From c3a59f7b23860ca2b4522422fecf038ba66ffe54 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 13 Jan 2025 12:29:05 +0100 Subject: [PATCH] Add security.update_settings and security.get_settings (#3396) (#3507) Co-authored-by: Laura Trotta <153528055+l-trotta@users.noreply.github.com> (cherry picked from commit c016f9ff03152a9d09c38830627d03370e2bcb86) Co-authored-by: Lisa Cawley --- output/openapi/elasticsearch-openapi.json | 129 +++++++++ output/schema/schema.json | 256 +++++++++++++++++- output/schema/validation-errors.json | 12 - output/typescript/types.ts | 28 ++ specification/_doc_ids/table.csv | 2 + .../security/_types/SecuritySettings.ts | 24 ++ .../SecurityGetSettingsRequest.ts | 39 +++ .../SecurityGetSettingsResponse.ts | 36 +++ .../SecurityUpdateSettingsRequest.ts | 61 +++++ .../SecurityUpdateSettingsResponse.ts | 24 ++ 10 files changed, 591 insertions(+), 20 deletions(-) create mode 100644 specification/security/_types/SecuritySettings.ts create mode 100644 specification/security/get_settings/SecurityGetSettingsRequest.ts create mode 100644 specification/security/get_settings/SecurityGetSettingsResponse.ts create mode 100644 specification/security/update_settings/SecurityUpdateSettingsRequest.ts create mode 100644 specification/security/update_settings/SecurityUpdateSettingsResponse.ts diff --git a/output/openapi/elasticsearch-openapi.json b/output/openapi/elasticsearch-openapi.json index d2b7e57799..a47b0075a3 100644 --- a/output/openapi/elasticsearch-openapi.json +++ b/output/openapi/elasticsearch-openapi.json @@ -30739,6 +30739,127 @@ "x-state": "Added in 7.13.0" } }, + "/_security/settings": { + "get": { + "tags": [ + "security" + ], + "summary": "Get security index settings", + "description": "Get the user-configurable settings for the security internal index (`.security` and associated indices).", + "operationId": "security-get-settings", + "parameters": [ + { + "in": "query", + "name": "master_timeout", + "description": "Period to wait for a connection to the master node.\nIf no response is received before the timeout expires, the request fails and returns an error.", + "deprecated": false, + "schema": { + "$ref": "#/components/schemas/_types:Duration" + }, + "style": "form" + } + ], + "responses": { + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "security": { + "$ref": "#/components/schemas/security._types:SecuritySettings" + }, + "security-profile": { + "$ref": "#/components/schemas/security._types:SecuritySettings" + }, + "security-tokens": { + "$ref": "#/components/schemas/security._types:SecuritySettings" + } + }, + "required": [ + "security", + "security-profile", + "security-tokens" + ] + } + } + } + } + } + }, + "put": { + "tags": [ + "security" + ], + "summary": "Update security index settings", + "description": "Update the user-configurable settings for the security internal index (`.security` and associated indices). Only a subset of settings are allowed to be modified, for example `index.auto_expand_replicas` and `index.number_of_replicas`.\n\nIf a specific index is not in use on the system and settings are provided for it, the request will be rejected. This API does not yet support configuring the settings for indices before they are in use.", + "operationId": "security-update-settings", + "parameters": [ + { + "in": "query", + "name": "master_timeout", + "description": "The period to wait for a connection to the master node.\nIf no response is received before the timeout expires, the request fails and returns an error.", + "deprecated": false, + "schema": { + "$ref": "#/components/schemas/_types:Duration" + }, + "style": "form" + }, + { + "in": "query", + "name": "timeout", + "description": "The period to wait for a response.\nIf no response is received before the timeout expires, the request fails and returns an error.", + "deprecated": false, + "schema": { + "$ref": "#/components/schemas/_types:Duration" + }, + "style": "form" + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "security": { + "$ref": "#/components/schemas/security._types:SecuritySettings" + }, + "security-profile": { + "$ref": "#/components/schemas/security._types:SecuritySettings" + }, + "security-tokens": { + "$ref": "#/components/schemas/security._types:SecuritySettings" + } + } + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "", + "content": { + "application/json": { + "schema": { + "type": "object", + "properties": { + "acknowledged": { + "type": "boolean" + } + }, + "required": [ + "acknowledged" + ] + } + } + } + } + } + } + }, "/_security/oauth2/token": { "post": { "tags": [ @@ -85832,6 +85953,14 @@ "nodes" ] }, + "security._types:SecuritySettings": { + "type": "object", + "properties": { + "index": { + "$ref": "#/components/schemas/indices._types:IndexSettings" + } + } + }, "security.get_token:AccessTokenGrantType": { "type": "string", "enum": [ diff --git a/output/schema/schema.json b/output/schema/schema.json index 4a2b70ab31..bd371c8b30 100644 --- a/output/schema/schema.json +++ b/output/schema/schema.json @@ -17070,15 +17070,27 @@ "visibility": "public" } }, - "description": "Retrieve settings for the security system indices", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-settings.html", + "description": "Get security index settings.\nGet the user-configurable settings for the security internal index (`.security` and associated indices).", + "docId": "security-api-get-settings", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-get-settings.html", "name": "security.get_settings", - "request": null, + "privileges": { + "cluster": [ + "read_security" + ] + }, + "request": { + "name": "Request", + "namespace": "security.get_settings" + }, "requestBodyRequired": false, "requestMediaType": [ "application/json" ], - "response": null, + "response": { + "name": "Response", + "namespace": "security.get_settings" + }, "responseMediaType": [ "application/json" ], @@ -18210,15 +18222,27 @@ "visibility": "public" } }, - "description": "Update settings for the security system index", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-update-settings.html", + "description": "Update security index settings.\nUpdate the user-configurable settings for the security internal index (`.security` and associated indices). Only a subset of settings are allowed to be modified, for example `index.auto_expand_replicas` and `index.number_of_replicas`.\n\nIf a specific index is not in use on the system and settings are provided for it, the request will be rejected. This API does not yet support configuring the settings for indices before they are in use.", + "docId": "security-api-update-settings", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-update-settings.html", "name": "security.update_settings", - "request": null, + "privileges": { + "cluster": [ + "manage_security" + ] + }, + "request": { + "name": "Request", + "namespace": "security.update_settings" + }, "requestBodyRequired": true, "requestMediaType": [ "application/json" ], - "response": null, + "response": { + "name": "Response", + "namespace": "security.update_settings" + }, "responseMediaType": [ "application/json" ], @@ -192965,6 +192989,27 @@ ], "specLocation": "security/_types/Privileges.ts#L430-L450" }, + { + "kind": "interface", + "name": { + "name": "SecuritySettings", + "namespace": "security._types" + }, + "properties": [ + { + "name": "index", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "IndexSettings", + "namespace": "indices._types" + } + } + } + ], + "specLocation": "security/_types/SecuritySettings.ts#L22-L24" + }, { "kind": "enum", "members": [ @@ -197431,6 +197476,91 @@ }, "specLocation": "security/get_service_credentials/GetServiceCredentialsResponse.ts#L25-L33" }, + { + "kind": "request", + "attachedBehaviors": [ + "CommonQueryParameters" + ], + "body": { + "kind": "no_body" + }, + "description": "Get security index settings.\nGet the user-configurable settings for the security internal index (`.security` and associated indices).", + "inherits": { + "type": { + "name": "RequestBase", + "namespace": "_types" + } + }, + "name": { + "name": "Request", + "namespace": "security.get_settings" + }, + "path": [], + "query": [ + { + "description": "Period to wait for a connection to the master node.\nIf no response is received before the timeout expires, the request fails and returns an error.", + "name": "master_timeout", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "Duration", + "namespace": "_types" + } + } + } + ], + "specLocation": "security/get_settings/SecurityGetSettingsRequest.ts#L23-L39" + }, + { + "kind": "response", + "body": { + "kind": "properties", + "properties": [ + { + "description": "Settings for the index used for most security configuration, including native realm users and roles configured with the API.", + "name": "security", + "required": true, + "type": { + "kind": "instance_of", + "type": { + "name": "SecuritySettings", + "namespace": "security._types" + } + } + }, + { + "description": "Settings for