From fad0d2dbae876200ea6f5444e2e23e955013c922 Mon Sep 17 00:00:00 2001 From: lcawl Date: Mon, 21 Oct 2024 14:49:01 -0700 Subject: [PATCH 1/5] [OpenAPI] Edit more security API summaries --- specification/_doc_ids/table.csv | 3 +++ .../SecurityGetUserPrivilegesRequest.ts | 1 + specification/security/get_user_profile/Request.ts | 3 ++- .../security/grant_api_key/SecurityGrantApiKeyRequest.ts | 5 +++-- .../has_privileges/SecurityHasPrivilegesRequest.ts | 3 ++- .../security/has_privileges_user_profile/Request.ts | 3 +++ .../invalidate_api_key/SecurityInvalidateApiKeyRequest.ts | 5 +++-- .../invalidate_token/SecurityInvalidateTokenRequest.ts | 7 +++++++ .../put_privileges/SecurityPutPrivilegesRequest.ts | 3 ++- specification/security/put_role/SecurityPutRoleRequest.ts | 7 ++++--- .../put_role_mapping/SecurityPutRoleMappingRequest.ts | 8 ++++++++ specification/security/put_user/SecurityPutUserRequest.ts | 3 +++ .../security/query_api_keys/QueryApiKeysRequest.ts | 4 ++-- specification/security/query_role/QueryRolesRequest.ts | 3 ++- .../security/query_user/SecurityQueryUserRequest.ts | 4 +++- specification/security/saml_authenticate/Request.ts | 3 ++- specification/security/saml_complete_logout/Request.ts | 1 + specification/security/saml_invalidate/Request.ts | 1 + specification/security/saml_logout/Request.ts | 1 + .../security/saml_prepare_authentication/Request.ts | 3 ++- .../security/saml_service_provider_metadata/Request.ts | 1 + specification/security/suggest_user_profiles/Request.ts | 1 + .../security/update_user_profile_data/Request.ts | 3 ++- 23 files changed, 59 insertions(+), 17 deletions(-) diff --git a/specification/_doc_ids/table.csv b/specification/_doc_ids/table.csv index ca10e4db29..a6c7d7e2fb 100644 --- a/specification/_doc_ids/table.csv +++ b/specification/_doc_ids/table.csv @@ -111,6 +111,7 @@ data-stream-path-param,https://www.elastic.co/guide/en/elasticsearch/reference/{ data-streams,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/data-streams.html date-index-name-processor,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/date-index-name-processor.html dcg,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/search-rank-eval.html#_discounted_cumulative_gain_dcg +defining-roles,https://www.elastic.co/guide/en/elasticsearch/reference/master/defining-roles.html delete-async-sql-search-api,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/delete-async-sql-search-api.html delete-enrich-policy-api,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/delete-enrich-policy-api.html delete-license,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/delete-license.html @@ -569,6 +570,7 @@ security-api-saml-logout,https://www.elastic.co/guide/en/elasticsearch/reference security-api-saml-prepare-authentication,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-saml-prepare-authentication.html security-api-saml-sp-metadata,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-saml-sp-metadata.html security-api-ssl,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-ssl.html +service-accounts,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/service-accounts.html set-processor,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/set-processor.html shape,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/shape.html simulate-pipeline-api,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/simulate-pipeline-api.html @@ -612,6 +614,7 @@ uppercase-processor,https://www.elastic.co/guide/en/elasticsearch/reference/{bra urldecode-processor,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/urldecode-processor.html usage-api,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/usage-api.html user-agent-processor,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/user-agent-processor.html +user-profile,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/user-profile.html voting-config-exclusions,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/voting-config-exclusions.html watcher-api-ack-watch,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/watcher-api-ack-watch.html watcher-api-activate-watch,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/watcher-api-activate-watch.html diff --git a/specification/security/get_user_privileges/SecurityGetUserPrivilegesRequest.ts b/specification/security/get_user_privileges/SecurityGetUserPrivilegesRequest.ts index 07c3d9a54b..a549b6f186 100644 --- a/specification/security/get_user_privileges/SecurityGetUserPrivilegesRequest.ts +++ b/specification/security/get_user_privileges/SecurityGetUserPrivilegesRequest.ts @@ -21,6 +21,7 @@ import { RequestBase } from '@_types/Base' import { Name } from '@_types/common' /** + * Get user privileges. * @rest_spec_name security.get_user_privileges * @availability stack since=6.5.0 stability=stable * @availability serverless stability=stable visibility=private diff --git a/specification/security/get_user_profile/Request.ts b/specification/security/get_user_profile/Request.ts index b65916328a..6b7093f727 100644 --- a/specification/security/get_user_profile/Request.ts +++ b/specification/security/get_user_profile/Request.ts @@ -21,7 +21,8 @@ import { UserProfileId } from '@security/_types/UserProfile' import { RequestBase } from '@_types/Base' /** - * Retrieves a user's profile using the unique profile ID. + * Get a user profile. + * Get a user's profile using the unique profile ID. * @rest_spec_name security.get_user_profile * @availability stack since=8.2.0 stability=stable * @availability serverless stability=stable visibility=private diff --git a/specification/security/grant_api_key/SecurityGrantApiKeyRequest.ts b/specification/security/grant_api_key/SecurityGrantApiKeyRequest.ts index 60690cc003..1ef84eedf1 100644 --- a/specification/security/grant_api_key/SecurityGrantApiKeyRequest.ts +++ b/specification/security/grant_api_key/SecurityGrantApiKeyRequest.ts @@ -22,8 +22,9 @@ import { Password, Username } from '@_types/common' import { ApiKeyGrantType, GrantApiKey } from './types' /** - * Creates an API key on behalf of another user. - * This API is similar to Create API keys, however it creates the API key for a user that is different than the user that runs the API. + * Grant an API key. + * Create an API key on behalf of another user. + * This API is similar to the create API keys API, however it creates the API key for a user that is different than the user that runs the API. * The caller must have authentication credentials (either an access token, or a username and password) for the user on whose behalf the API key will be created. * It is not possible to use this API to create an API key without that user’s credentials. * The user, for whom the authentication credentials is provided, can optionally "run as" (impersonate) another user. diff --git a/specification/security/has_privileges/SecurityHasPrivilegesRequest.ts b/specification/security/has_privileges/SecurityHasPrivilegesRequest.ts index ee25210b71..4c883e0118 100644 --- a/specification/security/has_privileges/SecurityHasPrivilegesRequest.ts +++ b/specification/security/has_privileges/SecurityHasPrivilegesRequest.ts @@ -24,10 +24,11 @@ import { ApplicationPrivilegesCheck, IndexPrivilegesCheck } from './types' /** * Check user privileges. - * Determines whether the specified user has a specified list of privileges. + * Determine whether the specified user has a specified list of privileges. * @rest_spec_name security.has_privileges * @availability stack since=6.4.0 stability=stable * @availability serverless stability=stable visibility=public + * @ext_doc_id security-privileges */ export interface Request extends RequestBase { path_parts: { diff --git a/specification/security/has_privileges_user_profile/Request.ts b/specification/security/has_privileges_user_profile/Request.ts index d8487d4c1c..f7f46d0856 100644 --- a/specification/security/has_privileges_user_profile/Request.ts +++ b/specification/security/has_privileges_user_profile/Request.ts @@ -22,10 +22,13 @@ import { RequestBase } from '@_types/Base' import { PrivilegesCheck } from './types' /** + * Check user profile privileges. + * Determine whether the users associated with the specified user profile IDs have all the requested privileges. * @rest_spec_name security.has_privileges_user_profile * @availability stack since=8.3.0 stability=stable * @availability serverless stability=stable visibility=private * @cluster_privileges manage_user_profile + * @ext_doc_id user-profile */ export interface Request extends RequestBase { body: { diff --git a/specification/security/invalidate_api_key/SecurityInvalidateApiKeyRequest.ts b/specification/security/invalidate_api_key/SecurityInvalidateApiKeyRequest.ts index 438ce35765..b6c07c70be 100644 --- a/specification/security/invalidate_api_key/SecurityInvalidateApiKeyRequest.ts +++ b/specification/security/invalidate_api_key/SecurityInvalidateApiKeyRequest.ts @@ -22,13 +22,14 @@ import { Id, Name, Username } from '@_types/common' /** * Invalidate API keys. - * Invalidates one or more API keys. + * This API invalidates API keys created by the create API key or grant API key APIs. + * Invalidated API keys fail authentication, but they can still be viewed using the get API key information and query API key information APIs, for at least the configured retention period, until they are automatically deleted. * The `manage_api_key` privilege allows deleting any API keys. * The `manage_own_api_key` only allows deleting API keys that are owned by the user. * In addition, with the `manage_own_api_key` privilege, an invalidation request must be issued in one of the three formats: * - Set the parameter `owner=true`. * - Or, set both `username` and `realm_name` to match the user’s identity. - * - Or, if the request is issued by an API key, i.e. an API key invalidates itself, specify its ID in the `ids` field. + * - Or, if the request is issued by an API key, that is to say an API key invalidates itself, specify its ID in the `ids` field. * @rest_spec_name security.invalidate_api_key * @availability stack since=6.7.0 stability=stable * @availability serverless stability=stable visibility=public diff --git a/specification/security/invalidate_token/SecurityInvalidateTokenRequest.ts b/specification/security/invalidate_token/SecurityInvalidateTokenRequest.ts index 0a7f71ef03..4a8ee85864 100644 --- a/specification/security/invalidate_token/SecurityInvalidateTokenRequest.ts +++ b/specification/security/invalidate_token/SecurityInvalidateTokenRequest.ts @@ -21,6 +21,13 @@ import { RequestBase } from '@_types/Base' import { Name, Username } from '@_types/common' /** + * Invalidate a token. + * The access tokens returned by the get token API have a finite period of time for which they are valid. + * After that time period, they can no longer be used. + * The time period is defined by the `xpack.security.authc.token.timeout` setting. + * + * The refresh tokens returned by the get token API are only valid for 24 hours. They can also be used exactly once. + * If you want to invalidate one or more access or refresh tokens immediately, use this invalidate token API. * @rest_spec_name security.invalidate_token * @availability stack since=5.5.0 stability=stable * @availability serverless stability=stable visibility=private diff --git a/specification/security/put_privileges/SecurityPutPrivilegesRequest.ts b/specification/security/put_privileges/SecurityPutPrivilegesRequest.ts index ea5414d537..90c7694e46 100644 --- a/specification/security/put_privileges/SecurityPutPrivilegesRequest.ts +++ b/specification/security/put_privileges/SecurityPutPrivilegesRequest.ts @@ -23,10 +23,11 @@ import { Refresh } from '@_types/common' import { Actions } from './types' /** + * Create or update application privileges. * @rest_spec_name security.put_privileges * @availability stack since=6.4.0 stability=stable * @availability serverless stability=stable visibility=private - * + * @ext_doc_id security-privileges */ export interface Request extends RequestBase { query_parameters: { diff --git a/specification/security/put_role/SecurityPutRoleRequest.ts b/specification/security/put_role/SecurityPutRoleRequest.ts index cebcc3da17..70342c0f59 100644 --- a/specification/security/put_role/SecurityPutRoleRequest.ts +++ b/specification/security/put_role/SecurityPutRoleRequest.ts @@ -29,13 +29,14 @@ import { RequestBase } from '@_types/Base' import { Metadata, Name, Refresh } from '@_types/common' /** - * Create or update roles API. - * - * Create or update roles in the native realm. + * Create or update roles. + * The role management APIs are generally the preferred way to manage roles in the native realm, rather than using file-based role management. + * The create or update roles API cannot update roles that are defined in roles files. * @rest_spec_name security.put_role * @availability stack stability=stable * @availability serverless stability=stable visibility=public * @cluster_privileges manage_security + * @ext_doc_id defining-roles */ export interface Request extends RequestBase { path_parts: { diff --git a/specification/security/put_role_mapping/SecurityPutRoleMappingRequest.ts b/specification/security/put_role_mapping/SecurityPutRoleMappingRequest.ts index 2ad9aba1e1..24c79b84c8 100644 --- a/specification/security/put_role_mapping/SecurityPutRoleMappingRequest.ts +++ b/specification/security/put_role_mapping/SecurityPutRoleMappingRequest.ts @@ -23,9 +23,17 @@ import { RequestBase } from '@_types/Base' import { Metadata, Name, Refresh } from '@_types/common' /** + * Create or update role mappings. + * Role mappings define which roles are assigned to each user. + * Each mapping has rules that identify users and a list of roles that are granted to those users. + * The role mapping APIs are generally the preferred way to manage role mappings rather than using role mapping files. The create or update role mappings API cannot update role mappings that are defined in role mapping files. + * + * This API does not create roles. Rather, it maps users to existing roles. + * Roles can be created by using the create or update roles API or roles files. * @rest_spec_name security.put_role_mapping * @availability stack since=5.5.0 stability=stable * @availability serverless stability=stable visibility=private + * @ext_doc_id mapping-roles */ export interface Request extends RequestBase { path_parts: { diff --git a/specification/security/put_user/SecurityPutUserRequest.ts b/specification/security/put_user/SecurityPutUserRequest.ts index ada08b3c16..a96ae2c4d8 100644 --- a/specification/security/put_user/SecurityPutUserRequest.ts +++ b/specification/security/put_user/SecurityPutUserRequest.ts @@ -21,6 +21,9 @@ import { RequestBase } from '@_types/Base' import { Metadata, Password, Refresh, Username } from '@_types/common' /** + * Create or update users. + * A password is required for adding a new user but is optional when updating an existing user. + * To change a user’s password without updating any other fields, use the change password API. * @rest_spec_name security.put_user * @availability stack stability=stable */ diff --git a/specification/security/query_api_keys/QueryApiKeysRequest.ts b/specification/security/query_api_keys/QueryApiKeysRequest.ts index 74ffb932be..44897eafda 100644 --- a/specification/security/query_api_keys/QueryApiKeysRequest.ts +++ b/specification/security/query_api_keys/QueryApiKeysRequest.ts @@ -24,8 +24,8 @@ import { Sort, SortResults } from '@_types/sort' import { ApiKeyAggregationContainer, ApiKeyQueryContainer } from './types' /** - * Query API keys. - * Retrieves a paginated list of API keys and their information. You can optionally filter the results with a query. + * Find API keys with a query. + * Get a paginated list of API keys and their information. You can optionally filter the results with a query. * @rest_spec_name security.query_api_keys * @availability stack since=7.15.0 stability=stable * @availability serverless stability=stable visibility=public diff --git a/specification/security/query_role/QueryRolesRequest.ts b/specification/security/query_role/QueryRolesRequest.ts index 63fce15d68..45a2584f7e 100644 --- a/specification/security/query_role/QueryRolesRequest.ts +++ b/specification/security/query_role/QueryRolesRequest.ts @@ -23,7 +23,8 @@ import { Sort, SortResults } from '@_types/sort' import { RoleQueryContainer } from './types' /** - * Retrieves roles in a paginated manner. You can optionally filter the results with a query. + * Find roles with a query. + * Get roles in a paginated manner. You can optionally filter the results with a query. * @rest_spec_name security.query_role * @availability stack since=8.15.0 stability=stable * @availability serverless stability=stable visibility=private diff --git a/specification/security/query_user/SecurityQueryUserRequest.ts b/specification/security/query_user/SecurityQueryUserRequest.ts index e48823cdf3..9ffcc13f1f 100644 --- a/specification/security/query_user/SecurityQueryUserRequest.ts +++ b/specification/security/query_user/SecurityQueryUserRequest.ts @@ -23,7 +23,9 @@ import { Sort, SortResults } from '@_types/sort' import { UserQueryContainer } from './types' /** - * Retrieves information for Users in a paginated manner. You can optionally filter the results with a query. + * Find users with a query. + * Get information for users in a paginated manner. + * You can optionally filter the results with a query. * @rest_spec_name security.query_user * @availability stack since=8.14.0 stability=stable * @availability serverless stability=stable visibility=private diff --git a/specification/security/saml_authenticate/Request.ts b/specification/security/saml_authenticate/Request.ts index 301cc098f5..60497b4b0b 100644 --- a/specification/security/saml_authenticate/Request.ts +++ b/specification/security/saml_authenticate/Request.ts @@ -21,7 +21,8 @@ import { RequestBase } from '@_types/Base' import { Ids } from '@_types/common' /** - * Submits a SAML Response message to Elasticsearch for consumption. + * Authenticate SAML. + * Submits a SAML response message to Elasticsearch for consumption. * @rest_spec_name security.saml_authenticate * @availability stack since=7.5.0 stability=stable * @availability serverless stability=stable visibility=private diff --git a/specification/security/saml_complete_logout/Request.ts b/specification/security/saml_complete_logout/Request.ts index a5cbedec3a..27dd3ba449 100644 --- a/specification/security/saml_complete_logout/Request.ts +++ b/specification/security/saml_complete_logout/Request.ts @@ -21,6 +21,7 @@ import { RequestBase } from '@_types/Base' import { Ids } from '@_types/common' /** + * Logout of SAML completely. * Verifies the logout response sent from the SAML IdP. * @rest_spec_name security.saml_complete_logout * @availability stack since=7.14.0 stability=stable diff --git a/specification/security/saml_invalidate/Request.ts b/specification/security/saml_invalidate/Request.ts index f0fab7cd44..0409a7f3a6 100644 --- a/specification/security/saml_invalidate/Request.ts +++ b/specification/security/saml_invalidate/Request.ts @@ -20,6 +20,7 @@ import { RequestBase } from '@_types/Base' /** + * Invalidate SAML. * Submits a SAML LogoutRequest message to Elasticsearch for consumption. * @rest_spec_name security.saml_invalidate * @availability stack since=7.5.0 stability=stable diff --git a/specification/security/saml_logout/Request.ts b/specification/security/saml_logout/Request.ts index dbd8473658..b8dec63349 100644 --- a/specification/security/saml_logout/Request.ts +++ b/specification/security/saml_logout/Request.ts @@ -20,6 +20,7 @@ import { RequestBase } from '@_types/Base' /** + * Logout of SAML. * Submits a request to invalidate an access token and refresh token. * @rest_spec_name security.saml_logout * @availability stack since=7.5.0 stability=stable diff --git a/specification/security/saml_prepare_authentication/Request.ts b/specification/security/saml_prepare_authentication/Request.ts index 604090cd1a..ca675c65d2 100644 --- a/specification/security/saml_prepare_authentication/Request.ts +++ b/specification/security/saml_prepare_authentication/Request.ts @@ -20,7 +20,8 @@ import { RequestBase } from '@_types/Base' /** - * Creates a SAML authentication request () as a URL string, based on the configuration of the respective SAML realm in Elasticsearch. + * Prepare SAML authentication. + * Creates a SAML authentication request (``) as a URL string, based on the configuration of the respective SAML realm in Elasticsearch. * @rest_spec_name security.saml_prepare_authentication * @availability stack since=7.5.0 stability=stable * @availability serverless stability=stable visibility=private diff --git a/specification/security/saml_service_provider_metadata/Request.ts b/specification/security/saml_service_provider_metadata/Request.ts index 50deb7df67..e8cd08fe12 100644 --- a/specification/security/saml_service_provider_metadata/Request.ts +++ b/specification/security/saml_service_provider_metadata/Request.ts @@ -21,6 +21,7 @@ import { RequestBase } from '@_types/Base' import { Name } from '@_types/common' /** + * Create SAML service provider metadata. * Generate SAML metadata for a SAML 2.0 Service Provider. * @rest_spec_name security.saml_service_provider_metadata * @availability stack since=7.11.0 stability=stable diff --git a/specification/security/suggest_user_profiles/Request.ts b/specification/security/suggest_user_profiles/Request.ts index daa720a5b2..8ea8e082af 100644 --- a/specification/security/suggest_user_profiles/Request.ts +++ b/specification/security/suggest_user_profiles/Request.ts @@ -22,6 +22,7 @@ import { long } from '@_types/Numeric' import { Hint } from './types' /** + * Suggest a user profile. * Get suggestions for user profiles that match specified search criteria. * @rest_spec_name security.suggest_user_profiles * @availability stack since=8.2.0 stability=stable diff --git a/specification/security/update_user_profile_data/Request.ts b/specification/security/update_user_profile_data/Request.ts index ef6d3d83bb..d9f3ec6ddd 100644 --- a/specification/security/update_user_profile_data/Request.ts +++ b/specification/security/update_user_profile_data/Request.ts @@ -25,7 +25,8 @@ import { Refresh, SequenceNumber } from '@_types/common' import { long } from '@_types/Numeric' /** - * Updates specific data for the user profile that's associated with the specified unique ID. + * Update user profile data. + * Update specific data for the user profile that is associated with a unique ID. * @rest_spec_name security.update_user_profile_data * @availability stack since=8.2.0 stability=stable * @availability serverless stability=stable visibility=private From 00c534ec334c20c78095c160e636264aff31961e Mon Sep 17 00:00:00 2001 From: lcawl Date: Mon, 21 Oct 2024 14:52:26 -0700 Subject: [PATCH 2/5] Generate output --- compiler/package-lock.json | 10 +- output/openapi/elasticsearch-openapi.json | 144 ++++++++++++------ .../elasticsearch-serverless-openapi.json | 44 ++++-- output/schema/schema.json | 140 +++++++++-------- package-lock.json | 8 +- package.json | 2 +- specification/_doc_ids/table.csv | 4 +- 7 files changed, 219 insertions(+), 133 deletions(-) diff --git a/compiler/package-lock.json b/compiler/package-lock.json index ed183152ca..56c687fd0d 100644 --- a/compiler/package-lock.json +++ b/compiler/package-lock.json @@ -33,6 +33,10 @@ "node": ">=14" } }, + "../compiler-rs/compiler-wasm-lib/pkg": { + "name": "compiler-wasm-lib", + "version": "0.1.0" + }, "node_modules/@babel/code-frame": { "version": "7.12.11", "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.12.11.tgz", @@ -1540,8 +1544,8 @@ "dev": true }, "node_modules/compiler-wasm-lib": { - "version": "0.1.0", - "resolved": "file:../compiler-rs/compiler-wasm-lib/pkg" + "resolved": "../compiler-rs/compiler-wasm-lib/pkg", + "link": true }, "node_modules/concat-map": { "version": "0.0.1", @@ -6484,7 +6488,7 @@ "dev": true }, "compiler-wasm-lib": { - "version": "0.1.0" + "version": "file:../compiler-rs/compiler-wasm-lib/pkg" }, "concat-map": { "version": "0.0.1", diff --git a/output/openapi/elasticsearch-openapi.json b/output/openapi/elasticsearch-openapi.json index c38334cf59..6665342e8e 100644 --- a/output/openapi/elasticsearch-openapi.json +++ b/output/openapi/elasticsearch-openapi.json @@ -27647,7 +27647,7 @@ "security" ], "summary": "Invalidate API keys", - "description": "Invalidates one or more API keys.\nThe `manage_api_key` privilege allows deleting any API keys.\nThe `manage_own_api_key` only allows deleting API keys that are owned by the user.\nIn addition, with the `manage_own_api_key` privilege, an invalidation request must be issued in one of the three formats:\n- Set the parameter `owner=true`.\n- Or, set both `username` and `realm_name` to match the user’s identity.\n- Or, if the request is issued by an API key, i.e. an API key invalidates itself, specify its ID in the `ids` field.", + "description": "This API invalidates API keys created by the create API key or grant API key APIs.\nInvalidated API keys fail authentication, but they can still be viewed using the get API key information and query API key information APIs, for at least the configured retention period, until they are automatically deleted.\nThe `manage_api_key` privilege allows deleting any API keys.\nThe `manage_own_api_key` only allows deleting API keys that are owned by the user.\nIn addition, with the `manage_own_api_key` privilege, an invalidation request must be issued in one of the three formats:\n- Set the parameter `owner=true`.\n- Or, set both `username` and `realm_name` to match the user’s identity.\n- Or, if the request is issued by an API key, that is to say an API key invalidates itself, specify its ID in the `ids` field.", "operationId": "security-invalidate-api-key", "requestBody": { "content": { @@ -27986,8 +27986,11 @@ "tags": [ "security" ], - "summary": "Create or update roles API", - "description": "Create or update roles in the native realm.", + "summary": "Create or update roles", + "description": "The role management APIs are generally the preferred way to manage roles in the native realm, rather than using file-based role management.\nThe create or update roles API cannot update roles that are defined in roles files.", + "externalDocs": { + "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/defining-roles.html" + }, "operationId": "security-put-role", "parameters": [ { @@ -28010,8 +28013,11 @@ "tags": [ "security" ], - "summary": "Create or update roles API", - "description": "Create or update roles in the native realm.", + "summary": "Create or update roles", + "description": "The role management APIs are generally the preferred way to manage roles in the native realm, rather than using file-based role management.\nThe create or update roles API cannot update roles that are defined in roles files.", + "externalDocs": { + "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/defining-roles.html" + }, "operationId": "security-put-role-1", "parameters": [ { @@ -28105,7 +28111,11 @@ "tags": [ "security" ], - "summary": "Creates and updates role mappings", + "summary": "Create or update role mappings", + "description": "Role mappings define which roles are assigned to each user.\nEach mapping has rules that identify users and a list of roles that are granted to those users.\nThe role mapping APIs are generally the preferred way to manage role mappings rather than using role mapping files. The create or update role mappings API cannot update role mappings that are defined in role mapping files.\n\nThis API does not create roles. Rather, it maps users to existing roles.\nRoles can be created by using the create or update roles API or roles files.", + "externalDocs": { + "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping-roles.html" + }, "operationId": "security-put-role-mapping", "parameters": [ { @@ -28129,7 +28139,11 @@ "tags": [ "security" ], - "summary": "Creates and updates role mappings", + "summary": "Create or update role mappings", + "description": "Role mappings define which roles are assigned to each user.\nEach mapping has rules that identify users and a list of roles that are granted to those users.\nThe role mapping APIs are generally the preferred way to manage role mappings rather than using role mapping files. The create or update role mappings API cannot update role mappings that are defined in role mapping files.\n\nThis API does not create roles. Rather, it maps users to existing roles.\nRoles can be created by using the create or update roles API or roles files.", + "externalDocs": { + "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping-roles.html" + }, "operationId": "security-put-role-mapping-1", "parameters": [ { @@ -28226,8 +28240,8 @@ "tags": [ "security" ], - "summary": "Adds and updates users in the native realm", - "description": "These users are commonly referred to as native users.", + "summary": "Create or update users", + "description": "A password is required for adding a new user but is optional when updating an existing user.\nTo change a user’s password without updating any other fields, use the change password API.", "operationId": "security-put-user", "parameters": [ { @@ -28250,8 +28264,8 @@ "tags": [ "security" ], - "summary": "Adds and updates users in the native realm", - "description": "These users are commonly referred to as native users.", + "summary": "Create or update users", + "description": "A password is required for adding a new user but is optional when updating an existing user.\nTo change a user’s password without updating any other fields, use the change password API.", "operationId": "security-put-user-1", "parameters": [ { @@ -28639,7 +28653,10 @@ "tags": [ "security" ], - "summary": "Adds or updates application privileges", + "summary": "Create or update application privileges", + "externalDocs": { + "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-privileges.html" + }, "operationId": "security-put-privileges", "parameters": [ { @@ -28660,7 +28677,10 @@ "tags": [ "security" ], - "summary": "Adds or updates application privileges", + "summary": "Create or update application privileges", + "externalDocs": { + "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-privileges.html" + }, "operationId": "security-put-privileges-1", "parameters": [ { @@ -28924,7 +28944,8 @@ "tags": [ "security" ], - "summary": "Invalidates one or more access tokens or refresh tokens", + "summary": "Invalidate a token", + "description": "The access tokens returned by the get token API have a finite period of time for which they are valid.\nAfter that time period, they can no longer be used.\nThe time period is defined by the `xpack.security.authc.token.timeout` setting.\n\nThe refresh tokens returned by the get token API are only valid for 24 hours. They can also be used exactly once.\nIf you want to invalidate one or more access or refresh tokens immediately, use this invalidate token API.", "operationId": "security-invalidate-token", "requestBody": { "content": { @@ -29011,7 +29032,7 @@ "tags": [ "security" ], - "summary": "Retrieves security privileges for the logged in user", + "summary": "Get user privileges", "operationId": "security-get-user-privileges", "parameters": [ { @@ -29111,7 +29132,8 @@ "tags": [ "security" ], - "summary": "Retrieves a user's profile using the unique profile ID", + "summary": "Get a user profile", + "description": "Get a user's profile using the unique profile ID.", "operationId": "security-get-user-profile", "parameters": [ { @@ -29190,8 +29212,8 @@ "tags": [ "security" ], - "summary": "Creates an API key on behalf of another user", - "description": "This API is similar to Create API keys, however it creates the API key for a user that is different than the user that runs the API.\nThe caller must have authentication credentials (either an access token, or a username and password) for the user on whose behalf the API key will be created.\nIt is not possible to use this API to create an API key without that user’s credentials.\nThe user, for whom the authentication credentials is provided, can optionally \"run as\" (impersonate) another user.\nIn this case, the API key will be created on behalf of the impersonated user.\n\nThis API is intended be used by applications that need to create and manage API keys for end users, but cannot guarantee that those users have permission to create API keys on their own behalf.\n\nA successful grant API key API call returns a JSON structure that contains the API key, its unique id, and its name.\nIf applicable, it also returns expiration information for the API key in milliseconds.\n\nBy default, API keys never expire. You can specify expiration information when you create the API keys.", + "summary": "Grant an API key", + "description": "Create an API key on behalf of another user.\nThis API is similar to the create API keys API, however it creates the API key for a user that is different than the user that runs the API.\nThe caller must have authentication credentials (either an access token, or a username and password) for the user on whose behalf the API key will be created.\nIt is not possible to use this API to create an API key without that user’s credentials.\nThe user, for whom the authentication credentials is provided, can optionally \"run as\" (impersonate) another user.\nIn this case, the API key will be created on behalf of the impersonated user.\n\nThis API is intended be used by applications that need to create and manage API keys for end users, but cannot guarantee that those users have permission to create API keys on their own behalf.\n\nA successful grant API key API call returns a JSON structure that contains the API key, its unique id, and its name.\nIf applicable, it also returns expiration information for the API key in milliseconds.