From c64bb216b24571f47ece2c1101053bae323a28ff Mon Sep 17 00:00:00 2001 From: Quentin Pradet Date: Tue, 19 Nov 2024 20:44:25 +0400 Subject: [PATCH] [8.x] Allow index name patterns in Privileges index fields (#3127) (#3149) --- output/openapi/elasticsearch-openapi.json | 87 +++++++-- .../elasticsearch-serverless-openapi.json | 31 +++- output/schema/schema-serverless.json | 53 ++++-- output/schema/schema.json | 171 ++++++++++++------ output/typescript/types.ts | 10 +- specification/security/_types/Privileges.ts | 14 +- 6 files changed, 255 insertions(+), 111 deletions(-) diff --git a/output/openapi/elasticsearch-openapi.json b/output/openapi/elasticsearch-openapi.json index b253187318..a93b41da27 100644 --- a/output/openapi/elasticsearch-openapi.json +++ b/output/openapi/elasticsearch-openapi.json @@ -14695,7 +14695,7 @@ "$ref": "#/components/responses/inference.get#200" } }, - "x-state": "Technical preview" + "x-state": "Added in 8.11.0" }, "put": { "tags": [ @@ -14716,7 +14716,7 @@ "$ref": "#/components/responses/inference.put#200" } }, - "x-state": "Technical preview" + "x-state": "Added in 8.11.0" }, "post": { "tags": [ @@ -14740,7 +14740,7 @@ "$ref": "#/components/responses/inference.inference#200" } }, - "x-state": "Technical preview" + "x-state": "Added in 8.11.0" }, "delete": { "tags": [ @@ -14764,7 +14764,7 @@ "$ref": "#/components/responses/inference.delete#200" } }, - "x-state": "Technical preview" + "x-state": "Added in 8.11.0" } }, "/_inference/{task_type}/{inference_id}": { @@ -14787,7 +14787,7 @@ "$ref": "#/components/responses/inference.get#200" } }, - "x-state": "Technical preview" + "x-state": "Added in 8.11.0" }, "put": { "tags": [ @@ -14811,7 +14811,7 @@ "$ref": "#/components/responses/inference.put#200" } }, - "x-state": "Technical preview" + "x-state": "Added in 8.11.0" }, "post": { "tags": [ @@ -14838,7 +14838,7 @@ "$ref": "#/components/responses/inference.inference#200" } }, - "x-state": "Technical preview" + "x-state": "Added in 8.11.0" }, "delete": { "tags": [ @@ -14865,7 +14865,7 @@ "$ref": "#/components/responses/inference.delete#200" } }, - "x-state": "Technical preview" + "x-state": "Added in 8.11.0" } }, "/_inference": { @@ -14880,7 +14880,7 @@ "$ref": "#/components/responses/inference.get#200" } }, - "x-state": "Technical preview" + "x-state": "Added in 8.11.0" } }, "/": { @@ -81920,7 +81920,18 @@ "$ref": "#/components/schemas/security._types:FieldSecurity" }, "names": { - "$ref": "#/components/schemas/_types:Indices" + "description": "A list of indices (or index name patterns) to which the permissions in this entry apply.", + "oneOf": [ + { + "$ref": "#/components/schemas/_types:IndexName" + }, + { + "type": "array", + "items": { + "$ref": "#/components/schemas/_types:IndexName" + } + } + ] }, "privileges": { "description": "The index level privileges that owners of the role have on the specified indices.", @@ -82056,7 +82067,18 @@ "$ref": "#/components/schemas/security._types:FieldSecurity" }, "names": { - "$ref": "#/components/schemas/_types:Indices" + "description": "A list of indices (or index name patterns) to which the permissions in this entry apply.", + "oneOf": [ + { + "$ref": "#/components/schemas/_types:IndexName" + }, + { + "type": "array", + "items": { + "$ref": "#/components/schemas/_types:IndexName" + } + } + ] }, "privileges": { "description": "The index level privileges that owners of the role have on the specified indices.", @@ -82286,10 +82308,17 @@ "properties": { "names": { "description": "A list of indices (or index name patterns) to which the permissions in this entry apply.", - "type": "array", - "items": { - "$ref": "#/components/schemas/_types:IndexName" - } + "oneOf": [ + { + "$ref": "#/components/schemas/_types:IndexName" + }, + { + "type": "array", + "items": { + "$ref": "#/components/schemas/_types:IndexName" + } + } + ] }, "allow_restricted_indices": { "description": "This needs to be set to true if the patterns in the names field should cover system indices.", @@ -82308,10 +82337,17 @@ }, "names": { "description": "A