elasticsearch/_async/client/security.py [3105:3275]:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
self,
*,
name: str,
applications: t.Optional[t.Sequence[t.Mapping[str, t.Any]]] = None,
cluster: t.Optional[
t.Sequence[
t.Union[
str,
t.Literal[
"all",
"cancel_task",
"create_snapshot",
"cross_cluster_replication",
"cross_cluster_search",
"delegate_pki",
"grant_api_key",
"manage",
"manage_api_key",
"manage_autoscaling",
"manage_behavioral_analytics",
"manage_ccr",
"manage_data_frame_transforms",
"manage_data_stream_global_retention",
"manage_enrich",
"manage_ilm",
"manage_index_templates",
"manage_inference",
"manage_ingest_pipelines",
"manage_logstash_pipelines",
"manage_ml",
"manage_oidc",
"manage_own_api_key",
"manage_pipeline",
"manage_rollup",
"manage_saml",
"manage_search_application",
"manage_search_query_rules",
"manage_search_synonyms",
"manage_security",
"manage_service_account",
"manage_slm",
"manage_token",
"manage_transform",
"manage_user_profile",
"manage_watcher",
"monitor",
"monitor_data_frame_transforms",
"monitor_data_stream_global_retention",
"monitor_enrich",
"monitor_inference",
"monitor_ml",
"monitor_rollup",
"monitor_snapshot",
"monitor_stats",
"monitor_text_structure",
"monitor_transform",
"monitor_watcher",
"none",
"post_behavioral_analytics_event",
"read_ccr",
"read_fleet_secrets",
"read_ilm",
"read_pipeline",
"read_security",
"read_slm",
"transport_client",
"write_connector_secrets",
"write_fleet_secrets",
],
]
]
] = None,
description: t.Optional[str] = None,
error_trace: t.Optional[bool] = None,
filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None,
global_: t.Optional[t.Mapping[str, t.Any]] = None,
human: t.Optional[bool] = None,
indices: t.Optional[t.Sequence[t.Mapping[str, t.Any]]] = None,
metadata: t.Optional[t.Mapping[str, t.Any]] = None,
pretty: t.Optional[bool] = None,
refresh: t.Optional[
t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
] = None,
remote_cluster: t.Optional[t.Sequence[t.Mapping[str, t.Any]]] = None,
remote_indices: t.Optional[t.Sequence[t.Mapping[str, t.Any]]] = None,
run_as: t.Optional[t.Sequence[str]] = None,
transient_metadata: t.Optional[t.Mapping[str, t.Any]] = None,
body: t.Optional[t.Dict[str, t.Any]] = None,
) -> ObjectApiResponse[t.Any]:
"""
.. raw:: html
Create or update roles.
The role management APIs are generally the preferred way to manage roles in the native realm, rather than using file-based role management.
The create or update roles API cannot update roles that are defined in roles files.
File-based role management is not available in Elastic Serverless.
``_
:param name: The name of the role that is being created or updated. On Elasticsearch
Serverless, the role name must begin with a letter or digit and can only
contain letters, digits and the characters '_', '-', and '.'. Each role must
have a unique name, as this will serve as the identifier for that role.
:param applications: A list of application privilege entries.
:param cluster: A list of cluster privileges. These privileges define the cluster-level
actions for users with this role.
:param description: Optional description of the role descriptor
:param global_: An object defining global privileges. A global privilege is a
form of cluster privilege that is request-aware. Support for global privileges
is currently limited to the management of application privileges.
:param indices: A list of indices permissions entries.
:param metadata: Optional metadata. Within the metadata object, keys that begin
with an underscore (`_`) are reserved for system use.
:param refresh: If `true` (the default) then refresh the affected shards to make
this operation visible to search, if `wait_for` then wait for a refresh to
make this operation visible to search, if `false` then do nothing with refreshes.
:param remote_cluster: A list of remote cluster permissions entries.
