diff --git a/output/openapi/elasticsearch-serverless-openapi.json b/output/openapi/elasticsearch-serverless-openapi.json index 8aacd68b29..2d0dc2c7b5 100644 --- a/output/openapi/elasticsearch-serverless-openapi.json +++ b/output/openapi/elasticsearch-serverless-openapi.json @@ -60607,10 +60607,6 @@ }, "query": { "$ref": "#/components/schemas/security._types:IndicesPrivilegesQuery" - }, - "allow_restricted_indices": { - "description": "Set to `true` if using wildcard or regular expressions for patterns that cover restricted indices. Implicitly, restricted indices have limited privileges that can cause pattern tests to fail. If restricted indices are explicitly included in the `names` list, Elasticsearch checks privileges against these indices regardless of the value set for `allow_restricted_indices`.", - "type": "boolean" } }, "required": [ @@ -60639,21 +60635,15 @@ "create", "create_doc", "create_index", - "cross_cluster_replication", - "cross_cluster_replication_internal", "delete", "delete_index", "index", "maintenance", "manage", "manage_data_stream_lifecycle", - "manage_follow_index", - "manage_ilm", - "manage_leader_index", "monitor", "none", "read", - "read_cross_cluster", "view_index_metadata", "write" ] @@ -60860,63 +60850,31 @@ "enum": [ "all", "cancel_task", - "create_snapshot", - "cross_cluster_replication", - "cross_cluster_search", - "delegate_pki", - "grant_api_key", "manage", "manage_api_key", - "manage_autoscaling", "manage_behavioral_analytics", - "manage_ccr", - "manage_data_frame_transforms", - "manage_data_stream_global_retention", "manage_enrich", - "manage_ilm", "manage_index_templates", "manage_inference", "manage_ingest_pipelines", "manage_logstash_pipelines", "manage_ml", - "manage_oidc", "manage_own_api_key", "manage_pipeline", - "manage_rollup", - "manage_saml", "manage_search_application", "manage_search_query_rules", "manage_search_synonyms", "manage_security", - "manage_service_account", - "manage_slm", - "manage_token", "manage_transform", - "manage_user_profile", - "manage_watcher", "monitor", - "monitor_data_frame_transforms", - "monitor_data_stream_global_retention", "monitor_enrich", "monitor_inference", "monitor_ml", - "monitor_rollup", - "monitor_snapshot", - "monitor_text_structure", "monitor_transform", - "monitor_watcher", "none", "post_behavioral_analytics_event", - "read_ccr", - "read_connector_secrets", - "read_fleet_secrets", - "read_ilm", "read_pipeline", - "read_security", - "read_slm", - "transport_client", - "write_connector_secrets", - "write_fleet_secrets" + "read_security" ] }, { diff --git a/output/schema/schema.json b/output/schema/schema.json index 478edc203f..b13b34f48d 100644 --- a/output/schema/schema.json +++ b/output/schema/schema.json @@ -178692,7 +178692,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L218-L220" + "specLocation": "security/_types/Privileges.ts#L337-L339" }, { "kind": "interface", @@ -178778,18 +178778,33 @@ "name": "cancel_task" }, { + "availability": { + "stack": {} + }, "name": "create_snapshot" }, { + "availability": { + "stack": {} + }, "name": "cross_cluster_replication" }, { + "availability": { + "stack": {} + }, "name": "cross_cluster_search" }, { + "availability": { + "stack": {} + }, "name": "delegate_pki" }, { + "availability": { + "stack": {} + }, "name": "grant_api_key" }, { @@ -178799,24 +178814,39 @@ "name": "manage_api_key" }, { + "availability": { + "stack": {} + }, "name": "manage_autoscaling" }, { "name": "manage_behavioral_analytics" }, { + "availability": { + "stack": {} + }, "name": "manage_ccr" }, { + "availability": { + "stack": {} + }, "name": "manage_data_frame_transforms" }, { + "availability": { + "stack": {} + }, "name": "manage_data_stream_global_retention" }, { "name": "manage_enrich" }, { + "availability": { + "stack": {} + }, "name": "manage_ilm" }, { @@ -178835,6 +178865,9 @@ "name": "manage_ml" }, { + "availability": { + "stack": {} + }, "name": "manage_oidc" }, { @@ -178844,9 +178877,15 @@ "name": "manage_pipeline" }, { + "availability": { + "stack": {} + }, "name": "manage_rollup" }, { + "availability": { + "stack": {} + }, "name": "manage_saml" }, { @@ -178862,30 +178901,51 @@ "name": "manage_security" }, { + "availability": { + "stack": {} + }, "name": "manage_service_account" }, { + "availability": { + "stack": {} + }, "name": "manage_slm" }, { + "availability": { + "stack": {} + }, "name": "manage_token" }, { "name": "manage_transform" }, { + "availability": { + "stack": {} + }, "name": "manage_user_profile" }, { + "availability": { + "stack": {} + }, "name": "manage_watcher" }, { "name": "monitor" }, { + "availability": { + "stack": {} + }, "name": "monitor_data_frame_transforms" }, { + "availability": { + "stack": {} + }, "name": "monitor_data_stream_global_retention" }, { @@ -178898,18 +178958,30 @@ "name": "monitor_ml" }, { + "availability": { + "stack": {} + }, "name": "monitor_rollup" }, { + "availability": { + "stack": {} + }, "name": "monitor_snapshot" }, { + "availability": { + "stack": {} + }, "name": "monitor_text_structure" }, { "name": "monitor_transform" }, { + "availability": { + "stack": {} + }, "name": "monitor_watcher" }, { @@ -178919,17 +178991,35 @@ "name": "post_behavioral_analytics_event" }, { + "availability": { + "stack": {} + }, "name": "read_ccr" }, { + "availability": { + "stack": {} + }, "name": "read_connector_secrets" }, { + "availability": { + "stack": {} + }, "name": "read_fleet_secrets" }, { + "availability": { + "stack": {} + }, "name": "read_ilm" }, + { + "availability": { + "stack": {} + }, + "name": "read_slm" + }, { "name": "read_pipeline" }, @@ -178937,15 +179027,27 @@ "name": "read_security" }, { + "availability": { + "stack": {} + }, "name": "read_slm" }, { + "availability": { + "stack": {} + }, "name": "transport_client" }, { + "availability": { + "stack": {} + }, "name": "write_connector_secrets" }, { + "availability": { + "stack": {} + }, "name": "write_fleet_secrets" } ], @@ -178953,7 +179055,7 @@ "name": "ClusterPrivilege", "namespace": "security._types" }, - "specLocation": "security/_types/Privileges.ts#L41-L102" + "specLocation": "security/_types/Privileges.ts#L41-L202" }, { "kind": "interface", @@ -179074,7 +179176,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L214-L216" + "specLocation": "security/_types/Privileges.ts#L333-L335" }, { "kind": "enum", @@ -179114,9 +179216,15 @@ "name": "create_index" }, { + "availability": { + "stack": {} + }, "name": "cross_cluster_replication" }, { + "availability": { + "stack": {} + }, "name": "cross_cluster_replication_internal" }, { @@ -179138,12 +179246,21 @@ "name": "manage_data_stream_lifecycle" }, { + "availability": { + "stack": {} + }, "name": "manage_follow_index" }, { + "availability": { + "stack": {} + }, "name": "manage_ilm" }, { + "availability": { + "stack": {} + }, "name": "manage_leader_index" }, { @@ -179156,6 +179273,9 @@ "name": "read" }, { + "availability": { + "stack": {} + }, "name": "read_cross_cluster" }, { @@ -179169,7 +179289,7 @@ "name": "IndexPrivilege", "namespace": "security._types" }, - "specLocation": "security/_types/Privileges.ts#L188-L212" + "specLocation": "security/_types/Privileges.ts#L289-L331" }, { "kind": "interface", @@ -179232,6 +179352,9 @@ } }, { + "availability": { + "stack": {} + }, "description": "Set to `true` if using wildcard or regular expressions for patterns that cover restricted indices. Implicitly, restricted indices have limited privileges that can cause pattern tests to