list of indices (or index name patterns) to which the permissions in this entry apply.", - "type": "array", - "items": { - "$ref": "#/components/schemas/_types:IndexName" - } + "oneOf": [ + { + "$ref": "#/components/schemas/_types:IndexName" + }, + { + "type": "array", + "items": { + "$ref": "#/components/schemas/_types:IndexName" + } + } + ] }, "query": { "$ref": "#/components/schemas/security._types:IndicesPrivilegesQuery" @@ -82815,7 +82851,18 @@ } }, "names": { - "$ref": "#/components/schemas/_types:Indices" + "description": "A list of indices (or index name patterns) to which the permissions in this entry apply.", + "oneOf": [ + { + "$ref": "#/components/schemas/_types:IndexName" + }, + { + "type": "array", + "items": { + "$ref": "#/components/schemas/_types:IndexName" + } + } + ] }, "privileges": { "description": "The index level privileges that owners of the role have on the specified indices.", diff --git a/output/openapi/elasticsearch-serverless-openapi.json b/output/openapi/elasticsearch-serverless-openapi.json index f1057cdba8..cb8e6c3e13 100644 --- a/output/openapi/elasticsearch-serverless-openapi.json +++ b/output/openapi/elasticsearch-serverless-openapi.json @@ -8760,7 +8760,7 @@ "$ref": "#/components/responses/inference.get#200" } }, - "x-state": "Technical preview" + "x-state": "Added in 8.11.0" }, "put": { "tags": [ @@ -8781,7 +8781,7 @@ "$ref": "#/components/responses/inference.put#200" } }, - "x-state": "Technical preview" + "x-state": "Added in 8.11.0" }, "post": { "tags": [ @@ -8805,7 +8805,7 @@ "$ref": "#/components/responses/inference.inference#200" } }, - "x-state": "Technical preview" + "x-state": "Added in 8.11.0" }, "delete": { "tags": [ @@ -8829,7 +8829,7 @@ "$ref": "#/components/responses/inference.delete#200" } }, - "x-state": "Technical preview" + "x-state": "Added in 8.11.0" } }, "/_inference/{task_type}/{inference_id}": { @@ -8852,7 +8852,7 @@ "$ref": "#/components/responses/inference.get#200" } }, - "x-state": "Technical preview" + "x-state": "Added in 8.11.0" }, "put": { "tags": [ @@ -8876,7 +8876,7 @@ "$ref": "#/components/responses/inference.put#200" } }, - "x-state": "Technical preview" + "x-state": "Added in 8.11.0" }, "post": { "tags": [ @@ -8903,7 +8903,7 @@ "$ref": "#/components/responses/inference.inference#200" } }, - "x-state": "Technical preview" + "x-state": "Added in 8.11.0" }, "delete": { "tags": [ @@ -8930,7 +8930,7 @@ "$ref": "#/components/responses/inference.delete#200" } }, - "x-state": "Technical preview" + "x-state": "Added in 8.11.0" } }, "/_inference": { @@ -8945,7 +8945,7 @@ "$ref": "#/components/responses/inference.get#200" } }, - "x-state": "Technical preview" + "x-state": "Added in 8.11.0" } }, "/": { @@ -53924,7 +53924,18 @@ "$ref": "#/components/schemas/security._types:FieldSecurity" }, "names": { - "$ref": "#/components/schemas/_types:Indices" + "description": "A list of indices (or index name patterns) to which the permissions in this entry apply.", + "oneOf": [ + { + "$ref": "#/components/schemas/_types:IndexName" + }, + { + "type": "array", + "items": { + "$ref": "#/components/schemas/_types:IndexName" + } + } + ] }, "privileges": { "description": "The index level privileges that owners of the role have on the specified indices.", diff --git a/output/schema/schema-serverless.json b/output/schema/schema-serverless.json index 87b0f48bfa..886def6c5d 100644 --- a/output/schema/schema-serverless.json +++ b/output/schema/schema-serverless.json @@ -4298,12 +4298,12 @@ { "availability": { "serverless": { - "stability": "experimental", + "stability": "stable", "visibility": "public" }, "stack": { "since": "8.11.0", - "stability": "experimental", + "stability": "stable", "visibility": "public" } }, @@ -4340,12 +4340,12 @@ { "availability": { "serverless": { - "stability": "experimental", + "stability": "stable", "visibility": "public" }, "stack": { "since": "8.11.0", - "stability": "experimental", + "stability": "stable", "visibility": "public" } }, @@ -4388,12 +4388,12 @@ { "availability": { "serverless": { - "stability": "experimental", + "stability": "stable", "visibility": "public" }, "stack": { "since": "8.11.0", - "stability": "experimental", + "stability": "stable", "visibility": "public" } }, @@ -4433,12 +4433,12 @@ { "availability": { "serverless": { - "stability": "experimental", + "stability": "stable", "visibility": "public" }, "stack": { "since": "8.11.0", - "stability": "experimental", + "stability": "stable", "visibility": "public" } }, @@ -103132,7 +103132,7 @@ "name": "IndexPrivilege", "namespace": "security._types" }, - "specLocation": "security/_types/Privileges.ts#L360-L402" + "specLocation": "security/_types/Privileges.ts#L362-L404" }, { "codegenNames": [ @@ -103146,7 +103146,7 @@ "name": "IndicesPrivilegesQuery", "namespace": "security._types" }, - "specLocation": "security/_types/Privileges.ts#L315-L323", + "specLocation": "security/_types/Privileges.ts#L317-L325", "type": { "items": [ { @@ -103196,7 +103196,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L325-L335" + "specLocation": "security/_types/Privileges.ts#L327-L337" }, { "kind": "interface", @@ -103284,7 +103284,7 @@ } ], "shortcutProperty": "source", - "specLocation": "security/_types/Privileges.ts#L337-L355" + "specLocation": "security/_types/Privileges.ts#L339-L357" }, { "codegenNames": [ @@ -103296,7 +103296,7 @@ "name": "RoleTemplateInlineQuery", "namespace": "security._types" }, - "specLocation": "security/_types/Privileges.ts#L357-L358", + "specLocation": "security/_types/Privileges.ts#L359-L360", "type": { "items": [ { @@ -140139,11 +140139,26 @@ "name": "names", "required": true, "type": { - "kind": "instance_of", - "type": { - "name": "Indices", - "namespace": "_types" - } + "items": [ + { + "kind": "instance_of", + "type": { + "name": "IndexName", + "namespace": "_types" + } + }, + { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "IndexName", + "namespace": "_types" + } + } + } + ], + "kind": "union_of" } }, { @@ -140174,7 +140189,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L217-L241" + "specLocation": "security/_types/Privileges.ts#L217-L243" }, { "kind": "interface", diff --git a/output/schema/schema.json b/output/schema/schema.json index c7bf91a7e5..7e48235871 100644 --- a/output/schema/schema.json +++ b/output/schema/schema.json @@ -8286,12 +8286,12 @@ { "availability": { "serverless": { - "stability": "experimental", + "stability": "stable", "visibility": "public" }, "stack": { "since": "8.11.0", - "stability": "experimental", + "stability": "stable", "visibility": "public" } }, @@ -8328,12 +8328,12 @@ { "availability": { "serverless": { - "stability": "experimental", + "stability": "stable", "visibility": "public" }, "stack": { "since": "8.11.0", - "stability": "experimental", + "stability": "stable", "visibility": "public" } }, @@ -8376,12 +8376,12 @@ { "availability": { "serverless": { - "stability": "experimental", + "stability": "stable", "visibility": "public" }, "stack": { "since": "8.11.0", - "stability": "experimental", + "stability": "stable", "visibility": "public" } }, @@ -8421,12 +8421,12 @@ { "availability": { "serverless": { - "stability": "experimental", + "stability": "stable", "visibility": "public" }, "stack": { "since": "8.11.0", - "stability": "experimental", + "stability": "stable", "visibility": "public" } }, @@ -187030,7 +187030,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L408-L410" + "specLocation": "security/_types/Privileges.ts#L410-L412" }, { "kind": "interface", @@ -187555,7 +187555,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L404-L406" + "specLocation": "security/_types/Privileges.ts#L406-L408" }, { "kind": "enum", @@ -187668,7 +187668,7 @@ "name": "IndexPrivilege", "namespace": "security._types" }, - "specLocation": "security/_types/Privileges.ts#L360-L402" + "specLocation": "security/_types/Privileges.ts#L362-L404" }, { "kind": "interface", @@ -187696,11 +187696,26 @@ "name": "names", "required": true, "type": { - "kind": "instance_of", - "type": { - "name": "Indices", - "namespace": "_types" - } + "kind": "union_of", + "items": [ + { + "kind": "instance_of", + "type": { + "name": "IndexName", + "namespace": "_types" + } + }, + { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "IndexName", + "namespace": "_types" + } + } + } + ] } }, { @@ -187747,7 +187762,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L217-L241" + "specLocation": "security/_types/Privileges.ts#L217-L243" }, { "kind": "type_alias", @@ -187761,7 +187776,7 @@ "name": "IndicesPrivilegesQuery", "namespace": "security._types" }, - "specLocation": "security/_types/Privileges.ts#L315-L323", + "specLocation": "security/_types/Privileges.ts#L317-L325", "type": { "kind": "union_of", "items": [ @@ -187811,7 +187826,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L412-L414" + "specLocation": "security/_types/Privileges.ts#L414-L416" }, { "kind": "interface", @@ -187907,7 +187922,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L277-L289" + "specLocation": "security/_types/Privileges.ts#L279-L291" }, { "kind": "interface", @@ -187948,11 +187963,26 @@ "name": "names", "required": true, "type": { - "kind": "instance_of", - "type": { - "name": "Indices", - "namespace": "_types" - } + "kind": "union_of", + "items": [ + { + "kind": "instance_of", + "type": { + "name": "IndexName", + "namespace": "_types" + } + }, + { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "IndexName", + "namespace": "_types" + } + } + } + ] } }, { @@ -187999,7 +188029,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L243-L275" + "specLocation": "security/_types/Privileges.ts#L245-L277" }, { "kind": "interface", @@ -188013,14 +188043,26 @@ "name": "names", "required": true, "type": { - "kind": "array_of", - "value": { - "kind": "instance_of", - "type": { - "name": "IndexName", - "namespace": "_types" + "kind": "union_of", + "items": [ + { + "kind": "instance_of", + "type": { + "name": "IndexName", + "namespace": "_types" + } + }, + { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "IndexName", + "namespace": "_types" + } + } } - } + ] } }, { @@ -188037,7 +188079,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L416-L426" + "specLocation": "security/_types/Privileges.ts#L418-L428" }, { "kind": "interface", @@ -188671,7 +188713,7 @@ "name": "RoleTemplateInlineQuery", "namespace": "security._types" }, - "specLocation": "security/_types/Privileges.ts#L357-L358", + "specLocation": "security/_types/Privileges.ts#L359-L360", "type": { "kind": "union_of", "items": [ @@ -188714,7 +188756,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L325-L335" + "specLocation": "security/_types/Privileges.ts#L327-L337" }, { "kind": "interface", @@ -188802,7 +188844,7 @@ } ], "shortcutProperty": "source", - "specLocation": "security/_types/Privileges.ts#L337-L355" + "specLocation": "security/_types/Privileges.ts#L339-L357" }, { "kind": "interface", @@ -188830,14 +188872,26 @@ "name": "names", "required": true, "type": { - "kind": "array_of", - "value": { - "kind": "instance_of", - "type": { - "name": "IndexName", - "namespace": "_types" + "kind": "union_of", + "items": [ + { + "kind": "instance_of", + "type": { + "name": "IndexName", + "namespace": "_types" + } + }, + { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "IndexName", + "namespace": "_types" + } + } } - } + ] } }, { @@ -188869,7 +188923,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L428-L448" + "specLocation": "security/_types/Privileges.ts#L430-L450" }, { "kind": "enum", @@ -189030,11 +189084,26 @@ "name": "names", "required": true, "type": { - "kind": "instance_of", - "type": { - "name": "Indices", - "namespace": "_types" - } + "kind": "union_of", + "items": [ + { + "kind": "instance_of", + "type": { + "name": "IndexName", + "namespace": "_types" + } + }, + { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "IndexName", + "namespace": "_types" + } + } + } + ] } }, { @@ -189080,7 +189149,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L291-L313" + "specLocation": "security/_types/Privileges.ts#L293-L315" }, { "kind": "interface", diff --git a/output/typescript/types.ts