:param remote_indices: A list of remote indices permissions entries. NOTE: Remote
indices are effective for remote clusters configured with the API key based
model. They have no effect for remote clusters configured with the certificate
based model.
:param run_as: A list of users that the owners of this role can impersonate.
*Note*: in Serverless, the run-as feature is disabled. For API compatibility,
you can still specify an empty `run_as` field, but a non-empty list will
be rejected.
:param transient_metadata: Indicates roles that might be incompatible with the
current cluster license, specifically roles with document and field level
security. When the cluster license doesn’t allow certain features for a given
role, this parameter is updated dynamically to list the incompatible features.
If `enabled` is `false`, the role is ignored, but is still listed in the
response from the authenticate API.
"""
if name in SKIP_IN_PATH:
raise ValueError("Empty value passed for parameter 'name'")
__path_parts: t.Dict[str, str] = {"name": _quote(name)}
__path = f'/_security/role/{__path_parts["name"]}'
__query: t.Dict[str, t.Any] = {}
__body: t.Dict[str, t.Any] = body if body is not None else {}
if error_trace is not None:
__query["error_trace"] = error_trace
if filter_path is not None:
__query["filter_path"] = filter_path
if human is not None:
__query["human"] = human
if pretty is not None:
__query["pretty"] = pretty
if refresh is not None:
__query["refresh"] = refresh
if not __body:
if applications is not None:
__body["applications"] = applications
if cluster is not None:
__body["cluster"] = cluster
if description is not None:
__body["description"] = description
if global_ is not None:
__body["global"] = global_
if indices is not None:
__body["indices"] = indices
if metadata is not None:
__body["metadata"] = metadata
if remote_cluster is not None:
__body["remote_cluster"] = remote_cluster
if remote_indices is not None:
__body["remote_indices"] = remote_indices
if run_as is not None:
__body["run_as"] = run_as
if transient_metadata is not None:
__body["transient_metadata"] = transient_metadata
__headers = {"accept": "application/json", "content-type": "application/json"}
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
elasticsearch/_sync/client/security.py [3105:3275]:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
self,
*,
name: str,
applications: t.Optional[t.Sequence[t.Mapping[str, t.Any]]] = None,
cluster: t.Optional[
t.Sequence[
t.Union[
str,
t.Literal[
"all",
"cancel_task",
"create_snapshot",
"cross_cluster_replication",
"cross_cluster_search",
"delegate_pki",
"grant_api_key",
"manage",
"manage_api_key",
"manage_autoscaling",
"manage_behavioral_analytics",
"manage_ccr",
"manage_data_frame_transforms",
"manage_data_stream_global_retention",
"manage_enrich",
"manage_ilm",
"manage_index_templates",
"manage_inference",
"manage_ingest_pipelines",
"manage_logstash_pipelines",
"manage_ml",
"manage_oidc",
"manage_own_api_key",
"manage_pipeline",
"manage_rollup",
"manage_saml",
"manage_search_application",
"manage_search_query_rules",
"manage_search_synonyms",
"manage_security",
"manage_service_account",
"manage_slm",
"manage_token",
"manage_transform",
"manage_user_profile",
"manage_watcher",
"monitor",
"monitor_data_frame_transforms",
"monitor_data_stream_global_retention",
"monitor_enrich",
"monitor_inference",
"monitor_ml",
"monitor_rollup",
"monitor_snapshot",
"monitor_stats",
"monitor_text_structure",
"monitor_transform",
"monitor_watcher",
"none",
"post_behavioral_analytics_event",
"read_ccr",
"read_fleet_secrets",
"read_ilm",
"read_pipeline",
"read_security",
"read_slm",
"transport_client",
"write_connector_secrets",
"write_fleet_secrets",
],
]
]
] = None,
description: t.Optional[str] = None,
error_trace: t.Optional[bool] = None,
filter_path: t.Optional[t.Union[str, t.Sequence[str]]] = None,
global_: t.Optional[t.Mapping[str, t.Any]] = None,
human: t.Optional[bool] = None,
indices: t.Optional[t.Sequence[t.Mapping[str, t.Any]]] = None,
metadata: t.Optional[t.Mapping[str, t.Any]] = None,
pretty: t.Optional[bool] = None,
refresh: t.Optional[
t.Union[bool, str, t.Literal["false", "true", "wait_for"]]
] = None,
remote_cluster: t.Optional[t.Sequence[t.Mapping[str, t.Any]]] = None,
remote_indices: t.Optional[t.Sequence[t.Mapping[str, t.Any]]] = None,
run_as: t.Optional[t.Sequence[str]] = None,
transient_metadata: t.Optional[t.Mapping[str, t.Any]] = None,
body: t.Optional[t.Dict[str, t.Any]] = None,
) -> ObjectApiResponse[t.Any]:
"""
.. raw:: html
Create or update roles.
