From 11d4769e7c97b5f5a7834b402361b4afeaca447e Mon Sep 17 00:00:00 2001 From: lcawl Date: Thu, 9 Jan 2025 01:52:59 -0800 Subject: [PATCH 1/5] Add security API doc_id values --- output/schema/schema.json | 374 ++++++++++++------ specification/_doc_ids/table.csv | 12 + .../security/activate_user_profile/Request.ts | 1 + .../SecurityAuthenticateRequest.ts | 1 + .../SecurityChangePasswordRequest.ts | 1 + .../SecurityClearApiKeyCacheRequest.ts | 1 + .../SecurityClearCachedPrivilegesRequest.ts | 2 + .../SecurityClearCachedRealmsRequest.ts | 1 + .../ClearCachedRolesRequest.ts | 2 + .../ClearCachedServiceTokensRequest.ts | 2 + .../SecurityCreateApiKeyRequest.ts | 1 + .../CreateCrossClusterApiKeyRequest.ts | 1 + .../CreateServiceTokenRequest.ts | 2 + .../SecurityDeletePrivilegesRequest.ts | 1 + .../delete_role/SecurityDeleteRoleRequest.ts | 2 + .../SecurityDeleteRoleMappingRequest.ts | 2 + .../DeleteServiceTokenRequest.ts | 2 + .../delete_user/SecurityDeleteUserRequest.ts | 2 + .../SecurityDisableUserRequest.ts | 2 + .../enable_user/SecurityEnableUserRequest.ts | 2 + .../security/enable_user_profile/Request.ts | 1 + .../security/enroll_kibana/Request.ts | 1 + specification/security/enroll_node/Request.ts | 1 + .../get_api_key/SecurityGetApiKeyRequest.ts | 1 + .../SecurityGetBuiltinPrivilegesRequest.ts | 1 + .../SecurityGetPrivilegesRequest.ts | 2 + .../get_role/SecurityGetRoleRequest.ts | 3 +- .../SecurityGetRoleMappingRequest.ts | 1 + .../GetServiceAccountsRequest.ts | 1 + .../GetServiceCredentialsRequest.ts | 2 + .../get_token/GetUserAccessTokenRequest.ts | 2 + .../get_user/SecurityGetUserRequest.ts | 2 + .../SecurityGetUserPrivilegesRequest.ts | 1 + .../security/get_user_profile/Request.ts | 1 + .../SecurityGrantApiKeyRequest.ts | 1 + .../SecurityHasPrivilegesRequest.ts | 1 + .../has_privileges_user_profile/Request.ts | 3 +- .../SecurityInvalidateApiKeyRequest.ts | 1 + .../SecurityInvalidateTokenRequest.ts | 1 + .../SecurityPutPrivilegesRequest.ts | 2 + .../put_role/SecurityPutRoleRequest.ts | 1 + .../SecurityPutRoleMappingRequest.ts | 2 + .../put_user/SecurityPutUserRequest.ts | 2 + .../query_api_keys/QueryApiKeysRequest.ts | 1 + .../security/query_role/QueryRolesRequest.ts | 1 + .../query_user/SecurityQueryUserRequest.ts | 1 + .../security/saml_authenticate/Request.ts | 1 + .../security/saml_complete_logout/Request.ts | 1 + .../security/saml_invalidate/Request.ts | 1 + specification/security/saml_logout/Request.ts | 1 + .../saml_prepare_authentication/Request.ts | 1 + .../saml_service_provider_metadata/Request.ts | 1 + .../security/suggest_user_profiles/Request.ts | 2 + .../security/update_api_key/Request.ts | 1 + .../UpdateCrossClusterApiKeyRequest.ts | 2 + .../update_user_profile_data/Request.ts | 1 + .../certificates/GetCertificatesRequest.ts | 1 + 57 files changed, 350 insertions(+), 114 deletions(-) diff --git a/output/schema/schema.json b/output/schema/schema.json index a353999155..eef30a93cc 100644 --- a/output/schema/schema.json +++ b/output/schema/schema.json @@ -15779,7 +15779,8 @@ } }, "description": "Activate a user profile.\n\nCreate or update a user profile on behalf of another user.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-activate-user-profile.html", + "docId": "security-api-activate-user-profile", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-activate-user-profile.html", "name": "security.activate_user_profile", "privileges": { "cluster": [ @@ -15822,7 +15823,8 @@ } }, "description": "Authenticate a user.\n\nAuthenticates a user and returns information about the authenticated user.\nInclude the user information in a [basic auth header](https://en.wikipedia.org/wiki/Basic_access_authentication).\nA successful call returns a JSON structure that shows user information such as their username, the roles that are assigned to the user, any assigned metadata, and information about the realms that authenticated and authorized the user.\nIf the user cannot be authenticated, this API returns a 401 status code.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-authenticate.html", + "docId": "security-api-authenticate", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-authenticate.html", "name": "security.authenticate", "request": { "name": "Request", @@ -15979,7 +15981,8 @@ } }, "description": "Change passwords.\n\nChange the passwords of users in the native realm and built-in users.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-change-password.html", + "docId": "security-api-change-password", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-change-password.html", "name": "security.change_password", "request": { "name": "Request", @@ -16025,7 +16028,8 @@ } }, "description": "Clear the API key cache.\n\nEvict a subset of all entries from the API key cache.\nThe cache is also automatically cleared on state changes of the security index.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-clear-api-key-cache.html", + "docId": "security-api-clear-api-key-cache", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-clear-api-key-cache.html", "name": "security.clear_api_key_cache", "privileges": { "cluster": [ @@ -16065,8 +16069,14 @@ } }, "description": "Clear the privileges cache.\n\nEvict privileges from the native application privilege cache.\nThe cache is also automatically cleared for applications that have their privileges updated.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-clear-privilege-cache.html", + "docId": "security-api-clear-privilege-cache", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-clear-privilege-cache.html", "name": "security.clear_cached_privileges", + "privileges": { + "cluster": [ + "manage_security" + ] + }, "request": { "name": "Request", "namespace": "security.clear_cached_privileges" @@ -16099,7 +16109,8 @@ } }, "description": "Clear the user cache.\n\nEvict users from the user cache. You can completely clear the cache or evict specific users.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-clear-cache.html", + "docId": "security-api-clear-cache", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-clear-cache.html", "name": "security.clear_cached_realms", "request": { "name": "Request", @@ -16133,8 +16144,14 @@ } }, "description": "Clear the roles cache.\n\nEvict roles from the native role cache.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-clear-role-cache.html", + "docId": "security-api-clear-role-cache", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-clear-role-cache.html", "name": "security.clear_cached_roles", + "privileges": { + "cluster": [ + "manage_security" + ] + }, "request": { "name": "Request", "namespace": "security.clear_cached_roles" @@ -16167,10 +16184,16 @@ } }, "description": "Clear service account token caches.\n\nEvict a subset of all entries from the service account token caches.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-clear-service-token-caches.html", + "docId": "security-api-clear-service-token-caches", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-clear-service-token-caches.html", "extDocId": "service-accounts", "extDocUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/service-accounts.html", "name": "security.clear_cached_service_tokens", + "privileges": { + "cluster": [ + "manage_security" + ] + }, "request": { "name": "Request", "namespace": "security.clear_cached_service_tokens" @@ -16204,7 +16227,8 @@ } }, "description": "Create an API key.\n\nCreate an API key for access without requiring basic authentication.\nA successful request returns a JSON structure that contains the API key, its unique id, and its name.\nIf applicable, it also returns expiration information for the API key in milliseconds.\nNOTE: By default, API keys never expire. You can specify expiration information when you create the API keys.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-create-api-key.html", + "docId": "security-api-create-api-key", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-create-api-key.html", "name": "security.create_api_key", "privileges": { "cluster": [ @@ -16243,7 +16267,8 @@ } }, "description": "Create a cross-cluster API key.\n\nCreate an API key of the `cross_cluster` type for the API key based remote cluster access.\nA `cross_cluster` API key cannot be used to authenticate through the REST interface.\n\nIMPORTANT: To authenticate this request you must use a credential that is not an API key. Even if you use an API key that has the required privilege, the API returns an error.\n\nCross-cluster API keys are created by the Elasticsearch API key service, which is automatically enabled.\n\nNOTE: Unlike REST API keys, a cross-cluster API key does not capture permissions of the authenticated user. The API key’s effective permission is exactly as specified with the `access` property.\n\nA successful request returns a JSON structure that contains the API key, its unique ID, and its name. If applicable, it also returns expiration information for the API key in milliseconds.\n\nBy default, API keys never expire. You can specify expiration information when you create the API keys.\n\nCross-cluster API keys can only be updated with the update cross-cluster API key API.\nAttempting to update them with the update REST API key API or the bulk update REST API keys API will result in an error.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-create-cross-cluster-api-key.html", + "docId": "security-api-cross-cluster-key", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-create-cross-cluster-api-key.html", "extDocId": "remote-clusters-api-key", "extDocUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/remote-clusters-api-key.html", "name": "security.create_cross_cluster_api_key", @@ -16287,10 +16312,16 @@ } }, "description": "Create a service account token.\n\nCreate a service accounts token for access without requiring basic authentication.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-create-service-token.html", + "docId": "security-api-create-service-token", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-create-service-token.html", "extDocId": "service-accounts", "extDocUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/service-accounts.html", "name": "security.create_service_token", + "privileges": { + "cluster": [ + "manage_service_account" + ] + }, "request": { "name": "Request", "namespace": "security.create_service_token" @@ -16370,7 +16401,8 @@ } }, "description": "Delete application privileges.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-delete-privilege.html", + "docId": "security-api-delete-privilege", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-delete-privilege.html", "extDocId": "security-privileges", "extDocUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-privileges.html", "name": "security.delete_privileges", @@ -16406,8 +16438,14 @@ } }, "description": "Delete roles.\n\nDelete roles in the native realm.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-delete-role.html", + "docId": "security-api-delete-role", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-delete-role.html", "name": "security.delete_role", + "privileges": { + "cluster": [ + "manage_security" + ] + }, "request": { "name": "Request", "namespace": "security.delete_role" @@ -16441,8 +16479,14 @@ } }, "description": "Delete role mappings.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-delete-role-mapping.html", + "docId": "security-api-delete-role-mapping", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-delete-role-mapping.html", "name": "security.delete_role_mapping", + "privileges": { + "cluster": [ + "manage_security" + ] + }, "request": { "name": "Request", "namespace": "security.delete_role_mapping" @@ -16476,10 +16520,16 @@ } }, "description": "Delete service account tokens.\n\nDelete service account tokens for a service in a specified namespace.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-delete-service-token.html", + "docId": "security-api-delete-service-token", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-delete-service-token.html", "extDocId": "service-accounts", "extDocUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/service-accounts.html", "name": "security.delete_service_token", + "privileges": { + "cluster": [ + "manage_service_account" + ] + }, "request": { "name": "Request", "namespace": "security.delete_service_token" @@ -16508,8 +16558,14 @@ } }, "description": "Delete users.\n\nDelete users from the native realm.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-delete-user.html", + "docId": "security-api-delete-user", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-delete-user.html", "name": "security.delete_user", + "privileges": { + "cluster": [ + "manage_security" + ] + }, "request": { "name": "Request", "namespace": "security.delete_user" @@ -16538,8 +16594,14 @@ } }, "description": "Disable users.\n\nDisable users in the native realm.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-disable-user.html", + "docId": "security-api-disable-user", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-disable-user.html", "name": "security.disable_user", + "privileges": { + "cluster": [ + "manage_security" + ] + }, "request": { "name": "Request", "namespace": "security.disable_user" @@ -16610,8 +16672,14 @@ } }, "description": "Enable users.\n\nEnable users in the native realm.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-enable-user.html", + "docId": "security-api-enable-user", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-enable-user.html", "name": "security.enable_user", + "privileges": { + "cluster": [ + "manage_security" + ] + }, "request": { "name": "Request", "namespace": "security.enable_user" @@ -16646,7 +16714,8 @@ } }, "description": "Enable a user profile.\n\nEnable user profiles to make them visible in user profile searches.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/master/security-api-enable-user-profile.html", + "docId": "security-api-enable-user-profile", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-enable-user-profile.html", "name": "security.enable_user_profile", "privileges": { "cluster": [ @@ -16683,7 +16752,8 @@ } }, "description": "Enroll Kibana.\n\nEnable a Kibana instance to configure itself for communication with a secured Elasticsearch cluster.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/master/security-api-kibana-enrollment.html", + "docId": "security-api-kibana-enrollment", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-kibana-enrollment.html", "name": "security.enroll_kibana", "request": { "name": "Request", @@ -16717,7 +16787,8 @@ } }, "description": "Enroll a node.\n\nEnroll a new node to allow it to join an existing cluster with security features enabled.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/master/security-api-node-enrollment.html", + "docId": "security-api-node-enrollment", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-node-enrollment.html", "name": "security.enroll_node", "request": { "name": "Request", @@ -16755,7 +16826,8 @@ } }, "description": "Get API key information.\n\nRetrieves information for one or more API keys.\nNOTE: If you have only the `manage_own_api_key` privilege, this API returns only the API keys that you own.\nIf you have `read_security`, `manage_api_key` or greater privileges (including `manage_security`), this API returns all API keys regardless of ownership.