From d6f6e2f316bd1a28d66fa066566530b7faf4ae61 Mon Sep 17 00:00:00 2001 From: Nikolaj Volgushev Date: Thu, 10 Oct 2024 14:59:03 +0200 Subject: [PATCH] Mark role APIs serverless public (#2785) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Marks relevant role APIs as public in Serverless. Resolves: ES-7833 --------- Co-authored-by: Quentin Pradet Co-authored-by: Slobodan Adamović --- output/openapi/elasticsearch-openapi.json | 2 +- .../elasticsearch-serverless-openapi.json | 388 +++++++++ output/schema/schema-serverless.json | 756 ++++++++++++++++++ output/schema/schema.json | 10 +- .../delete_role/SecurityDeleteRoleRequest.ts | 2 +- .../SecurityGetBuiltinPrivilegesRequest.ts | 2 +- .../get_role/SecurityGetRoleRequest.ts | 2 +- .../put_role/SecurityPutRoleRequest.ts | 4 +- 8 files changed, 1155 insertions(+), 11 deletions(-) diff --git a/output/openapi/elasticsearch-openapi.json b/output/openapi/elasticsearch-openapi.json index 3cb3614300..b4f09f93bb 100644 --- a/output/openapi/elasticsearch-openapi.json +++ b/output/openapi/elasticsearch-openapi.json @@ -99988,7 +99988,7 @@ "security.put_role#name": { "in": "path", "name": "name", - "description": "The name of the role.", + "description": "The name of the role that is being created or updated. On Elasticsearch Serverless, the role name must begin with a letter or digit and can only contain letters, digits and the characters '_', '-', and '.'. Each role must have a unique name, as this will serve as the identifier for that role.", "required": true, "deprecated": false, "schema": { diff --git a/output/openapi/elasticsearch-serverless-openapi.json b/output/openapi/elasticsearch-serverless-openapi.json index 44c940ca4c..e25252ddfc 100644 --- a/output/openapi/elasticsearch-serverless-openapi.json +++ b/output/openapi/elasticsearch-serverless-openapi.json @@ -16943,6 +16943,176 @@ "x-state": "Added in 6.7.0" } }, + "/_security/role/{name}": { + "get": { + "tags": [ + "security" + ], + "summary": "The role management APIs are generally the preferred way to manage roles, rather than using file-based role management", + "description": "The get roles API cannot retrieve roles that are defined in roles files.", + "operationId": "security-get-role", + "parameters": [ + { + "$ref": "#/components/parameters/security.get_role#name" + } + ], + "responses": { + "200": { + "$ref": "#/components/responses/security.get_role#200" + } + } + }, + "put": { + "tags": [ + "security" + ], + "summary": "The role management APIs are generally the preferred way to manage roles, rather than using file-based role management", + "description": "The create or update roles API cannot update roles that are defined in roles files.", + "operationId": "security-put-role", + "parameters": [ + { + "$ref": "#/components/parameters/security.put_role#name" + }, + { + "$ref": "#/components/parameters/security.put_role#refresh" + } + ], + "requestBody": { + "$ref": "#/components/requestBodies/security.put_role" + }, + "responses": { + "200": { + "$ref": "#/components/responses/security.put_role#200" + } + } + }, + "post": { + "tags": [ + "security" + ], + "summary": "The role management APIs are generally the preferred way to manage roles, rather than using file-based role management", + "description": "The create or update roles API cannot update roles that are defined in roles files.", + "operationId": "security-put-role-1", + "parameters": [ + { + "$ref": "#/components/parameters/security.put_role#name" + }, + { + "$ref": "#/components/parameters/security.put_role#refresh" + } + ], + "requestBody": { + "$ref": "#/components/requestBodies/security.put_role" + }, + "responses": { + "200": { + "$ref": "#/components/responses/security.put_role#200" + } + } + }, + "delete": { + "tags": [ + "security" + ], + "summary": "Removes roles in the native realm", + "operationId": "security-delete-role", + "parameters": [ + { + "in": "path", + "name": "name", + "description": "Role name", + "required": true, + "deprecated": false, + "schema": { + "$ref": "#/components/schemas/_types:Name" + }, + "style": "simple" + }, + { + "in": "query", + "name": "refresh", + "description": "If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes.", + "deprecated": false, + "schema": { + "$ref": "#/components/schemas/_types:Refresh" + }, + "style": "form" + } + ], + "responses": { + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "found": { + "type": "boolean" + } + }, + "required": [ + "found" + ] + } + } + } + } + } + } + }, + "/_security/privilege/_builtin": { + "get": { + "tags": [ + "security" + ], + "summary": "Retrieves the list of cluster privileges and index privileges that are available in this version of Elasticsearch", + "operationId": "security-get-builtin-privileges", + "responses": { + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "cluster": { + "type": "array", + "items": { + "type": "string" + } + }, + "index": { + "$ref": "#/components/schemas/_types:Indices" + } + }, + "required": [ + "cluster", + "index" + ] + } + } + } + } + }, + "x-state": "Added in 7.3.0" + } + }, + "/_security/role": { + "get": { + "tags": [ + "security" + ], + "summary": "The role management APIs are generally the preferred way to manage roles, rather than using file-based role management", + "description": "The get roles API cannot retrieve roles that are defined in roles files.", + "operationId": "security-get-role-1", + "responses": { + "200": { + "$ref": "#/components/responses/security.get_role#200" + } + } + } + }, "/_security/user/_has_privileges": { "get": { "tags": [ @@ -53422,6 +53592,93 @@ "name" ] }, + "security.get_role:Role": { + "type": "object", + "properties": { + "cluster": { + "type": "array", + "items": { + "type": "string" + } + }, + "indices": { + "type": "array", + "items": { + "$ref": "#/components/schemas/security._types:IndicesPrivileges" + } + }, + "metadata": { + "$ref": "#/components/schemas/_types:Metadata" + }, + "run_as": { + "type": "array", + "items": { + "type": "string" + } + }, + "transient_metadata": { + "type": "object", + "additionalProperties": { + "type": "object" + } + }, + "applications": { + "type": "array", + "items": { + "$ref": "#/components/schemas/security._types:ApplicationPrivileges" + } + }, + "role_templates": { + "type": "array", + "items": { + "$ref": "#/components/schemas/security._types:RoleTemplate" + } + }, + "global": { + "type": "object", + "additionalProperties": { + "type": "object", + "additionalProperties": { + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + } + }, + "required": [ + "cluster", + "indices", + "metadata", + "run_as", + "applications" + ] + }, + "security._types:RoleTemplate": { + "type": "object", + "properties": { + "format": { + "$ref": "#/components/schemas/security._types:TemplateFormat" + }, + "template": { + "$ref": "#/components/schemas/_types:Script" + } + }, + "required": [ + "template" + ] + }, + "security._types:TemplateFormat": { + "type": "string", + "enum": [ + "string", + "json" + ] + }, "security.has_privileges:ApplicationPrivilegesCheck": { "type": "object", "properties": { @@ -53491,6 +53748,17 @@ "type": "boolean" } }, + "security._types:CreatedStatus": { + "type": "object", + "properties": { + "created": { + "type": "boolean" + } + }, + "required": [ + "created" + ] + }, "security.query_api_keys:ApiKeyAggregationContainer": { "allOf": [ { @@ -55791,6 +56059,19 @@ } } }, + "security.get_role#200": { + "description": "", + "content": { + "application/json": { + "schema": { + "type": "object", + "additionalProperties": { + "$ref": "#/components/schemas/security.get_role:Role" + } + } + } + } + }, "security.has_privileges#200": { "description": "", "content": { @@ -55831,6 +56112,24 @@ } } }, + "security.put_role#200": { + "description": "", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "role": { + "$ref": "#/components/schemas/security._types:CreatedStatus" + } + }, + "required": [ + "role" + ] + } + } + } + }, "security.query_api_keys#200": { "description": "", "content": { @@ -60978,6 +61277,17 @@ }, "style": "form" }, + "security.get_role#name": { + "in": "path", + "name": "name", + "description": "The name of the role. You can specify multiple roles as a comma-separated list. If you do not specify this parameter, the API returns information about all roles.", + "required": true, + "deprecated": false, + "schema": { + "$ref": "#/components/schemas/_types:Names" + }, + "style": "simple" + }, "security.has_privileges#user": { "in": "path", "name": "user", @@ -60989,6 +61299,27 @@ }, "style": "simple" }, + "security.put_role#name": { + "in": "path", + "name": "name", + "description": "The name of the role that is being created or updated. On Elasticsearch Serverless, the role name must begin with a letter or digit and can only contain letters, digits and the characters '_', '-', and '.'