diff --git a/spec/namespaces/security.yaml b/spec/namespaces/security.yaml index 6d45f658a..7a1e47ead 100644 --- a/spec/namespaces/security.yaml +++ b/spec/namespaces/security.yaml @@ -946,61 +946,61 @@ paths: $ref: '#/components/responses/security.delete_tenant@200' '400': $ref: '#/components/responses/security.delete_tenant@400' - # /_plugins/_security/api/user: - # get: - # operationId: security.get_users.1 - # x-operation-group: security.get_users - # x-version-added: '1.0' - # description: Retrieve all internal users. Legacy API. - # responses: - # '200': - # $ref: '#/components/responses/security.get_users@200' - # /_plugins/_security/api/user/{username}: - # get: - # operationId: security.get_user.1 - # x-operation-group: security.get_user - # x-version-added: '1.0' - # description: Retrieve one user. Legacy API. - # parameters: - # - $ref: '#/components/parameters/security.get_user::path.username' - # responses: - # '200': - # $ref: '#/components/responses/security.get_user@200' - # put: - # operationId: security.create_user.1 - # x-operation-group: security.create_user - # x-version-added: '1.0' - # description: Creates or replaces the specified user. Legacy API. - # parameters: - # - $ref: '#/components/parameters/security.create_user::path.username' - # requestBody: - # $ref: '#/components/requestBodies/security.create_user' - # responses: - # '200': - # $ref: '#/components/responses/security.create_user@200' - # delete: - # operationId: security.delete_user.1 - # x-operation-group: security.delete_user - # x-version-added: '1.0' - # description: Delete the specified user. Legacy API. - # parameters: - # - $ref: '#/components/parameters/security.delete_user::path.username' - # responses: - # '200': - # $ref: '#/components/responses/security.delete_user@200' - # /_plugins/_security/api/user/{username}/authtoken: - # post: - # operationId: security.generate_user_token.1 - # x-operation-group: security.generate_user_token - # x-version-added: '1.0' - # description: Generates authorization token for the given user. Legacy API. - # parameters: - # - $ref: '#/components/parameters/security.generate_user_token::path.username' - # responses: - # '200': - # $ref: '#/components/responses/security.generate_user_token@200' - # '400': - # $ref: '#/components/responses/security.generate_user_token@400' + /_plugins/_security/api/user: + get: + operationId: security.get_users_legacy.0 + x-operation-group: security.get_users_legacy + x-version-added: '1.0' + description: Retrieve all internal users. Legacy API. + responses: + '200': + $ref: '#/components/responses/security.get_users_legacy@200' + /_plugins/_security/api/user/{username}: + get: + operationId: security.get_user_legacy.0 + x-operation-group: security.get_user_legacy + x-version-added: '1.0' + description: Retrieve one user. Legacy API. + parameters: + - $ref: '#/components/parameters/security.get_user_legacy::path.username' + responses: + '200': + $ref: '#/components/responses/security.get_user_legacy@200' + put: + operationId: security.create_user_legacy.0 + x-operation-group: security.create_user_legacy + x-version-added: '1.0' + description: Creates or replaces the specified user. Legacy API. + parameters: + - $ref: '#/components/parameters/security.create_user_legacy::path.username' + requestBody: + $ref: '#/components/requestBodies/security.create_user_legacy' + responses: + '200': + $ref: '#/components/responses/security.create_user_legacy@200' + delete: + operationId: security.delete_user_legacy.0 + x-operation-group: security.delete_user_legacy + x-version-added: '1.0' + description: Delete the specified user. Legacy API. + parameters: + - $ref: '#/components/parameters/security.delete_user_legacy::path.username' + responses: + '200': + $ref: '#/components/responses/security.delete_user_legacy@200' + /_plugins/_security/api/user/{username}/authtoken: + post: + operationId: security.generate_user_token_legacy.0 + x-operation-group: security.generate_user_token_legacy + x-version-added: '1.0' + description: Generates authorization token for the given user. Legacy API. + parameters: + - $ref: '#/components/parameters/security.generate_user_token_legacy::path.username' + responses: + '200': + $ref: '#/components/responses/security.generate_user_token_legacy@200' + '400': + $ref: '#/components/responses/security.generate_user_token_legacy@400' /_plugins/_security/api/validate: get: operationId: security.validate.0 @@ -1070,6 +1070,12 @@ components: schema: $ref: '../schemas/security._common.yaml#/components/schemas/User' required: true + security.create_user_legacy: + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/User' + required: true security.post_dashboards_info: content: application/json: @@ -1221,102 +1227,13 @@ components: content: application/json: schema: - type: object - properties: - principal: - type: string - description: User principal - peer_certificates: - type: number - description: Number of certificates - peer_certificates_list: - type: array - description: List of domain names from peer certificates - local_certificates_list: - type: array - description: List of domain names from local certificates - ssl_protocol: - type: string - description: Protocol for this ssl setup - ssl_cipher: - type: string - description: Cipher for this ssl setup - ssl_openssl_available: - type: boolean - description: A boolean to indicate if OpenSSL is available - ssl_openssl_version: - type: string - description: Version of openssl - ssl_openssl_version_string: - type: string - description: Full version string for openssl version - ssl_openssl_non_available_cause: - type: string - description: Reason for openssl unavailability - ssl_openssl_supports_key_manager_factory: - type: boolean - description: Indicates where KMF is supported - ssl_openssl_supports_hostname_validation: - type: boolean - description: Indicates whether hostname validation is supported - ssl_provider_http: - type: string - description: Returns http provider's name - ssl_provider_transport_server: - type: string - description: Returns transport server's name - ssl_provider_transport_client: - type: string - description: Returns transport client's name + $ref: '../schemas/security._common.yaml#/components/schemas/SSLInfo' security.authinfo@200: description: '' content: application/json: schema: - type: object - properties: - user: - type: string - description: Stringified User object - user_name: - type: string - description: User's name - user_requested_tenant: - type: string - description: Name of the tenant the user wants to switch to - remote_address: - type: string - description: The IP address of remote user - backend_roles: - type: array - description: Backend roles associated with the user - custom_attribute_names: - type: array - description: Name of the attributes associated with the user - roles: - type: array - description: Roles associated with the user - tenants: - type: object - description: Tenants the user has access to with read-write or read-only access indicator - principal: - type: string - description: User principal - peer_certificates: - type: number - description: Number of peer certificates - sso_logout_url: - type: string - description: Logout url - size_of_user: - type: string - description: Size of user in memory - size_of_custom_attributes: - type: string - description: Size of user's custom attributes in bytes - size_of_backendroles: - type: string - description: Size of backend roles in bytes + $ref: '../schemas/security._common.yaml#/components/schemas/AuthInfo' security.get_dashboards_info@200: description: '' content: @@ -1365,6 +1282,12 @@ components: application/json: schema: $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' + security.create_user_legacy@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' security.delete_action_group@200: description: '' content: @@ -1401,12 +1324,24 @@ components: application/json: schema: $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' + security.delete_user_legacy@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' security.generate_user_token@200: description: '' content: application/json: schema: $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' + security.generate_user_token_legacy@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/OkResponse' security.get_permissions_info@500: description: '' content: @@ -1608,12 +1543,24 @@ components: application/json: schema: $ref: '../schemas/security._common.yaml#/components/schemas/UsersMap' + security.get_user_legacy@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/UsersMap' security.get_users@200: description: '' content: application/json: schema: $ref: '../schemas/security._common.yaml#/components/schemas/UsersMap' + security.get_users_legacy@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/UsersMap' security.health@200: description: '' content: @@ -1825,6 +1772,12 @@ components: application/json: schema: $ref: '../schemas/security._common.yaml#/components/schemas/BadRequestResponse' + security.generate_user_token_legacy@400: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequestResponse' security.delete_tenant@400: description: '' content: @@ -1973,32 +1926,32 @@ components: security.get_sslinfo::query.show_dn: name: show_dn in: query - description: The domain names from all certificates + description: The domain names from all certificates. schema: type: string - description: A boolean flag to indicate whether all domain names should be returned + description: A boolean flag to indicate whether all domain names should be returned. required: false security.authinfo::query.verbose: name: verbose in: query - description: Indicates whether a verbose response should be returned + description: Indicates whether a verbose response should be returned. schema: type: boolean required: false security.authinfo::query.auth_type: name: auth_type in: query - description: The type of current authentication request + description: The type of current authentication request. schema: type: string required: false security.create_action_group::path.action_group: name: action_group in: path - description: The name of the action group to create or replace + description: The name of the action group to create or replace. schema: type: string - description: The name of the action group to create or replace + description: The name of the action group to create or replace. required: true security.create_role::path.role: name: role @@ -2024,6 +1977,12 @@ components: schema: type: string required: true + security.create_user_legacy::path.username: + name: username + in: path + schema: + type: string + required: true security.delete_action_group::path.action_group: name: action_group in: path @@ -2062,12 +2021,24 @@ components: schema: type: string required: true + security.delete_user_legacy::path.username: + name: username + in: path + schema: + type: string + required: true security.generate_user_token::path.username: name: username in: path schema: type: string required: true + security.generate_user_token_legacy::path.username: + name: username + in: path + schema: + type: string + required: true security.get_action_group::path.action_group: name: action_group in: path @@ -2118,6 +2089,12 @@ components: schema: type: string required: true + security.get_user_legacy::path.username: + name: username + in: path + schema: + type: string + required: true security.health::query.mode: name: mode in: query diff --git a/spec/opensearch-openapi.yaml