elastic · codebrain · Nov 12, 2019 · Oct 25, 2019 · Oct 25, 2019 · Nov 12, 2019
diff --git a/src/CodeGeneration/ApiGenerator/RestSpecification/_Patches/security.get_api_key.patch.json b/src/CodeGeneration/ApiGenerator/RestSpecification/_Patches/security.get_api_key.patch.json
@@ -0,0 +1,13 @@
+{
+  "security.get_api_key": {
+    "url": {
+      "params": {
+        "owner": {
+          "type": "boolean",
+          "default": false,
+          "description": "flag to query API keys owned by the currently authenticated user"
+        }
+      }
+    }
+  }
+}
diff --git a/src/Elasticsearch.Net/Api/RequestParameters/RequestParameters.Security.cs b/src/Elasticsearch.Net/Api/RequestParameters/RequestParameters.Security.cs
@@ -186,6 +186,13 @@ public string Name
 			set => Q("name", value);
 		}
 
+		///<summary>flag to query API keys owned by the currently authenticated user</summary>
+		public bool? Owner
+		{
+			get => Q<bool? >("owner");
+			set => Q("owner", value);
+		}
+
 		///<summary>realm name of the user who created this API key to be retrieved</summary>
 		public string RealmName
 		{

diff --git a/src/Nest/Descriptors.Security.cs b/src/Nest/Descriptors.Security.cs
@@ -42,13 +42,13 @@ public partial class AuthenticateDescriptor : RequestDescriptorBase<Authenticate
 	public partial class ChangePasswordDescriptor : RequestDescriptorBase<ChangePasswordDescriptor, ChangePasswordRequestParameters, IChangePasswordRequest>, IChangePasswordRequest
 	{
 		internal override ApiUrls ApiUrls => ApiUrlsLookups.SecurityChangePassword;
-		///<summary>/_security/user/{username}/_password</summary>
-		///<param name = "username">Optional, accepts null</param>
+		///<summary>/_security/user/{username}/_password</summary>
+		///<param name = "username">Optional, accepts null</param>
 		public ChangePasswordDescriptor(Name username): base(r => r.Optional("username", username))
 		{
 		}
 
-		///<summary>/_security/user/_password</summary>
+		///<summary>/_security/user/_password</summary>
 		public ChangePasswordDescriptor(): base()
 		{
 		}
@@ -66,13 +66,13 @@ public ChangePasswordDescriptor(): base()
 	public partial class ClearCachedRealmsDescriptor : RequestDescriptorBase<ClearCachedRealmsDescriptor, ClearCachedRealmsRequestParameters, IClearCachedRealmsRequest>, IClearCachedRealmsRequest
 	{
 		internal override ApiUrls ApiUrls => ApiUrlsLookups.SecurityClearCachedRealms;
-		///<summary>/_security/realm/{realms}/_clear_cache</summary>
-		///<param name = "realms">this parameter is required</param>
+		///<summary>/_security/realm/{realms}/_clear_cache</summary>
+		///<param name = "realms">this parameter is required</param>
 		public ClearCachedRealmsDescriptor(Names realms): base(r => r.Required("realms", realms))
 		{
 		}
 
-		///<summary>Used for serialization purposes, making sure we have a parameterless constructor</summary>
+		///<summary>Used for serialization purposes, making sure we have a parameterless constructor</summary>
 		[SerializationConstructor]
 		protected ClearCachedRealmsDescriptor(): base()
 		{
@@ -89,13 +89,13 @@ protected ClearCachedRealmsDescriptor(): base()
 	public partial class ClearCachedRolesDescriptor : RequestDescriptorBase<ClearCachedRolesDescriptor, ClearCachedRolesRequestParameters, IClearCachedRolesRequest>, IClearCachedRolesRequest
 	{
 		internal override ApiUrls ApiUrls => ApiUrlsLookups.SecurityClearCachedRoles;
-		///<summary>/_security/role/{name}/_clear_cache</summary>
-		///<param name = "name">this parameter is required</param>
+		///<summary>/_security/role/{name}/_clear_cache</summary>
+		///<param name = "name">this parameter is required</param>
 		public ClearCachedRolesDescriptor(Names name): base(r => r.Required("name", name))
 		{
 		}
 