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-api-key.html", + "docId": "security-api-get-api-key", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-get-api-key.html", "name": "security.get_api_key", "privileges": { "cluster": [ @@ -16796,7 +16868,8 @@ } }, "description": "Get builtin privileges.\n\nGet the list of cluster privileges and index privileges that are available in this version of Elasticsearch.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-builtin-privileges.html", + "docId": "security-api-get-builtin-privileges", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-get-builtin-privileges.html", "extDocId": "security-privileges", "extDocUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-privileges.html", "name": "security.get_builtin_privileges", @@ -16838,10 +16911,16 @@ } }, "description": "Get application privileges.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-privileges.html", + "docId": "security-api-get-privileges", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-get-privileges.html", "extDocId": "security-privileges", "extDocUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-privileges.html", "name": "security.get_privileges", + "privileges": { + "cluster": [ + "read_security" + ] + }, "request": { "name": "Request", "namespace": "security.get_privileges" @@ -16886,11 +16965,12 @@ } }, "description": "Get roles.\n\nGet roles in the native realm.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-role.html", + "docId": "security-api-get-role", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-get-role.html", "name": "security.get_role", "privileges": { "cluster": [ - "manage_security" + "read_security" ] }, "request": { @@ -16932,7 +17012,8 @@ } }, "description": "Get role mappings.\n\nRole mappings define which roles are assigned to each user.\nThe role mapping APIs are generally the preferred way to manage role mappings rather than using role mapping files.\nThe get role mappings API cannot retrieve role mappings that are defined in role mapping files.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-role-mapping.html", + "docId": "security-api-get-role-mapping", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-get-role-mapping.html", "extDocId": "mapping-roles", "extDocUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/mapping-roles.html", "name": "security.get_role_mapping", @@ -16980,7 +17061,8 @@ } }, "description": "Get service accounts.\n\nGet a list of service accounts that match the provided path parameters.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-service-accounts.html", + "docId": "security-api-get-service-accounts", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-get-service-accounts.html", "extDocId": "service-accounts", "extDocUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/service-accounts.html", "name": "security.get_service_accounts", @@ -17034,10 +17116,16 @@ } }, "description": "Get service account credentials.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-service-credentials.html", + "docId": "security-api-get-service-credentials", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-get-service-credentials.html", "extDocId": "service-accounts", "extDocUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/service-accounts.html", "name": "security.get_service_credentials", + "privileges": { + "cluster": [ + "read_security" + ] + }, "request": { "name": "Request", "namespace": "security.get_service_credentials" @@ -17099,8 +17187,14 @@ } }, "description": "Get a token.\n\nCreate a bearer token for access without requiring basic authentication.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-token.html", + "docId": "security-api-get-token", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-get-token.html", "name": "security.get_token", + "privileges": { + "cluster": [ + "manage_token" + ] + }, "request": { "name": "Request", "namespace": "security.get_token" @@ -17132,8 +17226,14 @@ } }, "description": "Get users.\n\nGet information about users in the native realm and built-in users.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-user.html", + "docId": "security-api-get-user", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-get-user.html", "name": "security.get_user", + "privileges": { + "cluster": [ + "read_security" + ] + }, "request": { "name": "Request", "namespace": "security.get_user" @@ -17173,7 +17273,8 @@ } }, "description": "Get user privileges.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-user-privileges.html", + "docId": "security-api-get-user-privileges", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-get-user-privileges.html", "name": "security.get_user_privileges", "request": { "name": "Request", @@ -17208,7 +17309,8 @@ } }, "description": "Get a user profile.\n\nGet a user's profile using the unique profile ID.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-user-profile.html", + "docId": "security-api-get-user-profile", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-get-user-profile.html", "name": "security.get_user_profile", "privileges": { "cluster": [ @@ -17248,7 +17350,8 @@ } }, "description": "Grant an API key.\n\nCreate an API key on behalf of another user.\nThis API is similar to the create API keys API, however it creates the API key for a user that is different than the user that runs the API.\nThe caller must have authentication credentials (either an access token, or a username and password) for the user on whose behalf the API key will be created.\nIt is not possible to use this API to create an API key without that user’s credentials.\nThe user, for whom the authentication credentials is provided, can optionally \"run as\" (impersonate) another user.\nIn this case, the API key will be created on behalf of the impersonated user.\n\nThis API is intended be used by applications that need to create and manage API keys for end users, but cannot guarantee that those users have permission to create API keys on their own behalf.\n\nA successful grant API key API call returns a JSON structure that contains the API key, its unique id, and its name.\nIf applicable, it also returns expiration information for the API key in milliseconds.\n\nBy default, API keys never expire. You can specify expiration information when you create the API keys.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-grant-api-key.html", + "docId": "security-api-grant-api-key", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-grant-api-key.html", "name": "security.grant_api_key", "privileges": { "cluster": [ @@ -17291,7 +17394,8 @@ } }, "description": "Check user privileges.\n\nDetermine whether the specified user has a specified list of privileges.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-has-privileges.html", + "docId": "security-api-has-privileges", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-has-privileges.html", "extDocId": "security-privileges", "extDocUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-privileges.html", "name": "security.has_privileges", @@ -17339,13 +17443,14 @@ } }, "description": "Check user profile privileges.\n\nDetermine whether the users associated with the specified user profile IDs have all the requested privileges.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-has-privileges-user-profile.html", + "docId": "security-api-has-privileges-profile", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-has-privileges-user-profile.html", "extDocId": "user-profile", "extDocUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/user-profile.html", "name": "security.has_privileges_user_profile", "privileges": { "cluster": [ - "manage_user_profile" + "read_security" ] }, "request": { @@ -17385,7 +17490,8 @@ } }, "description": "Invalidate API keys.\n\nThis API invalidates API keys created by the create API key or grant API key APIs.\nInvalidated API keys fail authentication, but they can still be viewed using the get API key information and query API key information APIs, for at least the configured retention period, until they are automatically deleted.\nThe `manage_api_key` privilege allows deleting any API keys.\nThe `manage_own_api_key` only allows deleting API keys that are owned by the user.\nIn addition, with the `manage_own_api_key` privilege, an invalidation request must be issued in one of the three formats:\n- Set the parameter `owner=true`.\n- Or, set both `username` and `realm_name` to match the user’s identity.\n- Or, if the request is issued by an API key, that is to say an API key invalidates itself, specify its ID in the `ids` field.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-invalidate-api-key.html", + "docId": "security-api-invalidate-api-key", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-invalidate-api-key.html", "name": "security.invalidate_api_key", "privileges": { "cluster": [ @@ -17429,7 +17535,8 @@ } }, "description": "Invalidate a token.\n\nThe access tokens returned by the get token API have a finite period of time for which they are valid.\nAfter that time period, they can no longer be used.\nThe time period is defined by the `xpack.security.authc.token.timeout` setting.\n\nThe refresh tokens returned by the get token API are only valid for 24 hours. They can also be used exactly once.\nIf you want to invalidate one or more access or refresh tokens immediately, use this invalidate token API.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-invalidate-token.html", + "docId": "security-api-invalidate-token", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-invalidate-token.html", "name": "security.invalidate_token", "request": { "name": "Request", @@ -17572,10 +17679,16 @@ } }, "description": "Create or update application privileges.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-privileges.html", + "docId": "security-api-put-privileges", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-put-privileges.html", "extDocId": "security-privileges", "extDocUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-privileges.html", "name": "security.put_privileges", + "privileges": { + "cluster": [ + "manage_security" + ] + }, "request": { "name": "Request", "namespace": "security.put_privileges" @@ -17612,7 +17725,8 @@ } }, "description": "Create or update roles.\n\nThe role management APIs are generally the preferred way to manage roles in the native realm, rather than using file-based role management.\nThe create or update roles API cannot update roles that are defined in roles files.\nFile-based role management is not available in Elastic Serverless.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-role.html", + "docId": "security-api-put-role", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-put-role.html", "extDocId": "defining-roles", "extDocUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/defining-roles.html", "name": "security.put_role", @@ -17658,10 +17772,16 @@ } }, "description": "Create or update role mappings.\n\nRole mappings define which roles are assigned to each user.\nEach mapping has rules that identify users and a list of roles that are granted to those users.\nThe role mapping APIs are generally the preferred way to manage role mappings rather than using role mapping files. The create or update role mappings API cannot update role mappings that are defined in role mapping files.\n\nThis API does not create roles. Rather, it maps users to existing roles.\nRoles can be created by using the create or update roles API or roles files.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-role-mapping.html", + "docId": "security-api-put-role-mapping", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-put-role-mapping.html", "extDocId": "mapping-roles", "extDocUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/mapping-roles.html", "name": "security.put_role_mapping", + "privileges": { + "cluster": [ + "manage_security" + ] + }, "request": { "name": "Request", "namespace": "security.put_role_mapping" @@ -17694,8 +17814,14 @@ } }, "description": "Create or update users.\n\nA password is required for adding a new user but is optional when updating an existing user.\nTo change a user’s password without updating any other fields, use the change password API.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-put-user.html", + "docId": "security-api-put-user", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-put-user.html", "name": "security.put_user", + "privileges": { + "cluster": [ + "manage_security" + ] + }, "request": { "name": "Request", "namespace": "security.put_user" @@ -17733,7 +17859,8 @@ } }, "description": "Find API keys with a query.\n\nGet a paginated list of API keys and their information. You can optionally filter the results with a query.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-query-api-key.html", + "docId": "security-api-query-api-key", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-query-api-key.html", "name": "security.query_api_keys", "privileges": { "cluster": [ @@ -17778,7 +17905,8 @@ } }, "description": "Find roles with a query.\n\nGet roles in a paginated manner. You can optionally filter the results with a query.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-query-role.html", + "docId": "security-api-query-role", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-query-role.html", "name": "security.query_role", "privileges": { "cluster": [ @@ -17822,7 +17950,8 @@ } }, "description": "Find users with a query.\n\nGet information for users in a paginated manner.\nYou can optionally filter the results with a query.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-query-user.html", + "docId": "security-api-query-user", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-query-user.html", "name": "security.query_user", "privileges": { "cluster": [ @@ -17866,7 +17995,8 @@ } }, "description": "Authenticate SAML.\n\nSubmits a SAML response message to Elasticsearch for consumption.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-saml-authenticate.html", + "docId": "security-api-saml-authenticate", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-saml-authenticate.html", "name": "security.saml_authenticate", "request": { "name": "Request", @@ -17904,7 +18034,8 @@ } }, "description": "Logout of SAML completely.\n\nVerifies the logout response sent from the SAML IdP.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-saml-complete-logout.html", + "docId": "security-api-saml-complete-logout", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-saml-complete-logout.html", "name": "security.saml_complete_logout", "request": { "name": "Request", @@ -17942,7 +18073,8 @@ } }, "description": "Invalidate SAML.\n\nSubmits a SAML LogoutRequest message to Elasticsearch for consumption.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-saml-invalidate.html", + "docId": "security-api-saml-invalidate", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-saml-invalidate.html", "name": "security.saml_invalidate", "request": { "name": "Request", @@ -17980,7 +18112,8 @@ } }, "description": "Logout of SAML.\n\nSubmits a request to invalidate an access token and refresh token.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-saml-logout.html", + "docId": "security-api-saml-logout", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-saml-logout.html", "name": "security.saml_logout", "request": { "name": "Request", @@ -18018,7 +18151,8 @@ } }, "description": "Prepare SAML authentication.\n\nCreates a SAML authentication request (``) as a URL string, based on the configuration of the respective SAML realm in Elasticsearch.