\n\nBy default, API keys never expire. You can specify expiration information when you create the API keys.", "operationId": "security-grant-api-key", "requestBody": { "content": { @@ -29272,7 +29294,10 @@ "security" ], "summary": "Check user privileges", - "description": "Determines whether the specified user has a specified list of privileges.", + "description": "Determine whether the specified user has a specified list of privileges.", + "externalDocs": { + "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-privileges.html" + }, "operationId": "security-has-privileges", "requestBody": { "$ref": "#/components/requestBodies/security.has_privileges" @@ -29289,7 +29314,10 @@ "security" ], "summary": "Check user privileges", - "description": "Determines whether the specified user has a specified list of privileges.", + "description": "Determine whether the specified user has a specified list of privileges.", + "externalDocs": { + "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-privileges.html" + }, "operationId": "security-has-privileges-1", "requestBody": { "$ref": "#/components/requestBodies/security.has_privileges" @@ -29308,7 +29336,10 @@ "security" ], "summary": "Check user privileges", - "description": "Determines whether the specified user has a specified list of privileges.", + "description": "Determine whether the specified user has a specified list of privileges.", + "externalDocs": { + "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-privileges.html" + }, "operationId": "security-has-privileges-2", "parameters": [ { @@ -29330,7 +29361,10 @@ "security" ], "summary": "Check user privileges", - "description": "Determines whether the specified user has a specified list of privileges.", + "description": "Determine whether the specified user has a specified list of privileges.", + "externalDocs": { + "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-privileges.html" + }, "operationId": "security-has-privileges-3", "parameters": [ { @@ -29353,7 +29387,11 @@ "tags": [ "security" ], - "summary": "Determines whether the users associated with the specified profile IDs have all the requested privileges", + "summary": "Check user profile privileges", + "description": "Determine whether the users associated with the specified user profile IDs have all the requested privileges.", + "externalDocs": { + "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/user-profile.html" + }, "operationId": "security-has-privileges-user-profile", "requestBody": { "$ref": "#/components/requestBodies/security.has_privileges_user_profile" @@ -29369,7 +29407,11 @@ "tags": [ "security" ], - "summary": "Determines whether the users associated with the specified profile IDs have all the requested privileges", + "summary": "Check user profile privileges", + "description": "Determine whether the users associated with the specified user profile IDs have all the requested privileges.", + "externalDocs": { + "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/user-profile.html" + }, "operationId": "security-has-privileges-user-profile-1", "requestBody": { "$ref": "#/components/requestBodies/security.has_privileges_user_profile" @@ -29387,8 +29429,8 @@ "tags": [ "security" ], - "summary": "Query API keys", - "description": "Retrieves a paginated list of API keys and their information. You can optionally filter the results with a query.", + "summary": "Find API keys with a query", + "description": "Get a paginated list of API keys and their information. You can optionally filter the results with a query.", "operationId": "security-query-api-keys", "parameters": [ { @@ -29415,8 +29457,8 @@ "tags": [ "security" ], - "summary": "Query API keys", - "description": "Retrieves a paginated list of API keys and their information. You can optionally filter the results with a query.", + "summary": "Find API keys with a query", + "description": "Get a paginated list of API keys and their information. You can optionally filter the results with a query.", "operationId": "security-query-api-keys-1", "parameters": [ { @@ -29445,8 +29487,8 @@ "tags": [ "security" ], - "summary": "Retrieves roles in a paginated manner", - "description": "You can optionally filter the results with a query.", + "summary": "Find roles with a query", + "description": "Get roles in a paginated manner. You can optionally filter the results with a query.", "operationId": "security-query-role", "requestBody": { "$ref": "#/components/requestBodies/security.query_role" @@ -29462,8 +29504,8 @@ "tags": [ "security" ], - "summary": "Retrieves roles in a paginated manner", - "description": "You can optionally filter the results with a query.", + "summary": "Find roles with a query", + "description": "Get roles in a paginated manner. You can optionally filter the results with a query.", "operationId": "security-query-role-1", "requestBody": { "$ref": "#/components/requestBodies/security.query_role" @@ -29481,8 +29523,8 @@ "tags": [ "security" ], - "summary": "Retrieves information for Users in a paginated manner", - "description": "You can optionally filter the results with a query.", + "summary": "Find users with a query", + "description": "Get information for users in a paginated manner.\nYou can optionally filter the results with a query.", "operationId": "security-query-user", "parameters": [ { @@ -29503,8 +29545,8 @@ "tags": [ "security" ], - "summary": "Retrieves information for Users in a paginated manner", - "description": "You can optionally filter the results with a query.", + "summary": "Find users with a query", + "description": "Get information for users in a paginated manner.\nYou can optionally filter the results with a query.", "operationId": "security-query-user-1", "parameters": [ { @@ -29527,7 +29569,8 @@ "tags": [ "security" ], - "summary": "Submits a SAML Response message to Elasticsearch for consumption", + "summary": "Authenticate SAML", + "description": "Submits a SAML response message to Elasticsearch for consumption.", "operationId": "security-saml-authenticate", "requestBody": { "content": { @@ -29600,7 +29643,8 @@ "tags": [ "security" ], - "summary": "Verifies the logout response sent from the SAML IdP", + "summary": "Logout of SAML completely", + "description": "Verifies the logout response sent from the SAML IdP.", "operationId": "security-saml-complete-logout", "requestBody": { "content": { @@ -29649,7 +29693,8 @@ "tags": [ "security" ], - "summary": "Submits a SAML LogoutRequest message to Elasticsearch for consumption", + "summary": "Invalidate SAML", + "description": "Submits a SAML LogoutRequest message to Elasticsearch for consumption.", "operationId": "security-saml-invalidate", "requestBody": { "content": { @@ -29714,7 +29759,8 @@ "tags": [ "security" ], - "summary": "Submits a request to invalidate an access token and refresh token", + "summary": "Logout of SAML", + "description": "Submits a request to invalidate an access token and refresh token.", "operationId": "security-saml-logout", "requestBody": { "content": { @@ -29767,7 +29813,8 @@ "tags": [ "security" ], - "summary": "Creates a SAML authentication request () as a URL string, based on the configuration of the respective SAML realm in Elasticsearch", + "summary": "Prepare SAML authentication", + "description": "Creates a SAML authentication request (``) as a URL string, based on the configuration of the respective SAML realm in Elasticsearch.", "operationId": "security-saml-prepare-authentication", "requestBody": { "content": { @@ -29829,7 +29876,8 @@ "tags": [ "security" ], - "summary": "Generate SAML metadata for a SAML 2.0 Service Provider", + "summary": "Create SAML service provider metadata", + "description": "Generate SAML metadata for a SAML 2.0 Service Provider.", "operationId": "security-saml-service-provider-metadata", "parameters": [ { @@ -29872,7 +29920,8 @@ "tags": [ "security" ], - "summary": "Get suggestions for user profiles that match specified search criteria", + "summary": "Suggest a user profile", + "description": "Get suggestions for user profiles that match specified search criteria.", "operationId": "security-suggest-user-profiles", "parameters": [ { @@ -29893,7 +29942,8 @@ "tags": [ "security" ], - "summary": "Get suggestions for user profiles that match specified search criteria", + "summary": "Suggest a user profile", + "description": "Get suggestions for user profiles that match specified search criteria.", "operationId": "security-suggest-user-profiles-1", "parameters": [ { @@ -29985,7 +30035,8 @@ "tags": [ "security" ], - "summary": "Updates specific data for the user profile that's associated with the specified unique ID", + "summary": "Update user profile data", + "description": "Update specific data for the user profile that is associated with a unique ID.", "operationId": "security-update-user-profile-data", "parameters": [ { @@ -30015,7 +30066,8 @@ "tags": [ "security" ], - "summary": "Updates specific data for the user profile that's associated with the specified unique ID", + "summary": "Update user profile data", + "description": "Update specific data for the user profile that is associated with a unique ID.", "operationId": "security-update-user-profile-data-1", "parameters": [ { diff --git a/output/openapi/elasticsearch-serverless-openapi.json b/output/openapi/elasticsearch-serverless-openapi.json index 249b543cb9..597cf27d0e 100644 --- a/output/openapi/elasticsearch-serverless-openapi.json +++ b/output/openapi/elasticsearch-serverless-openapi.json @@ -16777,7 +16777,7 @@ "security" ], "summary": "Invalidate API keys", - "description": "Invalidates one or more API keys.\nThe `manage_api_key` privilege allows deleting any API keys.\nThe `manage_own_api_key` only allows deleting API keys that are owned by the user.\nIn addition, with the `manage_own_api_key` privilege, an invalidation request must be issued in one of the three formats:\n- Set the parameter `owner=true`.\n- Or, set both `username` and `realm_name` to match the user’s identity.\n- Or, if the request is issued by an API key, i.e. an API key invalidates itself, specify its ID in the `ids` field.", + "description": "This API invalidates API keys created by the create API key or grant API key APIs.\nInvalidated API keys fail authentication, but they can still be viewed using the get API key information and query API key information APIs, for at least the configured retention period, until they are automatically deleted.\nThe `manage_api_key` privilege allows deleting any API keys.\nThe `manage_own_api_key` only allows deleting API keys that are owned by the user.\nIn addition, with the `manage_own_api_key` privilege, an invalidation request must be issued in one of the three formats:\n- Set the parameter `owner=true`.\n- Or, set both `username` and `realm_name` to match the user’s identity.\n- Or, if the request is issued by an API key, that is to say an API key invalidates itself, specify its ID in the `ids` field.", "operationId": "security-invalidate-api-key", "requestBody": { "content": { @@ -16881,8 +16881,11 @@ "tags": [ "security" ], - "summary": "Create or update roles API", - "description": "Create or update roles in the native realm.", + "summary": "Create or update roles", + "description": "The role management APIs are generally the preferred way to manage roles in the native realm, rather than using file-based role management.\nThe create or update roles API cannot update roles that are defined in roles files.", + "externalDocs": { + "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/defining-roles.html" + }, "operationId": "security-put-role", "parameters": [ { @@ -16905,8 +16908,11 @@ "tags": [ "security" ], - "summary": "Create or update roles API", - "description": "Create or update roles in the native realm.", + "summary": "Create or update roles", + "description": "The role management APIs are generally the preferred way to manage roles in the native realm, rather than using file-based role management.\nThe create or update roles API cannot update roles that are defined in roles files.", + "externalDocs": { + "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/defining-roles.html" + }, "operationId": "security-put-role-1", "parameters": [ { @@ -17039,7 +17045,10 @@ "security" ], "summary": "Check user privileges", - "description": "Determines whether the specified user has a specified list of privileges.", + "description": "Determine whether the specified user has a specified list of privileges.", + "externalDocs": { + "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-privileges.html" + }, "operationId": "security-has-privileges", "requestBody": { "$ref": "#/components/requestBodies/security.has_privileges" @@ -17056,7 +17065,10 @@ "security" ], "summary": "Check user privileges", - "description": "Determines whether the specified user has a specified list of privileges.", + "description": "Determine whether the specified user has a specified list of privileges.", + "externalDocs": { + "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-privileges.html" + }, "operationId": "security-has-privileges-1", "requestBody": { "$ref": "#/components/requestBodies/security.has_privileges" @@ -17075,7 +17087,10 @@ "security" ], "summary": "Check user privileges", - "description": "Determines whether the specified user has a specified list of privileges.", + "description": "Determine whether the specified user has a specified list of privileges.", + "externalDocs": { + "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-privileges.html" + }, "operationId": "security-has-privileges-2", "parameters": [ { @@ -17097,7 +17112,10 @@ "security" ], "summary": "Check user privileges", - "description": "Determines whether the specified user has a specified list of privileges.", + "description": "Determine whether the specified user has a specified list of privileges.", + "externalDocs": { + "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-privileges.html" + }, "operationId": "security-has-privileges-3", "parameters": [ { @@ -17120,8 +17138,8 @@ "tags": [ "security" ], - "summary": "Query API keys", - "description": "Retrieves a paginated list of API keys and their information. You can optionally filter the results with a query.", + "summary": "Find API keys with a query", + "description": "Get a paginated list of API keys and their information. You can optionally filter the results with a query.", "operationId": "security-query-api-keys", "parameters": [ { @@ -17148,8 +17166,8 @@ "tags": [ "security" ], - "summary": "Query API keys", - "description": "Retrieves a paginated list of API keys and their information. You can optionally filter the results with a query.", + "summary": "Find API keys with a query", + "description": "Get a paginated list of API keys and their information. You can optionally filter the results with a query.", "operationId": "security-query-api-keys-1", "parameters": [ { diff --git a/output/schema/schema.json b/output/schema/schema.json index be65f0248b..062bc037c8 100644 --- a/output/schema/schema.json +++ b/output/schema/schema.json @@ -16274,7 +16274,7 @@ "stability": "stable" } }, - "description": "Retrieves security privileges for the logged in user.", + "description": "Get user privileges.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-user-privileges.html", "name": "security.get_user_privileges", "request": { @@ -16309,7 +16309,7 @@ "stability": "stable" } }, - "description": "Retrieves a user's profile using the unique profile ID.", + "description": "Get a user profile.\nGet a user's profile using the unique profile ID.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-user-profile.html", "name": "security.get_user_profile", "privileges": { @@ -16349,7 +16349,7 @@ "stability": "stable" } }, - "description": "Creates an API key on behalf of another user.\nThis API is similar to Create API keys, however it creates the API key for a user that is different than the user that runs the API.\nThe caller must have authentication credentials (either an access token, or a username and password) for the user on whose behalf the API key will be created.\nIt is not possible to use this API to create an API key without that user’s credentials.\nThe user, for whom the authentication credentials is provided, can optionally \"run as\" (impersonate) another user.\nIn this case, the API key will be created on behalf of the impersonated user.\n\nThis API is intended be used by applications that need to create and manage API keys for end users, but cannot guarantee that those users have permission to create API keys on their own behalf.\n\nA successful grant API key API call returns a JSON structure that contains the API key, its unique id, and its name.\nIf applicable, it also returns expiration information for the API key in milliseconds.\n\nBy default, API keys never expire. You can specify expiration information when you create the API keys.", + "description": "Grant an API key.\nCreate an API key on behalf of another user.\nThis API is similar to the create API keys API, however it creates the API key for a user that is different than the user that runs the API.\nThe caller must have authentication credentials (either an access token, or a username and password) for the user on whose behalf the API key will be created.\nIt is not possible to use this API to create an API key without that user’s credentials.\nThe user, for whom the authentication credentials is provided, can optionally \"run as\" (impersonate) another user.\nIn this case, the API key will be created on behalf of the impersonated user.\n\nThis API is intended be used by applications that need to create and manage API keys for end users, but cannot guarantee that those users have permission to create API keys on their own behalf.\n\nA successful grant API key API call returns a JSON structure that contains the API key, its unique id, and its name.\nIf applicable, it also returns expiration information for the API key in milliseconds.\n\nBy default, API keys never expire. You can specify expiration information when you create the API keys.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-grant-api-key.html", "name": "security.grant_api_key", "privileges": { @@ -16392,8 +16392,10 @@ "stability": "stable" } }, - "description": "Check user privileges.\nDetermines whether the specified user has a specified list of privileges.", + "description": "Check user privileges.\nDetermine whether the specified user has a specified list of privileges.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-has-privileges.html", + "extDocId": "security-privileges", + "extDocUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-privileges.html", "name": "security.has_privileges", "request": { "name": "Request", @@ -16438,8 +16440,10 @@ "stability": "stable" } }, - "description": "Determines whether the users associated with the specified profile IDs have all the requested privileges.", + "description": "Check user profile privileges.\nDetermine whether the users associated with the specified user profile IDs have all the requested privileges.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-has-privileges-user-profile.html", + "extDocId": "user-profile", + "extDocUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/user-profile.html", "name": "security.has_privileges_user_profile", "privileges": { "cluster": [ @@ -16482,7 +16486,7 @@ "stability": "stable" } }, - "description": "Invalidate API keys.