From cb75dcc73ce3f345aa953a640b80c99a8fbc75e6 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 23 Oct 2024 16:53:07 -0700 Subject: [PATCH] [Backport 8.x] [OpenAPI] Edit SSL certificate API (#3068) --- .../elasticsearch-shared-overlays.yaml | 2 -- output/openapi/elasticsearch-openapi.json | 5 +++-- output/schema/schema.json | 7 ++++--- .../ssl/certificates/GetCertificatesRequest.ts | 18 ++++++++++++++++++ 4 files changed, 25 insertions(+), 7 deletions(-) diff --git a/docs/overlays/elasticsearch-shared-overlays.yaml b/docs/overlays/elasticsearch-shared-overlays.yaml index 21443a34b7..edeb04b90d 100644 --- a/docs/overlays/elasticsearch-shared-overlays.yaml +++ b/docs/overlays/elasticsearch-shared-overlays.yaml @@ -185,8 +185,6 @@ actions: x-displayName: Searchable snapshots - name: security x-displayName: Security - - name: ssl - x-displayName: Security - SSL - name: snapshot x-displayName: Snapshot and restore description: > diff --git a/output/openapi/elasticsearch-openapi.json b/output/openapi/elasticsearch-openapi.json index 7a6a69ba65..a4ee664ea5 100644 --- a/output/openapi/elasticsearch-openapi.json +++ b/output/openapi/elasticsearch-openapi.json @@ -32113,9 +32113,10 @@ "/_ssl/certificates": { "get": { "tags": [ - "ssl" + "security" ], - "summary": "Retrieves information about the X.509 certificates used to encrypt communications in the cluster", + "summary": "Get SSL certificates", + "description": "Get information about the X.509 certificates that are used to encrypt communications in the cluster.\nThe API returns a list that includes certificates from all TLS contexts including:\n\n- Settings for transport and HTTP interfaces\n- TLS settings that are used within authentication realms\n- TLS settings for remote monitoring exporters\n\nThe list includes certificates that are used for configuring trust, such as those configured in the `xpack.security.transport.ssl.truststore` and `xpack.security.transport.ssl.certificate_authorities` settings.\nIt also includes certificates that are used for configuring server identity, such as `xpack.security.http.ssl.keystore` and `xpack.security.http.ssl.certificate settings`.\n\nThe list does not include certificates that are sourced from the default SSL context of the Java Runtime Environment (JRE), even if those certificates are in use within Elasticsearch.\n\nNOTE: When a PKCS#11 token is configured as the truststore of the JRE, the API returns all the certificates that are included in the PKCS#11 token irrespective of whether these are used in the Elasticsearch TLS configuration.\n\nIf Elasticsearch is configured to use a keystore or truststore, the API output includes all certificates in that store, even though some of the certificates might not be in active use within the cluster.", "operationId": "ssl-certificates", "responses": { "200": { diff --git a/output/schema/schema.json b/output/schema/schema.json index f87a8a7bed..b16bede10e 100644 --- a/output/schema/schema.json +++ b/output/schema/schema.json @@ -18546,7 +18546,8 @@ "stability": "stable" } }, - "description": "Retrieves information about the X.509 certificates used to encrypt communications in the cluster.", + "description": "Get SSL certificates.\n\nGet information about the X.509 certificates that are used to encrypt communications in the cluster.\nThe API returns a list that includes certificates from all TLS contexts including:\n\n- Settings for transport and HTTP interfaces\n- TLS settings that are used within authentication realms\n- TLS settings for remote monitoring exporters\n\nThe list includes certificates that are used for configuring trust, such as those configured in the `xpack.security.transport.ssl.truststore` and `xpack.security.transport.ssl.certificate_authorities` settings.\nIt also includes certificates that are used for configuring server identity, such as `xpack.security.http.ssl.keystore` and `xpack.security.http.ssl.certificate settings`.\n\nThe list does not include certificates that are sourced from the default SSL context of the Java Runtime Environment (JRE), even if those certificates are in use within Elasticsearch.\n\nNOTE: When a PKCS#11 token is configured as the truststore of the JRE, the API returns all the certificates that are included in the PKCS#11 token irrespective of whether these are used in the Elasticsearch TLS configuration.