b/output/typescript/types.ts index 5d6480562a..15b02bd6a7 100644 --- a/output/typescript/types.ts +++ b/output/typescript/types.ts @@ -17662,7 +17662,7 @@ export type SecurityIndexPrivilege = 'all' | 'auto_configure' | 'create' | 'crea export interface SecurityIndicesPrivileges { field_security?: SecurityFieldSecurity - names: Indices + names: IndexName | IndexName[] privileges: SecurityIndexPrivilege[] query?: SecurityIndicesPrivilegesQuery allow_restricted_indices?: boolean @@ -17689,14 +17689,14 @@ export interface SecurityRemoteClusterPrivileges { export interface SecurityRemoteIndicesPrivileges { clusters: Names field_security?: SecurityFieldSecurity - names: Indices + names: IndexName | IndexName[] privileges: SecurityIndexPrivilege[] query?: SecurityIndicesPrivilegesQuery allow_restricted_indices?: boolean } export interface SecurityReplicationAccess { - names: IndexName[] + names: IndexName | IndexName[] allow_restricted_indices?: boolean } @@ -17772,7 +17772,7 @@ export interface SecurityRoleTemplateScript { export interface SecuritySearchAccess { field_security?: SecurityFieldSecurity - names: IndexName[] + names: IndexName | IndexName[] query?: SecurityIndicesPrivilegesQuery allow_restricted_indices?: boolean } @@ -17791,7 +17791,7 @@ export interface SecurityUser { export interface SecurityUserIndicesPrivileges { field_security?: SecurityFieldSecurity[] - names: Indices + names: IndexName | IndexName[] privileges: SecurityIndexPrivilege[] query?: SecurityIndicesPrivilegesQuery[] allow_restricted_indices: boolean diff --git a/specification/security/_types/Privileges.ts b/specification/security/_types/Privileges.ts index e285e45e2f..6836f8494e 100644 --- a/specification/security/_types/Privileges.ts +++ b/specification/security/_types/Privileges.ts @@ -19,7 +19,7 @@ import { Dictionary } from '@spec_utils/Dictionary' import { UserDefinedValue } from '@spec_utils/UserDefinedValue' -import { Id, IndexName, Indices, Names } from '@_types/common' +import { Id, IndexName, Names } from '@_types/common' import { QueryContainer } from '@_types/query_dsl/abstractions' import { ScriptLanguage } from '@_types/Scripting' import { FieldSecurity } from './FieldSecurity' @@ -220,10 +220,12 @@ export class IndicesPrivileges { * @doc_id field-and-document-access-control */ field_security?: FieldSecurity + // We're using IndexName | IndexName[] instead of Indices in this file on purpose: + // https://github.com/elastic/elasticsearch-specification/pull/3127 /** * A list of indices (or index name patterns) to which the permissions in this entry apply. */ - names: Indices + names: IndexName | IndexName[] /** * The index level privileges that owners of the role have on the specified indices. */ @@ -257,7 +259,7 @@ export class RemoteIndicesPrivileges { /** * A list of indices (or index name patterns) to which the permissions in this entry apply. */ - names: Indices + names: IndexName | IndexName[] /** * The index level privileges that owners of the role have on the specified indices. */ @@ -297,7 +299,7 @@ export class UserIndicesPrivileges { /** * A list of indices (or index name patterns) to which the permissions in this entry apply. */ - names: Indices + names: IndexName | IndexName[] /** * The index level privileges that owners of the role have on the specified indices. */ @@ -417,7 +419,7 @@ export class ReplicationAccess { /** * A list of indices (or index name patterns) to which the permissions in this entry apply. */ - names: IndexName[] + names: IndexName | IndexName[] /** * This needs to be set to true if the patterns in the names field should cover system indices. * @server_default false @@ -434,7 +436,7 @@ export class SearchAccess { /** * A list of indices (or index name patterns) to which the permissions in this entry apply. */ - names: IndexName[] + names: IndexName | IndexName[] /** * A search query that defines the documents the owners of the role have access to. A document within the specified indices must match this query for it to be accessible by the owners of the role. */