diff --git a/output/schema/schema.json b/output/schema/schema.json index 480a0f2344..019456680a 100644 --- a/output/schema/schema.json +++ b/output/schema/schema.json @@ -143360,7 +143360,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L127-L129" + "specLocation": "security/_types/Privileges.ts#L163-L165" }, { "kind": "interface", @@ -143412,7 +143412,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L24-L37" + "specLocation": "security/_types/Privileges.ts#L26-L39" }, { "kind": "interface", @@ -143459,6 +143459,9 @@ { "name": "manage_ccr" }, + { + "name": "manage_enrich" + }, { "name": "manage_ilm" }, @@ -143548,7 +143551,7 @@ "name": "ClusterPrivilege", "namespace": "security._types" }, - "specLocation": "security/_types/Privileges.ts#L39-L75" + "specLocation": "security/_types/Privileges.ts#L41-L78" }, { "kind": "interface", @@ -143686,11 +143689,14 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L123-L125" + "specLocation": "security/_types/Privileges.ts#L159-L161" }, { "kind": "enum", "members": [ + { + "name": "none" + }, { "name": "all" }, @@ -143750,7 +143756,7 @@ "name": "IndexPrivilege", "namespace": "security._types" }, - "specLocation": "security/_types/Privileges.ts#L102-L121" + "specLocation": "security/_types/Privileges.ts#L137-L157" }, { "kind": "interface", @@ -143761,15 +143767,30 @@ "properties": [ { "description": "The document fields that the owners of the role have read access to.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/field-and-document-access-control.html", + "docId": "field-and-document-access-control", "name": "field_security", "required": false, "type": { - "kind": "instance_of", - "type": { - "name": "FieldSecurity", - "namespace": "security._types" - } + "items": [ + { + "kind": "instance_of", + "type": { + "name": "FieldSecurity", + "namespace": "security._types" + } + }, + { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "FieldSecurity", + "namespace": "security._types" + } + } + } + ], + "kind": "union_of" } }, { @@ -143804,26 +143825,11 @@ "name": "query", "required": false, "type": { - "items": [ - { - "kind": "instance_of", - "type": { - "name": "string", - "namespace": "_builtins" - } - }, - { - "kind": "array_of", - "value": { - "kind": "instance_of", - "type": { - "name": "string", - "namespace": "_builtins" - } - } - } - ], - "kind": "union_of" + "kind": "instance_of", + "type": { + "name": "IndicesPrivilegesQuery", + "namespace": "security._types" + } } }, { @@ -143840,7 +143846,47 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L77-L100" + "specLocation": "security/_types/Privileges.ts#L80-L103" + }, + { + "codegenNames": [ + "json_text", + "query", + "template" + ], + "description": "While creating or updating a role you can provide either a JSON structure or a string to the API.\nHowever, the response provided by Elasticsearch will only be string with a json-as-text content.\n\nSince this is embedded in `IndicesPrivileges`, the same structure is used for clarity in both contexts.", + "kind": "type_alias", + "name": { + "name": "IndicesPrivilegesQuery", + "namespace": "security._types" + }, + "specLocation": "security/_types/Privileges.ts#L105-L113", + "type": { + "items": [ + { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + }, + { + "kind": "instance_of", + "type": { + "name": "QueryContainer", + "namespace": "_types.query_dsl" + } + }, + { + "kind": "instance_of", + "type": { + "name": "RoleTemplateQuery", + "namespace": "security._types" + } + } + ], + "kind": "union_of" + } }, { "kind": "interface", @@ -143864,7 +143910,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L131-L133" + "specLocation": "security/_types/Privileges.ts#L167-L169" }, { "kind": "interface", @@ -144053,6 +144099,133 @@ "kind": "container" } }, + { + "inherits": { + "type": { + "name": "ScriptBase", + "namespace": "_types" + } + }, + "kind": "interface", + "name": { + "name": "RoleTemplateInlineScript", + "namespace": "security._types" + }, + "properties": [ + { + "name": "lang", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "ScriptLanguage", + "namespace": "_types" + } + } + }, + { + "name": "options", + "required": false, + "type": { + "key": { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + }, + "kind": "dictionary_of", + "singleKey": false, + "value": { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + } + } + }, + { + "name": "source", + "required": true, + "type": { + "items": [ + { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + }, + { + "kind": "instance_of", + "type": { + "name": "QueryContainer", + "namespace": "_types.query_dsl" + } + } + ], + "kind": "union_of" + } + } + ], + "shortcutProperty": "source", + "specLocation": "security/_types/Privileges.ts#L127-L132" + }, + { + "kind": "interface", + "name": { + "name": "RoleTemplateQuery", + "namespace": "security._types" + }, + "properties": [ + { + "description": "When you create a role, you can specify a query that defines the document level security permissions. You can optionally\nuse Mustache templates in the role query to insert the username of the current authenticated user into the role.