From 16f4c6922e5d168e2ec178769d94d1f61f9f5ddf Mon Sep 17 00:00:00 2001 From: Nikolaj Volgushev Date: Tue, 13 Aug 2024 14:25:32 +0200 Subject: [PATCH 1/3] Mark role APIs serverless public --- .../elasticsearch-serverless-openapi.json | 407 ++++++++++ output/schema/schema-serverless.json | 756 ++++++++++++++++++ output/schema/schema.json | 8 +- .../delete_role/SecurityDeleteRoleRequest.ts | 2 +- .../SecurityGetBuiltinPrivilegesRequest.ts | 2 +- .../get_role/SecurityGetRoleRequest.ts | 2 +- .../put_role/SecurityPutRoleRequest.ts | 2 +- 7 files changed, 1171 insertions(+), 8 deletions(-) diff --git a/output/openapi/elasticsearch-serverless-openapi.json b/output/openapi/elasticsearch-serverless-openapi.json index 22770db1d6..f232f5f24d 100644 --- a/output/openapi/elasticsearch-serverless-openapi.json +++ b/output/openapi/elasticsearch-serverless-openapi.json @@ -18093,6 +18093,194 @@ "x-available-since": "6.7.0" } }, + "/_security/role/{name}": { + "get": { + "tags": [ + "security.get_role" + ], + "summary": "The role management APIs are generally the preferred way to manage roles, rather than using file-based role management", + "description": "The get roles API cannot retrieve roles that are defined in roles files.", + "externalDocs": { + "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-role.html" + }, + "operationId": "security-get-role", + "parameters": [ + { + "$ref": "#/components/parameters/security.get_role#name" + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/security.get_role#200" + } + } + }, + "put": { + "tags": [ + "security.put_role" + ], + "summary": "The role management APIs are generally the preferred way to manage roles, rather than using file-based role management", + "description": "The create or update roles API cannot update roles that are defined in roles files.", + "externalDocs": { + "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-role.html" + }, + "operationId": "security-put-role", + "parameters": [ + { + "$ref": "#/components/parameters/security.put_role#name" + }, + { + "$ref": "#/components/parameters/security.put_role#refresh" + } + ], + "requestBody": { + "$ref": "#/components/requestBodies/security.put_role" + }, + "responses": { + "200": { + "$ref": "#/components/responses/security.put_role#200" + } + } + }, + "post": { + "tags": [ + "security.put_role" + ], + "summary": "The role management APIs are generally the preferred way to manage roles, rather than using file-based role management", + "description": "The create or update roles API cannot update roles that are defined in roles files.", + "externalDocs": { + "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-role.html" + }, + "operationId": "security-put-role-1", + "parameters": [ + { + "$ref": "#/components/parameters/security.put_role#name" + }, + { + "$ref": "#/components/parameters/security.put_role#refresh" + } + ], + "requestBody": { + "$ref": "#/components/requestBodies/security.put_role" + }, + "responses": { + "200": { + "$ref": "#/components/responses/security.put_role#200" + } + } + }, + "delete": { + "tags": [ + "security.delete_role" + ], + "summary": "Removes roles in the native realm", + "externalDocs": { + "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-delete-role.html" + }, + "operationId": "security-delete-role", + "parameters": [ + { + "in": "path", + "name": "name", + "description": "Role name", + "required": true, + "deprecated": false, + "schema": { + "$ref": "#/components/schemas/_types:Name" + }, + "style": "simple" + }, + { + "in": "query", + "name": "refresh", + "description": "If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes.", + "deprecated": false, + "schema": { + "$ref": "#/components/schemas/_types:Refresh" + }, + "style": "form" + } + ], + "responses": { + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "found": { + "type": "boolean" + } + }, + "required": [ + "found" + ] + } + } + } + } + } + } + }, + "/_security/privilege/_builtin": { + "get": { + "tags": [ + "security.get_builtin_privileges" + ], + "summary": "Retrieves the list of cluster privileges and index privileges that are available in this version of