b/spec/opensearch-openapi.yaml index c02f2ca5f..ce83c5b45 100644 --- a/spec/opensearch-openapi.yaml +++ b/spec/opensearch-openapi.yaml @@ -496,6 +496,12 @@ paths: $ref: 'namespaces/security.yaml#/paths/~1_plugins~1_security~1api~1tenants' /_plugins/_security/api/tenants/{tenant}: $ref: 'namespaces/security.yaml#/paths/~1_plugins~1_security~1api~1tenants~1{tenant}' + /_plugins/_security/api/user: + $ref: 'namespaces/security.yaml#/paths/~1_plugins~1_security~1api~1internalusers' + /_plugins/_security/api/user/{username}: + $ref: 'namespaces/security.yaml#/paths/~1_plugins~1_security~1api~1internalusers~1{username}' + /_plugins/_security/api/user/{username}/authtoken: + $ref: 'namespaces/security.yaml#/paths/~1_plugins~1_security~1api~1internalusers~1{username}~1authtoken' /_plugins/_security/api/validate: $ref: 'namespaces/security.yaml#/paths/~1_plugins~1_security~1api~1validate' /_remotestore/_restore: diff --git a/spec/schemas/security._common.yaml b/spec/schemas/security._common.yaml index 3504d3b37..fe1ca6d11 100644 --- a/spec/schemas/security._common.yaml +++ b/spec/schemas/security._common.yaml @@ -363,7 +363,7 @@ components: properties: config: type: array - description: List of configs to be upgraded + description: List of configs to be upgraded. AllowlistConfig: type: object properties: @@ -460,37 +460,130 @@ components: description: User's name not_fail_on_forbidden_enabled: type: boolean - description: Indicates whether DNFOF is enabled + description: Indicates whether DNFOF is enabled. opensearch_dashboards_mt_enabled: type: boolean - description: Indicates whether multi-tenancy is enabled + description: Indicates whether multi-tenancy is enabled. opensearch_dashboards_index: type: string description: Name of the dashboards index opensearch_dashboards_server_user: type: string - description: Name of the user used to connect dashboards to the server + description: Name of the user used to connect dashboards to the server. multitenancy_enabled: type: boolean - description: Indicates whether multi-tenancy is enabled + description: Indicates whether multi-tenancy is enabled. private_tenant_enabled: type: boolean - description: Indicates whether private tenant is enabled for all users + description: Indicates whether private tenant is enabled for all users. default_tenant: type: string - description: The default tenant setting for the dashboard + description: The default tenant setting for the dashboard. sign_in_options: type: array - description: List of available sign-in options available + description: List of available sign-in options available. password_validation_error_message: type: string - description: Error message when password validation fails + description: Error message when password validation fails. password_validation_regex: type: string - description: Reg-ex to be used to perform password validation + description: Reg-ex to be used to perform password validation. InternalServerErrorResponse: type: object properties: error: type: string - description: Error message during request execution. \ No newline at end of file + description: Error message during request execution. + AuthInfo: + type: object + properties: + user: + type: string + description: Stringified User object. + user_name: + type: string + description: User's name. + user_requested_tenant: + type: string + description: Name of the tenant the user wants to switch to. + remote_address: + type: string + description: The IP address of remote user. + backend_roles: + type: array + description: Backend roles associated with the user. + custom_attribute_names: + type: array + description: Name of the attributes associated with the user. + roles: + type: array + description: Roles associated with the user. + tenants: + type: object + description: Tenants the user has access to with read-write or read-only access indicator. + principal: + type: string + description: User principal. + peer_certificates: + type: number + description: Number of peer certificates. + sso_logout_url: + type: string + description: Logout url. + size_of_user: + type: string + description: Size of user in memory. + size_of_custom_attributes: + type: string + description: Size of user's custom attributes in bytes. + size_of_backendroles: + type: string + description: Size of backend roles in bytes. + SSLInfo: + type: object + properties: + principal: + type: string + description: User principal. + peer_certificates: + type: number + description: Number of certificates. + peer_certificates_list: + type: array + description: List of domain names from peer certificates. + local_certificates_list: + type: array + description: List of domain names from local certificates. + ssl_protocol: + type: string + description: Protocol for this ssl setup. + ssl_cipher: + type: string + description: Cipher for this ssl setup. + ssl_openssl_available: + type: boolean + description: A boolean to indicate if OpenSSL is available. + ssl_openssl_version: + type: string + description: Version of openssl. + ssl_openssl_version_string: + type: string + description: Full version string for openssl version. + ssl_openssl_non_available_cause: + type: string + description: Reason for openssl unavailability. + ssl_openssl_supports_key_manager_factory: + type: boolean + description: Indicates where KMF is supported. + ssl_openssl_supports_hostname_validation: + type: boolean + description: Indicates whether hostname validation is supported. + ssl_provider_http: + type: string + description: Returns http provider's name. + ssl_provider_transport_server: + type: string + description: Returns transport server's name. + ssl_provider_transport_client: + type: string + description: Returns transport client's name. \ No newline at end of file