diff --git a/output/schema/schema.json b/output/schema/schema.json index 01ba4736be..e0d8cfff22 100644 --- a/output/schema/schema.json +++ b/output/schema/schema.json @@ -11723,15 +11723,22 @@ "description": "Updates attributes of an existing API key.", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-update-api-key.html", "name": "security.update_api_key", - "request": null, + "request": { + "name": "Request", + "namespace": "security.update_api_key" + }, "requestBodyRequired": false, "requestMediaType": [ "application/json" ], - "response": null, + "response": { + "name": "Response", + "namespace": "security.update_api_key" + }, "responseMediaType": [ "application/json" ], + "since": "8.4.0", "stability": "stable", "urls": [ { @@ -153950,6 +153957,260 @@ ], "specLocation": "security/_types/RealmInfo.ts#L22-L25" }, + { + "kind": "interface", + "name": { + "name": "RoleDescriptor", + "namespace": "security._types" + }, + "properties": [ + { + "name": "cluster", + "required": false, + "type": { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + } + } + }, + { + "aliases": [ + "index" + ], + "name": "indices", + "required": false, + "type": { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "IndicesPrivileges", + "namespace": "security._types" + } + } + } + }, + { + "name": "global", + "required": false, + "type": { + "items": [ + { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "GlobalPrivilege", + "namespace": "security._types" + } + } + }, + { + "kind": "instance_of", + "type": { + "name": "GlobalPrivilege", + "namespace": "security._types" + } + } + ], + "kind": "union_of" + } + }, + { + "name": "applications", + "required": false, + "type": { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "ApplicationPrivileges", + "namespace": "security._types" + } + } + } + }, + { + "name": "metadata", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "Metadata", + "namespace": "_types" + } + } + }, + { + "name": "run_as", + "required": false, + "type": { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + } + } + }, + { + "name": "transient_metadata", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "TransientMetadataConfig", + "namespace": "security._types" + } + } + } + ], + "specLocation": "security/_types/RoleDescriptor.ts#L27-L36" + }, + { + "attachedBehaviors": [ + "OverloadOf" + ], + "behaviors": [ + { + "generics": [ + { + "kind": "instance_of", + "type": { + "name": "RoleDescriptor", + "namespace": "security._types" + } + } + ], + "type": { + "name": "OverloadOf", + "namespace": "_spec_utils" + } + } + ], + "kind": "interface", + "name": { + "name": "RoleDescriptorRead", + "namespace": "security._types" + }, + "properties": [ + { + "name": "cluster", + "required": true, + "type": { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + } + } + }, + { + "aliases": [ + "index" + ], + "name": "indices", + "required": true, + "type": { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "IndicesPrivileges", + "namespace": "security._types" + } + } + } + }, + { + "name": "global", + "required": false, + "type": { + "items": [ + { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "GlobalPrivilege", + "namespace": "security._types" + } + } + }, + { + "kind": "instance_of", + "type": { + "name": "GlobalPrivilege", + "namespace": "security._types" + } + } + ], + "kind": "union_of" + } + }, + { + "name": "applications", + "required": false, + "type": { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "ApplicationPrivileges", + "namespace": "security._types" + } + } + } + }, + { + "name": "metadata", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "Metadata", + "namespace": "_types" + } + } + }, + { + "name": "run_as", + "required": false, + "type": { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + } + } + }, + { + "name": "transient_metadata", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "TransientMetadataConfig", + "namespace": "security._types" + } + } + } + ], + "specLocation": "security/_types/RoleDescriptor.ts#L38-L47" + }, { "kind": "interface", "name": { @@ -155556,7 +155817,7 @@ "kind": "instance_of", "type": { "name": "RoleDescriptor", - "namespace": "security.create_api_key" + "namespace": "security._types" } } } @@ -155679,123 +155940,6 @@ }, "specLocation": "security/create_api_key/SecurityCreateApiKeyResponse.ts#L23-L49" }, - { - "kind": "interface", - "name": { - "name": "RoleDescriptor", - "namespace": "security.create_api_key" - }, - "properties": [ - { - "name": "cluster", - "required": true, - "type": { - "kind": "array_of", - "value": { - "kind": "instance_of", - "type": { - "name": "string", - "namespace": "_builtins" - } - } - } - }, - { - "aliases": [ - "index" - ], - "name": "indices", - "required": true, - "type": { - "kind": "array_of", - "value": { - "kind": "instance_of", - "type": { - "name": "IndicesPrivileges", - "namespace": "security._types" - } - } - } - }, - { - "name": "global", - "required": false, - "type": { - "items": [ - { - "kind": "array_of", - "value": { - "kind": "instance_of", - "type": { - "name": "GlobalPrivilege", - "namespace": "security._types" - } - } - }, - { - "kind": "instance_of", - "type": { - "name": "GlobalPrivilege", - "namespace": "security._types" - } - } - ], - "kind": "union_of" - } - }, - { - "name": "applications", - "required": false, - "type": { - "kind": "array_of", - "value": { - "kind": "instance_of", - "type": { - "name": "ApplicationPrivileges", - "namespace": "security._types" - } - } - } - }, - { - "name": "metadata", - "required": false, - "type": { - "kind": "instance_of", - "type": { - "name": "Metadata", - "namespace": "_types" - } - } - }, - { - "name": "run_as", - "required": false, - "type": { - "kind": "array_of", - "value": { - "kind": "instance_of", - "type": { - "name": "string", - "namespace": "_builtins" - } - } - } - }, - { - "name": "transient_metadata", - "required": false, - "type": { - "kind": "instance_of", - "type": { - "name": "TransientMetadataConfig", - "namespace": "security._types" - } - } - } - ], - "specLocation": "security/create_api_key/types.ts#L30-L39" - }, { "attachedBehaviors": [ "CommonQueryParameters" @@ -157492,123 +157636,6 @@ }, "specLocation": "security/get_service_accounts/GetServiceAccountsResponse.ts#L23-L25" }, - { - "kind": "interface", - "name": { - "name": "RoleDescriptor", - "namespace": "security.get_service_accounts" - }, - "properties": [ - { - "name": "cluster", - "required": true, - "type": { - "kind": "array_of", - "value": { - "kind": "instance_of", - "type": { - "name": "string", - "namespace": "_builtins" - } - } - } - }, - { - "aliases": [ - "index" - ], - "name": "indices", - "required": true, - "type": { - "kind": "array_of", - "value": { - "kind": "instance_of", - "type": { - "name": "IndicesPrivileges", - "namespace": "security._types" - } - } - } - }, - { - "name": "global", - "required": false, - "type": { - "items": [ - { - "kind": "array_of", - "value": { - "kind": "instance_of", - "type": { - "name": "GlobalPrivilege", - "namespace": "security._types" - } - } - }, - { - "kind": "instance_of", - "type": { - "name": "GlobalPrivilege", - "namespace": "security._types" - } - } - ], - "kind": "union_of" - } - }, - { - "name": "applications", - "required": false, - "type": { - "kind": "array_of", - "value": { - "kind": "instance_of", - "type": { - "name": "ApplicationPrivileges", - "namespace": "security._types" - } - } - } - }, - { - "name": "metadata", - "required": false, - "type": { - "kind": "instance_of", - "type": { - "name": "Metadata", - "namespace": "_types" - } - } - }, - { - "name": "run_as", - "required": false, - "type": { - "kind": "array_of", - "value": { - "kind": "instance_of", - "type": { - "name": "string", - "namespace": "_builtins" - } - } - } - }, - { - "name": "transient_metadata", - "required": false, - "type": { - "kind": "instance_of", - "type": { - "name": "TransientMetadataConfig", - "namespace": "security._types" - } - } - } - ], - "specLocation": "security/get_service_accounts/types.ts#L32-L41" - }, { "kind": "interface", "name": { @@ -157622,13 +157649,13 @@ "type": { "kind": "instance_of", "type": { - "name": "RoleDescriptor", - "namespace": "security.get_service_accounts" + "name": "RoleDescriptorRead", + "namespace": "security._types" } } } ], - "specLocation": "security/get_service_accounts/types.ts#L28-L30" + "specLocation": "security/get_service_accounts/types.ts#L22-L24" }, { "kind": "interface", @@ -161109,6 +161136,105 @@ ], "specLocation": "security/suggest_user_profiles/Response.ts#L24-L27" }, + { + "attachedBehaviors": [ + "CommonQueryParameters" + ], + "body": { + "kind": "properties", + "properties": [ + { + "description": "An array of role descriptors for this API key. This parameter is optional. When it is not specified or is an empty array, then the API key will have a point in time snapshot of permissions of the authenticated user. If you supply role descriptors then the resultant permissions would be an intersection of API keys permissions and authenticated user’s permissions thereby limiting the access scope for API keys. The structure of role descriptor is the same as the request for create role API. For more details, see create or update roles API.", + "docId": "security-api-put-role", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-put-role.html", + "name": "role_descriptors", + "required": false, + "type": { + "key": { + "kind": "instance_of", + "type": { + "name": "string", + "namespace": "_builtins" + } + }, + "kind": "dictionary_of", + "singleKey": false, + "value": { + "kind": "instance_of", + "type": { + "name": "RoleDescriptor", + "namespace": "security._types" + } + } + } + }, + { + "description": "Arbitrary metadata that you want to associate with the API key. It supports nested data structure. Within the metadata object, keys beginning with _ are reserved for system usage.", + "name": "metadata", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "Metadata", + "namespace": "_types" + } + } + } + ] + }, + "description": "Updates attributes of an existing API key.", + "inherits": { + "type": { + "name": "RequestBase", + "namespace": "_types" + } + }, + "kind": "request", + "name": { + "name": "Request", + "namespace": "security.update_api_key" + }, + "path": [ + { + "description": "The ID of the API key to update.", + "name": "id", + "required": true, + "type": { + "kind": "instance_of", + "type": { + "name": "Id", + "namespace": "_types" + } + } + } + ], + "query": [], + "specLocation": "security/update_api_key/Request.ts#L25-L49" + }, + { + "body": { + "kind": "properties", + "properties": [ + { + "name": "updated", + "required": true, + "type": { + "kind": "instance_of", + "type": { + "name": "boolean", + "namespace": "_builtins" + } + } + } + ] + }, + "kind": "response", + "name": { + "name": "Response", + "namespace": "security.update_api_key" + }, + "specLocation": "security/update_api_key/Response.ts#L20-L24" + }, { "attachedBehaviors": [ "CommonQueryParameters" diff --git a/output/schema/validation-errors.json b/output/schema/validation-errors.json index 5bb70300a6..6e5a27136f 100644 --- a/output/schema/validation-errors.json +++ b/output/schema/validation-errors.json @@ -2024,12 +2024,6 @@ "response definition security.suggest_user_profiles:Response / body / Property 'profiles' / array_of / instance_of - Non-leaf type cannot be used here: 'security._types:UserProfile'" ] }, - "security.update_api_key": { - "request": [ - "Missing request & response" - ], - "response": [] - }, "security.update_user_profile_data": { "request": [], "response": [ diff --git a/output/typescript/types.ts b/output/typescript/types.ts index f5a57588f3..c5e1341f3d 100644 --- a/output/typescript/types.ts +++ b/output/typescript/types.ts @@ -15218,6 +15218,28 @@ export interface SecurityRealmInfo { type: string } +export interface SecurityRoleDescriptor { + cluster?: string[] + indices?: SecurityIndicesPrivileges[] + index?: SecurityIndicesPrivileges[] + global?: SecurityGlobalPrivilege[] | SecurityGlobalPrivilege + applications?: SecurityApplicationPrivileges[] + metadata?: Metadata + run_as?: string[] + transient_metadata?: SecurityTransientMetadataConfig +} + +export interface SecurityRoleDescriptorRead { + cluster: string[] + indices: SecurityIndicesPrivileges[] + index: SecurityIndicesPrivileges[] + global?: SecurityGlobalPrivilege[] | SecurityGlobalPrivilege + applications?: SecurityApplicationPrivileges[] + metadata?: Metadata + run_as?: string[] + transient_metadata?: SecurityTransientMetadataConfig +} + export interface SecurityRoleMapping { enabled: boolean metadata: Metadata @@ -15390,7 +15412,7 @@ export interface SecurityCreateApiKeyRequest extends RequestBase { body?: { expiration?: Duration name?: Name - role_descriptors?: Record + role_descriptors?: Record metadata?: Metadata } } @@ -15403,17 +15425,6 @@ export interface SecurityCreateApiKeyResponse { encoded: string } -export interface SecurityCreateApiKeyRoleDescriptor { - cluster: string[] - indices: SecurityIndicesPrivileges[] - index: SecurityIndicesPrivileges[] - global?: SecurityGlobalPrivilege[] | SecurityGlobalPrivilege - applications?: SecurityApplicationPrivileges[] - metadata?: Metadata - run_as?: string[] - transient_metadata?: SecurityTransientMetadataConfig -} - export interface SecurityCreateServiceTokenRequest extends RequestBase { namespace: Namespace service: Service @@ -15600,19 +15611,8 @@ export interface SecurityGetServiceAccountsRequest extends RequestBase { export type SecurityGetServiceAccountsResponse = Record -export interface SecurityGetServiceAccountsRoleDescriptor { - cluster: string[] - indices: SecurityIndicesPrivileges[] - index: SecurityIndicesPrivileges[] - global?: SecurityGlobalPrivilege[] | SecurityGlobalPrivilege - applications?: SecurityApplicationPrivileges[] - metadata?: Metadata - run_as?: string[] - transient_metadata?: SecurityTransientMetadataConfig -} - export interface SecurityGetServiceAccountsRoleDescriptorWrapper { - role_descriptor: SecurityGetServiceAccountsRoleDescriptor + role_descriptor: SecurityRoleDescriptorRead } export interface SecurityGetServiceCredentialsNodesCredentials { @@ -15999,6 +15999,18 @@ export interface SecuritySuggestUserProfilesTotalUserProfiles { relation: RelationName } +export interface SecurityUpdateApiKeyRequest extends RequestBase { + id: Id + body?: { + role_descriptors?: Record + metadata?: Metadata + } +} + +export interface SecurityUpdateApiKeyResponse { + updated: boolean +} + export interface SecurityUpdateUserProfileDataRequest extends RequestBase { uid: SecurityUserProfileId if_seq_no?: SequenceNumber diff --git a/specification/security/create_api_key/types.ts b/specification/security/_types/RoleDescriptor.ts similarity index 63% rename from specification/security/create_api_key/types.ts rename to specification/security/_types/RoleDescriptor.ts index 26680309e4..e24fb3c9cb 100644 --- a/specification/security/create_api_key/types.ts +++ b/specification/security/_types/RoleDescriptor.ts @@ -17,20 +17,17 @@ * under the License. */ -import { - IndexPrivilege, - ApplicationPrivileges, - IndicesPrivileges, - GlobalPrivilege -} from '@security/_types/Privileges' -import { Indices, Metadata } from '@_types/common' -import { TransientMetadataConfig } from '@security/_types/TransientMetadataConfig' +import { GlobalPrivilege } from './Privileges' +import { IndicesPrivileges } from './Privileges' +import { ApplicationPrivileges } from './Privileges' +import { TransientMetadataConfig } from './TransientMetadataConfig' +import { Metadata } from '@_types/common' +import { OverloadOf } from '@spec_utils/behaviors' -// FIXME: should be merged with get_service_accounts/RoleDescriptor export class RoleDescriptor { - cluster: string[] + cluster?: string[] /** @aliases index */ - indices: IndicesPrivileges[] + indices?: IndicesPrivileges[] global?: GlobalPrivilege[] | GlobalPrivilege applications?: ApplicationPrivileges[] metadata?: Metadata @@ -38,7 +35,13 @@ export class RoleDescriptor { transient_metadata?: TransientMetadataConfig } -export class IndexPrivileges { - names: Indices - privileges: IndexPrivilege[] +export class RoleDescriptorRead implements OverloadOf { + cluster: string[] + /** @aliases index */ + indices: IndicesPrivileges[] + global?: GlobalPrivilege[] | GlobalPrivilege + applications?: ApplicationPrivileges[] + metadata?: Metadata + run_as?: string[] + transient_metadata?: TransientMetadataConfig } diff --git