Unify RoleDescriptor, add security.update_api_key API

Author: sethmlarson

output/schema/schema.json

@@ -17,28 +17,31 @@
  * under the License.
  */
 
-import {
-  IndexPrivilege,
-  ApplicationPrivileges,
-  IndicesPrivileges,
-  GlobalPrivilege
-} from '@security/_types/Privileges'
-import { Indices, Metadata } from '@_types/common'
-import { TransientMetadataConfig } from '@security/_types/TransientMetadataConfig'
+import { GlobalPrivilege } from './Privileges'
+import { IndicesPrivileges } from './Privileges'
+import { ApplicationPrivileges } from './Privileges'
+import { TransientMetadataConfig } from './TransientMetadataConfig'
+import { Metadata } from '@_types/common'
+import { OverloadOf } from '@spec_utils/behaviors'
 
-// FIXME: should be merged with get_service_accounts/RoleDescriptor
 export class RoleDescriptor {
-  cluster: string[]
+  cluster?: string[]
   /** @aliases index */
-  indices: IndicesPrivileges[]
+  indices?: IndicesPrivileges[]
   global?: GlobalPrivilege[] | GlobalPrivilege
   applications?: ApplicationPrivileges[]
   metadata?: Metadata
   run_as?: string[]
   transient_metadata?: TransientMetadataConfig
 }
 
-export class IndexPrivileges {
-  names: Indices
-  privileges: IndexPrivilege[]
+export class RoleDescriptorRead implements OverloadOf<RoleDescriptor> {
+  cluster: string[]
+  /** @aliases index */
+  indices: IndicesPrivileges[]
+  global?: GlobalPrivilege[] | GlobalPrivilege
+  applications?: ApplicationPrivileges[]
+  metadata?: Metadata
+  run_as?: string[]
+  transient_metadata?: TransientMetadataConfig
 }

output/schema/validation-errors.json

@@ -21,7 +21,7 @@ import { Dictionary } from '@spec_utils/Dictionary'
 import { RequestBase } from '@_types/Base'
 import { Metadata, Name, Refresh } from '@_types/common'
 import { Duration } from '@_types/Time'
-import { RoleDescriptor } from './types'
+import { RoleDescriptor } from '@security/_types/RoleDescriptor'
 
 /**
  * @rest_spec_name security.create_api_key

output/typescript/types.ts

@@ -17,25 +17,8 @@
  * under the License.
  */
 
-import {
-  IndicesPrivileges,
-  GlobalPrivilege,
-  ApplicationPrivileges
-} from '@security/_types/Privileges'
-import { TransientMetadataConfig } from '@security/_types/TransientMetadataConfig'
-import { Metadata } from '@_types/common'
+import { RoleDescriptorRead } from '@security/_types/RoleDescriptor'
 
 export class RoleDescriptorWrapper {
-  role_descriptor: RoleDescriptor
-}
-
-export class RoleDescriptor {
-  cluster: string[]
-  /** @aliases index */
-  indices: IndicesPrivileges[]
-  global?: GlobalPrivilege[] | GlobalPrivilege
-  applications?: ApplicationPrivileges[]
-  metadata?: Metadata
-  run_as?: string[]
-  transient_metadata?: TransientMetadataConfig
+  role_descriptor: RoleDescriptorRead
 }

specification/security/create_api_key/types.ts renamed to specification/security/_types/RoleDescriptor.ts

@@ -0,0 +1,49 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import { RequestBase } from '@_types/Base'
+import { Id, Metadata } from '@_types/common'
+import { Dictionary } from '@spec_utils/Dictionary'
+import { RoleDescriptor } from '@security/_types/RoleDescriptor'
+
+/**
+ * Updates attributes of an existing API key.
+ * @rest_spec_name security.update_api_key
+ * @since 8.4.0
+ * @stability stable
+ */
+export interface Request extends RequestBase {
+  path_parts: {
+    /**
+     * The ID of the API key to update.
+     */
+    id: Id
+  }
+  body: {
+    /**
+     * An array of role descriptors for this API key. This parameter is optional. When it is not specified or is an empty array, then the API key will have a point in time snapshot of permissions of the authenticated user. If you supply role descriptors then the resultant permissions would be an intersection of API keys permissions and authenticated user’s permissions thereby limiting the access scope for API keys. The structure of role descriptor is the same as the request for create role API. For more details, see create or update roles API.
+     * @doc_id security-api-put-role
+     */
+    role_descriptors?: Dictionary<string, RoleDescriptor>
+    /**
+     * Arbitrary metadata that you want to associate with the API key. It supports nested data structure. Within the metadata object, keys beginning with _ are reserved for system usage.
+     */
+    metadata?: Metadata
+  }
+}

specification/security/create_api_key/SecurityCreateApiKeyRequest.ts

@@ -0,0 +1,24 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+export class Response {
+  body: {
+    updated: boolean
+  }
+}