diff --git a/output/openapi/elasticsearch-openapi.json b/output/openapi/elasticsearch-openapi.json index 5f04a1f90e..3cd55ce552 100644 --- a/output/openapi/elasticsearch-openapi.json +++ b/output/openapi/elasticsearch-openapi.json @@ -27072,7 +27072,7 @@ "type": "object", "properties": { "api_key": { - "$ref": "#/components/schemas/security._types:ApiKey" + "$ref": "#/components/schemas/security.authenticate:AuthenticateApiKey" }, "authentication_realm": { "$ref": "#/components/schemas/security._types:RealmInfo" @@ -81778,69 +81778,67 @@ "username" ] }, - "security._types:ApiKey": { + "security.authenticate:AuthenticateApiKey": { "type": "object", "properties": { - "creation": { - "description": "Creation time for the API key in milliseconds.", - "type": "number" - }, - "expiration": { - "description": "Expiration time for the API key in milliseconds.", - "type": "number" - }, "id": { "$ref": "#/components/schemas/_types:Id" }, - "invalidated": { - "description": "Invalidation status for the API key.\nIf the key has been invalidated, it has a value of `true`. Otherwise, it is `false`.", - "type": "boolean" - }, + "name": { + "$ref": "#/components/schemas/_types:Name" + } + }, + "required": [ + "id" + ] + }, + "security._types:RealmInfo": { + "type": "object", + "properties": { "name": { "$ref": "#/components/schemas/_types:Name" }, - "realm": { - "description": "Realm name of the principal for which this API key was created.", - "type": "string" - }, - "realm_type": { - "description": "Realm type of the principal for which this API key was created", + "type": { "type": "string" + } + }, + "required": [ + "name", + "type" + ] + }, + "security.authenticate:Token": { + "type": "object", + "properties": { + "name": { + "$ref": "#/components/schemas/_types:Name" }, - "username": { - "$ref": "#/components/schemas/_types:Username" - }, - "profile_uid": { - "description": "The profile uid for the API key owner principal, if requested and if it exists", + "type": { "type": "string" + } + }, + "required": [ + "name" + ] + }, + "security._types:BulkError": { + "type": "object", + "properties": { + "count": { + "description": "The number of errors", + "type": "number" }, - "metadata": { - "$ref": "#/components/schemas/_types:Metadata" - }, - "role_descriptors": { - "description": "The role descriptors assigned to this API key when it was created or last updated.\nAn empty role descriptor means the API key inherits the owner user’s permissions.", + "details": { + "description": "Details about the errors, keyed by role name", "type": "object", "additionalProperties": { - "$ref": "#/components/schemas/security._types:RoleDescriptor" - } - }, - "limited_by": { - "description": "The owner user’s permissions associated with the API key.\nIt is a point-in-time snapshot captured at creation and subsequent updates.\nAn API key’s effective permissions are an intersection of its assigned privileges and the owner user’s permissions.", - "type": "array", - "items": { - "type": "object", - "additionalProperties": { - "$ref": "#/components/schemas/security._types:RoleDescriptor" - } + "$ref": "#/components/schemas/_types:ErrorCause" } - }, - "_sort": { - "$ref": "#/components/schemas/_types:SortResults" } }, "required": [ - "id", - "name" + "count", + "details" ] }, "security._types:RoleDescriptor": { @@ -82296,55 +82294,6 @@ } ] }, - "security._types:RealmInfo": { - "type": "object", - "properties": { - "name": { - "$ref": "#/components/schemas/_types:Name" - }, - "type": { - "type": "string" - } - }, - "required": [ - "name", - "type" - ] - }, - "security.authenticate:Token": { - "type": "object", - "properties": { - "name": { - "$ref": "#/components/schemas/_types:Name" - }, - "type": { - "type": "string" - } - }, - "required": [ - "name" - ] - }, - "security._types:BulkError": { - "type": "object", - "properties": { - "count": { - "description": "The number of errors", - "type": "number" - }, - "details": { - "description": "Details about the errors, keyed by role name", - "type": "object", - "additionalProperties": { - "$ref": "#/components/schemas/_types:ErrorCause" - } - } - }, - "required": [ - "count", - "details" - ] - }, "security._types:ClusterNode": { "type": "object", "properties": { @@ -82480,6 +82429,91 @@ "value" ] }, + "security._types:ApiKey": { + "type": "object", + "properties": { + "id": { + "$ref": "#/components/schemas/_types:Id" + }, + "name": { + "$ref": "#/components/schemas/_types:Name" + }, + "type": { + "$ref": "#/components/schemas/security._types:ApiKeyType" + }, + "creation": { + "$ref": "#/components/schemas/_types:EpochTimeUnitMillis" + }, + "expiration": { + "$ref": "#/components/schemas/_types:EpochTimeUnitMillis" + }, + "invalidated": { + "description": "Invalidation status for the API key.