Revert "API specification changes for custom roles (#2491)" (#2546)

This reverts commit 2731ca8.
elastic · May 7, 2024 · 8d0b9be · 8d0b9be
1 parent 2731ca8
commit 8d0b9be
Show file tree

Hide file tree

Showing 8 changed files with 82 additions and 659 deletions.
diff --git a/output/openapi/elasticsearch-serverless-openapi.json b/output/openapi/elasticsearch-serverless-openapi.json
diff --git a/output/schema/schema.json b/output/schema/schema.json
diff --git a/output/schema/schema/schema.json b/output/schema/schema/schema.json
diff --git a/output/schema/validation-errors.json b/output/schema/validation-errors.json
diff --git a/output/typescript/types.ts b/output/typescript/types.ts
diff --git a/specification/security/_types/Privileges.ts b/specification/security/_types/Privileges.ts
@@ -42,133 +42,57 @@ export class ApplicationPrivileges {
 export enum ClusterPrivilege {
   all,
   cancel_task,
-  /**
-   * @availability stack
-   */
   create_snapshot,
-  /**
-   * @availability stack
-   */
-  grant_api_key,
-  /**
-   * @availability stack
-   */
   cross_cluster_replication,
-  /**
-   * @availability stack
-   */
   cross_cluster_search,
-  /**
-   * @availability stack
-   */
   delegate_pki,
+  grant_api_key,
   manage,
   manage_api_key,
-  /**
-   * @availability stack
-   */
   manage_autoscaling,
   manage_behavioral_analytics,
-  /**
-   * @availability stack
-   */
   manage_ccr,
   manage_data_frame_transforms,
   manage_data_stream_global_retention,
   manage_enrich,
-  /**
-   * @availability stack
-   */
   manage_ilm,
   manage_index_templates,
-  /**
-   * @availability stack
-   */
   manage_inference,
   manage_ingest_pipelines,
   manage_logstash_pipelines,
   manage_ml,
-  /**
-   * @availability stack
-   */
   manage_oidc,
   manage_own_api_key,
   manage_pipeline,
-  /**
-   * @availability stack
-   */
   manage_rollup,
-  /**
-   * @availability stack
-   */
   manage_saml,
   manage_search_application,
   manage_search_query_rules,
   manage_search_synonyms,
   manage_security,
-  /**
-   * @availability stack
-   */
   manage_service_account,
-  /**
-   * @availability stack
-   */
   manage_slm,
-  /**
-   * @availability stack
-   */
   manage_token,
   manage_transform,
-  /**
-   * @availability stack
-   */
   manage_user_profile,
-  /**
-   * @availability stack
-   */
   manage_watcher,
   monitor,
   monitor_data_frame_transforms,
   monitor_data_stream_global_retention,
   monitor_enrich,
   monitor_inference,
   monitor_ml,
-  /**
-   * @availability stack
-   */
   monitor_rollup,
-  /**
-   * @availability stack
-   */
   monitor_snapshot,
-  /**
-   * @availability stack
-   */
   monitor_text_structure,
   monitor_transform,
-  /**
-   * @availability stack
-   */
   monitor_watcher,
-  /**
-   * @availability stack
-   */
-  read_ccr,
-  /**
-   * @availability stack
-   */
-  read_ilm,
-  read_pipeline,
-  /**
-   * @availability stack
-   */
-  read_slm,
-  /**
-   * @availability stack
-   */
-  transport_client,
   none,
   post_behavioral_analytics_event,
+  read_ccr,
+  read_connector_secrets,
+  read_fleet_secrets,
+  read_ilm,
   read_pipeline,
   read_security,
   read_slm,
@@ -198,7 +122,6 @@ export class IndicesPrivileges {
   /**
    * Set to `true` if using wildcard or regular expressions for patterns that cover restricted indices. Implicitly, restricted indices have limited privileges that can cause pattern tests to fail. If restricted indices are explicitly included in the `names` list, Elasticsearch checks privileges against these indices regardless of the value set for `allow_restricted_indices`.
    * @server_default false
-   * @availability stack
    */
   allow_restricted_indices?: boolean
 }
@@ -277,24 +200,12 @@ export enum IndexPrivilege {
   maintenance,
   manage,
   manage_data_stream_lifecycle,
-  /**
-   * @availability stack
-   */
   manage_follow_index,
-  /**
-   * @availability stack
-   */
   manage_ilm,
-  /**
-   * @availability stack
-   */
   manage_leader_index,
   monitor,
   none,
   read,
-  /**
-   * @availability stack
-   */
   read_cross_cluster,
   view_index_metadata,
   write

diff --git a/specification/security/get_role/SecurityGetRoleRequest.ts b/specification/security/get_role/SecurityGetRoleRequest.ts
@@ -25,7 +25,7 @@ import { Names } from '@_types/common'
  * The get roles API cannot retrieve roles that are defined in roles files.
  * @rest_spec_name security.get_role
  * @availability stack since=0.0.0 stability=stable
- * @availability serverless stability=stable visibility=public
+ * @availability serverless stability=stable visibility=private
  * @cluster_privileges manage_security
  */
 export interface Request extends RequestBase {

diff --git a/specification/security/put_role/SecurityPutRoleRequest.ts b/specification/security/put_role/SecurityPutRoleRequest.ts
@@ -32,7 +32,7 @@ import { Metadata, Name, Refresh } from '@_types/common'
  * The create or update roles API cannot update roles that are defined in roles files.
  * @rest_spec_name security.put_role
  * @availability stack since=0.0.0 stability=stable
- * @availability serverless stability=stable visibility=public
+ * @availability serverless stability=stable visibility=private
  * @cluster_privileges manage_security
  */
 export interface Request extends RequestBase {
@@ -56,7 +56,6 @@ export interface Request extends RequestBase {
     cluster?: ClusterPrivilege[]
     /**
      * An object defining global privileges. A global privilege is a form of cluster privilege that is request-aware. Support for global privileges is currently limited to the management of application privileges.
-     * @availability stack
      */
     global?: Dictionary<string, UserDefinedValue>
     /**
@@ -68,7 +67,7 @@ export interface Request extends RequestBase {
      */
     metadata?: Metadata
     /**
-     * A list of users that the owners of this role can impersonate. *Note*: in Serverless, the run-as feature is disabled. For API compatibility, you can still specify an empty `run_as` field, but a non-empty list will be rejected.
+     * A list of users that the owners of this role can impersonate.
      * @doc_id run-as-privilege
      */
     run_as?: string[]