Elasticsearch", + "externalDocs": { + "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-builtin-privileges.html" + }, + "operationId": "security-get-builtin-privileges", + "responses": { + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "cluster": { + "type": "array", + "items": { + "type": "string" + } + }, + "index": { + "$ref": "#/components/schemas/_types:Indices" + } + }, + "required": [ + "cluster", + "index" + ] + } + } + } + } + }, + "x-available-since": "7.3.0" + } + }, + "/_security/role": { + "get": { + "tags": [ + "security.get_role" + ], + "summary": "The role management APIs are generally the preferred way to manage roles, rather than using file-based role management", + "description": "The get roles API cannot retrieve roles that are defined in roles files.", + "externalDocs": { + "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-role.html" + }, + "operationId": "security-get-role-1", + "responses": { + "200": { + "$ref": "#/components/responses/security.get_role#200" + } + } + } + }, "/_security/user/_has_privileges": { "get": { "tags": [ @@ -22424,6 +22612,19 @@ } } }, + "security.get_role#200": { + "description": "", + "content": { + "application/json": { + "schema": { + "type": "object", + "additionalProperties": { + "$ref": "#/components/schemas/security.get_role:Role" + } + } + } + } + }, "security.has_privileges#200": { "description": "", "content": { @@ -22464,6 +22665,24 @@ } } }, + "security.put_role#200": { + "description": "", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "role": { + "$ref": "#/components/schemas/security._types:CreatedStatus" + } + }, + "required": [ + "role" + ] + } + } + } + }, "security.query_api_keys#200": { "description": "", "content": { @@ -27622,6 +27841,17 @@ }, "style": "form" }, + "security.get_role#name": { + "in": "path", + "name": "name", + "description": "The name of the role. You can specify multiple roles as a comma-separated list. If you do not specify this parameter, the API returns information about all roles.", + "required": true, + "deprecated": false, + "schema": { + "$ref": "#/components/schemas/_types:Names" + }, + "style": "simple" + }, "security.has_privileges#user": { "in": "path", "name": "user", @@ -27633,6 +27863,27 @@ }, "style": "simple" }, + "security.put_role#name": { + "in": "path", + "name": "name", + "description": "The name of the role.", + "required": true, + "deprecated": false, + "schema": { + "$ref": "#/components/schemas/_types:Name" + }, + "style": "simple" + }, + "security.put_role#refresh": { + "in": "query", + "name": "refresh", + "description": "If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes.", + "deprecated": false, + "schema": { + "$ref": "#/components/schemas/_types:Refresh" + }, + "style": "form" + }, "security.query_api_keys#with_limited_by": { "in": "query", "name": "with_limited_by", @@ -29419,6 +29670,63 @@ }, "required": true }, + "security.put_role": { + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "applications": { + "description": "A list of application privilege entries.", + "type": "array", + "items": { + "$ref": "#/components/schemas/security._types:ApplicationPrivileges" + } + }, + "cluster": { + "description": "A list of cluster privileges. These privileges define the cluster-level actions for users with this role.", + "type": "array", + "items": { + "$ref": "#/components/schemas/security._types:ClusterPrivilege" + } + }, + "indices": { + "description": "A list of indices permissions entries.", + "type": "array", + "items": { + "$ref": "#/components/schemas/security._types:IndicesPrivileges" + } + }, + "metadata": { + "$ref": "#/components/schemas/_types:Metadata" + }, + "run_as": { + "externalDocs": { + "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/run-as-privilege.html" + }, + "description": "A list of users that the owners of this role can impersonate. *Note*: in Serverless, the run-as feature is disabled. For API compatibility, you can still specify an empty `run_as` field, but a non-empty list will be rejected.", + "type": "array", + "items": { + "type": "string" + } + }, + "description": { + "description": "Optional description of the role descriptor", + "type": "string" + }, + "transient_metadata": { + "description": "Indicates roles that might be incompatible with the current cluster license, specifically roles with document and field level security. When the cluster license