\nIf the key has been invalidated, it has a value of `true`. Otherwise, it is `false`.", + "type": "boolean" + }, + "invalidation": { + "$ref": "#/components/schemas/_types:EpochTimeUnitMillis" + }, + "username": { + "$ref": "#/components/schemas/_types:Username" + }, + "realm": { + "description": "Realm name of the principal for which this API key was created.", + "type": "string" + }, + "realm_type": { + "description": "Realm type of the principal for which this API key was created", + "type": "string" + }, + "metadata": { + "$ref": "#/components/schemas/_types:Metadata" + }, + "role_descriptors": { + "description": "The role descriptors assigned to this API key when it was created or last updated.\nAn empty role descriptor means the API key inherits the owner user’s permissions.", + "type": "object", + "additionalProperties": { + "$ref": "#/components/schemas/security._types:RoleDescriptor" + } + }, + "limited_by": { + "description": "The owner user’s permissions associated with the API key.\nIt is a point-in-time snapshot captured at creation and subsequent updates.\nAn API key’s effective permissions are an intersection of its assigned privileges and the owner user’s permissions.", + "type": "array", + "items": { + "type": "object", + "additionalProperties": { + "$ref": "#/components/schemas/security._types:RoleDescriptor" + } + } + }, + "access": { + "$ref": "#/components/schemas/security._types:Access" + }, + "profile_uid": { + "description": "The profile uid for the API key owner principal, if requested and if it exists", + "type": "string" + }, + "_sort": { + "$ref": "#/components/schemas/_types:SortResults" + } + }, + "required": [ + "id", + "name", + "type", + "creation", + "invalidated", + "username", + "realm", + "metadata" + ] + }, + "security._types:ApiKeyType": { + "type": "string", + "enum": [ + "rest", + "cross_cluster" + ] + }, "security.put_privileges:Actions": { "type": "object", "properties": { diff --git a/output/openapi/elasticsearch-serverless-openapi.json b/output/openapi/elasticsearch-serverless-openapi.json index ec208a92b6..4bd52e1cac 100644 --- a/output/openapi/elasticsearch-serverless-openapi.json +++ b/output/openapi/elasticsearch-serverless-openapi.json @@ -16660,7 +16660,7 @@ "type": "object", "properties": { "api_key": { - "$ref": "#/components/schemas/security._types:ApiKey" + "$ref": "#/components/schemas/security.authenticate:AuthenticateApiKey" }, "authentication_realm": { "$ref": "#/components/schemas/security._types:RealmInfo" @@ -53564,68 +53564,46 @@ "_types:MapboxVectorTiles": { "type": "object" }, - "security._types:ApiKey": { + "security.authenticate:AuthenticateApiKey": { "type": "object", "properties": { - "creation": { - "description": "Creation time for the API key in milliseconds.", - "type": "number" - }, - "expiration": { - "description": "Expiration time for the API key in milliseconds.", - "type": "number" - }, "id": { "$ref": "#/components/schemas/_types:Id" }, - "invalidated": { - "description": "Invalidation status for the API key.\nIf the key has been invalidated, it has a value of `true`. Otherwise, it is `false`.", - "type": "boolean" - }, + "name": { + "$ref": "#/components/schemas/_types:Name" + } + }, + "required": [ + "id" + ] + }, + "security._types:RealmInfo": { + "type": "object", + "properties": { "name": { "$ref": "#/components/schemas/_types:Name" }, - "realm": { - "description": "Realm name of the principal for which this API key was created.", - "type": "string" - }, - "realm_type": { - "description": "Realm type of the principal for which this API key was created", + "type": { "type": "string" + } + }, + "required": [ + "name", + "type" + ] + }, + "security.authenticate:Token": { + "type": "object", + "properties": { + "name": { + "$ref": "#/components/schemas/_types:Name" }, - "username": { - "$ref": "#/components/schemas/_types:Username" - }, - "profile_uid": { - "description": "The profile uid for the API key owner principal, if requested and if it exists", + "type": { "type": "string" - }, - "metadata": { - "$ref": "#/components/schemas/_types:Metadata" - }, - "role_descriptors": { - "description": "The role descriptors assigned to this API key when it was created or last updated.\nAn empty role descriptor means the API key inherits the owner user’s permissions.", - "type": "object", - "additionalProperties": { - "$ref": "#/components/schemas/security._types:RoleDescriptor" - } - }, - "limited_by": { - "description": "The owner user’s permissions associated with the API key.\nIt is a point-in-time snapshot captured at creation and subsequent updates.\nAn API key’s effective permissions are an intersection of its assigned privileges and the owner user’s permissions.", - "type": "array", - "items": { - "type": "object", - "additionalProperties": { - "$ref": "#/components/schemas/security._types:RoleDescriptor" - } - } - }, - "_sort": { - "$ref": "#/components/schemas/_types:SortResults" } }, "required": [ - "id", "name" ] }, @@ -53906,33 +53884,162 @@ } ] }, - "security._types:RealmInfo": { + "security._types:ApiKey": { "type": "object", "properties": { + "id": { + "$ref": "#/components/schemas/_types:Id" + }, "name": { "$ref": "#/components/schemas/_types:Name" }, "type": { + "$ref": "#/components/schemas/security._types:ApiKeyType" + }, + "creation": { + "$ref": "#/components/schemas/_types:EpochTimeUnitMillis" + }, + "expiration": { + "$ref": "#/components/schemas/_types:EpochTimeUnitMillis" + }, + "invalidated": { + "description": "Invalidation status for the API key.