Package co.elastic.clients.elasticsearch.security

Class UpdateApiKeyRequest

java.lang.Object
co.elastic.clients.elasticsearch._types.RequestBase
co.elastic.clients.elasticsearch.security.UpdateApiKeyRequest
All Implemented Interfaces:
JsonpSerializable
@JsonpDeserializable public class UpdateApiKeyRequest extends RequestBase implements JsonpSerializable
Update an API key.

Update attributes of an existing API key. This API supports updates to an API key's access scope, expiration, and metadata.

To use this API, you must have at least the manage_own_api_key cluster privilege. Users can only update API keys that they created or that were granted to them. To update another user’s API key, use the run_as feature to submit a request on behalf of another user.

IMPORTANT: It's not possible to use an API key as the authentication credential for this API. The owner user’s credentials are required.

Use this API to update API keys created by the create API key or grant API Key APIs. If you need to apply the same update to many API keys, you can use the bulk update API keys API to reduce overhead. It's not possible to update expired API keys or API keys that have been invalidated by the invalidate API key API.

The access scope of an API key is derived from the role_descriptors you specify in the request and a snapshot of the owner user's permissions at the time of the request. The snapshot of the owner's permissions is updated automatically on every call.

IMPORTANT: If you don't specify role_descriptors in the request, a call to this API might still change the API key's access scope. This change can occur if the owner user's permissions have changed since the API key was created or last modified.

See Also:

  • Field Details

  • Method Details

    • of

      public static UpdateApiKeyRequest of(Function<UpdateApiKeyRequest.Builder,ObjectBuilder<UpdateApiKeyRequest>> fn)

    • expiration

      @Nullable public final Time expiration()
      The expiration time for the API key. By default, API keys never expire. This property can be omitted to leave the expiration unchanged.

      API name: expiration

    • id

      public final String id()
      Required - The ID of the API key to update.

      API name: id

    • metadata

      public final Map<String,JsonData> metadata()
      Arbitrary metadata that you want to associate with the API key. It supports a nested data structure. Within the metadata object, keys beginning with _ are reserved for system usage. When specified, this value fully replaces the metadata previously associated with the API key.

      API name: metadata

    • roleDescriptors

      public final Map<String,RoleDescriptor> roleDescriptors()
      The role descriptors to assign to this API key. The API key's effective permissions are an intersection of its assigned privileges and the point in time snapshot of permissions of the owner user. You can assign new privileges by specifying them in this parameter. To remove assigned privileges, you can supply an empty role_descriptors parameter, that is to say, an empty object {}. If an API key has no assigned privileges, it inherits the owner user's full permissions. The snapshot of the owner's permissions is always updated, whether you supply the role_descriptors parameter or not. The structure of a role descriptor is the same as the request for the create API keys API.

      API name: role_descriptors

    • serialize

      public void serialize(jakarta.json.stream.JsonGenerator generator, JsonpMapper mapper)
      Serialize this object to JSON.
      Specified by:
      serialize in interface JsonpSerializable

    • serializeInternal

      protected void serializeInternal(jakarta.json.stream.JsonGenerator generator, JsonpMapper mapper)

    • setupUpdateApiKeyRequestDeserializer

      protected static void setupUpdateApiKeyRequestDeserializer(ObjectDeserializer<UpdateApiKeyRequest.Builder> op)