doesn’t allow certain features for a given role, this parameter is updated dynamically to list the incompatible features. If `enabled` is `false`, the role is ignored, but is still listed in the response from the authenticate API.", + "type": "object", + "additionalProperties": { + "type": "object" + } + } + } + } + } + }, + "required": true + }, "security.query_api_keys": { "content": { "application/json": { @@ -61674,6 +61982,94 @@ "name" ] }, + "security.get_role:Role": { + "type": "object", + "properties": { + "cluster": { + "type": "array", + "items": { + "type": "string" + } + }, + "indices": { + "type": "array", + "items": { + "$ref": "#/components/schemas/security._types:IndicesPrivileges" + } + }, + "metadata": { + "$ref": "#/components/schemas/_types:Metadata" + }, + "run_as": { + "type": "array", + "items": { + "type": "string" + } + }, + "transient_metadata": { + "type": "object", + "additionalProperties": { + "type": "object" + } + }, + "applications": { + "type": "array", + "items": { + "$ref": "#/components/schemas/security._types:ApplicationPrivileges" + } + }, + "role_templates": { + "type": "array", + "items": { + "$ref": "#/components/schemas/security._types:RoleTemplate" + } + }, + "global": { + "x-available-since": "8.0.0", + "type": "object", + "additionalProperties": { + "type": "object", + "additionalProperties": { + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } + }, + "required": [ + "cluster", + "indices", + "metadata", + "run_as", + "applications" + ] + }, + "security._types:RoleTemplate": { + "type": "object", + "properties": { + "format": { + "$ref": "#/components/schemas/security._types:TemplateFormat" + }, + "template": { + "$ref": "#/components/schemas/_types:Script" + } + }, + "required": [ + "template" + ] + }, + "security._types:TemplateFormat": { + "type": "string", + "enum": [ + "string", + "json" + ] + }, "security.has_privileges:ApplicationPrivilegesCheck": { "type": "object", "properties": { @@ -61743,6 +62139,17 @@ "type": "boolean" } }, + "security._types:CreatedStatus": { + "type": "object", + "properties": { + "created": { + "type": "boolean" + } + }, + "required": [ + "created" + ] + }, "security.query_api_keys:ApiKeyAggregationContainer": { "allOf": [ { diff --git a/output/schema/schema-serverless.json b/output/schema/schema-serverless.json index fc1e0c4361..1ad07c0b10 100644 --- a/output/schema/schema-serverless.json +++ b/output/schema/schema-serverless.json @@ -8429,6 +8429,40 @@ } ] }, + { + "availability": { + "serverless": { + "stability": "stable", + "visibility": "public" + }, + "stack": { + "stability": "stable" + } + }, + "description": "Removes roles in the native realm.", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-delete-role.html", + "name": "security.delete_role", + "request": { + "name": "Request", + "namespace": "security.delete_role" + }, + "requestBodyRequired": false, + "response": { + "name": "Response", + "namespace": "security.delete_role" + }, + "responseMediaType": [ + "application/json" + ], + "urls": [ + { + "methods": [ + "DELETE" + ], + "path": "/_security/role/{name}" + } + ] + }, { "availability": { "serverless": { @@ -8470,6 +8504,91 @@ } ] }, + { + "availability": { + "serverless": { + "stability": "stable", + "visibility": "public" + }, + "stack": { + "since": "7.3.0", + "stability": "stable" + } + }, + "description": "Retrieves the list of cluster privileges and index privileges that are available in this version of Elasticsearch.", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-builtin-privileges.html", + "name": "security.get_builtin_privileges", + "privileges": { + "cluster": [ + "manage_security" + ] + }, + "request": { + "name": "Request", + "namespace": "security.get_builtin_privileges" + }, + "requestBodyRequired": false, + "response": { + "name": "Response", + "namespace": "security.get_builtin_privileges" + }, + "responseMediaType": [ + "application/json" + ], + "urls": [ + { + "methods": [ + "GET" + ], + "path": "/_security/privilege/_builtin" + } + ] + }, + { + "availability": { + "serverless": { + "stability": "stable", + "visibility": "public" + }, + "stack": { + "stability": "stable" + } + }, + "description": "The role management APIs are generally the preferred way to manage roles, rather than using file-based role management.