\nLike other places in Elasticsearch that support templating or scripting, you can specify inline, stored, or file-based\ntemplates and define custom parameters. You access the details for the current authenticated user through the _user parameter.", + "docId": "templating-role-query", + "name": "template", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "RoleTemplateScript", + "namespace": "security._types" + } + } + } + ], + "specLocation": "security/_types/Privileges.ts#L115-L125" + }, + { + "codegenNames": [ + "inline", + "stored" + ], + "kind": "type_alias", + "name": { + "name": "RoleTemplateScript", + "namespace": "security._types" + }, + "specLocation": "security/_types/Privileges.ts#L134-L135", + "type": { + "items": [ + { + "kind": "instance_of", + "type": { + "name": "RoleTemplateInlineScript", + "namespace": "security._types" + } + }, + { + "kind": "instance_of", + "type": { + "name": "StoredScriptId", + "namespace": "_types" + } + } + ], + "kind": "union_of" + } + }, { "kind": "interface", "name": { @@ -147517,6 +147690,7 @@ } }, { + "description": "In this context `IndicesPrivileges.query` property can only be a string, see `IndicesPrivileges` documentation for detail.", "name": "indices", "required": true, "type": { @@ -147551,7 +147725,7 @@ "name": "Response", "namespace": "security.get_user_privileges" }, - "specLocation": "security/get_user_privileges/SecurityGetUserPrivilegesResponse.ts#L26-L34" + "specLocation": "security/get_user_privileges/SecurityGetUserPrivilegesResponse.ts#L26-L37" }, { "kind": "interface", diff --git a/output/typescript/types.ts b/output/typescript/types.ts index c259bc66b5..277f14dbf7 100644 --- a/output/typescript/types.ts +++ b/output/typescript/types.ts @@ -14418,7 +14418,7 @@ export interface SecurityClusterNode { name: Name } -export type SecurityClusterPrivilege = 'all' | 'cancel_task' | 'create_snapshot' | 'grant_api_key' | 'manage' | 'manage_api_key' | 'manage_ccr' | 'manage_ilm' | 'manage_index_templates' | 'manage_ingest_pipelines' | 'manage_logstash_pipelines' | 'manage_ml' | 'manage_oidc' | 'manage_own_api_key' | 'manage_pipeline' | 'manage_rollup' | 'manage_saml' | 'manage_security' | 'manage_service_account' | 'manage_slm' | 'manage_token' | 'manage_transform' | 'manage_watcher' | 'monitor' | 'monitor_ml' | 'monitor_rollup' | 'monitor_snapshot' | 'monitor_text_structure' | 'monitor_transform' | 'monitor_watcher' | 'read_ccr' | 'read_ilm' | 'read_pipeline' | 'read_slm' | 'transport_client' +export type SecurityClusterPrivilege = 'all' | 'cancel_task' | 'create_snapshot' | 'grant_api_key' | 'manage' | 'manage_api_key' | 'manage_ccr' | 'manage_enrich' | 'manage_ilm' | 'manage_index_templates' | 'manage_ingest_pipelines' | 'manage_logstash_pipelines' | 'manage_ml' | 'manage_oidc' | 'manage_own_api_key' | 'manage_pipeline' | 'manage_rollup' | 'manage_saml' | 'manage_security' | 'manage_service_account' | 'manage_slm' | 'manage_token' | 'manage_transform' | 'manage_watcher' | 'monitor' | 'monitor_ml' | 'monitor_rollup' | 'monitor_snapshot' | 'monitor_text_structure' | 'monitor_transform' | 'monitor_watcher' | 'read_ccr' | 'read_ilm' | 'read_pipeline' | 'read_slm' | 'transport_client' export interface SecurityCreatedStatus { created: boolean @@ -14441,16 +14441,18 @@ export interface SecurityGlobalPrivilege { application: SecurityApplicationGlobalUserPrivileges } -export type SecurityIndexPrivilege = 'all' | 'auto_configure' | 'create' | 'create_doc' | 'create_index' | 'delete' | 'delete_index' | 'index' | 'maintenance' | 'manage' | 'manage_follow_index' | 'manage_ilm' | 'manage_leader_index' | 'monitor' | 'read' | 'read_cross_cluster' | 'view_index_metadata' | 'write' +export type SecurityIndexPrivilege = 'none' | 'all' | 'auto_configure' | 'create' | 'create_doc' | 'create_index' | 'delete' | 'delete_index' | 'index' | 'maintenance' | 'manage' | 'manage_follow_index' | 'manage_ilm' | 'manage_leader_index' | 'monitor' | 'read' | 'read_cross_cluster' | 'view_index_metadata' | 'write' export interface SecurityIndicesPrivileges { - field_security?: SecurityFieldSecurity + field_security?: SecurityFieldSecurity | SecurityFieldSecurity[] names: Indices privileges: SecurityIndexPrivilege[] - query?: string | string[] + query?: SecurityIndicesPrivilegesQuery allow_restricted_indices?: boolean } +export type SecurityIndicesPrivilegesQuery = string | QueryDslQueryContainer | SecurityRoleTemplateQuery + export interface SecurityManageUserPrivileges { applications: string[] } @@ -14479,6 +14481,18 @@ export interface SecurityRoleMappingRule { except?: SecurityRoleMappingRule } +export interface SecurityRoleTemplateInlineScript extends ScriptBase { + lang?: ScriptLanguage + options?: Record + source: string | QueryDslQueryContainer +} + +export interface SecurityRoleTemplateQuery { + template?: SecurityRoleTemplateScript +} + +export type SecurityRoleTemplateScript = SecurityRoleTemplateInlineScript | string | QueryDslQueryContainer | StoredScriptId + export interface SecurityTransientMetadataConfig { enabled: boolean } diff --git a/specification/security/_types/Privileges.ts b/specification/security/_types/Privileges.ts index c2cd61457c..f847cc971c 100644 --- a/specification/security/_types/Privileges.ts +++ b/specification/security/_types/Privileges.ts @@ -17,9 +17,11 @@ * under the License. */ +import { Dictionary } from '@spec_utils/Dictionary' import { Indices } from '@_types/common' import { QueryContainer } from '@_types/query_dsl/abstractions' import { FieldSecurity } from './FieldSecurity' +import { ScriptLanguage, ScriptBase, StoredScriptId } from '@_types/Scripting' export class ApplicationPrivileges { /** @@ -44,6 +46,7 @@ export enum ClusterPrivilege { manage, manage_api_key, manage_ccr, + manage_enrich, manage_ilm, manage_index_templates, manage_ingest_pipelines, @@ -77,9 +80,9 @@ export enum ClusterPrivilege { export class IndicesPrivileges { /** * The document fields that the owners of the role have read access to. - * @doc_url https://www.elastic.co/guide/en/elasticsearch/reference/current/field-and-document-access-control.html + * @doc_id field-and-document-access-control */ - field_security?: FieldSecurity + field_security?: FieldSecurity | FieldSecurity[] /** * A list of indices (or index name patterns) to which the permissions in this entry apply. */ @@ -91,7 +94,7 @@ export class IndicesPrivileges { /** * A search query that defines the documents the owners of the role have read access to. A document within the specified indices must match this query for it to be accessible by the owners of the role. */ - query?: string | string[] + query?: IndicesPrivilegesQuery /** * Set to `true` if using wildcard or regular expressions for patterns that cover restricted indices. Implicitly, restricted indices have limited privileges that can cause pattern tests to fail. If restricted indices are explicitly included in the `names` list, Elasticsearch checks privileges against these indices regardless of the value set for `allow_restricted_indices`. * @server_default false @@ -99,7 +102,40 @@ export class IndicesPrivileges { allow_restricted_indices?: boolean } +/** + * While creating or updating a role you can provide either a JSON structure or a string to the API. + * However, the response provided by Elasticsearch will only be string with a json-as-text content. + * + * Since this is embedded in `IndicesPrivileges`, the same structure is used for clarity in both contexts. + * + * @codegen_names json_text, query, template + */ +export type IndicesPrivilegesQuery = string | QueryContainer | RoleTemplateQuery + +export class RoleTemplateQuery { + /** + * When you create a role, you can specify a query that defines the document level security permissions. You can optionally + * use Mustache templates in the role query to insert the username of the current authenticated user into the role. + * Like other places in Elasticsearch that support templating or scripting, you can specify inline, stored, or file-based + * templates and define custom parameters. You access the details for the current authenticated user through the _user parameter. + * + * @doc_id templating-role-query + */ + template?: RoleTemplateScript +} + +/** @shortcut_property source */ +export class RoleTemplateInlineScript extends ScriptBase { + lang?: ScriptLanguage + options?: Dictionary + source: string | QueryContainer +} + +/** @codegen_names inline, stored */ +export type RoleTemplateScript = RoleTemplateInlineScript | StoredScriptId + export enum IndexPrivilege { + none, all, auto_configure, create, diff --git a/specification/security/get_user_privileges/SecurityGetUserPrivilegesResponse.ts b/specification/security/get_user_privileges/SecurityGetUserPrivilegesResponse.ts index d7a798a07b..06617521de 100644 --- a/specification/security/get_user_privileges/SecurityGetUserPrivilegesResponse.ts +++ b/specification/security/get_user_privileges/SecurityGetUserPrivilegesResponse.ts @@ -28,6 +28,9 @@ export class Response { applications: ApplicationPrivileges[] cluster: string[] global: GlobalPrivilege[] + /** + * In this context `IndicesPrivileges.query` property can only be a string, see `IndicesPrivileges` documentation for detail. + */ indices: IndicesPrivileges[] run_as: string[] }