fail. If restricted indices are explicitly included in the `names` list, Elasticsearch checks privileges against these indices regardless of the value set for `allow_restricted_indices`.", "name": "allow_restricted_indices", "required": false, @@ -179245,7 +179368,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L104-L127" + "specLocation": "security/_types/Privileges.ts#L204-L228" }, { "codegenNames": [ @@ -179259,7 +179382,7 @@ "name": "IndicesPrivilegesQuery", "namespace": "security._types" }, - "specLocation": "security/_types/Privileges.ts#L153-L161", + "specLocation": "security/_types/Privileges.ts#L254-L262", "type": { "items": [ { @@ -179309,7 +179432,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L222-L224" + "specLocation": "security/_types/Privileges.ts#L341-L343" }, { "kind": "interface", @@ -179803,7 +179926,7 @@ "name": "RoleTemplateInlineQuery", "namespace": "security._types" }, - "specLocation": "security/_types/Privileges.ts#L182-L183", + "specLocation": "security/_types/Privileges.ts#L283-L284", "type": { "items": [ { @@ -179883,7 +180006,7 @@ } ], "shortcutProperty": "source", - "specLocation": "security/_types/Privileges.ts#L175-L180" + "specLocation": "security/_types/Privileges.ts#L276-L281" }, { "kind": "interface", @@ -179907,7 +180030,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L163-L173" + "specLocation": "security/_types/Privileges.ts#L264-L274" }, { "codegenNames": [ @@ -179919,7 +180042,7 @@ "name": "RoleTemplateScript", "namespace": "security._types" }, - "specLocation": "security/_types/Privileges.ts#L185-L186", + "specLocation": "security/_types/Privileges.ts#L286-L287", "type": { "items": [ { @@ -180149,7 +180272,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L129-L151" + "specLocation": "security/_types/Privileges.ts#L230-L252" }, { "kind": "interface", @@ -185506,6 +185629,9 @@ } }, { + "availability": { + "stack": {} + }, "description": "An object defining global privileges. A global privilege is a form of cluster privilege that is request-aware. Support for global privileges is currently limited to the management of application privileges.", "name": "global", "required": false, @@ -185552,7 +185678,7 @@ } }, { - "description": "A list of users that the owners of this role can impersonate.", + "description": "A list of users that the owners of this role can impersonate. *Note*: in Serverless, the run-as feature is disabled. For API compatibility, you can still specify an empty `run_as` field, but a non-empty list will be rejected.", "docId": "run-as-privilege", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/run-as-privilege.html", "name": "run_as", @@ -185629,7 +185755,7 @@ } } ], - "specLocation": "security/put_role/SecurityPutRoleRequest.ts#L30-L79" + "specLocation": "security/put_role/SecurityPutRoleRequest.ts#L30-L80" }, { "body": { diff --git a/output/schema/validation-errors.json b/output/schema/validation-errors.json index 2164f23902..7f2d942cf6 100644 --- a/output/schema/validation-errors.json +++ b/output/schema/validation-errors.json @@ -1279,6 +1279,13 @@ ], "response": [] }, + "security.has_privileges": { + "request": [ + "enum definition security._types:ClusterPrivilege - Duplicate enum member codegen_name 'read_slm'", + "enum definition security._types:ClusterPrivilege - Duplicate enum member name 'read_slm'" + ], + "response": [] + }, "security.oidc_authenticate": { "request": [ "Missing request & response" diff --git a/output/typescript/types.ts b/output/typescript/types.ts index 7be4e13eab..5300437e26 100644 --- a/output/typescript/types.ts +++ b/output/typescript/types.ts @@ -16787,7 +16787,7 @@ export interface SecurityClusterNode { name: Name } -export type SecurityClusterPrivilege = 'all' | 