. Each role must have a unique name, as this will serve as the identifier for that role.", + "required": true, + "deprecated": false, + "schema": { + "$ref": "#/components/schemas/_types:Name" + }, + "style": "simple" + }, + "security.put_role#refresh": { + "in": "query", + "name": "refresh", + "description": "If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes.", + "deprecated": false, + "schema": { + "$ref": "#/components/schemas/_types:Refresh" + }, + "style": "form" + }, "security.query_api_keys#with_limited_by": { "in": "query", "name": "with_limited_by", @@ -62773,6 +63104,63 @@ }, "required": true }, + "security.put_role": { + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "applications": { + "description": "A list of application privilege entries.", + "type": "array", + "items": { + "$ref": "#/components/schemas/security._types:ApplicationPrivileges" + } + }, + "cluster": { + "description": "A list of cluster privileges. These privileges define the cluster-level actions for users with this role.", + "type": "array", + "items": { + "$ref": "#/components/schemas/security._types:ClusterPrivilege" + } + }, + "indices": { + "description": "A list of indices permissions entries.", + "type": "array", + "items": { + "$ref": "#/components/schemas/security._types:IndicesPrivileges" + } + }, + "metadata": { + "$ref": "#/components/schemas/_types:Metadata" + }, + "run_as": { + "externalDocs": { + "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/run-as-privilege.html" + }, + "description": "A list of users that the owners of this role can impersonate. *Note*: in Serverless, the run-as feature is disabled. For API compatibility, you can still specify an empty `run_as` field, but a non-empty list will be rejected.", + "type": "array", + "items": { + "type": "string" + } + }, + "description": { + "description": "Optional description of the role descriptor", + "type": "string" + }, + "transient_metadata": { + "description": "Indicates roles that might be incompatible with the current cluster license, specifically roles with document and field level security. When the cluster license doesn’t allow certain features for a given role, this parameter is updated dynamically to list the incompatible features. If `enabled` is `false`, the role is ignored, but is still listed in the response from the authenticate API.", + "type": "object", + "additionalProperties": { + "type": "object" + } + } + } + } + } + }, + "required": true + }, "security.query_api_keys": { "content": { "application/json": { diff --git a/output/schema/schema-serverless.json b/output/schema/schema-serverless.json index edfd942e9c..2a1aedeaa0 100644 --- a/output/schema/schema-serverless.json +++ b/output/schema/schema-serverless.json @@ -8407,6 +8407,40 @@ } ] }, + { + "availability": { + "serverless": { + "stability": "stable", + "visibility": "public" + }, + "stack": { + "stability": "stable" + } + }, + "description": "Removes roles in the native realm.", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-delete-role.html", + "name": "security.delete_role", + "request": { + "name": "Request", + "namespace": "security.delete_role" + }, + "requestBodyRequired": false, + "response": { + "name": "Response", + "namespace": "security.delete_role" + }, + "responseMediaType": [ + "application/json" + ], + "urls": [ + { + "methods": [ + "DELETE" + ], + "path": "/_security/role/{name}" + } + ] + }, { "availability": { "serverless": { @@ -8448,6 +8482,91 @@ } ] }, + { + "availability": { + "serverless": { + "stability": "stable", + "visibility": "public" + }, + "stack": { + "since": "7.3.0", + "stability": "stable" + } + }, + "description": "Retrieves the list of cluster privileges and index privileges that are available in this version of Elasticsearch.", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-builtin-privileges.html", + "name": "security.get_builtin_privileges", + "privileges": { + "cluster": [ + "manage_security" + ] + }, + "request": { + "name": "Request", + "namespace": "security.get_builtin_privileges" + }, + "requestBodyRequired": false, + "response": { + "name": "Response", + "namespace": "security.get_builtin_privileges" + }, + "responseMediaType": [ + "application/json" + ], + "urls": [ + { + "methods": [ + "GET" + ], + "path": "/_security/privilege/_builtin" + } + ] + }, + { + "availability": { + "serverless": { + "stability": "stable", + "visibility": "public" + }, + "stack": { + "stability": "stable" + } + }, + "description": "The role management APIs are generally the preferred way to manage roles, rather than using file-based role management.