-		///<summary>Used for serialization purposes, making sure we have a parameterless constructor</summary>
+		///<summary>Used for serialization purposes, making sure we have a parameterless constructor</summary>
 		[SerializationConstructor]
 		protected ClearCachedRolesDescriptor(): base()
 		{
@@ -120,14 +120,14 @@ public partial class CreateApiKeyDescriptor : RequestDescriptorBase<CreateApiKey
 	public partial class DeletePrivilegesDescriptor : RequestDescriptorBase<DeletePrivilegesDescriptor, DeletePrivilegesRequestParameters, IDeletePrivilegesRequest>, IDeletePrivilegesRequest
 	{
 		internal override ApiUrls ApiUrls => ApiUrlsLookups.SecurityDeletePrivileges;
-		///<summary>/_security/privilege/{application}/{name}</summary>
-		///<param name = "application">this parameter is required</param>
-		///<param name = "name">this parameter is required</param>
+		///<summary>/_security/privilege/{application}/{name}</summary>
+		///<param name = "application">this parameter is required</param>
+		///<param name = "name">this parameter is required</param>
 		public DeletePrivilegesDescriptor(Name application, Name name): base(r => r.Required("application", application).Required("name", name))
 		{
 		}
 
-		///<summary>Used for serialization purposes, making sure we have a parameterless constructor</summary>
+		///<summary>Used for serialization purposes, making sure we have a parameterless constructor</summary>
 		[SerializationConstructor]
 		protected DeletePrivilegesDescriptor(): base()
 		{
@@ -145,13 +145,13 @@ protected DeletePrivilegesDescriptor(): base()
 	public partial class DeleteRoleDescriptor : RequestDescriptorBase<DeleteRoleDescriptor, DeleteRoleRequestParameters, IDeleteRoleRequest>, IDeleteRoleRequest
 	{
 		internal override ApiUrls ApiUrls => ApiUrlsLookups.SecurityDeleteRole;
-		///<summary>/_security/role/{name}</summary>
-		///<param name = "name">this parameter is required</param>
+		///<summary>/_security/role/{name}</summary>
+		///<param name = "name">this parameter is required</param>
 		public DeleteRoleDescriptor(Name name): base(r => r.Required("name", name))
 		{
 		}
 
-		///<summary>Used for serialization purposes, making sure we have a parameterless constructor</summary>
+		///<summary>Used for serialization purposes, making sure we have a parameterless constructor</summary>
 		[SerializationConstructor]
 		protected DeleteRoleDescriptor(): base()
 		{
@@ -168,13 +168,13 @@ protected DeleteRoleDescriptor(): base()
 	public partial class DeleteRoleMappingDescriptor : RequestDescriptorBase<DeleteRoleMappingDescriptor, DeleteRoleMappingRequestParameters, IDeleteRoleMappingRequest>, IDeleteRoleMappingRequest
 	{
 		internal override ApiUrls ApiUrls => ApiUrlsLookups.SecurityDeleteRoleMapping;
-		///<summary>/_security/role_mapping/{name}</summary>
-		///<param name = "name">this parameter is required</param>
+		///<summary>/_security/role_mapping/{name}</summary>
+		///<param name = "name">this parameter is required</param>
 		public DeleteRoleMappingDescriptor(Name name): base(r => r.Required("name", name))
 		{
 		}
 
-		///<summary>Used for serialization purposes, making sure we have a parameterless constructor</summary>
+		///<summary>Used for serialization purposes, making sure we have a parameterless constructor</summary>
 		[SerializationConstructor]
 		protected DeleteRoleMappingDescriptor(): base()
 		{
@@ -191,13 +191,13 @@ protected DeleteRoleMappingDescriptor(): base()
 	public partial class DeleteUserDescriptor : RequestDescriptorBase<DeleteUserDescriptor, DeleteUserRequestParameters, IDeleteUserRequest>, IDeleteUserRequest
 	{
 		internal override ApiUrls ApiUrls => ApiUrlsLookups.SecurityDeleteUser;
-		///<summary>/_security/user/{username}</summary>
-		///<param name = "username">this parameter is required</param>
+		///<summary>/_security/user/{username}</summary>
+		///<param name = "username">this parameter is required</param>
 		public DeleteUserDescriptor(Name username): base(r => r.Required("username", username))
 		{
 		}
 