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-saml-prepare-authentication.html", + "docId": "security-api-saml-prepare-authentication", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-saml-prepare-authentication.html", "name": "security.saml_prepare_authentication", "request": { "name": "Request", @@ -18056,7 +18190,8 @@ } }, "description": "Create SAML service provider metadata.\n\nGenerate SAML metadata for a SAML 2.0 Service Provider.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-saml-sp-metadata.html", + "docId": "security-api-saml-sp-metadata", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-saml-sp-metadata.html", "name": "security.saml_service_provider_metadata", "request": { "name": "Request", @@ -18094,8 +18229,14 @@ } }, "description": "Suggest a user profile.\n\nGet suggestions for user profiles that match specified search criteria.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/master/security-api-suggest-user-profile.html", + "docId": "security-api-suggest", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-suggest-user-profile.html", "name": "security.suggest_user_profiles", + "privileges": { + "cluster": [ + "read_security" + ] + }, "request": { "name": "Request", "namespace": "security.suggest_user_profiles" @@ -18133,7 +18274,8 @@ } }, "description": "Update an API key.\n\nUpdates attributes of an existing API key.\nUsers can only update API keys that they created or that were granted to them.\nUse this API to update API keys created by the create API Key or grant API Key APIs.\nIf you need to apply the same update to many API keys, you can use bulk update API Keys to reduce overhead.\nIt’s not possible to update expired API keys, or API keys that have been invalidated by invalidate API Key.\nThis API supports updates to an API key’s access scope and metadata.\nThe access scope of an API key is derived from the `role_descriptors` you specify in the request, and a snapshot of the owner user’s permissions at the time of the request.\nThe snapshot of the owner’s permissions is updated automatically on every call.\nIf you don’t specify `role_descriptors` in the request, a call to this API might still change the API key’s access scope.\nThis change can occur if the owner user’s permissions have changed since the API key was created or last modified.\nTo update another user’s API key, use the `run_as` feature to submit a request on behalf of another user.\nIMPORTANT: It’s not possible to use an API key as the authentication credential for this API.\nTo update an API key, the owner user’s credentials are required.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-update-api-key.html", + "docId": "security-api-update-key", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-update-api-key.html", "name": "security.update_api_key", "privileges": { "cluster": [ @@ -18171,10 +18313,16 @@ } }, "description": "Update a cross-cluster API key.\n\nUpdate the attributes of an existing cross-cluster API key, which is used for API key based remote cluster access.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-update-cross-cluster-api-key.html", + "docId": "security-api-cross-cluster-key-update", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-update-cross-cluster-api-key.html", "extDocId": "remote-clusters-api-key", "extDocUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/remote-clusters-api-key.html", "name": "security.update_cross_cluster_api_key", + "privileges": { + "cluster": [ + "manage_security" + ] + }, "request": { "name": "Request", "namespace": "security.update_cross_cluster_api_key" @@ -18239,7 +18387,8 @@ } }, "description": "Update user profile data.\n\nUpdate specific data for the user profile that is associated with a unique ID.", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-update-user-profile-data.html", + "docId": "security-api-update-user-data", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-update-user-profile-data.html", "name": "security.update_user_profile_data", "privileges": { "cluster": [ @@ -19602,8 +19751,9 @@ } }, "description": "Get SSL certificates.\n\nGet information about the X.509 certificates that are used to encrypt communications in the cluster.\nThe API returns a list that includes certificates from all TLS contexts including:\n\n- Settings for transport and HTTP interfaces\n- TLS settings that are used within authentication realms\n- TLS settings for remote monitoring exporters\n\nThe list includes certificates that are used for configuring trust, such as those configured in the `xpack.security.transport.ssl.truststore` and `xpack.security.transport.ssl.certificate_authorities` settings.\nIt also includes certificates that are used for configuring server identity, such as `xpack.security.http.ssl.keystore` and `xpack.security.http.ssl.certificate settings`.\n\nThe list does not include certificates that are sourced from the default SSL context of the Java Runtime Environment (JRE), even if those certificates are in use within Elasticsearch.\n\nNOTE: When a PKCS#11 token is configured as the truststore of the JRE, the API returns all the certificates that are included in the PKCS#11 token irrespective of whether these are used in the Elasticsearch TLS configuration.\n\nIf Elasticsearch is configured to use a keystore or truststore, the API output includes all certificates in that store, even though some of the certificates might not be in active use within the cluster.", + "docId": "security-api-ssl", "docTag": "security", - "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-ssl.html", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-ssl.html", "name": "ssl.certificates", "request": { "name": "Request", @@ -193988,7 +194138,7 @@ }, "path": [], "query": [], - "specLocation": "security/activate_user_profile/Request.ts#L23-L39" + "specLocation": "security/activate_user_profile/Request.ts#L23-L40" }, { "kind": "response", @@ -194061,7 +194211,7 @@ }, "path": [], "query": [], - "specLocation": "security/authenticate/SecurityAuthenticateRequest.ts#L22-L33" + "specLocation": "security/authenticate/SecurityAuthenticateRequest.ts#L22-L34" }, { "kind": "response", @@ -194731,7 +194881,7 @@ } } ], - "specLocation": "security/change_password/SecurityChangePasswordRequest.ts#L23-L54" + "specLocation": "security/change_password/SecurityChangePasswordRequest.ts#L23-L55" }, { "kind": "response", @@ -194779,7 +194929,7 @@ } ], "query": [], - "specLocation": "security/clear_api_key_cache/SecurityClearApiKeyCacheRequest.ts#L23-L42" + "specLocation": "security/clear_api_key_cache/SecurityClearApiKeyCacheRequest.ts#L23-L43" }, { "kind": "response", @@ -194873,7 +195023,7 @@ } ], "query": [], - "specLocation": "security/clear_cached_privileges/SecurityClearCachedPrivilegesRequest.ts#L23-L36" + "specLocation": "security/clear_cached_privileges/SecurityClearCachedPrivilegesRequest.ts#L23-L38" }, { "kind": "response", @@ -194983,7 +195133,7 @@ } } ], - "specLocation": "security/clear_cached_realms/SecurityClearCachedRealmsRequest.ts#L23-L38" + "specLocation": "security/clear_cached_realms/SecurityClearCachedRealmsRequest.ts#L23-L39" }, { "kind": "response", @@ -195077,7 +195227,7 @@ } ], "query": [], - "specLocation": "security/clear_cached_roles/ClearCachedRolesRequest.ts#L23-L35" + "specLocation": "security/clear_cached_roles/ClearCachedRolesRequest.ts#L23-L37" }, { "kind": "response", @@ -195195,7 +195345,7 @@ } ], "query": [], - "specLocation": "security/clear_cached_service_tokens/ClearCachedServiceTokensRequest.ts#L23-L38" + "specLocation": "security/clear_cached_service_tokens/ClearCachedServiceTokensRequest.ts#L23-L40" }, { "kind": "response", @@ -195358,7 +195508,7 @@ } } ], - "specLocation": "security/create_api_key/SecurityCreateApiKeyRequest.ts#L26-L60" + "specLocation": "security/create_api_key/SecurityCreateApiKeyRequest.ts#L26-L61" }, { "kind": "response", @@ -195510,7 +195660,7 @@ }, "path": [], "query": [], - "specLocation": "security/create_cross_cluster_api_key/CreateCrossClusterApiKeyRequest.ts#L25-L73" + "specLocation": "security/create_cross_cluster_api_key/CreateCrossClusterApiKeyRequest.ts#L25-L74" }, { "kind": "response", @@ -195665,7 +195815,7 @@ } } ], - "specLocation": "security/create_service_token/CreateServiceTokenRequest.ts#L23-L41" + "specLocation": "security/create_service_token/CreateServiceTokenRequest.ts#L23-L43" }, { "kind": "response", @@ -196137,7 +196287,7 @@ } } ], - "specLocation": "security/delete_privileges/SecurityDeletePrivilegesRequest.ts#L23-L38" + "specLocation": "security/delete_privileges/SecurityDeletePrivilegesRequest.ts#L23-L39" }, { "kind": "response", @@ -196226,7 +196376,7 @@ } } ], - "specLocation": "security/delete_role/SecurityDeleteRoleRequest.ts#L23-L38" + "specLocation": "security/delete_role/SecurityDeleteRoleRequest.ts#L23-L40" }, { "kind": "response", @@ -196299,7 +196449,7 @@ } } ], - "specLocation": "security/delete_role_mapping/SecurityDeleteRoleMappingRequest.ts#L23-L36" + "specLocation": "security/delete_role_mapping/SecurityDeleteRoleMappingRequest.ts#L23-L38" }, { "kind": "response", @@ -196396,7 +196546,7 @@ } } ], - "specLocation": "security/delete_service_token/DeleteServiceTokenRequest.ts#L23-L41" + "specLocation": "security/delete_service_token/DeleteServiceTokenRequest.ts#L23-L43" }, { "kind": "response", @@ -196469,7 +196619,7 @@ } } ], - "specLocation": "security/delete_user/SecurityDeleteUserRequest.ts#L23-L37" + "specLocation": "security/delete_user/SecurityDeleteUserRequest.ts#L23-L39" }, { "kind": "response", @@ -196542,7 +196692,7 @@ } } ], - "specLocation": "security/disable_user/SecurityDisableUserRequest.ts#L23-L37" + "specLocation": "security/disable_user/SecurityDisableUserRequest.ts#L23-L39" }, { "kind": "response", @@ -196671,7 +196821,7 @@ } } ], - "specLocation": "security/enable_user/SecurityEnableUserRequest.ts#L23-L37" + "specLocation": "security/enable_user/SecurityEnableUserRequest.ts#L23-L39" }, { "kind": "response", @@ -196733,7 +196883,7 @@ } } ], - "specLocation": "security/enable_user_profile/Request.ts#L24-L49" + "specLocation": "security/enable_user_profile/Request.ts#L24-L50" }, { "kind": "response", @@ -196774,7 +196924,7 @@ }, "path": [], "query": [], - "specLocation": "security/enroll_kibana/Request.ts#L22-L29" + "specLocation": "security/enroll_kibana/Request.ts#L22-L30" }, { "kind": "response", @@ -196864,7 +197014,7 @@ }, "path": [], "query": [], - "specLocation": "security/enroll_node/Request.ts#L22-L29" + "specLocation": "security/enroll_node/Request.ts#L22-L30" }, { "kind": "response", @@ -197088,7 +197238,7 @@ } } ], - "specLocation": "security/get_api_key/SecurityGetApiKeyRequest.ts#L23-L88" + "specLocation": "security/get_api_key/SecurityGetApiKeyRequest.ts#L23-L89" }, { "kind": "response", @@ -197138,7 +197288,7 @@ }, "path": [], "query": [], - "specLocation": "security/get_builtin_privileges/SecurityGetBuiltinPrivilegesRequest.ts#L22-L32" + "specLocation": "security/get_builtin_privileges/SecurityGetBuiltinPrivilegesRequest.ts#L22-L33" }, { "kind": "response", @@ -197246,7 +197396,7 @@ } ], "query": [], - "specLocation": "security/get_privileges/SecurityGetPrivilegesRequest.ts#L23-L35" + "specLocation": "security/get_privileges/SecurityGetPrivilegesRequest.ts#L23-L37" }, { "kind": "response", @@ -197322,7 +197472,7 @@ } ], "query": [], - "specLocation": "security/get_role/SecurityGetRoleRequest.ts#L23-L39" + "specLocation": "security/get_role/SecurityGetRoleRequest.ts#L23-L40" }, { "kind": "response", @@ -197587,7 +197737,7 @@ } ], "query": [], - "specLocation": "security/get_role_mapping/SecurityGetRoleMappingRequest.ts#L23-L42" + "specLocation": "security/get_role_mapping/SecurityGetRoleMappingRequest.ts#L23-L43" }, { "kind": "response", @@ -197664,7 +197814,7 @@ } ], "query": [], - "specLocation": "security/get_service_accounts/GetServiceAccountsRequest.ts#L23-L44" + "specLocation": "security/get_service_accounts/GetServiceAccountsRequest.ts#L23-L45" }, { "kind": "response", @@ -197831,7 +197981,7 @@ } ], "query": [], - "specLocation": "security/get_service_credentials/GetServiceCredentialsRequest.ts#L23-L41" + "specLocation": "security/get_service_credentials/GetServiceCredentialsRequest.ts#L23-L43" }, { "kind": "response", @@ -198105,7 +198255,7 @@ }, "path": [], "query": [], - "specLocation": "security/get_token/GetUserAccessTokenRequest.ts#L25-L42" + "specLocation": "security/get_token/GetUserAccessTokenRequest.ts#L25-L44" }, { "kind": "response", @@ -198298,7 +198448,7 @@ } } ], - "specLocation": "security/get_user/SecurityGetUserRequest.ts#L23-L44" + "specLocation": "security/get_user/SecurityGetUserRequest.ts#L23-L46" }, { "kind": "response", @@ -198398,7 +198548,7 @@ } } ], - "specLocation": "security/get_user_privileges/SecurityGetUserPrivilegesRequest.ts#L23-L37" + "specLocation": "security/get_user_privileges/SecurityGetUserPrivilegesRequest.ts#L23-L38" }, { "kind": "response", @@ -198603,7 +198753,7 @@ } } ], - "specLocation": "security/get_user_profile/Request.ts#L23-L48" + "specLocation": "security/get_user_profile/Request.ts#L23-L49" }, { "kind": "response", @@ -198848,7 +198998,7 @@ }, "path": [], "query": [], - "specLocation": "security/grant_api_key/SecurityGrantApiKeyRequest.ts#L24-L77" + "specLocation": "security/grant_api_key/SecurityGrantApiKeyRequest.ts#L24-L78" }, { "kind": "response", @@ -199159,7 +199309,7 @@ } ], "query": [], - "specLocation": "security/has_privileges/SecurityHasPrivilegesRequest.ts#L25-L46" + "specLocation": "security/has_privileges/SecurityHasPrivilegesRequest.ts#L25-L47" }, { "kind": "type_alias", @@ -199422,7 +199572,7 @@ }, "path": [], "query": [], - "specLocation": "security/has_privileges_user_profile/Request.ts#L24-L42" + "specLocation": "security/has_privileges_user_profile/Request.ts#L24-L43" }, { "kind": "response", @@ -199562,7 +199712,7 @@ }, "path": [], "query": [], - "specLocation": "security/invalidate_api_key/SecurityInvalidateApiKeyRequest.ts#L23-L69" + "specLocation": "security/invalidate_api_key/SecurityInvalidateApiKeyRequest.ts#L23-L70" }, { "kind": "response", @@ -199697,7 +199847,7 @@ }, "path": [], "query": [], - "specLocation": "security/invalidate_token/SecurityInvalidateTokenRequest.ts#L23-L43" + "specLocation": "security/invalidate_token/SecurityInvalidateTokenRequest.ts#L23-L44" }, { "kind": "response", @@ -200231,7 +200381,7 @@ } } ], - "specLocation": "security/put_privileges/SecurityPutPrivilegesRequest.ts#L25-L38" + "specLocation": "security/put_privileges/SecurityPutPrivilegesRequest.ts#L25-L40" }, { "kind": "response", @@ -200489,7 +200639,7 @@ } } ], - "specLocation": "security/put_role/SecurityPutRoleRequest.ts#L32-L101" + "specLocation": "security/put_role/SecurityPutRoleRequest.ts#L32-L102" }, { "kind": "response", @@ -200639,7 +200789,7 @@ } } ], - "specLocation": "security/put_role_mapping/SecurityPutRoleMappingRequest.ts#L25-L56" + "specLocation": "security/put_role_mapping/SecurityPutRoleMappingRequest.ts#L25-L58" }, { "kind": "response", @@ -200840,7 +200990,7 @@ } } ], - "specLocation": "security/put_user/SecurityPutUserRequest.ts#L23-L48" + "specLocation": "security/put_user/SecurityPutUserRequest.ts#L23-L50" }, { "kind": "response", @@ -201616,7 +201766,7 @@ } } ], - "specLocation": "security/query_api_keys/QueryApiKeysRequest.ts#L26-L101" + "specLocation": "security/query_api_keys/QueryApiKeysRequest.ts#L26-L102" }, { "kind": "response", @@ -201819,7 +201969,7 @@ }, "path": [], "query": [], - "specLocation": "security/query_role/QueryRolesRequest.ts#L25-L69" + "specLocation": "security/query_role/QueryRolesRequest.ts#L25-L70" }, { "kind": "response", @@ -202223,7 +202373,7 @@ } } ], - "specLocation": "security/query_user/SecurityQueryUserRequest.ts#L25-L75" + "specLocation": "security/query_user/SecurityQueryUserRequest.ts#L25-L76" }, { "kind": "response", @@ -202559,7 +202709,7 @@ }, "path": [], "query": [], - "specLocation": "security/saml_authenticate/Request.ts#L23-L40" + "specLocation": "security/saml_authenticate/Request.ts#L23-L41" }, { "kind": "response", @@ -202700,7 +202850,7 @@ }, "path": [], "query": [], - "specLocation": "security/saml_complete_logout/Request.ts#L23-L42" + "specLocation": "security/saml_complete_logout/Request.ts#L23-L43" }, { "kind": "response", @@ -202772,7 +202922,7 @@ }, "path": [], "query": [], - "specLocation": "security/saml_invalidate/Request.ts#L22-L45" + "specLocation": "security/saml_invalidate/Request.ts#L22-L46" }, { "kind": "response", @@ -202867,7 +203017,7 @@ }, "path": [], "query": [], - "specLocation": "security/saml_logout/Request.ts#L22-L43" + "specLocation": "security/saml_logout/Request.ts#L22-L44" }, { "kind": "response", @@ -202952,7 +203102,7 @@ }, "path": [], "query": [], - "specLocation": "security/saml_prepare_authentication/Request.ts#L22-L48" + "specLocation": "security/saml_prepare_authentication/Request.ts#L22-L49" }, { "kind": "response", @@ -203034,7 +203184,7 @@ } ], "query": [], - "specLocation": "security/saml_service_provider_metadata/Request.ts#L23-L36" + "specLocation": "security/saml_service_provider_metadata/Request.ts#L23-L37" }, { "kind": "response", @@ -203238,7 +203388,7 @@ } } ], - "specLocation": "security/suggest_user_profiles/Request.ts#L24-L68" + "specLocation": "security/suggest_user_profiles/Request.ts#L24-L70" }, { "kind": "response", @@ -203406,7 +203556,7 @@ } ], "query": [], - "specLocation": "security/update_api_key/Request.ts#L26-L67" + "specLocation": "security/update_api_key/Request.ts#L26-L68" }, { "kind": "response", @@ -203505,7 +203655,7 @@ } ], "query": [], - "specLocation": "security/update_cross_cluster_api_key/UpdateCrossClusterApiKeyRequest.ts#L25-L61" + "specLocation": "security/update_cross_cluster_api_key/UpdateCrossClusterApiKeyRequest.ts#L25-L63" }, { "kind": "response", @@ -203644,7 +203794,7 @@ } } ], - "specLocation": "security/update_user_profile_data/Request.ts#L27-L72" + "specLocation": "security/update_user_profile_data/Request.ts#L27-L73" }, { "kind": "response", @@ -210853,7 +211003,7 @@ }, "path": [], "query": [], - "specLocation": "ssl/certificates/GetCertificatesRequest.ts#L22-L45" + "specLocation": "ssl/certificates/GetCertificatesRequest.ts#L22-L46" }, { "kind": "response", diff --git a/specification/_doc_ids/table.csv b/specification/_doc_ids/table.csv index 67196e7686..fc9a240472 100644 --- a/specification/_doc_ids/table.csv +++ b/specification/_doc_ids/table.csv @@ -609,6 +609,7 @@ searchable-snapshots-api-stats,https://www.elastic.co/guide/en/elasticsearch/ref searchable-snapshots-apis,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/searchable-snapshots-apis.html search-templates,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/search-template.html secure-settings,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/secure-settings.html +security-api-activate-user-profile,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-activate-user-profile.html security-api-authenticate,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-authenticate.html security-api-bulk-update-key,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-bulk-update-api-keys.html security-api-change-password,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-change-password.html @@ -619,6 +620,7 @@ security-api-clear-role-cache,https://www.elastic.co/guide/en/elasticsearch/refe security-api-clear-service-token-caches,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-clear-service-token-caches.html security-api-create-api-key,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-create-api-key.html security-api-create-service-token,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-create-service-token.html +security-api-cross-cluster-key,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-create-cross-cluster-api-key.html security-api-delegate-pki,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-delegate-pki-authentication.html security-api-delete-privilege,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-delete-privilege.html security-api-delete-role-mapping,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-delete-role-mapping.html @@ -626,7 +628,9 @@ security-api-delete-role,https://www.elastic.co/guide/en/elasticsearch/reference security-api-delete-service-token,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-delete-service-token.html security-api-delete-user,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-delete-user.html security-api-disable-user,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-disable-user.html +security-api-disable-user-profile,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-disable-user-profile.html security-api-enable-user,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-enable-user.html +security-api-enable-user-profile,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-enable-user-profile.html security-api-get-api-key,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-get-api-key.html security-api-get-builtin-privileges,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-get-builtin-privileges.html security-api-get-privileges,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-get-privileges.html @@ -636,9 +640,11 @@ security-api-get-service-accounts,https://www.elastic.co/guide/en/elasticsearch/ security-api-get-service-credentials,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-get-service-credentials.html security-api-get-token,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-get-token.html security-api-get-user-privileges,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-get-user-privileges.html +security-api-get-user-profile,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-get-user-profile.html security-api-get-user,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-get-user.html security-api-grant-api-key,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-grant-api-key.html security-api-has-privileges,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-has-privileges.html +security-api-has-privileges-profile,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-has-privileges-user-profile.html security-api-invalidate-api-key,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-invalidate-api-key.html security-api-invalidate-token,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-invalidate-token.html security-api-kibana-enrollment,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-kibana-enrollment.html @@ -651,6 +657,8 @@ security-api-put-role-mapping,https://www.elastic.co/guide/en/elasticsearch/refe security-api-put-role,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-put-role.html security-api-put-user,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-put-user.html security-api-query-api-key,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-query-api-key.html +security-api-query-role,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-query-role.html +security-api-query-user,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-query-user.html security-api-saml-authenticate,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-saml-authenticate.html security-api-saml-complete-logout,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-saml-complete-logout.html security-api-saml-invalidate,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-saml-invalidate.html @@ -658,6 +666,10 @@ security-api-saml-logout,https://www.elastic.co/guide/en/elasticsearch/reference security-api-saml-prepare-authentication,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-saml-prepare-authentication.html security-api-saml-sp-metadata,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-saml-sp-metadata.html security-api-ssl,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-ssl.html +security-api-suggest,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-suggest-user-profile.html +security-api-cross-cluster-key-update,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-update-cross-cluster-api-key.html +security-api-update-key,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-update-api-key.html +security-api-update-user-data,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-update-user-profile-data.html security-privileges,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-privileges.html service-accounts,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/service-accounts.html set-processor,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/set-processor.html diff --git a/specification/security/activate_user_profile/Request.ts b/specification/security/activate_user_profile/Request.ts index 698ef10b0c..d3929a4c47 100644 --- a/specification/security/activate_user_profile/Request.ts +++ b/specification/security/activate_user_profile/Request.ts @@ -28,6 +28,7 @@ import { RequestBase } from '@_types/Base' * @availability stack since=8.2.0 stability=stable * @availability serverless stability=stable visibility=private * @cluster_privileges manage_user_profile + * @doc_id security-api-activate-user-profile */ export interface Request extends RequestBase { body: { diff --git a/specification/security/authenticate/SecurityAuthenticateRequest.ts b/specification/security/authenticate/SecurityAuthenticateRequest.ts index 66202c9440..34a8468926 100644 --- a/specification/security/authenticate/SecurityAuthenticateRequest.ts +++ b/specification/security/authenticate/SecurityAuthenticateRequest.ts @@ -29,5 +29,6 @@ import { RequestBase } from '@_types/Base' * @rest_spec_name security.authenticate * @availability stack since=5.5.0 stability=stable * @availability serverless stability=stable visibility=public + * @doc_id security-api-authenticate */ export interface Request extends RequestBase {} diff --git a/specification/security/change_password/SecurityChangePasswordRequest.ts b/specification/security/change_password/SecurityChangePasswordRequest.ts index ee61611c22..713318d9cb 100644 --- a/specification/security/change_password/SecurityChangePasswordRequest.ts +++ b/specification/security/change_password/SecurityChangePasswordRequest.ts @@ -26,6 +26,7 @@ import { Password, Refresh, Username } from '@_types/common' * Change the passwords of users in the native realm and built-in users. * @rest_spec_name security.change_password * @availability stack stability=stable + * @doc_id security-api-change-password */ export interface Request extends RequestBase { path_parts: { diff --git a/specification/security/clear_api_key_cache/SecurityClearApiKeyCacheRequest.ts b/specification/security/clear_api_key_cache/SecurityClearApiKeyCacheRequest.ts index f631422320..d50ccccb5a 100644 --- a/specification/security/clear_api_key_cache/SecurityClearApiKeyCacheRequest.ts +++ b/specification/security/clear_api_key_cache/SecurityClearApiKeyCacheRequest.ts @@ -29,6 +29,7 @@ import { Ids } from '@_types/common' * @availability stack since=7.10.0 stability=stable * @availability serverless stability=stable visibility=private * @cluster_privileges manage_security + * @doc_id security-api-clear-api-key-cache */ export interface Request extends RequestBase { path_parts: { diff --git a/specification/security/clear_cached_privileges/SecurityClearCachedPrivilegesRequest.ts b/specification/security/clear_cached_privileges/SecurityClearCachedPrivilegesRequest.ts index 7117880a7e..6eabd081ec 100644 --- a/specification/security/clear_cached_privileges/SecurityClearCachedPrivilegesRequest.ts +++ b/specification/security/clear_cached_privileges/SecurityClearCachedPrivilegesRequest.ts @@ -28,6 +28,8 @@ import { Name } from '@_types/common' * @rest_spec_name security.clear_cached_privileges * @availability stack since=7.9.0 stability=stable * @availability serverless stability=stable visibility=private + * @cluster_privileges manage_security + * @doc_id security-api-clear-privilege-cache */ export interface Request extends RequestBase { path_parts: { diff --git a/specification/security/clear_cached_realms/SecurityClearCachedRealmsRequest.ts b/specification/security/clear_cached_realms/SecurityClearCachedRealmsRequest.ts index 33e192a5aa..1428d0f501 100644 --- a/specification/security/clear_cached_realms/SecurityClearCachedRealmsRequest.ts +++ b/specification/security/clear_cached_realms/SecurityClearCachedRealmsRequest.ts @@ -27,6 +27,7 @@ import { Names } from '@_types/common' * @rest_spec_name security.clear_cached_realms * @availability stack stability=stable * @availability serverless stability=stable visibility=private + * @doc_id security-api-clear-cache */ export interface Request extends RequestBase { path_parts: { diff --git a/specification/security/clear_cached_roles/ClearCachedRolesRequest.ts b/specification/security/clear_cached_roles/ClearCachedRolesRequest.ts index 14c852513e..0726788063 100644 --- a/specification/security/clear_cached_roles/ClearCachedRolesRequest.ts +++ b/specification/security/clear_cached_roles/ClearCachedRolesRequest.ts @@ -27,6 +27,8 @@ import { Names } from '@_types/common' * @rest_spec_name security.clear_cached_roles * @availability stack stability=stable * @availability serverless stability=stable visibility=private + * @cluster_privileges manage_security + * @doc_id security-api-clear-role-cache */ export interface Request extends RequestBase { path_parts: { diff --git a/specification/security/clear_cached_service_tokens/ClearCachedServiceTokensRequest.ts b/specification/security/clear_cached_service_tokens/ClearCachedServiceTokensRequest.ts index a0f7f6eea2..b30bcd3818 100644 --- a/specification/security/clear_cached_service_tokens/ClearCachedServiceTokensRequest.ts +++ b/specification/security/clear_cached_service_tokens/ClearCachedServiceTokensRequest.ts @@ -27,6 +27,8 @@ import { Names, Namespace, Service } from '@_types/common' * @rest_spec_name security.clear_cached_service_tokens * @availability stack stability=stable * @availability serverless stability=stable visibility=private + * @cluster_privileges manage_security + * @doc_id security-api-clear-service-token-caches * @ext_doc_id service-accounts */ export interface Request extends RequestBase { diff --git a/specification/security/create_api_key/SecurityCreateApiKeyRequest.ts b/specification/security/create_api_key/SecurityCreateApiKeyRequest.ts index 3478245347..5c15dab953 100644 --- a/specification/security/create_api_key/SecurityCreateApiKeyRequest.ts +++ b/specification/security/create_api_key/SecurityCreateApiKeyRequest.ts @@ -35,6 +35,7 @@ import { Duration } from '@_types/Time' * @availability stack since=6.7.0 stability=stable * @availability serverless stability=stable visibility=public * @cluster_privileges manage_own_api_key + * @doc_id security-api-create-api-key */ export interface Request extends RequestBase { query_parameters: { diff --git a/specification/security/create_cross_cluster_api_key/CreateCrossClusterApiKeyRequest.ts b/specification/security/create_cross_cluster_api_key/CreateCrossClusterApiKeyRequest.ts index 853aa86ebc..24ccf3a1f0 100644 --- a/specification/security/create_cross_cluster_api_key/CreateCrossClusterApiKeyRequest.ts +++ b/specification/security/create_cross_cluster_api_key/CreateCrossClusterApiKeyRequest.ts @@ -43,6 +43,7 @@ import { Duration } from '@_types/Time' * @rest_spec_name security.create_cross_cluster_api_key * @availability stack stability=stable * @cluster_privileges manage_security + * @doc_id security-api-cross-cluster-key * @ext_doc_id remote-clusters-api-key */ export interface Request extends RequestBase { diff --git a/specification/security/create_service_token/CreateServiceTokenRequest.ts b/specification/security/create_service_token/CreateServiceTokenRequest.ts index 06efbb0581..c67d3ece8a 100644 --- a/specification/security/create_service_token/CreateServiceTokenRequest.ts +++ b/specification/security/create_service_token/CreateServiceTokenRequest.ts @@ -27,6 +27,8 @@ import { Name, Namespace, Refresh, Service } from '@_types/common' * @rest_spec_name security.create_service_token * @availability stack stability=stable * @availability serverless stability=stable visibility=private + * @cluster_privileges manage_service_account + * @doc_id security-api-create-service-token * @ext_doc_id service-accounts */ export interface Request extends RequestBase { diff --git a/specification/security/delete_privileges/SecurityDeletePrivilegesRequest.ts b/specification/security/delete_privileges/SecurityDeletePrivilegesRequest.ts index 472469b7ba..ad01fe7f03 100644 --- a/specification/security/delete_privileges/SecurityDeletePrivilegesRequest.ts +++ b/specification/security/delete_privileges/SecurityDeletePrivilegesRequest.ts @@ -25,6 +25,7 @@ import { Name, Names, Refresh } from '@_types/common' * @rest_spec_name security.delete_privileges * @availability stack since=6.4.0 stability=stable * @availability serverless stability=stable visibility=private + * @doc_id security-api-delete-privilege * @ext_doc_id security-privileges */ export interface Request extends RequestBase { diff --git a/specification/security/delete_role/SecurityDeleteRoleRequest.ts b/specification/security/delete_role/SecurityDeleteRoleRequest.ts index 5f87c08478..bb2ee6c02d 100644 --- a/specification/security/delete_role/SecurityDeleteRoleRequest.ts +++ b/specification/security/delete_role/SecurityDeleteRoleRequest.ts @@ -27,6 +27,8 @@ import { Name, Refresh } from '@_types/common' * @rest_spec_name security.delete_role * @availability stack stability=stable * @availability serverless stability=stable visibility=public + * @cluster_privileges manage_security + * @doc_id security-api-delete-role */ export interface Request extends RequestBase { path_parts: { diff --git a/specification/security/delete_role_mapping/SecurityDeleteRoleMappingRequest.ts b/specification/security/delete_role_mapping/SecurityDeleteRoleMappingRequest.ts index 36cb2c3a5c..46bf8b145b 100644 --- a/specification/security/delete_role_mapping/SecurityDeleteRoleMappingRequest.ts +++ b/specification/security/delete_role_mapping/SecurityDeleteRoleMappingRequest.ts @@ -25,6 +25,8 @@ import { Name, Refresh } from '@_types/common' * @rest_spec_name security.delete_role_mapping * @availability stack since=5.5.0 stability=stable * @availability serverless stability=stable visibility=private + * @cluster_privileges manage_security + * @doc_id security-api-delete-role-mapping */ export interface Request extends RequestBase { path_parts: { diff --git a/specification/security/delete_service_token/DeleteServiceTokenRequest.ts b/specification/security/delete_service_token/DeleteServiceTokenRequest.ts index cb6a270a5f..0de93627f3 100644 --- a/specification/security/delete_service_token/DeleteServiceTokenRequest.ts +++ b/specification/security/delete_service_token/DeleteServiceTokenRequest.ts @@ -27,6 +27,8 @@ import { Name, Namespace, Refresh, Service } from '@_types/common' * @rest_spec_name security.delete_service_token * @availability stack since=5.5.0 stability=stable * @availability serverless stability=stable visibility=private + * @cluster_privileges manage_service_account + * @doc_id security-api-delete-service-token * @ext_doc_id service-accounts */ export interface Request extends RequestBase { diff --git a/specification/security/delete_user/SecurityDeleteUserRequest.ts b/specification/security/delete_user/SecurityDeleteUserRequest.ts index 9fe555c480..8297ccd048 100644 --- a/specification/security/delete_user/SecurityDeleteUserRequest.ts +++ b/specification/security/delete_user/SecurityDeleteUserRequest.ts @@ -26,6 +26,8 @@ import { Refresh, Username } from '@_types/common' * Delete users from the native realm. * @rest_spec_name security.delete_user * @availability stack stability=stable + * @cluster_privileges manage_security + * @doc_id security-api-delete-user */ export interface Request extends RequestBase { path_parts: { diff --git a/specification/security/disable_user/SecurityDisableUserRequest.ts b/specification/security/disable_user/SecurityDisableUserRequest.ts index 6159d114ca..054372d410 100644 --- a/specification/security/disable_user/SecurityDisableUserRequest.ts +++ b/specification/security/disable_user/SecurityDisableUserRequest.ts @@ -26,6 +26,8 @@ import { Refresh, Username } from '@_types/common' * Disable users in the native realm. * @rest_spec_name security.disable_user * @availability stack stability=stable + * @cluster_privileges manage_security + * @doc_id security-api-disable-user */ export interface Request extends RequestBase { path_parts: { diff --git a/specification/security/enable_user/SecurityEnableUserRequest.ts b/specification/security/enable_user/SecurityEnableUserRequest.ts index 372936212f..3abafb269b 100644 --- a/specification/security/enable_user/SecurityEnableUserRequest.ts +++ b/specification/security/enable_user/SecurityEnableUserRequest.ts @@ -26,6 +26,8 @@ import { Refresh, Username } from '@_types/common' * Enable users in the native realm. * @rest_spec_name security.enable_user * @availability stack stability=stable + * @cluster_privileges manage_security + * @doc_id security-api-enable-user */ export interface Request extends RequestBase { path_parts: { diff --git a/specification/security/enable_user_profile/Request.ts b/specification/security/enable_user_profile/Request.ts index b236cd5b94..6c97e63778 100644 --- a/specification/security/enable_user_profile/Request.ts +++ b/specification/security/enable_user_profile/Request.ts @@ -29,6 +29,7 @@ import { Refresh } from '@_types/common' * @availability stack since=8.2.0 stability=stable * @availability serverless stability=stable visibility=private * @cluster_privileges manage_user_profile + * @doc_id security-api-enable-user-profile */ export interface Request extends RequestBase { path_parts: { diff --git a/specification/security/enroll_kibana/Request.ts b/specification/security/enroll_kibana/Request.ts index 9dbf5ac3c7..8a370f767b 100644 --- a/specification/security/enroll_kibana/Request.ts +++ b/specification/security/enroll_kibana/Request.ts @@ -25,5 +25,6 @@ import { RequestBase } from '@_types/Base' * Enable a Kibana instance to configure itself for communication with a secured Elasticsearch cluster. * @rest_spec_name security.enroll_kibana * @availability stack since=8.0.0 stability=stable + * @doc_id security-api-kibana-enrollment */ export interface Request extends RequestBase {} diff --git a/specification/security/enroll_node/Request.ts b/specification/security/enroll_node/Request.ts index a9a5b78e32..daaebbf266 100644 --- a/specification/security/enroll_node/Request.ts +++ b/specification/security/enroll_node/Request.ts @@ -25,5 +25,6 @@ import { RequestBase } from '@_types/Base' * Enroll a new node to allow it to join an existing cluster with security features enabled. * @rest_spec_name security.enroll_node * @availability stack since=8.0.0 stability=stable + * @doc_id security-api-node-enrollment */ export interface Request extends RequestBase {} diff --git a/specification/security/get_api_key/SecurityGetApiKeyRequest.ts b/specification/security/get_api_key/SecurityGetApiKeyRequest.ts index b090158aa4..7b77be23f5 100644 --- a/specification/security/get_api_key/SecurityGetApiKeyRequest.ts +++ b/specification/security/get_api_key/SecurityGetApiKeyRequest.ts @@ -30,6 +30,7 @@ import { Id, Name, Username } from '@_types/common' * @availability stack since=6.7.0 stability=stable * @availability serverless stability=stable visibility=public * @cluster_privileges manage_own_api_key, read_security + * @doc_id security-api-get-api-key */ export interface Request extends RequestBase { query_parameters: { diff --git a/specification/security/get_builtin_privileges/SecurityGetBuiltinPrivilegesRequest.ts b/specification/security/get_builtin_privileges/SecurityGetBuiltinPrivilegesRequest.ts index f113492459..7825874926 100644 --- a/specification/security/get_builtin_privileges/SecurityGetBuiltinPrivilegesRequest.ts +++ b/specification/security/get_builtin_privileges/SecurityGetBuiltinPrivilegesRequest.ts @@ -27,6 +27,7 @@ import { RequestBase } from '@_types/Base' * @availability stack since=7.3.0 stability=stable * @availability serverless stability=stable visibility=public * @cluster_privileges manage_security + * @doc_id security-api-get-builtin-privileges * @ext_doc_id security-privileges */ export interface Request extends RequestBase {} diff --git a/specification/security/get_privileges/SecurityGetPrivilegesRequest.ts b/specification/security/get_privileges/SecurityGetPrivilegesRequest.ts index 9c1dc0671e..2e0267657d 100644 --- a/specification/security/get_privileges/SecurityGetPrivilegesRequest.ts +++ b/specification/security/get_privileges/SecurityGetPrivilegesRequest.ts @@ -25,6 +25,8 @@ import { Name, Names } from '@_types/common' * @rest_spec_name security.get_privileges * @availability stack since=6.4.0 stability=stable * @availability serverless stability=stable visibility=private + * @cluster_privileges read_security + * @doc_id security-api-get-privileges * @ext_doc_id security-privileges */ export interface Request extends RequestBase { diff --git a/specification/security/get_role/SecurityGetRoleRequest.ts b/specification/security/get_role/SecurityGetRoleRequest.ts index 34c38d2c46..6cbf72a22e 100644 --- a/specification/security/get_role/SecurityGetRoleRequest.ts +++ b/specification/security/get_role/SecurityGetRoleRequest.ts @@ -27,7 +27,8 @@ import { Names } from '@_types/common' * @rest_spec_name security.get_role * @availability stack stability=stable * @availability serverless stability=stable visibility=public - * @cluster_privileges manage_security + * @cluster_privileges read_security + * @doc_id security-api-get-role */ export interface Request extends RequestBase { path_parts: { diff --git a/specification/security/get_role_mapping/SecurityGetRoleMappingRequest.ts b/specification/security/get_role_mapping/SecurityGetRoleMappingRequest.ts index 89af3fbd49..303d417892 100644 --- a/specification/security/get_role_mapping/SecurityGetRoleMappingRequest.ts +++ b/specification/security/get_role_mapping/SecurityGetRoleMappingRequest.ts @@ -30,6 +30,7 @@ import { Names } from '@_types/common' * @availability stack since=5.5.0 stability=stable * @availability serverless stability=stable visibility=private * @cluster_privileges manage_security + * @doc_id security-api-get-role-mapping * @ext_doc_id mapping-roles */ export interface Request extends RequestBase { diff --git a/specification/security/get_service_accounts/GetServiceAccountsRequest.ts b/specification/security/get_service_accounts/GetServiceAccountsRequest.ts index ba780e77c7..1f896c188d 100644 --- a/specification/security/get_service_accounts/GetServiceAccountsRequest.ts +++ b/specification/security/get_service_accounts/GetServiceAccountsRequest.ts @@ -28,6 +28,7 @@ import { Namespace, Service } from '@_types/common' * @availability stack since=7.13.0 stability=stable * @availability serverless stability=stable visibility=private * @cluster_privileges manage_service_account + * @doc_id security-api-get-service-accounts * @ext_doc_id service-accounts */ export interface Request extends RequestBase { diff --git a/specification/security/get_service_credentials/GetServiceCredentialsRequest.ts b/specification/security/get_service_credentials/GetServiceCredentialsRequest.ts index fcb64f51eb..53aa1da854 100644 --- a/specification/security/get_service_credentials/GetServiceCredentialsRequest.ts +++ b/specification/security/get_service_credentials/GetServiceCredentialsRequest.ts @@ -25,6 +25,8 @@ import { Name, Namespace } from '@_types/common' * @rest_spec_name security.get_service_credentials * @availability stack since=7.13.0 stability=stable * @availability serverless stability=stable visibility=private + * @cluster_privileges read_security + * @doc_id security-api-get-service-credentials * @ext_doc_id service-accounts */ export interface Request extends RequestBase { diff --git a/specification/security/get_token/GetUserAccessTokenRequest.ts b/specification/security/get_token/GetUserAccessTokenRequest.ts index 4e163fa9b9..551e075fe0 100644 --- a/specification/security/get_token/GetUserAccessTokenRequest.ts +++ b/specification/security/get_token/GetUserAccessTokenRequest.ts @@ -29,6 +29,8 @@ import { AccessTokenGrantType } from './types' * @rest_spec_name security.get_token * @availability stack since=5.5.0 stability=stable * @availability serverless stability=stable visibility=private + * @cluster_privileges manage_token + * @doc_id security-api-get-token */ export interface Request extends RequestBase { body: { diff --git a/specification/security/get_user/SecurityGetUserRequest.ts b/specification/security/get_user/SecurityGetUserRequest.ts index 376a497879..0ed476eab8 100644 --- a/specification/security/get_user/SecurityGetUserRequest.ts +++ b/specification/security/get_user/SecurityGetUserRequest.ts @@ -26,6 +26,8 @@ import { Username } from '@_types/common' * Get information about users in the native realm and built-in users. * @rest_spec_name security.get_user * @availability stack stability=stable + * @cluster_privileges read_security + * @doc_id security-api-get-user */ export interface Request extends RequestBase { path_parts: { diff --git a/specification/security/get_user_privileges/SecurityGetUserPrivilegesRequest.ts b/specification/security/get_user_privileges/SecurityGetUserPrivilegesRequest.ts index a549b6f186..4b81405970 100644 --- a/specification/security/get_user_privileges/SecurityGetUserPrivilegesRequest.ts +++ b/specification/security/get_user_privileges/SecurityGetUserPrivilegesRequest.ts @@ -25,6 +25,7 @@ import { Name } from '@_types/common' * @rest_spec_name security.get_user_privileges * @availability stack since=6.5.0 stability=stable * @availability serverless stability=stable visibility=private + * @doc_id security-api-get-user-privileges */ export interface Request extends RequestBase { query_parameters: { diff --git a/specification/security/get_user_profile/Request.ts b/specification/security/get_user_profile/Request.ts index 81cd5a3a6a..3a810b14d5 100644 --- a/specification/security/get_user_profile/Request.ts +++ b/specification/security/get_user_profile/Request.ts @@ -28,6 +28,7 @@ import { RequestBase } from '@_types/Base' * @availability stack since=8.2.0 stability=stable * @availability serverless stability=stable visibility=private * @cluster_privileges manage_user_profile + * @doc_id security-api-get-user-profile */ export interface Request extends RequestBase { path_parts: { diff --git a/specification/security/grant_api_key/SecurityGrantApiKeyRequest.ts b/specification/security/grant_api_key/SecurityGrantApiKeyRequest.ts index 