the index used to store profile information.", + "name": "security-profile", + "required": true, + "type": { + "kind": "instance_of", + "type": { + "name": "SecuritySettings", + "namespace": "security._types" + } + } + }, + { + "description": "Settings for the index used to store tokens.", + "name": "security-tokens", + "required": true, + "type": { + "kind": "instance_of", + "type": { + "name": "SecuritySettings", + "namespace": "security._types" + } + } + } + ] + }, + "name": { + "name": "Response", + "namespace": "security.get_settings" + }, + "specLocation": "security/get_settings/SecurityGetSettingsResponse.ts#L21-L36" + }, { "kind": "enum", "members": [ @@ -203061,6 +203191,116 @@ }, "specLocation": "security/update_cross_cluster_api_key/UpdateCrossClusterApiKeyResponse.ts#L20-L28" }, + { + "kind": "request", + "attachedBehaviors": [ + "CommonQueryParameters" + ], + "body": { + "kind": "properties", + "properties": [ + { + "description": "Settings for the index used for most security configuration, including native realm users and roles configured with the API.", + "name": "security", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "SecuritySettings", + "namespace": "security._types" + } + } + }, + { + "description": "Settings for the index used to store profile information.", + "name": "security-profile", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "SecuritySettings", + "namespace": "security._types" + } + } + }, + { + "description": "Settings for the index used to store tokens.", + "name": "security-tokens", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "SecuritySettings", + "namespace": "security._types" + } + } + } + ] + }, + "description": "Update security index settings.\nUpdate the user-configurable settings for the security internal index (`.security` and associated indices). Only a subset of settings are allowed to be modified, for example `index.auto_expand_replicas` and `index.number_of_replicas`.\n\nIf a specific index is not in use on the system and settings are provided for it, the request will be rejected. This API does not yet support configuring the settings for indices before they are in use.", + "inherits": { + "type": { + "name": "RequestBase", + "namespace": "_types" + } + }, + "name": { + "name": "Request", + "namespace": "security.update_settings" + }, + "path": [], + "query": [ + { + "description": "The period to wait for a connection to the master node.\nIf no response is received before the timeout expires, the request fails and returns an error.", + "name": "master_timeout", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "Duration", + "namespace": "_types" + } + } + }, + { + "description": "The period to wait for a response.\nIf no response is received before the timeout expires, the request fails and returns an error.", + "name": "timeout", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "Duration", + "namespace": "_types" + } + } + } + ], + "specLocation": "security/update_settings/SecurityUpdateSettingsRequest.ts#L24-L61" + }, + { + "kind": "response", + "body": { + "kind": "properties", + "properties": [ + { + "name": "acknowledged", + "required": true, + "type": { + "kind": "instance_of", + "type": { + "name": "boolean", + "namespace": "_builtins" + } + } + } + ] + }, + "name": { + "name": "Response", + "namespace": "security.update_settings" + }, + "specLocation": "security/update_settings/SecurityUpdateSettingsResponse.ts#L20-L24" + }, { "kind": "request", "attachedBehaviors": [ diff --git a/output/schema/validation-errors.json b/output/schema/validation-errors.json index a7febcbd18..029b140996 100644 --- a/output/schema/validation-errors.json +++ b/output/schema/validation-errors.json @@ -861,12 +861,6 @@ ], "response": [] }, - "security.get_settings": { - "request": [ - "Missing request & response" - ], - "response": [] - }, "security.get_user_privileges": { "request": [ "Request: query parameter 'application' does not exist in the json spec", @@ -881,12 +875,6 @@ ], "response": [] }, - "security.update_settings": { - "request": [ - "Missing request & response" - ], - "response": [] - }, "shutdown.delete_node": { "request": [ "Request: query parameter 'master_timeout' does not exist in the json spec", diff --git a/output/typescript/types.ts b/output/typescript/types.ts index 5478d4efe2..8dcba44bb3 100644 --- a/output/typescript/types.ts +++ b/output/typescript/types.ts @@ -18056,6 +18056,10 @@ export interface SecuritySearchAccess { allow_restricted_indices?: boolean } +export interface SecuritySecuritySettings { + index?: IndicesIndexSettings +} + export type SecurityTemplateFormat = 'string' | 'json' export interface SecurityUser { @@ -18528,6 +18532,16 @@ export interface SecurityGetServiceCredentialsResponse { nodes_credentials: SecurityGetServiceCredentialsNodesCredentials } +export interface SecurityGetSettingsRequest extends RequestBase { + master_timeout?: Duration +} + +export interface SecurityGetSettingsResponse { + security: SecuritySecuritySettings + 'security-profile': SecuritySecuritySettings + 'security-tokens': SecuritySecuritySettings +} + export type SecurityGetTokenAccessTokenGrantType = 'password' | 'client_credentials' | '_kerberos' | 'refresh_token' export interface SecurityGetTokenAuthenticatedUser extends SecurityUser { @@ -19096,6 +19110,20 @@ export interface SecurityUpdateCrossClusterApiKeyResponse { updated: boolean } +export interface SecurityUpdateSettingsRequest extends RequestBase { + master_timeout?: Duration + timeout?: Duration + body?: { + security?: SecuritySecuritySettings + 'security-profile'?: SecuritySecuritySettings + 'security-tokens'?: SecuritySecuritySettings + } +} + +export interface SecurityUpdateSettingsResponse { + acknowledged: boolean +} + export interface SecurityUpdateUserProfileDataRequest extends RequestBase { uid: SecurityUserProfileId if_seq_no?: SequenceNumber diff --git a/specification/_doc_ids/table.csv b/specification/_doc_ids/table.csv index b58d6620af..076a8dbbf7 100644 --- a/specification/_doc_ids/table.csv +++ b/specification/_doc_ids/table.csv @@ -622,6 +622,7 @@ security-api-get-role-mapping,https://www.elastic.co/guide/en/elasticsearch/refe security-api-get-role,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-get-role.html security-api-get-service-accounts,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-get-service-accounts.html security-api-get-service-credentials,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-get-service-credentials.html +security-api-get-settings,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-get-settings.html security-api-get-token,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-get-token.html security-api-get-user-privileges,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-get-user-privileges.html security-api-get-user,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-get-user.html @@ -647,6 +648,7 @@ security-api-saml-prepare-authentication,https://www.elastic.co/guide/en/elastic security-api-saml-sp-metadata,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-saml-sp-metadata.html security-api-ssl,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-ssl.html security-privileges,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-privileges.html +security-api-update-settings,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-update-settings.html service-accounts,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/service-accounts.html set-processor,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/set-processor.html shape,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/shape.html diff --git a/specification/security/_types/SecuritySettings.ts b/specification/security/_types/SecuritySettings.ts new file mode 100644 index 0000000000..0a1f4f28d9 --- /dev/null +++ b/specification/security/_types/SecuritySettings.ts @@ -0,0 +1,24 @@ +/* + * Licensed to Elasticsearch B.V. under one or more contributor + * license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright + * ownership. Elasticsearch B.V. licenses this file to you under + * the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import { IndexSettings } from '@indices/_types/IndexSettings' + +export class SecuritySettings { + index?: IndexSettings +} diff --git a/specification/security/get_settings/SecurityGetSettingsRequest.ts b/specification/security/get_settings/SecurityGetSettingsRequest.ts new file mode 100644 index 0000000000..5259df096d --- /dev/null +++ b/specification/security/get_settings/SecurityGetSettingsRequest.ts @@ -0,0 +1,39 @@ +/* + * Licensed to Elasticsearch B.V. under one or more contributor + * license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright + * ownership. Elasticsearch B.V. licenses this file to you under + * the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import { RequestBase } from '@_types/Base' +import { Duration } from '@_types/Time' + +/** + * Get security index settings. + * Get the user-configurable