\nIf the key has been invalidated, it has a value of `true`. Otherwise, it is `false`.", + "type": "boolean" + }, + "invalidation": { + "$ref": "#/components/schemas/_types:EpochTimeUnitMillis" + }, + "username": { + "$ref": "#/components/schemas/_types:Username" + }, + "realm": { + "description": "Realm name of the principal for which this API key was created.", + "type": "string" + }, + "realm_type": { + "description": "Realm type of the principal for which this API key was created", "type": "string" + }, + "metadata": { + "$ref": "#/components/schemas/_types:Metadata" + }, + "role_descriptors": { + "description": "The role descriptors assigned to this API key when it was created or last updated.\nAn empty role descriptor means the API key inherits the owner user’s permissions.", + "type": "object", + "additionalProperties": { + "$ref": "#/components/schemas/security._types:RoleDescriptor" + } + }, + "limited_by": { + "description": "The owner user’s permissions associated with the API key.\nIt is a point-in-time snapshot captured at creation and subsequent updates.\nAn API key’s effective permissions are an intersection of its assigned privileges and the owner user’s permissions.", + "type": "array", + "items": { + "type": "object", + "additionalProperties": { + "$ref": "#/components/schemas/security._types:RoleDescriptor" + } + } + }, + "access": { + "$ref": "#/components/schemas/security._types:Access" + }, + "profile_uid": { + "description": "The profile uid for the API key owner principal, if requested and if it exists", + "type": "string" + }, + "_sort": { + "$ref": "#/components/schemas/_types:SortResults" } }, "required": [ + "id", "name", - "type" + "type", + "creation", + "invalidated", + "username", + "realm", + "metadata" ] }, - "security.authenticate:Token": { + "security._types:ApiKeyType": { + "type": "string", + "enum": [ + "rest", + "cross_cluster" + ] + }, + "security._types:Access": { "type": "object", "properties": { - "name": { - "$ref": "#/components/schemas/_types:Name" + "replication": { + "description": "A list of indices permission entries for cross-cluster replication.", + "type": "array", + "items": { + "$ref": "#/components/schemas/security._types:ReplicationAccess" + } }, - "type": { - "type": "string" + "search": { + "description": "A list of indices permission entries for cross-cluster search.", + "type": "array", + "items": { + "$ref": "#/components/schemas/security._types:SearchAccess" + } + } + } + }, + "security._types:ReplicationAccess": { + "type": "object", + "properties": { + "names": { + "description": "A list of indices (or index name patterns) to which the permissions in this entry apply.", + "oneOf": [ + { + "$ref": "#/components/schemas/_types:IndexName" + }, + { + "type": "array", + "items": { + "$ref": "#/components/schemas/_types:IndexName" + } + } + ] + }, + "allow_restricted_indices": { + "description": "This needs to be set to true if the patterns in the names field should cover system indices.", + "type": "boolean" } }, "required": [ - "name" + "names" + ] + }, + "security._types:SearchAccess": { + "type": "object", + "properties": { + "field_security": { + "$ref": "#/components/schemas/security._types:FieldSecurity" + }, + "names": { + "description": "A list of indices (or index name patterns) to which the permissions in this entry apply.", + "oneOf": [ + { + "$ref": "#/components/schemas/_types:IndexName" + }, + { + "type": "array", + "items": { + "$ref": "#/components/schemas/_types:IndexName" + } + } + ] + }, + "query": { + "$ref": "#/components/schemas/security._types:IndicesPrivilegesQuery" + } + }, + "required": [ + "names" ] }, "security._types:RemoteClusterPrivilege": { diff --git a/output/schema/schema-serverless.json b/output/schema/schema-serverless.json index 1482bad4dd..a2fbccb934 100644 --- a/output/schema/schema-serverless.json +++ b/output/schema/schema-serverless.json @@ -38522,8 +38522,8 @@ "type": { "kind": "instance_of", "type": { - "name": "ApiKey", - "namespace": "security._types" + "name": "AuthenticateApiKey", + "namespace": "security.authenticate" } } }, @@ -38677,7 +38677,7 @@ "name": "Response", "namespace": "security.authenticate" }, - "specLocation": "security/authenticate/SecurityAuthenticateResponse.ts#L25-L43" + "specLocation": "security/authenticate/SecurityAuthenticateResponse.ts#L24-L42" }, { "attachedBehaviors": [ @@ -102899,6 +102899,22 @@ }, "specLocation": "searchable_snapshots/_types/stats.ts#L20-L24" }, + { + "kind": "enum", + "members": [ + { + "name": "rest" + }, + { + "name": "cross_cluster" + } + ], + "name": { + "name": "ApiKeyType", + "namespace": "security._types" + }, + "specLocation": "security/_types/ApiKey.ts#L116-L119" + }, { "isOpen": true, "kind": "enum", @@ -139383,36 +139399,11 @@ { "kind": "interface", "name": { - "name": "ApiKey", - "namespace": "security._types" + "name": "AuthenticateApiKey", + "namespace": "security.authenticate" }, "properties": [ { - "description": "Creation time for the API key in milliseconds.", - "name": "creation", - "required": false, - "type": { - "kind": "instance_of", - "type": { - "name": "long", - "namespace": "_types" - } - } - }, - { - "description": "Expiration time for the API key in milliseconds.", - "name": "expiration", - "required": false, - "type": { - "kind": "instance_of", - "type": { - "name": "long", - "namespace": "_types" - } - } - }, - { - "description": "Id for the API key", "name": "id", "required": true, "type": { @@ -139424,19 +139415,27 @@ } }, { - "description": "Invalidation status for the API key.