-		///<summary>Used for serialization purposes, making sure we have a parameterless constructor</summary>
+		///<summary>Used for serialization purposes, making sure we have a parameterless constructor</summary>
 		[SerializationConstructor]
 		protected DeleteUserDescriptor(): base()
 		{
@@ -214,13 +214,13 @@ protected DeleteUserDescriptor(): base()
 	public partial class DisableUserDescriptor : RequestDescriptorBase<DisableUserDescriptor, DisableUserRequestParameters, IDisableUserRequest>, IDisableUserRequest
 	{
 		internal override ApiUrls ApiUrls => ApiUrlsLookups.SecurityDisableUser;
-		///<summary>/_security/user/{username}/_disable</summary>
-		///<param name = "username">this parameter is required</param>
+		///<summary>/_security/user/{username}/_disable</summary>
+		///<param name = "username">this parameter is required</param>
 		public DisableUserDescriptor(Name username): base(r => r.Required("username", username))
 		{
 		}
 
-		///<summary>Used for serialization purposes, making sure we have a parameterless constructor</summary>
+		///<summary>Used for serialization purposes, making sure we have a parameterless constructor</summary>
 		[SerializationConstructor]
 		protected DisableUserDescriptor(): base()
 		{
@@ -237,13 +237,13 @@ protected DisableUserDescriptor(): base()
 	public partial class EnableUserDescriptor : RequestDescriptorBase<EnableUserDescriptor, EnableUserRequestParameters, IEnableUserRequest>, IEnableUserRequest
 	{
 		internal override ApiUrls ApiUrls => ApiUrlsLookups.SecurityEnableUser;
-		///<summary>/_security/user/{username}/_enable</summary>
-		///<param name = "username">this parameter is required</param>
+		///<summary>/_security/user/{username}/_enable</summary>
+		///<param name = "username">this parameter is required</param>
 		public EnableUserDescriptor(Name username): base(r => r.Required("username", username))
 		{
 		}
 
-		///<summary>Used for serialization purposes, making sure we have a parameterless constructor</summary>
+		///<summary>Used for serialization purposes, making sure we have a parameterless constructor</summary>
 		[SerializationConstructor]
 		protected EnableUserDescriptor(): base()
 		{
@@ -266,6 +266,8 @@ public partial class GetApiKeyDescriptor : RequestDescriptorBase<GetApiKeyDescri
 		public GetApiKeyDescriptor Id(string id) => Qs("id", id);
 		///<summary>API key name of the API key to be retrieved</summary>
 		public GetApiKeyDescriptor Name(string name) => Qs("name", name);
+		///<summary>flag to query API keys owned by the currently authenticated user</summary>
+		public GetApiKeyDescriptor Owner(bool? owner = true) => Qs("owner", owner);
 		///<summary>realm name of the user who created this API key to be retrieved</summary>
 		public GetApiKeyDescriptor RealmName(string realmname) => Qs("realm_name", realmname);
 		///<summary>user name of the user who created this API key to be retrieved</summary>
@@ -276,20 +278,20 @@ public partial class GetApiKeyDescriptor : RequestDescriptorBase<GetApiKeyDescri
 	public partial class GetPrivilegesDescriptor : RequestDescriptorBase<GetPrivilegesDescriptor, GetPrivilegesRequestParameters, IGetPrivilegesRequest>, IGetPrivilegesRequest
 	{
 		internal override ApiUrls ApiUrls => ApiUrlsLookups.SecurityGetPrivileges;
-		///<summary>/_security/privilege</summary>
+		///<summary>/_security/privilege</summary>
 		public GetPrivilegesDescriptor(): base()
 		{
 		}
 
-		///<summary>/_security/privilege/{application}</summary>
-		///<param name = "application">Optional, accepts null</param>
+		///<summary>/_security/privilege/{application}</summary>
+		///<param name = "application">Optional, accepts null</param>
 		public GetPrivilegesDescriptor(Name application): base(r => r.Optional("application", application))
 		{
 		}
 
-		///<summary>/_security/privilege/{application}/{name}</summary>
-		///<param name = "application">Optional, accepts null</param>
-		///<param name = "name">Optional, accepts null</param>
+		///<summary>/_security/privilege/{application}/{name}</summary>
+		///<param name = "application">Optional, accepts null</param>
+		///<param name = "name">Optional, accepts null</param>
 		public GetPrivilegesDescriptor(Name application, Name name): base(r => r.Optional("application", application).Optional("name", name))
 		{
 		}
@@ -308,13 +310,13 @@ public GetPrivilegesDescriptor(Name application, Name name): base(r => r.Optiona
 	public partial class GetRoleDescriptor : RequestDescriptorBase<GetRoleDescriptor, GetRoleRequestParameters, IGetRoleRequest>, IGetRoleRequest
 	{
 		internal override ApiUrls ApiUrls => ApiUrlsLookups.SecurityGetRole;
-		///<summary>/_security/role/{name}</summary>
-		///<param name = "name">Optional, accepts null</param>
+		///<summary>/_security/role/{name}</summary>
+		///<param name = "name">Optional, accepts null</param>
 		public GetRoleDescriptor(Name name): base(r => r.Optional("name", name))
 		{
 		}
 