\nInvalidates one or more API keys.\nThe `manage_api_key` privilege allows deleting any API keys.\nThe `manage_own_api_key` only allows deleting API keys that are owned by the user.\nIn addition, with the `manage_own_api_key` privilege, an invalidation request must be issued in one of the three formats:\n- Set the parameter `owner=true`.\n- Or, set both `username` and `realm_name` to match the user’s identity.\n- Or, if the request is issued by an API key, i.e. an API key invalidates itself, specify its ID in the `ids` field.", + "description": "Invalidate API keys.\nThis API invalidates API keys created by the create API key or grant API key APIs.\nInvalidated API keys fail authentication, but they can still be viewed using the get API key information and query API key information APIs, for at least the configured retention period, until they are automatically deleted.\nThe `manage_api_key` privilege allows deleting any API keys.\nThe `manage_own_api_key` only allows deleting API keys that are owned by the user.\nIn addition, with the `manage_own_api_key` privilege, an invalidation request must be issued in one of the three formats:\n- Set the parameter `owner=true`.\n- Or, set both `username` and `realm_name` to match the user’s identity.\n- Or, if the request is issued by an API key, that is to say an API key invalidates itself, specify its ID in the `ids` field.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-invalidate-api-key.html", "name": "security.invalidate_api_key", "privileges": { @@ -16526,7 +16530,7 @@ "stability": "stable" } }, - "description": "Invalidates one or more access tokens or refresh tokens.", + "description": "Invalidate a token.\nThe access tokens returned by the get token API have a finite period of time for which they are valid.\nAfter that time period, they can no longer be used.\nThe time period is defined by the `xpack.security.authc.token.timeout` setting.\n\nThe refresh tokens returned by the get token API are only valid for 24 hours. They can also be used exactly once.\nIf you want to invalidate one or more access or refresh tokens immediately, use this invalidate token API.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-invalidate-token.html", "name": "security.invalidate_token", "request": { @@ -16648,8 +16652,10 @@ "stability": "stable" } }, - "description": "Adds or updates application privileges.", + "description": "Create or update application privileges.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-privileges.html", + "extDocId": "security-privileges", + "extDocUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-privileges.html", "name": "security.put_privileges", "request": { "name": "Request", @@ -16686,8 +16692,10 @@ "stability": "stable" } }, - "description": "Create or update roles API.\n\nCreate or update roles in the native realm.", + "description": "Create or update roles.\nThe role management APIs are generally the preferred way to manage roles in the native realm, rather than using file-based role management.\nThe create or update roles API cannot update roles that are defined in roles files.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-role.html", + "extDocId": "defining-roles", + "extDocUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/defining-roles.html", "name": "security.put_role", "privileges": { "cluster": [ @@ -16730,8 +16738,10 @@ "stability": "stable" } }, - "description": "Creates and updates role mappings.", + "description": "Create or update role mappings.\nRole mappings define which roles are assigned to each user.\nEach mapping has rules that identify users and a list of roles that are granted to those users.\nThe role mapping APIs are generally the preferred way to manage role mappings rather than using role mapping files. The create or update role mappings API cannot update role mappings that are defined in role mapping files.\n\nThis API does not create roles. Rather, it maps users to existing roles.\nRoles can be created by using the create or update roles API or roles files.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-role-mapping.html", + "extDocId": "mapping-roles", + "extDocUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/mapping-roles.html", "name": "security.put_role_mapping", "request": { "name": "Request", @@ -16764,7 +16774,7 @@ "stability": "stable" } }, - "description": "Adds and updates users in the native realm. These users are commonly referred to as native users.", + "description": "Create or update users.\nA password is required for adding a new user but is optional when updating an existing user.\nTo change a user’s password without updating any other fields, use the change password API.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-user.html", "name": "security.put_user", "request": { @@ -16803,7 +16813,7 @@ "stability": "stable" } }, - "description": "Query API keys.\nRetrieves a paginated list of API keys and their information. You can optionally filter the results with a query.", + "description": "Find API keys with a query.\nGet a paginated list of API keys and their information. You can optionally filter the results with a query.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-query-api-key.html", "name": "security.query_api_keys", "privileges": { @@ -16848,7 +16858,7 @@ "stability": "stable" } }, - "description": "Retrieves roles in a paginated manner. You can optionally filter the results with a query.", + "description": "Find roles with a query.\nGet roles in a paginated manner. You can optionally filter the results with a query.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-query-role.html", "name": "security.query_role", "privileges": { @@ -16892,7 +16902,7 @@ "stability": "stable" } }, - "description": "Retrieves information for Users in a paginated manner. You can optionally filter the results with a query.", + "description": "Find users with a query.\nGet information for users in a paginated manner.\nYou can optionally filter the results with a query.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-query-user.html", "name": "security.query_user", "privileges": { @@ -16936,7 +16946,7 @@ "stability": "stable" } }, - "description": "Submits a SAML Response message to Elasticsearch for consumption.", + "description": "Authenticate SAML.\nSubmits a SAML response message to Elasticsearch for consumption.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-saml-authenticate.html", "name": "security.saml_authenticate", "request": { @@ -16974,7 +16984,7 @@ "stability": "stable" } }, - "description": "Verifies the logout response sent from the SAML IdP.", + "description": "Logout of SAML completely.\nVerifies the logout response sent from the SAML IdP.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-saml-complete-logout.html", "name": "security.saml_complete_logout", "request": { @@ -17012,7 +17022,7 @@ "stability": "stable" } }, - "description": "Submits a SAML LogoutRequest message to Elasticsearch for consumption.", + "description": "Invalidate SAML.\nSubmits a SAML LogoutRequest message to Elasticsearch for consumption.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-saml-invalidate.html", "name": "security.saml_invalidate", "request": { @@ -17050,7 +17060,7 @@ "stability": "stable" } }, - "description": "Submits a request to invalidate an access token and refresh token.", + "description": "Logout of SAML.\nSubmits a request to invalidate an access token and refresh token.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-saml-logout.html", "name": "security.saml_logout", "request": { @@ -17088,7 +17098,7 @@ "stability": "stable" } }, - "description": "Creates a SAML authentication request () as a URL string, based on the configuration of the respective SAML realm in Elasticsearch.", + "description": "Prepare SAML authentication.\nCreates a SAML authentication request (``) as a URL string, based on the configuration of the respective SAML realm in Elasticsearch.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-saml-prepare-authentication.html", "name": "security.saml_prepare_authentication", "request": { @@ -17126,7 +17136,7 @@ "stability": "stable" } }, - "description": "Generate SAML metadata for a SAML 2.0 Service Provider.", + "description": "Create SAML service provider metadata.\nGenerate SAML metadata for a SAML 2.0 Service Provider.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-saml-sp-metadata.html", "name": "security.saml_service_provider_metadata", "request": { @@ -17164,7 +17174,7 @@ "stability": "stable" } }, - "description": "Get suggestions for user profiles that match specified search criteria.", + "description": "Suggest a user profile.\nGet suggestions for user profiles that match specified search criteria.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/master/security-api-suggest-user-profile.html", "name": "security.suggest_user_profiles", "request": { @@ -17302,7 +17312,7 @@ "stability": "stable" } }, - "description": "Updates specific data for the user profile that's associated with the specified unique ID.", + "description": "Update user profile data.\nUpdate specific data for the user profile that is associated with a unique ID.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-update-user-profile-data.html", "name": "security.update_user_profile_data", "privileges": { @@ -191837,7 +191847,7 @@ "body": { "kind": "no_body" }, - "description": "Retrieves security privileges for the logged in user.", + "description": "Get user privileges.", "inherits": { "type": { "name": "RequestBase", @@ -191898,7 +191908,7 @@ } } ], - "specLocation": "security/get_user_privileges/SecurityGetUserPrivilegesRequest.ts#L23-L36" + "specLocation": "security/get_user_privileges/SecurityGetUserPrivilegesRequest.ts#L23-L37" }, { "kind": "response", @@ -192034,7 +192044,7 @@ "body": { "kind": "no_body" }, - "description": "Retrieves a user's profile using the unique profile ID.", + "description": "Get a user profile.\nGet a user's profile using the unique profile ID.", "inherits": { "type": { "name": "RequestBase", @@ -192103,7 +192113,7 @@ } } ], - "specLocation": "security/get_user_profile/Request.ts#L23-L46" + "specLocation": "security/get_user_profile/Request.ts#L23-L47" }, { "kind": "response", @@ -192335,7 +192345,7 @@ } ] }, - "description": "Creates an API key on behalf of another user.\nThis API is similar to Create API keys, however it creates the API key for a user that is different than the user that runs the API.\nThe caller must have authentication credentials (either an access token, or a username and password) for the user on whose behalf the API key will be created.\nIt is not possible to use this API to create an API key without that user’s credentials.\nThe user, for whom the authentication credentials is provided, can optionally \"run as\" (impersonate) another user.\nIn this case, the API key will be created on behalf of the impersonated user.\n\nThis API is intended be used by applications that need to create and manage API keys for end users, but cannot guarantee that those users have permission to create API keys on their own behalf.\n\nA successful grant API key API call returns a JSON structure that contains the API key, its unique id, and its name.\nIf applicable, it also returns expiration information for the API key in milliseconds.\n\nBy default, API keys never expire. You can specify expiration information when you create the API keys.", + "description": "Grant an API key.\nCreate an API key on behalf of another user.\nThis API is similar to the create API keys API, however it creates the API key for a user that is different than the user that runs the API.\nThe caller must have authentication credentials (either an access token, or a username and password) for the user on whose behalf the API key will be created.\nIt is not possible to use this API to create an API key without that user’s credentials.\nThe user, for whom the authentication credentials is provided, can optionally \"run as\" (impersonate) another user.\nIn this case, the API key will be created on behalf of the impersonated user.\n\nThis API is intended be used by applications that need to create and manage API keys for end users, but cannot guarantee that those users have permission to create API keys on their own behalf.\n\nA successful grant API key API call returns a JSON structure that contains the API key, its unique id, and its name.\nIf applicable, it also returns expiration information for the API key in milliseconds.\n\nBy default, API keys never expire. You can specify expiration information when you create the API keys.", "inherits": { "type": { "name": "RequestBase", @@ -192348,7 +192358,7 @@ }, "path": [], "query": [], - "specLocation": "security/grant_api_key/SecurityGrantApiKeyRequest.ts#L24-L75" + "specLocation": "security/grant_api_key/SecurityGrantApiKeyRequest.ts#L24-L76" }, { "kind": "response", @@ -192633,7 +192643,7 @@ } ] }, - "description": "Check user privileges.\nDetermines whether the specified user has a specified list of privileges.", + "description": "Check user privileges.\nDetermine whether the specified user has a specified list of privileges.", "inherits": { "type": { "name": "RequestBase", @@ -192659,7 +192669,7 @@ } ], "query": [], - "specLocation": "security/has_privileges/SecurityHasPrivilegesRequest.ts#L25-L44" + "specLocation": "security/has_privileges/SecurityHasPrivilegesRequest.ts#L25-L45" }, { "kind": "type_alias", @@ -192909,7 +192919,7 @@ } ] }, - "description": "Determines whether the users associated with the specified profile IDs have all the requested privileges.", + "description": "Check user profile privileges.\nDetermine whether the users associated with the specified user profile IDs have all the requested privileges.", "inherits": { "type": { "name": "RequestBase", @@ -192922,7 +192932,7 @@ }, "path": [], "query": [], - "specLocation": "security/has_privileges_user_profile/Request.ts#L24-L38" + "specLocation": "security/has_privileges_user_profile/Request.ts#L24-L41" }, { "kind": "response", @@ -193049,7 +193059,7 @@ } ] }, - "description": "Invalidate API keys.\nInvalidates one or more API keys.\nThe `manage_api_key` privilege allows deleting any API keys.\nThe `manage_own_api_key` only allows deleting API keys that are owned by the user.\nIn addition, with the `manage_own_api_key` privilege, an invalidation request must be issued in one of the three formats:\n- Set the parameter `owner=true`.\n- Or, set both `username` and `realm_name` to match the user’s identity.\n- Or, if the request is issued by an API key, i.e. an API key invalidates itself, specify its ID in the `ids` field.", + "description": "Invalidate API keys.\nThis API invalidates API keys created by the create API key or grant API key APIs.\nInvalidated API keys fail authentication, but they can still be viewed using the get API key information and query API key information APIs, for at least the configured retention period, until they are automatically deleted.\nThe `manage_api_key` privilege allows deleting any API keys.\nThe `manage_own_api_key` only allows deleting API keys that are owned by the user.\nIn addition, with the `manage_own_api_key` privilege, an invalidation request must be issued in one of the three formats:\n- Set the parameter `owner=true`.\n- Or, set both `username` and `realm_name` to match the user’s identity.\n- Or, if the request is issued by an API key, that is to say an API key invalidates itself, specify its ID in the `ids` field.", "inherits": { "type": { "name": "RequestBase", @@ -193062,7 +193072,7 @@ }, "path": [], "query": [], - "specLocation": "security/invalidate_api_key/SecurityInvalidateApiKeyRequest.ts#L23-L67" + "specLocation": "security/invalidate_api_key/SecurityInvalidateApiKeyRequest.ts#L23-L68" }, { "kind": "response", @@ -193184,7 +193194,7 @@ } ] }, - "description": "Invalidates one or more access tokens or refresh tokens.", + "description": "Invalidate a token.\nThe access tokens returned by the get token API have a finite period of time for which they are valid.\nAfter that time period, they can no longer be used.\nThe time period is defined by the `xpack.security.authc.token.timeout` setting.\n\nThe refresh tokens returned by the get token API are only valid for 24 hours. They can also be used exactly once.\nIf you want to invalidate one or more access or refresh tokens immediately, use this invalidate token API.", "inherits": { "type": { "name": "RequestBase", @@ -193197,7 +193207,7 @@ }, "path": [], "query": [], - "specLocation": "security/invalidate_token/SecurityInvalidateTokenRequest.ts#L23-L35" + "specLocation": "security/invalidate_token/SecurityInvalidateTokenRequest.ts#L23-L42" }, { "kind": "response", @@ -193354,7 +193364,7 @@ } } }, - "description": "Adds or updates application privileges.", + "description": "Create or update application privileges.", "inherits": { "type": { "name": "RequestBase", @@ -193380,7 +193390,7 @@ } } ], - "specLocation": "security/put_privileges/SecurityPutPrivilegesRequest.ts#L25-L37" + "specLocation": "security/put_privileges/SecurityPutPrivilegesRequest.ts#L25-L38" }, { "kind": "response", @@ -193579,7 +193589,7 @@ } ] }, - "description": "Create or update roles API.\n\nCreate or update roles in the native realm.", + "description": "Create or update roles.\nThe role management APIs are generally the preferred way to manage roles in the native realm, rather than using file-based role management.