\nIf the key has been invalidated, it has a value of `true`. Otherwise, it is `false`.", - "name": "invalidated", + "name": "name", "required": false, "type": { "kind": "instance_of", "type": { - "name": "boolean", - "namespace": "_builtins" + "name": "Name", + "namespace": "_types" } } - }, + } + ], + "specLocation": "security/authenticate/SecurityAuthenticateResponse.ts#L44-L47" + }, + { + "kind": "interface", + "name": { + "name": "RealmInfo", + "namespace": "security._types" + }, + "properties": [ { - "description": "Name of the API key.", "name": "name", "required": true, "type": { @@ -139448,27 +139447,8 @@ } }, { - "description": "Realm name of the principal for which this API key was created.", - "name": "realm", - "required": false, - "type": { - "kind": "instance_of", - "type": { - "name": "string", - "namespace": "_builtins" - } - } - }, - { - "availability": { - "serverless": {}, - "stack": { - "since": "8.14.0" - } - }, - "description": "Realm type of the principal for which this API key was created", - "name": "realm_type", - "required": false, + "name": "type", + "required": true, "type": { "kind": "instance_of", "type": { @@ -139476,15 +139456,24 @@ "namespace": "_builtins" } } - }, + } + ], + "specLocation": "security/_types/RealmInfo.ts#L22-L25" + }, + { + "kind": "interface", + "name": { + "name": "Token", + "namespace": "security.authenticate" + }, + "properties": [ { - "description": "Principal for which this API key was created", - "name": "username", - "required": false, + "name": "name", + "required": true, "type": { "kind": "instance_of", "type": { - "name": "Username", + "name": "Name", "namespace": "_types" } } @@ -139493,11 +139482,10 @@ "availability": { "serverless": {}, "stack": { - "since": "8.14.0" + "since": "7.14.0" } }, - "description": "The profile uid for the API key owner principal, if requested and if it exists", - "name": "profile_uid", + "name": "type", "required": false, "type": { "kind": "instance_of", @@ -139506,93 +139494,9 @@ "namespace": "_builtins" } } - }, - { - "availability": { - "serverless": {}, - "stack": { - "since": "7.13.0" - } - }, - "description": "Metadata of the API key", - "name": "metadata", - "required": false, - "type": { - "kind": "instance_of", - "type": { - "name": "Metadata", - "namespace": "_types" - } - } - }, - { - "description": "The role descriptors assigned to this API key when it was created or last updated.\nAn empty role descriptor means the API key inherits the owner user’s permissions.", - "name": "role_descriptors", - "required": false, - "type": { - "key": { - "kind": "instance_of", - "type": { - "name": "string", - "namespace": "_builtins" - } - }, - "kind": "dictionary_of", - "singleKey": false, - "value": { - "kind": "instance_of", - "type": { - "name": "RoleDescriptor", - "namespace": "security._types" - } - } - } - }, - { - "availability": { - "serverless": {}, - "stack": { - "since": "8.5.0" - } - }, - "description": "The owner user’s permissions associated with the API key.\nIt is a point-in-time snapshot captured at creation and subsequent updates.\nAn API key’s effective permissions are an intersection of its assigned privileges and the owner user’s permissions.", - "name": "limited_by", - "required": false, - "type": { - "kind": "array_of", - "value": { - "key": { - "kind": "instance_of", - "type": { - "name": "string", - "namespace": "_builtins" - } - }, - "kind": "dictionary_of", - "singleKey": false, - "value": { - "kind": "instance_of", - "type": { - "name": "RoleDescriptor", - "namespace": "security._types" - } - } - } - } - }, - { - "name": "_sort", - "required": false, - "type": { - "kind": "instance_of", - "type": { - "name": "SortResults", - "namespace": "_types" - } - } } ], - "specLocation": "security/_types/ApiKey.ts#L26-L88" + "specLocation": "security/authenticate/types.ts#L22-L29" }, { "kind": "interface", @@ -139912,11 +139816,24 @@ { "kind": "interface", "name": { - "name": "RealmInfo", + "name": "ApiKey", "namespace": "security._types" }, "properties": [ { + "description": "Id for the API key", + "name": "id", + "required": true, + "type": { + "kind": "instance_of", + "type": { + "name": "Id", + "namespace": "_types" + } + } + }, + { + "description": "Name of the API key.", "name": "name", "required": true, "type": { @@ -139928,8 +139845,120 @@ } }, { + "availability": { + "serverless": {}, + "stack": { + "since": "8.10.0" + } + }, + "description": "The type of the API key (e.g. `rest` or `cross_cluster`).", "name": "type", "required": true, + "type": { + "kind": "instance_of", + "type": { + "name": "ApiKeyType", + "namespace": "security._types" + } + } + }, + { + "description": "Creation time for the API key in milliseconds.", + "name": "creation", + "required": true, + "type": { + "generics": [ + { + "kind": "instance_of", + "type": { + "name": "UnitMillis", + "namespace": "_types" + } + } + ], + "kind": "instance_of", + "type": { + "name": "EpochTime", + "namespace": "_types" + } + } + }, + { + "description": "Expiration time for the API key in milliseconds.", + "name": "expiration", + "required": false, + "type": { + "generics": [ + { + "kind": "instance_of", + "type": { + "name": "UnitMillis", + "namespace": "_types" + } + } + ], + "kind": "instance_of", + "type": { + "name": "EpochTime", + "namespace": "_types" + } + } + }, + { + "description": "Invalidation status for the API key.