\nThe get roles API cannot retrieve roles that are defined in roles files.", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-role.html", + "name": "security.get_role", + "privileges": { + "cluster": [ + "manage_security" + ] + }, + "request": { + "name": "Request", + "namespace": "security.get_role" + }, + "requestBodyRequired": false, + "response": { + "name": "Response", + "namespace": "security.get_role" + }, + "responseMediaType": [ + "application/json" + ], + "urls": [ + { + "methods": [ + "GET" + ], + "path": "/_security/role/{name}" + }, + { + "methods": [ + "GET" + ], + "path": "/_security/role" + } + ] + }, { "availability": { "serverless": { @@ -8560,6 +8679,49 @@ } ] }, + { + "availability": { + "serverless": { + "stability": "stable", + "visibility": "public" + }, + "stack": { + "stability": "stable" + } + }, + "description": "The role management APIs are generally the preferred way to manage roles, rather than using file-based role management.\nThe create or update roles API cannot update roles that are defined in roles files.", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-role.html", + "name": "security.put_role", + "privileges": { + "cluster": [ + "manage_security" + ] + }, + "request": { + "name": "Request", + "namespace": "security.put_role" + }, + "requestBodyRequired": true, + "requestMediaType": [ + "application/json" + ], + "response": { + "name": "Response", + "namespace": "security.put_role" + }, + "responseMediaType": [ + "application/json" + ], + "urls": [ + { + "methods": [ + "PUT", + "POST" + ], + "path": "/_security/role/{name}" + } + ] + }, { "availability": { "serverless": { @@ -39103,6 +39265,79 @@ }, "specLocation": "security/create_api_key/SecurityCreateApiKeyResponse.ts#L23-L50" }, + { + "attachedBehaviors": [ + "CommonQueryParameters" + ], + "body": { + "kind": "no_body" + }, + "description": "Removes roles in the native realm.", + "inherits": { + "type": { + "name": "RequestBase", + "namespace": "_types" + } + }, + "kind": "request", + "name": { + "name": "Request", + "namespace": "security.delete_role" + }, + "path": [ + { + "description": "Role name", + "name": "name", + "required": true, + "type": { + "kind": "instance_of", + "type": { + "name": "Name", + "namespace": "_types" + } + } + } + ], + "query": [ + { + "description": "If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes.", + "name": "refresh", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "Refresh", + "namespace": "_types" + } + } + } + ], + "specLocation": "security/delete_role/SecurityDeleteRoleRequest.ts#L23-L35" + }, + { + "body": { + "kind": "properties", + "properties": [ + { + "name": "found", + "required": true, + "type": { + "kind": "instance_of", + "type": { + "name": "boolean", + "namespace": "_builtins" + } + } + } + ] + }, + "kind": "response", + "name": { + "name": "Response", + "namespace": "security.delete_role" + }, + "specLocation": "security/delete_role/SecurityDeleteRoleResponse.ts#L20-L22" + }, { "attachedBehaviors": [ "CommonQueryParameters" @@ -39272,6 +39507,132 @@ }, "specLocation": "security/get_api_key/SecurityGetApiKeyResponse.ts#L22-L24" }, + { + "attachedBehaviors": [ + "CommonQueryParameters" + ], + "body": { + "kind": "no_body" + }, + "description": "Retrieves the list of cluster privileges and index privileges that are available in this version of Elasticsearch.", + "inherits": { + "type": { + "name": "RequestBase", + "namespace": "_types" + } + }, + "kind": "request", + "name": { + "name": "Request", + "namespace": "security.get_builtin_privileges" + }, + "path": [], + "query": [], + "specLocation": "security/get_builtin_privileges/SecurityGetBuiltinPrivilegesRequest.ts#L22-L28" + }, + { + "body": { + "kind": "properties", + "properties": [ + { + "name": "cluster", + "required": true, + "type": { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + } + } + }, + { + "name": "index", + "required": true, + "type": { + "kind": "instance_of", + "type": { + "name": "Indices", + "namespace": "_types" + } + } + } + ] + }, + "kind": "response", + "name": { + "name": "Response", + "namespace": "security.get_builtin_privileges" + }, + "specLocation": "security/get_builtin_privileges/SecurityGetBuiltinPrivilegesResponse.ts#L22-L24" + }, + { + "attachedBehaviors": [ + "CommonQueryParameters" + ], + "body": { + "kind": "no_body" + }, + "description": "The role management APIs are generally the preferred way to manage roles, rather than using file-based role management.