diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 1b648abd0..134c5c583 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1 +1 @@ -* @abhivka7 @dblock @harshavamsi @pgtgrly @sachetalva @nhtruong @Xtansia @VachaShah +* @dblock @harshavamsi @sachetalva @nhtruong @Xtansia @VachaShah @Tokesh @aabeshov \ No newline at end of file diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a325840b7..fa3c882e1 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -21,13 +21,10 @@ jobs: node-version: '20' - name: Build - working-directory: ./tools run: |- - mkdir -p ../build + mkdir -p ./build npm install - export ROOT_PATH=../spec - export OUTPUT_PATH=../build/opensearch-openapi.yaml - npm run merge -- $ROOT_PATH $OUTPUT_PATH + npm run merge -- --source ./spec --output ./build/opensearch-openapi.yaml - name: Extract Branch Name id: branch diff --git a/.github/workflows/coverage-gather.yml b/.github/workflows/coverage-gather.yml index d3b378b90..887132ebd 100644 --- a/.github/workflows/coverage-gather.yml +++ b/.github/workflows/coverage-gather.yml @@ -15,13 +15,10 @@ jobs: - name: Checkout Repo uses: actions/checkout@v2 - name: Build Spec - working-directory: ./tools run: |- - mkdir -p ../build + mkdir -p ./build npm install - export ROOT_PATH=../spec - export OUTPUT_PATH=../build/opensearch-openapi.yaml - npm run merge -- $ROOT_PATH $OUTPUT_PATH + npm run merge -- --source ./spec --output ./build/opensearch-openapi.yaml - name: Build and Run Docker Container run: | docker build coverage --tag opensearch-with-api-plugin diff --git a/.github/workflows/links.yml b/.github/workflows/links.yml index c072e4e25..bfdd4df3d 100644 --- a/.github/workflows/links.yml +++ b/.github/workflows/links.yml @@ -14,4 +14,4 @@ jobs: uses: lycheeverse/lychee-action@v1 with: fail: true - args: --base . --verbose --no-progress './**/*.yaml' './**/*.yml' './**/*.md' './**/*.json' './**/*.ts' --exclude-path ./tools/package-lock.json + args: --base . --verbose --no-progress './**/*.yaml' './**/*.yml' './**/*.md' './**/*.json' './**/*.ts' --exclude-path ./package-lock.json diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index d90f32e19..2d7bd2f26 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -5,19 +5,16 @@ on: branches: ['**'] paths: - 'spec/**' - - 'tools/linter/**' + - 'tools/src/linter/**' pull_request: branches: ['**'] paths: - 'spec/**' - - 'tools/linter/**' + - 'tools/src/linter/**' jobs: lint-spec: runs-on: ubuntu-latest - defaults: - run: - working-directory: tools steps: - uses: actions/checkout@v3 - uses: actions/setup-node@v3 @@ -25,4 +22,4 @@ jobs: node-version: 20.10.0 - run: npm install - run: | - npm run lint:spec -- ../spec + npm run lint:spec -- --source ./spec diff --git a/.github/workflows/tools.yml b/.github/workflows/tools.yml index 12155f9aa..0cae7671e 100644 --- a/.github/workflows/tools.yml +++ b/.github/workflows/tools.yml @@ -13,9 +13,6 @@ on: jobs: tools-tests: runs-on: ubuntu-latest - defaults: - run: - working-directory: tools steps: - uses: actions/checkout@v3 - uses: actions/setup-node@v3 diff --git a/DEVELOPER_GUIDE.md b/DEVELOPER_GUIDE.md index 145d9c2e1..ca19a0bd3 100644 --- a/DEVELOPER_GUIDE.md +++ b/DEVELOPER_GUIDE.md @@ -118,7 +118,7 @@ This repository includes several OpenAPI Specification Extensions to fill in any ## Tools -We authored a number of tools to merge and lint specs that live in [tools](tools). All tools have tests (run with `npm run test`) and a linter (run with `npm run lint`). +We authored a number of tools to merge and lint specs that live in [tools](./tools/src/). All tools have tests (run with `npm run test`) and a linter (run with `npm run lint`). ### Merger diff --git a/MAINTAINERS.md b/MAINTAINERS.md index e2be2cecb..d68014fab 100644 --- a/MAINTAINERS.md +++ b/MAINTAINERS.md @@ -8,12 +8,20 @@ This document contains a list of maintainers in this repo. See [opensearch-proje ## Current Maintainers | Maintainer | GitHub ID | Affiliation | -| -------------------- | --------------------------------------------- | ----------- | -| Abhi Kalra | [abhivka7](https://github.com/abhivka7) | Amazon | +|----------------------|-----------------------------------------------|-------------| +| Alen Abeshov | [aabeshov](https://github.com/aabeshov) | | | Daniel Doubrovkine | [dblock](https://github.com/dblock) | Amazon | | Harsha Vamsi Kalluri | [harshavamsi](https://github.com/harshavamsi) | Amazon | -| Pranav Garg | [pgtgrly](https://github.com/pgtgrly) | Amazon | | Sachet Alva | [sachetalva](https://github.com/sachetalva) | Amazon | | Theo Truong | [nhtruong](https://github.com/nhtruong) | Amazon | | Thomas Farr | [Xtansia](https://github.com/Xtansia) | Amazon | +| Torekeldi Niyazbek | [Tokesh](https://github.com/Tokesh) | | | Vacha Shah | [VachaShah](https://github.com/VachaShah) | Amazon | + + +## Emeritus + +| Maintainer | GitHub ID | Affiliation | +|-------------|-----------------------------------------|-------------| +| Abhi Kalra | [abhivka7](https://github.com/abhivka7) | Amazon | +| Pranav Garg | [pgtgrly](https://github.com/pgtgrly) | Amazon | \ No newline at end of file diff --git a/README.md b/README.md index 79a796175..e8ebe70ae 100644 --- a/README.md +++ b/README.md @@ -52,7 +52,7 @@ Click [here](https://github.com/opensearch-project/opensearch-api-specification/ ## Security -If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/) or directly via email to aws-security@amazon.com. Please do **not** create a public GitHub issue. +If you discover a potential security issue in this project we ask that you notify OpenSearch Security directly via email to security@opensearch.org. Please do **not** create a public GitHub issue. ## License diff --git a/SECURITY.md b/SECURITY.md index b86292104..be4ac7463 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,3 +1,3 @@ ## Reporting a Vulnerability -If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/) or directly via email to aws-security@amazon.com. Please do **not** create a public GitHub issue. +If you discover a potential security issue in this project we ask that you notify OpenSearch Security directly via email to security@opensearch.org. Please do **not** create a public GitHub issue. diff --git a/_plugins/openapi.rb b/_plugins/openapi.rb index 23a612b27..dd44775fa 100644 --- a/_plugins/openapi.rb +++ b/_plugins/openapi.rb @@ -2,10 +2,8 @@ module OpenAPI def self.generate(_site, _payload) return if @generated - Dir.chdir('tools') do - system 'npm install' - system 'npm run merge -- ../spec ../_site/opensearch-openapi.yaml' - end + system 'npm install' + system 'npm run merge -- --source ./spec --output ./_site/opensearch-openapi.yaml' @generated = true end diff --git a/tools/eslint.config.mjs b/eslint.config.mjs similarity index 100% rename from tools/eslint.config.mjs rename to eslint.config.mjs diff --git a/tools/jest.config.js b/jest.config.js similarity index 54% rename from tools/jest.config.js rename to jest.config.js index e5fbf09c0..272fc8594 100644 --- a/tools/jest.config.js +++ b/jest.config.js @@ -1,5 +1,6 @@ /** @type {import('ts-jest').JestConfigWithTsJest} */ module.exports = { preset: 'ts-jest', - testEnvironment: 'node' + testEnvironment: 'node', + moduleDirectories: ['node_modules', './tools/src'] } diff --git a/tools/package-lock.json b/package-lock.json similarity index 99% rename from tools/package-lock.json rename to package-lock.json index 20ab5a4d4..14f2fc54d 100644 --- a/tools/package-lock.json +++ b/package-lock.json @@ -10,10 +10,12 @@ "license": "Apache-2.0", "dependencies": { "@apidevtools/swagger-parser": "^10.1.0", + "@commander-js/extra-typings": "^12.0.1", "@types/lodash": "^4.14.202", "@types/node": "^20.10.3", "ajv": "^8.13.0", "ajv-formats": "^3.0.1", + "commander": "^12.0.0", "lodash": "^4.17.21", "ts-node": "^10.9.1", "typescript": "^5.4.5", @@ -727,6 +729,14 @@ "integrity": "sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==", "dev": true }, + "node_modules/@commander-js/extra-typings": { + "version": "12.0.1", + "resolved": "https://registry.npmjs.org/@commander-js/extra-typings/-/extra-typings-12.0.1.tgz", + "integrity": "sha512-OvkMobb1eMqOCuJdbuSin/KJkkZr7n24/UNV+Lcz/0Dhepf3r2p9PaGwpRpAWej7A+gQnny4h8mGhpFl4giKkg==", + "peerDependencies": { + "commander": "~12.0.0" + } + }, "node_modules/@cspotcode/source-map-support": { "version": "0.8.1", "resolved": "https://registry.npmjs.org/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz", @@ -2455,6 +2465,14 @@ "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==", "dev": true }, + "node_modules/commander": { + "version": "12.0.0", + "resolved": "https://registry.npmjs.org/commander/-/commander-12.0.0.tgz", + "integrity": "sha512-MwVNWlYjDTtOjX5PiD7o5pK0UrFU/OYgcJfjjK4RaHZETNtjJqrZa9Y9ds88+A+f+d5lv+561eZ+yCKoS3gbAA==", + "engines": { + "node": ">=18" + } + }, "node_modules/concat-map": { "version": "0.0.1", "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", diff --git a/tools/package.json b/package.json similarity index 84% rename from tools/package.json rename to package.json index 23bafa58d..974ef1145 100644 --- a/tools/package.json +++ b/package.json @@ -5,17 +5,19 @@ "author": "opensearch-project", "license": "Apache-2.0", "scripts": { - "merge": "ts-node merger/merge.ts", - "lint:spec": "ts-node linter/lint.ts", + "merge": "ts-node tools/src/merger/merge.ts", + "lint:spec": "ts-node tools/src/linter/lint.ts", "lint": "eslint .", "test": "jest" }, "dependencies": { "@apidevtools/swagger-parser": "^10.1.0", + "@commander-js/extra-typings": "^12.0.1", "@types/lodash": "^4.14.202", "@types/node": "^20.10.3", "ajv": "^8.13.0", "ajv-formats": "^3.0.1", + "commander": "^12.0.0", "lodash": "^4.17.21", "ts-node": "^10.9.1", "typescript": "^5.4.5", diff --git a/spec/_info.yaml b/spec/_info.yaml index f71d35dd0..9ba0e9e60 100644 --- a/spec/_info.yaml +++ b/spec/_info.yaml @@ -1,4 +1,4 @@ -$schema: ../json_schemas/_info.schema.yaml +$schema: ./json_schemas/_info.schema.yaml title: OpenSearch API Specification version: 1.0.0 \ No newline at end of file diff --git a/spec/_superseded_operations.yaml b/spec/_superseded_operations.yaml index c5180f076..9db450730 100644 --- a/spec/_superseded_operations.yaml +++ b/spec/_superseded_operations.yaml @@ -1,4 +1,4 @@ -$schema: ../json_schemas/_superseded_operations.schema.yaml +$schema: ./json_schemas/_superseded_operations.schema.yaml /_opendistro/_alerting/destinations: superseded_by: /_plugins/_alerting/destinations @@ -368,6 +368,14 @@ $schema: ../json_schemas/_superseded_operations.schema.yaml superseded_by: /_plugins/_rollup/jobs/{rollupID}/_stop operations: - POST +/_opendistro/_security/api/_upgrade_check/: + superseded_by: /_plugins/_security/api/_upgrade_check/ + operations: + - GET +/_opendistro/_security/api/_upgrade_perform/: + superseded_by: /_plugins/_security/api/_upgrade_perform/ + operations: + - POST /_opendistro/_security/api/account: superseded_by: /_plugins/_security/api/account operations: @@ -393,8 +401,8 @@ $schema: ../json_schemas/_superseded_operations.schema.yaml operations: - GET - PUT - - DELETE - PATCH + - DELETE /_opendistro/_security/api/audit/: superseded_by: /_plugins/_security/api/audit/ operations: @@ -476,17 +484,33 @@ $schema: ../json_schemas/_superseded_operations.schema.yaml superseded_by: /_plugins/_security/api/ssl/certs operations: - GET -/_opendistro/_security/api/ssl/{certType}/reloadcerts/: - superseded_by: /_plugins/_security/api/ssl/{certType}/reloadcerts/ +/_opendistro/_security/api/ssl/transport/reloadcerts: + superseded_by: /_plugins/_security/api/ssl/transport/reloadcerts + operations: + - PUT +/_opendistro/_security/api/ssl/http/reloadcerts: + superseded_by: /_plugins/_security/api/ssl/http/reloadcerts + operations: + - PUT +/_opendistro/_security/api/nodesdn: + superseded_by: /_plugins/_security/api/nodesdn/ + operations: + - GET + - PATCH +/_opendistro/_security/api/nodesdn/{cluster_name}: + superseded_by: /_plugins/_security/api/nodesdn/{cluster_name} operations: + - GET - PUT + - PATCH + - DELETE /_opendistro/_security/api/tenancy/config: superseded_by: /_plugins/_security/api/tenancy/config operations: - GET - PUT -/_opendistro/_security/api/tenants/: - superseded_by: /_plugins/_security/api/tenants/ +/_opendistro/_security/api/tenants: + superseded_by: /_plugins/_security/api/tenants operations: - GET - PATCH @@ -497,8 +521,8 @@ $schema: ../json_schemas/_superseded_operations.schema.yaml - PUT - DELETE - PATCH -/_opendistro/_security/api/user/: - superseded_by: /_plugins/_security/api/user/ +/_opendistro/_security/api/user: + superseded_by: /_plugins/_security/api/user operations: - GET /_opendistro/_security/api/user/{name}: @@ -521,6 +545,12 @@ $schema: ../json_schemas/_superseded_operations.schema.yaml - GET - PUT - PATCH +/_opendistro/_security/api/allowlist: + superseded_by: /_plugins/_security/api/allowlist + operations: + - GET + - PUT + - PATCH /_opendistro/_security/authinfo: superseded_by: /_plugins/_security/authinfo operations: @@ -532,14 +562,10 @@ $schema: ../json_schemas/_superseded_operations.schema.yaml - GET - POST /_opendistro/_security/kibanainfo: - superseded_by: /_plugins/_security/kibanainfo + superseded_by: /_plugins/_security/dashboardsinfo operations: - GET - POST -/_opendistro/_security/sslinfo: - superseded_by: /_plugins/_security/sslinfo - operations: - - GET /_opendistro/_security/tenantinfo: superseded_by: /_plugins/_security/tenantinfo operations: diff --git a/spec/namespaces/security.yaml b/spec/namespaces/security.yaml index 48b48993f..97be69ec5 100644 --- a/spec/namespaces/security.yaml +++ b/spec/namespaces/security.yaml @@ -4,6 +4,171 @@ info: description: OpenSearch Security API version: 1.0.0 paths: + /_opendistro/_security/sslinfo: + get: + operationId: security.get_sslinfo.0 + x-operation-group: security.get_sslinfo + x-version-added: '1.0' + description: Retrieves the SSL configuration information. + parameters: + - $ref: '#/components/parameters/security.get_sslinfo::query.show_dn' + responses: + '200': + $ref: '#/components/responses/security.get_sslinfo@200' + '500': + $ref: '#/components/responses/security.get_sslinfo@500' + /_plugins/_security/authinfo: + get: + operationId: security.authinfo.0 + x-operation-group: security.authinfo + x-version-added: '1.0' + description: Returns the authentication information. + parameters: + - $ref: '#/components/parameters/security.authinfo::query.verbose' + - $ref: '#/components/parameters/security.authinfo::query.auth_type' + responses: + '200': + $ref: '#/components/responses/security.authinfo@200' + '500': + $ref: '#/components/responses/security.authinfo@500' + post: + operationId: security.authinfo.1 + x-operation-group: security.authinfo + x-version-added: '1.0' + description: Returns the authentication information. + parameters: + - $ref: '#/components/parameters/security.authinfo::query.verbose' + - $ref: '#/components/parameters/security.authinfo::query.auth_type' + responses: + '200': + $ref: '#/components/responses/security.authinfo@200' + '500': + $ref: '#/components/responses/security.authinfo@500' + /_plugins/_security/dashboardsinfo: + get: + operationId: security.get_dashboards_info.0 + x-operation-group: security.get_dashboards_info + x-version-added: '1.0' + description: Retrieves the current security-dashboards plugin configuration. + responses: + '200': + $ref: '#/components/responses/security.get_dashboards_info@200' + '500': + $ref: '#/components/responses/security.get_dashboards_info@500' + post: + operationId: security.post_dashboards_info.1 + x-operation-group: security.post_dashboards_info + x-version-added: '1.0' + description: Updates the current security-dashboards plugin configuration. + requestBody: + $ref: '#/components/requestBodies/security.post_dashboards_info' + responses: + '200': + $ref: '#/components/responses/security.post_dashboards_info@200' + '500': + $ref: '#/components/responses/security.post_dashboards_info@500' + /_plugins/_security/health: + get: + operationId: security.health.0 + x-operation-group: security.health + x-version-added: '1.0' + description: Checks to see if the Security plugin is up and running. + parameters: + - $ref: '#/components/parameters/security.health::query.mode' + externalDocs: + url: https://opensearch.org/docs/latest/security/access-control/api/#health-check + responses: + '200': + $ref: '#/components/responses/security.health@200' + post: + operationId: security.health.1 + x-operation-group: security.health + x-version-added: '1.0' + description: Checks to see if the Security plugin is up and running. + parameters: + - $ref: '#/components/parameters/security.health::query.mode' + externalDocs: + url: https://opensearch.org/docs/latest/security/access-control/api/#health-check + responses: + '200': + $ref: '#/components/responses/security.health@200' + /_plugins/_security/tenantinfo: + get: + operationId: security.tenant_info.0 + x-operation-group: security.tenant_info + x-version-added: '1.0' + description: Retrieves the tenant names if any exist. Only accesible to super admins or kibanaserver user. + responses: + '200': + $ref: '#/components/responses/security.tenant_info@200' + '500': + $ref: '#/components/responses/security.tenant_info@500' + post: + operationId: security.tenant_info.1 + x-operation-group: security.tenant_info + x-version-added: '1.0' + description: Retrieves the tenant names if any exist. Only accesible to super admins or kibanaserver user. + responses: + '200': + $ref: '#/components/responses/security.tenant_info@200' + '500': + $ref: '#/components/responses/security.tenant_info@500' + /_plugins/_security/whoami: + get: + operationId: security.who_am_i.0 + x-operation-group: security.who_am_i + x-version-added: '1.0' + description: Gets the user identity related information for currently logged in user. + responses: + '200': + $ref: '#/components/responses/security.who_am_i@200' + '500': + $ref: '#/components/responses/security.who_am_i@500' + post: + operationId: security.who_am_i.1 + x-operation-group: security.who_am_i + x-version-added: '1.0' + description: Gets the user identity related information for currently logged in user. + responses: + '200': + $ref: '#/components/responses/security.who_am_i@200' + '500': + $ref: '#/components/responses/security.who_am_i@500' + /_plugins/_security/whoamiprotected: + get: + operationId: security.who_am_i_protected.0 + x-operation-group: security.who_am_i_protected + x-version-added: '2.11' + description: Gets the user identity related information for currently logged in user. User needs to have access to this endpoint when authorization at REST layer is enabled. + responses: + '200': + $ref: '#/components/responses/security.who_am_i_protected@200' + '500': + $ref: '#/components/responses/security.who_am_i_protected@500' + /_plugins/_security/_upgrade_check: + get: + operationId: security.config_upgrade_check.0 + x-operation-group: security.config_upgrade_check + x-version-added: '2.14' + description: Check whether or not an upgrade can be performed and what resources can be updated. + externalDocs: + url: https://opensearch.org/docs/latest/security/access-control/api/#configuration-upgrade-check + responses: + '200': + $ref: '#/components/responses/security.config_upgrade_check@200' + /_plugins/_security/_upgrade_perform: + post: + operationId: security.config_upgrade_perform.0 + x-operation-group: security.config_upgrade_perform + x-version-added: '2.14' + description: Helps cluster operator upgrade missing defaults and stale default definitions. + externalDocs: + url: https://opensearch.org/docs/latest/security/access-control/api/#configuration-upgrade + requestBody: + $ref: '#/components/requestBodies/security.config_upgrade_perform' + responses: + '200': + $ref: '#/components/responses/security.config_upgrade_perform@200' /_plugins/_security/api/account: get: operationId: security.get_account_details.0 @@ -39,7 +204,7 @@ paths: '200': $ref: '#/components/responses/security.get_action_groups@200' patch: - operationId: security.patch_action_groups.0 + operationId: security.patch_action_groups.1 x-operation-group: security.patch_action_groups x-version-added: '1.0' description: Creates, updates, or deletes multiple action groups in a single call. @@ -51,18 +216,6 @@ paths: '200': $ref: '#/components/responses/security.patch_action_groups@200' /_plugins/_security/api/actiongroups/{action_group}: - delete: - operationId: security.delete_action_group.0 - x-operation-group: security.delete_action_group - x-version-added: '1.0' - description: Delete a specified action group. - externalDocs: - url: https://opensearch.org/docs/latest/security/access-control/api/#delete-action-group - parameters: - - $ref: '#/components/parameters/security.delete_action_group::path.action_group' - responses: - '200': - $ref: '#/components/responses/security.delete_action_group@200' get: operationId: security.get_action_group.0 x-operation-group: security.get_action_group @@ -75,6 +228,20 @@ paths: responses: '200': $ref: '#/components/responses/security.get_action_group@200' + put: + operationId: security.create_action_group.0 + x-operation-group: security.create_action_group + x-version-added: '1.0' + description: Creates or replaces the specified action group. + externalDocs: + url: https://opensearch.org/docs/latest/security/access-control/api/#create-action-group + parameters: + - $ref: '#/components/parameters/security.create_action_group::path.action_group' + requestBody: + $ref: '#/components/requestBodies/security.create_action_group' + responses: + '200': + $ref: '#/components/responses/security.create_action_group@200' patch: operationId: security.patch_action_group.0 x-operation-group: security.patch_action_group @@ -89,20 +256,53 @@ paths: responses: '200': $ref: '#/components/responses/security.patch_action_group@200' - put: - operationId: security.create_action_group.0 - x-operation-group: security.create_action_group + delete: + operationId: security.delete_action_group.0 + x-operation-group: security.delete_action_group x-version-added: '1.0' - description: Creates or replaces the specified action group. + description: Delete a specified action group. externalDocs: - url: https://opensearch.org/docs/latest/security/access-control/api/#create-action-group + url: https://opensearch.org/docs/latest/security/access-control/api/#delete-action-group parameters: - - $ref: '#/components/parameters/security.create_action_group::path.action_group' + - $ref: '#/components/parameters/security.delete_action_group::path.action_group' + responses: + '200': + $ref: '#/components/responses/security.delete_action_group@200' + /_plugins/_security/api/allowlist: + get: + operationId: security.get_allowlist.0 + x-operation-group: security.get_allowlist + x-version-added: '1.0' + description: Retrieves the current list of allowed API accessible to normal user. + externalDocs: + url: https://opensearch.org/docs/latest/security/access-control/api/#access-control-for-the-api + responses: + '200': + $ref: '#/components/responses/security.get_allowlist@200' + put: + operationId: security.create_allowlist.0 + x-operation-group: security.create_allowlist + x-version-added: '1.0' + description: Creates or replaces the allowlisted APIs. Accessible via Super Admin certificate or REST API permission. + externalDocs: + url: https://opensearch.org/docs/latest/security/access-control/api/#access-control-for-the-api requestBody: - $ref: '#/components/requestBodies/security.create_action_group' + $ref: '#/components/requestBodies/security.create_allowlist' responses: '200': - $ref: '#/components/responses/security.create_action_group@200' + $ref: '#/components/responses/security.create_allowlist@200' + patch: + operationId: security.patch_allowlist.0 + x-operation-group: security.patch_allowlist + x-version-added: '1.0' + description: Updates the current list of allowed API accessible to normal user. + externalDocs: + url: https://opensearch.org/docs/latest/security/access-control/api/#access-control-for-the-api + requestBody: + $ref: '#/components/requestBodies/security.patch_allowlist' + responses: + '200': + $ref: '#/components/responses/security.patch_allowlist@200' /_plugins/_security/api/audit: get: operationId: security.get_audit_configuration.0 @@ -139,17 +339,68 @@ paths: responses: '200': $ref: '#/components/responses/security.update_audit_configuration@200' + /_plugins/_security/api/authtoken: + post: + operationId: security.authtoken.0 + x-operation-group: security.authtoken + x-version-added: '1.0' + description: Returns the authorization token. + responses: + '200': + $ref: '#/components/responses/security.authtoken@200' /_plugins/_security/api/cache: + get: + operationId: security.cache.1 + x-operation-group: security.cache + x-ignorable: true + x-version-added: '1.0' + description: Not supported for cache API. + responses: + '501': + $ref: '#/components/responses/security.cache@501' + post: + operationId: security.cache.2 + x-operation-group: security.cache + x-version-added: '1.0' + x-ignorable: true + description: Not supported for cache API. + responses: + '501': + $ref: '#/components/responses/security.cache@501' + put: + operationId: security.cache.3 + x-operation-group: security.cache + x-version-added: '1.0' + x-ignorable: true + description: Not supported for cache API. + responses: + '501': + $ref: '#/components/responses/security.cache@501' delete: operationId: security.flush_cache.0 x-operation-group: security.flush_cache x-version-added: '1.0' description: Flushes the Security plugin user, authentication, and authorization cache. externalDocs: - url: https://opensearch.org/docs/2.7/security/access-control/api/#flush-cache + url: https://opensearch.org/docs/latest/security/access-control/api/#flush-cache responses: '200': $ref: '#/components/responses/security.flush_cache@200' + /_plugins/_security/api/generateonbehalfoftoken: + post: + operationId: security.generate_obo_token.0 + x-operation-group: security.generate_obo_token + x-version-added: '2.12' + description: Generates On-Behalf-Of token for the current user. + externalDocs: + url: https://opensearch.org/docs/latest/security/access-control/authentication-tokens/#api-endpoint + requestBody: + $ref: '#/components/requestBodies/security.generate_obo_token' + responses: + '200': + $ref: '#/components/responses/security.generate_obo_token@200' + '400': + $ref: '#/components/responses/security.generate_obo_token@400' /_plugins/_security/api/internalusers: get: operationId: security.get_users.0 @@ -174,18 +425,6 @@ paths: '200': $ref: '#/components/responses/security.patch_users@200' /_plugins/_security/api/internalusers/{username}: - delete: - operationId: security.delete_user.0 - x-operation-group: security.delete_user - x-version-added: '1.0' - description: Delete the specified user. - externalDocs: - url: https://opensearch.org/docs/latest/security/access-control/api/#delete-user - parameters: - - $ref: '#/components/parameters/security.delete_user::path.username' - responses: - '200': - $ref: '#/components/responses/security.delete_user@200' get: operationId: security.get_user.0 x-operation-group: security.get_user @@ -198,6 +437,20 @@ paths: responses: '200': $ref: '#/components/responses/security.get_user@200' + put: + operationId: security.create_user.0 + x-operation-group: security.create_user + x-version-added: '1.0' + description: Creates or replaces the specified user. + externalDocs: + url: https://opensearch.org/docs/latest/security/access-control/api/#create-user + parameters: + - $ref: '#/components/parameters/security.create_user::path.username' + requestBody: + $ref: '#/components/requestBodies/security.create_user' + responses: + '200': + $ref: '#/components/responses/security.create_user@200' patch: operationId: security.patch_user.0 x-operation-group: security.patch_user @@ -212,36 +465,62 @@ paths: responses: '200': $ref: '#/components/responses/security.patch_user@200' - put: - operationId: security.create_user.0 - x-operation-group: security.create_user + delete: + operationId: security.delete_user.0 + x-operation-group: security.delete_user x-version-added: '1.0' - description: Creates or replaces the specified user. + description: Delete the specified user. externalDocs: - url: https://opensearch.org/docs/latest/security/access-control/api/#create-user + url: https://opensearch.org/docs/latest/security/access-control/api/#delete-user parameters: - - $ref: '#/components/parameters/security.create_user::path.username' - requestBody: - $ref: '#/components/requestBodies/security.create_user' + - $ref: '#/components/parameters/security.delete_user::path.username' responses: '200': - $ref: '#/components/responses/security.create_user@200' + $ref: '#/components/responses/security.delete_user@200' + /_plugins/_security/api/internalusers/{username}/authtoken: + post: + operationId: security.generate_user_token.0 + x-operation-group: security.generate_user_token + x-version-added: '1.0' + description: Generates authorization token for the given user. + parameters: + - $ref: '#/components/parameters/security.generate_user_token::path.username' + responses: + '200': + $ref: '#/components/responses/security.generate_user_token@200' + '400': + $ref: '#/components/responses/security.generate_user_token@400' + /_plugins/_security/api/migrate: + post: + operationId: security.migrate.0 + x-operation-group: security.migrate + x-version-added: '1.0' + description: Migrates security configuration from v6 to v7. + responses: + '200': + $ref: '#/components/responses/security.migrate@200' + '400': + $ref: '#/components/responses/security.migrate@400' /_plugins/_security/api/nodesdn: get: operationId: security.get_distinguished_names.0 x-operation-group: security.get_distinguished_names x-version-added: '1.0' - description: Retrieves distinguished names. + description: Retrieves distinguished names. Only accessible to super-admins and with rest-api permissions when enabled. externalDocs: url: https://opensearch.org/docs/latest/security/access-control/api/#get-distinguished-names + parameters: + - $ref: '#/components/parameters/security.get_distinguished_names::query.show_all' responses: '200': $ref: '#/components/responses/security.get_distinguished_names@200' + '403': + $ref: '#/components/responses/security.get_distinguished_names@403' patch: operationId: security.patch_distinguished_names.0 x-operation-group: security.patch_distinguished_names x-version-added: '1.0' - description: Bulk update of distinguished names. + description: Bulk update of distinguished names. Only accessible to super-admins and with rest-api permissions when enabled. externalDocs: url: https://opensearch.org/docs/latest/security/access-control/api/#update-all-distinguished-names requestBody: @@ -249,59 +528,80 @@ paths: responses: '200': $ref: '#/components/responses/security.patch_distinguished_names@200' + '403': + $ref: '#/components/responses/security.patch_distinguished_names@403' /_plugins/_security/api/nodesdn/{cluster_name}: - delete: - operationId: security.delete_distinguished_names.0 - x-operation-group: security.delete_distinguished_names - x-version-added: '1.0' - description: Deletes all distinguished names in the specified cluster’s or node’s allow list. - externalDocs: - url: https://opensearch.org/docs/latest/security/access-control/api/#delete-distinguished-names - parameters: - - $ref: '#/components/parameters/security.delete_distinguished_names::path.cluster_name' - responses: - '200': - $ref: '#/components/responses/security.delete_distinguished_names@200' get: - operationId: security.get_distinguished_names.1 - x-operation-group: security.get_distinguished_names + operationId: security.get_distinguished_name.0 + x-operation-group: security.get_distinguished_name x-version-added: '1.0' - description: Retrieves distinguished names. + description: Retrieves distinguished names. Only accessible to super-admins and with rest-api permissions when enabled. externalDocs: url: https://opensearch.org/docs/latest/security/access-control/api/#get-distinguished-names parameters: - - $ref: '#/components/parameters/security.get_distinguished_names::path.cluster_name' + - $ref: '#/components/parameters/security.get_distinguished_name::path.cluster_name' + - $ref: '#/components/parameters/security.get_distinguished_name::query.show_all' responses: '200': - $ref: '#/components/responses/security.get_distinguished_names@200' + $ref: '#/components/responses/security.get_distinguished_name@200' + '403': + $ref: '#/components/responses/security.get_distinguished_name@403' put: - operationId: security.update_distinguished_names.0 - x-operation-group: security.update_distinguished_names + operationId: security.update_distinguished_name.0 + x-operation-group: security.update_distinguished_name x-version-added: '1.0' - description: Adds or updates the specified distinguished names in the cluster’s or node’s allow list. + description: Adds or updates the specified distinguished names in the cluster or node allow list. Only accessible to super-admins and with rest-api permissions when enabled. externalDocs: url: https://opensearch.org/docs/latest/security/access-control/api/#update-distinguished-names parameters: - - $ref: '#/components/parameters/security.update_distinguished_names::path.cluster_name' + - $ref: '#/components/parameters/security.update_distinguished_name::path.cluster_name' requestBody: - $ref: '#/components/requestBodies/security.update_distinguished_names' + $ref: '#/components/requestBodies/security.update_distinguished_name' responses: '200': - $ref: '#/components/responses/security.update_distinguished_names@200' - /_plugins/_security/api/roles: + $ref: '#/components/responses/security.update_distinguished_name@200' + '403': + $ref: '#/components/responses/security.update_distinguished_name@403' patch: - operationId: security.patch_roles.0 - x-operation-group: security.patch_roles + operationId: security.patch_distinguished_name.0 + x-operation-group: security.patch_distinguished_name x-version-added: '1.0' - description: Creates, updates, or deletes multiple roles in a single call. - externalDocs: - url: https://opensearch.org/docs/latest/security/access-control/api/#patch-roles + description: Updates a distinguished cluster name for a specific cluster. Only accessible to super-admins and with rest-api permissions when enabled. + parameters: + - $ref: '#/components/parameters/security.patch_distinguished_name::path.cluster_name' requestBody: - $ref: '#/components/requestBodies/security.patch_roles' + $ref: '#/components/requestBodies/security.patch_distinguished_name' responses: '200': - $ref: '#/components/responses/security.patch_roles@200' - /_plugins/_security/api/roles/: + $ref: '#/components/responses/security.patch_distinguished_name@200' + '403': + $ref: '#/components/responses/security.patch_distinguished_name@403' + delete: + operationId: security.delete_distinguished_name.0 + x-operation-group: security.delete_distinguished_name + x-version-added: '1.0' + description: Deletes all distinguished names in the specified cluster or node allow list. Only accessible to super-admins and with rest-api permissions when enabled. + externalDocs: + url: https://opensearch.org/docs/latest/security/access-control/api/#delete-distinguished-names + parameters: + - $ref: '#/components/parameters/security.delete_distinguished_name::path.cluster_name' + responses: + '200': + $ref: '#/components/responses/security.delete_distinguished_name@200' + '403': + $ref: '#/components/responses/security.delete_distinguished_name@403' + /_plugins/_security/api/permissionsinfo: + get: + operationId: security.get_permissions_info.0 + x-operation-group: security.get_permissions_info + x-version-added: '1.0' + description: Gets the evaluated REST API permissions for the currently logged in user. + responses: + '200': + $ref: '#/components/responses/security.get_permissions_info@200' + '500': + $ref: '#/components/responses/security.get_permissions_info@500' + /_plugins/_security/api/roles: get: operationId: security.get_roles.0 x-operation-group: security.get_roles @@ -312,19 +612,21 @@ paths: responses: '200': $ref: '#/components/responses/security.get_roles@200' - /_plugins/_security/api/roles/{role}: - delete: - operationId: security.delete_role.0 - x-operation-group: security.delete_role + patch: + operationId: security.patch_roles.0 + x-operation-group: security.patch_roles x-version-added: '1.0' - description: Delete the specified role. + description: Creates, updates, or deletes multiple roles in a single call. externalDocs: - url: https://opensearch.org/docs/latest/security/access-control/api/#delete-role - parameters: - - $ref: '#/components/parameters/security.delete_role::path.role' + url: https://opensearch.org/docs/latest/security/access-control/api/#patch-roles + requestBody: + $ref: '#/components/requestBodies/security.patch_roles' responses: '200': - $ref: '#/components/responses/security.delete_role@200' + $ref: '#/components/responses/security.patch_roles@200' + '400': + $ref: '#/components/responses/security.patch_roles@400' + /_plugins/_security/api/roles/{role}: get: operationId: security.get_role.0 x-operation-group: security.get_role @@ -337,6 +639,20 @@ paths: responses: '200': $ref: '#/components/responses/security.get_role@200' + put: + operationId: security.create_role.0 + x-operation-group: security.create_role + x-version-added: '1.0' + description: Creates or replaces the specified role. + externalDocs: + url: https://opensearch.org/docs/latest/security/access-control/api/#create-role + parameters: + - $ref: '#/components/parameters/security.create_role::path.role' + requestBody: + $ref: '#/components/requestBodies/security.create_role' + responses: + '200': + $ref: '#/components/responses/security.create_role@200' patch: operationId: security.patch_role.0 x-operation-group: security.patch_role @@ -351,20 +667,20 @@ paths: responses: '200': $ref: '#/components/responses/security.patch_role@200' - put: - operationId: security.create_role.0 - x-operation-group: security.create_role + '400': + $ref: '#/components/responses/security.patch_role@400' + delete: + operationId: security.delete_role.0 + x-operation-group: security.delete_role x-version-added: '1.0' - description: Creates or replaces the specified role. + description: Delete the specified role. externalDocs: - url: https://opensearch.org/docs/latest/security/access-control/api/#create-role + url: https://opensearch.org/docs/latest/security/access-control/api/#delete-role parameters: - - $ref: '#/components/parameters/security.create_role::path.role' - requestBody: - $ref: '#/components/requestBodies/security.create_role' + - $ref: '#/components/parameters/security.delete_role::path.role' responses: '200': - $ref: '#/components/responses/security.create_role@200' + $ref: '#/components/responses/security.delete_role@200' /_plugins/_security/api/rolesmapping: get: operationId: security.get_role_mappings.0 @@ -382,25 +698,15 @@ paths: x-version-added: '1.0' description: Creates or updates multiple role mappings in a single call. externalDocs: - url: https://opensearch.org/docs/latest/security/access-control/api/#patch-role-mappings - requestBody: - $ref: '#/components/requestBodies/security.patch_role_mappings' - responses: - '200': - $ref: '#/components/responses/security.patch_role_mappings@200' - /_plugins/_security/api/rolesmapping/{role}: - delete: - operationId: security.delete_role_mapping.0 - x-operation-group: security.delete_role_mapping - x-version-added: '1.0' - description: Deletes the specified role mapping. - externalDocs: - url: https://opensearch.org/docs/latest/security/access-control/api/#delete-role-mapping - parameters: - - $ref: '#/components/parameters/security.delete_role_mapping::path.role' + url: https://opensearch.org/docs/latest/security/access-control/api/#patch-role-mappings + requestBody: + $ref: '#/components/requestBodies/security.patch_role_mappings' responses: '200': - $ref: '#/components/responses/security.delete_role_mapping@200' + $ref: '#/components/responses/security.patch_role_mappings@200' + '400': + $ref: '#/components/responses/security.patch_role_mappings@400' + /_plugins/_security/api/rolesmapping/{role}: get: operationId: security.get_role_mapping.0 x-operation-group: security.get_role_mapping @@ -413,6 +719,20 @@ paths: responses: '200': $ref: '#/components/responses/security.get_role_mapping@200' + put: + operationId: security.create_role_mapping.0 + x-operation-group: security.create_role_mapping + x-version-added: '1.0' + description: Creates or replaces the specified role mapping. + externalDocs: + url: https://opensearch.org/docs/latest/security/access-control/api/#create-role-mapping + parameters: + - $ref: '#/components/parameters/security.create_role_mapping::path.role' + requestBody: + $ref: '#/components/requestBodies/security.create_role_mapping' + responses: + '200': + $ref: '#/components/responses/security.create_role_mapping@200' patch: operationId: security.patch_role_mapping.0 x-operation-group: security.patch_role_mapping @@ -427,20 +747,20 @@ paths: responses: '200': $ref: '#/components/responses/security.patch_role_mapping@200' - put: - operationId: security.create_role_mapping.0 - x-operation-group: security.create_role_mapping + '400': + $ref: '#/components/responses/security.patch_role_mapping@400' + delete: + operationId: security.delete_role_mapping.0 + x-operation-group: security.delete_role_mapping x-version-added: '1.0' - description: Creates or replaces the specified role mapping. + description: Deletes the specified role mapping. externalDocs: - url: https://opensearch.org/docs/latest/security/access-control/api/#create-role-mapping + url: https://opensearch.org/docs/latest/security/access-control/api/#delete-role-mapping parameters: - - $ref: '#/components/parameters/security.create_role_mapping::path.role' - requestBody: - $ref: '#/components/requestBodies/security.create_role_mapping' + - $ref: '#/components/parameters/security.delete_role_mapping::path.role' responses: '200': - $ref: '#/components/responses/security.create_role_mapping@200' + $ref: '#/components/responses/security.delete_role_mapping@200' /_plugins/_security/api/securityconfig: get: operationId: security.get_configuration.0 @@ -448,7 +768,7 @@ paths: x-version-added: '1.0' description: Returns the current Security plugin configuration in JSON format. externalDocs: - url: https://opensearch.org/docs/2.7/security/access-control/api/#get-configuration + url: https://opensearch.org/docs/latest/security/access-control/api/#get-configuration responses: '200': $ref: '#/components/responses/security.get_configuration@200' @@ -456,9 +776,9 @@ paths: operationId: security.patch_configuration.0 x-operation-group: security.patch_configuration x-version-added: '1.0' - description: A PATCH call is used to update the existing configuration using the REST API. + description: A PATCH call is used to update the existing configuration using the REST API. Only accessible by admins and users with rest api access and only when put or patch is enabled. externalDocs: - url: https://opensearch.org/docs/2.7/security/access-control/api/#patch-configuration + url: https://opensearch.org/docs/latest/security/access-control/api/#patch-configuration requestBody: $ref: '#/components/requestBodies/security.patch_configuration' responses: @@ -469,9 +789,9 @@ paths: operationId: security.update_configuration.0 x-operation-group: security.update_configuration x-version-added: '1.0' - description: Adds or updates the existing configuration using the REST API. + description: Adds or updates the existing configuration using the REST API. Only accessible by admins and users with rest api access and only when put or patch is enabled. externalDocs: - url: https://opensearch.org/docs/2.7/security/access-control/api/#update-configuration + url: https://opensearch.org/docs/latest/security/access-control/api/#update-configuration requestBody: $ref: '#/components/requestBodies/security.update_configuration' responses: @@ -482,12 +802,14 @@ paths: operationId: security.get_certificates.0 x-operation-group: security.get_certificates x-version-added: '1.0' - description: Retrieves the cluster’s security certificates. + description: Retrieves the cluster security certificates. externalDocs: url: https://opensearch.org/docs/latest/security/access-control/api/#get-certificates responses: '200': $ref: '#/components/responses/security.get_certificates@200' + '400': + $ref: '#/components/responses/security.get_certificates@400' /_plugins/_security/api/ssl/http/reloadcerts: put: operationId: security.reload_http_certificates.0 @@ -499,72 +821,111 @@ paths: responses: '200': $ref: '#/components/responses/security.reload_http_certificates@200' + '400': + $ref: '#/components/responses/security.reload_http_certificates@400' /_plugins/_security/api/ssl/transport/reloadcerts: put: operationId: security.reload_transport_certificates.0 x-operation-group: security.reload_transport_certificates x-version-added: '1.0' - description: Reload transport layer communication certificates. + description: Reload Transport layer communication certificates. externalDocs: url: https://opensearch.org/docs/latest/security/access-control/api/#reload-transport-certificates responses: '200': $ref: '#/components/responses/security.reload_transport_certificates@200' - /_plugins/_security/api/tenants/: + '400': + $ref: '#/components/responses/security.reload_transport_certificates@400' + /_plugins/_security/api/tenancy/config: + get: + operationId: security.get_tenancy_config.0 + x-operation-group: security.get_tenancy_config + x-version-added: '2.7' + description: Retrieves multi-tenancy configuration. Only accessible to admins and users with REST API permissions. + externalDocs: + url: https://opensearch.org/docs/latest/security/multi-tenancy/dynamic-config/#configuring-multi-tenancy-with-the-rest-api + responses: + '200': + $ref: '#/components/responses/security.get_tenancy_config@200' + '400': + $ref: '#/components/responses/security.get_tenancy_config@400' + put: + operationId: security.create_update_tenancy_config.0 + x-operation-group: security.create_update_tenancy_config + x-version-added: '2.7' + description: Creates or replaces the multi-tenancy configuration. Only accessible to admins and users with REST API permissions. + externalDocs: + url: https://opensearch.org/docs/latest/security/multi-tenancy/dynamic-config/#configuring-multi-tenancy-with-the-rest-api + requestBody: + $ref: '#/components/requestBodies/security.create_update_tenancy_config' + responses: + '200': + $ref: '#/components/responses/security.create_update_tenancy_config@200' + '400': + $ref: '#/components/responses/security.create_update_tenancy_config@400' + /_plugins/_security/api/tenants: get: operationId: security.get_tenants.0 x-operation-group: security.get_tenants x-version-added: '1.0' description: Retrieves all tenants. externalDocs: - url: https://opensearch.org/docs/2.7/security/access-control/api/#get-tenants + url: https://opensearch.org/docs/latest/security/access-control/api/#get-tenants responses: '200': $ref: '#/components/responses/security.get_tenants@200' + '400': + $ref: '#/components/responses/security.get_tenants@400' patch: operationId: security.patch_tenants.0 x-operation-group: security.patch_tenants x-version-added: '1.0' description: Add, delete, or modify multiple tenants in a single call. externalDocs: - url: https://opensearch.org/docs/2.7/security/access-control/api/#patch-tenants + url: https://opensearch.org/docs/latest/security/access-control/api/#patch-tenants requestBody: $ref: '#/components/requestBodies/security.patch_tenants' responses: '200': $ref: '#/components/responses/security.patch_tenants@200' + '400': + $ref: '#/components/responses/security.patch_tenants@400' /_plugins/_security/api/tenants/{tenant}: - delete: - operationId: security.delete_tenant.0 - x-operation-group: security.delete_tenant - x-version-added: '1.0' - description: Delete the specified tenant. - externalDocs: - url: https://opensearch.org/docs/latest/security/access-control/api/#delete-action-group - parameters: - - $ref: '#/components/parameters/security.delete_tenant::path.tenant' - responses: - '200': - $ref: '#/components/responses/security.delete_tenant@200' get: operationId: security.get_tenant.0 x-operation-group: security.get_tenant x-version-added: '1.0' description: Retrieves one tenant. externalDocs: - url: https://opensearch.org/docs/2.7/security/access-control/api/#get-tenant + url: https://opensearch.org/docs/latest/security/access-control/api/#get-tenant parameters: - $ref: '#/components/parameters/security.get_tenant::path.tenant' responses: '200': $ref: '#/components/responses/security.get_tenant@200' + put: + operationId: security.create_tenant.0 + x-operation-group: security.create_tenant + x-version-added: '1.0' + description: Creates or replaces the specified tenant. + externalDocs: + url: https://opensearch.org/docs/latest/security/access-control/api/#create-tenant + parameters: + - $ref: '#/components/parameters/security.create_tenant::path.tenant' + requestBody: + $ref: '#/components/requestBodies/security.create_tenant' + responses: + '200': + $ref: '#/components/responses/security.create_tenant@200' + '400': + $ref: '#/components/responses/security.create_tenant@400' patch: operationId: security.patch_tenant.0 x-operation-group: security.patch_tenant x-version-added: '1.0' description: Add, delete, or modify a single tenant. externalDocs: - url: https://opensearch.org/docs/2.7/security/access-control/api/#patch-tenant + url: https://opensearch.org/docs/latest/security/access-control/api/#patch-tenant parameters: - $ref: '#/components/parameters/security.patch_tenant::path.tenant' requestBody: @@ -572,31 +933,90 @@ paths: responses: '200': $ref: '#/components/responses/security.patch_tenant@200' - put: - operationId: security.create_tenant.0 - x-operation-group: security.create_tenant + '400': + $ref: '#/components/responses/security.patch_tenant@400' + delete: + operationId: security.delete_tenant.0 + x-operation-group: security.delete_tenant x-version-added: '1.0' - description: Creates or replaces the specified tenant. + description: Delete the specified tenant. externalDocs: - url: https://opensearch.org/docs/2.7/security/access-control/api/#create-tenant + url: https://opensearch.org/docs/latest/security/access-control/api/#delete-action-group parameters: - - $ref: '#/components/parameters/security.create_tenant::path.tenant' + - $ref: '#/components/parameters/security.delete_tenant::path.tenant' + responses: + '200': + $ref: '#/components/responses/security.delete_tenant@200' + '400': + $ref: '#/components/responses/security.delete_tenant@400' + /_plugins/_security/api/user: + get: + operationId: security.get_users_legacy.0 + x-operation-group: security.get_users_legacy + x-version-added: '1.0' + description: Retrieve all internal users. Legacy API. + responses: + '200': + $ref: '#/components/responses/security.get_users_legacy@200' + /_plugins/_security/api/user/{username}: + get: + operationId: security.get_user_legacy.0 + x-operation-group: security.get_user_legacy + x-version-added: '1.0' + description: Retrieve