\nIf the key has been invalidated, it has a value of `true`. Otherwise, it is `false`.", + "name": "invalidated", + "required": true, + "type": { + "kind": "instance_of", + "type": { + "name": "boolean", + "namespace": "_builtins" + } + } + }, + { + "availability": { + "serverless": {}, + "stack": { + "since": "8.12.0" + } + }, + "description": "If the key has been invalidated, invalidation time in milliseconds.", + "name": "invalidation", + "required": false, + "type": { + "generics": [ + { + "kind": "instance_of", + "type": { + "name": "UnitMillis", + "namespace": "_types" + } + } + ], + "kind": "instance_of", + "type": { + "name": "EpochTime", + "namespace": "_types" + } + } + }, + { + "description": "Principal for which this API key was created", + "name": "username", + "required": true, + "type": { + "kind": "instance_of", + "type": { + "name": "Username", + "namespace": "_types" + } + } + }, + { + "description": "Realm name of the principal for which this API key was created.", + "name": "realm", + "required": true, "type": { "kind": "instance_of", "type": { @@ -139937,36 +139966,125 @@ "namespace": "_builtins" } } - } - ], - "specLocation": "security/_types/RealmInfo.ts#L22-L25" - }, - { - "kind": "interface", - "name": { - "name": "Token", - "namespace": "security.authenticate" - }, - "properties": [ + }, { - "name": "name", + "availability": { + "serverless": {}, + "stack": { + "since": "8.14.0" + } + }, + "description": "Realm type of the principal for which this API key was created", + "name": "realm_type", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + } + }, + { + "availability": { + "serverless": {}, + "stack": { + "since": "7.13.0" + } + }, + "description": "Metadata of the API key", + "name": "metadata", "required": true, "type": { "kind": "instance_of", "type": { - "name": "Name", + "name": "Metadata", "namespace": "_types" } } }, + { + "description": "The role descriptors assigned to this API key when it was created or last updated.\nAn empty role descriptor means the API key inherits the owner user’s permissions.", + "name": "role_descriptors", + "required": false, + "type": { + "key": { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + }, + "kind": "dictionary_of", + "singleKey": false, + "value": { + "kind": "instance_of", + "type": { + "name": "RoleDescriptor", + "namespace": "security._types" + } + } + } + }, { "availability": { "serverless": {}, "stack": { - "since": "7.14.0" + "since": "8.5.0" } }, - "name": "type", + "description": "The owner user’s permissions associated with the API key.\nIt is a point-in-time snapshot captured at creation and subsequent updates.\nAn API key’s effective permissions are an intersection of its assigned privileges and the owner user’s permissions.", + "name": "limited_by", + "required": false, + "type": { + "kind": "array_of", + "value": { + "key": { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + }, + "kind": "dictionary_of", + "singleKey": false, + "value": { + "kind": "instance_of", + "type": { + "name": "RoleDescriptor", + "namespace": "security._types" + } + } + } + } + }, + { + "availability": { + "serverless": {}, + "stack": { + "since": "8.10.0" + } + }, + "description": "The access granted to cross-cluster API keys.\nThe access is composed of permissions for cross cluster search and cross cluster replication.\nAt least one of them must be specified.\nWhen specified, the new access assignment fully replaces the previously assigned access.", + "name": "access", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "Access", + "namespace": "security._types" + } + } + }, + { + "availability": { + "serverless": {}, + "stack": { + "since": "8.14.0" + } + }, + "description": "The profile uid for the API key owner principal, if requested and if it exists", + "name": "profile_uid", "required": false, "type": { "kind": "instance_of", @@ -139975,9 +140093,174 @@ "namespace": "_builtins" } } + }, + { + "description": "Sorting values when using the `sort` parameter with the `security.query_api_keys` API.", + "name": "_sort", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "SortResults", + "namespace": "_types" + } + } + } + ], + "specLocation": "security/_types/ApiKey.ts#L28-L114" + }, + { + "kind": "interface", + "name": { + "name": "Access", + "namespace": "security._types" + }, + "properties": [ + { + "description": "A list of indices permission entries for