\nThe get roles API cannot retrieve roles that are defined in roles files.", + "inherits": { + "type": { + "name": "RequestBase", + "namespace": "_types" + } + }, + "kind": "request", + "name": { + "name": "Request", + "namespace": "security.get_role" + }, + "path": [ + { + "description": "The name of the role. You can specify multiple roles as a comma-separated list. If you do not specify this parameter, the API returns information about all roles.", + "name": "name", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "Names", + "namespace": "_types" + } + } + } + ], + "query": [], + "specLocation": "security/get_role/SecurityGetRoleRequest.ts#L23-L38" + }, + { + "body": { + "kind": "value", + "value": { + "key": { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + }, + "kind": "dictionary_of", + "singleKey": false, + "value": { + "kind": "instance_of", + "type": { + "name": "Role", + "namespace": "security.get_role" + } + } + } + }, + "kind": "response", + "name": { + "name": "Response", + "namespace": "security.get_role" + }, + "specLocation": "security/get_role/SecurityGetRoleResponse.ts#L23-L26" + }, { "attachedBehaviors": [ "CommonQueryParameters" @@ -39609,6 +39970,186 @@ }, "specLocation": "security/invalidate_api_key/SecurityInvalidateApiKeyResponse.ts#L23-L30" }, + { + "attachedBehaviors": [ + "CommonQueryParameters" + ], + "body": { + "kind": "properties", + "properties": [ + { + "description": "A list of application privilege entries.", + "name": "applications", + "required": false, + "type": { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "ApplicationPrivileges", + "namespace": "security._types" + } + } + } + }, + { + "description": "A list of cluster privileges. These privileges define the cluster-level actions for users with this role.", + "name": "cluster", + "required": false, + "type": { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "ClusterPrivilege", + "namespace": "security._types" + } + } + } + }, + { + "description": "A list of indices permissions entries.", + "name": "indices", + "required": false, + "type": { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "IndicesPrivileges", + "namespace": "security._types" + } + } + } + }, + { + "description": "Optional metadata. Within the metadata object, keys that begin with an underscore (`_`) are reserved for system use.", + "name": "metadata", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "Metadata", + "namespace": "_types" + } + } + }, + { + "description": "A list of users that the owners of this role can impersonate. *Note*: in Serverless, the run-as feature is disabled. For API compatibility, you can still specify an empty `run_as` field, but a non-empty list will be rejected.", + "docId": "run-as-privilege", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/run-as-privilege.html", + "name": "run_as", + "required": false, + "type": { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + } + } + }, + { + "description": "Optional description of the role descriptor", + "name": "description", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + } + }, + { + "description": "Indicates roles that might be incompatible with the current cluster license, specifically roles with document and field level security. When the cluster license doesn’t allow certain features for a given role, this parameter is updated dynamically to list the incompatible features. If `enabled` is `false`, the role is ignored, but is still listed in the response from the authenticate API.", + "name": "transient_metadata", + "required": false, + "type": { + "key": { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + }, + "kind": "dictionary_of", + "singleKey": false, + "value": { + "kind": "user_defined_value" + } + } + } + ] + }, + "description": "The role management APIs are generally the preferred way to manage roles, rather than using file-based role management.