30e7478208..f35a580e5d 100644 --- a/specification/security/grant_api_key/SecurityGrantApiKeyRequest.ts +++ b/specification/security/grant_api_key/SecurityGrantApiKeyRequest.ts @@ -41,6 +41,7 @@ import { ApiKeyGrantType, GrantApiKey } from './types' * @availability stack since=7.9.0 stability=stable * @availability serverless stability=stable visibility=private * @cluster_privileges grant_api_key + * @doc_id security-api-grant-api-key */ export interface Request extends RequestBase { body: { diff --git a/specification/security/has_privileges/SecurityHasPrivilegesRequest.ts b/specification/security/has_privileges/SecurityHasPrivilegesRequest.ts index 560746e548..31a6963523 100644 --- a/specification/security/has_privileges/SecurityHasPrivilegesRequest.ts +++ b/specification/security/has_privileges/SecurityHasPrivilegesRequest.ts @@ -29,6 +29,7 @@ import { ApplicationPrivilegesCheck, IndexPrivilegesCheck } from './types' * @rest_spec_name security.has_privileges * @availability stack since=6.4.0 stability=stable * @availability serverless stability=stable visibility=public + * @doc_id security-api-has-privileges * @ext_doc_id security-privileges */ export interface Request extends RequestBase { diff --git a/specification/security/has_privileges_user_profile/Request.ts b/specification/security/has_privileges_user_profile/Request.ts index 7f6a6d4eaf..433f09dda7 100644 --- a/specification/security/has_privileges_user_profile/Request.ts +++ b/specification/security/has_privileges_user_profile/Request.ts @@ -28,7 +28,8 @@ import { PrivilegesCheck } from './types' * @rest_spec_name security.has_privileges_user_profile * @availability stack since=8.3.0 stability=stable * @availability serverless stability=stable visibility=private - * @cluster_privileges manage_user_profile + * @cluster_privileges read_security + * @doc_id security-api-has-privileges-profile * @ext_doc_id user-profile */ export interface Request extends RequestBase { diff --git a/specification/security/invalidate_api_key/SecurityInvalidateApiKeyRequest.ts b/specification/security/invalidate_api_key/SecurityInvalidateApiKeyRequest.ts index 96c1f01c20..628b4f88b3 100644 --- a/specification/security/invalidate_api_key/SecurityInvalidateApiKeyRequest.ts +++ b/specification/security/invalidate_api_key/SecurityInvalidateApiKeyRequest.ts @@ -35,6 +35,7 @@ import { Id, Name, Username } from '@_types/common' * @availability stack since=6.7.0 stability=stable * @availability serverless stability=stable visibility=public * @cluster_privileges manage_api_key, manage_own_api_key + * @doc_id security-api-invalidate-api-key */ export interface Request extends RequestBase { body: { diff --git a/specification/security/invalidate_token/SecurityInvalidateTokenRequest.ts b/specification/security/invalidate_token/SecurityInvalidateTokenRequest.ts index 0e1ef59e2a..c763233c4f 100644 --- a/specification/security/invalidate_token/SecurityInvalidateTokenRequest.ts +++ b/specification/security/invalidate_token/SecurityInvalidateTokenRequest.ts @@ -32,6 +32,7 @@ import { Name, Username } from '@_types/common' * @rest_spec_name security.invalidate_token * @availability stack since=5.5.0 stability=stable * @availability serverless stability=stable visibility=private + * @doc_id security-api-invalidate-token */ export interface Request extends RequestBase { body: { diff --git a/specification/security/put_privileges/SecurityPutPrivilegesRequest.ts b/specification/security/put_privileges/SecurityPutPrivilegesRequest.ts index 90c7694e46..20574835da 100644 --- a/specification/security/put_privileges/SecurityPutPrivilegesRequest.ts +++ b/specification/security/put_privileges/SecurityPutPrivilegesRequest.ts @@ -27,6 +27,8 @@ import { Actions } from './types' * @rest_spec_name security.put_privileges * @availability stack since=6.4.0 stability=stable * @availability serverless stability=stable visibility=private + * @cluster_privileges manage_security + * @doc_id security-api-put-privileges * @ext_doc_id security-privileges */ export interface Request extends RequestBase { diff --git a/specification/security/put_role/SecurityPutRoleRequest.ts b/specification/security/put_role/SecurityPutRoleRequest.ts index 5614e4b344..54fa737ef2 100644 --- a/specification/security/put_role/SecurityPutRoleRequest.ts +++ b/specification/security/put_role/SecurityPutRoleRequest.ts @@ -39,6 +39,7 @@ import { Metadata, Name, Refresh } from '@_types/common' * @availability stack stability=stable * @availability serverless stability=stable visibility=public * @cluster_privileges manage_security + * @doc_id security-api-put-role * @ext_doc_id defining-roles */ export interface Request extends RequestBase { diff --git a/specification/security/put_role_mapping/SecurityPutRoleMappingRequest.ts b/specification/security/put_role_mapping/SecurityPutRoleMappingRequest.ts index 4061546c0e..0ebc98a6da 100644 --- a/specification/security/put_role_mapping/SecurityPutRoleMappingRequest.ts +++ b/specification/security/put_role_mapping/SecurityPutRoleMappingRequest.ts @@ -34,6 +34,8 @@ import { Metadata, Name, Refresh } from '@_types/common' * @rest_spec_name security.put_role_mapping * @availability stack since=5.5.0 stability=stable * @availability serverless stability=stable visibility=private + * @cluster_privileges manage_security + * @doc_id security-api-put-role-mapping * @ext_doc_id mapping-roles */ export interface Request extends RequestBase { diff --git a/specification/security/put_user/SecurityPutUserRequest.ts b/specification/security/put_user/SecurityPutUserRequest.ts index 7e366a6983..d97fb0dade 100644 --- a/specification/security/put_user/SecurityPutUserRequest.ts +++ b/specification/security/put_user/SecurityPutUserRequest.ts @@ -27,6 +27,8 @@ import { Metadata, Password, Refresh, Username } from '@_types/common' * To change a user’s password without updating any other fields, use the change password API. * @rest_spec_name security.put_user * @availability stack stability=stable + * @cluster_privileges manage_security + * @doc_id security-api-put-user */ export interface Request extends RequestBase { path_parts: { diff --git a/specification/security/query_api_keys/QueryApiKeysRequest.ts b/specification/security/query_api_keys/QueryApiKeysRequest.ts index 363182881a..476a4a6d11 100644 --- a/specification/security/query_api_keys/QueryApiKeysRequest.ts +++ b/specification/security/query_api_keys/QueryApiKeysRequest.ts @@ -31,6 +31,7 @@ import { ApiKeyAggregationContainer, ApiKeyQueryContainer } from './types' * @availability stack since=7.15.0 stability=stable * @availability serverless stability=stable visibility=public * @cluster_privileges manage_own_api_key, read_security + * @doc_id security-api-query-api-key */ export interface Request extends RequestBase { query_parameters: { diff --git a/specification/security/query_role/QueryRolesRequest.ts b/specification/security/query_role/QueryRolesRequest.ts index 9d0a93dde6..46b5bca940 100644 --- a/specification/security/query_role/QueryRolesRequest.ts +++ b/specification/security/query_role/QueryRolesRequest.ts @@ -30,6 +30,7 @@ import { RoleQueryContainer } from './types' * @availability stack since=8.15.0 stability=stable * @availability serverless stability=stable visibility=private * @cluster_privileges read_security + * @doc_id security-api-query-role */ export interface Request extends RequestBase { body: { diff --git a/specification/security/query_user/SecurityQueryUserRequest.ts b/specification/security/query_user/SecurityQueryUserRequest.ts index e567ed96a4..58cb904acd 100644 --- a/specification/security/query_user/SecurityQueryUserRequest.ts +++ b/specification/security/query_user/SecurityQueryUserRequest.ts @@ -31,6 +31,7 @@ import { UserQueryContainer } from './types' * @availability stack since=8.14.0 stability=stable * @availability serverless stability=stable visibility=private * @cluster_privileges read_security + * @doc_id security-api-query-user */ export interface Request extends RequestBase { body: { diff --git a/specification/security/saml_authenticate/Request.ts b/specification/security/saml_authenticate/Request.ts index f3361e17e1..951d5e7602 100644 --- a/specification/security/saml_authenticate/Request.ts +++ b/specification/security/saml_authenticate/Request.ts @@ -27,6 +27,7 @@ import { Ids } from '@_types/common' * @rest_spec_name security.saml_authenticate * @availability stack since=7.5.0 stability=stable * @availability serverless stability=stable visibility=private + * @doc_id security-api-saml-authenticate */ export interface Request extends RequestBase { body: { diff --git a/specification/security/saml_complete_logout/Request.ts b/specification/security/saml_complete_logout/Request.ts index f85e46086a..217a4efd3f 100644 --- a/specification/security/saml_complete_logout/Request.ts +++ b/specification/security/saml_complete_logout/Request.ts @@ -27,6 +27,7 @@ import { Ids } from '@_types/common' * @rest_spec_name security.saml_complete_logout * @availability stack since=7.14.0 stability=stable * @availability serverless stability=stable visibility=private + * @doc_id security-api-saml-complete-logout */ export interface Request extends RequestBase { body: { diff --git a/specification/security/saml_invalidate/Request.ts b/specification/security/saml_invalidate/Request.ts index 687efc679c..5d9ccedd2c 100644 --- a/specification/security/saml_invalidate/Request.ts +++ b/specification/security/saml_invalidate/Request.ts @@ -26,6 +26,7 @@ import { RequestBase } from '@_types/Base' * @rest_spec_name security.saml_invalidate * @availability stack since=7.5.0 stability=stable * @availability serverless stability=stable visibility=private + * @doc_id security-api-saml-invalidate */ export interface Request extends RequestBase { body: { diff --git a/specification/security/saml_logout/Request.ts b/specification/security/saml_logout/Request.ts index 672f43f422..4a3f6589a6 100644 --- a/specification/security/saml_logout/Request.ts +++ b/specification/security/saml_logout/Request.ts @@ -26,6 +26,7 @@ import { RequestBase } from '@_types/Base' * @rest_spec_name security.saml_logout * @availability stack since=7.5.0 stability=stable * @availability serverless stability=stable visibility=private + * @doc_id security-api-saml-logout */ export interface Request extends RequestBase { body: { diff --git a/specification/security/saml_prepare_authentication/Request.ts b/specification/security/saml_prepare_authentication/Request.ts index 994cf0b915..7ede3e14f3 100644 --- a/specification/security/saml_prepare_authentication/Request.ts +++ b/specification/security/saml_prepare_authentication/Request.ts @@ -26,6 +26,7 @@ import { RequestBase } from '@_types/Base' * @rest_spec_name security.saml_prepare_authentication * @availability stack since=7.5.0 stability=stable * @availability serverless stability=stable visibility=private + * @doc_id security-api-saml-prepare-authentication */ export interface Request extends RequestBase { body: { diff --git a/specification/security/saml_service_provider_metadata/Request.ts b/specification/security/saml_service_provider_metadata/Request.ts index 3f285b066e..407f70a3b4 100644 --- a/specification/security/saml_service_provider_metadata/Request.ts +++ b/specification/security/saml_service_provider_metadata/Request.ts @@ -27,6 +27,7 @@ import { Name } from '@_types/common' * @rest_spec_name security.saml_service_provider_metadata * @availability stack since=7.11.0 stability=stable * @availability serverless stability=stable visibility=private + * @doc_id security-api-saml-sp-metadata */ export interface Request extends RequestBase { path_parts: { diff --git a/specification/security/suggest_user_profiles/Request.ts b/specification/security/suggest_user_profiles/Request.ts index 29cf4d6daf..0ffee16e57 100644 --- a/specification/security/suggest_user_profiles/Request.ts +++ b/specification/security/suggest_user_profiles/Request.ts @@ -28,6 +28,8 @@ import { Hint } from './types' * @rest_spec_name security.suggest_user_profiles * @availability stack since=8.2.0 stability=stable * @availability serverless stability=stable visibility=private + * @cluster_privileges read_security + * @doc_id security-api-suggest */ export interface Request extends RequestBase { query_parameters: { diff --git a/specification/security/update_api_key/Request.ts b/specification/security/update_api_key/Request.ts index 790d25c1ea..414124f3d2 100644 --- a/specification/security/update_api_key/Request.ts +++ b/specification/security/update_api_key/Request.ts @@ -43,6 +43,7 @@ import { Duration } from '@_types/Time' * @availability stack since=8.4.0 stability=stable * @availability serverless stability=stable visibility=public * @cluster_privileges manage_own_api_key + * @doc_id security-api-update-key */ export interface Request extends RequestBase { path_parts: { diff --git a/specification/security/update_cross_cluster_api_key/UpdateCrossClusterApiKeyRequest.ts b/specification/security/update_cross_cluster_api_key/UpdateCrossClusterApiKeyRequest.ts index 4cadb5f200..bc56df2df0 100644 --- a/specification/security/update_cross_cluster_api_key/UpdateCrossClusterApiKeyRequest.ts +++ b/specification/security/update_cross_cluster_api_key/UpdateCrossClusterApiKeyRequest.ts @@ -28,6 +28,8 @@ import { Duration } from '@_types/Time' * Update the attributes of an existing cross-cluster API key, which is used for API key based remote cluster access. * @rest_spec_name security.update_cross_cluster_api_key * @availability stack stability=stable + * @cluster_privileges manage_security + * @doc_id security-api-cross-cluster-key-update * @ext_doc_id remote-clusters-api-key */ export interface Request extends RequestBase { diff --git a/specification/security/update_user_profile_data/Request.ts b/specification/security/update_user_profile_data/Request.ts index cd03ee460b..8c70ef5668 100644 --- a/specification/security/update_user_profile_data/Request.ts +++ b/specification/security/update_user_profile_data/Request.ts @@ -32,6 +32,7 @@ import { long } from '@_types/Numeric' * @availability stack since=8.2.0 stability=stable * @availability serverless stability=stable visibility=private * @cluster_privileges manage_user_profile + * @doc_id security-api-update-user-data */ export interface Request extends RequestBase { path_parts: { diff --git a/specification/ssl/certificates/GetCertificatesRequest.ts b/specification/ssl/certificates/GetCertificatesRequest.ts index f3bf4898c7..8bcabad6c8 100644 --- a/specification/ssl/certificates/GetCertificatesRequest.ts +++ b/specification/ssl/certificates/GetCertificatesRequest.ts @@ -41,5 +41,6 @@ import { RequestBase } from '@_types/Base' * @availability stack since=6.2.0 stability=stable * @availability serverless stability=stable visibility=private * @doc_tag security + * @doc_id security-api-ssl */ export interface Request extends RequestBase {} From 7734bfff7c189ca0f9ad0300569065bbea55e5bf Mon Sep 17 00:00:00 2001 From: lcawl Date: Thu, 9 Jan 2025 12:47:27 -0800 Subject: [PATCH 2/5] Add authentication, change password, create api key examples --- .../SecurityAuthenticateResponseExample1.yaml | 24 +++++++++++ ...SecurityChangePasswordRequestExample1.yaml | 9 +++++ .../SecurityCreateApiKeyRequestExample1.yaml | 40 +++++++++++++++++++ .../SecurityCreateApiKeyResponseExample1.yaml | 12 ++++++ 4 files changed, 85 insertions(+) create mode 100644 specification/security/authenticate/examples/response/SecurityAuthenticateResponseExample1.yaml create mode 100644 