\nThe create or update roles API cannot update roles that are defined in roles files.", "inherits": { "type": { "name": "RequestBase", @@ -193618,7 +193628,7 @@ } } ], - "specLocation": "security/put_role/SecurityPutRoleRequest.ts#L31-L92" + "specLocation": "security/put_role/SecurityPutRoleRequest.ts#L31-L93" }, { "kind": "response", @@ -193729,7 +193739,7 @@ } ] }, - "description": "Creates and updates role mappings.", + "description": "Create or update role mappings.\nRole mappings define which roles are assigned to each user.\nEach mapping has rules that identify users and a list of roles that are granted to those users.\nThe role mapping APIs are generally the preferred way to manage role mappings rather than using role mapping files. The create or update role mappings API cannot update role mappings that are defined in role mapping files.\n\nThis API does not create roles. Rather, it maps users to existing roles.\nRoles can be created by using the create or update roles API or roles files.", "inherits": { "type": { "name": "RequestBase", @@ -193768,7 +193778,7 @@ } } ], - "specLocation": "security/put_role_mapping/SecurityPutRoleMappingRequest.ts#L25-L47" + "specLocation": "security/put_role_mapping/SecurityPutRoleMappingRequest.ts#L25-L55" }, { "kind": "response", @@ -193930,7 +193940,7 @@ } ] }, - "description": "Adds and updates users in the native realm. These users are commonly referred to as native users.", + "description": "Create or update users.\nA password is required for adding a new user but is optional when updating an existing user.\nTo change a user’s password without updating any other fields, use the change password API.", "inherits": { "type": { "name": "RequestBase", @@ -193969,7 +193979,7 @@ } } ], - "specLocation": "security/put_user/SecurityPutUserRequest.ts#L23-L44" + "specLocation": "security/put_user/SecurityPutUserRequest.ts#L23-L47" }, { "kind": "response", @@ -194675,7 +194685,7 @@ } ] }, - "description": "Query API keys.\nRetrieves a paginated list of API keys and their information. You can optionally filter the results with a query.", + "description": "Find API keys with a query.\nGet a paginated list of API keys and their information. You can optionally filter the results with a query.", "inherits": { "type": { "name": "RequestBase", @@ -194935,7 +194945,7 @@ } ] }, - "description": "Retrieves roles in a paginated manner. You can optionally filter the results with a query.", + "description": "Find roles with a query.\nGet roles in a paginated manner. You can optionally filter the results with a query.", "inherits": { "type": { "name": "RequestBase", @@ -194948,7 +194958,7 @@ }, "path": [], "query": [], - "specLocation": "security/query_role/QueryRolesRequest.ts#L25-L67" + "specLocation": "security/query_role/QueryRolesRequest.ts#L25-L68" }, { "kind": "response", @@ -195326,7 +195336,7 @@ } ] }, - "description": "Retrieves information for Users in a paginated manner. You can optionally filter the results with a query.", + "description": "Find users with a query.\nGet information for users in a paginated manner.\nYou can optionally filter the results with a query.", "inherits": { "type": { "name": "RequestBase", @@ -195352,7 +195362,7 @@ } } ], - "specLocation": "security/query_user/SecurityQueryUserRequest.ts#L25-L72" + "specLocation": "security/query_user/SecurityQueryUserRequest.ts#L25-L74" }, { "kind": "response", @@ -195675,7 +195685,7 @@ } ] }, - "description": "Submits a SAML Response message to Elasticsearch for consumption.", + "description": "Authenticate SAML.\nSubmits a SAML response message to Elasticsearch for consumption.", "inherits": { "type": { "name": "RequestBase", @@ -195688,7 +195698,7 @@ }, "path": [], "query": [], - "specLocation": "security/saml_authenticate/Request.ts#L23-L38" + "specLocation": "security/saml_authenticate/Request.ts#L23-L39" }, { "kind": "response", @@ -195816,7 +195826,7 @@ } ] }, - "description": "Verifies the logout response sent from the SAML IdP.", + "description": "Logout of SAML completely.\nVerifies the logout response sent from the SAML IdP.", "inherits": { "type": { "name": "RequestBase", @@ -195829,7 +195839,7 @@ }, "path": [], "query": [], - "specLocation": "security/saml_complete_logout/Request.ts#L23-L40" + "specLocation": "security/saml_complete_logout/Request.ts#L23-L41" }, { "kind": "response", @@ -195888,7 +195898,7 @@ } ] }, - "description": "Submits a SAML LogoutRequest message to Elasticsearch for consumption.", + "description": "Invalidate SAML.\nSubmits a SAML LogoutRequest message to Elasticsearch for consumption.", "inherits": { "type": { "name": "RequestBase", @@ -195901,7 +195911,7 @@ }, "path": [], "query": [], - "specLocation": "security/saml_invalidate/Request.ts#L22-L43" + "specLocation": "security/saml_invalidate/Request.ts#L22-L44" }, { "kind": "response", @@ -195983,7 +195993,7 @@ } ] }, - "description": "Submits a request to invalidate an access token and refresh token.", + "description": "Logout of SAML.\nSubmits a request to invalidate an access token and refresh token.", "inherits": { "type": { "name": "RequestBase", @@ -195996,7 +196006,7 @@ }, "path": [], "query": [], - "specLocation": "security/saml_logout/Request.ts#L22-L41" + "specLocation": "security/saml_logout/Request.ts#L22-L42" }, { "kind": "response", @@ -196068,7 +196078,7 @@ } ] }, - "description": "Creates a SAML authentication request () as a URL string, based on the configuration of the respective SAML realm in Elasticsearch.", + "description": "Prepare SAML authentication.\nCreates a SAML authentication request (``) as a URL string, based on the configuration of the respective SAML realm in Elasticsearch.", "inherits": { "type": { "name": "RequestBase", @@ -196081,7 +196091,7 @@ }, "path": [], "query": [], - "specLocation": "security/saml_prepare_authentication/Request.ts#L22-L46" + "specLocation": "security/saml_prepare_authentication/Request.ts#L22-L47" }, { "kind": "response", @@ -196137,7 +196147,7 @@ "body": { "kind": "no_body" }, - "description": "Generate SAML metadata for a SAML 2.0 Service Provider.", + "description": "Create SAML service provider metadata.\nGenerate SAML metadata for a SAML 2.0 Service Provider.", "inherits": { "type": { "name": "RequestBase", @@ -196163,7 +196173,7 @@ } ], "query": [], - "specLocation": "security/saml_service_provider_metadata/Request.ts#L23-L34" + "specLocation": "security/saml_service_provider_metadata/Request.ts#L23-L35" }, { "kind": "response", @@ -196326,7 +196336,7 @@ } ] }, - "description": "Get suggestions for user profiles that match specified search criteria.", + "description": "Suggest a user profile.\nGet suggestions for user profiles that match specified search criteria.", "inherits": { "type": { "name": "RequestBase", @@ -196367,7 +196377,7 @@ } } ], - "specLocation": "security/suggest_user_profiles/Request.ts#L24-L66" + "specLocation": "security/suggest_user_profiles/Request.ts#L24-L67" }, { "kind": "response", @@ -196610,7 +196620,7 @@ } ] }, - "description": "Updates specific data for the user profile that's associated with the specified unique ID.", + "description": "Update user profile data.\nUpdate specific data for the user profile that is associated with a unique ID.", "inherits": { "type": { "name": "RequestBase", @@ -196674,7 +196684,7 @@ } } ], - "specLocation": "security/update_user_profile_data/Request.ts#L27-L70" + "specLocation": "security/update_user_profile_data/Request.ts#L27-L71" }, { "kind": "response", diff --git a/package-lock.json b/package-lock.json index 8bd812f6b6..2323b099fe 100644 --- a/package-lock.json +++ b/package-lock.json @@ -5,7 +5,7 @@ "packages": { "": { "dependencies": { - "@stoplight/spectral-cli": "^6.13.0" + "@stoplight/spectral-cli": "^6.13.1" } }, "node_modules/@asyncapi/specs": { @@ -200,9 +200,9 @@ } }, "node_modules/@stoplight/spectral-cli": { - "version": "6.13.0", - "resolved": "https://registry.npmjs.org/@stoplight/spectral-cli/-/spectral-cli-6.13.0.tgz", - "integrity": "sha512-qofxmVN4czNNJdfq0OB8Qj1ihpIhyR0IgyQpJFda9FvWWn9vJqDuIsoGKWP7xIHwv3E31q3iviDIX3Ejy9tNcg==", + "version": "6.13.1", + "resolved": "https://registry.npmjs.org/@stoplight/spectral-cli/-/spectral-cli-6.13.1.tgz", + "integrity": "sha512-v6ipX4w6wRhtbOotwdPL7RrEkP0m1OwHTIyqzVrAPi932F/zkee24jmf1CHNrTynonmfGoU6/XpeqUHtQdKDFw==", "license": "Apache-2.0", "dependencies": { "@stoplight/json": "~3.21.0", diff --git a/package.json b/package.json index e936d7f831..0d26b9a7ed 100644 --- a/package.json +++ b/package.json @@ -1,5 +1,5 @@ { "dependencies": { - "@stoplight/spectral-cli": "^6.13.0" + "@stoplight/spectral-cli": "^6.13.1" } } diff --git a/specification/_doc_ids/table.csv b/specification/_doc_ids/table.csv index a6c7d7e2fb..77ca36ffbb 100644 --- a/specification/_doc_ids/table.csv +++ b/specification/_doc_ids/table.csv @@ -111,7 +111,7 @@ data-stream-path-param,https://www.elastic.co/guide/en/elasticsearch/reference/{ data-streams,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/data-streams.html date-index-name-processor,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/date-index-name-processor.html dcg,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/search-rank-eval.html#_discounted_cumulative_gain_dcg -defining-roles,https://www.elastic.co/guide/en/elasticsearch/reference/master/defining-roles.html +defining-roles,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/defining-roles.html delete-async-sql-search-api,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/delete-async-sql-search-api.html delete-enrich-policy-api,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/delete-enrich-policy-api.html delete-license,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/delete-license.html @@ -259,6 +259,7 @@ lowercase-processor,https://www.elastic.co/guide/en/elasticsearch/reference/{bra mapping-date-format,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/mapping-date-format.html mapping-meta-field,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/mapping-meta-field.html mapping-metadata,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/mapping-fields.html +mapping-roles,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/mapping-roles.html mapping-settings-limit,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/mapping-settings-limit.html mapping-source-field,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/mapping-source-field.html mapping,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/mapping.html @@ -570,6 +571,7 @@ security-api-saml-logout,https://www.elastic.co/guide/en/elasticsearch/reference security-api-saml-prepare-authentication,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-saml-prepare-authentication.html security-api-saml-sp-metadata,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-saml-sp-metadata.html security-api-ssl,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-ssl.html +security-privileges,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-privileges.html service-accounts,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/service-accounts.html set-processor,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/set-processor.html shape,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/shape.html From ce08445006b8f111b529d9c63e4e58c042bc0598 Mon Sep 17 00:00:00 2001 From: lcawl Date: Mon, 21 Oct 2024 14:56:02 -0700 Subject: [PATCH 3/5] Reset package lock files --- compiler/package-lock.json | 10 +++------- package-lock.json | 8 ++++---- package.json | 2 +- 3 files changed, 8 insertions(+), 12 deletions(-) diff --git a/compiler/package-lock.json b/compiler/package-lock.json index 56c687fd0d..ed183152ca 100644 --- a/compiler/package-lock.json +++ b/compiler/package-lock.json @@ -33,10 +33,6 @@ "node": ">=14" } }, - "../compiler-rs/compiler-wasm-lib/pkg": { - "name": "compiler-wasm-lib", - "version": "0.1.0" - }, "node_modules/@babel/code-frame": { "version": "7.12.11", "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.12.11.tgz", @@ -1544,8 +1540,8 @@ "dev": true }, "node_modules/compiler-wasm-lib": { - "resolved": "../compiler-rs/compiler-wasm-lib/pkg", - "link": true + "version": "0.1.0", + "resolved": "file:../compiler-rs/compiler-wasm-lib/pkg" }, "node_modules/concat-map": { "version": "0.0.1", @@ -6488,7 +6484,7 @@ "dev": true }, "compiler-wasm-lib": { - "version": "file:../compiler-rs/compiler-wasm-lib/pkg" + "version": "0.1.0" }, "concat-map": { "version": "0.0.1", diff --git a/package-lock.json b/package-lock.json index 2323b099fe..8bd812f6b6 100644 --- a/package-lock.json +++ b/package-lock.json @@ -5,7 +5,7 @@ "packages": { "": { "dependencies": { - "@stoplight/spectral-cli": "^6.13.1" + "@stoplight/spectral-cli": "^6.13.0" } }, "node_modules/@asyncapi/specs": { @@ -200,9 +200,9 @@ } }, "node_modules/@stoplight/spectral-cli": { - "version": "6.13.1", - "resolved": "https://registry.npmjs.org/@stoplight/spectral-cli/-/spectral-cli-6.13.1.tgz", - "integrity": "sha512-v6ipX4w6wRhtbOotwdPL7RrEkP0m1OwHTIyqzVrAPi932F/zkee24jmf1CHNrTynonmfGoU6/XpeqUHtQdKDFw==", + "version": "6.13.0", + "resolved": "https://registry.npmjs.org/@stoplight/spectral-cli/-/spectral-cli-6.13.0.tgz", + "integrity": "sha512-qofxmVN4czNNJdfq0OB8Qj1ihpIhyR0IgyQpJFda9FvWWn9vJqDuIsoGKWP7xIHwv3E31q3iviDIX3Ejy9tNcg==", "license": "Apache-2.0", "dependencies": { "@stoplight/json": "~3.21.0", diff --git a/package.json b/package.json index 0d26b9a7ed..e936d7f831 100644 --- a/package.json +++ b/package.json @@ -1,5 +1,5 @@ { "dependencies": { - "@stoplight/spectral-cli": "^6.13.1" + "@stoplight/spectral-cli": "^6.13.0" } } From 7c297346d9e85f588cacebd79d563ed430fd5426 Mon Sep 17 00:00:00 2001 From: lcawl Date: Mon, 21 Oct 2024 14:58:48 -0700 Subject: [PATCH 4/5] Fix code style --- .../security/invalidate_token/SecurityInvalidateTokenRequest.ts | 2 +- .../security/put_role_mapping/SecurityPutRoleMappingRequest.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/specification/security/invalidate_token/SecurityInvalidateTokenRequest.ts b/specification/security/invalidate_token/SecurityInvalidateTokenRequest.ts index 4a8ee85864..f073c576f3 100644 --- a/specification/security/invalidate_token/SecurityInvalidateTokenRequest.ts +++ b/specification/security/invalidate_token/SecurityInvalidateTokenRequest.ts @@ -25,7 +25,7 @@ import { Name, Username } from '@_types/common' * The access tokens returned by the get token API have a finite period of time for which they are valid. * After that time period, they can no longer be used. * The time period is defined by the `xpack.security.authc.token.timeout` setting. - * + * * The refresh tokens returned by the get token API are only valid for 24 hours. They can also be used exactly once. * If you want to invalidate one or more access or refresh tokens immediately, use this invalidate token API. * @rest_spec_name security.invalidate_token diff --git a/specification/security/put_role_mapping/SecurityPutRoleMappingRequest.ts b/specification/security/put_role_mapping/SecurityPutRoleMappingRequest.ts index 24c79b84c8..47577e8448 100644 --- a/specification/security/put_role_mapping/SecurityPutRoleMappingRequest.ts +++ b/specification/security/put_role_mapping/SecurityPutRoleMappingRequest.ts @@ -27,7 +27,7 @@ import { Metadata, Name, Refresh } from '@_types/common' * Role mappings define which roles are assigned to each user. * Each mapping has rules that identify users and a list of roles that are granted to those users. * The role mapping APIs are generally the preferred way to manage role mappings rather than using role mapping files. The create or update role mappings API cannot update role mappings that are defined in role mapping files. - * + * * This API does not create roles. Rather, it maps users to existing roles. * Roles can be created by using the create or update roles API or roles files. * @rest_spec_name security.put_role_mapping From 304227bbd6cc1e6360b82264ada0dc409ca932f8 Mon Sep 17 00:00:00 2001 From: lcawl Date: Tue, 22 Oct 2024 14:39:07 -0700 Subject: [PATCH 5/5] Edit whitespace; regenerate output --- output/openapi/elasticsearch-openapi.json | 4 +- .../elasticsearch-serverless-openapi.json | 4 +- output/schema/schema.json | 126 +++++++++--------- .../security/get_user_profile/Request.ts | 1 + .../SecurityGrantApiKeyRequest.ts | 1 + .../SecurityHasPrivilegesRequest.ts | 1 + .../has_privileges_user_profile/Request.ts | 1 + .../SecurityInvalidateApiKeyRequest.ts | 1 + .../SecurityInvalidateTokenRequest.ts | 1 + .../put_role/SecurityPutRoleRequest.ts | 2 + .../SecurityPutRoleMappingRequest.ts | 1 + .../put_user/SecurityPutUserRequest.ts | 1 + .../query_api_keys/QueryApiKeysRequest.ts | 1 + .../security/query_role/QueryRolesRequest.ts | 1 + .../query_user/SecurityQueryUserRequest.ts | 1 + .../security/saml_authenticate/Request.ts | 1 + .../security/saml_complete_logout/Request.ts | 1 + .../security/saml_invalidate/Request.ts | 1 + specification/security/saml_logout/Request.ts | 1 + .../saml_prepare_authentication/Request.ts | 1 + .../saml_service_provider_metadata/Request.ts | 1 + .../security/suggest_user_profiles/Request.ts | 1 + .../security/update_api_key/Request.ts | 1 + .../update_user_profile_data/Request.ts | 1 + 24 files changed, 89 insertions(+), 67 deletions(-) diff --git a/output/openapi/elasticsearch-openapi.json b/output/openapi/elasticsearch-openapi.json index eb1cffde85..be06e8e079 100644 --- a/output/openapi/elasticsearch-openapi.json +++ b/output/openapi/elasticsearch-openapi.json @@ -28030,7 +28030,7 @@ "security" ], "summary": "Create or update roles", - "description": "The role management APIs are generally the preferred way to manage roles in the native realm, rather than using file-based role management.\nThe create or update roles API cannot update roles that are defined in roles files.", + "description": "The role management APIs are generally the preferred way to manage roles in the native realm, rather than using file-based role management.