The role management APIs are generally the preferred way to manage roles in the native realm, rather than using file-based role management.
The create or update roles API cannot update roles that are defined in roles files.
File-based role management is not available in Elastic Serverless.
``_
:param name: The name of the role that is being created or updated. On Elasticsearch
Serverless, the role name must begin with a letter or digit and can only
contain letters, digits and the characters '_', '-', and '.'. Each role must
have a unique name, as this will serve as the identifier for that role.
:param applications: A list of application privilege entries.
:param cluster: A list of cluster privileges. These privileges define the cluster-level
actions for users with this role.
:param description: Optional description of the role descriptor
:param global_: An object defining global privileges. A global privilege is a
form of cluster privilege that is request-aware. Support for global privileges
is currently limited to the management of application privileges.
:param indices: A list of indices permissions entries.
:param metadata: Optional metadata. Within the metadata object, keys that begin
with an underscore (`_`) are reserved for system use.
:param refresh: If `true` (the default) then refresh the affected shards to make
this operation visible to search, if `wait_for` then wait for a refresh to
make this operation visible to search, if `false` then do nothing with refreshes.
:param remote_cluster: A list of remote cluster permissions entries.
:param remote_indices: A list of remote indices permissions entries. NOTE: Remote
indices are effective for remote clusters configured with the API key based
model. They have no effect for remote clusters configured with the certificate
based model.
:param run_as: A list of users that the owners of this role can impersonate.
*Note*: in Serverless, the run-as feature is disabled. For API compatibility,
you can still specify an empty `run_as` field, but a non-empty list will
be rejected.
:param transient_metadata: Indicates roles that might be incompatible with the
current cluster license, specifically roles with document and field level
security. When the cluster license doesn’t allow certain features for a given
role, this parameter is updated dynamically to list the incompatible features.
If `enabled` is `false`, the role is ignored, but is still listed in the
response from the authenticate API.
"""
if name in SKIP_IN_PATH:
raise ValueError("Empty value passed for parameter 'name'")
__path_parts: t.Dict[str, str] = {"name": _quote(name)}
__path = f'/_security/role/{__path_parts["name"]}'
__query: t.Dict[str, t.Any] = {}
__body: t.Dict[str, t.Any] = body if body is not None else {}
if error_trace is not None:
__query["error_trace"] = error_trace
if filter_path is not None:
__query["filter_path"] = filter_path
if human is not None:
__query["human"] = human
if pretty is not None:
__query["pretty"] = pretty
if refresh is not None:
__query["refresh"] = refresh
if not __body:
if applications is not None:
__body["applications"] = applications
if cluster is not None:
__body["cluster"] = cluster
if description is not None:
__body["description"] = description
if global_ is not None:
__body["global"] = global_
if indices is not None:
__body["indices"] = indices
if metadata is not None:
__body["metadata"] = metadata
if remote_cluster is not None:
__body["remote_cluster"] = remote_cluster
if remote_indices is not None:
__body["remote_indices"] = remote_indices
if run_as is not None:
__body["run_as"] = run_as
if transient_metadata is not None:
__body["transient_metadata"] = transient_metadata
__headers = {"accept": "application/json", "content-type": "application/json"}
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -