PATH: raise ValueError("Empty value passed for parameter 'name'") __path_parts: t.Dict[str, str] = {"name": _quote(name)} __path = f'/_security/role/{__path_parts["name"]}' __query: t.Dict[str, t.Any] = {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty if refresh is not None: __query["refresh"] = refresh __headers = {"accept": "application/json"} return self.perform_request( # type: ignore[return-value] "DELETE", __path, params=__query, headers=__headers, endpoint_id="security.delete_role", path_parts=__path_parts, ) @_rewrite_parameters() def delete_role_mapping( self, *, name: str, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, refresh: t.Optional[ t.Union["t.Literal['false', 'true', 'wait_for']", bool, str] ] = None, ) -> ObjectApiResponse[t.Any]: """ Removes role mappings. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-delete-role-mapping.html>`_ :param name: Role-mapping name :param refresh: If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes. """ if name in SKIP_IN_PATH: raise ValueError("Empty value passed for parameter 'name'") __path_parts: t.Dict[str, str] = {"name": _quote(name)} __path = f'/_security/role_mapping/{__path_parts["name"]}' __query: t.Dict[str, t.Any] = {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty if refresh is not None: __query["refresh"] = refresh __headers = {"accept": "application/json"} return self.perform_request( # type: ignore[return-value] "DELETE", __path, params=__query, headers=__headers, endpoint_id="security.delete_role_mapping", path_parts=__path_parts, ) @_rewrite_parameters() def delete_service_token( self, *, namespace: str, service: str, name: str, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, refresh: t.Optional[ t.Union["t.Literal['false', 'true', 'wait_for']", bool, str] ] = None, ) -> ObjectApiResponse[t.Any]: """ Deletes a service account token. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-delete-service-token.html>`_ :param namespace: An identifier for the namespace :param service: An identifier for the service name :param name: An identifier for the token name :param refresh: If `true` then refresh the affected shards to make this operation visible to search, if `wait_for` (the default) then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes. """ if namespace in SKIP_IN_PATH: raise ValueError("Empty value passed for parameter 'namespace'") if service in SKIP_IN_PATH: raise ValueError("Empty value passed for parameter 'service'") if name in SKIP_IN_PATH: raise ValueError("Empty value passed for parameter 'name'") __path_parts: t.Dict[str, str] = { "namespace": _quote(namespace), "service": _quote(service), "name": _quote(name), } __path = f'/_security/service/{__path_parts["namespace"]}/{__path_parts["service"]}/credential/token/{__path_parts["name"]}' __query: t.Dict[str, t.Any] = {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty if refresh is not None: __query["refresh"] = refresh __headers = {"accept": "application/json"} return self.perform_request( # type: ignore[return-value] "DELETE", __path, params=__query, headers=__headers, endpoint_id="security.delete_service_token", path_parts=__path_parts, ) @_rewrite_parameters() def delete_user( self, *, username: str, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, refresh: t.Optional[ t.Union["t.Literal['false', 'true', 'wait_for']", bool, str] ] = None, ) -> ObjectApiResponse[t.Any]: """ Deletes users from the native realm. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-delete-user.html>`_ :param username: username :param refresh: If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes. """ if username in SKIP_IN_PATH: raise ValueError("Empty value passed for parameter 'username'") __path_parts: t.Dict[str, str] = {"username": _quote(username)} __path = f'/_security/user/{__path_parts["username"]}' __query: t.Dict[str, t.Any] = {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty if refresh is not None: __query["refresh"] = refresh __headers = {"accept": "application/json"} return self.perform_request( # type: ignore[return-value] "DELETE", __path, params=__query, headers=__headers, endpoint_id="security.delete_user", path_parts=__path_parts, ) @_rewrite_parameters() def disable_user( self, *, username: str, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, refresh: t.Optional[ t.Union["t.Literal['false', 'true', 'wait_for']", bool, str] ] = None, ) -> ObjectApiResponse[t.Any]: """ Disables users in the native realm. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-disable-user.html>`_ :param username: The username of the user to disable :param refresh: If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes. """ if username in SKIP_IN_PATH: raise ValueError("Empty value passed for parameter 'username'") __path_parts: t.Dict[str, str] = {"username": _quote(username)} __path = f'/_security/user/{__path_parts["username"]}/_disable' __query: t.Dict[str, t.Any] = {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty if refresh is not None: __query["refresh"] = refresh __headers = {"accept": "application/json"} return self.perform_request( # type: ignore[return-value] "PUT", __path, params=__query, headers=__headers, endpoint_id="security.disable_user", path_parts=__path_parts, ) @_rewrite_parameters() def disable_user_profile( self, *, uid: str, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, refresh: t.Optional[ t.Union["t.Literal['false', 'true', 'wait_for']", bool, str] ] = None, ) -> ObjectApiResponse[t.Any]: """ Disables a user profile so it's not visible in user profile searches. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-disable-user-profile.html>`_ :param uid: Unique identifier for the user profile. :param refresh: If 'true', Elasticsearch refreshes the affected shards to make this operation visible to search, if 'wait_for' then wait for a refresh to make this operation visible to search, if 'false' do nothing with refreshes. """ if uid in SKIP_IN_PATH: raise ValueError("Empty value passed for parameter 'uid'") __path_parts: t.Dict[str, str] = {"uid": _quote(uid)} __path = f'/_security/profile/{__path_parts["uid"]}/_disable' __query: t.Dict[str, t.Any] = {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty if refresh is not None: __query["refresh"] = refresh __headers = {"accept": "application/json"} return self.perform_request( # type: ignore[return-value] "PUT", __path, params=__query, headers=__headers, endpoint_id="security.disable_user_profile", path_parts=__path_parts, ) @_rewrite_parameters() def enable_user( self, *, username: str, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, refresh: t.Optional[ t.Union["t.Literal['false', 'true', 'wait_for']", bool, str] ] = None, ) -> ObjectApiResponse[t.Any]: """ Enables users in the native realm. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-enable-user.html>`_ :param username: The username of the user to enable :param refresh: If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes. """ if username in SKIP_IN_PATH: raise ValueError("Empty value passed for parameter 'username'") __path_parts: t.Dict[str, str] = {"username": _quote(username)} __path = f'/_security/user/{__path_parts["username"]}/_enable' __query: t.Dict[str, t.Any] = {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty if refresh is not None: __query["refresh"] = refresh __headers = {"accept": "application/json"} return self.perform_request( # type: ignore[return-value] "PUT", __path, params=__query, headers=__headers, endpoint_id="security.enable_user", path_parts=__path_parts, ) @_rewrite_parameters() def enable_user_profile( self, *, uid: str, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, refresh: t.Optional[ t.Union["t.Literal['false', 'true', 'wait_for']", bool, str] ] = None, ) -> ObjectApiResponse[t.Any]: """ Enables a user profile so it's visible in user profile searches. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-enable-user-profile.html>`_ :param uid: Unique identifier for the user profile. :param refresh: If 'true', Elasticsearch refreshes the affected shards to make this operation visible to search, if 'wait_for' then wait for a refresh to make this operation visible to search, if 'false' do nothing with refreshes. """ if uid in SKIP_IN_PATH: raise ValueError("Empty value passed for parameter 'uid'") __path_parts: t.Dict[str, str] = {"uid": _quote(uid)} __path = f'/_security/profile/{__path_parts["uid"]}/_enable' __query: t.Dict[str, t.Any] = {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty if refresh is not None: __query["refresh"] = refresh __headers = {"accept": "application/json"} return self.perform_request( # type: ignore[return-value] "PUT", __path, params=__query, headers=__headers, endpoint_id="security.enable_user_profile", path_parts=__path_parts, ) @_rewrite_parameters() def enroll_kibana( self, *, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, ) -> ObjectApiResponse[t.Any]: """ Allows a kibana instance to configure itself to communicate with a secured elasticsearch cluster. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-kibana-enrollment.html>`_ """ __path_parts: t.Dict[str, str] = {} __path = "/_security/enroll/kibana" __query: t.Dict[str, t.Any] = {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty __headers = {"accept": "application/json"} return self.perform_request( # type: ignore[return-value] "GET", __path, params=__query, headers=__headers, endpoint_id="security.enroll_kibana", path_parts=__path_parts, ) @_rewrite_parameters() def enroll_node( self, *, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, ) -> ObjectApiResponse[t.Any]: """ Allows a new node to enroll to an existing cluster with security enabled. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-node-enrollment.html>`_ """ __path_parts: t.Dict[str, str] = {} __path = "/_security/enroll/node" __query: t.Dict[str, t.Any] = {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty __headers = {"accept": "application/json"} return self.perform_request( # type: ignore[return-value] "GET", __path, params=__query, headers=__headers, endpoint_id="security.enroll_node", path_parts=__path_parts, ) @_rewrite_parameters() def get_api_key( self, *, active_only: t.Optional[bool] = None, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, id: t.Optional[str] = None, name: t.Optional[str] = None, owner: t.Optional[bool] = None, pretty: t.Optional[bool] = None, realm_name: t.Optional[str] = None, username: t.Optional[str] = None, with_limited_by: t.Optional[bool] = None, with_profile_uid: t.Optional[bool] = None, ) -> ObjectApiResponse[t.Any]: """ Retrieves information for one or more API keys. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-get-api-key.html>`_ :param active_only: A boolean flag that can be used to query API keys that are currently active. An API key is considered active if it is neither invalidated, nor expired at query time. You can specify this together with other parameters such as `owner` or `name`. If `active_only` is false, the response will include both active and inactive (expired or invalidated) keys. :param id: An API key id. This parameter cannot be used with any of `name`, `realm_name` or `username`. :param name: An API key name. This parameter cannot be used with any of `id`, `realm_name` or `username`. It supports prefix search with wildcard. :param owner: A boolean flag that can be used to query API keys owned by the currently authenticated user. The `realm_name` or `username` parameters cannot be specified when this parameter is set to `true` as they are assumed to be the currently authenticated ones. :param realm_name: The name of an authentication realm. This parameter cannot be used with either `id` or `name` or when `owner` flag is set to `true`. :param username: The username of a user. This parameter cannot be used with either `id` or `name` or when `owner` flag is set to `true`. :param with_limited_by: Return the snapshot of the owner user's role descriptors associated with the API key. An API key's actual permission is the intersection of its assigned role descriptors and the owner user's role descriptors. :param with_profile_uid: Determines whether to also retrieve the profile uid, for the API key owner principal, if it exists. """ __path_parts: t.Dict[str, str] = {} __path = "/_security/api_key" __query: t.Dict[str, t.Any] = {} if active_only is not None: __query["active_only"] = active_only if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if id is not None: __query["id"] = id if name is not None: __query["name"] = name if owner is not None: __query["owner"] = owner if pretty is not None: __query["pretty"] = pretty if realm_name is not None: __query["realm_name"] = realm_name if username is not None: __query["username"] = username if with_limited_by is not None: __query["with_limited_by"] = with_limited_by if with_profile_uid is not None: __query["with_profile_uid"] = with_profile_uid __headers = {"accept": "application/json"} return self.perform_request( # type: ignore[return-value] "GET", __path, params=__query, headers=__headers, endpoint_id="security.get_api_key", path_parts=__path_parts, ) @_rewrite_parameters() def get_builtin_privileges( self, *, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, ) -> ObjectApiResponse[t.Any]: """ Retrieves the list of cluster privileges and index privileges that are available in this version of Elasticsearch. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-get-builtin-privileges.html>`_ """ __path_parts: t.Dict[str, str] = {} __path = "/_security/privilege/_builtin" __query: t.Dict[str, t.Any] = {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty __headers = {"accept": "application/json"} return self.perform_request( # type: ignore[return-value] "GET", __path, params=__query, headers=__headers, endpoint_id="security.get_builtin_privileges", path_parts=__path_parts, ) @_rewrite_parameters() def get_privileges( self, *, application: t.Optional[str] = None, name: t.Optional[t.Union[str, t.Sequence[str]]] = None, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, ) -> ObjectApiResponse[t.Any]: """ Retrieves application privileges. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-get-privileges.html>`_ :param application: Application name :param name: Privilege name """ __path_parts: t.Dict[str, str] if application not in SKIP_IN_PATH and name not in SKIP_IN_PATH: __path_parts = {"application": _quote(application), "name": _quote(name)} __path = f'/_security/privilege/{__path_parts["application"]}/{__path_parts["name"]}' elif application not in SKIP_IN_PATH: __path_parts = {"application": _quote(application)} __path = f'/_security/privilege/{__path_parts["application"]}' else: __path_parts = {} __path = "/_security/privilege" __query: t.Dict[str, t.Any] = {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty __headers = {"accept": "application/json"} return self.perform_request( # type: ignore[return-value] "GET", __path, params=__query, headers=__headers, endpoint_id="security.get_privileges", path_parts=__path_parts, ) @_rewrite_parameters() def get_role( self, *, name: t.Optional[t.Union[str, t.Sequence[str]]] = None, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, ) -> ObjectApiResponse[t.Any]: """ Retrieves roles in the native realm. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-get-role.html>`_ :param name: The name of the role. You can specify multiple roles as a comma-separated list. If you do not specify this parameter, the API returns information about all roles. """ __path_parts: t.Dict[str, str] if name not in SKIP_IN_PATH: __path_parts = {"name": _quote(name)} __path = f'/_security/role/{__path_parts["name"]}' else: __path_parts = {} __path = "/_security/role" __query: t.Dict[str, t.Any] = {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty __headers = {"accept": "application/json"} return self.perform_request( # type: ignore[return-value] "GET", __path, params=__query, headers=__headers, endpoint_id="security.get_role", path_parts=__path_parts, ) @_rewrite_parameters() def get_role_mapping( self, *, name: t.Optional[t.Union[str, t.Sequence[str]]] = None, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, ) -> ObjectApiResponse[t.Any]: """ Retrieves role mappings. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-get-role-mapping.html>`_ :param name: The distinct name that identifies the role mapping. The name is used solely as an identifier to facilitate interaction via the API; it does not affect the behavior of the mapping in any way. You can specify multiple mapping names as a comma-separated list. If you do not specify this parameter, the API returns information about all role mappings. """ __path_parts: t.Dict[str, str] if name not in SKIP_IN_PATH: __path_parts = {"name": _quote(name)} __path = f'/_security/role_mapping/{__path_parts["name"]}' else: __path_parts = {} __path = "/_security/role_mapping" __query: t.Dict[str, t.Any] = {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty __headers = {"accept": "application/json"} return self.perform_request( # type: ignore[return-value] "GET", __path, params=__query, headers=__headers, endpoint_id="security.get_role_mapping", path_parts=__path_parts, ) @_rewrite_parameters() def get_service_accounts( self, *, namespace: t.Optional[str] = None, service: t.Optional[str] = None, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, ) -> ObjectApiResponse[t.Any]: """ Retrieves information about service accounts. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-get-service-accounts.html>`_ :param namespace: Name of the namespace. Omit this parameter to retrieve information about all service accounts. If you omit this parameter, you must also omit the `service` parameter. :param service: Name of the service name. Omit this parameter to retrieve information about all service accounts that belong to the specified `namespace`. """ __path_parts: t.Dict[str, str] if namespace not in SKIP_IN_PATH and service not in SKIP_IN_PATH: __path_parts = {"namespace": _quote(namespace), "service": _quote(service)} __path = f'/_security/service/{__path_parts["namespace"]}/{__path_parts["service"]}' elif namespace not in SKIP_IN_PATH: __path_parts = {"namespace": _quote(namespace)} __path = f'/_security/service/{__path_parts["namespace"]}' else: __path_parts = {} __path = "/_security/service" __query: t.Dict[str, t.Any] = {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty __headers = {"accept": "application/json"} return self.perform_request( # type: ignore[return-value] "GET", __path, params=__query, headers=__headers, endpoint_id="security.get_service_accounts", path_parts=__path_parts, ) @_rewrite_parameters() def get_service_credentials( self, *, namespace: str, service: str, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, ) -> ObjectApiResponse[t.Any]: """ Retrieves information of all service credentials for a service account. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-get-service-credentials.html>`_ :param namespace: Name of the namespace. :param service: Name of the service name. """ if namespace in SKIP_IN_PATH: raise ValueError("Empty value passed for parameter 'namespace'") if service in SKIP_IN_PATH: raise ValueError("Empty value passed for parameter 'service'") __path_parts: t.Dict[str, str] = { "namespace": _quote(namespace), "service": _quote(service), } __path = f'/_security/service/{__path_parts["namespace"]}/{__path_parts["service"]}/credential' __query: t.Dict[str, t.Any] = {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty __headers = {"accept": "application/json"} return self.perform_request( # type: ignore[return-value] "GET", __path, params=__query, headers=__headers, endpoint_id="security.get_service_credentials", path_parts=__path_parts, ) @_rewrite_parameters( body_fields=( "grant_type", "kerberos_ticket", "password", "refresh_token", "scope", "username", ), ) def get_token( self, *, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, grant_type: t.Optional[ t.Union[ "t.Literal['_kerberos', 'client_credentials', 'password', 'refresh_token']", str, ] ] = None, human: t.Optional[bool] = None, kerberos_ticket: t.Optional[str] = None, password: t.Optional[str] = None, pretty: t.Optional[bool] = None, refresh_token: t.Optional[str] = None, scope: t.Optional[str] = None, username: t.Optional[str] = None, body: t.Optional[t.Dict[str, t.Any]] = None, ) -> ObjectApiResponse[t.Any]: """ Creates a bearer token for access without requiring basic authentication. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-get-token.html>`_ :param grant_type: :param kerberos_ticket: :param password: :param refresh_token: :param scope: :param username: """ __path_parts: t.Dict[str, str] = {} __path = "/_security/oauth2/token" __query: t.Dict[str, t.Any] = {} __body: t.Dict[str, t.Any] = body if body is not None else {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty if not __body: if grant_type is not None: __body["grant_type"] = grant_type if kerberos_ticket is not None: __body["kerberos_ticket"] = kerberos_ticket if password is not None: __body["password"] = password if refresh_token is not None: __body["refresh_token"] = refresh_token if scope is not None: __body["scope"] = scope if username is not None: __body["username"] = username __headers = {"accept": "application/json", "content-type": "application/json"} return self.perform_request( # type: ignore[return-value] "POST", __path, params=__query, headers=__headers, body=__body, endpoint_id="security.get_token", path_parts=__path_parts, ) @_rewrite_parameters() def get_user( self, *, username: t.Optional[t.Union[str, t.Sequence[str]]] = None, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, with_profile_uid: t.Optional[bool] = None, ) -> ObjectApiResponse[t.Any]: """ Retrieves information about users in the native realm and built-in users. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-get-user.html>`_ :param username: An identifier for the user. You can specify multiple usernames as a comma-separated list. If you omit this parameter, the API retrieves information about all users. :param with_profile_uid: If true will return the User Profile ID for a user, if any. """ __path_parts: t.Dict[str, str] if username not in SKIP_IN_PATH: __path_parts = {"username": _quote(username)} __path = f'/_security/user/{__path_parts["username"]}' else: __path_parts = {} __path = "/_security/user" __query: t.Dict[str, t.Any] = {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty if with_profile_uid is not None: __query["with_profile_uid"] = with_profile_uid __headers = {"accept": "application/json"} return self.perform_request( # type: ignore[return-value] "GET", __path, params=__query, headers=__headers, endpoint_id="security.get_user", path_parts=__path_parts, ) @_rewrite_parameters() def get_user_privileges( self, *, application: t.Optional[str] = None, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, priviledge: t.Optional[str] = None, username: t.Optional[t.Union[None, str]] = None, ) -> ObjectApiResponse[t.Any]: """ Retrieves security privileges for the logged in user. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-get-user-privileges.html>`_ :param application: The name of the application. Application privileges are always associated with exactly one application. If you do not specify this parameter, the API returns information about all privileges for all applications. :param priviledge: The name of the privilege. If you do not specify this parameter, the API returns information about all privileges for the requested application. :param username: """ __path_parts: t.Dict[str, str] = {} __path = "/_security/user/_privileges" __query: t.Dict[str, t.Any] = {} if application is not None: __query["application"] = application if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty if priviledge is not None: __query["priviledge"] = priviledge if username is not None: __query["username"] = username __headers = {"accept": "application/json"} return self.perform_request( # type: ignore[return-value] "GET", __path, params=__query, headers=__headers, endpoint_id="security.get_user_privileges", path_parts=__path_parts, ) @_rewrite_parameters() def get_user_profile( self, *, uid: t.Union[str, t.Sequence[str]], data: t.Optional[t.Union[str, t.Sequence[str]]] = None, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, ) -> ObjectApiResponse[t.Any]: """ Retrieves user profiles for the given unique ID(s). `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-get-user-profile.html>`_ :param uid: A unique identifier for the user profile. :param data: List of filters for the `data` field of the profile document. To return all content use `data=*`. To return a subset of content use `data=<key>` to retrieve content nested under the specified `<key>`. By default returns no `data` content. """ if uid in SKIP_IN_PATH: raise ValueError("Empty value passed for parameter 'uid'") __path_parts: t.Dict[str, str] = {"uid": _quote(uid)} __path = f'/_security/profile/{__path_parts["uid"]}' __query: t.Dict[str, t.Any] = {} if data is not None: __query["data"] = data if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty __headers = {"accept": "application/json"} return self.perform_request( # type: ignore[return-value] "GET", __path, params=__query, headers=__headers, endpoint_id="security.get_user_profile", path_parts=__path_parts, ) @_rewrite_parameters( body_fields=( "api_key", "grant_type", "access_token", "password", "run_as", "username", ), ignore_deprecated_options={"api_key"}, ) def grant_api_key( self, *, api_key: t.Optional[t.Mapping[str, t.Any]] = None, grant_type: t.Optional[ t.Union["t.Literal['access_token', 'password']", str] ] = None, access_token: t.Optional[str] = None, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, password: t.Optional[str] = None, pretty: t.Optional[bool] = None, run_as: t.Optional[str] = None, username: t.Optional[str] = None, body: t.Optional[t.Dict[str, t.Any]] = None, ) -> ObjectApiResponse[t.Any]: """ Creates an API key on behalf of another user. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-grant-api-key.html>`_ :param api_key: Defines the API key. :param grant_type: The type of grant. Supported grant types are: `access_token`, `password`. :param access_token: The user’s access token. If you specify the `access_token` grant type, this parameter is required. It is not valid with other grant types. :param password: The user’s password. If you specify the `password` grant type, this parameter is required. It is not valid with other grant types. :param run_as: The name of the user to be impersonated. :param username: The user name that identifies the user. If you specify the `password` grant type, this parameter is required. It is not valid with other grant types. """ if api_key is None and body is None: raise ValueError("Empty value passed for parameter 'api_key'") if grant_type is None and body is None: raise ValueError("Empty value passed for parameter 'grant_type'") __path_parts: t.Dict[str, str] = {} __path = "/_security/api_key/grant" __query: t.Dict[str, t.Any] = {} __body: t.Dict[str, t.Any] = body if body is not None else {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty if not __body: if api_key is not None: __body["api_key"] = api_key if grant_type is not None: __body["grant_type"] = grant_type if access_token is not None: __body["access_token"] = access_token if password is not None: __body["password"] = password if run_as is not None: __body["run_as"] = run_as if username is not None: __body["username"] = username __headers = {"accept": "application/json", "content-type": "application/json"} return self.perform_request( # type: ignore[return-value] "POST", __path, params=__query, headers=__headers, body=__body, endpoint_id="security.grant_api_key", path_parts=__path_parts, ) @_rewrite_parameters( body_fields=("application", "cluster", "index"), ) def has_privileges( self, *, user: t.Optional[str] = None, application: t.Optional[t.Sequence[t.Mapping[str, t.Any]]] = None, cluster: t.Optional[ t.Sequence[ t.Union[ "t.Literal['all', 'cancel_task', 'create_snapshot', 'cross_cluster_replication', 'cross_cluster_search', 'delegate_pki', 'grant_api_key', 'manage', 'manage_api_key', 'manage_autoscaling', 'manage_behavioral_analytics', 'manage_ccr', 'manage_data_frame_transforms', 'manage_data_stream_global_retention', 'manage_enrich', 'manage_ilm', 'manage_index_templates', 'manage_inference', 'manage_ingest_pipelines', 'manage_logstash_pipelines', 'manage_ml', 'manage_oidc', 'manage_own_api_key', 'manage_pipeline', 'manage_rollup', 'manage_saml', 'manage_search_application', 'manage_search_query_rules', 'manage_search_synonyms', 'manage_security', 'manage_service_account', 'manage_slm', 'manage_token', 'manage_transform', 'manage_user_profile', 'manage_watcher', 'monitor', 'monitor_data_frame_transforms', 'monitor_data_stream_global_retention', 'monitor_enrich', 'monitor_inference', 'monitor_ml', 'monitor_rollup', 'monitor_snapshot', 'monitor_text_structure', 'monitor_transform', 'monitor_watcher', 'none', 'post_behavioral_analytics_event', 'read_ccr', 'read_connector_secrets', 'read_fleet_secrets', 'read_ilm', 'read_pipeline', 'read_security', 'read_slm', 'transport_client', 'write_connector_secrets', 'write_fleet_secrets']", str, ] ] ] = None, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, index: t.Optional[t.Sequence[t.Mapping[str, t.Any]]] = None, pretty: t.Optional[bool] = None, body: t.Optional[t.Dict[str, t.Any]] = None, ) -> ObjectApiResponse[t.Any]: """ Determines whether the specified user has a specified list of privileges. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-has-privileges.html>`_ :param user: Username :param application: :param cluster: A list of the cluster privileges that you want to check. :param index: """ __path_parts: t.Dict[str, str] if user not in SKIP_IN_PATH: __path_parts = {"user": _quote(user)} __path = f'/_security/user/{__path_parts["user"]}/_has_privileges' else: __path_parts = {} __path = "/_security/user/_has_privileges" __query: t.Dict[str, t.Any] = {} __body: t.Dict[str, t.Any] = body if body is not None else {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty if not __body: if application is not None: __body["application"] = application if cluster is not None: __body["cluster"] = cluster if index is not None: __body["index"] = index __headers = {"accept": "application/json", "content-type": "application/json"} return self.perform_request( # type: ignore[return-value] "POST", __path, params=__query, headers=__headers, body=__body, endpoint_id="security.has_privileges", path_parts=__path_parts, ) @_rewrite_parameters( body_fields=("privileges", "uids"), ) def has_privileges_user_profile( self, *, privileges: t.Optional[t.Mapping[str, t.Any]] = None, uids: t.Optional[t.Sequence[str]] = None, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, body: t.Optional[t.Dict[str, t.Any]] = None, ) -> ObjectApiResponse[t.Any]: """ Determines whether the users associated with the specified profile IDs have all the requested privileges. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-has-privileges-user-profile.html>`_ :param privileges: :param uids: A list of profile IDs. The privileges are checked for associated users of the profiles. """ if privileges is None and body is None: raise ValueError("Empty value passed for parameter 'privileges'") if uids is None and body is None: raise ValueError("Empty value passed for parameter 'uids'") __path_parts: t.Dict[str, str] = {} __path = "/_security/profile/_has_privileges" __query: t.Dict[str, t.Any] = {} __body: t.Dict[str, t.Any] = body if body is not None else {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty if not __body: if privileges is not None: __body["privileges"] = privileges if uids is not None: __body["uids"] = uids __headers = {"accept": "application/json", "content-type": "application/json"} return self.perform_request( # type: ignore[return-value] "POST", __path, params=__query, headers=__headers, body=__body, endpoint_id="security.has_privileges_user_profile", path_parts=__path_parts, ) @_rewrite_parameters( body_fields=("id", "ids", "name", "owner", "realm_name", "username"), ) def invalidate_api_key( self, *, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, id: t.Optional[str] = None, ids: t.Optional[t.Sequence[str]] = None, name: t.Optional[str] = None, owner: t.Optional[bool] = None, pretty: t.Optional[bool] = None, realm_name: t.Optional[str] = None, username: t.Optional[str] = None, body: t.Optional[t.Dict[str, t.Any]] = None, ) -> ObjectApiResponse[t.Any]: """ Invalidates one or more API keys. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-invalidate-api-key.html>`_ :param id: :param ids: A list of API key ids. This parameter cannot be used with any of `name`, `realm_name`, or `username`. :param name: An API key name. This parameter cannot be used with any of `ids`, `realm_name` or `username`. :param owner: Can be used to query API keys owned by the currently authenticated user. The `realm_name` or `username` parameters cannot be specified when this parameter is set to `true` as they are assumed to be the currently authenticated ones. :param realm_name: The name of an authentication realm. This parameter cannot be used with either `ids` or `name`, or when `owner` flag is set to `true`. :param username: The username of a user. This parameter cannot be used with either `ids` or `name`, or when `owner` flag is set to `true`. """ __path_parts: t.Dict[str, str] = {} __path = "/_security/api_key" __query: t.Dict[str, t.Any] = {} __body: t.Dict[str, t.Any] = body if body is not None else {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty if not __body: if id is not None: __body["id"] = id if ids is not None: __body["ids"] = ids if name is not None: __body["name"] = name if owner is not None: __body["owner"] = owner if realm_name is not None: __body["realm_name"] = realm_name if username is not None: __body["username"] = username __headers = {"accept": "application/json", "content-type": "application/json"} return self.perform_request( # type: ignore[return-value] "DELETE", __path, params=__query, headers=__headers, body=__body, endpoint_id="security.invalidate_api_key", path_parts=__path_parts, ) @_rewrite_parameters( body_fields=("realm_name", "refresh_token", "token", "username"), ) def invalidate_token( self, *, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, realm_name: t.Optional[str] = None, refresh_token: t.Optional[str] = None, token: t.Optional[str] = None, username: t.Optional[str] = None, body: t.Optional[t.Dict[str, t.Any]] = None, ) -> ObjectApiResponse[t.Any]: """ Invalidates one or more access tokens or refresh tokens. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-invalidate-token.html>`_ :param realm_name: :param refresh_token: :param token: :param username: """ __path_parts: t.Dict[str, str] = {} __path = "/_security/oauth2/token" __query: t.Dict[str, t.Any] = {} __body: t.Dict[str, t.Any] = body if body is not None else {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty if not __body: if realm_name is not None: __body["realm_name"] = realm_name if refresh_token is not None: __body["refresh_token"] = refresh_token if token is not None: __body["token"] = token if username is not None: __body["username"] = username __headers = {"accept": "application/json", "content-type": "application/json"} return self.perform_request( # type: ignore[return-value] "DELETE", __path, params=__query, headers=__headers, body=__body, endpoint_id="security.invalidate_token", path_parts=__path_parts, ) @_rewrite_parameters( body_name="privileges", ) def put_privileges( self, *, privileges: t.Optional[ t.Mapping[str, t.Mapping[str, t.Mapping[str, t.Any]]] ] = None, body: t.Optional[t.Mapping[str, t.Mapping[str, t.Mapping[str, t.Any]]]] = None, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, refresh: t.Optional[ t.Union["t.Literal['false', 'true', 'wait_for']", bool, str] ] = None, ) -> ObjectApiResponse[t.Any]: """ Adds or updates application privileges. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-put-privileges.html>`_ :param privileges: :param refresh: If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes. """ if privileges is None and body is None: raise ValueError( "Empty value passed for parameters 'privileges' and 'body', one of them should be set." ) elif privileges is not None and body is not None: raise ValueError("Cannot set both 'privileges' and 'body'") __path_parts: t.Dict[str, str] = {} __path = "/_security/privilege" __query: t.Dict[str, t.Any] = {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty if refresh is not None: __query["refresh"] = refresh __body = privileges if privileges is not None else body __headers = {"accept": "application/json", "content-type": "application/json"} return self.perform_request( # type: ignore[return-value] "PUT", __path, params=__query, headers=__headers, body=__body, endpoint_id="security.put_privileges", path_parts=__path_parts, ) @_rewrite_parameters( body_fields=( "applications", "cluster", "global_", "indices", "metadata", "run_as", "transient_metadata", ), parameter_aliases={"global": "global_"}, ) def put_role( self, *, name: str, applications: t.Optional[t.Sequence[t.Mapping[str, t.Any]]] = None, cluster: t.Optional[ t.Sequence[ t.Union[ "t.Literal['all', 'cancel_task', 'create_snapshot', 'cross_cluster_replication', 'cross_cluster_search', 'delegate_pki', 'grant_api_key', 'manage', 'manage_api_key', 'manage_autoscaling', 'manage_behavioral_analytics', 'manage_ccr', 'manage_data_frame_transforms', 'manage_data_stream_global_retention', 'manage_enrich', 'manage_ilm', 'manage_index_templates', 'manage_inference', 'manage_ingest_pipelines', 'manage_logstash_pipelines', 'manage_ml', 'manage_oidc', 'manage_own_api_key', 'manage_pipeline', 'manage_rollup', 'manage_saml', 'manage_search_application', 'manage_search_query_rules', 'manage_search_synonyms', 'manage_security', 'manage_service_account', 'manage_slm', 'manage_token', 'manage_transform', 'manage_user_profile', 'manage_watcher', 'monitor', 'monitor_data_frame_transforms', 'monitor_data_stream_global_retention', 'monitor_enrich', 'monitor_inference', 'monitor_ml', 'monitor_rollup', 'monitor_snapshot', 'monitor_text_structure', 'monitor_transform', 'monitor_watcher', 'none', 'post_behavioral_analytics_event', 'read_ccr', 'read_connector_secrets', 'read_fleet_secrets', 'read_ilm', 'read_pipeline', 'read_security', 'read_slm', 'transport_client', 'write_connector_secrets', 'write_fleet_secrets']", str, ] ] ] = None, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, global_: t.Optional[t.Mapping[str, t.Any]] = None, human: t.Optional[bool] = None, indices: t.Optional[t.Sequence[t.Mapping[str, t.Any]]] = None, metadata: t.Optional[t.Mapping[str, t.Any]] = None, pretty: t.Optional[bool] = None, refresh: t.Optional[ t.Union["t.Literal['false', 'true', 'wait_for']", bool, str] ] = None, run_as: t.Optional[t.Sequence[str]] = None, transient_metadata: t.Optional[t.Mapping[str, t.Any]] = None, body: t.Optional[t.Dict[str, t.Any]] = None, ) -> ObjectApiResponse[t.Any]: """ Adds and updates roles in the native realm. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-put-role.html>`_ :param name: The name of the role. :param applications: A list of application privilege entries. :param cluster: A list of cluster privileges. These privileges define the cluster-level actions for users with this role. :param global_: An object defining global privileges. A global privilege is a form of cluster privilege that is request-aware. Support for global privileges is currently limited to the management of application privileges. :param indices: A list of indices permissions entries. :param metadata: Optional metadata. Within the metadata object, keys that begin with an underscore (`_`) are reserved for system use. :param refresh: If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes. :param run_as: A list of users that the owners of this role can impersonate. :param transient_metadata: Indicates roles that might be incompatible with the current cluster license, specifically roles with document and field level security. When the cluster license doesn’t allow certain features for a given role, this parameter is updated dynamically to list the incompatible features. If `enabled` is `false`, the role is ignored, but is still listed in the response from the authenticate API. """ if name in SKIP_IN_PATH: raise ValueError("Empty value passed for parameter 'name'") __path_parts: t.Dict[str, str] = {"name": _quote(name)} __path = f'/_security/role/{__path_parts["name"]}' __query: t.Dict[str, t.Any] = {} __body: t.Dict[str, t.Any] = body if body is not None else {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty if refresh is not None: __query["refresh"] = refresh if not __body: if applications is not None: __body["applications"] = applications if cluster is not None: __body["cluster"] = cluster if global_ is not None: __body["global"] = global_ if indices is not None: __body["indices"] = indices if metadata is not None: __body["metadata"] = metadata if run_as is not None: __body["run_as"] = run_as if transient_metadata is not None: __body["transient_metadata"] = transient_metadata __headers = {"accept": "application/json", "content-type": "application/json"} return self.perform_request( # type: ignore[return-value] "PUT", __path, params=__query, headers=__headers, body=__body, endpoint_id="security.put_role", path_parts=__path_parts, ) @_rewrite_parameters( body_fields=( "enabled", "metadata", "role_templates", "roles", "rules", "run_as", ), ) def put_role_mapping( self, *, name: str, enabled: t.Optional[bool] = None, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, metadata: t.Optional[t.Mapping[str, t.Any]] = None, pretty: t.Optional[bool] = None, refresh: t.Optional[ t.Union["t.Literal['false', 'true', 'wait_for']", bool, str] ] = None, role_templates: t.Optional[t.Sequence[t.Mapping[str, t.Any]]] = None, roles: t.Optional[t.Sequence[str]] = None, rules: t.Optional[t.Mapping[str, t.Any]] = None, run_as: t.Optional[t.Sequence[str]] = None, body: t.Optional[t.Dict[str, t.Any]] = None, ) -> ObjectApiResponse[t.Any]: """ Creates and updates role mappings. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-put-role-mapping.html>`_ :param name: Role-mapping name :param enabled: :param metadata: :param refresh: If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes. :param role_templates: :param roles: :param rules: :param run_as: """ if name in SKIP_IN_PATH: raise ValueError("Empty value passed for parameter 'name'") __path_parts: t.Dict[str, str] = {"name": _quote(name)} __path = f'/_security/role_mapping/{__path_parts["name"]}' __query: t.Dict[str, t.Any] = {} __body: t.Dict[str, t.Any] = body if body is not None else {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty if refresh is not None: __query["refresh"] = refresh if not __body: if enabled is not None: __body["enabled"] = enabled if metadata is not None: __body["metadata"] = metadata if role_templates is not None: __body["role_templates"] = role_templates if roles is not None: __body["roles"] = roles if rules is not None: __body["rules"] = rules if run_as is not None: __body["run_as"] = run_as __headers = {"accept": "application/json", "content-type": "application/json"} return self.perform_request( # type: ignore[return-value] "PUT", __path, params=__query, headers=__headers, body=__body, endpoint_id="security.put_role_mapping", path_parts=__path_parts, ) @_rewrite_parameters( body_fields=( "email", "enabled", "full_name", "metadata", "password", "password_hash", "roles", ), ) def put_user( self, *, username: str, email: t.Optional[t.Union[None, str]] = None, enabled: t.Optional[bool] = None, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, full_name: t.Optional[t.Union[None, str]] = None, human: t.Optional[bool] = None, metadata: t.Optional[t.Mapping[str, t.Any]] = None, password: t.Optional[str] = None, password_hash: t.Optional[str] = None, pretty: t.Optional[bool] = None, refresh: t.Optional[ t.Union["t.Literal['false', 'true', 'wait_for']", bool, str] ] = None, roles: t.Optional[t.Sequence[str]] = None, body: t.Optional[t.Dict[str, t.Any]] = None, ) -> ObjectApiResponse[t.Any]: """ Adds and updates users in the native realm. These users are commonly referred to as native users. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-put-user.html>`_ :param username: The username of the User :param email: :param enabled: :param full_name: :param metadata: :param password: :param password_hash: :param refresh: If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes. :param roles: """ if username in SKIP_IN_PATH: raise ValueError("Empty value passed for parameter 'username'") __path_parts: t.Dict[str, str] = {"username": _quote(username)} __path = f'/_security/user/{__path_parts["username"]}' __query: t.Dict[str, t.Any] = {} __body: t.Dict[str, t.Any] = body if body is not None else {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty if refresh is not None: __query["refresh"] = refresh if not __body: if email is not None: __body["email"] = email if enabled is not None: __body["enabled"] = enabled if full_name is not None: __body["full_name"] = full_name if metadata is not None: __body["metadata"] = metadata if password is not None: __body["password"] = password if password_hash is not None: __body["password_hash"] = password_hash if roles is not None: __body["roles"] = roles __headers = {"accept": "application/json", "content-type": "application/json"} return self.perform_request( # type: ignore[return-value] "PUT", __path, params=__query, headers=__headers, body=__body, endpoint_id="security.put_user", path_parts=__path_parts, ) @_rewrite_parameters( body_fields=( "aggregations", "aggs", "from_", "query", "search_after", "size", "sort", ), parameter_aliases={"from": "from_"}, ) def query_api_keys( self, *, aggregations: t.Optional[t.Mapping[str, t.Mapping[str, t.Any]]] = None, aggs: t.Optional[t.Mapping[str, t.Mapping[str, t.Any]]] = None, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, from_: t.Optional[int] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, query: t.Optional[t.Mapping[str, t.Any]] = None, search_after: t.Optional[ t.Sequence[t.Union[None, bool, float, int, str, t.Any]] ] = None, size: t.Optional[int] = None, sort: t.Optional[ t.Union[ t.Sequence[t.Union[str, t.Mapping[str, t.Any]]], t.Union[str, t.Mapping[str, t.Any]], ] ] = None, typed_keys: t.Optional[bool] = None, with_limited_by: t.Optional[bool] = None, with_profile_uid: t.Optional[bool] = None, body: t.Optional[t.Dict[str, t.Any]] = None, ) -> ObjectApiResponse[t.Any]: """ Retrieves information for API keys using a subset of query DSL `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-query-api-key.html>`_ :param aggregations: Any aggregations to run over the corpus of returned API keys. Aggregations and queries work together. Aggregations are computed only on the API keys that match the query. This supports only a subset of aggregation types, namely: `terms`, `range`, `date_range`, `missing`, `cardinality`, `value_count`, `composite`, `filter`, and `filters`. Additionally, aggregations only run over the same subset of fields that query works with. :param aggs: Any aggregations to run over the corpus of returned API keys. Aggregations and queries work together. Aggregations are computed only on the API keys that match the query. This supports only a subset of aggregation types, namely: `terms`, `range`, `date_range`, `missing`, `cardinality`, `value_count`, `composite`, `filter`, and `filters`. Additionally, aggregations only run over the same subset of fields that query works with. :param from_: Starting document offset. By default, you cannot page through more than 10,000 hits using the from and size parameters. To page through more hits, use the `search_after` parameter. :param query: A query to filter which API keys to return. If the query parameter is missing, it is equivalent to a `match_all` query. The query supports a subset of query types, including `match_all`, `bool`, `term`, `terms`, `match`, `ids`, `prefix`, `wildcard`, `exists`, `range`, and `simple_query_string`. You can query the following public information associated with an API key: `id`, `type`, `name`, `creation`, `expiration`, `invalidated`, `invalidation`, `username`, `realm`, and `metadata`. :param search_after: Search after definition :param size: The number of hits to return. By default, you cannot page through more than 10,000 hits using the `from` and `size` parameters. To page through more hits, use the `search_after` parameter. :param sort: Other than `id`, all public fields of an API key are eligible for sorting. In addition, sort can also be applied to the `_doc` field to sort by index order. :param typed_keys: Determines whether aggregation names are prefixed by their respective types in the response. :param with_limited_by: Return the snapshot of the owner user's role descriptors associated with the API key. An API key's actual permission is the intersection of its assigned role descriptors and the owner user's role descriptors. :param with_profile_uid: Determines whether to also retrieve the profile uid, for the API key owner principal, if it exists. """ __path_parts: t.Dict[str, str] = {} __path = "/_security/_query/api_key" __query: t.Dict[str, t.Any] = {} __body: t.Dict[str, t.Any] = body if body is not None else {} # The 'sort' parameter with a colon can't be encoded to the body. if sort is not None and ( (isinstance(sort, str) and ":" in sort) or ( isinstance(sort, (list, tuple)) and all(isinstance(_x, str) for _x in sort) and any(":" in _x for _x in sort) ) ): __query["sort"] = sort sort = None if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty if typed_keys is not None: __query["typed_keys"] = typed_keys if with_limited_by is not None: __query["with_limited_by"] = with_limited_by if with_profile_uid is not None: __query["with_profile_uid"] = with_profile_uid if not __body: if aggregations is not None: __body["aggregations"] = aggregations if aggs is not None: __body["aggs"] = aggs if from_ is not None: __body["from"] = from_ if query is not None: __body["query"] = query if search_after is not None: __body["search_after"] = search_after if size is not None: __body["size"] = size if sort is not None: __body["sort"] = sort if not __body: __body = None # type: ignore[assignment] __headers = {"accept": "application/json"} if __body is not None: __headers["content-type"] = "application/json" return self.perform_request( # type: ignore[return-value] "POST", __path, params=__query, headers=__headers, body=__body, endpoint_id="security.query_api_keys", path_parts=__path_parts, ) @_rewrite_parameters( body_fields=("content", "ids", "realm"), ) def saml_authenticate( self, *, content: t.Optional[str] = None, ids: t.Optional[t.Union[str, t.Sequence[str]]] = None, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, realm: t.Optional[str] = None, body: t.Optional[t.Dict[str, t.Any]] = None, ) -> ObjectApiResponse[t.Any]: """ Exchanges a SAML Response message for an Elasticsearch access token and refresh token pair `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-saml-authenticate.html>`_ :param content: The SAML response as it was sent by the user’s browser, usually a Base64 encoded XML document. :param ids: A json array with all the valid SAML Request Ids that the caller of the API has for the current user. :param realm: The name of the realm that should authenticate the SAML response. Useful in cases where many SAML realms are defined. """ if content is None and body is None: raise ValueError("Empty value passed for parameter 'content'") if ids is None and body is None: raise ValueError("Empty value passed for parameter 'ids'") __path_parts: t.Dict[str, str] = {} __path = "/_security/saml/authenticate" __query: t.Dict[str, t.Any] = {} __body: t.Dict[str, t.Any] = body if body is not None else {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty if not __body: if content is not None: __body["content"] = content if ids is not None: __body["ids"] = ids if realm is not None: __body["realm"] = realm __headers = {"accept": "application/json", "content-type": "application/json"} return self.perform_request( # type: ignore[return-value] "POST", __path, params=__query, headers=__headers, body=__body, endpoint_id="security.saml_authenticate", path_parts=__path_parts, ) @_rewrite_parameters( body_fields=("ids", "realm", "content", "query_string"), ) def saml_complete_logout( self, *, ids: t.Optional[t.Union[str, t.Sequence[str]]] = None, realm: t.Optional[str] = None, content: t.Optional[str] = None, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, query_string: t.Optional[str] = None, body: t.Optional[t.Dict[str, t.Any]] = None, ) -> ObjectApiResponse[t.Any]: """ Verifies the logout response sent from the SAML IdP `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-saml-complete-logout.html>`_ :param ids: A json array with all the valid SAML Request Ids that the caller of the API has for the current user. :param realm: The name of the SAML realm in Elasticsearch for which the configuration is used to verify the logout response. :param content: If the SAML IdP sends the logout response with the HTTP-Post binding, this field must be set to the value of the SAMLResponse form parameter from the logout response. :param query_string: If the SAML IdP sends the logout response with the HTTP-Redirect binding, this field must be set to the query string of the redirect URI. """ if ids is None and body is None: raise ValueError("Empty value passed for parameter 'ids'") if realm is None and body is None: raise ValueError("Empty value passed for parameter 'realm'") __path_parts: t.Dict[str, str] = {} __path = "/_security/saml/complete_logout" __query: t.Dict[str, t.Any] = {} __body: t.Dict[str, t.Any] = body if body is not None else {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty if not __body: if ids is not None: __body["ids"] = ids if realm is not None: __body["realm"] = realm if content is not None: __body["content"] = content if query_string is not None: __body["query_string"] = query_string __headers = {"accept": "application/json", "content-type": "application/json"} return self.perform_request( # type: ignore[return-value] "POST", __path, params=__query, headers=__headers, body=__body, endpoint_id="security.saml_complete_logout", path_parts=__path_parts, ) @_rewrite_parameters( body_fields=("query_string", "acs", "realm"), ) def saml_invalidate( self, *, query_string: t.Optional[str] = None, acs: t.Optional[str] = None, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, realm: t.Optional[str] = None, body: t.Optional[t.Dict[str, t.Any]] = None, ) -> ObjectApiResponse[t.Any]: """ Consumes a SAML LogoutRequest `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-saml-invalidate.html>`_ :param query_string: The query part of the URL that the user was redirected to by the SAML IdP to initiate the Single Logout. This query should include a single parameter named SAMLRequest that contains a SAML logout request that is deflated and Base64 encoded. If the SAML IdP has signed the logout request, the URL should include two extra parameters named SigAlg and Signature that contain the algorithm used for the signature and the signature value itself. In order for Elasticsearch to be able to verify the IdP’s signature, the value of the query_string field must be an exact match to the string provided by the browser. The client application must not attempt to parse or process the string in any way. :param acs: The Assertion Consumer Service URL that matches the one of the SAML realm in Elasticsearch that should be used. You must specify either this parameter or the realm parameter. :param realm: The name of the SAML realm in Elasticsearch the configuration. You must specify either this parameter or the acs parameter. """ if query_string is None and body is None: raise ValueError("Empty value passed for parameter 'query_string'") __path_parts: t.Dict[str, str] = {} __path = "/_security/saml/invalidate" __query: t.Dict[str, t.Any] = {} __body: t.Dict[str, t.Any] = body if body is not None else {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty if not __body: if query_string is not None: __body["query_string"] = query_string if acs is not None: __body["acs"] = acs if realm is not None: __body["realm"] = realm __headers = {"accept": "application/json", "content-type": "application/json"} return self.perform_request( # type: ignore[return-value] "POST", __path, params=__query, headers=__headers, body=__body, endpoint_id="security.saml_invalidate", path_parts=__path_parts, ) @_rewrite_parameters( body_fields=("token", "refresh_token"), ) def saml_logout( self, *, token: t.Optional[str] = None, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, refresh_token: t.Optional[str] = None, body: t.Optional[t.Dict[str, t.Any]] = None, ) -> ObjectApiResponse[t.Any]: """ Invalidates an access token and a refresh token that were generated via the SAML Authenticate API `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-saml-logout.html>`_ :param token: The access token that was returned as a response to calling the SAML authenticate API. Alternatively, the most recent token that was received after refreshing the original one by using a refresh_token. :param refresh_token: The refresh token that was returned as a response to calling the SAML authenticate API. Alternatively, the most recent refresh token that was received after refreshing the original access token. """ if token is None and body is None: raise ValueError("Empty value passed for parameter 'token'") __path_parts: t.Dict[str, str] = {} __path = "/_security/saml/logout" __query: t.Dict[str, t.Any] = {} __body: t.Dict[str, t.Any] = body if body is not None else {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty if not __body: if token is not None: __body["token"] = token if refresh_token is not None: __body["refresh_token"] = refresh_token __headers = {"accept": "application/json", "content-type": "application/json"} return self.perform_request( # type: ignore[return-value] "POST", __path, params=__query, headers=__headers, body=__body, endpoint_id="security.saml_logout", path_parts=__path_parts, ) @_rewrite_parameters( body_fields=("acs", "realm", "relay_state"), ) def saml_prepare_authentication( self, *, acs: t.Optional[str] = None, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, realm: t.Optional[str] = None, relay_state: t.Optional[str] = None, body: t.Optional[t.Dict[str, t.Any]] = None, ) -> ObjectApiResponse[t.Any]: """ Creates a SAML authentication request `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-saml-prepare-authentication.html>`_ :param acs: The Assertion Consumer Service URL that matches the one of the SAML realms in Elasticsearch. The realm is used to generate the authentication request. You must specify either this parameter or the realm parameter. :param realm: The name of the SAML realm in Elasticsearch for which the configuration is used to generate the authentication request. You must specify either this parameter or the acs parameter. :param relay_state: A string that will be included in the redirect URL that this API returns as the RelayState query parameter. If the Authentication Request is signed, this value is used as part of the signature computation. """ __path_parts: t.Dict[str, str] = {} __path = "/_security/saml/prepare" __query: t.Dict[str, t.Any] = {} __body: t.Dict[str, t.Any] = body if body is not None else {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty if not __body: if acs is not None: __body["acs"] = acs if realm is not None: __body["realm"] = realm if relay_state is not None: __body["relay_state"] = relay_state __headers = {"accept": "application/json", "content-type": "application/json"} return self.perform_request( # type: ignore[return-value] "POST", __path, params=__query, headers=__headers, body=__body, endpoint_id="security.saml_prepare_authentication", path_parts=__path_parts, ) @_rewrite_parameters() def saml_service_provider_metadata( self, *, realm_name: str, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, pretty: t.Optional[bool] = None, ) -> ObjectApiResponse[t.Any]: """ Generates SAML metadata for the Elastic stack SAML 2.0 Service Provider `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-saml-sp-metadata.html>`_ :param realm_name: The name of the SAML realm in Elasticsearch. """ if realm_name in SKIP_IN_PATH: raise ValueError("Empty value passed for parameter 'realm_name'") __path_parts: t.Dict[str, str] = {"realm_name": _quote(realm_name)} __path = f'/_security/saml/metadata/{__path_parts["realm_name"]}' __query: t.Dict[str, t.Any] = {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty __headers = {"accept": "application/json"} return self.perform_request( # type: ignore[return-value] "GET", __path, params=__query, headers=__headers, endpoint_id="security.saml_service_provider_metadata", path_parts=__path_parts, ) @_rewrite_parameters( body_fields=("data", "hint", "name", "size"), ) def suggest_user_profiles( self, *, data: t.Optional[t.Union[str, t.Sequence[str]]] = None, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, hint: t.Optional[t.Mapping[str, t.Any]] = None, human: t.Optional[bool] = None, name: t.Optional[str] = None, pretty: t.Optional[bool] = None, size: t.Optional[int] = None, body: t.Optional[t.Dict[str, t.Any]] = None, ) -> ObjectApiResponse[t.Any]: """ Get suggestions for user profiles that match specified search criteria. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-suggest-user-profile.html>`_ :param data: List of filters for the `data` field of the profile document. To return all content use `data=*`. To return a subset of content use `data=<key>` to retrieve content nested under the specified `<key>`. By default returns no `data` content. :param hint: Extra search criteria to improve relevance of the suggestion result. Profiles matching the spcified hint are ranked higher in the response. Profiles not matching the hint don't exclude the profile from the response as long as the profile matches the `name` field query. :param name: Query string used to match name-related fields in user profile documents. Name-related fields are the user's `username`, `full_name`, and `email`. :param size: Number of profiles to return. """ __path_parts: t.Dict[str, str] = {} __path = "/_security/profile/_suggest" __query: t.Dict[str, t.Any] = {} __body: t.Dict[str, t.Any] = body if body is not None else {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty if not __body: if data is not None: __body["data"] = data if hint is not None: __body["hint"] = hint if name is not None: __body["name"] = name if size is not None: __body["size"] = size if not __body: __body = None # type: ignore[assignment] __headers = {"accept": "application/json"} if __body is not None: __headers["content-type"] = "application/json" return self.perform_request( # type: ignore[return-value] "POST", __path, params=__query, headers=__headers, body=__body, endpoint_id="security.suggest_user_profiles", path_parts=__path_parts, ) @_rewrite_parameters( body_fields=("expiration", "metadata", "role_descriptors"), ) def update_api_key( self, *, id: str, error_trace: t.Optional[bool] = None, expiration: t.Optional[t.Union["t.Literal[-1]", "t.Literal[0]", str]] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, metadata: t.Optional[t.Mapping[str, t.Any]] = None, pretty: t.Optional[bool] = None, role_descriptors: t.Optional[t.Mapping[str, t.Mapping[str, t.Any]]] = None, body: t.Optional[t.Dict[str, t.Any]] = None, ) -> ObjectApiResponse[t.Any]: """ Updates attributes of an existing API key. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-update-api-key.html>`_ :param id: The ID of the API key to update. :param expiration: Expiration time for the API key. :param metadata: Arbitrary metadata that you want to associate with the API key. It supports nested data structure. Within the metadata object, keys beginning with _ are reserved for system usage. :param role_descriptors: An array of role descriptors for this API key. This parameter is optional. When it is not specified or is an empty array, then the API key will have a point in time snapshot of permissions of the authenticated user. If you supply role descriptors then the resultant permissions would be an intersection of API keys permissions and authenticated user’s permissions thereby limiting the access scope for API keys. The structure of role descriptor is the same as the request for create role API. For more details, see create or update roles API. """ if id in SKIP_IN_PATH: raise ValueError("Empty value passed for parameter 'id'") __path_parts: t.Dict[str, str] = {"id": _quote(id)} __path = f'/_security/api_key/{__path_parts["id"]}' __query: t.Dict[str, t.Any] = {} __body: t.Dict[str, t.Any] = body if body is not None else {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if pretty is not None: __query["pretty"] = pretty if not __body: if expiration is not None: __body["expiration"] = expiration if metadata is not None: __body["metadata"] = metadata if role_descriptors is not None: __body["role_descriptors"] = role_descriptors if not __body: __body = None # type: ignore[assignment] __headers = {"accept": "application/json"} if __body is not None: __headers["content-type"] = "application/json" return self.perform_request( # type: ignore[return-value] "PUT", __path, params=__query, headers=__headers, body=__body, endpoint_id="security.update_api_key", path_parts=__path_parts, ) @_rewrite_parameters( body_fields=("data", "labels"), ) def update_user_profile_data( self, *, uid: str, data: t.Optional[t.Mapping[str, t.Any]] = None, error_trace: t.Optional[bool] = None, filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None, human: t.Optional[bool] = None, if_primary_term: t.Optional[int] = None, if_seq_no: t.Optional[int] = None, labels: t.Optional[t.Mapping[str, t.Any]] = None, pretty: t.Optional[bool] = None, refresh: t.Optional[ t.Union["t.Literal['false', 'true', 'wait_for']", bool, str] ] = None, body: t.Optional[t.Dict[str, t.Any]] = None, ) -> ObjectApiResponse[t.Any]: """ Update application specific data for the user profile of the given unique ID. `<https://www.elastic.co/guide/en/elasticsearch/reference/8.14/security-api-update-user-profile-data.html>`_ :param uid: A unique identifier for the user profile. :param data: Non-searchable data that you want to associate with the user profile. This field supports a nested data structure. :param if_primary_term: Only perform the operation if the document has this primary term. :param if_seq_no: Only perform the operation if the document has this sequence number. :param labels: Searchable data that you want to associate with the user profile. This field supports a nested data structure. :param refresh: If 'true', Elasticsearch refreshes the affected shards to make this operation visible to search, if 'wait_for' then wait for a refresh to make this operation visible to search, if 'false' do nothing with refreshes. """ if uid in SKIP_IN_PATH: raise ValueError("Empty value passed for parameter 'uid'") __path_parts: t.Dict[str, str] = {"uid": _quote(uid)} __path = f'/_security/profile/{__path_parts["uid"]}/_data' __query: t.Dict[str, t.Any] = {} __body: t.Dict[str, t.Any] = body if body is not None else {} if error_trace is not None: __query["error_trace"] = error_trace if filter_path is not None: __query["filter_path"] = filter_path if human is not None: __query["human"] = human if if_primary_term is not None: __query["if_primary_term"] = if_primary_term if if_seq_no is not None: __query["if_seq_no"] = if_seq_no if pretty is not None: __query["pretty"] = pretty if refresh is not None: __query["refresh"] = refresh if not __body: if data is not None: __body["data"] = data if labels is not None: __body["labels"] = labels __headers = {"accept": "application/json", "content-type": "application/json"} return self.perform_request( # type: ignore[return-value] "PUT", __path, params=__query, headers=__headers, body=__body, endpoint_id="security.update_user_profile_data", path_parts=__path_parts, )
webs 1.0 - Enhanced UI