\nThe create or update roles API cannot update roles that are defined in roles files.\nFile-based role management is not available in Elastic Serverless.", "externalDocs": { "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/defining-roles.html" }, @@ -28057,7 +28057,7 @@ "security" ], "summary": "Create or update roles", - "description": "The role management APIs are generally the preferred way to manage roles in the native realm, rather than using file-based role management.\nThe create or update roles API cannot update roles that are defined in roles files.", + "description": "The role management APIs are generally the preferred way to manage roles in the native realm, rather than using file-based role management.\nThe create or update roles API cannot update roles that are defined in roles files.\nFile-based role management is not available in Elastic Serverless.", "externalDocs": { "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/defining-roles.html" }, diff --git a/output/openapi/elasticsearch-serverless-openapi.json b/output/openapi/elasticsearch-serverless-openapi.json index 484403ffbd..2e4c9f2fa5 100644 --- a/output/openapi/elasticsearch-serverless-openapi.json +++ b/output/openapi/elasticsearch-serverless-openapi.json @@ -16875,7 +16875,7 @@ "security" ], "summary": "Create or update roles", - "description": "The role management APIs are generally the preferred way to manage roles in the native realm, rather than using file-based role management.\nThe create or update roles API cannot update roles that are defined in roles files.", + "description": "The role management APIs are generally the preferred way to manage roles in the native realm, rather than using file-based role management.\nThe create or update roles API cannot update roles that are defined in roles files.\nFile-based role management is not available in Elastic Serverless.", "externalDocs": { "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/defining-roles.html" }, @@ -16902,7 +16902,7 @@ "security" ], "summary": "Create or update roles", - "description": "The role management APIs are generally the preferred way to manage roles in the native realm, rather than using file-based role management.\nThe create or update roles API cannot update roles that are defined in roles files.", + "description": "The role management APIs are generally the preferred way to manage roles in the native realm, rather than using file-based role management.\nThe create or update roles API cannot update roles that are defined in roles files.\nFile-based role management is not available in Elastic Serverless.", "externalDocs": { "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/defining-roles.html" }, diff --git a/output/schema/schema.json b/output/schema/schema.json index 6d92b7a141..09518e42d5 100644 --- a/output/schema/schema.json +++ b/output/schema/schema.json @@ -16327,7 +16327,7 @@ "stability": "stable" } }, - "description": "Get a user profile.\nGet a user's profile using the unique profile ID.", + "description": "Get a user profile.\n\nGet a user's profile using the unique profile ID.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-user-profile.html", "name": "security.get_user_profile", "privileges": { @@ -16367,7 +16367,7 @@ "stability": "stable" } }, - "description": "Grant an API key.\nCreate an API key on behalf of another user.\nThis API is similar to the create API keys API, however it creates the API key for a user that is different than the user that runs the API.\nThe caller must have authentication credentials (either an access token, or a username and password) for the user on whose behalf the API key will be created.\nIt is not possible to use this API to create an API key without that user’s credentials.\nThe user, for whom the authentication credentials is provided, can optionally \"run as\" (impersonate) another user.\nIn this case, the API key will be created on behalf of the impersonated user.\n\nThis API is intended be used by applications that need to create and manage API keys for end users, but cannot guarantee that those users have permission to create API keys on their own behalf.\n\nA successful grant API key API call returns a JSON structure that contains the API key, its unique id, and its name.\nIf applicable, it also returns expiration information for the API key in milliseconds.\n\nBy default, API keys never expire. You can specify expiration information when you create the API keys.", + "description": "Grant an API key.\n\nCreate an API key on behalf of another user.\nThis API is similar to the create API keys API, however it creates the API key for a user that is different than the user that runs the API.\nThe caller must have authentication credentials (either an access token, or a username and password) for the user on whose behalf the API key will be created.\nIt is not possible to use this API to create an API key without that user’s credentials.\nThe user, for whom the authentication credentials is provided, can optionally \"run as\" (impersonate) another user.\nIn this case, the API key will be created on behalf of the impersonated user.\n\nThis API is intended be used by applications that need to create and manage API keys for end users, but cannot guarantee that those users have permission to create API keys on their own behalf.\n\nA successful grant API key API call returns a JSON structure that contains the API key, its unique id, and its name.\nIf applicable, it also returns expiration information for the API key in milliseconds.\n\nBy default, API keys never expire. You can specify expiration information when you create the API keys.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-grant-api-key.html", "name": "security.grant_api_key", "privileges": { @@ -16410,7 +16410,7 @@ "stability": "stable" } }, - "description": "Check user privileges.\nDetermine whether the specified user has a specified list of privileges.", + "description": "Check user privileges.\n\nDetermine whether the specified user has a specified list of privileges.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-has-privileges.html", "extDocId": "security-privileges", "extDocUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-privileges.html", @@ -16458,7 +16458,7 @@ "stability": "stable" } }, - "description": "Check user profile privileges.\nDetermine whether the users associated with the specified user profile IDs have all the requested privileges.", + "description": "Check user profile privileges.\n\nDetermine whether the users associated with the specified user profile IDs have all the requested privileges.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-has-privileges-user-profile.html", "extDocId": "user-profile", "extDocUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/user-profile.html", @@ -16504,7 +16504,7 @@ "stability": "stable" } }, - "description": "Invalidate API keys.\nThis API invalidates API keys created by the create API key or grant API key APIs.\nInvalidated API keys fail authentication, but they can still be viewed using the get API key information and query API key information APIs, for at least the configured retention period, until they are automatically deleted.\nThe `manage_api_key` privilege allows deleting any API keys.\nThe `manage_own_api_key` only allows deleting API keys that are owned by the user.\nIn addition, with the `manage_own_api_key` privilege, an invalidation request must be issued in one of the three formats:\n- Set the parameter `owner=true`.\n- Or, set both `username` and `realm_name` to match the user’s identity.\n- Or, if the request is issued by an API key, that is to say an API key invalidates itself, specify its ID in the `ids` field.", + "description": "Invalidate API keys.\n\nThis API invalidates API keys created by the create API key or grant API key APIs.\nInvalidated API keys fail authentication, but they can still be viewed using the get API key information and query API key information APIs, for at least the configured retention period, until they are automatically deleted.\nThe `manage_api_key` privilege allows deleting any API keys.\nThe `manage_own_api_key` only allows deleting API keys that are owned by the user.\nIn addition, with the `manage_own_api_key` privilege, an invalidation request must be issued in one of the three formats:\n- Set the parameter `owner=true`.\n- Or, set both `username` and `realm_name` to match the user’s identity.\n- Or, if the request is issued by an API key, that is to say an API key invalidates itself, specify its ID in the `ids` field.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-invalidate-api-key.html", "name": "security.invalidate_api_key", "privileges": { @@ -16548,7 +16548,7 @@ "stability": "stable" } }, - "description": "Invalidate a token.\nThe access tokens returned by the get token API have a finite period of time for which they are valid.\nAfter that time period, they can no longer be used.\nThe time period is defined by the `xpack.security.authc.token.timeout` setting.\n\nThe refresh tokens returned by the get token API are only valid for 24 hours. They can also be used exactly once.\nIf you want to invalidate one or more access or refresh tokens immediately, use this invalidate token API.", + "description": "Invalidate a token.\n\nThe access tokens returned by the get token API have a finite period of time for which they are valid.\nAfter that time period, they can no longer be used.\nThe time period is defined by the `xpack.security.authc.token.timeout` setting.\n\nThe refresh tokens returned by the get token API are only valid for 24 hours. They can also be used exactly once.\nIf you want to invalidate one or more access or refresh tokens immediately, use this invalidate token API.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-invalidate-token.html", "name": "security.invalidate_token", "request": { @@ -16710,7 +16710,7 @@ "stability": "stable" } }, - "description": "Create or update roles.\nThe role management APIs are generally the preferred way to manage roles in the native realm, rather than using file-based role management.\nThe create or update roles API cannot update roles that are defined in roles files.", + "description": "Create or update roles.\n\nThe role management APIs are generally the preferred way to manage roles in the native realm, rather than using file-based role management.\nThe create or update roles API cannot update roles that are defined in roles files.\nFile-based role management is not available in Elastic Serverless.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-role.html", "extDocId": "defining-roles", "extDocUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/defining-roles.html", @@ -16756,7 +16756,7 @@ "stability": "stable" } }, - "description": "Create or update role mappings.\nRole mappings define which roles are assigned to each user.\nEach mapping has rules that identify users and a list of roles that are granted to those users.\nThe role mapping APIs are generally the preferred way to manage role mappings rather than using role mapping files. The create or update role mappings API cannot update role mappings that are defined in role mapping files.\n\nThis API does not create roles. Rather, it maps users to existing roles.\nRoles can be created by using the create or update roles API or roles files.", + "description": "Create or update role mappings.\n\nRole mappings define which roles are assigned to each user.\nEach mapping has rules that identify users and a list of roles that are granted to those users.\nThe role mapping APIs are generally the preferred way to manage role mappings rather than using role mapping files. The create or update role mappings API cannot update role mappings that are defined in role mapping files.\n\nThis API does not create roles. Rather, it maps users to existing roles.\nRoles can be created by using the create or update roles API or roles files.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-role-mapping.html", "extDocId": "mapping-roles", "extDocUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/mapping-roles.html", @@ -16792,7 +16792,7 @@ "stability": "stable" } }, - "description": "Create or update users.\nA password is required for adding a new user but is optional when updating an existing user.\nTo change a user’s password without updating any other fields, use the change password API.", + "description": "Create or update users.\n\nA password is required for adding a new user but is optional when updating an existing user.\nTo change a user’s password without updating any other fields, use the change password API.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-user.html", "name": "security.put_user", "request": { @@ -16831,7 +16831,7 @@ "stability": "stable" } }, - "description": "Find API keys with a query.\nGet a paginated list of API keys and their information. You can optionally filter the results with a query.", + "description": "Find API keys with a query.\n\nGet a paginated list of API keys and their information. You can optionally filter the results with a query.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-query-api-key.html", "name": "security.query_api_keys", "privileges": { @@ -16876,7 +16876,7 @@ "stability": "stable" } }, - "description": "Find roles with a query.\nGet roles in a paginated manner. You can optionally filter the results with a query.", + "description": "Find roles with a query.\n\nGet roles in a paginated manner. You can optionally filter the results with a query.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-query-role.html", "name": "security.query_role", "privileges": { @@ -16920,7 +16920,7 @@ "stability": "stable" } }, - "description": "Find users with a query.\nGet information for users in a paginated manner.\nYou can optionally filter the results with a query.", + "description": "Find users with a query.\n\nGet information for users in a paginated manner.\nYou can optionally filter the results with a query.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-query-user.html", "name": "security.query_user", "privileges": { @@ -16964,7 +16964,7 @@ "stability": "stable" } }, - "description": "Authenticate SAML.\nSubmits a SAML response message to Elasticsearch for consumption.", + "description": "Authenticate SAML.\n\nSubmits a SAML response message to Elasticsearch for consumption.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-saml-authenticate.html", "name": "security.saml_authenticate", "request": { @@ -17002,7 +17002,7 @@ "stability": "stable" } }, - "description": "Logout of SAML completely.\nVerifies the logout response sent from the SAML IdP.", + "description": "Logout of SAML completely.\n\nVerifies the logout response sent from the SAML IdP.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-saml-complete-logout.html", "name": "security.saml_complete_logout", "request": { @@ -17040,7 +17040,7 @@ "stability": "stable" } }, - "description": "Invalidate SAML.\nSubmits a SAML LogoutRequest message to Elasticsearch for consumption.", + "description": "Invalidate SAML.\n\nSubmits a SAML LogoutRequest message to Elasticsearch for consumption.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-saml-invalidate.html", "name": "security.saml_invalidate", "request": { @@ -17078,7 +17078,7 @@ "stability": "stable" } }, - "description": "Logout of SAML.\nSubmits a request to invalidate an access token and refresh token.", + "description": "Logout of SAML.\n\nSubmits a request to invalidate an access token and refresh token.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-saml-logout.html", "name": "security.saml_logout", "request": { @@ -17116,7 +17116,7 @@ "stability": "stable" } }, - "description": "Prepare SAML authentication.\nCreates a SAML authentication request (``) as a URL string, based on the configuration of the respective SAML realm in Elasticsearch.", + "description": "Prepare SAML authentication.\n\nCreates a SAML authentication request (``) as a URL string, based on the configuration of the respective SAML realm in Elasticsearch.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-saml-prepare-authentication.html", "name": "security.saml_prepare_authentication", "request": { @@ -17154,7 +17154,7 @@ "stability": "stable" } }, - "description": "Create SAML service provider metadata.\nGenerate SAML metadata for a SAML 2.0 Service Provider.", + "description": "Create SAML service provider metadata.\n\nGenerate SAML metadata for a SAML 2.0 Service Provider.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-saml-sp-metadata.html", "name": "security.saml_service_provider_metadata", "request": { @@ -17192,7 +17192,7 @@ "stability": "stable" } }, - "description": "Suggest a user profile.\nGet suggestions for user profiles that match specified search criteria.", + "description": "Suggest a user profile.\n\nGet suggestions for user profiles that match specified search criteria.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/master/security-api-suggest-user-profile.html", "name": "security.suggest_user_profiles", "request": { @@ -17231,7 +17231,7 @@ "stability": "stable" } }, - "description": "Update an API key.\nUpdates attributes of an existing API key.\nUsers can only update API keys that they created or that were granted to them.\nUse this API to update API keys created by the create API Key or grant API Key APIs.\nIf you need to apply the same update to many API keys, you can use bulk update API Keys to reduce overhead.\nIt’s not possible to update expired API keys, or API keys that have been invalidated by invalidate API Key.\nThis API supports updates to an API key’s access scope and metadata.\nThe access scope of an API key is derived from the `role_descriptors` you specify in the request, and a snapshot of the owner user’s permissions at the time of the request.\nThe snapshot of the owner’s permissions is updated automatically on every call.\nIf you don’t specify `role_descriptors` in the request, a call to this API might still change the API key’s access scope.\nThis change can occur if the owner user’s permissions have changed since the API key was created or last modified.\nTo update another user’s API key, use the `run_as` feature to submit a request on behalf of another user.\nIMPORTANT: It’s not possible to use an API key as the authentication credential for this API.\nTo update an API key, the owner user’s credentials are required.", + "description": "Update an API key.\n\nUpdates attributes of an existing API key.\nUsers can only update API keys that they created or that were granted to them.\nUse this API to update API keys created by the create API Key or grant API Key APIs.\nIf you need to apply the same update to many API keys, you can use bulk update API Keys to reduce overhead.\nIt’s not possible to update expired API keys, or API keys that have been invalidated by invalidate API Key.\nThis API supports updates to an API key’s access scope and metadata.\nThe access scope of an API key is derived from the `role_descriptors` you specify in the request, and a snapshot of the owner user’s permissions at the time of the request.\nThe snapshot of the owner’s permissions is updated automatically on every call.\nIf you don’t specify `role_descriptors` in the request, a call to this API might still change the API key’s access scope.\nThis change can occur if the owner user’s permissions have changed since the API key was created or last modified.\nTo update another user’s API key, use the `run_as` feature to submit a request on behalf of another user.\nIMPORTANT: It’s not possible to use an API key as the authentication credential for this API.\nTo update an API key, the owner user’s credentials are required.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-update-api-key.html", "name": "security.update_api_key", "privileges": { @@ -17330,7 +17330,7 @@ "stability": "stable" } }, - "description": "Update user profile data.\nUpdate specific data for the user profile that is associated with a unique ID.", + "description": "Update user profile data.\n\nUpdate specific data for the user profile that is associated with a unique ID.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-update-user-profile-data.html", "name": "security.update_user_profile_data", "privileges": { @@ -192311,7 +192311,7 @@ "body": { "kind": "no_body" }, - "description": "Get a user profile.\nGet a user's profile using the unique profile ID.", + "description": "Get a user profile.\n\nGet a user's profile using the unique profile ID.", "inherits": { "type": { "name": "RequestBase", @@ -192380,7 +192380,7 @@ } } ], - "specLocation": "security/get_user_profile/Request.ts#L23-L47" + "specLocation": "security/get_user_profile/Request.ts#L23-L48" }, { "kind": "response", @@ -192612,7 +192612,7 @@ } ] }, - "description": "Grant an API key.\nCreate an API key on behalf of another user.\nThis API is similar to the create API keys API, however it creates the API key for a user that is different than the user that runs the API.\nThe caller must have authentication credentials (either an access token, or a username and password) for the user on whose behalf the API key will be created.\nIt is not possible to use this API to create an API key without that user’s credentials.\nThe user, for whom the authentication credentials is provided, can optionally \"run as\" (impersonate) another user.\nIn this case, the API key will be created on behalf of the impersonated user.\n\nThis API is intended be used by applications that need to create and manage API keys for end users, but cannot guarantee that those users have permission to create API keys on their own behalf.\n\nA successful grant API key API call returns a JSON structure that contains the API key, its unique id, and its name.\nIf applicable, it also returns expiration information for the API key in milliseconds.\n\nBy default, API keys never expire. You can specify expiration information when you create the API keys.", + "description": "Grant an API key.\n\nCreate an API key on behalf of another user.\nThis API is similar to the create API keys API, however it creates the API key for a user that is different than the user that runs the API.\nThe caller must have authentication credentials (either an access token, or a username and password) for the user on whose behalf the API key will be created.\nIt is not possible to use this API to create an API key without that user’s credentials.\nThe user, for whom the authentication credentials is provided, can optionally \"run as\" (impersonate) another user.\nIn this case, the API key will be created on behalf of the impersonated user.\n\nThis API is intended be used by applications that need to create and manage API keys for end users, but cannot guarantee that those users have permission to create API keys on their own behalf.\n\nA successful grant API key API call returns a JSON structure that contains the API key, its unique id, and its name.\nIf applicable, it also returns expiration information for the API key in milliseconds.\n\nBy default, API keys never expire. You can specify expiration information when you create the API keys.", "inherits": { "type": { "name": "RequestBase", @@ -192625,7 +192625,7 @@ }, "path": [], "query": [], - "specLocation": "security/grant_api_key/SecurityGrantApiKeyRequest.ts#L24-L76" + "specLocation": "security/grant_api_key/SecurityGrantApiKeyRequest.ts#L24-L77" }, { "kind": "response", @@ -192910,7 +192910,7 @@ } ] }, - "description": "Check user privileges.\nDetermine whether the specified user has a specified list of privileges.", + "description": "Check user privileges.\n\nDetermine whether the specified user has a specified list of privileges.", "inherits": { "type": { "name": "RequestBase", @@ -192936,7 +192936,7 @@ } ], "query": [], - "specLocation": "security/has_privileges/SecurityHasPrivilegesRequest.ts#L25-L45" + "specLocation": "security/has_privileges/SecurityHasPrivilegesRequest.ts#L25-L46" }, { "kind": "type_alias", @@ -193186,7 +193186,7 @@ } ] }, - "description": "Check user profile privileges.\nDetermine whether the users associated with the specified user profile IDs have all the requested privileges.", + "description": "Check user profile privileges.\n\nDetermine whether the users associated with the specified user profile IDs have all the requested privileges.", "inherits": { "type": { "name": "RequestBase", @@ -193199,7 +193199,7 @@ }, "path": [], "query": [], - "specLocation": "security/has_privileges_user_profile/Request.ts#L24-L41" + "specLocation": "security/has_privileges_user_profile/Request.ts#L24-L42" }, { "kind": "response", @@ -193326,7 +193326,7 @@ } ] }, - "description": "Invalidate API keys.\nThis API invalidates API keys created by the create API key or grant API key APIs.\nInvalidated API keys fail authentication, but they can still be viewed using the get API key information and query API key information APIs, for at least the configured retention period, until they are automatically deleted.\nThe `manage_api_key` privilege allows deleting any API keys.\nThe `manage_own_api_key` only allows deleting API keys that are owned by the user.\nIn addition, with the `manage_own_api_key` privilege, an invalidation request must be issued in one of the three formats:\n- Set the parameter `owner=true`.\n- Or, set both `username` and `realm_name` to match the user’s identity.\n- Or, if the request is issued by an API key, that is to say an API key invalidates itself, specify its ID in the `ids` field.", + "description": "Invalidate API keys.\n\nThis API invalidates API keys created by the create API key or grant API key APIs.\nInvalidated API keys fail authentication, but they can still be viewed using the get API key information and query API key information APIs, for at least the configured retention period, until they are automatically deleted.\nThe `manage_api_key` privilege allows deleting any API keys.\nThe `manage_own_api_key` only allows deleting API keys that are owned by the user.\nIn addition, with the `manage_own_api_key` privilege, an invalidation request must be issued in one of the three formats:\n- Set the parameter `owner=true`.\n- Or, set both `username` and `realm_name` to match the user’s identity.\n- Or, if the request is issued by an API key, that is to say an API key invalidates itself, specify its ID in the `ids` field.", "inherits": { "type": { "name": "RequestBase", @@ -193339,7 +193339,7 @@ }, "path": [], "query": [], - "specLocation": "security/invalidate_api_key/SecurityInvalidateApiKeyRequest.ts#L23-L68" + "specLocation": "security/invalidate_api_key/SecurityInvalidateApiKeyRequest.ts#L23-L69" }, { "kind": "response", @@ -193461,7 +193461,7 @@ } ] }, - "description": "Invalidate a token.\nThe access tokens returned by the get token API have a finite period of time for which they are valid.\nAfter that time period, they can no longer be used.\nThe time period is defined by the `xpack.security.authc.token.timeout` setting.\n\nThe refresh tokens returned by the get token API are only valid for 24 hours. They can also be used exactly once.\nIf you want to invalidate one or more access or refresh tokens immediately, use this invalidate token API.", + "description": "Invalidate a token.\n\nThe access tokens returned by the get token API have a finite period of time for which they are valid.\nAfter that time period, they can no longer be used.\nThe time period is defined by the `xpack.security.authc.token.timeout` setting.\n\nThe refresh tokens returned by the get token API are only valid for 24 hours. They can also be used exactly once.\nIf you want to invalidate one or more access or refresh tokens immediately, use this invalidate token API.", "inherits": { "type": { "name": "RequestBase", @@ -193474,7 +193474,7 @@ }, "path": [], "query": [], - "specLocation": "security/invalidate_token/SecurityInvalidateTokenRequest.ts#L23-L42" + "specLocation": "security/invalidate_token/SecurityInvalidateTokenRequest.ts#L23-L43" }, { "kind": "response", @@ -193856,7 +193856,7 @@ } ] }, - "description": "Create or update roles.\nThe role management APIs are generally the preferred way to manage roles in the native realm, rather than using file-based role management.\nThe create or update roles API cannot update roles that are defined in roles files.", + "description": "Create or update roles.\n\nThe role management APIs are generally the preferred way to manage roles in the native realm, rather than using file-based role management.\nThe create or update roles API cannot update roles that are defined in roles files.\nFile-based role management is not available in Elastic Serverless.", "inherits": { "type": { "name": "RequestBase", @@ -193895,7 +193895,7 @@ } } ], - "specLocation": "security/put_role/SecurityPutRoleRequest.ts#L31-L93" + "specLocation": "security/put_role/SecurityPutRoleRequest.ts#L31-L95" }, { "kind": "response", @@ -194006,7 +194006,7 @@ } ] }, - "description": "Create or update role mappings.\nRole mappings define which roles are assigned to each user.\nEach mapping has rules that identify users and a list of roles that are granted to those users.\nThe role mapping APIs are generally the preferred way to manage role mappings rather than using role mapping files. The create or update role mappings API cannot update role mappings that are defined in role mapping files.\n\nThis API does not create roles. Rather, it maps users to existing roles.\nRoles can be created by using the create or update roles API or roles files.", + "description": "Create or update role mappings.\n\nRole mappings define which roles are assigned to each user.\nEach mapping has rules that identify users and a list of roles that are granted to those users.\nThe role mapping APIs are generally the preferred way to manage role mappings rather than using role mapping files. The create or update role mappings API cannot update role mappings that are defined in role mapping files.\n\nThis API does not create roles. Rather, it maps users to existing roles.\nRoles can be created by using the create or update roles API or roles files.", "inherits": { "type": { "name": "RequestBase", @@ -194045,7 +194045,7 @@ } } ], - "specLocation": "security/put_role_mapping/SecurityPutRoleMappingRequest.ts#L25-L55" + "specLocation": "security/put_role_mapping/SecurityPutRoleMappingRequest.ts#L25-L56" }, { "kind": "response", @@ -194207,7 +194207,7 @@ } ] }, - "description": "Create or update users.\nA password is required for adding a new user but is optional when updating an existing user.\nTo change a user’s password without updating any other fields, use the change password API.", + "description": "Create or update users.\n\nA password is required for adding a new user but is optional when updating an existing user.\nTo change a user’s password without updating any other fields, use the change password API.", "inherits": { "type": { "name": "RequestBase", @@ -194246,7 +194246,7 @@ } } ], - "specLocation": "security/put_user/SecurityPutUserRequest.ts#L23-L47" + "specLocation": "security/put_user/SecurityPutUserRequest.ts#L23-L48" }, { "kind": "response", @@ -194952,7 +194952,7 @@ } ] }, - "description": "Find API keys with a query.\nGet a paginated list of API keys and their information. You can optionally filter the results with a query.", + "description": "Find API keys with a query.\n\nGet a paginated list of API keys and their information. You can optionally filter the results with a query.", "inherits": { "type": { "name": "RequestBase", @@ -195022,7 +195022,7 @@ } } ], - "specLocation": "security/query_api_keys/QueryApiKeysRequest.ts#L26-L100" + "specLocation": "security/query_api_keys/QueryApiKeysRequest.ts#L26-L101" }, { "kind": "response", @@ -195212,7 +195212,7 @@ } ] }, - "description": "Find roles with a query.\nGet roles in a paginated manner. You can optionally filter the results with a query.", + "description": "Find roles with a query.\n\nGet roles in a paginated manner. You can optionally filter the results with a query.", "inherits": { "type": { "name": "RequestBase", @@ -195225,7 +195225,7 @@ }, "path": [], "query": [], - "specLocation": "security/query_role/QueryRolesRequest.ts#L25-L68" + "specLocation": "security/query_role/QueryRolesRequest.ts#L25-L69" }, { "kind": "response", @@ -195603,7 +195603,7 @@ } ] }, - "description": "Find users with a query.\nGet information for users in a paginated manner.\nYou can optionally filter the results with a query.", + "description": "Find users with a query.\n\nGet information for users in a paginated manner.\nYou can optionally filter the results with a query.", "inherits": { "type": { "name": "RequestBase", @@ -195629,7 +195629,7 @@ } } ], - "specLocation": "security/query_user/SecurityQueryUserRequest.ts#L25-L74" + "specLocation": "security/query_user/SecurityQueryUserRequest.ts#L25-L75" }, { "kind": "response", @@ -195952,7 +195952,7 @@ } ] }, - "description": "Authenticate SAML.\nSubmits a SAML response message to Elasticsearch for consumption.", + "description": "Authenticate SAML.\n\nSubmits a SAML response message to Elasticsearch for consumption.", "inherits": { "type": { "name": "RequestBase", @@ -195965,7 +195965,7 @@ }, "path": [], "query": [], - "specLocation": "security/saml_authenticate/Request.ts#L23-L39" + "specLocation": "security/saml_authenticate/Request.ts#L23-L40" }, { "kind": "response", @@ -196093,7 +196093,7 @@ } ] }, - "description": "Logout of SAML completely.\nVerifies the logout response sent from the SAML IdP.", + "description": "Logout of SAML completely.\n\nVerifies the logout response sent from the SAML IdP.", "inherits": { "type": { "name": "RequestBase", @@ -196106,7 +196106,7 @@ }, "path": [], "query": [], - "specLocation": "security/saml_complete_logout/Request.ts#L23-L41" + "specLocation": "security/saml_complete_logout/Request.ts#L23-L42" }, { "kind": "response", @@ -196165,7 +196165,7 @@ } ] }, - "description": "Invalidate SAML.\nSubmits a SAML LogoutRequest message to Elasticsearch for consumption.", + "description": "Invalidate SAML.\n\nSubmits a SAML LogoutRequest message to Elasticsearch for consumption.", "inherits": { "type": { "name": "RequestBase", @@ -196178,7 +196178,7 @@ }, "path": [], "query": [], - "specLocation": "security/saml_invalidate/Request.ts#L22-L44" + "specLocation": "security/saml_invalidate/Request.ts#L22-L45" }, { "kind": "response", @@ -196260,7 +196260,7 @@ } ] }, - "description": "Logout of SAML.\nSubmits a request to invalidate an access token and refresh token.", + "description": "Logout of SAML.\n\nSubmits a request to invalidate an access token and refresh token.", "inherits": { "type": { "name": "RequestBase", @@ -196273,7 +196273,7 @@ }, "path": [], "query": [], - "specLocation": "security/saml_logout/Request.ts#L22-L42" + "specLocation": "security/saml_logout/Request.ts#L22-L43" }, { "kind": "response", @@ -196345,7 +196345,7 @@ } ] }, - "description": "Prepare SAML authentication.\nCreates a SAML authentication request (``) as a URL string, based on the configuration of the respective SAML realm in Elasticsearch.", + "description": "Prepare SAML authentication.\n\nCreates a SAML authentication request (``) as a URL string, based on the configuration of the respective SAML realm in Elasticsearch.", "inherits": { "type": { "name": "RequestBase", @@ -196358,7 +196358,7 @@ }, "path": [], "query": [], - "specLocation": "security/saml_prepare_authentication/Request.ts#L22-L47" + "specLocation": "security/saml_prepare_authentication/Request.ts#L22-L48" }, { "kind": "response", @@ -196414,7 +196414,7 @@ "body": { "kind": "no_body" }, - "description": "Create SAML service provider metadata.