\nThe create or update roles API cannot update roles that are defined in roles files.", + "inherits": { + "type": { + "name": "RequestBase", + "namespace": "_types" + } + }, + "kind": "request", + "name": { + "name": "Request", + "namespace": "security.put_role" + }, + "path": [ + { + "description": "The name of the role.", + "name": "name", + "required": true, + "type": { + "kind": "instance_of", + "type": { + "name": "Name", + "namespace": "_types" + } + } + } + ], + "query": [ + { + "description": "If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes.", + "name": "refresh", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "Refresh", + "namespace": "_types" + } + } + } + ], + "specLocation": "security/put_role/SecurityPutRoleRequest.ts#L30-L84" + }, + { + "body": { + "kind": "properties", + "properties": [ + { + "name": "role", + "required": true, + "type": { + "kind": "instance_of", + "type": { + "name": "CreatedStatus", + "namespace": "security._types" + } + } + } + ] + }, + "kind": "response", + "name": { + "name": "Response", + "namespace": "security.put_role" + }, + "specLocation": "security/put_role/SecurityPutRoleResponse.ts#L22-L24" + }, { "attachedBehaviors": [ "CommonQueryParameters" @@ -134454,6 +134995,200 @@ ], "specLocation": "security/authenticate/types.ts#L22-L29" }, + { + "kind": "interface", + "name": { + "name": "Role", + "namespace": "security.get_role" + }, + "properties": [ + { + "name": "cluster", + "required": true, + "type": { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + } + } + }, + { + "name": "indices", + "required": true, + "type": { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "IndicesPrivileges", + "namespace": "security._types" + } + } + } + }, + { + "name": "metadata", + "required": true, + "type": { + "kind": "instance_of", + "type": { + "name": "Metadata", + "namespace": "_types" + } + } + }, + { + "name": "run_as", + "required": true, + "type": { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + } + } + }, + { + "name": "transient_metadata", + "required": false, + "type": { + "key": { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + }, + "kind": "dictionary_of", + "singleKey": false, + "value": { + "kind": "user_defined_value" + } + } + }, + { + "name": "applications", + "required": true, + "type": { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "ApplicationPrivileges", + "namespace": "security._types" + } + } + } + }, + { + "name": "role_templates", + "required": false, + "type": { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "RoleTemplate", + "namespace": "security._types" + } + } + } + }, + { + "availability": { + "serverless": {}, + "stack": { + "since": "8.0.0" + } + }, + "name": "global", + "required": false, + "type": { + "key": { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + }, + "kind": "dictionary_of", + "singleKey": false, + "value": { + "key": { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + }, + "kind": "dictionary_of", + "singleKey": false, + "value": { + "key": { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + }, + "kind": "dictionary_of", + "singleKey": false, + "value": { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + } + } + } + } + } + } + ], + "specLocation": "security/get_role/types.ts#L29-L42" + }, + { + "kind": "interface", + "name": { + "name": "RoleTemplate", + "namespace": "security._types" + }, + "properties": [ + { + "name": "format", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "TemplateFormat", + "namespace": "security._types" + } + } + }, + { + "name": "template", + "required": true, + "type": { + "kind": "instance_of", + "type": { + "name": "Script", + "namespace": "_types" + } + } + } + ], + "specLocation": "security/_types/RoleTemplate.ts#L28-L31" + }, { "kind": "interface", "name": { @@ -134555,6 +135290,27 @@ ], "specLocation": "security/has_privileges/types.ts#L33-L44" }, + { + "kind": "interface", + "name": { + "name": "CreatedStatus", + "namespace": "security._types" + }, + "properties": [ + { + "name": "created", + "required": true, + "type": { + "kind": "instance_of", + "type": { + "name": "boolean", + "namespace": "_builtins" + } + } + } + ], + "specLocation": "security/_types/CreatedStatus.ts#L20-L22" + }, { "kind": "interface", "name": { diff --git a/output/schema/schema.json b/output/schema/schema.json index e2e69dd470..88cd18e79e 100644 --- a/output/schema/schema.json +++ b/output/schema/schema.json @@ -15331,7 +15331,7 @@ "availability": { "serverless": { "stability": "stable", - "visibility": "private" + "visibility": "public" }, "stack": { "stability": "stable" @@ -15718,7 +15718,7 @@ "availability": { "serverless": { "stability": "stable", - "visibility": "private" + "visibility": "public" }, "stack": { "since": "7.3.0", @@ -15805,7 +15805,7 @@ "availability": { "serverless": { "stability": "stable", - "visibility": "private" + "visibility": "public" }, "stack": { "stability": "stable" @@ -16498,7 +16498,7 @@ "availability": { "serverless": { "stability": "stable", - "visibility": "private" + "visibility": "public" }, "stack": { "stability": "stable" diff --git a/specification/security/delete_role/SecurityDeleteRoleRequest.ts b/specification/security/delete_role/SecurityDeleteRoleRequest.ts index fa4afc81df..0f1d7e2d9b 100644 --- a/specification/security/delete_role/SecurityDeleteRoleRequest.ts +++ b/specification/security/delete_role/SecurityDeleteRoleRequest.ts @@ -23,7 +23,7 @@ import { Name, Refresh } from '@_types/common' /** * @rest_spec_name security.delete_role * @availability stack stability=stable - * @availability serverless stability=stable visibility=private + * @availability serverless stability=stable visibility=public */ export interface Request extends RequestBase { path_parts: { diff --git a/specification/security/get_builtin_privileges/SecurityGetBuiltinPrivilegesRequest.ts b/specification/security/get_builtin_privileges/SecurityGetBuiltinPrivilegesRequest.ts index 646eef3bf9..c1223b8338 100644 --- a/specification/security/get_builtin_privileges/SecurityGetBuiltinPrivilegesRequest.ts +++ b/specification/security/get_builtin_privileges/SecurityGetBuiltinPrivilegesRequest.ts @@ -22,7 +22,7 @@ import { RequestBase } from '@_types/Base' /** * @rest_spec_name security.get_builtin_privileges * @availability stack since=7.3.0 stability=stable - * @availability serverless stability=stable visibility=private + * @availability serverless stability=stable visibility=public * @cluster_privileges manage_security */ export interface Request extends RequestBase {} diff --git a/specification/security/get_role/SecurityGetRoleRequest.ts b/specification/security/get_role/SecurityGetRoleRequest.ts index 2f0a9917a8..21316a24a4 100644 --- a/specification/security/get_role/SecurityGetRoleRequest.ts +++ b/specification/security/get_role/SecurityGetRoleRequest.ts @@ -25,7 +25,7 @@ import { Names } from '@_types/common' * The get roles API cannot retrieve roles that are defined in roles files. * @rest_spec_name security.get_role * @availability stack stability=stable - * @availability serverless stability=stable visibility=private + * @availability serverless stability=stable visibility=public * @cluster_privileges manage_security */ export interface Request extends RequestBase { diff --git a/specification/security/put_role/SecurityPutRoleRequest.ts b/specification/security/put_role/SecurityPutRoleRequest.ts index 7ab61f878c..62b25087b5 100644 --- a/specification/security/put_role/SecurityPutRoleRequest.ts +++ b/specification/security/put_role/SecurityPutRoleRequest.ts @@ -32,7 +32,7 @@ import { Metadata, Name, Refresh } from '@_types/common' * The create or update roles API cannot update roles that are defined in roles files. * @rest_spec_name security.put_role * @availability stack stability=stable - * @availability serverless stability=stable visibility=private + * @availability serverless stability=stable visibility=public * @cluster_privileges manage_security */ export interface Request extends RequestBase { From c25af2cdf29342541d1d377cb8210f6ee6cf9325 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Slobodan=20Adamovi=C4=87?= Date: Thu, 3 Oct 2024 10:40:51 +0200 Subject: [PATCH 2/3] [Serverless] Update role name description (#2888) This commit updates the role name parameter description to point out the restrictions we have in Serverless. --- output/openapi/elasticsearch-serverless-openapi.json | 2 +- output/schema/schema-serverless.json | 2 +- specification/security/put_role/SecurityPutRoleRequest.ts | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/output/openapi/elasticsearch-serverless-openapi.json b/output/openapi/elasticsearch-serverless-openapi.json index 4d772246d3..3b16e96067 100644 --- a/output/openapi/elasticsearch-serverless-openapi.json +++ b/output/openapi/elasticsearch-serverless-openapi.json @@ -61559,7 +61559,7 @@ "security.put_role#name": { "in": "path", "name": "name", - "description": "The name of the role.", + "description": "The name of the role that is being created or updated. On Elasticsearch Serverless, the role name must begin with a letter or digit and can only contain letters, digits and the characters '_', '-', and '.'