'cancel_task' | 'create_snapshot' | 'cross_cluster_replication' | 'cross_cluster_search' | 'delegate_pki' | 'grant_api_key' | 'manage' | 'manage_api_key' | 'manage_autoscaling' | 'manage_behavioral_analytics' | 'manage_ccr' | 'manage_data_frame_transforms' | 'manage_data_stream_global_retention' | 'manage_enrich' | 'manage_ilm' | 'manage_index_templates' | 'manage_inference' | 'manage_ingest_pipelines' | 'manage_logstash_pipelines' | 'manage_ml' | 'manage_oidc' | 'manage_own_api_key' | 'manage_pipeline' | 'manage_rollup' | 'manage_saml' | 'manage_search_application' | 'manage_search_query_rules' | 'manage_search_synonyms' | 'manage_security' | 'manage_service_account' | 'manage_slm' | 'manage_token' | 'manage_transform' | 'manage_user_profile' | 'manage_watcher' | 'monitor' | 'monitor_data_frame_transforms' | 'monitor_data_stream_global_retention' | 'monitor_enrich' | 'monitor_inference' | 'monitor_ml' | 'monitor_rollup' | 'monitor_snapshot' | 'monitor_text_structure' | 'monitor_transform' | 'monitor_watcher' | 'none' | 'post_behavioral_analytics_event' | 'read_ccr' | 'read_connector_secrets' | 'read_fleet_secrets' | 'read_ilm' | 'read_pipeline' | 'read_security' | 'read_slm' | 'transport_client' | 'write_connector_secrets' | 'write_fleet_secrets'| string +export type SecurityClusterPrivilege = 'all' | 'cancel_task' | 'create_snapshot' | 'cross_cluster_replication' | 'cross_cluster_search' | 'delegate_pki' | 'grant_api_key' | 'manage' | 'manage_api_key' | 'manage_autoscaling' | 'manage_behavioral_analytics' | 'manage_ccr' | 'manage_data_frame_transforms' | 'manage_data_stream_global_retention' | 'manage_enrich' | 'manage_ilm' | 'manage_index_templates' | 'manage_inference' | 'manage_ingest_pipelines' | 'manage_logstash_pipelines' | 'manage_ml' | 'manage_oidc' | 'manage_own_api_key' | 'manage_pipeline' | 'manage_rollup' | 'manage_saml' | 'manage_search_application' | 'manage_search_query_rules' | 'manage_search_synonyms' | 'manage_security' | 'manage_service_account' | 'manage_slm' | 'manage_token' | 'manage_transform' | 'manage_user_profile' | 'manage_watcher' | 'monitor' | 'monitor_data_frame_transforms' | 'monitor_data_stream_global_retention' | 'monitor_enrich' | 'monitor_inference' | 'monitor_ml' | 'monitor_rollup' | 'monitor_snapshot' | 'monitor_text_structure' | 'monitor_transform' | 'monitor_watcher' | 'none' | 'post_behavioral_analytics_event' | 'read_ccr' | 'read_connector_secrets' | 'read_fleet_secrets' | 'read_ilm' | 'read_slm' | 'read_pipeline' | 'read_security' | 'read_slm' | 'transport_client' | 'write_connector_secrets' | 'write_fleet_secrets'| string export interface SecurityCreatedStatus { created: boolean diff --git a/specification/security/_types/Privileges.ts b/specification/security/_types/Privileges.ts index d013df8308..8e8756c336 100644 --- a/specification/security/_types/Privileges.ts +++ b/specification/security/_types/Privileges.ts @@ -42,62 +42,162 @@ export class ApplicationPrivileges { export enum ClusterPrivilege { all, cancel_task, + /** + * @availability stack + */ create_snapshot, + /** + * @availability stack + */ cross_cluster_replication, + /** + * @availability stack + */ cross_cluster_search, + /** + * @availability stack + */ delegate_pki, + /** + * @availability stack + */ grant_api_key, manage, manage_api_key, + /** + * @availability stack + */ manage_autoscaling, manage_behavioral_analytics, + /** + * @availability stack + */ manage_ccr, + /** + * @availability stack + */ manage_data_frame_transforms, + /** + * @availability stack + */ manage_data_stream_global_retention, manage_enrich, + /** + * @availability stack + */ manage_ilm, manage_index_templates, manage_inference, manage_ingest_pipelines, manage_logstash_pipelines, manage_ml, + /** + * @availability