a/specification/security/create_api_key/SecurityCreateApiKeyRequest.ts b/specification/security/create_api_key/SecurityCreateApiKeyRequest.ts index 353f699d05..69f60f7aaf 100644 --- a/specification/security/create_api_key/SecurityCreateApiKeyRequest.ts +++ b/specification/security/create_api_key/SecurityCreateApiKeyRequest.ts @@ -21,7 +21,7 @@ import { Dictionary } from '@spec_utils/Dictionary' import { RequestBase } from '@_types/Base' import { Metadata, Name, Refresh } from '@_types/common' import { Duration } from '@_types/Time' -import { RoleDescriptor } from './types' +import { RoleDescriptor } from '@security/_types/RoleDescriptor' /** * @rest_spec_name security.create_api_key diff --git a/specification/security/get_service_accounts/types.ts b/specification/security/get_service_accounts/types.ts index 340b8c4e70..46bae57695 100644 --- a/specification/security/get_service_accounts/types.ts +++ b/specification/security/get_service_accounts/types.ts @@ -17,25 +17,8 @@ * under the License. */ -import { - IndicesPrivileges, - GlobalPrivilege, - ApplicationPrivileges -} from '@security/_types/Privileges' -import { TransientMetadataConfig } from '@security/_types/TransientMetadataConfig' -import { Metadata } from '@_types/common' +import { RoleDescriptorRead } from '@security/_types/RoleDescriptor' export class RoleDescriptorWrapper { - role_descriptor: RoleDescriptor -} - -export class RoleDescriptor { - cluster: string[] - /** @aliases index */ - indices: IndicesPrivileges[] - global?: GlobalPrivilege[] | GlobalPrivilege - applications?: ApplicationPrivileges[] - metadata?: Metadata - run_as?: string[] - transient_metadata?: TransientMetadataConfig + role_descriptor: RoleDescriptorRead } diff --git a/specification/security/update_api_key/Request.ts b/specification/security/update_api_key/Request.ts new file mode 100644 index 0000000000..bb5e5ca66b --- /dev/null +++ b/specification/security/update_api_key/Request.ts @@ -0,0 +1,49 @@ +/* + * Licensed to Elasticsearch B.V. under one or more contributor + * license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright + * ownership. Elasticsearch B.V. licenses this file to you under + * the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import { RequestBase } from '@_types/Base' +import { Id, Metadata } from '@_types/common' +import { Dictionary } from '@spec_utils/Dictionary' +import { RoleDescriptor } from '@security/_types/RoleDescriptor' + +/** + * Updates attributes of an existing API key. + * @rest_spec_name security.update_api_key + * @since 8.4.0 + * @stability stable + */ +export interface Request extends RequestBase { + path_parts: { + /** + * The ID of the API key to update. + */ + id: Id + } + body: { + /** + * An array of role descriptors for this API key. This parameter is optional. When it is not specified or is an empty array, then the API key will have a point in time snapshot of permissions of the authenticated user. If you supply role descriptors then the resultant permissions would be an intersection of API keys permissions and authenticated user’s permissions thereby limiting the access scope for API keys. The structure of role descriptor is the same as the request for create role API. For more details, see create or update roles API. + * @doc_id security-api-put-role + */ + role_descriptors?: Dictionary + /** + * Arbitrary metadata that you want to associate with the API key. It supports nested data structure. Within the metadata object, keys beginning with _ are reserved for system usage. + */ + metadata?: Metadata + } +} diff --git a/specification/security/update_api_key/Response.ts b/specification/security/update_api_key/Response.ts new file mode 100644 index 0000000000..06ccb9c405 --- /dev/null +++ b/specification/security/update_api_key/Response.ts @@ -0,0 +1,24 @@ +/* + * Licensed to Elasticsearch B.V. under one or more contributor + * license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright + * ownership. Elasticsearch B.V. licenses this file to you under + * the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +export class Response { + body: { + updated: boolean + } +}