Implement grant API key

src/Nest/Descriptors.Security.cs

@@ -417,6 +417,16 @@ public partial class GetUserPrivilegesDescriptor : RequestDescriptorBase<GetUser
 	// Request parameters
 	}
 
+	///<summary>Descriptor for GrantApiKey <para>https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-grant-api-key.html</para></summary>
+	public partial class GrantApiKeyDescriptor : RequestDescriptorBase<GrantApiKeyDescriptor, GrantApiKeyRequestParameters, IGrantApiKeyRequest>, IGrantApiKeyRequest
+	{
+		internal override ApiUrls ApiUrls => ApiUrlsLookups.SecurityGrantApiKey;
+		// values part of the url path
+		// Request parameters
+		///<summary>If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes.</summary>
+		public GrantApiKeyDescriptor Refresh(Refresh? refresh) => Qs("refresh", refresh);
+	}
+
 	///<summary>Descriptor for HasPrivileges <para>https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-has-privileges.html</para></summary>
 	public partial class HasPrivilegesDescriptor : RequestDescriptorBase<HasPrivilegesDescriptor, HasPrivilegesRequestParameters, IHasPrivilegesRequest>, IHasPrivilegesRequest
 	{

src/Nest/ElasticClient.Security.cs

@@ -517,6 +517,30 @@ internal SecurityNamespace(ElasticClient client): base(client)
 		/// </summary>
 		public Task<GetUserPrivilegesResponse> GetUserPrivilegesAsync(IGetUserPrivilegesRequest request, CancellationToken ct = default) => DoRequestAsync<IGetUserPrivilegesRequest, GetUserPrivilegesResponse>(request, request.RequestParameters, ct);
 		/// <summary>
+		/// <c>POST</c> request to the <c>security.grant_api_key</c> API, read more about this API online:
+		/// <para></para>
+		/// <a href = "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-grant-api-key.html">https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-grant-api-key.html</a>
+		/// </summary>
+		public GrantApiKeyResponse GrantApiKey(Func<GrantApiKeyDescriptor, IGrantApiKeyRequest> selector) => GrantApiKey(selector.InvokeOrDefault(new GrantApiKeyDescriptor()));
+		/// <summary>
+		/// <c>POST</c> request to the <c>security.grant_api_key</c> API, read more about this API online:
+		/// <para></para>
+		/// <a href = "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-grant-api-key.html">https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-grant-api-key.html</a>
+		/// </summary>
+		public Task<GrantApiKeyResponse> GrantApiKeyAsync(Func<GrantApiKeyDescriptor, IGrantApiKeyRequest> selector, CancellationToken ct = default) => GrantApiKeyAsync(selector.InvokeOrDefault(new GrantApiKeyDescriptor()), ct);
+		/// <summary>
+		/// <c>POST</c> request to the <c>security.grant_api_key</c> API, read more about this API online:
+		/// <para></para>
+		/// <a href = "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-grant-api-key.html">https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-grant-api-key.html</a>
+		/// </summary>
+		public GrantApiKeyResponse GrantApiKey(IGrantApiKeyRequest request) => DoRequest<IGrantApiKeyRequest, GrantApiKeyResponse>(request, request.RequestParameters);
+		/// <summary>
+		/// <c>POST</c> request to the <c>security.grant_api_key</c> API, read more about this API online:
+		/// <para></para>
+		/// <a href = "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-grant-api-key.html">https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-grant-api-key.html</a>
+		/// </summary>
+		public Task<GrantApiKeyResponse> GrantApiKeyAsync(IGrantApiKeyRequest request, CancellationToken ct = default) => DoRequestAsync<IGrantApiKeyRequest, GrantApiKeyResponse>(request, request.RequestParameters, ct);
+		/// <summary>
 		/// <c>POST</c> request to the <c>security.has_privileges</c> API, read more about this API online:
 		/// <para></para>
 		/// <a href = "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-has-privileges.html">https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-has-privileges.html</a>

src/Nest/Requests.Security.cs

@@ -708,6 +708,29 @@ public partial class GetUserPrivilegesRequest : PlainRequestBase<GetUserPrivileg
 	// Request parameters
 	}
 