\nThe get roles API cannot retrieve roles that are defined in roles files.", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-role.html", + "name": "security.get_role", + "privileges": { + "cluster": [ + "manage_security" + ] + }, + "request": { + "name": "Request", + "namespace": "security.get_role" + }, + "requestBodyRequired": false, + "response": { + "name": "Response", + "namespace": "security.get_role" + }, + "responseMediaType": [ + "application/json" + ], + "urls": [ + { + "methods": [ + "GET" + ], + "path": "/_security/role/{name}" + }, + { + "methods": [ + "GET" + ], + "path": "/_security/role" + } + ] + }, { "availability": { "serverless": { @@ -8538,6 +8657,49 @@ } ] }, + { + "availability": { + "serverless": { + "stability": "stable", + "visibility": "public" + }, + "stack": { + "stability": "stable" + } + }, + "description": "The role management APIs are generally the preferred way to manage roles, rather than using file-based role management.\nThe create or update roles API cannot update roles that are defined in roles files.", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-role.html", + "name": "security.put_role", + "privileges": { + "cluster": [ + "manage_security" + ] + }, + "request": { + "name": "Request", + "namespace": "security.put_role" + }, + "requestBodyRequired": true, + "requestMediaType": [ + "application/json" + ], + "response": { + "name": "Response", + "namespace": "security.put_role" + }, + "responseMediaType": [ + "application/json" + ], + "urls": [ + { + "methods": [ + "PUT", + "POST" + ], + "path": "/_security/role/{name}" + } + ] + }, { "availability": { "serverless": { @@ -38828,6 +38990,79 @@ }, "specLocation": "security/create_api_key/SecurityCreateApiKeyResponse.ts#L23-L50" }, + { + "attachedBehaviors": [ + "CommonQueryParameters" + ], + "body": { + "kind": "no_body" + }, + "description": "Removes roles in the native realm.", + "inherits": { + "type": { + "name": "RequestBase", + "namespace": "_types" + } + }, + "kind": "request", + "name": { + "name": "Request", + "namespace": "security.delete_role" + }, + "path": [ + { + "description": "Role name", + "name": "name", + "required": true, + "type": { + "kind": "instance_of", + "type": { + "name": "Name", + "namespace": "_types" + } + } + } + ], + "query": [ + { + "description": "If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes.", + "name": "refresh", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "Refresh", + "namespace": "_types" + } + } + } + ], + "specLocation": "security/delete_role/SecurityDeleteRoleRequest.ts#L23-L35" + }, + { + "body": { + "kind": "properties", + "properties": [ + { + "name": "found", + "required": true, + "type": { + "kind": "instance_of", + "type": { + "name": "boolean", + "namespace": "_builtins" + } + } + } + ] + }, + "kind": "response", + "name": { + "name": "Response", + "namespace": "security.delete_role" + }, + "specLocation": "security/delete_role/SecurityDeleteRoleResponse.ts#L20-L22" + }, { "attachedBehaviors": [ "CommonQueryParameters" @@ -38997,6 +39232,132 @@ }, "specLocation": "security/get_api_key/SecurityGetApiKeyResponse.ts#L22-L24" }, + { + "attachedBehaviors": [ + "CommonQueryParameters" + ], + "body": { + "kind": "no_body" + }, + "description": "Retrieves the list of cluster privileges and index privileges that are available in this version of Elasticsearch.", + "inherits": { + "type": { + "name": "RequestBase", + "namespace": "_types" + } + }, + "kind": "request", + "name": { + "name": "Request", + "namespace": "security.get_builtin_privileges" + }, + "path": [], + "query": [], + "specLocation": "security/get_builtin_privileges/SecurityGetBuiltinPrivilegesRequest.ts#L22-L28" + }, + { + "body": { + "kind": "properties", + "properties": [ + { + "name": "cluster", + "required": true, + "type": { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + } + } + }, + { + "name": "index", + "required": true, + "type": { + "kind": "instance_of", + "type": { + "name": "Indices", + "namespace": "_types" + } + } + } + ] + }, + "kind": "response", + "name": { + "name": "Response", + "namespace": "security.get_builtin_privileges" + }, + "specLocation": "security/get_builtin_privileges/SecurityGetBuiltinPrivilegesResponse.ts#L22-L24" + }, + { + "attachedBehaviors": [ + "CommonQueryParameters" + ], + "body": { + "kind": "no_body" + }, + "description": "The role management APIs are generally the preferred way to manage roles, rather than using file-based role management.