\nGenerate SAML metadata for a SAML 2.0 Service Provider.", + "description": "Create SAML service provider metadata.\n\nGenerate SAML metadata for a SAML 2.0 Service Provider.", "inherits": { "type": { "name": "RequestBase", @@ -196440,7 +196440,7 @@ } ], "query": [], - "specLocation": "security/saml_service_provider_metadata/Request.ts#L23-L35" + "specLocation": "security/saml_service_provider_metadata/Request.ts#L23-L36" }, { "kind": "response", @@ -196603,7 +196603,7 @@ } ] }, - "description": "Suggest a user profile.\nGet suggestions for user profiles that match specified search criteria.", + "description": "Suggest a user profile.\n\nGet suggestions for user profiles that match specified search criteria.", "inherits": { "type": { "name": "RequestBase", @@ -196644,7 +196644,7 @@ } } ], - "specLocation": "security/suggest_user_profiles/Request.ts#L24-L67" + "specLocation": "security/suggest_user_profiles/Request.ts#L24-L68" }, { "kind": "response", @@ -196786,7 +196786,7 @@ } ] }, - "description": "Update an API key.\nUpdates attributes of an existing API key.\nUsers can only update API keys that they created or that were granted to them.\nUse this API to update API keys created by the create API Key or grant API Key APIs.\nIf you need to apply the same update to many API keys, you can use bulk update API Keys to reduce overhead.\nIt’s not possible to update expired API keys, or API keys that have been invalidated by invalidate API Key.\nThis API supports updates to an API key’s access scope and metadata.\nThe access scope of an API key is derived from the `role_descriptors` you specify in the request, and a snapshot of the owner user’s permissions at the time of the request.\nThe snapshot of the owner’s permissions is updated automatically on every call.\nIf you don’t specify `role_descriptors` in the request, a call to this API might still change the API key’s access scope.\nThis change can occur if the owner user’s permissions have changed since the API key was created or last modified.\nTo update another user’s API key, use the `run_as` feature to submit a request on behalf of another user.\nIMPORTANT: It’s not possible to use an API key as the authentication credential for this API.\nTo update an API key, the owner user’s credentials are required.", + "description": "Update an API key.\n\nUpdates attributes of an existing API key.\nUsers can only update API keys that they created or that were granted to them.\nUse this API to update API keys created by the create API Key or grant API Key APIs.\nIf you need to apply the same update to many API keys, you can use bulk update API Keys to reduce overhead.\nIt’s not possible to update expired API keys, or API keys that have been invalidated by invalidate API Key.\nThis API supports updates to an API key’s access scope and metadata.\nThe access scope of an API key is derived from the `role_descriptors` you specify in the request, and a snapshot of the owner user’s permissions at the time of the request.\nThe snapshot of the owner’s permissions is updated automatically on every call.\nIf you don’t specify `role_descriptors` in the request, a call to this API might still change the API key’s access scope.\nThis change can occur if the owner user’s permissions have changed since the API key was created or last modified.\nTo update another user’s API key, use the `run_as` feature to submit a request on behalf of another user.\nIMPORTANT: It’s not possible to use an API key as the authentication credential for this API.\nTo update an API key, the owner user’s credentials are required.", "inherits": { "type": { "name": "RequestBase", @@ -196812,7 +196812,7 @@ } ], "query": [], - "specLocation": "security/update_api_key/Request.ts#L26-L66" + "specLocation": "security/update_api_key/Request.ts#L26-L67" }, { "kind": "response", @@ -196887,7 +196887,7 @@ } ] }, - "description": "Update user profile data.\nUpdate specific data for the user profile that is associated with a unique ID.", + "description": "Update user profile data.\n\nUpdate specific data for the user profile that is associated with a unique ID.", "inherits": { "type": { "name": "RequestBase", @@ -196951,7 +196951,7 @@ } } ], - "specLocation": "security/update_user_profile_data/Request.ts#L27-L71" + "specLocation": "security/update_user_profile_data/Request.ts#L27-L72" }, { "kind": "response", diff --git a/specification/security/get_user_profile/Request.ts b/specification/security/get_user_profile/Request.ts index 6b7093f727..81cd5a3a6a 100644 --- a/specification/security/get_user_profile/Request.ts +++ b/specification/security/get_user_profile/Request.ts @@ -22,6 +22,7 @@ import { RequestBase } from '@_types/Base' /** * Get a user profile. + * * Get a user's profile using the unique profile ID. * @rest_spec_name security.get_user_profile * @availability stack since=8.2.0 stability=stable diff --git a/specification/security/grant_api_key/SecurityGrantApiKeyRequest.ts b/specification/security/grant_api_key/SecurityGrantApiKeyRequest.ts index 1ef84eedf1..30e7478208 100644 --- a/specification/security/grant_api_key/SecurityGrantApiKeyRequest.ts +++ b/specification/security/grant_api_key/SecurityGrantApiKeyRequest.ts @@ -23,6 +23,7 @@ import { ApiKeyGrantType, GrantApiKey } from './types' /** * Grant an API key. + * * Create an API key on behalf of another user. * This API is similar to the create API keys API, however it creates the API key for a user that is different than the user that runs the API. * The caller must have authentication credentials (either an access token, or a username and password) for the user on whose behalf the API key will be created. diff --git a/specification/security/has_privileges/SecurityHasPrivilegesRequest.ts b/specification/security/has_privileges/SecurityHasPrivilegesRequest.ts index 4c883e0118..560746e548 100644 --- a/specification/security/has_privileges/SecurityHasPrivilegesRequest.ts +++ b/specification/security/has_privileges/SecurityHasPrivilegesRequest.ts @@ -24,6 +24,7 @@ import { ApplicationPrivilegesCheck, IndexPrivilegesCheck } from './types' /** * Check user privileges. + * * Determine whether the specified user has a specified list of privileges. * @rest_spec_name security.has_privileges * @availability stack since=6.4.0 stability=stable diff --git a/specification/security/has_privileges_user_profile/Request.ts b/specification/security/has_privileges_user_profile/Request.ts index f7f46d0856..7f6a6d4eaf 100644 --- a/specification/security/has_privileges_user_profile/Request.ts +++ b/specification/security/has_privileges_user_profile/Request.ts @@ -23,6 +23,7 @@ import { PrivilegesCheck } from './types' /** * Check user profile privileges. + * * Determine whether the users associated with the specified user profile IDs have all the requested privileges. * @rest_spec_name security.has_privileges_user_profile * @availability stack since=8.3.0 stability=stable diff --git a/specification/security/invalidate_api_key/SecurityInvalidateApiKeyRequest.ts b/specification/security/invalidate_api_key/SecurityInvalidateApiKeyRequest.ts index b6c07c70be..96c1f01c20 100644 --- a/specification/security/invalidate_api_key/SecurityInvalidateApiKeyRequest.ts +++ b/specification/security/invalidate_api_key/SecurityInvalidateApiKeyRequest.ts @@ -22,6 +22,7 @@ import { Id, Name, Username } from '@_types/common' /** * Invalidate API keys. + * * This API invalidates API keys created by the create API key or grant API key APIs. * Invalidated API keys fail authentication, but they can still be viewed using the get API key information and query API key information APIs, for at least the configured retention period, until they are automatically deleted. * The `manage_api_key` privilege allows deleting any API keys. diff --git a/specification/security/invalidate_token/SecurityInvalidateTokenRequest.ts b/specification/security/invalidate_token/SecurityInvalidateTokenRequest.ts index f073c576f3..0e1ef59e2a 100644 --- a/specification/security/invalidate_token/SecurityInvalidateTokenRequest.ts +++ b/specification/security/invalidate_token/SecurityInvalidateTokenRequest.ts @@ -22,6 +22,7 @@ import { Name, Username } from '@_types/common' /** * Invalidate a token. + * * The access tokens returned by the get token API have a finite period of time for which they are valid. * After that time period, they can no longer be used. * The time period is defined by the `xpack.security.authc.token.timeout` setting. diff --git a/specification/security/put_role/SecurityPutRoleRequest.ts b/specification/security/put_role/SecurityPutRoleRequest.ts index 70342c0f59..e8ada073d5 100644 --- a/specification/security/put_role/SecurityPutRoleRequest.ts +++ b/specification/security/put_role/SecurityPutRoleRequest.ts @@ -30,8 +30,10 @@ import { Metadata, Name, Refresh } from '@_types/common' /** * Create or update roles. + * * The role management APIs are generally the preferred way to manage roles in the native realm, rather than using file-based role management. * The create or update roles API cannot update roles that are defined in roles files. + * File-based role management is not available in Elastic Serverless. * @rest_spec_name security.put_role * @availability stack stability=stable * @availability serverless stability=stable visibility=public diff --git a/specification/security/put_role_mapping/SecurityPutRoleMappingRequest.ts b/specification/security/put_role_mapping/SecurityPutRoleMappingRequest.ts index 47577e8448..4061546c0e 100644 --- a/specification/security/put_role_mapping/SecurityPutRoleMappingRequest.ts +++ b/specification/security/put_role_mapping/SecurityPutRoleMappingRequest.ts @@ -24,6 +24,7 @@ import { Metadata, Name, Refresh } from '@_types/common' /** * Create or update role mappings. + * * Role mappings define which roles are assigned to each user. * Each mapping has rules that identify users and a list of roles that are granted to those users. * The role mapping APIs are generally the preferred way to manage role mappings rather than using role mapping files. The create or update role mappings API cannot update role mappings that are defined in role mapping files. diff --git a/specification/security/put_user/SecurityPutUserRequest.ts b/specification/security/put_user/SecurityPutUserRequest.ts index a96ae2c4d8..7e366a6983 100644 --- a/specification/security/put_user/SecurityPutUserRequest.ts +++ b/specification/security/put_user/SecurityPutUserRequest.ts @@ -22,6 +22,7 @@ import { Metadata, Password, Refresh, Username } from '@_types/common' /** * Create or update users. + * * A password is required for adding a new user but is optional when updating an existing user. * To change a user’s password without updating any other fields, use the change password API. * @rest_spec_name security.put_user diff --git a/specification/security/query_api_keys/QueryApiKeysRequest.ts b/specification/security/query_api_keys/QueryApiKeysRequest.ts index 44897eafda..363182881a 100644 --- a/specification/security/query_api_keys/QueryApiKeysRequest.ts +++ b/specification/security/query_api_keys/QueryApiKeysRequest.ts @@ -25,6 +25,7 @@ import { ApiKeyAggregationContainer, ApiKeyQueryContainer } from './types' /** * Find API keys with a query. + * * Get a paginated list of API keys and their information. You can optionally filter the results with a query. * @rest_spec_name security.query_api_keys * @availability stack since=7.15.0 stability=stable diff --git a/specification/security/query_role/QueryRolesRequest.ts b/specification/security/query_role/QueryRolesRequest.ts index 45a2584f7e..9d0a93dde6 100644 --- a/specification/security/query_role/QueryRolesRequest.ts +++ b/specification/security/query_role/QueryRolesRequest.ts @@ -24,6 +24,7 @@ import { RoleQueryContainer } from './types' /** * Find roles with a query. + * * Get roles in a paginated manner. You can optionally filter the results with a query. * @rest_spec_name security.query_role * @availability stack since=8.15.0 stability=stable diff --git a/specification/security/query_user/SecurityQueryUserRequest.ts b/specification/security/query_user/SecurityQueryUserRequest.ts index 9ffcc13f1f..e567ed96a4 100644 --- a/specification/security/query_user/SecurityQueryUserRequest.ts +++ b/specification/security/query_user/SecurityQueryUserRequest.ts @@ -24,6 +24,7 @@ import { UserQueryContainer } from './types' /** * Find users with a query. + * * Get information for users in a paginated manner. * You can optionally filter the results with a query. * @rest_spec_name security.query_user diff --git a/specification/security/saml_authenticate/Request.ts b/specification/security/saml_authenticate/Request.ts index 60497b4b0b..f3361e17e1 100644 --- a/specification/security/saml_authenticate/Request.ts +++ b/specification/security/saml_authenticate/Request.ts @@ -22,6 +22,7 @@ import { Ids } from '@_types/common' /** * Authenticate SAML. + * * Submits a SAML response message to Elasticsearch for consumption. * @rest_spec_name security.saml_authenticate * @availability stack since=7.5.0 stability=stable diff --git a/specification/security/saml_complete_logout/Request.ts b/specification/security/saml_complete_logout/Request.ts index 27dd3ba449..f85e46086a 100644 --- a/specification/security/saml_complete_logout/Request.ts +++ b/specification/security/saml_complete_logout/Request.ts @@ -22,6 +22,7 @@ import { Ids } from '@_types/common' /** * Logout of SAML completely. + * * Verifies the logout response sent from the SAML IdP. * @rest_spec_name security.saml_complete_logout * @availability stack since=7.14.0 stability=stable diff --git a/specification/security/saml_invalidate/Request.ts b/specification/security/saml_invalidate/Request.ts index 0409a7f3a6..687efc679c 100644 --- a/specification/security/saml_invalidate/Request.ts +++ b/specification/security/saml_invalidate/Request.ts @@ -21,6 +21,7 @@ import { RequestBase } from '@_types/Base' /** * Invalidate SAML. + * * Submits a SAML LogoutRequest message to Elasticsearch for consumption. * @rest_spec_name security.saml_invalidate * @availability stack since=7.5.0 stability=stable diff --git a/specification/security/saml_logout/Request.ts b/specification/security/saml_logout/Request.ts index b8dec63349..672f43f422 100644 --- a/specification/security/saml_logout/Request.ts +++ b/specification/security/saml_logout/Request.ts @@ -21,6 +21,7 @@ import { RequestBase } from '@_types/Base' /** * Logout of SAML. + * * Submits a request to invalidate an access token and refresh token. * @rest_spec_name security.saml_logout * @availability stack since=7.5.0 stability=stable diff --git a/specification/security/saml_prepare_authentication/Request.ts b/specification/security/saml_prepare_authentication/Request.ts index ca675c65d2..994cf0b915 100644 --- a/specification/security/saml_prepare_authentication/Request.ts +++ b/specification/security/saml_prepare_authentication/Request.ts @@ -21,6 +21,7 @@ import { RequestBase } from '@_types/Base' /** * Prepare SAML authentication. + * * Creates a SAML authentication request (``) as a URL string, based on the configuration of the respective SAML realm in Elasticsearch. * @rest_spec_name security.saml_prepare_authentication * @availability stack since=7.5.0 stability=stable diff --git a/specification/security/saml_service_provider_metadata/Request.ts b/specification/security/saml_service_provider_metadata/Request.ts index e8cd08fe12..3f285b066e 100644 --- a/specification/security/saml_service_provider_metadata/Request.ts +++ b/specification/security/saml_service_provider_metadata/Request.ts @@ -22,6 +22,7 @@ import { Name } from '@_types/common' /** * Create SAML service provider metadata. + * * Generate SAML metadata for a SAML 2.0 Service Provider. * @rest_spec_name security.saml_service_provider_metadata * @availability stack since=7.11.0 stability=stable diff --git a/specification/security/suggest_user_profiles/Request.ts b/specification/security/suggest_user_profiles/Request.ts index 8ea8e082af..29cf4d6daf 100644 --- a/specification/security/suggest_user_profiles/Request.ts +++ b/specification/security/suggest_user_profiles/Request.ts @@ -23,6 +23,7 @@ import { Hint } from './types' /** * Suggest a user profile. + * * Get suggestions for user profiles that match specified search criteria. * @rest_spec_name security.suggest_user_profiles * @availability stack since=8.2.0 stability=stable diff --git a/specification/security/update_api_key/Request.ts b/specification/security/update_api_key/Request.ts index 117424c44f..790d25c1ea 100644 --- a/specification/security/update_api_key/Request.ts +++ b/specification/security/update_api_key/Request.ts @@ -25,6 +25,7 @@ import { Duration } from '@_types/Time' /** * Update an API key. + * * Updates attributes of an existing API key. * Users can only update API keys that they created or that were granted to them. * Use this API to update API keys created by the create API Key or grant API Key APIs. diff --git a/specification/security/update_user_profile_data/Request.ts b/specification/security/update_user_profile_data/Request.ts index d9f3ec6ddd..cd03ee460b 100644 --- a/specification/security/update_user_profile_data/Request.ts +++ b/specification/security/update_user_profile_data/Request.ts @@ -26,6 +26,7 @@ import { long } from '@_types/Numeric' /** * Update user profile data. + * * Update specific data for the user profile that is associated with a unique ID. * @rest_spec_name security.update_user_profile_data * @availability stack since=8.2.0 stability=stable