. Each role must have a unique name, as this will serve as the identifier for that role.", "required": true, "deprecated": false, "schema": { diff --git a/output/schema/schema-serverless.json b/output/schema/schema-serverless.json index cd8b7feee5..ba94ed4dbd 100644 --- a/output/schema/schema-serverless.json +++ b/output/schema/schema-serverless.json @@ -39974,7 +39974,7 @@ }, "path": [ { - "description": "The name of the role.", + "description": "The name of the role that is being created or updated. On Elasticsearch Serverless, the role name must begin with a letter or digit and can only contain letters, digits and the characters '_', '-', and '.'. Each role must have a unique name, as this will serve as the identifier for that role.", "name": "name", "required": true, "type": { diff --git a/specification/security/put_role/SecurityPutRoleRequest.ts b/specification/security/put_role/SecurityPutRoleRequest.ts index fa12cf430e..09f818145b 100644 --- a/specification/security/put_role/SecurityPutRoleRequest.ts +++ b/specification/security/put_role/SecurityPutRoleRequest.ts @@ -39,7 +39,7 @@ import { Metadata, Name, Refresh } from '@_types/common' export interface Request extends RequestBase { path_parts: { /** - * The name of the role. + * The name of the role that is being created or updated. On Elasticsearch Serverless, the role name must begin with a letter or digit and can only contain letters, digits and the characters '_', '-', and '.'. Each role must have a unique name, as this will serve as the identifier for that role. */ name: Name } From 2ee6f767bd6b921d05264f4374a014eae796a23d Mon Sep 17 00:00:00 2001 From: Nikolaj Volgushev Date: Thu, 10 Oct 2024 14:06:14 +0200 Subject: [PATCH 3/3] Update schemas --- output/openapi/elasticsearch-openapi.json | 2 +- output/openapi/elasticsearch-serverless-openapi.json | 3 +-- output/schema/schema.json | 2 +- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/output/openapi/elasticsearch-openapi.json b/output/openapi/elasticsearch-openapi.json index 3cb3614300..b4f09f93bb 100644 --- a/output/openapi/elasticsearch-openapi.json +++ b/output/openapi/elasticsearch-openapi.json @@ -99988,7 +99988,7 @@ "security.put_role#name": { "in": "path", "name": "name", - "description": "The name of the role.", + "description": "The name of the role that is being created or updated. On Elasticsearch Serverless, the role name must begin with a letter or digit and can only contain letters, digits and the characters '_', '-', and '.'. Each role must have a unique name, as this will serve as the identifier for that role.", "required": true, "deprecated": false, "schema": { diff --git a/output/openapi/elasticsearch-serverless-openapi.json b/output/openapi/elasticsearch-serverless-openapi.json index 81da309e10..e25252ddfc 100644 --- a/output/openapi/elasticsearch-serverless-openapi.json +++ b/output/openapi/elasticsearch-serverless-openapi.json @@ -17095,7 +17095,7 @@ } } }, - "x-available-since": "7.3.0" + "x-state": "Added in 7.3.0" } }, "/_security/role": { @@ -53635,7 +53635,6 @@ } }, "global": { - "x-available-since": "8.0.0", "type": "object", "additionalProperties": { "type": "object", diff --git a/output/schema/schema.json b/output/schema/schema.json index 6d07e226e9..a3345c2534 100644 --- a/output/schema/schema.json +++ b/output/schema/schema.json @@ -192923,7 +192923,7 @@ }, "path": [ { - "description": "The name of the role.", + "description": "The name of the role that is being created or updated. On Elasticsearch Serverless, the role name must begin with a letter or digit and can only contain letters, digits and the characters '_', '-', and '.'. Each role must have a unique name, as this will serve as the identifier for that role.", "name": "name", "required": true, "type": {