-		///<summary>/_security/role</summary>
+		///<summary>/_security/role</summary>
 		public GetRoleDescriptor(): base()
 		{
 		}
@@ -330,13 +332,13 @@ public GetRoleDescriptor(): base()
 	public partial class GetRoleMappingDescriptor : RequestDescriptorBase<GetRoleMappingDescriptor, GetRoleMappingRequestParameters, IGetRoleMappingRequest>, IGetRoleMappingRequest
 	{
 		internal override ApiUrls ApiUrls => ApiUrlsLookups.SecurityGetRoleMapping;
-		///<summary>/_security/role_mapping/{name}</summary>
-		///<param name = "name">Optional, accepts null</param>
+		///<summary>/_security/role_mapping/{name}</summary>
+		///<param name = "name">Optional, accepts null</param>
 		public GetRoleMappingDescriptor(Name name): base(r => r.Optional("name", name))
 		{
 		}
 
-		///<summary>/_security/role_mapping</summary>
+		///<summary>/_security/role_mapping</summary>
 		public GetRoleMappingDescriptor(): base()
 		{
 		}
@@ -360,13 +362,13 @@ public partial class GetUserAccessTokenDescriptor : RequestDescriptorBase<GetUse
 	public partial class GetUserDescriptor : RequestDescriptorBase<GetUserDescriptor, GetUserRequestParameters, IGetUserRequest>, IGetUserRequest
 	{
 		internal override ApiUrls ApiUrls => ApiUrlsLookups.SecurityGetUser;
-		///<summary>/_security/user/{username}</summary>
-		///<param name = "username">Optional, accepts null</param>
+		///<summary>/_security/user/{username}</summary>
+		///<param name = "username">Optional, accepts null</param>
 		public GetUserDescriptor(Names username): base(r => r.Optional("username", username))
 		{
 		}
 
-		///<summary>/_security/user</summary>
+		///<summary>/_security/user</summary>
 		public GetUserDescriptor(): base()
 		{
 		}
@@ -390,13 +392,13 @@ public partial class GetUserPrivilegesDescriptor : RequestDescriptorBase<GetUser
 	public partial class HasPrivilegesDescriptor : RequestDescriptorBase<HasPrivilegesDescriptor, HasPrivilegesRequestParameters, IHasPrivilegesRequest>, IHasPrivilegesRequest
 	{
 		internal override ApiUrls ApiUrls => ApiUrlsLookups.SecurityHasPrivileges;
-		///<summary>/_security/user/_has_privileges</summary>
+		///<summary>/_security/user/_has_privileges</summary>
 		public HasPrivilegesDescriptor(): base()
 		{
 		}
 
-		///<summary>/_security/user/{user}/_has_privileges</summary>
-		///<param name = "user">Optional, accepts null</param>
+		///<summary>/_security/user/{user}/_has_privileges</summary>
+		///<param name = "user">Optional, accepts null</param>
 		public HasPrivilegesDescriptor(Name user): base(r => r.Optional("user", user))
 		{
 		}
@@ -438,13 +440,13 @@ public partial class PutPrivilegesDescriptor : RequestDescriptorBase<PutPrivileg
 	public partial class PutRoleDescriptor : RequestDescriptorBase<PutRoleDescriptor, PutRoleRequestParameters, IPutRoleRequest>, IPutRoleRequest
 	{
 		internal override ApiUrls ApiUrls => ApiUrlsLookups.SecurityPutRole;
-		///<summary>/_security/role/{name}</summary>
-		///<param name = "name">this parameter is required</param>
+		///<summary>/_security/role/{name}</summary>
+		///<param name = "name">this parameter is required</param>
 		public PutRoleDescriptor(Name name): base(r => r.Required("name", name))
 		{
 		}
 