settings for the security internal index (`.security` and associated indices). + * @rest_spec_name security.get_settings + * @availability stack stability=stable visibility=public + * @doc_id security-api-get-settings + * @cluster_privileges read_security + */ +export interface Request extends RequestBase { + query_parameters: { + /** + * Period to wait for a connection to the master node. + * If no response is received before the timeout expires, the request fails and returns an error. + */ + master_timeout?: Duration + } +} diff --git a/specification/security/get_settings/SecurityGetSettingsResponse.ts b/specification/security/get_settings/SecurityGetSettingsResponse.ts new file mode 100644 index 0000000000..dfbed2ed54 --- /dev/null +++ b/specification/security/get_settings/SecurityGetSettingsResponse.ts @@ -0,0 +1,36 @@ +/* + * Licensed to Elasticsearch B.V. under one or more contributor + * license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright + * ownership. Elasticsearch B.V. licenses this file to you under + * the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +import { SecuritySettings } from '@security/_types/SecuritySettings' + +export class Response { + body: { + /** + * Settings for the index used for most security configuration, including native realm users and roles configured with the API. + */ + security: SecuritySettings + /** + * Settings for the index used to store profile information. + */ + 'security-profile': SecuritySettings + /** + * Settings for the index used to store tokens. + */ + 'security-tokens': SecuritySettings + } +} diff --git a/specification/security/update_settings/SecurityUpdateSettingsRequest.ts b/specification/security/update_settings/SecurityUpdateSettingsRequest.ts new file mode 100644 index 0000000000..828d49e065 --- /dev/null +++ b/specification/security/update_settings/SecurityUpdateSettingsRequest.ts @@ -0,0 +1,61 @@ +/* + * Licensed to Elasticsearch B.V. under one or more contributor + * license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright + * ownership. Elasticsearch B.V. licenses this file to you under + * the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import { SecuritySettings } from '@security/_types/SecuritySettings' +import { RequestBase } from '@_types/Base' +import { Duration } from '@_types/Time' + +/** + * Update security index settings. + * Update the user-configurable settings for the security internal index (`.security` and associated indices). Only a subset of settings are allowed to be modified, for example `index.auto_expand_replicas` and `index.number_of_replicas`. + * + * If a specific index is not in use on the system and settings are provided for it, the request will be rejected. This API does not yet support configuring the settings for indices before they are in use. + * @rest_spec_name security.update_settings + * @availability stack stability=stable visibility=public + * @cluster_privileges manage_security + * @doc_id security-api-update-settings + */ +export interface Request extends RequestBase { + query_parameters: { + /** + * The period to wait for a connection to the master node. + * If no response is received before the timeout expires, the request fails and returns an error. + */ + master_timeout?: Duration + /** + * The period to wait for a response. + * If no response is received before the timeout expires, the request fails and returns an error. + */ + timeout?: Duration + } + body: { + /** + * Settings for the index used for most security configuration, including native realm users and roles configured with the API. + */ + security?: SecuritySettings + /** + * Settings for the index used to store profile information. + */ + 'security-profile'?: SecuritySettings + /** + * Settings for the index used to store tokens. + */ + 'security-tokens'?: SecuritySettings + } +} diff --git a/specification/security/update_settings/SecurityUpdateSettingsResponse.ts b/specification/security/update_settings/SecurityUpdateSettingsResponse.ts new file mode 100644 index 0000000000..626e80c3d5 --- /dev/null +++ b/specification/security/update_settings/SecurityUpdateSettingsResponse.ts @@ -0,0 +1,24 @@ +/* + * Licensed to Elasticsearch B.V. under one or more contributor + * license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright + * ownership. Elasticsearch B.V. licenses this file to you under + * the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +export class Response { + body: { + acknowledged: boolean + } +}