one user. Legacy API. + parameters: + - $ref: '#/components/parameters/security.get_user_legacy::path.username' + responses: + '200': + $ref: '#/components/responses/security.get_user_legacy@200' + put: + operationId: security.create_user_legacy.0 + x-operation-group: security.create_user_legacy + x-version-added: '1.0' + description: Creates or replaces the specified user. Legacy API. + parameters: + - $ref: '#/components/parameters/security.create_user_legacy::path.username' requestBody: - $ref: '#/components/requestBodies/security.create_tenant' + $ref: '#/components/requestBodies/security.create_user_legacy' responses: '200': - $ref: '#/components/responses/security.create_tenant@200' - /_plugins/_security/health: + $ref: '#/components/responses/security.create_user_legacy@200' + delete: + operationId: security.delete_user_legacy.0 + x-operation-group: security.delete_user_legacy + x-version-added: '1.0' + description: Delete the specified user. Legacy API. + parameters: + - $ref: '#/components/parameters/security.delete_user_legacy::path.username' + responses: + '200': + $ref: '#/components/responses/security.delete_user_legacy@200' + /_plugins/_security/api/user/{username}/authtoken: + post: + operationId: security.generate_user_token_legacy.0 + x-operation-group: security.generate_user_token_legacy + x-version-added: '1.0' + description: Generates authorization token for the given user. Legacy API. + parameters: + - $ref: '#/components/parameters/security.generate_user_token_legacy::path.username' + responses: + '200': + $ref: '#/components/responses/security.generate_user_token_legacy@200' + '400': + $ref: '#/components/responses/security.generate_user_token_legacy@400' + /_plugins/_security/api/validate: get: - operationId: security.health.0 - x-operation-group: security.health + operationId: security.validate.0 + x-operation-group: security.validate x-version-added: '1.0' - description: Checks to see if the Security plugin is up and running. - externalDocs: - url: https://opensearch.org/docs/latest/security/access-control/api/#health-check + description: Checks whether the v6 security configuration is valid and ready to be migrated to v7. + parameters: + - $ref: '#/components/parameters/security.validate::query.accept_invalid' responses: '200': - $ref: '#/components/responses/security.health@200' + $ref: '#/components/responses/security.validate@200' + '400': + $ref: '#/components/responses/security.validate@400' components: requestBodies: security.change_password: @@ -605,12 +1025,23 @@ components: schema: $ref: '../schemas/security._common.yaml#/components/schemas/ChangePasswordRequestContent' required: true + security.config_upgrade_perform: + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/ConfigUpgradePayload' security.create_action_group: content: application/json: schema: $ref: '../schemas/security._common.yaml#/components/schemas/ActionGroup' required: true + security.create_allowlist: + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/AllowlistConfig' + required: true security.create_role: content: application/json: @@ -629,15 +1060,35 @@ components: schema: $ref: '../schemas/security._common.yaml#/components/schemas/CreateTenantParams' required: true + security.create_update_tenancy_config: + content: + application/json: + schema: + type: array + items: + $ref: '../schemas/security._common.yaml#/components/schemas/MultiTenancyConfig' + required: true security.create_user: content: application/json: schema: $ref: '../schemas/security._common.yaml#/components/schemas/User' required: true + security.create_user_legacy: + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/User' + required: true + security.generate_obo_token: + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/OBOToken' + required: true security.patch_action_group: content: - application/x-ndjson: + application/json: schema: type: array items: @@ -645,7 +1096,15 @@ components: required: true security.patch_action_groups: content: - application/x-ndjson: + application/json: + schema: + type: array + items: + $ref: '../schemas/security._common.yaml#/components/schemas/PatchOperation' + required: true + security.patch_allowlist: + content: + application/json: schema: type: array items: @@ -653,7 +1112,7 @@ components: required: true security.patch_audit_configuration: content: - application/x-ndjson: + application/json: schema: type: array items: @@ -661,15 +1120,20 @@ components: required: true security.patch_configuration: content: - application/x-ndjson: + application/json: schema: type: array items: $ref: '../schemas/security._common.yaml#/components/schemas/PatchOperation' required: true + security.patch_distinguished_name: + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/PatchOperation' security.patch_distinguished_names: content: - application/x-ndjson: + application/json: schema: type: array items: @@ -677,7 +1141,7 @@ components: required: true security.patch_role: content: - application/x-ndjson: + application/json: schema: type: array items: @@ -685,7 +1149,7 @@ components: required: true security.patch_role_mapping: content: - application/x-ndjson: + application/json: schema: type: array items: @@ -693,7 +1157,7 @@ components: required: true security.patch_role_mappings: content: - application/x-ndjson: + application/json: schema: type: array items: @@ -701,7 +1165,7 @@ components: required: true security.patch_roles: content: - application/x-ndjson: + application/json: schema: type: array items: @@ -709,7 +1173,7 @@ components: required: true security.patch_tenant: content: - application/x-ndjson: + application/json: schema: type: array items: @@ -717,7 +1181,7 @@ components: required: true security.patch_tenants: content: - application/x-ndjson: + application/json: schema: type: array items: @@ -725,207 +1189,242 @@ components: required: true security.patch_user: content: - application/x-ndjson: + application/json: + schema: + type: array + items: + $ref: '../schemas/security._common.yaml#/components/schemas/PatchOperation' + required: true + security.patch_users: + content: + application/json: + schema: + type: array + items: + $ref: '../schemas/security._common.yaml#/components/schemas/PatchOperation' + required: true + security.post_dashboards_info: + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/DashboardsInfo' + required: false + security.update_audit_configuration: + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/AuditConfig' + required: true + security.update_configuration: + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/DynamicConfig' + required: true + security.update_distinguished_name: + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/PatchOperation' + responses: + security.authinfo@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/AuthInfo' + security.authinfo@500: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/InternalServerError' + security.authtoken@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.cache@501: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/MethodNotImplemented' + security.change_password@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.config_upgrade_check@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/UpgradeCheck' + security.config_upgrade_perform@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/UpgradePerform' + security.create_action_group@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.create_allowlist@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/AllowlistConfig' + security.create_role@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.create_role_mapping@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.create_tenant@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.create_tenant@400: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' + security.create_update_tenancy_config@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/MultiTenancyConfig' + security.create_update_tenancy_config@400: + description: '' + content: + application/json: schema: - type: array - items: - $ref: '../schemas/security._common.yaml#/components/schemas/PatchOperation' - required: true - security.patch_users: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' + security.create_user@200: + description: '' content: - application/x-ndjson: + application/json: schema: - type: array - items: - $ref: '../schemas/security._common.yaml#/components/schemas/PatchOperation' - required: true - security.update_audit_configuration: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.create_user_legacy@200: + description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/AuditConfig' - required: true - security.update_configuration: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.delete_action_group@200: + description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/DynamicConfig' - required: true - security.update_distinguished_names: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.delete_distinguished_name@200: + description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/DistinguishedNames' - responses: - security.change_password@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.delete_distinguished_name@403: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message - security.create_action_group@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Unauthorized' + security.delete_role@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message - security.create_role@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.delete_role_mapping@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message - security.create_role_mapping@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.delete_tenant@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message - security.create_tenant@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.delete_tenant@400: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message - security.create_user@200: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' + security.delete_user@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message - security.delete_action_group@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.delete_user_legacy@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message - security.delete_distinguished_names@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.flush_cache@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message - security.delete_role@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.generate_obo_token@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message - security.delete_role_mapping@200: + $ref: '../schemas/security._common.yaml#/components/schemas/GenerateOBOToken' + security.generate_obo_token@400: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message - security.delete_tenant@200: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' + security.generate_user_token@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message - security.delete_user@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.generate_user_token@400: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message - security.flush_cache@200: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' + security.generate_user_token_legacy@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.generate_user_token_legacy@400: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' security.get_account_details@200: description: '' content: @@ -944,6 +1443,12 @@ components: application/json: schema: $ref: '../schemas/security._common.yaml#/components/schemas/ActionGroupsMap' + security.get_allowlist@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/AllowlistConfig' security.get_audit_configuration@200: description: '' content: @@ -955,28 +1460,67 @@ components: content: application/json: schema: - type: object - properties: - http_certificates_list: - type: array - items: - $ref: '../schemas/security._common.yaml#/components/schemas/CertificatesDetail' - transport_certificates_list: - type: array - items: - $ref: '../schemas/security._common.yaml#/components/schemas/CertificatesDetail' + $ref: '../schemas/security._common.yaml#/components/schemas/GetCertificates' + security.get_certificates@400: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' security.get_configuration@200: description: '' content: application/json: schema: $ref: '../schemas/security._common.yaml#/components/schemas/DynamicConfig' + security.get_dashboards_info@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/DashboardsInfo' + security.get_dashboards_info@500: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/InternalServerError' + security.get_distinguished_name@200: + description: Show nodesDn setting for given cluster. + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/DistinguishedNames' + security.get_distinguished_name@403: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/Unauthorized' security.get_distinguished_names@200: description: '' content: application/json: schema: $ref: '../schemas/security._common.yaml#/components/schemas/DistinguishedNamesMap' + security.get_distinguished_names@403: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/Unauthorized' + security.get_permissions_info@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/PermissionsInfo' + security.get_permissions_info@500: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/InternalServerError' security.get_role@200: description: '' content: @@ -1001,274 +1545,358 @@ components: application/json: schema: $ref: '../schemas/security._common.yaml#/components/schemas/RolesMap' + security.get_sslinfo@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/SSLInfo' + security.get_sslinfo@500: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/InternalServerError' security.get_tenant@200: description: '' content: application/json: schema: $ref: '../schemas/security._common.yaml#/components/schemas/TenantsMap' + security.get_tenancy_config@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/MultiTenancyConfig' + security.get_tenancy_config@400: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' security.get_tenants@200: description: '' content: application/json: schema: $ref: '../schemas/security._common.yaml#/components/schemas/TenantsMap' + security.get_tenants@400: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' security.get_user@200: description: '' content: application/json: schema: $ref: '../schemas/security._common.yaml#/components/schemas/UsersMap' + security.get_user_legacy@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/UsersMap' security.get_users@200: description: '' content: application/json: schema: $ref: '../schemas/security._common.yaml#/components/schemas/UsersMap' + security.get_users_legacy@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/UsersMap' security.health@200: description: '' content: application/json: schema: - type: object - properties: - message: - type: string - mode: - type: string - status: - type: string + $ref: '../schemas/security._common.yaml#/components/schemas/HealthInfo' + security.migrate@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.migrate@400: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' security.patch_action_group@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' security.patch_action_groups@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.patch_allowlist@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/AllowlistConfig' security.patch_audit_configuration@200: description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' security.patch_configuration@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.patch_distinguished_name@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.patch_distinguished_name@403: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/Unauthorized' security.patch_distinguished_names@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.patch_distinguished_names@403: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/Unauthorized' security.patch_role@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.patch_role@400: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' security.patch_role_mapping@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.patch_role_mapping@400: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' security.patch_role_mappings@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.patch_role_mappings@400: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' security.patch_roles@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.patch_roles@400: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' security.patch_tenant@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.patch_tenant@400: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' security.patch_tenants@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.patch_tenants@400: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' security.patch_user@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' security.patch_users@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.post_dashboards_info@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/DashboardsInfo' + security.post_dashboards_info@500: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/InternalServerError' security.reload_http_certificates@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.reload_http_certificates@400: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' security.reload_transport_certificates@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.reload_transport_certificates@400: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' + security.tenant_info@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/TenantInfo' + security.tenant_info@500: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/InternalServerError' security.update_audit_configuration@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' security.update_configuration@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message - security.update_distinguished_names@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.update_distinguished_name@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.update_distinguished_name@403: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message + $ref: '../schemas/security._common.yaml#/components/schemas/Unauthorized' + security.validate@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.validate@400: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' + security.who_am_i@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/WhoAmI' + security.who_am_i@500: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/InternalServerError' + security.who_am_i_protected@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/WhoAmI' + security.who_am_i_protected@500: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/InternalServerError' parameters: + security.authinfo::query.auth_type: + name: auth_type + in: query + description: The type of current authentication request. + schema: + type: string + required: false + security.authinfo::query.verbose: + name: verbose + in: query + description: Indicates whether a verbose response should be returned. + schema: + type: boolean + required: false security.create_action_group::path.action_group: name: action_group in: path - description: The name of the action group to create or replace + description: The name of the action group to create or replace. schema: type: string - description: The name of the action group to create or replace + description: The name of the action group to create or replace. required: true security.create_role::path.role: name: role @@ -1294,6 +1922,12 @@ components: schema: type: string required: true + security.create_user_legacy::path.username: + name: username + in: path + schema: + type: string + required: true security.delete_action_group::path.action_group: name: action_group in: path @@ -1302,7 +1936,7 @@ components: type: string description: Action group to delete. required: true - security.delete_distinguished_names::path.cluster_name: + security.delete_distinguished_name::path.cluster_name: name: cluster_name in: path schema: @@ -1332,6 +1966,24 @@ components: schema: type: string required: true + security.delete_user_legacy::path.username: + name: username + in: path + schema: + type: string + required: true + security.generate_user_token::path.username: + name: username + in: path + schema: + type: string + required: true + security.generate_user_token_legacy::path.username: + name: username + in: path + schema: + type: string + required: true security.get_action_group::path.action_group: name: action_group in: path @@ -1340,12 +1992,24 @@ components: type: string description: Action group to retrieve. required: true - security.get_distinguished_names::path.cluster_name: + security.get_distinguished_name::path.cluster_name: name: cluster_name in: path schema: type: string required: true + security.get_distinguished_name::query.show_all: + name: show_all + in: query + schema: + type: boolean + required: false + security.get_distinguished_names::query.show_all: + name: show_all + in: query + schema: + type: boolean + required: false security.get_role::path.role: name: role in: path @@ -1358,6 +2022,14 @@ components: schema: type: string required: true + security.get_sslinfo::query.show_dn: + name: show_dn + in: query + description: The domain names from all certificates. + schema: + type: string + description: A boolean flag to indicate whether all domain names should be returned. + required: false security.get_tenant::path.tenant: name: tenant in: path @@ -1370,12 +2042,30 @@ components: schema: type: string required: true + security.get_user_legacy::path.username: + name: username + in: path + schema: + type: string + required: true + security.health::query.mode: + name: mode + in: query + schema: + type: string + required: false security.patch_action_group::path.action_group: name: action_group in: path schema: type: string required: true + security.patch_distinguished_name::path.cluster_name: + name: cluster_name + in: path + schema: + type: string + required: true security.patch_role::path.role: name: role in: path @@ -1400,9 +2090,17 @@ components: schema: type: string required: true - security.update_distinguished_names::path.cluster_name: + security.update_distinguished_name::path.cluster_name: name: cluster_name in: path schema: type: string required: true + security.validate::query.accept_invalid: + name: accept_invalid + in: query + schema: + type: boolean + required: false + + diff --git a/spec/schemas/security._common.yaml b/spec/schemas/security._common.yaml index 00fc5dfc9..c7452bb2f 100644 --- a/spec/schemas/security._common.yaml +++ b/spec/schemas/security._common.yaml @@ -1,59 +1,11 @@ openapi: 3.1.0 info: - title: Schemas of security._common category - description: Schemas of security._common category + title: Schemas of security._common category. + description: Schemas of security._common category. version: 1.0.0 paths: {} components: schemas: - RoleMapping: - type: object - properties: - hosts: - type: array - items: - type: string - users: - type: array - items: - type: string - reserved: - type: boolean - hidden: - type: boolean - backend_roles: - type: array - items: - type: string - and_backend_roles: - type: array - items: - type: string - description: - type: string - User: - type: object - properties: - hash: - type: string - reserved: - type: boolean - hidden: - type: boolean - backend_roles: - type: array - items: - type: string - attributes: - $ref: '#/components/schemas/UserAttributes' - description: - type: string - opendistro_security_roles: - type: array - items: - type: string - static: - type: boolean AccountDetails: type: object properties: @@ -81,31 +33,7 @@ components: type: array items: type: string - UserTenants: - type: object - properties: - global_tenant: - type: boolean - admin_tenant: - type: boolean - admin: - type: boolean - ChangePasswordRequestContent: - type: object - properties: - current_password: - type: string - description: The current password - password: - type: string - description: The new password to set - required: - - current_password - - password - ActionGroupsMap: - type: object - additionalProperties: - $ref: '#/components/schemas/ActionGroup' + ActionGroup: type: object properties: @@ -123,20 +51,34 @@ components: type: string static: type: boolean - PatchOperation: + + ActionGroupsMap: + type: object + additionalProperties: + $ref: '#/components/schemas/ActionGroup' + + AllowlistConfig: type: object properties: - op: - type: string - description: 'The operation to perform. Possible values: remove,add, replace, move, copy, test.' - path: - type: string - description: The path to the resource. - value: - description: The new values used for the update. - required: - - op - - path + config: + type: object + items: + enabled: + type: boolean + requests: + type: object + description: An object with APIs as key and array of http methods as values. + + AuditConfig: + type: object + properties: + compliance: + $ref: '#/components/schemas/ComplianceConfig' + enabled: + type: boolean + audit: + $ref: '#/components/schemas/AuditLogsConfig' + AuditConfigWithReadOnly: type: object properties: @@ -146,15 +88,134 @@ components: type: string config: $ref: '#/components/schemas/AuditConfig' - AuditConfig: + + AuditLogsConfig: type: object properties: - compliance: - $ref: '#/components/schemas/ComplianceConfig' - enabled: + ignore_users: + type: array + items: + type: string + ignore_requests: + type: array + items: + type: string + disabled_rest_categories: + type: array + items: + type: string + disabled_transport_categories: + type: array + items: + type: string + log_request_body: type: boolean - audit: - $ref: '#/components/schemas/AuditLogsConfig' + resolve_indices: + type: boolean + resolve_bulk_requests: + type: boolean + exclude_sensitive_headers: + type: boolean + enable_transport: + type: boolean + enable_rest: + type: boolean + + AuthInfo: + type: object + properties: + user: + type: string + description: Stringified User object. + user_name: + type: string + description: User's name. + user_requested_tenant: + type: string + description: Name of the tenant the user wants to switch to. + remote_address: + type: string + description: The IP address of remote user. + backend_roles: + type: array + description: Backend roles associated with the user. + custom_attribute_names: + type: array + description: Name of the attributes associated with the user. + roles: + type: array + description: Roles associated with the user. + tenants: + type: object + description: Tenants the user has access to with read-write or read-only access indicator. + principal: + type: string + description: User principal. + peer_certificates: + type: number + description: Number of peer certificates. + sso_logout_url: + type: string + description: Logout url. + size_of_user: + type: string + description: Size of user in memory. + size_of_custom_attributes: + type: string + description: Size of user's custom attributes in bytes. + size_of_backendroles: + type: string + description: Size of backend roles in bytes. + + BadRequest: + type: object + properties: + status: + type: string + value: 400 + message: + type: string + description: Message returned as part of BAD_REQUEST response. + + CertificatesDetail: + type: object + properties: + issuer_dn: + type: string + subject_dn: + type: string + san: + type: string + not_before: + type: string + not_after: + type: string + + GetCertificates: + type: object + properties: + http_certificates_list: + type: array + items: + $ref: '#/components/schemas/CertificatesDetail' + transport_certificates_list: + type: array + items: + $ref: '#/components/schemas/CertificatesDetail' + + ChangePasswordRequestContent: + type: object + properties: + current_password: + type: string + description: The current password. + password: + type: string + description: The new password to set. + required: + - current_password + - password + ComplianceConfig: type: object properties: @@ -183,60 +244,232 @@ components: type: boolean internal_config: type: boolean - AuditLogsConfig: + + ConfigUpgradePayload: type: object properties: - ignore_users: - type: array - items: - type: string - ignore_requests: + config: type: array - items: - type: string - disabled_rest_categories: + description: List of configs to be upgraded. + + CreateTenantParams: + type: object + properties: + description: + type: string + + DashboardsInfo: + type: object + properties: + user_name: + type: string + description: User's name + not_fail_on_forbidden_enabled: + type: boolean + description: Indicates whether DNFOF is enabled. + opensearch_dashboards_mt_enabled: + type: boolean + description: Indicates whether multi-tenancy is enabled. + opensearch_dashboards_index: + type: string + description: Name of the dashboards index. + opensearch_dashboards_server_user: + type: string + description: Name of the user used to connect dashboards to the server. + multitenancy_enabled: + type: boolean + description: Indicates whether multi-tenancy is enabled. + private_tenant_enabled: + type: boolean + description: Indicates whether private tenant is enabled for all users. + default_tenant: + type: string + description: The default tenant setting for the dashboard. + sign_in_options: type: array - items: - type: string - disabled_transport_categories: + description: List of available sign-in options available. + password_validation_error_message: + type: string + description: Error message when password validation fails. + password_validation_regex: + type: string + description: Reg-ex to be used to perform password validation. + + DistinguishedNames: + type: object + properties: + nodes_dn: type: array items: type: string - log_request_body: + + DistinguishedNamesMap: + type: object + additionalProperties: + $ref: '#/components/schemas/DistinguishedNames' + + DynamicConfig: + type: object + properties: + dynamic: + $ref: '#/components/schemas/DynamicOptions' + + DynamicOptions: + type: object + properties: + filteredAliasMode: + type: string + disableRestAuth: type: boolean - resolve_indices: + disableIntertransportAuth: type: boolean - resolve_bulk_requests: + respectRequestIndicesOptions: type: boolean - exclude_sensitive_headers: + kibana: {} + http: {} + authc: {} + authz: {} + authFailureListeners: {} + doNotFailOnForbidden: type: boolean - enable_transport: + multiRolespanEnabled: type: boolean - enable_rest: + hostsResolverMode: + type: string + doNotFailOnForbiddenEmpty: type: boolean - UsersMap: + + GenerateOBOToken: type: object - additionalProperties: - $ref: '#/components/schemas/User' - UserAttributes: + properties: + user: + type: string + description: The name of the entity requesting token. + authenticationToken: + type: string + description: The generated OBO token. + durationSeconds: + type: string + description: The duration of the token, defaulted to 300s. + + HealthInfo: type: object - additionalProperties: - type: string - DistinguishedNamesMap: + properties: + message: + type: string + mode: + type: string + status: + type: string + + IndexPermission: type: object - additionalProperties: - $ref: '#/components/schemas/DistinguishedNames' - DistinguishedNames: + properties: + index_patterns: + type: array + items: + type: string + dls: + type: string + fls: + type: array + items: + type: string + masked_fields: + type: array + items: + type: string + allowed_actions: + type: array + items: + type: string + + InternalServerError: type: object properties: - nodes_dn: + error: + type: string + description: Error message during request execution. + + MethodNotImplemented: + type: object + properties: + status: + type: string + value: 501 + message: + type: string + description: Message returned as part of NOT_IMPLEMENTED response. + + MultiTenancyConfig: + type: object + properties: + default_tenant: + type: string + private_tenant_enabled: + type: boolean + multitenancy_enabled: + type: boolean + sign_in_options: type: array items: type: string - RolesMap: + description: Value in seconds. + + OBOToken: type: object - additionalProperties: - $ref: '#/components/schemas/Role' + properties: + description: + type: string + description: Contains the description supplied by the user to describe the token. + required: true + service: + type: string + description: A name of the service if generating a token for that service. + required: false + duration: + type: string + description: Value in seconds. + required: optional + + Ok: + type: object + properties: + status: + type: string + value: 200 + message: + type: string + description: Message returned as part of OK response. + + PatchOperation: + type: object + properties: + op: + type: string + description: 'The operation to perform. Possible values: remove, add, replace, move, copy, test.' + path: + type: string + description: The path to the resource. + value: + description: The new values used for the update. + required: + - op + - path + + PermissionsInfo: + type: object + properties: + user: + type: string + user_name: + type: string + has_api_access: + type: boolean + disabled_endpoints: + type: object + description: An object with disabled APIs as key and array of http methods as values. + Role: type: object properties: @@ -260,27 +493,104 @@ components: $ref: '#/components/schemas/TenantPermission' static: type: boolean - IndexPermission: + + RoleMapping: type: object properties: - index_patterns: + hosts: type: array items: type: string - dls: - type: string - fls: + users: type: array items: type: string - masked_fields: + reserved: + type: boolean + hidden: + type: boolean + backend_roles: type: array items: type: string - allowed_actions: + and_backend_roles: type: array items: type: string + description: + type: string + + RoleMappings: + type: object + additionalProperties: + $ref: '#/components/schemas/RoleMapping' + + RolesMap: + type: object + additionalProperties: + $ref: '#/components/schemas/Role' + + SSLInfo: + type: object + properties: + principal: + type: string + description: User principal. + peer_certificates: + type: number + description: Number of certificates. + peer_certificates_list: + type: array + description: List of domain names from peer certificates. + local_certificates_list: + type: array + description: List of domain names from local certificates. + ssl_protocol: + type: string + description: Protocol for this ssl setup. + ssl_cipher: + type: string + description: Cipher for this ssl setup. + ssl_openssl_available: + type: boolean + description: A boolean to indicate if OpenSSL is available. + ssl_openssl_version: + type: string + description: Version of openssl. + ssl_openssl_version_string: + type: string + description: Full version string for openssl version. + ssl_openssl_non_available_cause: + type: string + description: Reason for openssl unavailability. + ssl_openssl_supports_key_manager_factory: + type: boolean + description: Indicates where KMF is supported. + ssl_openssl_supports_hostname_validation: + type: boolean + description: Indicates whether hostname validation is supported. + ssl_provider_http: + type: string + description: Returns http provider's name. + ssl_provider_transport_server: + type: string + description: Returns transport server's name. + ssl_provider_transport_client: + type: string + description: Returns transport client's name. + + Tenant: + type: object + properties: + reserved: + type: boolean + hidden: + type: boolean + description: + type: string + static: + type: boolean + TenantPermission: type: object properties: @@ -292,69 +602,95 @@ components: type: array items: type: string - RoleMappings: + + TenantsMap: type: object additionalProperties: - $ref: '#/components/schemas/RoleMapping' - DynamicConfig: + $ref: '#/components/schemas/Tenant' + + Unauthorized: type: object properties: - dynamic: - $ref: '#/components/schemas/DynamicOptions' - DynamicOptions: + status: + type: string + value: 403 + message: + type: string + description: Message returned as part of FORBIDDEN response. + + UpgradeCheck: type: object properties: - filteredAliasMode: - type: string - disableRestAuth: - type: boolean - disableIntertransportAuth: - type: boolean - respectRequestIndicesOptions: - type: boolean - kibana: {} - http: {} - authc: {} - authz: {} - authFailureListeners: {} - doNotFailOnForbidden: - type: boolean - multiRolespanEnabled: - type: boolean - hostsResolverMode: + status: type: string - doNotFailOnForbiddenEmpty: + upgradeAvailable: type: boolean - CertificatesDetail: + upgradeActions: + type: object + + UpgradePerform: type: object properties: - issuer_dn: + status: type: string - subject_dn: - type: string - san: - type: string - not_before: - type: string - not_after: - type: string - TenantsMap: - type: object - additionalProperties: - $ref: '#/components/schemas/Tenant' - Tenant: + upgrades: + type: object + + User: type: object properties: + hash: + type: string reserved: type: boolean hidden: type: boolean + backend_roles: + type: array + items: + type: string + attributes: + $ref: '#/components/schemas/UserAttributes' description: type: string + opendistro_security_roles: + type: array + items: + type: string static: type: boolean - CreateTenantParams: + + UserAttributes: + type: object + additionalProperties: + type: string + + UserTenants: type: object properties: - description: + global_tenant: + type: boolean + admin_tenant: + type: boolean + admin: + type: boolean + + UsersMap: + type: object + additionalProperties: + $ref: '#/components/schemas/User' + + WhoAmI: + type: object + properties: + dn: + type: string + is_admin: + type: string + is_node_certificate_request: type: string + + TenantInfo: + type: object + additionalProperties: + type: string diff --git a/tools/README.md b/tools/README.md index a9bffabab..ec95eab7e 100644 --- a/tools/README.md +++ b/tools/README.md @@ -2,44 +2,46 @@ This folder contains tools for the repo: -- [Merger](./merger): merges multiple OpenAPI files into one -- [Linter](./linter): validates files in the spec folder +- [Merger](./src/merger): merges multiple OpenAPI files into one +- [Linter](./src/linter): validates files in the spec folder ## Setup 1. Install [Node.js](https://nodejs.org/en/learn/getting-started/how-to-install-nodejs) -2. Run `npm install` in the `tools` folder +2. Run `npm install`. ## Merger -The merger tool merges the multi-file OpenSearch spec into a single file for programmatic use. It takes 2 parameters: +The merger tool merges the multi-file OpenSearch spec into a single file for programmatic use. -- the path to the root folder of the multi-file spec -- the path to the output file +It requires a path to the root folder of the multi-file spec (`--source`) and a path to the output file (`--output`). Example: ```bash -mkdir -p ../build -export ROOT_PATH=../spec -export OUTPUT_PATH=../build/opensearch-openapi.yaml -npm run merge -- $ROOT_PATH $OUTPUT_PATH +mkdir -p ./build +npm run merge -- --source ./spec --output ./build/opensearch-openapi.yaml ``` As a shortcut, if those parameters are not provided, the tool will use the default values: + - `../spec` as the root path (i.e. the repo's [spec folder](../spec)) -- `../opensearch-openapi.yaml` as the output path +- `./build/opensearch-openapi.yaml` as the output path ```bash npm run merge ``` +Run `npm run merge -- --help` for all options. + ## Spec Linter -The linter tool validates the OpenSearch spec files in the `spec` folder: +The linter tool validates the OpenSearch multi-file spec, and will print out all the errors and warnings in it. + +It requires a path to the root folder of the multi-file spec (`--source`). ```bash -npm run lint:spec +npm run lint:spec -- --source ./spec ``` -It will print out all the errors and warnings in the spec files. \ No newline at end of file +Run `npm run lint:spec -- --help` for all options. diff --git a/tools/linter/lint.ts b/tools/linter/lint.ts deleted file mode 100644 index 9b8d05abe..000000000 --- a/tools/linter/lint.ts +++ /dev/null @@ -1,15 +0,0 @@ -import SpecValidator from './SpecValidator' - -const root_folder = process.argv[2] ?? '../spec' -const validator = new SpecValidator(root_folder) -const errors = validator.validate() - -if (errors.length === 0) { - console.log('No errors found.') - process.exit(0) -} else { - console.log('Errors found:\n') - errors.forEach(e => { console.error(e) }) - console.log('\nTotal errors:', errors.length) - process.exit(1) -} diff --git a/tools/merger/merge.ts b/tools/merger/merge.ts deleted file mode 100644 index a32d3059b..000000000 --- a/tools/merger/merge.ts +++ /dev/null @@ -1,6 +0,0 @@ -import OpenApiMerger from './OpenApiMerger' - -const root_path: string = process.argv[2] || '../spec' -const output_path: string = process.argv[3] || '../opensearch-openapi.yaml' -const merger = new OpenApiMerger(root_path) -merger.merge(output_path) diff --git a/tools/linter/InlineObjectSchemaValidator.ts b/tools/src/linter/InlineObjectSchemaValidator.ts similarity index 81% rename from tools/linter/InlineObjectSchemaValidator.ts rename to tools/src/linter/InlineObjectSchemaValidator.ts index 7acf5eb48..892c9af6a 100644 --- a/tools/linter/InlineObjectSchemaValidator.ts +++ b/tools/src/linter/InlineObjectSchemaValidator.ts @@ -1,6 +1,6 @@ import type NamespacesFolder from './components/NamespacesFolder' import type SchemasFolder from './components/SchemasFolder' -import { type ValidationError } from '../types' +import { type ValidationError } from 'types' import { SchemaVisitor } from './utils/SpecificationVisitor' import { is_ref, type MaybeRef, SpecificationContext } from './utils' import { type OpenAPIV3 } from 'openapi-types' @@ -34,10 +34,12 @@ export default class InlineObjectSchemaValidator { return } - const this_key = ctx.key - const parent_key = ctx.parent().key + const ancestry = ctx.keys.reverse() - if (parent_key === 'properties' || this_key === 'additionalProperties' || this_key === 'items') { + if (ancestry[1] === 'properties' || + ancestry[0] === 'additionalProperties' || + ancestry[0] === 'items' || + (ancestry[0] === 'schema' && ancestry[2] === 'parameters' && ancestry[3] !== 'components')) { errors.push(ctx.error('object schemas should be defined out-of-line via a $ref')) } } diff --git a/tools/linter/SchemaRefsValidator.ts b/tools/src/linter/SchemaRefsValidator.ts similarity index 98% rename from tools/linter/SchemaRefsValidator.ts rename to tools/src/linter/SchemaRefsValidator.ts index 149d40f34..ae5af24fb 100644 --- a/tools/linter/SchemaRefsValidator.ts +++ b/tools/src/linter/SchemaRefsValidator.ts @@ -1,6 +1,6 @@ import type NamespacesFolder from './components/NamespacesFolder' import type SchemasFolder from './components/SchemasFolder' -import { type ValidationError } from '../types' +import { type ValidationError } from 'types' export default class SchemaRefsValidator { namespaces_folder: NamespacesFolder diff --git a/tools/linter/SpecValidator.ts b/tools/src/linter/SpecValidator.ts similarity index 97% rename from tools/linter/SpecValidator.ts rename to tools/src/linter/SpecValidator.ts index 50f489e12..12da4175c 100644 --- a/tools/linter/SpecValidator.ts +++ b/tools/src/linter/SpecValidator.ts @@ -1,6 +1,6 @@ import SchemasFolder from './components/SchemasFolder' import NamespacesFolder from './components/NamespacesFolder' -import { type ValidationError } from '../types' +import { type ValidationError } from 'types' import SchemaRefsValidator from './SchemaRefsValidator' import SupersededOperationsFile from './components/SupersededOperationsFile' import InfoFile from './components/InfoFile' diff --git a/tools/linter/components/InfoFile.ts b/tools/src/linter/components/InfoFile.ts similarity index 100% rename from tools/linter/components/InfoFile.ts rename to tools/src/linter/components/InfoFile.ts diff --git a/tools/linter/components/NamespaceFile.ts b/tools/src/linter/components/NamespaceFile.ts similarity index 97% rename from tools/linter/components/NamespaceFile.ts rename to tools/src/linter/components/NamespaceFile.ts index eda6c6682..8bfe67f17 100644 --- a/tools/linter/components/NamespaceFile.ts +++ b/tools/src/linter/components/NamespaceFile.ts @@ -1,9 +1,9 @@ import { type OpenAPIV3 } from 'openapi-types' -import { type OperationSpec, type ValidationError } from '../../types' +import { type OperationSpec, type ValidationError } from 'types' import OperationGroup from './OperationGroup' import _ from 'lodash' import Operation from './Operation' -import { resolve_ref } from '../../helpers' +import { resolve_ref } from '../../../helpers' import FileValidator from './base/FileValidator' const HTTP_METHODS = ['get', 'put', 'post', 'delete', 'options', 'head', 'patch', 'trace'] diff --git a/tools/linter/components/NamespacesFolder.ts b/tools/src/linter/components/NamespacesFolder.ts similarity index 95% rename from tools/linter/components/NamespacesFolder.ts rename to tools/src/linter/components/NamespacesFolder.ts index 86c544fb3..a1c10003c 100644 --- a/tools/linter/components/NamespacesFolder.ts +++ b/tools/src/linter/components/NamespacesFolder.ts @@ -1,5 +1,5 @@ import NamespaceFile from './NamespaceFile' -import { type ValidationError } from '../../types' +import { type ValidationError } from 'types' import FolderValidator from './base/FolderValidator' export default class NamespacesFolder extends FolderValidator { diff --git a/tools/linter/components/Operation.ts b/tools/src/linter/components/Operation.ts similarity index 98% rename from tools/linter/components/Operation.ts rename to tools/src/linter/components/Operation.ts index 9c50872a3..99a93c3c1 100644 --- a/tools/linter/components/Operation.ts +++ b/tools/src/linter/components/Operation.ts @@ -1,4 +1,4 @@ -import { type OperationSpec, type ValidationError } from '../../types' +import { type OperationSpec, type ValidationError } from 'types' import _ from 'lodash' import ValidatorBase from './base/ValidatorBase' diff --git a/tools/linter/components/OperationGroup.ts b/tools/src/linter/components/OperationGroup.ts similarity index 98% rename from tools/linter/components/OperationGroup.ts rename to tools/src/linter/components/OperationGroup.ts index 681563875..f99cb9ab3 100644 --- a/tools/linter/components/OperationGroup.ts +++ b/tools/src/linter/components/OperationGroup.ts @@ -1,5 +1,5 @@ import type Operation from './Operation' -import { type ValidationError } from '../../types' +import { type ValidationError } from 'types' import ValidatorBase from './base/ValidatorBase' export default class OperationGroup extends ValidatorBase { diff --git a/tools/linter/components/Schema.ts b/tools/src/linter/components/Schema.ts similarity index 93% rename from tools/linter/components/Schema.ts rename to tools/src/linter/components/Schema.ts index 38ac29017..d132f86e3 100644 --- a/tools/linter/components/Schema.ts +++ b/tools/src/linter/components/Schema.ts @@ -1,6 +1,6 @@ import ValidatorBase from './base/ValidatorBase' import { type OpenAPIV3 } from 'openapi-types' -import { type ValidationError } from '../../types' +import { type ValidationError } from 'types' const NAME_REGEX = /^[A-Za-z0-9]+$/ diff --git a/tools/linter/components/SchemaFile.ts b/tools/src/linter/components/SchemaFile.ts similarity index 96% rename from tools/linter/components/SchemaFile.ts rename to tools/src/linter/components/SchemaFile.ts index 074b76892..8fa364b13 100644 --- a/tools/linter/components/SchemaFile.ts +++ b/tools/src/linter/components/SchemaFile.ts @@ -1,5 +1,5 @@ import FileValidator from './base/FileValidator' -import { type ValidationError } from '../../types' +import { type ValidationError } from 'types' import Schema from './Schema' import { type OpenAPIV3 } from 'openapi-types' diff --git a/tools/linter/components/SchemasFolder.ts b/tools/src/linter/components/SchemasFolder.ts similarity index 85% rename from tools/linter/components/SchemasFolder.ts rename to tools/src/linter/components/SchemasFolder.ts index e40ff4f87..d6d30fd6a 100644 --- a/tools/linter/components/SchemasFolder.ts +++ b/tools/src/linter/components/SchemasFolder.ts @@ -1,6 +1,6 @@ import SchemaFile from './SchemaFile' import FolderValidator from './base/FolderValidator' -import { type ValidationError } from '../../types' +import { type ValidationError } from 'types' export default class SchemasFolder extends FolderValidator { constructor (folder_path: string) { diff --git a/tools/linter/components/SupersededOperationsFile.ts b/tools/src/linter/components/SupersededOperationsFile.ts similarity index 100% rename from tools/linter/components/SupersededOperationsFile.ts rename to tools/src/linter/components/SupersededOperationsFile.ts diff --git a/tools/linter/components/base/FileValidator.ts b/tools/src/linter/components/base/FileValidator.ts similarity index 95% rename from tools/linter/components/base/FileValidator.ts rename to tools/src/linter/components/base/FileValidator.ts index a0e0fa7c7..3d3a5d296 100644 --- a/tools/linter/components/base/FileValidator.ts +++ b/tools/src/linter/components/base/FileValidator.ts @@ -1,7 +1,7 @@ import ValidatorBase from './ValidatorBase' -import { type ValidationError } from '../../../types' +import { type ValidationError } from 'types' import { type OpenAPIV3 } from 'openapi-types' -import { read_yaml } from '../../../helpers' +import { read_yaml } from '../../../../helpers' import AJV from 'ajv' import addFormats from 'ajv-formats' diff --git a/tools/linter/components/base/FolderValidator.ts b/tools/src/linter/components/base/FolderValidator.ts similarity index 94% rename from tools/linter/components/base/FolderValidator.ts rename to tools/src/linter/components/base/FolderValidator.ts index 30eafbfac..8a63644dc 100644 --- a/tools/linter/components/base/FolderValidator.ts +++ b/tools/src/linter/components/base/FolderValidator.ts @@ -1,7 +1,7 @@ import fs from 'fs' import ValidatorBase from './ValidatorBase' import type FileValidator from './FileValidator' -import { type ValidationError } from '../../../types' +import { type ValidationError } from 'types' export default class FolderValidator extends ValidatorBase { folder_path: string diff --git a/tools/linter/components/base/ValidatorBase.ts b/tools/src/linter/components/base/ValidatorBase.ts similarity index 88% rename from tools/linter/components/base/ValidatorBase.ts rename to tools/src/linter/components/base/ValidatorBase.ts index 7b0deaafe..3790218bf 100644 --- a/tools/linter/components/base/ValidatorBase.ts +++ b/tools/src/linter/components/base/ValidatorBase.ts @@ -1,4 +1,4 @@ -import { type ValidationError } from '../../../types' +import { type ValidationError } from 'types' export default class ValidatorBase { file: string location: string | undefined diff --git a/tools/src/linter/lint.ts b/tools/src/linter/lint.ts new file mode 100644 index 000000000..6b30fa1d8 --- /dev/null +++ b/tools/src/linter/lint.ts @@ -0,0 +1,24 @@ +import { Command, Option } from '@commander-js/extra-typings' +import SpecValidator from './SpecValidator' +import { resolve } from 'path' + +const command = new Command() + .description('Validate the OpenSearch multi-file spec.') + .addOption(new Option('-s, --source ', 'path to the root folder of the multi-file spec').default(resolve(__dirname, '../../../spec'))) + .allowExcessArguments(false) + .parse() + +const opts = command.opts() +console.log(`Validating ${opts.source} ...