cross-cluster replication.", + "name": "replication", + "required": false, + "type": { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "ReplicationAccess", + "namespace": "security._types" + } + } + } + }, + { + "description": "A list of indices permission entries for cross-cluster search.", + "name": "search", + "required": false, + "type": { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "SearchAccess", + "namespace": "security._types" + } + } + } + } + ], + "specLocation": "security/_types/Access.ts#L22-L31" + }, + { + "kind": "interface", + "name": { + "name": "ReplicationAccess", + "namespace": "security._types" + }, + "properties": [ + { + "description": "A list of indices (or index name patterns) to which the permissions in this entry apply.", + "name": "names", + "required": true, + "type": { + "items": [ + { + "kind": "instance_of", + "type": { + "name": "IndexName", + "namespace": "_types" + } + }, + { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "IndexName", + "namespace": "_types" + } + } + } + ], + "kind": "union_of" + } + }, + { + "description": "This needs to be set to true if the patterns in the names field should cover system indices.", + "name": "allow_restricted_indices", + "required": false, + "serverDefault": false, + "type": { + "kind": "instance_of", + "type": { + "name": "boolean", + "namespace": "_builtins" + } + } } ], - "specLocation": "security/authenticate/types.ts#L22-L29" + "specLocation": "security/_types/Privileges.ts#L418-L428" + }, + { + "kind": "interface", + "name": { + "name": "SearchAccess", + "namespace": "security._types" + }, + "properties": [ + { + "description": "The document fields that the owners of the role have read access to.", + "docId": "field-and-document-access-control", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/field-and-document-access-control.html", + "name": "field_security", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "FieldSecurity", + "namespace": "security._types" + } + } + }, + { + "description": "A list of indices (or index name patterns) to which the permissions in this entry apply.", + "name": "names", + "required": true, + "type": { + "items": [ + { + "kind": "instance_of", + "type": { + "name": "IndexName", + "namespace": "_types" + } + }, + { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "IndexName", + "namespace": "_types" + } + } + } + ], + "kind": "union_of" + } + }, + { + "description": "A search query that defines the documents the owners of the role have access to. A document within the specified indices must match this query for it to be accessible by the owners of the role.", + "name": "query", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "IndicesPrivilegesQuery", + "namespace": "security._types" + } + } + } + ], + "specLocation": "security/_types/Privileges.ts#L430-L450" }, { "kind": "interface", diff --git a/output/schema/schema.json b/output/schema/schema.json index 5dd8078cee..5faed9e4ca 100644 --- a/output/schema/schema.json +++ b/output/schema/schema.json @@ -186937,73 +186937,97 @@ }, "properties": [ { - "description": "Creation time for the API key in milliseconds.", - "name": "creation", - "required": false, + "description": "Id for the API key", + "name": "id", + "required": true, "type": { "kind": "instance_of", "type": { - "name": "long", + "name": "Id", "namespace": "_types" } } }, { - "description": "Expiration time for the API key in milliseconds.", - "name": "expiration", - "required": false, + "description": "Name of the API key.", + "name": "name", + "required": true, "type": { "kind": "instance_of", "type": { - "name": "long", + "name": "Name", "namespace": "_types" } } }, { - "description": "Id for the API key", - "name": "id", + "availability": { + "serverless": {}, + "stack": { + "since": "8.10.0" + } + }, + "description": "The type of the API key (e.g. `rest` or `cross_cluster`).", + "name": "type", "required": true, "type": { "kind": "instance_of", "type": { - "name": "Id", - "namespace": "_types" + "name": "ApiKeyType", + "namespace": "security._types" } } }, { - "description": "Invalidation status for the API key.\nIf the key has been invalidated, it has a value of `true`. Otherwise, it is `false`.", - "name": "invalidated", - "required": false, + "description": "Creation time for the API key in milliseconds.", + "name": "creation", + "required": true, "type": { "kind": "instance_of", + "generics": [ + { + "kind": "instance_of", + "type": { + "name": "UnitMillis", + "namespace": "_types" + } + } + ], "type": { - "name": "boolean", - "namespace": "_builtins" + "name": "EpochTime", + "namespace": "_types" } } }, { - "description": "Name of the API key.", - "name": "name", - "required": true, + "description": "Expiration time for the API key in milliseconds.", + "name": "expiration", + "required": false, "type": { "kind": "instance_of", + "generics": [ + { + "kind": "instance_of", + "type": { + "name": "UnitMillis", + "namespace": "_types" + } + } + ], "type": { - "name": "Name", + "name": "EpochTime", "namespace": "_types" } } }, { - "description": "Realm name of the principal for which this API key was created.", - "name": "realm", - "required": false, + "description": "Invalidation status for the API key.