diff --git a/output/openapi/elasticsearch-openapi.json b/output/openapi/elasticsearch-openapi.json index c28faa7d97..66495ab241 100644 --- a/output/openapi/elasticsearch-openapi.json +++ b/output/openapi/elasticsearch-openapi.json @@ -51645,6 +51645,10 @@ "type": "string" } }, + "description": { + "description": "Optional description of the role descriptor", + "type": "string" + }, "transient_metadata": { "description": "Indicates roles that might be incompatible with the current cluster license, specifically roles with document and field level security. When the cluster license doesn’t allow certain features for a given role, this parameter is updated dynamically to list the incompatible features. If `enabled` is `false`, the role is ignored, but is still listed in the response from the authenticate API.", "type": "object", @@ -95301,7 +95305,7 @@ "externalDocs": { "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/run-as-privilege.html" }, - "description": "A list of users that the API keys can impersonate.", + "description": "A list of users that the API keys can impersonate. *Note*: in Serverless, the run-as feature is disabled. For API compatibility, you can still specify an empty `run_as` field, but a non-empty list will be rejected.", "type": "array", "items": { "type": "string" diff --git a/output/openapi/elasticsearch-serverless-openapi.json b/output/openapi/elasticsearch-serverless-openapi.json index b097d485e7..82c035668b 100644 --- a/output/openapi/elasticsearch-serverless-openapi.json +++ b/output/openapi/elasticsearch-serverless-openapi.json @@ -60861,20 +60861,6 @@ "$ref": "#/components/schemas/security._types:IndicesPrivileges" } }, - "global": { - "description": "An object defining global privileges. A global privilege is a form of cluster privilege that is request-aware. Support for global privileges is currently limited to the management of application privileges.", - "oneOf": [ - { - "type": "array", - "items": { - "$ref": "#/components/schemas/security._types:GlobalPrivilege" - } - }, - { - "$ref": "#/components/schemas/security._types:GlobalPrivilege" - } - ] - }, "applications": { "description": "A list of application privilege entries", "type": "array", @@ -60889,7 +60875,7 @@ "externalDocs": { "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/run-as-privilege.html" }, - "description": "A list of users that the API keys can impersonate.", + "description": "A list of users that the API keys can impersonate. *Note*: in Serverless, the run-as feature is disabled. For API compatibility, you can still specify an empty `run_as` field, but a non-empty list will be rejected.", "type": "array", "items": { "type": "string" @@ -61079,42 +61065,6 @@ } ] }, - "security._types:GlobalPrivilege": { - "type": "object", - "properties": { - "application": { - "$ref": "#/components/schemas/security._types:ApplicationGlobalUserPrivileges" - } - }, - "required": [ - "application" - ] - }, - "security._types:ApplicationGlobalUserPrivileges": { - "type": "object", - "properties": { - "manage": { - "$ref": "#/components/schemas/security._types:ManageUserPrivileges" - } - }, - "required": [ - "manage" - ] - }, - "security._types:ManageUserPrivileges": { - "type": "object", - "properties": { - "applications": { - "type": "array", - "items": { - "type": "string" - } - } - }, - "required": [ - "applications" - ] - }, "security._types:ApplicationPrivileges": { "type": "object", "properties": { diff --git a/output/schema/schema-serverless.json b/output/schema/schema-serverless.json index 3c1a70d1be..fda40b4110 100644 --- a/output/schema/schema-serverless.json +++ b/output/schema/schema-serverless.json @@ -134010,33 +134010,6 @@ } } }, - { - "description": "An object defining global privileges. A global privilege is a form of cluster privilege that is request-aware. Support for global privileges is currently limited to the management of application privileges.", - "name": "global", - "required": false, - "type": { - "items": [ - { - "kind": "array_of", - "value": { - "kind": "instance_of", - "type": { - "name": "GlobalPrivilege", - "namespace": "security._types" - } - } - }, - { - "kind": "instance_of", - "type": { - "name": "GlobalPrivilege", - "namespace": "security._types" - } - } - ], - "kind": "union_of" - } - }, { "description": "A list of application privilege entries", "name": "applications", @@ -134065,7 +134038,7 @@ } }, { - "description": "A list of users that the API keys can impersonate.", + "description": "A list of users that the API keys can impersonate. *Note*: in Serverless, the run-as feature is disabled. For API compatibility, you can still specify an empty `run_as` field, but a non-empty list will be rejected.", "docId": "run-as-privilege", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/run-as-privilege.html", "name": "run_as", @@ -134112,7 +134085,7 @@ } } ], - "specLocation": "security/_types/RoleDescriptor.ts#L28-L60" + "specLocation": "security/_types/RoleDescriptor.ts#L28-L61" }, { "kind": "interface", @@ -134209,72 +134182,6 @@ ], "specLocation": "security/_types/FieldSecurity.ts#L22-L25" }, - { - "kind": "interface", - "name": { - "name": "GlobalPrivilege", - "namespace": "security._types" - }, - "properties": [ - { - "name": "application", - "required": true, - "type": { - "kind": "instance_of", - "type": { - "name": "ApplicationGlobalUserPrivileges", - "namespace": "security._types" - } - } - } - ], - "specLocation": "security/_types/Privileges.ts#L325-L327" - }, - { - "kind": "interface", - "name": { - "name": "ApplicationGlobalUserPrivileges", - "namespace": "security._types" - }, - "properties": [ - { - "name": "manage", - "required": true, - "type": { - "kind": "instance_of", - "type": { - "name": "ManageUserPrivileges", - "namespace": "security._types" - } - } - } - ], - "specLocation": "security/_types/Privileges.ts#L329-L331" - }, - { - "kind": "interface", - "name": { - "name": "ManageUserPrivileges", - "namespace": "security._types" - }, - "properties": [ - { - "name": "applications", - "required": true, - "type": { - "kind": "array_of", - "value": { - "kind": "instance_of", - "type": { - "name": "string", - "namespace": "_builtins" - } - } - } - } - ], - "specLocation": "security/_types/Privileges.ts#L333-L335" - }, { "kind": "interface", "name": { diff --git a/output/schema/schema.json b/output/schema/schema.json index d72f82b5f9..d52959ca76 100644 --- a/output/schema/schema.json +++ b/output/schema/schema.json @@ -179528,6 +179528,9 @@ } }, { + "availability": { + "stack": {} + }, "description": "An object defining global privileges. A global privilege is a form of cluster privilege that is request-aware. Support for global privileges is currently limited to the management of application privileges.", "name": "global", "required": false, @@ -179582,7 +179585,7 @@ } }, { - "description": "A list of users that the API keys can impersonate.", + "description": "A list of users that the API keys can impersonate. *Note*: in Serverless, the run-as feature is disabled. For API compatibility, you can still specify an empty `run_as` field, but a non-empty list will be rejected.", "docId": "run-as-privilege", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/run-as-privilege.html", "name": "run_as", @@ -179629,7 +179632,7 @@ } } ], - "specLocation": "security/_types/RoleDescriptor.ts#L28-L60" + "specLocation": "security/_types/RoleDescriptor.ts#L28-L61" }, { "attachedBehaviors": [ @@ -179692,6 +179695,9 @@ } }, { + "availability": { + "stack": {} + }, "description": "An object defining global privileges. A global privilege is a form of cluster privilege that is request-aware. Support for global privileges is currently limited to the management of application privileges.", "name": "global", "required": false, @@ -179793,7 +179799,7 @@ } } ], - "specLocation": "security/_types/RoleDescriptor.ts#L62-L94" + "specLocation": "security/_types/RoleDescriptor.ts#L63-L95" }, { "kind": "interface", @@ -185969,6 +185975,18 @@ } } }, + { + "description": "Optional description of the role descriptor", + "name": "description", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + } + }, { "description": "Indicates roles that might be incompatible with the current cluster license, specifically roles with document and field level security. When the cluster license doesn’t allow certain features for a given role, this parameter is updated dynamically to list the incompatible features. If `enabled` is `false`, the role is ignored, but is still listed in the response from the authenticate API.", "name": "transient_metadata", @@ -186030,7 +186048,7 @@ } } ], - "specLocation": "security/put_role/SecurityPutRoleRequest.ts#L30-L80" + "specLocation": "security/put_role/SecurityPutRoleRequest.ts#L30-L84" }, { "body": { diff --git a/output/typescript/types.ts b/output/typescript/types.ts index e3841b4303..33a4181a7d 100644 --- a/output/typescript/types.ts +++ b/output/typescript/types.ts @@ -17568,6 +17568,7 @@ export interface SecurityPutRoleRequest extends RequestBase { indices?: SecurityIndicesPrivileges[] metadata?: Metadata run_as?: string[] + description?: string transient_metadata?: Record } } diff --git a/specification/security/_types/RoleDescriptor.ts b/specification/security/_types/RoleDescriptor.ts index a087815707..b4fe70db0f 100644 --- a/specification/security/_types/RoleDescriptor.ts +++ b/specification/security/_types/RoleDescriptor.ts @@ -37,6 +37,7 @@ export class RoleDescriptor { indices?: IndicesPrivileges[] /** * An object defining global privileges. A global privilege is a form of cluster privilege that is request-aware. Support for global privileges is currently limited to the management of application privileges. + * @availability stack */ global?: GlobalPrivilege[] | GlobalPrivilege /** @@ -48,7 +49,7 @@ export class RoleDescriptor { */ metadata?: Metadata /** - * A list of users that the API keys can impersonate. + * A list of users that the API keys can impersonate. *Note*: in Serverless, the run-as feature is disabled. For API compatibility, you can still specify an empty `run_as` field, but a non-empty list will be rejected. * @doc_id run-as-privilege */ run_as?: string[] diff --git a/specification/security/put_role/SecurityPutRoleRequest.ts b/specification/security/put_role/SecurityPutRoleRequest.ts index c27b1e5fb9..1caed6e25c 100644 --- a/specification/security/put_role/SecurityPutRoleRequest.ts +++ b/specification/security/put_role/SecurityPutRoleRequest.ts @@ -72,6 +72,10 @@ export interface Request extends RequestBase { * @doc_id run-as-privilege */ run_as?: string[] + /** + * Optional description of the role descriptor + */ + description?: string /** * Indicates roles that might be incompatible with the current cluster license, specifically roles with document and field level security. When the cluster license doesn’t allow certain features for a given role, this parameter is updated dynamically to list the incompatible features. If `enabled` is `false`, the role is ignored, but is still listed in the response from the authenticate API. */