+	[InterfaceDataContract]
+	public partial interface IGrantApiKeyRequest : IRequest<GrantApiKeyRequestParameters>
+	{
+	}
+
+	///<summary>Request for GrantApiKey <para>https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-grant-api-key.html</para></summary>
+	public partial class GrantApiKeyRequest : PlainRequestBase<GrantApiKeyRequestParameters>, IGrantApiKeyRequest
+	{
+		protected IGrantApiKeyRequest Self => this;
+		internal override ApiUrls ApiUrls => ApiUrlsLookups.SecurityGrantApiKey;
+		// values part of the url path
+		// Request parameters
+		///<summary>
+		/// If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh
+		/// to make this operation visible to search, if `false` then do nothing with refreshes.
+		///</summary>
+		public Refresh? Refresh
+		{
+			get => Q<Refresh? >("refresh");
+			set => Q("refresh", value);
+		}
+	}
+
 	[InterfaceDataContract]
 	public partial interface IHasPrivilegesRequest : IRequest<HasPrivilegesRequestParameters>
 	{

src/Nest/XPack/Security/ApiKey/GrantApiKey/ApiKey.cs

@@ -0,0 +1,68 @@
+// Licensed to Elasticsearch B.V under one or more agreements.
+// Elasticsearch B.V licenses this file to you under the Apache 2.0 License.
+// See the LICENSE file in the project root for more information
+
+using System;
+using System.Runtime.Serialization;
+using Elasticsearch.Net.Utf8Json;
+
+namespace Nest
+{
+	[InterfaceDataContract]
+	[ReadAs(typeof(ApiKey))]
+	public interface IApiKey
+	{
+		/// <summary>
+		/// Optional expiration for the API key being generated.
+		/// If an expiration is not provided then the API keys do not expire.
+		/// </summary>
+		[DataMember(Name = "expiration")]
+		Time Expiration { get; set; }
+
+		/// <summary>
+		/// A name for this API key.
+		/// </summary>
+		[DataMember(Name = "name")]
+		string Name { get; set; }
+
+		/// <summary>
+		/// Optional role descriptors for this API key, if not provided then permissions of authenticated user are applied.
+		/// </summary>
+		[DataMember(Name = "role_descriptors")]
+		IApiKeyRoles Roles { get; set; }
+	}
+
+	public class ApiKey : IApiKey
+	{
+		/// <inheritdoc cref="IApiKey.Expiration" />
+		public Time Expiration { get; set; }
+
+		/// <inheritdoc cref="IApiKey.Name" />
+		public string Name { get; set; }
+
+		/// <inheritdoc cref="IApiKey.Roles" />
+		public IApiKeyRoles Roles { get; set; }
+	}
+
+	public class ApiKeyDescriptor : DescriptorBase<ApiKeyDescriptor, IApiKey>, IApiKey
+	{
+		/// <inheritdoc cref="IApiKey.Expiration" />
+		Time IApiKey.Expiration { get; set; }
+
+		/// <inheritdoc cref="IApiKey.Name" />
+		string IApiKey.Name { get; set; }
+
+		/// <inheritdoc cref="IApiKey.Roles" />
+		IApiKeyRoles IApiKey.Roles { get; set; }
+
+		/// <inheritdoc cref="IApiKey.Expiration" />
+		public ApiKeyDescriptor Expiration(Time expiration) => Assign(expiration, (a, v) => a.Expiration = v);
+
+		/// <inheritdoc cref="IApiKey.Name" />
+		public ApiKeyDescriptor Name(string name) => Assign(name, (a, v) => a.Name = v);
+
+		/// <inheritdoc cref="IApiKey.Roles" />
+		public ApiKeyDescriptor Roles(Func<ApiKeyRolesDescriptor, IPromise<IApiKeyRoles>> selector) =>
+			Assign(selector, (a, v) => a.Roles = v.InvokeOrDefault(new ApiKeyRolesDescriptor()).Value);
+	}
+}