-		///<summary>Used for serialization purposes, making sure we have a parameterless constructor</summary>
+		///<summary>Used for serialization purposes, making sure we have a parameterless constructor</summary>
 		[SerializationConstructor]
 		protected PutRoleDescriptor(): base()
 		{
@@ -461,13 +463,13 @@ protected PutRoleDescriptor(): base()
 	public partial class PutRoleMappingDescriptor : RequestDescriptorBase<PutRoleMappingDescriptor, PutRoleMappingRequestParameters, IPutRoleMappingRequest>, IPutRoleMappingRequest
 	{
 		internal override ApiUrls ApiUrls => ApiUrlsLookups.SecurityPutRoleMapping;
-		///<summary>/_security/role_mapping/{name}</summary>
-		///<param name = "name">this parameter is required</param>
+		///<summary>/_security/role_mapping/{name}</summary>
+		///<param name = "name">this parameter is required</param>
 		public PutRoleMappingDescriptor(Name name): base(r => r.Required("name", name))
 		{
 		}
 
-		///<summary>Used for serialization purposes, making sure we have a parameterless constructor</summary>
+		///<summary>Used for serialization purposes, making sure we have a parameterless constructor</summary>
 		[SerializationConstructor]
 		protected PutRoleMappingDescriptor(): base()
 		{
@@ -484,13 +486,13 @@ protected PutRoleMappingDescriptor(): base()
 	public partial class PutUserDescriptor : RequestDescriptorBase<PutUserDescriptor, PutUserRequestParameters, IPutUserRequest>, IPutUserRequest
 	{
 		internal override ApiUrls ApiUrls => ApiUrlsLookups.SecurityPutUser;
-		///<summary>/_security/user/{username}</summary>
-		///<param name = "username">this parameter is required</param>
+		///<summary>/_security/user/{username}</summary>
+		///<param name = "username">this parameter is required</param>
 		public PutUserDescriptor(Name username): base(r => r.Required("username", username))
 		{
 		}
 
-		///<summary>Used for serialization purposes, making sure we have a parameterless constructor</summary>
+		///<summary>Used for serialization purposes, making sure we have a parameterless constructor</summary>
 		[SerializationConstructor]
 		protected PutUserDescriptor(): base()
 		{

diff --git a/src/Nest/Requests.Security.cs b/src/Nest/Requests.Security.cs
@@ -468,6 +468,13 @@ public string Name
 			set => Q("name", value);
 		}
 
+		///<summary>flag to query API keys owned by the currently authenticated user</summary>
+		public bool? Owner
+		{
+			get => Q<bool? >("owner");
+			set => Q("owner", value);
+		}
+
 		///<summary>realm name of the user who created this API key to be retrieved</summary>
 		public string RealmName
 		{

diff --git a/src/Nest/XPack/Security/ApiKey/InvalidateApiKey/InvalidateApiKeyRequest.cs b/src/Nest/XPack/Security/ApiKey/InvalidateApiKey/InvalidateApiKeyRequest.cs
@@ -28,6 +28,14 @@ public partial interface IInvalidateApiKeyRequest
 		/// </summary>
 		[DataMember(Name = "username")]
 		string Username { get; set; }
+
+		/// <summary>
+		/// A boolean flag that can be used to query API keys owned by the currently authenticated user. Defaults to false.
+		/// The RealmName or Username parameters cannot be specified when this parameter is set to true as they are
+		/// assumed to be the currently authenticated ones.
+		/// </summary>
+		[DataMember(Name = "owner")]
+		bool? Owner { get; set; }
 	}
 
 	public partial class InvalidateApiKeyRequest
@@ -43,6 +51,9 @@ public partial class InvalidateApiKeyRequest
 
 		/// <inheritdoc />
 		public string Username { get; set; }
+
+		/// <inheritdoc />
+		public bool? Owner { get; set; }
 	}
 
 	public partial class InvalidateApiKeyDescriptor
@@ -59,6 +70,9 @@ public partial class InvalidateApiKeyDescriptor
 		/// <inheritdoc />
 		string IInvalidateApiKeyRequest.Username { get; set; }
 
+		/// <inheritdoc />
+		bool? IInvalidateApiKeyRequest.Owner { get; set; }
+
 		/// <inheritdoc cref="IInvalidateApiKeyRequest.Id" />
 		public InvalidateApiKeyDescriptor Id(string id) => Assign(id, (a, v) => a.Id = v);
 
@@ -70,5 +84,8 @@ public partial class InvalidateApiKeyDescriptor
 
 		/// <inheritdoc cref="IInvalidateApiKeyRequest.Username" />
 		public InvalidateApiKeyDescriptor Username(string username) => Assign(username, (a, v) => a.Username = v);
+
+		/// <inheritdoc cref="IInvalidateApiKeyRequest.Owner" />
+		public InvalidateApiKeyDescriptor Owner(bool? owner = true) => Assign(owner, (a, v) => a.Owner = v);
 	}
 }