\nThe get roles API cannot retrieve roles that are defined in roles files.", + "inherits": { + "type": { + "name": "RequestBase", + "namespace": "_types" + } + }, + "kind": "request", + "name": { + "name": "Request", + "namespace": "security.get_role" + }, + "path": [ + { + "description": "The name of the role. You can specify multiple roles as a comma-separated list. If you do not specify this parameter, the API returns information about all roles.", + "name": "name", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "Names", + "namespace": "_types" + } + } + } + ], + "query": [], + "specLocation": "security/get_role/SecurityGetRoleRequest.ts#L23-L38" + }, + { + "body": { + "kind": "value", + "value": { + "key": { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + }, + "kind": "dictionary_of", + "singleKey": false, + "value": { + "kind": "instance_of", + "type": { + "name": "Role", + "namespace": "security.get_role" + } + } + } + }, + "kind": "response", + "name": { + "name": "Response", + "namespace": "security.get_role" + }, + "specLocation": "security/get_role/SecurityGetRoleResponse.ts#L23-L26" + }, { "attachedBehaviors": [ "CommonQueryParameters" @@ -39334,6 +39695,186 @@ }, "specLocation": "security/invalidate_api_key/SecurityInvalidateApiKeyResponse.ts#L23-L30" }, + { + "attachedBehaviors": [ + "CommonQueryParameters" + ], + "body": { + "kind": "properties", + "properties": [ + { + "description": "A list of application privilege entries.", + "name": "applications", + "required": false, + "type": { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "ApplicationPrivileges", + "namespace": "security._types" + } + } + } + }, + { + "description": "A list of cluster privileges. These privileges define the cluster-level actions for users with this role.", + "name": "cluster", + "required": false, + "type": { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "ClusterPrivilege", + "namespace": "security._types" + } + } + } + }, + { + "description": "A list of indices permissions entries.", + "name": "indices", + "required": false, + "type": { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "IndicesPrivileges", + "namespace": "security._types" + } + } + } + }, + { + "description": "Optional metadata. Within the metadata object, keys that begin with an underscore (`_`) are reserved for system use.", + "name": "metadata", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "Metadata", + "namespace": "_types" + } + } + }, + { + "description": "A list of users that the owners of this role can impersonate. *Note*: in Serverless, the run-as feature is disabled. For API compatibility, you can still specify an empty `run_as` field, but a non-empty list will be rejected.", + "docId": "run-as-privilege", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/run-as-privilege.html", + "name": "run_as", + "required": false, + "type": { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + } + } + }, + { + "description": "Optional description of the role descriptor", + "name": "description", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + } + }, + { + "description": "Indicates roles that might be incompatible with the current cluster license, specifically roles with document and field level security. When the cluster license doesn’t allow certain features for a given role, this parameter is updated dynamically to list the incompatible features. If `enabled` is `false`, the role is ignored, but is still listed in the response from the authenticate API.", + "name": "transient_metadata", + "required": false, + "type": { + "key": { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + }, + "kind": "dictionary_of", + "singleKey": false, + "value": { + "kind": "user_defined_value" + } + } + } + ] + }, + "description": "The role management APIs are generally the preferred way to manage roles, rather than using file-based role management.