src/Nest/XPack/Security/ApiKey/GrantApiKey/GrantApiKeyRequest.cs

@@ -0,0 +1,99 @@
+// Licensed to Elasticsearch B.V under one or more agreements.
+// Elasticsearch B.V licenses this file to you under the Apache 2.0 License.
+// See the LICENSE file in the project root for more information
+
+using System;
+using System.Runtime.Serialization;
+
+namespace Nest
+{
+	[MapsApi("security.grant_api_key.json")]
+	[ReadAs(typeof(GrantApiKeyRequest))]
+	public partial interface IGrantApiKeyRequest
+	{
+		/// <summary>
+		/// The user�s access token. If you specify the access_token grant type,
+		/// this parameter is required. It is not valid with other grant types.
+		/// </summary>
+		[DataMember(Name = "access_token")]
+		string AccessToken { get; set; }
+
+		/// <summary>
+		/// The type of grant. Supported grant types are: access_token,password.
+		/// </summary>
+		[DataMember(Name = "grant_type")]
+		GrantType? GrantType { get; set; }
+
+		/// <summary>
+		/// The user�s password. If you specify the password grant type,
+		/// this parameter is required. It is not valid with other grant types.
+		/// </summary>
+		[DataMember(Name = "password")]
+		string Password { get; set; }
+
+		/// <summary>
+		/// The user name that identifies the user. If you specify the password grant type, 
+		/// this parameter is required. It is not valid with other grant types.
+		/// </summary>
+		[DataMember(Name = "username")]
+		string Username { get; set; }
+
+		/// <summary>
+		/// Defines the API key.
+		/// </summary>
+		[DataMember(Name = "api_key")]
+		IApiKey ApiKey { get; set; }
+	}
+
+	public partial class GrantApiKeyRequest
+	{
+		/// <inheritdoc cref="IGrantApiKeyRequest.AccessToken" />
+		public string AccessToken { get; set; }
+
+		/// <inheritdoc cref="IGrantApiKeyRequest.GrantType" />
+		public GrantType? GrantType { get; set; }
+
+		/// <inheritdoc cref="IGrantApiKeyRequest.Password" />
+		public string Password { get; set; }
+
+		/// <inheritdoc cref="IGrantApiKeyRequest.Username" />
+		public string Username { get; set; }
+
+		/// <inheritdoc cref="IGrantApiKeyRequest.ApiKey" />
+		public IApiKey ApiKey { get; set; }
+	}
+
+	public partial class GrantApiKeyDescriptor
+	{
+		/// <inheritdoc cref="IGrantApiKeyRequest.AccessToken" />
+		string IGrantApiKeyRequest.AccessToken { get; set; }
+
+		/// <inheritdoc cref="IGrantApiKeyRequest.GrantType" />
+		GrantType? IGrantApiKeyRequest.GrantType { get; set; } = Nest.GrantType.AccessToken;
+
+		/// <inheritdoc cref="IGrantApiKeyRequest.Password" />
+		string IGrantApiKeyRequest.Password { get; set; }
+
+		/// <inheritdoc cref="IGrantApiKeyRequest.Username" />
+		string IGrantApiKeyRequest.Username { get; set; }
+
+		/// <inheritdoc cref="IGrantApiKeyRequest.ApiKey" />
+		IApiKey IGrantApiKeyRequest.ApiKey { get; set; }
+
+		/// <inheritdoc cref="IGrantApiKeyRequest.AccessToken" />
+		public GrantApiKeyDescriptor AccessToken(string accessToken) => Assign(accessToken, (a, v) => a.AccessToken = v);
+
+		/// <inheritdoc cref="IGrantApiKeyRequest.GrantType" />
+		public GrantApiKeyDescriptor GrantType(GrantType? type) => Assign(type, (a, v) => a.GrantType = v);
+
+		/// <inheritdoc cref="IGrantApiKeyRequest.Password" />
+		public GrantApiKeyDescriptor Password(string password) => Assign(password, (a, v) => a.Password = v);
+
+		/// <inheritdoc cref="IGrantApiKeyRequest.Username" />
+		public GrantApiKeyDescriptor Username(string username) => Assign(username, (a, v) => a.Username = v);
+
+		/// <inheritdoc cref="IGrantApiKeyRequest.ApiKey" />
+		public GrantApiKeyDescriptor ApiKey(Func<ApiKeyDescriptor, IApiKey> selector) =>
+			Assign(selector, (a, v) => a.ApiKey = v?.Invoke(new ApiKeyDescriptor()));
+	}
+}