`) +const validator = new SpecValidator(opts.source) +const errors = validator.validate() + +if (errors.length === 0) { + console.log('No errors found.') + process.exit(0) +} else { + console.log('Errors found:\n') + errors.forEach(e => { console.error(e) }) + console.log('\nTotal errors:', errors.length) + process.exit(1) +} diff --git a/tools/linter/utils/SpecificationVisitor.ts b/tools/src/linter/utils/SpecificationVisitor.ts similarity index 100% rename from tools/linter/utils/SpecificationVisitor.ts rename to tools/src/linter/utils/SpecificationVisitor.ts diff --git a/tools/linter/utils/index.ts b/tools/src/linter/utils/index.ts similarity index 93% rename from tools/linter/utils/index.ts rename to tools/src/linter/utils/index.ts index d20fbf5d4..db451638f 100644 --- a/tools/linter/utils/index.ts +++ b/tools/src/linter/utils/index.ts @@ -1,5 +1,5 @@ import { type OpenAPIV3 } from 'openapi-types' -import { type ValidationError } from '../../types' +import { type ValidationError } from 'types' export function is_ref (o: MaybeRef): o is OpenAPIV3.ReferenceObject { return '$ref' in o @@ -53,6 +53,10 @@ export class SpecificationContext { get key (): string { return this._location[this._location.length - 1] } + + get keys (): string[] { + return [...this._location] + } } export type MaybeRef = O | OpenAPIV3.ReferenceObject diff --git a/tools/merger/GlobalParamsGenerator.ts b/tools/src/merger/GlobalParamsGenerator.ts similarity index 97% rename from tools/merger/GlobalParamsGenerator.ts rename to tools/src/merger/GlobalParamsGenerator.ts index 612c18fa0..e8da16ea2 100644 --- a/tools/merger/GlobalParamsGenerator.ts +++ b/tools/src/merger/GlobalParamsGenerator.ts @@ -1,6 +1,6 @@ import { type OpenAPIV3 } from 'openapi-types' import _ from 'lodash' -import { read_yaml } from '../helpers' +import { read_yaml } from '../../helpers' export default class GlobalParamsGenerator { global_params: Record diff --git a/tools/merger/OpenApiMerger.ts b/tools/src/merger/OpenApiMerger.ts similarity index 98% rename from tools/merger/OpenApiMerger.ts rename to tools/src/merger/OpenApiMerger.ts index 0bb0be431..c2d8bec6f 100644 --- a/tools/merger/OpenApiMerger.ts +++ b/tools/src/merger/OpenApiMerger.ts @@ -1,7 +1,7 @@ import { type OpenAPIV3 } from 'openapi-types' import fs from 'fs' import _ from 'lodash' -import { read_yaml, write_yaml } from '../helpers' +import { read_yaml, write_yaml } from '../../helpers' import SupersededOpsGenerator from './SupersededOpsGenerator' import GlobalParamsGenerator from './GlobalParamsGenerator' diff --git a/tools/merger/OpenDistro.ts b/tools/src/merger/OpenDistro.ts similarity index 91% rename from tools/merger/OpenDistro.ts rename to tools/src/merger/OpenDistro.ts index e35cace6e..b3d1d431d 100644 --- a/tools/merger/OpenDistro.ts +++ b/tools/src/merger/OpenDistro.ts @@ -1,5 +1,5 @@ -import { type HttpVerb, type OperationPath, type SupersededOperationMap } from '../types' -import { read_yaml, write_yaml } from '../helpers' +import { type HttpVerb, type OperationPath, type SupersededOperationMap } from 'types' +import { read_yaml, write_yaml } from '../../helpers' // One-time script to generate _superseded_operations.yaml file for OpenDistro // Keeping this for now in case we need to update the file in the near future. Can be removed after a few months. diff --git a/tools/merger/SupersededOpsGenerator.ts b/tools/src/merger/SupersededOpsGenerator.ts similarity index 97% rename from tools/merger/SupersededOpsGenerator.ts rename to tools/src/merger/SupersededOpsGenerator.ts index 747204c61..b673aa3d1 100644 --- a/tools/merger/SupersededOpsGenerator.ts +++ b/tools/src/merger/SupersededOpsGenerator.ts @@ -1,6 +1,6 @@ -import { type OperationSpec, type SupersededOperationMap } from '../types' +import { type OperationSpec, type SupersededOperationMap } from 'types' import _ from 'lodash' -import { read_yaml } from '../helpers' +import { read_yaml } from '../../helpers' export default class SupersededOpsGenerator { superseded_ops: SupersededOperationMap diff --git a/tools/src/merger/merge.ts b/tools/src/merger/merge.ts new file mode 100644 index 000000000..c38f29c97 --- /dev/null +++ b/tools/src/merger/merge.ts @@ -0,0 +1,16 @@ +import { Command, Option } from '@commander-js/extra-typings' +import OpenApiMerger from './OpenApiMerger' +import { resolve } from 'path' + +const command = new Command() + .description('Merges the multi-file OpenSearch spec into a single file for programmatic use.') + .addOption(new Option('-s, --source ', 'path to the root folder of the multi-file spec').default(resolve(__dirname, '../../../spec'))) + .addOption(new Option('-o, --output ', 'output file name').default(resolve(__dirname, '../../../build/opensearch-openapi.yaml'))) + .allowExcessArguments(false) + .parse() + +const opts = command.opts() +const merger = new OpenApiMerger(opts.source) +console.log(`Merging ${opts.source} into ${opts.output} ...`) +merger.merge(opts.output) +console.log('Done.') diff --git a/tools/types.ts b/tools/src/types.ts similarity index 100% rename from tools/types.ts rename to tools/src/types.ts diff --git a/tools/test/linter/SupersededOperationsFile.test.ts b/tools/test/linter/SupersededOperationsFile.test.ts deleted file mode 100644 index f5c6a7e3a..000000000 --- a/tools/test/linter/SupersededOperationsFile.test.ts +++ /dev/null @@ -1,11 +0,0 @@ -import SupersededOperationsFile from '../../linter/components/SupersededOperationsFile' - -test('validate()', () => { - const validator = new SupersededOperationsFile('./test/linter/fixtures/_superseded_operations.yaml') - expect(validator.validate()).toEqual([ - { - file: 'fixtures/_superseded_operations.yaml', - message: "File content does not match JSON schema found in '../json_schemas/_superseded_operations.schema.yaml':\n [\n {\n \"instancePath\": \"/~1hello~1world/operations/1\",\n \"schemaPath\": \"#/patternProperties/%5E~1/properties/operations/items/enum\",\n \"keyword\": \"enum\",\n \"params\": {\n \"allowedValues\": [\n \"GET\",\n \"POST\",\n \"PUT\",\n \"DELETE\",\n \"HEAD\",\n \"OPTIONS\",\n \"PATCH\"\n ]\n },\n \"message\": \"must be equal to one of the allowed values\"\n }\n]" - } - ]) -}) diff --git a/tools/test/linter/fixtures/empty/_info.yaml b/tools/test/linter/fixtures/empty/_info.yaml deleted file mode 100644 index 66d1923d4..000000000 --- a/tools/test/linter/fixtures/empty/_info.yaml +++ /dev/null @@ -1,4 +0,0 @@ -$schema: ../json_schemas/_info.schema.yaml - -title: '' -version: '' \ No newline at end of file diff --git a/tools/test/linter/fixtures/empty/_superseded_operations.yaml b/tools/test/linter/fixtures/empty/_superseded_operations.yaml deleted file mode 100644 index 6f143f79b..000000000 --- a/tools/test/linter/fixtures/empty/_superseded_operations.yaml +++ /dev/null @@ -1 +0,0 @@ -$schema: ../json_schemas/_superseded_operations.schema.yaml \ No newline at end of file diff --git a/tools/test/merger/OpenApiMerger.test.ts b/tools/test/merger/OpenApiMerger.test.ts deleted file mode 100644 index 22d966404..000000000 --- a/tools/test/merger/OpenApiMerger.test.ts +++ /dev/null @@ -1,10 +0,0 @@ -import OpenApiMerger from '../../merger/OpenApiMerger' -import fs from 'fs' - -test('merge()', async () => { - const merger = new OpenApiMerger('./test/merger/fixtures/spec/') - merger.merge('./test/merger/opensearch-openapi.yaml') - expect(fs.readFileSync('./test/merger/fixtures/expected.yaml', 'utf8')) - .toEqual(fs.readFileSync('./test/merger/opensearch-openapi.yaml', 'utf8')) - fs.unlinkSync('./test/merger/opensearch-openapi.yaml') -}) diff --git a/tools/test/linter/InfoFile.test.ts b/tools/tests/linter/InfoFile.test.ts similarity index 63% rename from tools/test/linter/InfoFile.test.ts rename to tools/tests/linter/InfoFile.test.ts index a0a7652bd..e93f2ea0e 100644 --- a/tools/test/linter/InfoFile.test.ts +++ b/tools/tests/linter/InfoFile.test.ts @@ -1,7 +1,7 @@ -import InfoFile from '../../linter/components/InfoFile' +import InfoFile from 'linter/components/InfoFile' test('validate()', () => { - const validator = new InfoFile('./test/linter/fixtures/_info.yaml') + const validator = new InfoFile('./tools/tests/linter/fixtures/_info.yaml') expect(validator.validate()).toEqual([ { file: 'fixtures/_info.yaml', diff --git a/tools/tests/linter/InlineObjectSchemaValidator.test.ts b/tools/tests/linter/InlineObjectSchemaValidator.test.ts new file mode 100644 index 000000000..6cff2d2c1 --- /dev/null +++ b/tools/tests/linter/InlineObjectSchemaValidator.test.ts @@ -0,0 +1,32 @@ +import SchemasFolder from 'linter/components/SchemasFolder' +import NamespacesFolder from 'linter/components/NamespacesFolder' +import InlineObjectSchemaValidator from 'linter/InlineObjectSchemaValidator' + +test('validate()', () => { + const root_folder = './tools/tests/linter/fixtures/inline_object_schema_validator' + const namespaces_folder = new NamespacesFolder(`${root_folder}/namespaces`) + const schemas_folder = new SchemasFolder(`${root_folder}/schemas`) + const validator = new InlineObjectSchemaValidator(namespaces_folder, schemas_folder) + expect(validator.validate()).toEqual([ + { + file: 'namespaces/ops.yaml', + location: '#/paths/~1the~1path/post/parameters/3/schema', + message: 'object schemas should be defined out-of-line via a $ref' + }, + { + file: 'namespaces/ops.yaml', + location: '#/paths/~1the~1path/post/requestBody/content/application~1json/schema/items', + message: 'object schemas should be defined out-of-line via a $ref' + }, + { + file: 'namespaces/ops.yaml', + location: '#/paths/~1the~1path/post/responses/200/content/application~1json/schema/properties/inline_object_as_a_property_is_not_ok', + message: 'object schemas should be defined out-of-line via a $ref' + }, + { + file: 'schemas/schemas.yaml', + location: '#/components/schemas/additionalProperties_with_object_value_schema_can_not_be_inline/additionalProperties', + message: 'object schemas should be defined out-of-line via a $ref' + } + ]) +}) diff --git a/tools/test/linter/NamespaceFile.test.ts b/tools/tests/linter/NamespaceFile.test.ts similarity index 100% rename from tools/test/linter/NamespaceFile.test.ts rename to tools/tests/linter/NamespaceFile.test.ts diff --git a/tools/test/linter/NamespacesFolder.test.ts b/tools/tests/linter/NamespacesFolder.test.ts similarity index 85% rename from tools/test/linter/NamespacesFolder.test.ts rename to tools/tests/linter/NamespacesFolder.test.ts index 9f2f6b839..08b1ac854 100644 --- a/tools/test/linter/NamespacesFolder.test.ts +++ b/tools/tests/linter/NamespacesFolder.test.ts @@ -1,7 +1,7 @@ -import NamespacesFolder from '../../linter/components/NamespacesFolder' +import NamespacesFolder from 'linter/components/NamespacesFolder' test('validate() - When there invalid files', () => { - const validator = new NamespacesFolder('./test/linter/fixtures/folder_validators/namespaces/invalid_files') + const validator = new NamespacesFolder('./tools/tests/linter/fixtures/folder_validators/namespaces/invalid_files') expect(validator.validate()).toEqual([ { file: 'invalid_files/indices.txt', @@ -37,7 +37,7 @@ test('validate() - When there invalid files', () => { }) test('validate() - When the files are valid but the folder is not', () => { - const validator = new NamespacesFolder('./test/linter/fixtures/folder_validators/namespaces/invalid_folder') + const validator = new NamespacesFolder('./tools/tests/linter/fixtures/folder_validators/namespaces/invalid_folder') expect(validator.validate()).toEqual([ { file: 'invalid_folder/', diff --git a/tools/test/linter/Operation.test.ts b/tools/tests/linter/Operation.test.ts similarity index 100% rename from tools/test/linter/Operation.test.ts rename to tools/tests/linter/Operation.test.ts diff --git a/tools/test/linter/OperationGroup.test.ts b/tools/tests/linter/OperationGroup.test.ts similarity index 100% rename from tools/test/linter/OperationGroup.test.ts rename to tools/tests/linter/OperationGroup.test.ts diff --git a/tools/test/linter/Schema.test.ts b/tools/tests/linter/Schema.test.ts similarity index 100% rename from tools/test/linter/Schema.test.ts rename to tools/tests/linter/Schema.test.ts diff --git a/tools/test/linter/SchemaFile.test.ts b/tools/tests/linter/SchemaFile.test.ts similarity index 100% rename from tools/test/linter/SchemaFile.test.ts rename to tools/tests/linter/SchemaFile.test.ts diff --git a/tools/test/linter/SchemaRefsValidator.test.ts b/tools/tests/linter/SchemaRefsValidator.test.ts similarity index 77% rename from tools/test/linter/SchemaRefsValidator.test.ts rename to tools/tests/linter/SchemaRefsValidator.test.ts index e122d2536..7cae50ad1 100644 --- a/tools/test/linter/SchemaRefsValidator.test.ts +++ b/tools/tests/linter/SchemaRefsValidator.test.ts @@ -1,9 +1,9 @@ -import SchemasFolder from '../../linter/components/SchemasFolder' -import NamespacesFolder from '../../linter/components/NamespacesFolder' -import SchemaRefsValidator from '../../linter/SchemaRefsValidator' +import SchemasFolder from 'linter/components/SchemasFolder' +import NamespacesFolder from 'linter/components/NamespacesFolder' +import SchemaRefsValidator from 'linter/SchemaRefsValidator' test('validate()', () => { - const root_folder = './test/linter/fixtures/schema_refs_validator' + const root_folder = './tools/tests/linter/fixtures/schema_refs_validator' const namespaces_folder = new NamespacesFolder(`${root_folder}/namespaces`) const schemas_folder = new SchemasFolder(`${root_folder}/schemas`) const validator = new SchemaRefsValidator(namespaces_folder, schemas_folder) diff --git a/tools/test/linter/SpecValidator.test.ts b/tools/tests/linter/SpecValidator.test.ts similarity index 86% rename from tools/test/linter/SpecValidator.test.ts rename to tools/tests/linter/SpecValidator.test.ts index 181393f02..0ba8cb576 100644 --- a/tools/test/linter/SpecValidator.test.ts +++ b/tools/tests/linter/SpecValidator.test.ts @@ -1,7 +1,7 @@ -import SpecValidator from '../../linter/SpecValidator' +import SpecValidator from 'linter/SpecValidator' test('validate()', () => { - const validator = new SpecValidator('./test/linter/fixtures/empty') + const validator = new SpecValidator('./tools/tests/linter/fixtures/empty') expect(validator.validate()).toEqual([]) validator.namespaces_folder.validate = jest.fn().mockReturnValue([{ file: 'namespaces/', message: 'namespace error' }]) diff --git a/tools/tests/linter/SupersededOperationsFile.test.ts b/tools/tests/linter/SupersededOperationsFile.test.ts new file mode 100644 index 000000000..5c97edfff --- /dev/null +++ b/tools/tests/linter/SupersededOperationsFile.test.ts @@ -0,0 +1,11 @@ +import SupersededOperationsFile from 'linter/components/SupersededOperationsFile' + +test('validate()', () => { + const validator = new SupersededOperationsFile('./tools/tests/linter/fixtures/_superseded_operations.yaml') + expect(validator.validate()).toEqual([ + { + file: 'fixtures/_superseded_operations.yaml', + message: "File content does not match JSON schema found in './json_schemas/_superseded_operations.schema.yaml':\n [\n {\n \"instancePath\": \"/~1hello~1world/operations/1\",\n \"schemaPath\": \"#/patternProperties/%5E~1/properties/operations/items/enum\",\n \"keyword\": \"enum\",\n \"params\": {\n \"allowedValues\": [\n \"GET\",\n \"POST\",\n \"PUT\",\n \"DELETE\",\n \"HEAD\",\n \"OPTIONS\",\n \"PATCH\"\n ]\n },\n \"message\": \"must be equal to one of the allowed values\"\n }\n]" + } + ]) +}) diff --git a/tools/test/linter/factories/namespace_file.ts b/tools/tests/linter/factories/namespace_file.ts similarity index 93% rename from tools/test/linter/factories/namespace_file.ts rename to tools/tests/linter/factories/namespace_file.ts index 7546460a8..7c130de4d 100644 --- a/tools/test/linter/factories/namespace_file.ts +++ b/tools/tests/linter/factories/namespace_file.ts @@ -1,9 +1,9 @@ -import NamespaceFile from '../../../linter/components/NamespaceFile' +import NamespaceFile from 'linter/components/NamespaceFile' import { type OpenAPIV3 } from 'openapi-types' import { mocked_operation_group } from './operation_group' export function namespace_file (fixture_file: string): NamespaceFile { - return new NamespaceFile(`./test/linter/fixtures/file_validators/namespaces/${fixture_file}`) + return new NamespaceFile(`./tools/tests/linter/fixtures/file_validators/namespaces/${fixture_file}`) } interface MockedReturnedValues { diff --git a/tools/test/linter/factories/operation.ts b/tools/tests/linter/factories/operation.ts similarity index 95% rename from tools/test/linter/factories/operation.ts rename to tools/tests/linter/factories/operation.ts index f17e092cb..208dd1e86 100644 --- a/tools/test/linter/factories/operation.ts +++ b/tools/tests/linter/factories/operation.ts @@ -1,5 +1,5 @@ -import Operation from '../../../linter/components/Operation' -import { type OperationSpec } from '../../../types' +import Operation from 'linter/components/Operation' +import { type OperationSpec } from 'types' export function operation (spec: Record, file_name = 'indices.yaml'): Operation { return new Operation(`namespaces/${file_name}`, '/{index}/something/{abc_xyz}', 'post', spec as OperationSpec) diff --git a/tools/test/linter/factories/operation_group.ts b/tools/tests/linter/factories/operation_group.ts similarity index 96% rename from tools/test/linter/factories/operation_group.ts rename to tools/tests/linter/factories/operation_group.ts index 1439a6834..7a8cd6c1b 100644 --- a/tools/test/linter/factories/operation_group.ts +++ b/tools/tests/linter/factories/operation_group.ts @@ -1,4 +1,4 @@ -import OperationGroup from '../../../linter/components/OperationGroup' +import OperationGroup from 'linter/components/OperationGroup' import { operation, mocked_operation } from './operation' export function operation_group (operation_specs: Array>): OperationGroup { diff --git a/tools/test/linter/factories/schema.ts b/tools/tests/linter/factories/schema.ts similarity index 93% rename from tools/test/linter/factories/schema.ts rename to tools/tests/linter/factories/schema.ts index 3eb32c943..bdaec547c 100644 --- a/tools/test/linter/factories/schema.ts +++ b/tools/tests/linter/factories/schema.ts @@ -1,4 +1,4 @@ -import Schema from '../../../linter/components/Schema' +import Schema from 'linter/components/Schema' import { type OpenAPIV3 } from 'openapi-types' export function schema (name: string, spec: Record = {}): Schema { diff --git a/tools/test/linter/factories/schema_file.ts b/tools/tests/linter/factories/schema_file.ts similarity index 87% rename from tools/test/linter/factories/schema_file.ts rename to tools/tests/linter/factories/schema_file.ts index 6d232211a..b19c9724f 100644 --- a/tools/test/linter/factories/schema_file.ts +++ b/tools/tests/linter/factories/schema_file.ts @@ -1,8 +1,8 @@ import { mocked_schema } from './schema' -import SchemaFile from '../../../linter/components/SchemaFile' +import SchemaFile from 'linter/components/SchemaFile' export function schema_file (fixture: string): SchemaFile { - return new SchemaFile(`./test/linter/fixtures/file_validators/schemas/${fixture}`) + return new SchemaFile(`./tools/tests/linter/fixtures/file_validators/schemas/${fixture}`) } interface MockedReturnedValues { diff --git a/tools/test/linter/fixtures/_info.yaml b/tools/tests/linter/fixtures/_info.yaml similarity index 100% rename from tools/test/linter/fixtures/_info.yaml rename to tools/tests/linter/fixtures/_info.yaml diff --git a/tools/test/linter/fixtures/_superseded_operations.yaml b/tools/tests/linter/fixtures/_superseded_operations.yaml similarity index 57% rename from tools/test/linter/fixtures/_superseded_operations.yaml rename to tools/tests/linter/fixtures/_superseded_operations.yaml index 20c92eec9..17341c41f 100644 --- a/tools/test/linter/fixtures/_superseded_operations.yaml +++ b/tools/tests/linter/fixtures/_superseded_operations.yaml @@ -1,4 +1,4 @@ -$schema: ../json_schemas/_superseded_operations.schema.yaml +$schema: ./json_schemas/_superseded_operations.schema.yaml /hello/world: superseded_by: /goodbye/world diff --git a/tools/tests/linter/fixtures/empty/_info.yaml b/tools/tests/linter/fixtures/empty/_info.yaml new file mode 100644 index 000000000..b72517c91 --- /dev/null +++ b/tools/tests/linter/fixtures/empty/_info.yaml @@ -0,0 +1,4 @@ +$schema: ./json_schemas/_info.schema.yaml + +title: '' +version: '' \ No newline at end of file diff --git a/tools/tests/linter/fixtures/empty/_superseded_operations.yaml b/tools/tests/linter/fixtures/empty/_superseded_operations.yaml new file mode 100644 index 000000000..51f11ca88 --- /dev/null +++ b/tools/tests/linter/fixtures/empty/_superseded_operations.yaml @@ -0,0 +1 @@ +$schema: ./json_schemas/_superseded_operations.schema.yaml \ No newline at end of file diff --git a/tools/test/linter/fixtures/empty/namespaces/.gitkeep b/tools/tests/linter/fixtures/empty/namespaces/.gitkeep similarity index 100% rename from tools/test/linter/fixtures/empty/namespaces/.gitkeep rename to tools/tests/linter/fixtures/empty/namespaces/.gitkeep diff --git a/tools/test/linter/fixtures/empty/opensearch-openapi.yaml b/tools/tests/linter/fixtures/empty/opensearch-openapi.yaml similarity index 100% rename from tools/test/linter/fixtures/empty/opensearch-openapi.yaml rename to tools/tests/linter/fixtures/empty/opensearch-openapi.yaml diff --git a/tools/test/linter/fixtures/empty/schemas/.gitkeep b/tools/tests/linter/fixtures/empty/schemas/.gitkeep similarity index 100% rename from tools/test/linter/fixtures/empty/schemas/.gitkeep rename to tools/tests/linter/fixtures/empty/schemas/.gitkeep diff --git a/tools/test/linter/fixtures/file_validators/namespaces/empty.yaml b/tools/tests/linter/fixtures/file_validators/namespaces/empty.yaml similarity index 100% rename from tools/test/linter/fixtures/file_validators/namespaces/empty.yaml rename to tools/tests/linter/fixtures/file_validators/namespaces/empty.yaml diff --git a/tools/test/linter/fixtures/file_validators/namespaces/invalid_components.yaml b/tools/tests/linter/fixtures/file_validators/namespaces/invalid_components.yaml similarity index 100% rename from tools/test/linter/fixtures/file_validators/namespaces/invalid_components.yaml rename to tools/tests/linter/fixtures/file_validators/namespaces/invalid_components.yaml diff --git a/tools/test/linter/fixtures/file_validators/schemas/_common.empty.yaml b/tools/tests/linter/fixtures/file_validators/schemas/_common.empty.yaml similarity index 100% rename from tools/test/linter/fixtures/file_validators/schemas/_common.empty.yaml rename to tools/tests/linter/fixtures/file_validators/schemas/_common.empty.yaml diff --git a/tools/test/linter/fixtures/folder_validators/namespaces/invalid_files/cat.yaml b/tools/tests/linter/fixtures/folder_validators/namespaces/invalid_files/cat.yaml similarity index 100% rename from tools/test/linter/fixtures/folder_validators/namespaces/invalid_files/cat.yaml rename to tools/tests/linter/fixtures/folder_validators/namespaces/invalid_files/cat.yaml diff --git a/tools/test/linter/fixtures/folder_validators/namespaces/invalid_files/dup_path_a.yaml b/tools/tests/linter/fixtures/folder_validators/namespaces/invalid_files/dup_path_a.yaml similarity index 100% rename from tools/test/linter/fixtures/folder_validators/namespaces/invalid_files/dup_path_a.yaml rename to tools/tests/linter/fixtures/folder_validators/namespaces/invalid_files/dup_path_a.yaml diff --git a/tools/test/linter/fixtures/folder_validators/namespaces/invalid_files/dup_path_b.yaml b/tools/tests/linter/fixtures/folder_validators/namespaces/invalid_files/dup_path_b.yaml similarity index 100% rename from tools/test/linter/fixtures/folder_validators/namespaces/invalid_files/dup_path_b.yaml rename to tools/tests/linter/fixtures/folder_validators/namespaces/invalid_files/dup_path_b.yaml diff --git a/tools/test/linter/fixtures/folder_validators/namespaces/invalid_files/dup_path_c.yaml b/tools/tests/linter/fixtures/folder_validators/namespaces/invalid_files/dup_path_c.yaml similarity index 100% rename from tools/test/linter/fixtures/folder_validators/namespaces/invalid_files/dup_path_c.yaml rename to tools/tests/linter/fixtures/folder_validators/namespaces/invalid_files/dup_path_c.yaml diff --git a/tools/test/linter/fixtures/folder_validators/namespaces/invalid_files/indices.txt b/tools/tests/linter/fixtures/folder_validators/namespaces/invalid_files/indices.txt similarity index 100% rename from tools/test/linter/fixtures/folder_validators/namespaces/invalid_files/indices.txt rename to tools/tests/linter/fixtures/folder_validators/namespaces/invalid_files/indices.txt diff --git a/tools/test/linter/fixtures/folder_validators/namespaces/invalid_files/invalid_spec.yaml b/tools/tests/linter/fixtures/folder_validators/namespaces/invalid_files/invalid_spec.yaml similarity index 100% rename from tools/test/linter/fixtures/folder_validators/namespaces/invalid_files/invalid_spec.yaml rename to tools/tests/linter/fixtures/folder_validators/namespaces/invalid_files/invalid_spec.yaml diff --git a/tools/test/linter/fixtures/folder_validators/namespaces/invalid_files/invalid_yaml.yaml b/tools/tests/linter/fixtures/folder_validators/namespaces/invalid_files/invalid_yaml.yaml similarity index 100% rename from tools/test/linter/fixtures/folder_validators/namespaces/invalid_files/invalid_yaml.yaml rename to tools/tests/linter/fixtures/folder_validators/namespaces/invalid_files/invalid_yaml.yaml diff --git a/tools/test/linter/fixtures/folder_validators/namespaces/invalid_folder/cat.yaml b/tools/tests/linter/fixtures/folder_validators/namespaces/invalid_folder/cat.yaml similarity index 100% rename from tools/test/linter/fixtures/folder_validators/namespaces/invalid_folder/cat.yaml rename to tools/tests/linter/fixtures/folder_validators/namespaces/invalid_folder/cat.yaml diff --git a/tools/test/linter/fixtures/folder_validators/namespaces/invalid_folder/dup_path_a.yaml b/tools/tests/linter/fixtures/folder_validators/namespaces/invalid_folder/dup_path_a.yaml similarity index 100% rename from tools/test/linter/fixtures/folder_validators/namespaces/invalid_folder/dup_path_a.yaml rename to tools/tests/linter/fixtures/folder_validators/namespaces/invalid_folder/dup_path_a.yaml diff --git a/tools/test/linter/fixtures/folder_validators/namespaces/invalid_folder/dup_path_b.yaml b/tools/tests/linter/fixtures/folder_validators/namespaces/invalid_folder/dup_path_b.yaml similarity index 100% rename from tools/test/linter/fixtures/folder_validators/namespaces/invalid_folder/dup_path_b.yaml rename to tools/tests/linter/fixtures/folder_validators/namespaces/invalid_folder/dup_path_b.yaml diff --git a/tools/test/linter/fixtures/folder_validators/namespaces/invalid_folder/dup_path_c.yaml b/tools/tests/linter/fixtures/folder_validators/namespaces/invalid_folder/dup_path_c.yaml similarity index 100% rename from tools/test/linter/fixtures/folder_validators/namespaces/invalid_folder/dup_path_c.yaml rename to tools/tests/linter/fixtures/folder_validators/namespaces/invalid_folder/dup_path_c.yaml diff --git a/tools/tests/linter/fixtures/inline_object_schema_validator/namespaces/ops.yaml b/tools/tests/linter/fixtures/inline_object_schema_validator/namespaces/ops.yaml new file mode 100644 index 000000000..0a58a5719 --- /dev/null +++ b/tools/tests/linter/fixtures/inline_object_schema_validator/namespaces/ops.yaml @@ -0,0 +1,73 @@ +paths: + /the/path: + post: + parameters: + - $ref: '#/components/parameters/query.ref_string_is_ok' + - $ref: '#/components/parameters/query.ref_object_is_ok' + - name: inline_string_is_ok + in: query + schema: + type: string + - name: inline_object_is_not_ok + in: query + schema: + type: object + properties: + the_prop: + type: boolean + requestBody: + content: + application/json: + schema: + type: array + items: + title: inline_object_as_array_items_is_not_ok + type: object + properties: + item_prop: + type: number + responses: + '200': + content: + application/json: + schema: + type: object + properties: + inline_object_as_a_property_is_not_ok: + type: object + properties: + nested_prop: + type: string +components: + parameters: + query.ref_string_is_ok: + name: ref_string_is_ok + in: query + schema: + type: string + query.ref_object_is_ok: + name: ref_object_is_ok + in: query + schema: + type: object + properties: + setting: + type: integer + requestBodies: + obj: + content: + application/json: + schema: + type: object + properties: + prop: + type: number + responses: + obj@200: + content: + application/json: + schema: + type: object + properties: + prop: + type: number \ No newline at end of file diff --git a/tools/tests/linter/fixtures/inline_object_schema_validator/schemas/schemas.yaml b/tools/tests/linter/fixtures/inline_object_schema_validator/schemas/schemas.yaml new file mode 100644 index 000000000..a4566682a --- /dev/null +++ b/tools/tests/linter/fixtures/inline_object_schema_validator/schemas/schemas.yaml @@ -0,0 +1,18 @@ +components: + schemas: + object_is_ok: + type: object + properties: + prop: + type: string + object_with_only_additionalProperties_can_be_inline: + type: object + additionalProperties: + type: string + additionalProperties_with_object_value_schema_can_not_be_inline: + type: object + additionalProperties: + type: object + properties: + inline_object_with_no_properties_is_ok: + type: object \ No newline at end of file diff --git a/tools/test/linter/fixtures/schema_refs_validator/namespaces/indices.yaml b/tools/tests/linter/fixtures/schema_refs_validator/namespaces/indices.yaml similarity index 100% rename from tools/test/linter/fixtures/schema_refs_validator/namespaces/indices.yaml rename to tools/tests/linter/fixtures/schema_refs_validator/namespaces/indices.yaml diff --git a/tools/test/linter/fixtures/schema_refs_validator/schemas/animals.yaml b/tools/tests/linter/fixtures/schema_refs_validator/schemas/animals.yaml similarity index 100% rename from tools/test/linter/fixtures/schema_refs_validator/schemas/animals.yaml rename to tools/tests/linter/fixtures/schema_refs_validator/schemas/animals.yaml diff --git a/tools/test/linter/fixtures/schema_refs_validator/schemas/others.yaml b/tools/tests/linter/fixtures/schema_refs_validator/schemas/others.yaml similarity index 100% rename from tools/test/linter/fixtures/schema_refs_validator/schemas/others.yaml rename to tools/tests/linter/fixtures/schema_refs_validator/schemas/others.yaml diff --git a/tools/tests/merger/OpenApiMerger.test.ts b/tools/tests/merger/OpenApiMerger.test.ts new file mode 100644 index 000000000..f261aef0b --- /dev/null +++ b/tools/tests/merger/OpenApiMerger.test.ts @@ -0,0 +1,10 @@ +import OpenApiMerger from 'merger/OpenApiMerger' +import fs from 'fs' + +test('merge()', async () => { + const merger = new OpenApiMerger('./tools/tests/merger/fixtures/spec/') + merger.merge('./tools/tests/merger/opensearch-openapi.yaml') + expect(fs.readFileSync('./tools/tests/merger/fixtures/expected.yaml', 'utf8')) + .toEqual(fs.readFileSync('./tools/tests/merger/opensearch-openapi.yaml', 'utf8')) + fs.unlinkSync('./tools/tests/merger/opensearch-openapi.yaml') +}) diff --git a/tools/test/merger/fixtures/expected.yaml b/tools/tests/merger/fixtures/expected.yaml similarity index 100% rename from tools/test/merger/fixtures/expected.yaml rename to tools/tests/merger/fixtures/expected.yaml diff --git a/tools/test/merger/fixtures/spec/_global_parameters.yaml b/tools/tests/merger/fixtures/spec/_global_parameters.yaml similarity index 100% rename from tools/test/merger/fixtures/spec/_global_parameters.yaml rename to tools/tests/merger/fixtures/spec/_global_parameters.yaml diff --git a/tools/test/merger/fixtures/spec/_info.yaml b/tools/tests/merger/fixtures/spec/_info.yaml similarity index 100% rename from tools/test/merger/fixtures/spec/_info.yaml rename to tools/tests/merger/fixtures/spec/_info.yaml diff --git a/tools/test/merger/fixtures/spec/_superseded_operations.yaml b/tools/tests/merger/fixtures/spec/_superseded_operations.yaml similarity index 100% rename from tools/test/merger/fixtures/spec/_superseded_operations.yaml rename to tools/tests/merger/fixtures/spec/_superseded_operations.yaml diff --git a/tools/test/merger/fixtures/spec/namespaces/indices.yaml b/tools/tests/merger/fixtures/spec/namespaces/indices.yaml similarity index 100% rename from tools/test/merger/fixtures/spec/namespaces/indices.yaml rename to tools/tests/merger/fixtures/spec/namespaces/indices.yaml diff --git a/tools/test/merger/fixtures/spec/namespaces/shelter.yaml b/tools/tests/merger/fixtures/spec/namespaces/shelter.yaml similarity index 100% rename from tools/test/merger/fixtures/spec/namespaces/shelter.yaml rename to tools/tests/merger/fixtures/spec/namespaces/shelter.yaml diff --git a/tools/test/merger/fixtures/spec/schemas/actions.yaml b/tools/tests/merger/fixtures/spec/schemas/actions.yaml similarity index 100% rename from tools/test/merger/fixtures/spec/schemas/actions.yaml rename to tools/tests/merger/fixtures/spec/schemas/actions.yaml diff --git a/tools/test/merger/fixtures/spec/schemas/animals.yaml b/tools/tests/merger/fixtures/spec/schemas/animals.yaml similarity index 100% rename from tools/test/merger/fixtures/spec/schemas/animals.yaml rename to tools/tests/merger/fixtures/spec/schemas/animals.yaml diff --git a/tools/tsconfig.json b/tsconfig.json similarity index 99% rename from tools/tsconfig.json rename to tsconfig.json index bc6592779..8312f50b5 100644 --- a/tools/tsconfig.json +++ b/tsconfig.json @@ -28,7 +28,7 @@ "module": "commonjs", /* Specify what module code is generated. */ // "rootDir": "./", /* Specify the root folder within your source files. */ // "moduleResolution": "node10", /* Specify how TypeScript looks up a file from a given module specifier. */ - // "baseUrl": "./", /* Specify the base directory to resolve non-relative module names. */ + "baseUrl": "./tools/src", /* Specify the base directory to resolve non-relative module names. */ // "paths": {}, /* Specify a set of entries that re-map imports to additional lookup locations. */ // "rootDirs": [], /* Allow multiple folders to be treated as one when resolving modules. */ // "typeRoots": [], /* Specify multiple folders that act like './node_modules/@types'. */