\nThe create or update roles API cannot update roles that are defined in roles files.", + "inherits": { + "type": { + "name": "RequestBase", + "namespace": "_types" + } + }, + "kind": "request", + "name": { + "name": "Request", + "namespace": "security.put_role" + }, + "path": [ + { + "description": "The name of the role that is being created or updated. On Elasticsearch Serverless, the role name must begin with a letter or digit and can only contain letters, digits and the characters '_', '-', and '.'. Each role must have a unique name, as this will serve as the identifier for that role.", + "name": "name", + "required": true, + "type": { + "kind": "instance_of", + "type": { + "name": "Name", + "namespace": "_types" + } + } + } + ], + "query": [ + { + "description": "If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes.", + "name": "refresh", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "Refresh", + "namespace": "_types" + } + } + } + ], + "specLocation": "security/put_role/SecurityPutRoleRequest.ts#L31-L91" + }, + { + "body": { + "kind": "properties", + "properties": [ + { + "name": "role", + "required": true, + "type": { + "kind": "instance_of", + "type": { + "name": "CreatedStatus", + "namespace": "security._types" + } + } + } + ] + }, + "kind": "response", + "name": { + "name": "Response", + "namespace": "security.put_role" + }, + "specLocation": "security/put_role/SecurityPutRoleResponse.ts#L22-L24" + }, { "attachedBehaviors": [ "CommonQueryParameters" @@ -138298,6 +138839,200 @@ ], "specLocation": "security/authenticate/types.ts#L22-L29" }, + { + "kind": "interface", + "name": { + "name": "Role", + "namespace": "security.get_role" + }, + "properties": [ + { + "name": "cluster", + "required": true, + "type": { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + } + } + }, + { + "name": "indices", + "required": true, + "type": { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "IndicesPrivileges", + "namespace": "security._types" + } + } + } + }, + { + "name": "metadata", + "required": true, + "type": { + "kind": "instance_of", + "type": { + "name": "Metadata", + "namespace": "_types" + } + } + }, + { + "name": "run_as", + "required": true, + "type": { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + } + } + }, + { + "name": "transient_metadata", + "required": false, + "type": { + "key": { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + }, + "kind": "dictionary_of", + "singleKey": false, + "value": { + "kind": "user_defined_value" + } + } + }, + { + "name": "applications", + "required": true, + "type": { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "ApplicationPrivileges", + "namespace": "security._types" + } + } + } + }, + { + "name": "role_templates", + "required": false, + "type": { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "RoleTemplate", + "namespace": "security._types" + } + } + } + }, + { + "availability": { + "serverless": {}, + "stack": { + "since": "8.0.0" + } + }, + "name": "global", + "required": false, + "type": { + "key": { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + }, + "kind": "dictionary_of", + "singleKey": false, + "value": { + "key": { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + }, + "kind": "dictionary_of", + "singleKey": false, + "value": { + "key": { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + }, + "kind": "dictionary_of", + "singleKey": false, + "value": { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + } + } + } + } + } + } + ], + "specLocation": "security/get_role/types.ts#L29-L42" + }, + { + "kind": "interface", + "name": { + "name": "RoleTemplate", + "namespace": "security._types" + }, + "properties": [ + { + "name": "format", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "TemplateFormat", + "namespace": "security._types" + } + } + }, + { + "name": "template", + "required": true, + "type": { + "kind": "instance_of", + "type": { + "name": "Script", + "namespace": "_types" + } + } + } + ], + "specLocation": "security/_types/RoleTemplate.ts#L28-L31" + }, { "kind": "interface", "name": { @@ -138399,6 +139134,27 @@ ], "specLocation": "security/has_privileges/types.ts#L33-L44" }, + { + "kind": "interface", + "name": { + "name": "CreatedStatus", + "namespace": "security._types" + }, + "properties": [ + { + "name": "created", + "required": true, + "type": { + "kind": "instance_of", + "type": { + "name": "boolean", + "namespace": "_builtins" + } + } + } + ], + "specLocation": "security/_types/CreatedStatus.ts#L20-L22" + }, { "kind": "interface", "name": { diff --git a/output/schema/schema.json b/output/schema/schema.json index 38d4e86e5f..a3345c2534 100644 --- a/output/schema/schema.json +++ b/output/schema/schema.json @@ -15517,7 +15517,7 @@ "availability": { "serverless": { "stability": "stable", - "visibility": "private" + "visibility": "public" }, "stack": { "stability": "stable" @@ -15904,7 +15904,7 @@ "availability": { "serverless": { "stability": "stable", - "visibility": "private" + "visibility": "public" }, "stack": { "since": "7.3.0", @@ -15991,7 +15991,7 @@ "availability": { "serverless": { "stability": "stable", - "visibility": "private" + "visibility": "public" }, "stack": { "stability": "stable" @@ -16684,7 +16684,7 @@ "availability": { "serverless": { "stability": "stable", - "visibility": "private" + "visibility": "public" }, "stack": { "stability": "stable" @@ -192923,7 +192923,7 @@ }, "path": [ { - "description": "The name of the role.", + "description": "The name of the role that is being created or updated. On Elasticsearch Serverless, the role name must begin with a letter or digit and can only contain letters, digits and the characters '_', '-', and '.'. Each role must have a unique name, as this will serve as the identifier for that role.", "name": "name", "required": true, "type": { diff --git a/specification/security/delete_role/SecurityDeleteRoleRequest.ts b/specification/security/delete_role/SecurityDeleteRoleRequest.ts index fa4afc81df..0f1d7e2d9b 100644 --- a/specification/security/delete_role/SecurityDeleteRoleRequest.ts +++ b/specification/security/delete_role/SecurityDeleteRoleRequest.ts @@ -23,7 +23,7 @@ import { Name, Refresh } from '@_types/common' /** * @rest_spec_name security.delete_role * @availability stack stability=stable - * @availability serverless stability=stable visibility=private + * @availability serverless stability=stable visibility=public */ export interface Request extends RequestBase { path_parts: { diff --git a/specification/security/get_builtin_privileges/SecurityGetBuiltinPrivilegesRequest.ts b/specification/security/get_builtin_privileges/SecurityGetBuiltinPrivilegesRequest.ts index 646eef3bf9..c1223b8338 100644 --- a/specification/security/get_builtin_privileges/SecurityGetBuiltinPrivilegesRequest.ts +++ b/specification/security/get_builtin_privileges/SecurityGetBuiltinPrivilegesRequest.ts @@ -22,7 +22,7 @@ import { RequestBase } from '@_types/Base' /** * @rest_spec_name security.get_builtin_privileges * @availability stack since=7.3.0 stability=stable - * @availability serverless stability=stable visibility=private + * @availability serverless stability=stable visibility=public * @cluster_privileges manage_security */ export interface Request extends RequestBase {} diff --git a/specification/security/get_role/SecurityGetRoleRequest.ts b/specification/security/get_role/SecurityGetRoleRequest.ts index 2f0a9917a8..21316a24a4 100644 --- a/specification/security/get_role/SecurityGetRoleRequest.ts +++ b/specification/security/get_role/SecurityGetRoleRequest.ts @@ -25,7 +25,7 @@ import { Names } from '@_types/common' * The get roles API cannot retrieve roles that are defined in roles files. * @rest_spec_name security.get_role * @availability stack stability=stable - * @availability serverless stability=stable visibility=private + * @availability serverless stability=stable visibility=public * @cluster_privileges manage_security */ export interface Request extends RequestBase { diff --git a/specification/security/put_role/SecurityPutRoleRequest.ts b/specification/security/put_role/SecurityPutRoleRequest.ts index bfe818361f..09f818145b 100644 --- a/specification/security/put_role/SecurityPutRoleRequest.ts +++ b/specification/security/put_role/SecurityPutRoleRequest.ts @@ -33,13 +33,13 @@ import { Metadata, Name, Refresh } from '@_types/common' * The create or update roles API cannot update roles that are defined in roles files. * @rest_spec_name security.put_role * @availability stack stability=stable - * @availability serverless stability=stable visibility=private + * @availability serverless stability=stable visibility=public * @cluster_privileges manage_security */ export interface Request extends RequestBase { path_parts: { /** - * The name of the role. + * The name of the role that is being created or updated. On Elasticsearch Serverless, the role name must begin with a letter or digit and can only contain letters, digits and the characters '_', '-', and '.'. Each role must have a unique name, as this will serve as the identifier for that role. */ name: Name }