src/Nest/XPack/Security/ApiKey/GrantApiKey/GrantApiKeyResponse.cs

@@ -0,0 +1,38 @@
+// Licensed to Elasticsearch B.V under one or more agreements.
+// Elasticsearch B.V licenses this file to you under the Apache 2.0 License.
+// See the LICENSE file in the project root for more information
+
+using System;
+using System.Runtime.Serialization;
+using Elasticsearch.Net.Utf8Json;
+
+namespace Nest
+{
+	public class GrantApiKeyResponse : ResponseBase
+	{
+		/// <summary>
+		/// Id for the API key
+		/// </summary>
+		[DataMember(Name = "id")]
+		public string Id { get; internal set; }
+
+		/// <summary>
+		/// Name of the API key
+		/// </summary>
+		[DataMember(Name = "name")]
+		public string Name { get; internal set; }
+
+		/// <summary>
+		/// Optional expiration time for the API key in milliseconds
+		/// </summary>
+		[DataMember(Name = "expiration")]
+		[JsonFormatter(typeof(NullableDateTimeOffsetEpochMillisecondsFormatter))]
+		public DateTimeOffset? Expiration { get; internal set; }
+
+		/// <summary>
+		/// Generated API key
+		/// </summary>
+		[DataMember(Name = "api_key")]
+		public string ApiKey { get; internal set; }
+	}
+}

src/Nest/XPack/Security/ApiKey/GrantApiKey/GrantType.cs

@@ -0,0 +1,16 @@
+// Licensed to Elasticsearch B.V under one or more agreements.
+// Elasticsearch B.V licenses this file to you under the Apache 2.0 License.
+// See the LICENSE file in the project root for more information
+
+using System.Runtime.Serialization;
+using Elasticsearch.Net;
+
+namespace Nest
+{
+	[StringEnum]
+	public enum GrantType
+	{
+		[EnumMember(Value = "password")] Password,
+		[EnumMember(Value = "access_token")] AccessToken
+	}
+}

src/Nest/_Generated/ApiUrlsLookup.generated.cs

@@ -257,6 +257,7 @@ internal static class ApiUrlsLookups
 		internal static ApiUrls SecurityGetUserAccessToken = new ApiUrls(new[]{"_security/oauth2/token"});
 		internal static ApiUrls SecurityGetUser = new ApiUrls(new[]{"_security/user/{username}", "_security/user"});
 		internal static ApiUrls SecurityGetUserPrivileges = new ApiUrls(new[]{"_security/user/_privileges"});
+		internal static ApiUrls SecurityGrantApiKey = new ApiUrls(new[]{"_security/api_key/grant"});
 		internal static ApiUrls SecurityHasPrivileges = new ApiUrls(new[]{"_security/user/_has_privileges", "_security/user/{user}/_has_privileges"});
 		internal static ApiUrls SecurityInvalidateApiKey = new ApiUrls(new[]{"_security/api_key"});
 		internal static ApiUrls SecurityInvalidateUserAccessToken = new ApiUrls(new[]{"_security/oauth2/token"});