\n\nIf Elasticsearch is configured to use a keystore or truststore, the API output includes all certificates in that store, even though some of the certificates might not be in active use within the cluster.", + "docTag": "security", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-ssl.html", "name": "ssl.certificates", "request": { @@ -203376,7 +203377,7 @@ "body": { "kind": "no_body" }, - "description": "Retrieves information about the X.509 certificates used to encrypt communications in the cluster.", + "description": "Get SSL certificates.\n\nGet information about the X.509 certificates that are used to encrypt communications in the cluster.\nThe API returns a list that includes certificates from all TLS contexts including:\n\n- Settings for transport and HTTP interfaces\n- TLS settings that are used within authentication realms\n- TLS settings for remote monitoring exporters\n\nThe list includes certificates that are used for configuring trust, such as those configured in the `xpack.security.transport.ssl.truststore` and `xpack.security.transport.ssl.certificate_authorities` settings.\nIt also includes certificates that are used for configuring server identity, such as `xpack.security.http.ssl.keystore` and `xpack.security.http.ssl.certificate settings`.\n\nThe list does not include certificates that are sourced from the default SSL context of the Java Runtime Environment (JRE), even if those certificates are in use within Elasticsearch.\n\nNOTE: When a PKCS#11 token is configured as the truststore of the JRE, the API returns all the certificates that are included in the PKCS#11 token irrespective of whether these are used in the Elasticsearch TLS configuration.\n\nIf Elasticsearch is configured to use a keystore or truststore, the API output includes all certificates in that store, even though some of the certificates might not be in active use within the cluster.", "inherits": { "type": { "name": "RequestBase", @@ -203389,7 +203390,7 @@ }, "path": [], "query": [], - "specLocation": "ssl/certificates/GetCertificatesRequest.ts#L22-L27" + "specLocation": "ssl/certificates/GetCertificatesRequest.ts#L22-L45" }, { "kind": "response", diff --git a/specification/ssl/certificates/GetCertificatesRequest.ts b/specification/ssl/certificates/GetCertificatesRequest.ts index 68d1cfd311..f3bf4898c7 100644 --- a/specification/ssl/certificates/GetCertificatesRequest.ts +++ b/specification/ssl/certificates/GetCertificatesRequest.ts @@ -20,8 +20,26 @@ import { RequestBase } from '@_types/Base' /** + * Get SSL certificates. + * + * Get information about the X.509 certificates that are used to encrypt communications in the cluster. + * The API returns a list that includes certificates from all TLS contexts including: + * + * - Settings for transport and HTTP interfaces + * - TLS settings that are used within authentication realms + * - TLS settings for remote monitoring exporters + * + * The list includes certificates that are used for configuring trust, such as those configured in the `xpack.security.transport.ssl.truststore` and `xpack.security.transport.ssl.certificate_authorities` settings. + * It also includes certificates that are used for configuring server identity, such as `xpack.security.http.ssl.keystore` and `xpack.security.http.ssl.certificate settings`. + * + * The list does not include certificates that are sourced from the default SSL context of the Java Runtime Environment (JRE), even if those certificates are in use within Elasticsearch. + * + * NOTE: When a PKCS#11 token is configured as the truststore of the JRE, the API returns all the certificates that are included in the PKCS#11 token irrespective of whether these are used in the Elasticsearch TLS configuration. + * + * If Elasticsearch is configured to use a keystore or truststore, the API output includes all certificates in that store, even though some of the certificates might not be in active use within the cluster. * @rest_spec_name ssl.certificates * @availability stack since=6.2.0 stability=stable * @availability serverless stability=stable visibility=private + * @doc_tag security */ export interface Request extends RequestBase {}