diff --git a/spec/namespaces/security.yaml b/spec/namespaces/security.yaml index 5c2f3e2e3..69694b5ad 100644 --- a/spec/namespaces/security.yaml +++ b/spec/namespaces/security.yaml @@ -1022,6 +1022,11 @@ components: schema: $ref: '../schemas/security._common.yaml#/components/schemas/ChangePasswordRequestContent' required: true + security.config_upgrade_perform: + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/ConfigUpgradePayload' security.create_action_group: content: application/json: @@ -1034,12 +1039,6 @@ components: schema: $ref: '../schemas/security._common.yaml#/components/schemas/AllowlistConfig' required: true - security.patch_allowlist: - content: - application/json: - schema: - $ref: '../schemas/security._common.yaml#/components/schemas/PatchOperation' - required: true security.create_role: content: application/json: @@ -1058,11 +1057,13 @@ components: schema: $ref: '../schemas/security._common.yaml#/components/schemas/CreateTenantParams' required: true - security.generate_obo_token: + security.create_update_tenancy_config: content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OBOToken' + type: array + items: + $ref: '../schemas/security._common.yaml#/components/schemas/MultiTenancyConfig' required: true security.create_user: content: @@ -1076,15 +1077,15 @@ components: schema: $ref: '../schemas/security._common.yaml#/components/schemas/User' required: true - security.post_dashboards_info: + security.generate_obo_token: content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/DashboardsInfo' - required: false + $ref: '../schemas/security._common.yaml#/components/schemas/OBOToken' + required: true security.patch_action_group: content: - application/x-ndjson: + application/json: schema: type: array items: @@ -1092,7 +1093,15 @@ components: required: true security.patch_action_groups: content: - application/x-ndjson: + application/json: + schema: + type: array + items: + $ref: '../schemas/security._common.yaml#/components/schemas/PatchOperation' + required: true + security.patch_allowlist: + content: + application/json: schema: type: array items: @@ -1100,7 +1109,7 @@ components: required: true security.patch_audit_configuration: content: - application/x-ndjson: + application/json: schema: type: array items: @@ -1108,15 +1117,20 @@ components: required: true security.patch_configuration: content: - application/x-ndjson: + application/json: schema: type: array items: $ref: '../schemas/security._common.yaml#/components/schemas/PatchOperation' required: true + security.patch_distinguished_name: + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/PatchOperation' security.patch_distinguished_names: content: - application/x-ndjson: + application/json: schema: type: array items: @@ -1124,7 +1138,7 @@ components: required: true security.patch_role: content: - application/x-ndjson: + application/json: schema: type: array items: @@ -1132,7 +1146,7 @@ components: required: true security.patch_role_mapping: content: - application/x-ndjson: + application/json: schema: type: array items: @@ -1140,7 +1154,7 @@ components: required: true security.patch_role_mappings: content: - application/x-ndjson: + application/json: schema: type: array items: @@ -1148,7 +1162,7 @@ components: required: true security.patch_roles: content: - application/x-ndjson: + application/json: schema: type: array items: @@ -1156,7 +1170,7 @@ components: required: true security.patch_tenant: content: - application/x-ndjson: + application/json: schema: type: array items: @@ -1164,7 +1178,7 @@ components: required: true security.patch_tenants: content: - application/x-ndjson: + application/json: schema: type: array items: @@ -1172,7 +1186,7 @@ components: required: true security.patch_user: content: - application/x-ndjson: + application/json: schema: type: array items: @@ -1180,12 +1194,18 @@ components: required: true security.patch_users: content: - application/x-ndjson: + application/json: schema: type: array items: $ref: '../schemas/security._common.yaml#/components/schemas/PatchOperation' required: true + security.post_dashboards_info: + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/DashboardsInfo' + required: false security.update_audit_configuration: content: application/json: @@ -1203,199 +1223,205 @@ components: application/json: schema: $ref: '../schemas/security._common.yaml#/components/schemas/PatchOperation' - security.patch_distinguished_name: + responses: + security.authinfo@200: + description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/PatchOperation' - security.config_upgrade_perform: + $ref: '../schemas/security._common.yaml#/components/schemas/AuthInfo' + security.authinfo@500: + description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/ConfigUpgradePayload' - security.create_update_tenancy_config: + $ref: '../schemas/security._common.yaml#/components/schemas/InternalServerError' + security.authtoken@200: + description: '' content: application/json: schema: - type: array - items: - $ref: '../schemas/security._common.yaml#/components/schemas/MultiTenancyConfig' - required: true - responses: - security.get_sslinfo@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.cache@501: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/SSLInfo' - security.authinfo@200: + $ref: '../schemas/security._common.yaml#/components/schemas/MethodNotImplemented' + security.change_password@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/AuthInfo' - security.get_dashboards_info@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.config_upgrade_check@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/DashboardsInfo' - security.post_dashboards_info@200: + $ref: '../schemas/security._common.yaml#/components/schemas/UpgradeCheck' + security.config_upgrade_perform@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/DashboardsInfo' - security.change_password@200: + $ref: '../schemas/security._common.yaml#/components/schemas/UpgradePerform' + security.create_action_group@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' - security.create_action_group@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.create_allowlist@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' + $ref: '../schemas/security._common.yaml#/components/schemas/AllowlistConfig' security.create_role@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' security.create_role_mapping@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' security.create_tenant@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' - security.create_user@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.create_tenant@400: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' - security.create_user_legacy@200: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' + security.create_update_tenancy_config@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' - security.delete_action_group@200: + $ref: '../schemas/security._common.yaml#/components/schemas/MultiTenancyConfig' + security.create_update_tenancy_config@400: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' - security.delete_distinguished_name@200: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' + security.create_user@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' - security.delete_role@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.create_user_legacy@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' - security.delete_role_mapping@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.delete_action_group@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' - security.delete_tenant@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.delete_distinguished_name@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' - security.delete_user@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.delete_distinguished_name@403: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' - security.delete_user_legacy@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Unauthorized' + security.delete_role@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' - security.generate_user_token@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.delete_role_mapping@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' - security.generate_user_token_legacy@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.delete_tenant@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' - security.get_permissions_info@500: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.delete_tenant@400: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/InternalServerErrorResponse' - security.who_am_i@500: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' + security.delete_user@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/InternalServerErrorResponse' - security.who_am_i_protected@500: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.delete_user_legacy@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/InternalServerErrorResponse' - security.tenant_info@500: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.flush_cache@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/InternalServerErrorResponse' - security.post_dashboards_info@500: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.generate_obo_token@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/InternalServerErrorResponse' - security.get_dashboards_info@500: + $ref: '../schemas/security._common.yaml#/components/schemas/GenerateOBOToken' + security.generate_obo_token@400: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/InternalServerErrorResponse' - security.authinfo@500: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' + security.generate_user_token@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/InternalServerErrorResponse' - security.get_sslinfo@500: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.generate_user_token@400: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/InternalServerErrorResponse' - security.flush_cache@200: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' + security.generate_user_token_legacy@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.generate_user_token_legacy@400: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' security.get_account_details@200: description: '' content: @@ -1414,479 +1440,445 @@ components: application/json: schema: $ref: '../schemas/security._common.yaml#/components/schemas/ActionGroupsMap' - security.patch_allowlist@200: + security.get_allowlist@200: description: '' content: application/json: schema: $ref: '../schemas/security._common.yaml#/components/schemas/AllowlistConfig' - security.get_allowlist@200: + security.get_audit_configuration@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/AllowlistConfig' - security.create_allowlist@200: + $ref: '../schemas/security._common.yaml#/components/schemas/AuditConfigWithReadOnly' + security.get_certificates@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/AllowlistConfig' - security.authtoken@200: + $ref: '../schemas/security._common.yaml#/components/schemas/GetCertificates' + security.get_certificates@400: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' - security.get_audit_configuration@200: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' + security.get_configuration@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/AuditConfigWithReadOnly' - security.get_certificates@200: + $ref: '../schemas/security._common.yaml#/components/schemas/DynamicConfig' + security.get_dashboards_info@200: description: '' content: application/json: schema: - type: object - properties: - http_certificates_list: - type: array - items: - $ref: '../schemas/security._common.yaml#/components/schemas/CertificatesDetail' - transport_certificates_list: - type: array - items: - $ref: '../schemas/security._common.yaml#/components/schemas/CertificatesDetail' - security.get_configuration@200: + $ref: '../schemas/security._common.yaml#/components/schemas/DashboardsInfo' + security.get_dashboards_info@500: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/DynamicConfig' + $ref: '../schemas/security._common.yaml#/components/schemas/InternalServerError' security.get_distinguished_name@200: description: Show nodesDn setting for given cluster. content: application/json: schema: $ref: '../schemas/security._common.yaml#/components/schemas/DistinguishedNames' - security.update_distinguished_name@200: + security.get_distinguished_name@403: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' + $ref: '../schemas/security._common.yaml#/components/schemas/Unauthorized' security.get_distinguished_names@200: description: '' content: application/json: schema: $ref: '../schemas/security._common.yaml#/components/schemas/DistinguishedNamesMap' - security.get_role@200: - description: '' - content: - application/json: - schema: - $ref: '../schemas/security._common.yaml#/components/schemas/RolesMap' - security.get_role_mapping@200: - description: '' - content: - application/json: - schema: - $ref: '../schemas/security._common.yaml#/components/schemas/RoleMappings' - security.get_role_mappings@200: + security.get_distinguished_names@403: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/RoleMappings' + $ref: '../schemas/security._common.yaml#/components/schemas/Unauthorized' security.get_permissions_info@200: description: '' content: application/json: schema: $ref: '../schemas/security._common.yaml#/components/schemas/PermissionsInfo' - security.get_roles@200: + security.get_permissions_info@500: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/RolesMap' - security.get_tenant@200: + $ref: '../schemas/security._common.yaml#/components/schemas/InternalServerError' + security.get_role@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/TenantsMap' - security.get_tenants@200: + $ref: '../schemas/security._common.yaml#/components/schemas/RolesMap' + security.get_role_mapping@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/TenantsMap' - security.get_tenancy_config@200: + $ref: '../schemas/security._common.yaml#/components/schemas/RoleMappings' + security.get_role_mappings@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/MultiTenancyConfig' - security.create_update_tenancy_config@200: + $ref: '../schemas/security._common.yaml#/components/schemas/RoleMappings' + security.get_roles@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/MultiTenancyConfig' - security.get_user@200: + $ref: '../schemas/security._common.yaml#/components/schemas/RolesMap' + security.get_sslinfo@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/UsersMap' - security.get_user_legacy@200: + $ref: '../schemas/security._common.yaml#/components/schemas/SSLInfo' + security.get_sslinfo@500: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/UsersMap' - security.get_users@200: + $ref: '../schemas/security._common.yaml#/components/schemas/InternalServerError' + security.get_tenant@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/UsersMap' - security.get_users_legacy@200: + $ref: '../schemas/security._common.yaml#/components/schemas/TenantsMap' + security.get_tenancy_config@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/UsersMap' - security.health@200: + $ref: '../schemas/security._common.yaml#/components/schemas/MultiTenancyConfig' + security.get_tenancy_config@400: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/HealthInfo' - security.patch_action_group@200: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' + security.get_tenants@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' - security.patch_action_groups@200: + $ref: '../schemas/security._common.yaml#/components/schemas/TenantsMap' + security.get_tenants@400: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' - security.patch_audit_configuration@200: - description: '' - security.patch_configuration@200: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' + security.get_user@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' - security.patch_distinguished_names@200: + $ref: '../schemas/security._common.yaml#/components/schemas/UsersMap' + security.get_user_legacy@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' - security.patch_role@200: + $ref: '../schemas/security._common.yaml#/components/schemas/UsersMap' + security.get_users@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' - security.patch_role_mapping@200: + $ref: '../schemas/security._common.yaml#/components/schemas/UsersMap' + security.get_users_legacy@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' - security.patch_role_mappings@200: + $ref: '../schemas/security._common.yaml#/components/schemas/UsersMap' + security.health@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' - security.patch_roles@200: + $ref: '../schemas/security._common.yaml#/components/schemas/HealthInfo' + security.migrate@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' - security.patch_tenant@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.migrate@400: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' - security.patch_tenants@200: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' + security.patch_action_group@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' - security.patch_user@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.patch_action_groups@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' - security.patch_users@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.patch_allowlist@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' - security.reload_http_certificates@200: + $ref: '../schemas/security._common.yaml#/components/schemas/AllowlistConfig' + security.patch_audit_configuration@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' - security.reload_transport_certificates@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.patch_configuration@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' - security.tenant_info@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.patch_distinguished_name@200: description: '' content: application/json: schema: - type: object - properties: - "": - type: string - value: "" - security.update_audit_configuration@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.patch_distinguished_name@403: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' - security.update_configuration@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Unauthorized' + security.patch_distinguished_names@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' - security.patch_distinguished_name@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.patch_distinguished_names@403: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' - security.config_upgrade_check@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Unauthorized' + security.patch_role@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/UpgradeCheck' - security.config_upgrade_perform@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.patch_role@400: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/UpgradePerform' - security.who_am_i@200: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' + security.patch_role_mapping@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/WhoAmI' - security.who_am_i_protected@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.patch_role_mapping@400: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/WhoAmI' - security.generate_obo_token@200: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' + security.patch_role_mappings@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/GenerateOBOToken' - security.cache@501: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.patch_role_mappings@400: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/MethodNotImplemented' - security.validate@400: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' + security.patch_roles@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/BadRequestResponse' - security.generate_user_token@400: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.patch_roles@400: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/BadRequestResponse' - security.generate_user_token_legacy@400: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' + security.patch_tenant@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/BadRequestResponse' - security.delete_tenant@400: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.patch_tenant@400: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/BadRequestResponse' - security.patch_tenant@400: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' + security.patch_tenants@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/BadRequestResponse' + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' security.patch_tenants@400: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/BadRequestResponse' - security.create_tenant@400: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' + security.patch_user@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/BadRequestResponse' - security.get_tenants@400: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.patch_users@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/BadRequestResponse' - security.create_update_tenancy_config@400: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.post_dashboards_info@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/BadRequestResponse' - security.get_tenancy_config@400: + $ref: '../schemas/security._common.yaml#/components/schemas/DashboardsInfo' + security.post_dashboards_info@500: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/BadRequestResponse' - security.get_certificates@400: + $ref: '../schemas/security._common.yaml#/components/schemas/InternalServerError' + security.reload_http_certificates@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/BadRequestResponse' + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' security.reload_http_certificates@400: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/BadRequestResponse' - security.reload_transport_certificates@400: - description: '' - content: - application/json: - schema: - $ref: '../schemas/security._common.yaml#/components/schemas/BadRequestResponse' - security.patch_roles@400: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' + security.reload_transport_certificates@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/BadRequestResponse' - security.patch_role@400: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.reload_transport_certificates@400: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/BadRequestResponse' - security.patch_role_mappings@400: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' + security.tenant_info@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/BadRequestResponse' - security.patch_role_mapping@400: + $ref: '../schemas/security._common.yaml#/components/schemas/TenantInfo' + security.tenant_info@500: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/BadRequestResponse' - security.migrate@400: + $ref: '../schemas/security._common.yaml#/components/schemas/InternalServerError' + security.update_audit_configuration@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/BadRequestResponse' - security.generate_obo_token@400: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.update_configuration@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/BadRequestResponse' - security.get_distinguished_names@403: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.update_distinguished_name@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/UnauthorizedResponse' - security.patch_distinguished_names@403: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.update_distinguished_name@403: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/UnauthorizedResponse' - security.get_distinguished_name@403: + $ref: '../schemas/security._common.yaml#/components/schemas/Unauthorized' + security.validate@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/UnauthorizedResponse' - security.patch_distinguished_name@403: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.validate@400: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/UnauthorizedResponse' - security.update_distinguished_name@403: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' + security.who_am_i@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/UnauthorizedResponse' - security.delete_distinguished_name@403: + $ref: '../schemas/security._common.yaml#/components/schemas/WhoAmI' + security.who_am_i@500: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/UnauthorizedResponse' - security.migrate@200: + $ref: '../schemas/security._common.yaml#/components/schemas/InternalServerError' + security.who_am_i_protected@200: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' - security.validate@200: + $ref: '../schemas/security._common.yaml#/components/schemas/WhoAmI' + security.who_am_i_protected@500: description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' + $ref: '../schemas/security._common.yaml#/components/schemas/InternalServerError' parameters: - security.get_sslinfo::query.show_dn: - name: show_dn + security.authinfo::query.auth_type: + name: auth_type in: query - description: The domain names from all certificates. + description: The type of current authentication request. schema: type: string - description: A boolean flag to indicate whether all domain names should be returned. required: false security.authinfo::query.verbose: name: verbose @@ -1895,13 +1887,6 @@ components: schema: type: boolean required: false - security.authinfo::query.auth_type: - name: auth_type - in: query - description: The type of current authentication request. - schema: - type: string - required: false security.create_action_group::path.action_group: name: action_group in: path @@ -2034,6 +2019,14 @@ components: schema: type: string required: true + security.get_sslinfo::query.show_dn: + name: show_dn + in: query + description: The domain names from all certificates. + schema: + type: string + description: A boolean flag to indicate whether all domain names should be returned. + required: false security.get_tenant::path.tenant: name: tenant in: path @@ -2064,6 +2057,12 @@ components: schema: type: string required: true + security.patch_distinguished_name::path.cluster_name: + name: cluster_name + in: path + schema: + type: string + required: true security.patch_role::path.role: name: role in: path @@ -2094,15 +2093,11 @@ components: schema: type: string required: true - security.patch_distinguished_name::path.cluster_name: - name: cluster_name - in: path - schema: - type: string - required: true security.validate::query.accept_invalid: name: accept_invalid in: query schema: type: boolean required: false + + diff --git a/spec/schemas/security._common.yaml b/spec/schemas/security._common.yaml index a4f21a51c..b397352bf 100644 --- a/spec/schemas/security._common.yaml +++ b/spec/schemas/security._common.yaml @@ -6,54 +6,6 @@ info: paths: {} components: schemas: - RoleMapping: - type: object - properties: - hosts: - type: array - items: - type: string - users: - type: array - items: - type: string - reserved: - type: boolean - hidden: - type: boolean - backend_roles: - type: array - items: - type: string - and_backend_roles: - type: array - items: - type: string - description: - type: string - User: - type: object - properties: - hash: - type: string - reserved: - type: boolean - hidden: - type: boolean - backend_roles: - type: array - items: - type: string - attributes: - $ref: '#/components/schemas/UserAttributes' - description: - type: string - opendistro_security_roles: - type: array - items: - type: string - static: - type: boolean AccountDetails: type: object properties: @@ -81,31 +33,7 @@ components: type: array items: type: string - UserTenants: - type: object - properties: - global_tenant: - type: boolean - admin_tenant: - type: boolean - admin: - type: boolean - ChangePasswordRequestContent: - type: object - properties: - current_password: - type: string - description: The current password. - password: - type: string - description: The new password to set. - required: - - current_password - - password - ActionGroupsMap: - type: object - additionalProperties: - $ref: '#/components/schemas/ActionGroup' + ActionGroup: type: object properties: @@ -123,29 +51,24 @@ components: type: string static: type: boolean - PatchOperation: + + ActionGroupsMap: type: object - properties: - op: - type: string - description: 'The operation to perform. Possible values: remove,add, replace, move, copy, test.' - path: - type: string - description: The path to the resource. - value: - description: The new values used for the update. - required: - - op - - path - AuditConfigWithReadOnly: + additionalProperties: + $ref: '#/components/schemas/ActionGroup' + + AllowlistConfig: type: object properties: - _readonly: - type: array - items: - type: string config: - $ref: '#/components/schemas/AuditConfig' + type: object + items: + enabled: + type: boolean + requests: + type: object + description: An object with APIs as key and array of http methods as values. + AuditConfig: type: object properties: @@ -155,34 +78,17 @@ components: type: boolean audit: $ref: '#/components/schemas/AuditLogsConfig' - ComplianceConfig: + + AuditConfigWithReadOnly: type: object properties: - enabled: - type: boolean - write_log_diffs: - type: boolean - read_watched_fields: {} - read_ignore_users: - type: array - items: - type: string - write_watched_indices: - type: array - items: - type: string - write_ignore_users: + _readonly: type: array items: type: string - read_metadata_only: - type: boolean - write_metadata_only: - type: boolean - external_config: - type: boolean - internal_config: - type: boolean + config: + $ref: '#/components/schemas/AuditConfig' + AuditLogsConfig: type: object properties: @@ -214,93 +120,200 @@ components: type: boolean enable_rest: type: boolean - UsersMap: + + AuthInfo: type: object - additionalProperties: - $ref: '#/components/schemas/User' - UserAttributes: + properties: + user: + type: string + description: Stringified User object. + user_name: + type: string + description: User's name. + user_requested_tenant: + type: string + description: Name of the tenant the user wants to switch to. + remote_address: + type: string + description: The IP address of remote user. + backend_roles: + type: array + description: Backend roles associated with the user. + custom_attribute_names: + type: array + description: Name of the attributes associated with the user. + roles: + type: array + description: Roles associated with the user. + tenants: + type: object + description: Tenants the user has access to with read-write or read-only access indicator. + principal: + type: string + description: User principal. + peer_certificates: + type: number + description: Number of peer certificates. + sso_logout_url: + type: string + description: Logout url. + size_of_user: + type: string + description: Size of user in memory. + size_of_custom_attributes: + type: string + description: Size of user's custom attributes in bytes. + size_of_backendroles: + type: string + description: Size of backend roles in bytes. + + BadRequest: type: object - additionalProperties: - type: string - DistinguishedNamesMap: + properties: + status: + type: string + value: 400 + message: + type: string + description: Message returned as part of BAD_REQUEST response. + + CertificatesDetail: type: object - additionalProperties: - $ref: '#/components/schemas/DistinguishedNames' - DistinguishedNames: + properties: + issuer_dn: + type: string + subject_dn: + type: string + san: + type: string + not_before: + type: string + not_after: + type: string + + GetCertificates: type: object properties: - nodes_dn: + http_certificates_list: type: array items: - type: string - RolesMap: + $ref: '#/components/schemas/CertificatesDetail' + transport_certificates_list: + type: array + items: + $ref: '#/components/schemas/CertificatesDetail' + + ChangePasswordRequestContent: type: object - additionalProperties: - $ref: '#/components/schemas/Role' - Role: + properties: + current_password: + type: string + description: The current password. + password: + type: string + description: The new password to set. + required: + - current_password + - password + + ComplianceConfig: type: object properties: - reserved: + enabled: type: boolean - hidden: + write_log_diffs: type: boolean - description: - type: string - cluster_permissions: + read_watched_fields: {} + read_ignore_users: type: array items: type: string - index_permissions: + write_watched_indices: type: array items: - $ref: '#/components/schemas/IndexPermission' - tenant_permissions: + type: string + write_ignore_users: type: array items: - $ref: '#/components/schemas/TenantPermission' - static: + type: string + read_metadata_only: type: boolean - IndexPermission: + write_metadata_only: + type: boolean + external_config: + type: boolean + internal_config: + type: boolean + + ConfigUpgradePayload: type: object properties: - index_patterns: + config: type: array - items: - type: string - dls: + description: List of configs to be upgraded. + + CreateTenantParams: + type: object + properties: + description: type: string - fls: - type: array - items: - type: string - masked_fields: - type: array - items: - type: string - allowed_actions: - type: array - items: - type: string - TenantPermission: + + DashboardsInfo: type: object properties: - tenant_patterns: + user_name: + type: string + description: User's name + not_fail_on_forbidden_enabled: + type: boolean + description: Indicates whether DNFOF is enabled. + opensearch_dashboards_mt_enabled: + type: boolean + description: Indicates whether multi-tenancy is enabled. + opensearch_dashboards_index: + type: string + description: Name of the dashboards index. + opensearch_dashboards_server_user: + type: string + description: Name of the user used to connect dashboards to the server. + multitenancy_enabled: + type: boolean + description: Indicates whether multi-tenancy is enabled. + private_tenant_enabled: + type: boolean + description: Indicates whether private tenant is enabled for all users. + default_tenant: + type: string + description: The default tenant setting for the dashboard. + sign_in_options: type: array - items: - type: string - allowed_actions: + description: List of available sign-in options available. + password_validation_error_message: + type: string + description: Error message when password validation fails. + password_validation_regex: + type: string + description: Reg-ex to be used to perform password validation. + + DistinguishedNames: + type: object + properties: + nodes_dn: type: array items: type: string - RoleMappings: + + DistinguishedNamesMap: type: object additionalProperties: - $ref: '#/components/schemas/RoleMapping' + $ref: '#/components/schemas/DistinguishedNames' + DynamicConfig: type: object properties: dynamic: $ref: '#/components/schemas/DynamicOptions' + DynamicOptions: type: object properties: @@ -325,83 +338,59 @@ components: type: string doNotFailOnForbiddenEmpty: type: boolean - CertificatesDetail: + + GenerateOBOToken: type: object properties: - issuer_dn: - type: string - subject_dn: - type: string - san: + user: type: string - not_before: + description: The name of the entity requesting token. + authenticationToken: type: string - not_after: + description: The generated OBO token. + durationSeconds: type: string - TenantsMap: - type: object - additionalProperties: - $ref: '#/components/schemas/Tenant' - Tenant: + description: The duration of the token, defaulted to 300s. + + HealthInfo: type: object properties: - reserved: - type: boolean - hidden: - type: boolean - description: + message: type: string - static: - type: boolean - CreateTenantParams: - type: object - properties: - description: + mode: type: string - ConfigUpgradePayload: - type: object - properties: - config: - type: array - description: List of configs to be upgraded. - AllowlistConfig: - type: object - properties: - config: - type: object - items: - enabled: - type: boolean - requests: - type: object - description: An object with APIs as key and array of http methods as values. - OkResponse: - type: object - properties: status: type: string - value: 200 - message: - type: string - description: Message returned as part of OK response. - BadRequestResponse: + + IndexPermission: type: object properties: - status: - type: string - value: 400 - message: + index_patterns: + type: array + items: + type: string + dls: type: string - description: Message returned as part of BAD_REQUEST response. - UnauthorizedResponse: + fls: + type: array + items: + type: string + masked_fields: + type: array + items: + type: string + allowed_actions: + type: array + items: + type: string + + InternalServerError: type: object properties: - status: - type: string - value: 403 - message: + error: type: string - description: Message returned as part of FORBIDDEN response. + description: Error message during request execution. + MethodNotImplemented: type: object properties: @@ -411,12 +400,28 @@ components: message: type: string description: Message returned as part of NOT_IMPLEMENTED response. + + MultiTenancyConfig: + type: object + properties: + default_tenant: + type: string + private_tenant_enabled: + type: boolean + multitenancy_enabled: + type: boolean + sign_in_options: + type: array + items: + type: string + description: Value in seconds. + OBOToken: type: object properties: description: type: string - description: Contains the description supplied by the user to desribe the token. + description: Contains the description supplied by the user to describe the token. required: true service: type: string @@ -426,20 +431,32 @@ components: type: string description: Value in seconds. required: optional - MultiTenancyConfig: + + Ok: type: object properties: - default_tenant: + status: type: string - private_tenant_enabled: - type: boolean - multitenancy_enabled: - type: boolean - sign_in_options: - type: array - items: - type: string - description: Value in seconds. + value: 200 + message: + type: string + description: Message returned as part of OK response. + + PatchOperation: + type: object + properties: + op: + type: string + description: 'The operation to perform. Possible values: remove, add, replace, move, copy, test.' + path: + type: string + description: The path to the resource. + value: + description: The new values used for the update. + required: + - op + - path + PermissionsInfo: type: object properties: @@ -452,93 +469,67 @@ components: disabled_endpoints: type: object description: An object with disabled APIs as key and array of http methods as values. - DashboardsInfo: + + Role: type: object properties: - user_name: - type: string - description: User's name - not_fail_on_forbidden_enabled: - type: boolean - description: Indicates whether DNFOF is enabled. - opensearch_dashboards_mt_enabled: - type: boolean - description: Indicates whether multi-tenancy is enabled. - opensearch_dashboards_index: - type: string - description: Name of the dashboards index. - opensearch_dashboards_server_user: - type: string - description: Name of the user used to connect dashboards to the server. - multitenancy_enabled: + reserved: type: boolean - description: Indicates whether multi-tenancy is enabled. - private_tenant_enabled: + hidden: type: boolean - description: Indicates whether private tenant is enabled for all users. - default_tenant: + description: type: string - description: The default tenant setting for the dashboard. - sign_in_options: + cluster_permissions: type: array - description: List of available sign-in options available. - password_validation_error_message: - type: string - description: Error message when password validation fails. - password_validation_regex: - type: string - description: Reg-ex to be used to perform password validation. - InternalServerErrorResponse: - type: object - properties: - error: - type: string - description: Error message during request execution. - AuthInfo: + items: + type: string + index_permissions: + type: array + items: + $ref: '#/components/schemas/IndexPermission' + tenant_permissions: + type: array + items: + $ref: '#/components/schemas/TenantPermission' + static: + type: boolean + + RoleMapping: type: object properties: - user: - type: string - description: Stringified User object. - user_name: - type: string - description: User's name. - user_requested_tenant: - type: string - description: Name of the tenant the user wants to switch to. - remote_address: - type: string - description: The IP address of remote user. - backend_roles: + hosts: type: array - description: Backend roles associated with the user. - custom_attribute_names: + items: + type: string + users: type: array - description: Name of the attributes associated with the user. - roles: + items: + type: string + reserved: + type: boolean + hidden: + type: boolean + backend_roles: type: array - description: Roles associated with the user. - tenants: - type: object - description: Tenants the user has access to with read-write or read-only access indicator. - principal: - type: string - description: User principal. - peer_certificates: - type: number - description: Number of peer certificates. - sso_logout_url: - type: string - description: Logout url. - size_of_user: - type: string - description: Size of user in memory. - size_of_custom_attributes: - type: string - description: Size of user's custom attributes in bytes. - size_of_backendroles: + items: + type: string + and_backend_roles: + type: array + items: + type: string + description: type: string - description: Size of backend roles in bytes. + + RoleMappings: + type: object + additionalProperties: + $ref: '#/components/schemas/RoleMapping' + + RolesMap: + type: object + additionalProperties: + $ref: '#/components/schemas/Role' + SSLInfo: type: object properties: @@ -587,15 +578,46 @@ components: ssl_provider_transport_client: type: string description: Returns transport client's name. - HealthInfo: + + Tenant: type: object properties: - message: - type: string - mode: + reserved: + type: boolean + hidden: + type: boolean + description: type: string + static: + type: boolean + + TenantPermission: + type: object + properties: + tenant_patterns: + type: array + items: + type: string + allowed_actions: + type: array + items: + type: string + + TenantsMap: + type: object + additionalProperties: + $ref: '#/components/schemas/Tenant' + + Unauthorized: + type: object + properties: status: type: string + value: 403 + message: + type: string + description: Message returned as part of FORBIDDEN response. + UpgradeCheck: type: object properties: @@ -605,6 +627,7 @@ components: type: boolean upgradeActions: type: object + UpgradePerform: type: object properties: @@ -612,6 +635,51 @@ components: type: string upgrades: type: object + + User: + type: object + properties: + hash: + type: string + reserved: + type: boolean + hidden: + type: boolean + backend_roles: + type: array + items: + type: string + attributes: + $ref: '#/components/schemas/UserAttributes' + description: + type: string + opendistro_security_roles: + type: array + items: + type: string + static: + type: boolean + + UserAttributes: + type: object + additionalProperties: + type: string + + UserTenants: + type: object + properties: + global_tenant: + type: boolean + admin_tenant: + type: boolean + admin: + type: boolean + + UsersMap: + type: object + additionalProperties: + $ref: '#/components/schemas/User' + WhoAmI: type: object properties: @@ -621,15 +689,10 @@ components: type: string is_node_certificate_request: type: string - GenerateOBOToken: + + TenantInfo: type: object properties: - user: - type: string - description: The name of the entity requesting token. - authenticationToken: + "": type: string - description: The generated OBO token. - durationSeconds: - type: string - description: The duration of the token, defaulted to 300s. + value: ""