\nIf the key has been invalidated, it has a value of `true`. Otherwise, it is `false`.", + "name": "invalidated", + "required": true, "type": { "kind": "instance_of", "type": { - "name": "string", + "name": "boolean", "namespace": "_builtins" } } @@ -187012,24 +187036,33 @@ "availability": { "serverless": {}, "stack": { - "since": "8.14.0" + "since": "8.12.0" } }, - "description": "Realm type of the principal for which this API key was created", - "name": "realm_type", + "description": "If the key has been invalidated, invalidation time in milliseconds.", + "name": "invalidation", "required": false, "type": { "kind": "instance_of", + "generics": [ + { + "kind": "instance_of", + "type": { + "name": "UnitMillis", + "namespace": "_types" + } + } + ], "type": { - "name": "string", - "namespace": "_builtins" + "name": "EpochTime", + "namespace": "_types" } } }, { "description": "Principal for which this API key was created", "name": "username", - "required": false, + "required": true, "type": { "kind": "instance_of", "type": { @@ -187038,6 +187071,18 @@ } } }, + { + "description": "Realm name of the principal for which this API key was created.", + "name": "realm", + "required": true, + "type": { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + } + }, { "availability": { "serverless": {}, @@ -187045,8 +187090,8 @@ "since": "8.14.0" } }, - "description": "The profile uid for the API key owner principal, if requested and if it exists", - "name": "profile_uid", + "description": "Realm type of the principal for which this API key was created", + "name": "realm_type", "required": false, "type": { "kind": "instance_of", @@ -187065,7 +187110,7 @@ }, "description": "Metadata of the API key", "name": "metadata", - "required": false, + "required": true, "type": { "kind": "instance_of", "type": { @@ -187130,6 +187175,43 @@ } }, { + "availability": { + "serverless": {}, + "stack": { + "since": "8.10.0" + } + }, + "description": "The access granted to cross-cluster API keys.\nThe access is composed of permissions for cross cluster search and cross cluster replication.\nAt least one of them must be specified.\nWhen specified, the new access assignment fully replaces the previously assigned access.", + "name": "access", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "Access", + "namespace": "security._types" + } + } + }, + { + "availability": { + "serverless": {}, + "stack": { + "since": "8.14.0" + } + }, + "description": "The profile uid for the API key owner principal, if requested and if it exists", + "name": "profile_uid", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + } + }, + { + "description": "Sorting values when using the `sort` parameter with the `security.query_api_keys` API.", "name": "_sort", "required": false, "type": { @@ -187141,7 +187223,23 @@ } } ], - "specLocation": "security/_types/ApiKey.ts#L26-L88" + "specLocation": "security/_types/ApiKey.ts#L28-L114" + }, + { + "kind": "enum", + "members": [ + { + "name": "rest" + }, + { + "name": "cross_cluster" + } + ], + "name": { + "name": "ApiKeyType", + "namespace": "security._types" + }, + "specLocation": "security/_types/ApiKey.ts#L116-L119" }, { "kind": "interface", @@ -189637,6 +189735,38 @@ }, "specLocation": "security/activate_user_profile/Response.ts#L22-L24" }, + { + "kind": "interface", + "name": { + "name": "AuthenticateApiKey", + "namespace": "security.authenticate" + }, + "properties": [ + { + "name": "id", + "required": true, + "type": { + "kind": "instance_of", + "type": { + "name": "Id", + "namespace": "_types" + } + } + }, + { + "name": "name", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "Name", + "namespace": "_types" + } + } + } + ], + "specLocation": "security/authenticate/SecurityAuthenticateResponse.ts#L44-L47" + }, { "kind": "request", "attachedBehaviors": [ @@ -189671,8 +189801,8 @@ "type": { "kind": "instance_of", "type": { - "name": "ApiKey", - "namespace": "security._types" + "name": "AuthenticateApiKey", + "namespace": "security.authenticate" } } }, @@ -189825,7 +189955,7 @@ "name": "Response", "namespace": "security.authenticate" }, - "specLocation": "security/authenticate/SecurityAuthenticateResponse.ts#L25-L43" + "specLocation": "security/authenticate/SecurityAuthenticateResponse.ts#L24-L42" }, { "kind": "interface", diff --git a/output/typescript/types.ts b/output/typescript/types.ts index b3f56a005a..30b4a8ac7a 100644 --- a/output/typescript/types.ts +++ b/output/typescript/types.ts @@ -17607,21 +17607,26 @@ export interface SecurityAccess { } export interface SecurityApiKey { - creation?: long - expiration?: long id: Id - invalidated?: boolean name: Name - realm?: string + type: SecurityApiKeyType + creation: EpochTime + expiration?: EpochTime + invalidated: boolean + invalidation?: EpochTime + username: Username + realm: string realm_type?: string - username?: Username - profile_uid?: string - metadata?: Metadata + metadata: Metadata role_descriptors?: Record limited_by?: Record[] + access?: SecurityAccess + profile_uid?: string _sort?: SortResults } +export type SecurityApiKeyType = 'rest' | 'cross_cluster' + export interface SecurityApplicationGlobalUserPrivileges { manage: SecurityManageUserPrivileges } @@ -17843,11 +17848,16 @@ export interface SecurityActivateUserProfileRequest extends RequestBase { export type SecurityActivateUserProfileResponse = SecurityUserProfileWithMetadata +export interface SecurityAuthenticateAuthenticateApiKey { + id: Id + name?: Name +} + export interface SecurityAuthenticateRequest extends RequestBase { } export interface SecurityAuthenticateResponse { - api_key?: SecurityApiKey + api_key?: SecurityAuthenticateAuthenticateApiKey authentication_realm: SecurityRealmInfo email?: string | null full_name?: Name | null diff --git a/specification/security/_types/ApiKey.ts b/specification/security/_types/ApiKey.ts index 9d7135c25b..d5ea6b9798 100644 --- a/specification/security/_types/ApiKey.ts +++ b/specification/security/_types/ApiKey.ts @@ -19,58 +19,65 @@ import { Dictionary } from '@spec_utils/Dictionary' import { Id, Metadata, Name, Username } from '@_types/common' -import { long } from '@_types/Numeric' import { SortResults } from '@_types/sort' +import { EpochTime, UnitMillis } from '@_types/Time' +import { Access } from './Access' import { RoleDescriptor } from './RoleDescriptor' export class ApiKey { /** - * Creation time for the API key in milliseconds. + * Id for the API key */ - creation?: long + id: Id /** - * Expiration time for the API key in milliseconds. + * Name of the API key. */ - expiration?: long + name: Name /** - * Id for the API key + * The type of the API key (e.g. `rest` or `cross_cluster`). + * @availability stack since=8.10.0 + * @availability serverless */ - id: Id + type: ApiKeyType /** - * Invalidation status for the API key. - * If the key has been invalidated, it has a value of `true`. Otherwise, it is `false`. + * Creation time for the API key in milliseconds. */ - invalidated?: boolean + creation: EpochTime /** - * Name of the API key. + * Expiration time for the API key in milliseconds. */ - name: Name + expiration?: EpochTime /** - * Realm name of the principal for which this API key was created. + * Invalidation status for the API key. + * If the key has been invalidated, it has a value of `true`. Otherwise, it is `false`. */ - realm?: string + invalidated: boolean /** - * Realm type of the principal for which this API key was created - * @availability stack since=8.14.0 + * If the key has been invalidated, invalidation time in milliseconds. + * @availability stack since=8.12.0 * @availability serverless */ - realm_type?: string + invalidation?: EpochTime /** * Principal for which this API key was created */ - username?: Username + username: Username /** - * The profile uid for the API key owner principal, if requested and if it exists + * Realm name of the principal for which this API key was created. + */ + realm: string + /** + * Realm type of the principal for which this API key was created * @availability stack since=8.14.0 * @availability serverless */ - profile_uid?: string + realm_type?: string /** * Metadata of the API key * @availability stack since=7.13.0 * @availability serverless */ - metadata?: Metadata + metadata: Metadata /** * The role descriptors assigned to this API key when it was created or last updated. * An empty role descriptor means the API key inherits the owner user’s permissions. @@ -84,5 +91,28 @@ export class ApiKey { * @availability serverless */ limited_by?: Array> + /** + * The access granted to cross-cluster API keys. + * The access is composed of permissions for cross cluster search and cross cluster replication. + * At least one of them must be specified. + * When specified, the new access assignment fully replaces the previously assigned access. + * @availability stack since=8.10.0 + * @availability serverless + */ + access?: Access + /** + * The profile uid for the API key owner principal, if requested and if it exists + * @availability stack since=8.14.0 + * @availability serverless + */ + profile_uid?: string + /** + * Sorting values when using the `sort` parameter with the `security.query_api_keys` API. + */ _sort?: SortResults } + +export enum ApiKeyType { + rest, + cross_cluster +} diff --git a/specification/security/authenticate/SecurityAuthenticateResponse.ts b/specification/security/authenticate/SecurityAuthenticateResponse.ts index a6716f45c9..75bfb082b8 100644 --- a/specification/security/authenticate/SecurityAuthenticateResponse.ts +++ b/specification/security/authenticate/SecurityAuthenticateResponse.ts @@ -17,14 +17,13 @@ * under the License. */ -import { ApiKey } from '@security/_types/ApiKey' import { RealmInfo } from '@security/_types/RealmInfo' -import { Metadata, Name, Username } from '@_types/common' +import { Id, Metadata, Name, Username } from '@_types/common' import { Token } from './types' export class Response { body: { - api_key?: ApiKey + api_key?: AuthenticateApiKey authentication_realm: RealmInfo email?: string | null full_name?: Name | null @@ -41,3 +40,8 @@ export class Response { token?: Token } } + +export class AuthenticateApiKey { + id: Id + name?: Name +}