stack + */ manage_oidc, manage_own_api_key, manage_pipeline, + /** + * @availability stack + */ manage_rollup, + /** + * @availability stack + */ manage_saml, manage_search_application, manage_search_query_rules, manage_search_synonyms, manage_security, + /** + * @availability stack + */ manage_service_account, + /** + * @availability stack + */ manage_slm, + /** + * @availability stack + */ manage_token, manage_transform, + /** + * @availability stack + */ manage_user_profile, + /** + * @availability stack + */ manage_watcher, monitor, + /** + * @availability stack + */ monitor_data_frame_transforms, + /** + * @availability stack + */ monitor_data_stream_global_retention, monitor_enrich, monitor_inference, monitor_ml, + /** + * @availability stack + */ monitor_rollup, + /** + * @availability stack + */ monitor_snapshot, + /** + * @availability stack + */ monitor_text_structure, monitor_transform, + /** + * @availability stack + */ monitor_watcher, none, post_behavioral_analytics_event, + /** + * @availability stack + */ read_ccr, + /** + * @availability stack + */ read_connector_secrets, + /** + * @availability stack + */ read_fleet_secrets, + /** + * @availability stack + */ read_ilm, + /** + * @availability stack + */ + read_slm, read_pipeline, read_security, + /** + * @availability stack + */ read_slm, + /** + * @availability stack + */ transport_client, + /** + * @availability stack + */ write_connector_secrets, + /** + * @availability stack + */ write_fleet_secrets } @@ -122,6 +222,7 @@ export class IndicesPrivileges { /** * Set to `true` if using wildcard or regular expressions for patterns that cover restricted indices. Implicitly, restricted indices have limited privileges that can cause pattern tests to fail. If restricted indices are explicitly included in the `names` list, Elasticsearch checks privileges against these indices regardless of the value set for `allow_restricted_indices`. * @server_default false + * @availability stack */ allow_restricted_indices?: boolean } @@ -192,7 +293,13 @@ export enum IndexPrivilege { create, create_doc, create_index, + /** + * @availability stack + */ cross_cluster_replication, + /** + * @availability stack + */ cross_cluster_replication_internal, delete, delete_index, @@ -200,12 +307,24 @@ export enum IndexPrivilege { maintenance, manage, manage_data_stream_lifecycle, + /** + * @availability stack + */ manage_follow_index, + /** + * @availability stack + */ manage_ilm, + /** + * @availability stack + */ manage_leader_index, monitor, none, read, + /** + * @availability stack + */ read_cross_cluster, view_index_metadata, write diff --git a/specification/security/put_role/SecurityPutRoleRequest.ts b/specification/security/put_role/SecurityPutRoleRequest.ts index 4a0c8656b1..c27b1e5fb9 100644 --- a/specification/security/put_role/SecurityPutRoleRequest.ts +++ b/specification/security/put_role/SecurityPutRoleRequest.ts @@ -56,6 +56,7 @@ export interface Request extends RequestBase { cluster?: ClusterPrivilege[] /** * An object defining global privileges. A global privilege is a form of cluster privilege that is request-aware. Support for global privileges is currently limited to the management of application privileges. + * @availability stack */ global?: Dictionary /** @@ -67,7 +68,7 @@ export interface Request extends RequestBase { */ metadata?: Metadata /** - * A list of users that the owners of this role can impersonate. + * A list of users that the owners of this role can impersonate. *Note*: in Serverless, the run-as feature is disabled. For API compatibility, you can still specify an empty `run_as` field, but a non-empty list will be rejected. * @doc_id run-as-privilege */ run_as?: string[]