specification/security/change_password/examples/request/SecurityChangePasswordRequestExample1.yaml create mode 100644 specification/security/create_api_key/examples/request/SecurityCreateApiKeyRequestExample1.yaml create mode 100644 specification/security/create_api_key/examples/response/SecurityCreateApiKeyResponseExample1.yaml diff --git a/specification/security/authenticate/examples/response/SecurityAuthenticateResponseExample1.yaml b/specification/security/authenticate/examples/response/SecurityAuthenticateResponseExample1.yaml new file mode 100644 index 0000000000..8caba6b1d6 --- /dev/null +++ b/specification/security/authenticate/examples/response/SecurityAuthenticateResponseExample1.yaml @@ -0,0 +1,24 @@ +# summary: +description: A successful response from `GET /_security/_authenticate`. +# type: response +# response_code: 200 +value: |- + { + "username": "rdeniro", + "roles": [ + "admin" + ], + "full_name": null, + "email": null, + "metadata": { }, + "enabled": true, + "authentication_realm": { + "name" : "file", + "type" : "file" + }, + "lookup_realm": { + "name" : "file", + "type" : "file" + }, + "authentication_type": "realm" + } \ No newline at end of file diff --git a/specification/security/change_password/examples/request/SecurityChangePasswordRequestExample1.yaml b/specification/security/change_password/examples/request/SecurityChangePasswordRequestExample1.yaml new file mode 100644 index 0000000000..ea33d5e81e --- /dev/null +++ b/specification/security/change_password/examples/request/SecurityChangePasswordRequestExample1.yaml @@ -0,0 +1,9 @@ +# summary: +# method_request: POST /_security/user/jacknich/_password +description: > + Run `POST /_security/user/jacknich/_password` to update the password for the `jacknich` user. +# type: request +value: |- + { + "password" : "new-test-password" + } \ No newline at end of file diff --git a/specification/security/create_api_key/examples/request/SecurityCreateApiKeyRequestExample1.yaml b/specification/security/create_api_key/examples/request/SecurityCreateApiKeyRequestExample1.yaml new file mode 100644 index 0000000000..4ae11cce94 --- /dev/null +++ b/specification/security/create_api_key/examples/request/SecurityCreateApiKeyRequestExample1.yaml @@ -0,0 +1,40 @@ +# summary: +# method_request: POST /_security/api_key +description: > + Run `POST /_security/api_key` to create an API key. + If `expiration` is not provided, the API keys do not expire. + If `role_descriptors` is not provided, the permissions of the authenticated user are applied. +# type: request +value: |- + { + "name": "my-api-key", + "expiration": "1d", + "role_descriptors": { + "role-a": { + "cluster": ["all"], + "indices": [ + { + "names": ["index-a*"], + "privileges": ["read"] + } + ] + }, + "role-b": { + "cluster": ["all"], + "indices": [ + { + "names": ["index-b*"], + "privileges": ["all"] + } + ] + } + }, + "metadata": { + "application": "my-application", + "environment": { + "level": 1, + "trusted": true, + "tags": ["dev", "staging"] + } + } + } \ No newline at end of file diff --git a/specification/security/create_api_key/examples/response/SecurityCreateApiKeyResponseExample1.yaml b/specification/security/create_api_key/examples/response/SecurityCreateApiKeyResponseExample1.yaml new file mode 100644 index 0000000000..000184e2ff --- /dev/null +++ b/specification/security/create_api_key/examples/response/SecurityCreateApiKeyResponseExample1.yaml @@ -0,0 +1,12 @@ +# summary: +description: A successful response from `POST /_security/api_key`. +# type: response +# response_code: 200 +value: |- + { + "id": "VuaCfGcBCdbkQm-e5aOx", + "name": "my-api-key", + "expiration": 1544068612110, + "api_key": "ui2lp2axTNmsyakw9tvNnw", + "encoded": "VnVhQ2ZHY0JDZGJrUW0tZTVhT3g6dWkybHAyYXhUTm1zeWFrdzl0dk5udw==" + } From a2f7fa374aef13d917976cc62476b8388eef7dd2 Mon Sep 17 00:00:00 2001 From: lcawl Date: Thu, 9 Jan 2025 16:03:33 -0800 Subject: [PATCH 3/5] Add more examples --- .../SecurityAuthenticateResponseExample1.yaml | 2 +- ...SecurityBulkDeleteRoleRequestExample1.yaml | 9 ++ ...ecurityBulkDeleteRoleResponseExample1.yaml | 11 +++ ...ecurityBulkDeleteRoleResponseExample2.yaml | 15 +++ ...ecurityBulkDeleteRoleResponseExample3.yaml | 21 +++++ .../SecurityBulkPutRoleRequestExample1.yaml | 91 +++++++++++++++++++ .../SecurityBulkPutRoleRequestExample2.yaml | 90 ++++++++++++++++++ .../SecurityBulkPutRoleRequestExample3.yaml | 20 ++++ .../SecurityBulkPutRoleResponseExample1.yaml | 12 +++ .../SecurityBulkPutRoleResponseExample2.yaml | 22 +++++ ...SecurityChangePasswordRequestExample1.yaml | 2 +- .../SecurityCreateApiKeyRequestExample1.yaml | 2 +- .../SecurityPutPrivilegesRequestExample1.yaml | 19 ++++ .../SecurityPutPrivilegesRequestExample2.yaml | 21 +++++ ...SecurityPutPrivilegesResponseExample1.yaml | 12 +++ ...SecurityPutPrivilegesResponseExample2.yaml | 22 +++++ .../SecurityPutRoleRequestExample1.yaml | 30 ++++++ .../SecurityPutRoleRequestExample2.yaml | 14 +++ .../SecurityPutRoleRequestExample3.yaml | 20 ++++ .../SecurityPutRoleResponseExample1.yaml | 10 ++ ...SecurityPutRoleMappingRequestExample1.yaml | 16 ++++ ...SecurityPutRoleMappingRequestExample2.yaml | 13 +++ ...SecurityPutRoleMappingRequestExample3.yaml | 13 +++ ...SecurityPutRoleMappingRequestExample4.yaml | 26 ++++++ ...SecurityPutRoleMappingRequestExample5.yaml | 19 ++++ ...SecurityPutRoleMappingRequestExample6.yaml | 26 ++++++ ...SecurityPutRoleMappingRequestExample7.yaml | 16 ++++ ...SecurityPutRoleMappingRequestExample8.yaml | 40 ++++++++ ...SecurityPutRoleMappingRequestExample9.yaml | 16 ++++ ...ecurityPutRoleMappingResponseExample1.yaml | 10 ++ .../SecurityPutUserRequestExample1.yaml | 15 +++ .../SecurityPutUserResponseExample1.yaml | 10 ++ 32 files changed, 662 insertions(+), 3 deletions(-) create mode 100644 specification/security/bulk_delete_role/examples/request/SecurityBulkDeleteRoleRequestExample1.yaml create mode 100644 specification/security/bulk_delete_role/examples/response/SecurityBulkDeleteRoleResponseExample1.yaml create mode 100644 specification/security/bulk_delete_role/examples/response/SecurityBulkDeleteRoleResponseExample2.yaml create mode 100644 specification/security/bulk_delete_role/examples/response/SecurityBulkDeleteRoleResponseExample3.yaml create mode 100644 specification/security/bulk_put_role/examples/request/SecurityBulkPutRoleRequestExample1.yaml create mode 100644 specification/security/bulk_put_role/examples/request/SecurityBulkPutRoleRequestExample2.yaml create mode 100644 specification/security/bulk_put_role/examples/request/SecurityBulkPutRoleRequestExample3.yaml create mode 100644 specification/security/bulk_put_role/examples/response/SecurityBulkPutRoleResponseExample1.yaml create mode 100644 specification/security/bulk_put_role/examples/response/SecurityBulkPutRoleResponseExample2.yaml create mode 100644 specification/security/put_privileges/examples/request/SecurityPutPrivilegesRequestExample1.yaml create mode 100644 specification/security/put_privileges/examples/request/SecurityPutPrivilegesRequestExample2.yaml create mode 100644 specification/security/put_privileges/examples/response/SecurityPutPrivilegesResponseExample1.yaml create mode 100644 specification/security/put_privileges/examples/response/SecurityPutPrivilegesResponseExample2.yaml create mode 100644 specification/security/put_role/examples/request/SecurityPutRoleRequestExample1.yaml create mode 100644 specification/security/put_role/examples/request/SecurityPutRoleRequestExample2.yaml create mode 100644 specification/security/put_role/examples/request/SecurityPutRoleRequestExample3.yaml create mode 100644 specification/security/put_role/examples/response/SecurityPutRoleResponseExample1.yaml create mode 100644 specification/security/put_role_mapping/examples/request/SecurityPutRoleMappingRequestExample1.yaml create mode 100644 specification/security/put_role_mapping/examples/request/SecurityPutRoleMappingRequestExample2.yaml create mode 100644 specification/security/put_role_mapping/examples/request/SecurityPutRoleMappingRequestExample3.yaml create mode 100644 specification/security/put_role_mapping/examples/request/SecurityPutRoleMappingRequestExample4.yaml create mode 100644 specification/security/put_role_mapping/examples/request/SecurityPutRoleMappingRequestExample5.yaml create mode 100644 specification/security/put_role_mapping/examples/request/SecurityPutRoleMappingRequestExample6.yaml create mode 100644 specification/security/put_role_mapping/examples/request/SecurityPutRoleMappingRequestExample7.yaml create mode 100644 specification/security/put_role_mapping/examples/request/SecurityPutRoleMappingRequestExample8.yaml create mode 100644 specification/security/put_role_mapping/examples/request/SecurityPutRoleMappingRequestExample9.yaml create mode 100644 specification/security/put_role_mapping/examples/response/SecurityPutRoleMappingResponseExample1.yaml create mode 100644 specification/security/put_user/examples/request/SecurityPutUserRequestExample1.yaml create mode 100644 specification/security/put_user/examples/response/SecurityPutUserResponseExample1.yaml diff --git a/specification/security/authenticate/examples/response/SecurityAuthenticateResponseExample1.yaml b/specification/security/authenticate/examples/response/SecurityAuthenticateResponseExample1.yaml index 8caba6b1d6..fba200c641 100644 --- a/specification/security/authenticate/examples/response/SecurityAuthenticateResponseExample1.yaml +++ b/specification/security/authenticate/examples/response/SecurityAuthenticateResponseExample1.yaml @@ -21,4 +21,4 @@ value: |- "type" : "file" }, "authentication_type": "realm" - } \ No newline at end of file + } diff --git a/specification/security/bulk_delete_role/examples/request/SecurityBulkDeleteRoleRequestExample1.yaml b/specification/security/bulk_delete_role/examples/request/SecurityBulkDeleteRoleRequestExample1.yaml new file mode 100644 index 0000000000..808e96edad --- /dev/null +++ b/specification/security/bulk_delete_role/examples/request/SecurityBulkDeleteRoleRequestExample1.yaml @@ -0,0 +1,9 @@ +summary: Bulk delete example 1 +# method_request: DELETE /_security/role +description: > + Run DELETE /_security/role` to delete `my_admin_role` and `my_user_role` roles. +# type: request +value: |- + { + "names": ["my_admin_role", "my_user_role"] + } diff --git a/specification/security/bulk_delete_role/examples/response/SecurityBulkDeleteRoleResponseExample1.yaml b/specification/security/bulk_delete_role/examples/response/SecurityBulkDeleteRoleResponseExample1.yaml new file mode 100644 index 0000000000..549defa88a --- /dev/null +++ b/specification/security/bulk_delete_role/examples/response/SecurityBulkDeleteRoleResponseExample1.yaml @@ -0,0 +1,11 @@ +summary: A successful response +description: A successful response from `DELETE /_security/role`. +# type: response +# response_code: +value: |- + { + "deleted": [ + "my_admin_role", + "my_user_role" + ] + } diff --git a/specification/security/bulk_delete_role/examples/response/SecurityBulkDeleteRoleResponseExample2.yaml b/specification/security/bulk_delete_role/examples/response/SecurityBulkDeleteRoleResponseExample2.yaml new file mode 100644 index 0000000000..d4085d2896 --- /dev/null +++ b/specification/security/bulk_delete_role/examples/response/SecurityBulkDeleteRoleResponseExample2.yaml @@ -0,0 +1,15 @@ +summary: A response with not_found roles +description: > + A partially successful response from `DELETE /_security/role`. + If a role cannot be found, it appears in the `not_found` list in the response. +# type: response +# response_code: +value: |- + { + "deleted": [ + "my_admin_role" + ], + "not_found": [ + "not_an_existing_role" + ] + } diff --git a/specification/security/bulk_delete_role/examples/response/SecurityBulkDeleteRoleResponseExample3.yaml b/specification/security/bulk_delete_role/examples/response/SecurityBulkDeleteRoleResponseExample3.yaml new file mode 100644 index 0000000000..802e9acfd7 --- /dev/null +++ b/specification/security/bulk_delete_role/examples/response/SecurityBulkDeleteRoleResponseExample3.yaml @@ -0,0 +1,21 @@ +summary: A response with errors +description: > + A partially successful response from `DELETE /_security/role`. + If part of a request fails or is invalid, the response includes `errors`. +# type: response +# response_code: +value: |- + { + "deleted": [ + "my_admin_role" + ], + "errors": { + "count": 1, + "details": { + "superuser": { + "type": "illegal_argument_exception", + "reason": "role [superuser] is reserved and cannot be deleted" + } + } + } + } diff --git a/specification/security/bulk_put_role/examples/request/SecurityBulkPutRoleRequestExample1.yaml b/specification/security/bulk_put_role/examples/request/SecurityBulkPutRoleRequestExample1.yaml new file mode 100644 index 0000000000..36d1b502e4 --- /dev/null +++ b/specification/security/bulk_put_role/examples/request/SecurityBulkPutRoleRequestExample1.yaml @@ -0,0 +1,91 @@ +summary: Bulk role success +# method_request: POST /_security/role +description: > + Run `POST /_security/role` to add roles called `my_admin_role` and `my_user_role`. +# type: request +value: |- + { + "roles": { + "my_admin_role": { + "cluster": [ + "all" + ], + "indices": [ + { + "names": [ + "index1", + "index2" + ], + "privileges": [ + "all" + ], + "field_security": { + "grant": [ + "title", + "body" + ] + }, + "query": "{\"match\": {\"title\": \"foo\"}}" + } + ], + "applications": [ + { + "application": "myapp", + "privileges": [ + "admin", + "read" + ], + "resources": [ + "*" + ] + } + ], + "run_as": [ + "other_user" + ], + "metadata": { + "version": 1 + } + }, + "my_user_role": { + "cluster": [ + "all" + ], + "indices": [ + { + "names": [ + "index1" + ], + "privileges": [ + "read" + ], + "field_security": { + "grant": [ + "title", + "body" + ] + }, + "query": "{\"match\": {\"title\": \"foo\"}}" + } + ], + "applications": [ + { + "application": "myapp", + "privileges": [ + "admin", + "read" + ], + "resources": [ + "*" + ] + } + ], + "run_as": [ + "other_user" + ], + "metadata": { + "version": 1 + } + } + } + } diff --git a/specification/security/bulk_put_role/examples/request/SecurityBulkPutRoleRequestExample2.yaml b/specification/security/bulk_put_role/examples/request/SecurityBulkPutRoleRequestExample2.yaml new file mode 100644 index 0000000000..82ccbc1705 --- /dev/null +++ b/specification/security/bulk_put_role/examples/request/SecurityBulkPutRoleRequestExample2.yaml @@ -0,0 +1,90 @@ +summary: Bulk role errors +# method_request: POST /_security/role +description: > + Because errors are handled individually for each role create or update, the API allows partial success. + For example, `POST /_security/role` would throw an error for `my_admin_role` because the privilege `bad_cluster_privilege` doesn't exist, but would be successful for the `my_user_role`. +# type: request +value: |- + { + "roles": { + "my_admin_role": { + "cluster": [ + "bad_cluster_privilege" + ], + "indices": [ + { + "names": [ + "index1", + "index2" + ], + "privileges": ["all"], + "field_security": { + "grant": [ + "title", + "body" + ] + }, + "query": "{\"match\": {\"title\": \"foo\"}}" + } + ], + "applications": [ + { + "application": "myapp", + "privileges": [ + "admin", + "read" + ], + "resources": [ + "*" + ] + } + ], + "run_as": [ + "other_user" + ], + "metadata": { + "version": 1 + } + }, + "my_user_role": { + "cluster": [ + "all" + ], + "indices": [ + { + "names": [ + "index1" + ], + "privileges": [ + "read" + ], + "field_security": { + "grant": [ + "title", + "body" + ] + }, + "query": "{\"match\": {\"title\": \"foo\"}}" + } + ], + "applications": [ + { + "application": "myapp", + "privileges": [ + "admin", + "read" + ], + "resources": [ + "*" + ] + } + ], + "run_as": [ + "other_user" + ], + "metadata": { + "version": 1 + } + } + } + } diff --git a/specification/security/bulk_put_role/examples/request/SecurityBulkPutRoleRequestExample3.yaml b/specification/security/bulk_put_role/examples/request/SecurityBulkPutRoleRequestExample3.yaml new file mode 100644 index 0000000000..0f09ba2831 --- /dev/null +++ b/specification/security/bulk_put_role/examples/request/SecurityBulkPutRoleRequestExample3.yaml @@ -0,0 +1,20 @@ +summary: Role example 3 +# method_request: POST /_security/role/only_remote_access_role +description: Run `POST /_security/role/only_remote_access_role` to configure a role with remote indices and remote cluster privileges for a remote cluster. +# type: request +value: |- + { + "remote_indices": [ + { + "clusters": ["my_remote"], + "names": ["logs*"], + "privileges": ["read", "read_cross_cluster", "view_index_metadata"] + } + ], + "remote_cluster": [ + { + "clusters": ["my_remote"], + "privileges": ["monitor_stats"] + } + ] + } diff --git a/specification/security/bulk_put_role/examples/response/SecurityBulkPutRoleResponseExample1.yaml b/specification/security/bulk_put_role/examples/response/SecurityBulkPutRoleResponseExample1.yaml new file mode 100644 index 0000000000..57cad901da --- /dev/null +++ b/specification/security/bulk_put_role/examples/response/SecurityBulkPutRoleResponseExample1.yaml @@ -0,0 +1,12 @@ +summary: A successful response +description: > + A successful response from `POST /_security/role/my_admin_role` returns a JSON structure that shows whether the role has been created, updated, or had no changes made. +# type: response +# response_code: +value: |- + { + "created": [ + "my_admin_role", + "my_user_role" + ] + } diff --git a/specification/security/bulk_put_role/examples/response/SecurityBulkPutRoleResponseExample2.yaml b/specification/security/bulk_put_role/examples/response/SecurityBulkPutRoleResponseExample2.yaml new file mode 100644 index 0000000000..3a8acd2f74 --- /dev/null +++ b/specification/security/bulk_put_role/examples/response/SecurityBulkPutRoleResponseExample2.yaml @@ -0,0 +1,22 @@ +summary: A partially successful response +description: > + A partially successful response from `POST /_security/role`. + Errors are handled individually for each role create or update, thus the API allows partial success. + In this example, the creation of the `my_user_role` role succeeds and the `my_admin_role` role fails. +# type: response +# response_code: +value: |- + { + "created": [ + "my_user_role" + ], + "errors": { + "count": 1, + "details": { + "my_admin_role": { + "type": "action_request_validation_exception", + "reason": "Validation Failed: 1: unknown cluster privilege [bad_cluster_privilege]. a privilege must be either one of the predefined cluster privilege names [manage_own_api_key,manage_data_stream_global_retention,monitor_data_stream_global_retention,none,cancel_task,cross_cluster_replication,cross_cluster_search,delegate_pki,grant_api_key,manage_autoscaling,manage_index_templates,manage_logstash_pipelines,manage_oidc,manage_saml,manage_search_application,manage_search_query_rules,manage_search_synonyms,manage_service_account,manage_token,manage_user_profile,monitor_connector,monitor_enrich,monitor_inference,monitor_ml,monitor_rollup,monitor_snapshot,monitor_stats,monitor_text_structure,monitor_watcher,post_behavioral_analytics_event,read_ccr,read_connector_secrets,read_fleet_secrets,read_ilm,read_pipeline,read_security,read_slm,transport_client,write_connector_secrets,write_fleet_secrets,create_snapshot,manage_behavioral_analytics,manage_ccr,manage_connector,manage_enrich,manage_ilm,manage_inference,manage_ml,manage_rollup,manage_slm,manage_watcher,monitor_data_frame_transforms,monitor_transform,manage_api_key,manage_ingest_pipelines,manage_pipeline,manage_data_frame_transforms,manage_transform,manage_security,monitor,manage,all] or a pattern over one of the available cluster actions;" + } + } + } + } diff --git a/specification/security/change_password/examples/request/SecurityChangePasswordRequestExample1.yaml b/specification/security/change_password/examples/request/SecurityChangePasswordRequestExample1.yaml index ea33d5e81e..bd10be742b 100644 --- a/specification/security/change_password/examples/request/SecurityChangePasswordRequestExample1.yaml +++ b/specification/security/change_password/examples/request/SecurityChangePasswordRequestExample1.yaml @@ -6,4 +6,4 @@ description: > value: |- { "password" : "new-test-password" - } \ No newline at end of file + } diff --git a/specification/security/create_api_key/examples/request/SecurityCreateApiKeyRequestExample1.yaml b/specification/security/create_api_key/examples/request/SecurityCreateApiKeyRequestExample1.yaml index 4ae11cce94..54a1d0ed8c 100644 --- a/specification/security/create_api_key/examples/request/SecurityCreateApiKeyRequestExample1.yaml +++ b/specification/security/create_api_key/examples/request/SecurityCreateApiKeyRequestExample1.yaml @@ -37,4 +37,4 @@ value: |- "tags": ["dev", "staging"] } } - } \ No newline at end of file + } diff --git a/specification/security/put_privileges/examples/request/SecurityPutPrivilegesRequestExample1.yaml b/specification/security/put_privileges/examples/request/SecurityPutPrivilegesRequestExample1.yaml new file mode 100644 index 0000000000..2ec7c91d91 --- /dev/null +++ b/specification/security/put_privileges/examples/request/SecurityPutPrivilegesRequestExample1.yaml @@ -0,0 +1,19 @@ +summary: Add a privilege +# method_request: PUT /_security/privilege +description: > + Run `PUT /_security/privilege` to add a single application privilege. + The wildcard (`*`) means that this privilege grants access to all actions that start with `data:read/`. +# type: request +value: |- + { + "myapp": { + "read": { + "actions": [ + "data:read/*" , + "action:login" ], + "metadata": { + "description": "Read access to myapp" + } + } + } + } diff --git a/specification/security/put_privileges/examples/request/SecurityPutPrivilegesRequestExample2.yaml b/specification/security/put_privileges/examples/request/SecurityPutPrivilegesRequestExample2.yaml new file mode 100644 index 0000000000..067223a98a --- /dev/null +++ b/specification/security/put_privileges/examples/request/SecurityPutPrivilegesRequestExample2.yaml @@ -0,0 +1,21 @@ +summary: Add multiple privileges +# method_request: PUT /_security/privilege +description: > + Run `PUT /_security/privilege` to add multiple application privileges. +# type: request +value: |- + { + "app01": { + "read": { + "actions": [ "action:login", "data:read/*" ] + }, + "write": { + "actions": [ "action:login", "data:write/*" ] + } + }, + "app02": { + "all": { + "actions": [ "*" ] + } + } + } diff --git a/specification/security/put_privileges/examples/response/SecurityPutPrivilegesResponseExample1.yaml b/specification/security/put_privileges/examples/response/SecurityPutPrivilegesResponseExample1.yaml new file mode 100644 index 0000000000..0003b8dcb1 --- /dev/null +++ b/specification/security/put_privileges/examples/response/SecurityPutPrivilegesResponseExample1.yaml @@ -0,0 +1,12 @@ +# summary: +description: A successful response from `PUT /_security/privilege`. +# type: response +# response_code: +value: |- + { + "myapp": { + "read": { + "created": true + } + } + } diff --git a/specification/security/put_privileges/examples/response/SecurityPutPrivilegesResponseExample2.yaml b/specification/security/put_privileges/examples/response/SecurityPutPrivilegesResponseExample2.yaml new file mode 100644 index 0000000000..ef4c2200de --- /dev/null +++ b/specification/security/put_privileges/examples/response/SecurityPutPrivilegesResponseExample2.yaml @@ -0,0 +1,22 @@ +# summary: +description: > + A successful response from `PUT /_security/privilege`. + The `created` property indicates whether the privileges have been created or updated. +# type: response +# response_code: +value: |- + { + "app02": { + "all": { + "created": true + } + }, + "app01": { + "read": { + "created": true + }, + "write": { + "created": true + } + } + } diff --git a/specification/security/put_role/examples/request/SecurityPutRoleRequestExample1.yaml b/specification/security/put_role/examples/request/SecurityPutRoleRequestExample1.yaml new file mode 100644 index 0000000000..4ab3f2db8b --- /dev/null +++ b/specification/security/put_role/examples/request/SecurityPutRoleRequestExample1.yaml @@ -0,0 +1,30 @@ +summary: Role example 1 +# method_request: POST /_security/role/my_admin_role +description: Run `POST /_security/role/my_admin_role` to create a role. +# type: request +value: |- + { + "description": "Grants full access to all management features within the cluster.", + "cluster": ["all"], + "indices": [ + { + "names": [ "index1", "index2" ], + "privileges": ["all"], + "field_security" : { // optional + "grant" : [ "title", "body" ] + }, + "query": "{\"match\": {\"title\": \"foo\"}}" // optional + } + ], + "applications": [ + { + "application": "myapp", + "privileges": [ "admin", "read" ], + "resources": [ "*" ] + } + ], + "run_as": [ "other_user" ], // optional + "metadata" : { // optional + "version" : 1 + } + } diff --git a/specification/security/put_role/examples/request/SecurityPutRoleRequestExample2.yaml b/specification/security/put_role/examples/request/SecurityPutRoleRequestExample2.yaml new file mode 100644 index 0000000000..3fca4e56f4 --- /dev/null +++ b/specification/security/put_role/examples/request/SecurityPutRoleRequestExample2.yaml @@ -0,0 +1,14 @@ +summary: Role example 2 +# method_request: POST /_security/role/cli_or_drivers_minimal +description: Run `POST /_security/role/cli_or_drivers_minimal` to configure a role that can run SQL in JDBC. +# type: request +value: |- + { + "cluster": ["cluster:monitor/main"], + "indices": [ + { + "names": ["test"], + "privileges": ["read", "indices:admin/get"] + } + ] + } diff --git a/specification/security/put_role/examples/request/SecurityPutRoleRequestExample3.yaml b/specification/security/put_role/examples/request/SecurityPutRoleRequestExample3.yaml new file mode 100644 index 0000000000..0f09ba2831 --- /dev/null +++ b/specification/security/put_role/examples/request/SecurityPutRoleRequestExample3.yaml @@ -0,0 +1,20 @@ +summary: Role example 3 +# method_request: POST /_security/role/only_remote_access_role +description: Run `POST /_security/role/only_remote_access_role` to configure a role with remote indices and remote cluster privileges for a remote cluster. +# type: request +value: |- + { + "remote_indices": [ + { + "clusters": ["my_remote"], + "names": ["logs*"], + "privileges": ["read", "read_cross_cluster", "view_index_metadata"] + } + ], + "remote_cluster": [ + { + "clusters": ["my_remote"], + "privileges": ["monitor_stats"] + } + ] + } diff --git a/specification/security/put_role/examples/response/SecurityPutRoleResponseExample1.yaml b/specification/security/put_role/examples/response/SecurityPutRoleResponseExample1.yaml new file mode 100644 index 0000000000..23dbc4980d --- /dev/null +++ b/specification/security/put_role/examples/response/SecurityPutRoleResponseExample1.yaml @@ -0,0 +1,10 @@ +# summary: +description: A successful response from `POST /_security/role/my_admin_role`. +# type: response +# response_code: +value: |- + { + "role": { + "created": true + } + } diff --git a/specification/security/put_role_mapping/examples/request/SecurityPutRoleMappingRequestExample1.yaml b/specification/security/put_role_mapping/examples/request/SecurityPutRoleMappingRequestExample1.yaml new file mode 100644 index 0000000000..1bf3870273 --- /dev/null +++ b/specification/security/put_role_mapping/examples/request/SecurityPutRoleMappingRequestExample1.yaml @@ -0,0 +1,16 @@ +summary: Roles for all users +# method_request: POST /_security/role_mapping/mapping1 +description: > + Run `POST /_security/role_mapping/mapping1` to assign the `user` role to all users. +# type: request +value: |- + { + "roles": [ "user"], + "enabled": true, + "rules": { + "field" : { "username" : "*" } + }, + "metadata" : { + "version" : 1 + } + } diff --git a/specification/security/put_role_mapping/examples/request/SecurityPutRoleMappingRequestExample2.yaml b/specification/security/put_role_mapping/examples/request/SecurityPutRoleMappingRequestExample2.yaml new file mode 100644 index 0000000000..d72e4bc9f3 --- /dev/null +++ b/specification/security/put_role_mapping/examples/request/SecurityPutRoleMappingRequestExample2.yaml @@ -0,0 +1,13 @@ +summary: Roles for specific users +# method_request: POST /_security/role_mapping/mapping2 +description: > + Run `POST /_security/role_mapping/mapping2` to assign the "user" and "admin" roles to specific users. +# type: request +value: |- + { + "roles": [ "user", "admin" ], + "enabled": true, + "rules": { + "field" : { "username" : [ "esadmin01", "esadmin02" ] } + } + } diff --git a/specification/security/put_role_mapping/examples/request/SecurityPutRoleMappingRequestExample3.yaml b/specification/security/put_role_mapping/examples/request/SecurityPutRoleMappingRequestExample3.yaml new file mode 100644 index 0000000000..b7cd076c89 --- /dev/null +++ b/specification/security/put_role_mapping/examples/request/SecurityPutRoleMappingRequestExample3.yaml @@ -0,0 +1,13 @@ +summary: Roles for specific realms +# method_request: POST /_security/role_mapping/mapping3 +description: > + Run `POST /_security/role_mapping/mapping3` to match users who authenticated against a specific realm. +# type: request +value: |- + { + "roles": [ "ldap-user" ], + "enabled": true, + "rules": { + "field" : { "realm.name" : "ldap1" } + } + } diff --git a/specification/security/put_role_mapping/examples/request/SecurityPutRoleMappingRequestExample4.yaml b/specification/security/put_role_mapping/examples/request/SecurityPutRoleMappingRequestExample4.yaml new file mode 100644 index 0000000000..b880691483 --- /dev/null +++ b/specification/security/put_role_mapping/examples/request/SecurityPutRoleMappingRequestExample4.yaml @@ -0,0 +1,26 @@ +summary: Roles for specific groups +# method_request: POST /_security/role_mapping/mapping4 +description: > + Run `POST /_security/role_mapping/mapping4` to match any user where either the username is `esadmin` or the user is in the `cn=admin,dc=example,dc=com group`. + This example is useful when the group names in your identity management system (such as Active Directory, or a SAML Identity Provider) do not have a one-to-one correspondence with the names of roles in Elasticsearch. + The role mapping is the means by which you link a group name with a role name. +# type: request +value: |- + { + "roles": [ "superuser" ], + "enabled": true, + "rules": { + "any": [ + { + "field": { + "username": "esadmin" + } + }, + { + "field": { + "groups": "cn=admins,dc=example,dc=com" + } + } + ] + } + } diff --git a/specification/security/put_role_mapping/examples/request/SecurityPutRoleMappingRequestExample5.yaml b/specification/security/put_role_mapping/examples/request/SecurityPutRoleMappingRequestExample5.yaml new file mode 100644 index 0000000000..d1ef728507 --- /dev/null +++ b/specification/security/put_role_mapping/examples/request/SecurityPutRoleMappingRequestExample5.yaml @@ -0,0 +1,19 @@ +summary: Roles for multiple groups +# method_request: POST /_security/role_mapping/mapping5 +description: > + Run `POST /_security/role_mapping/mapping5` to use an array syntax for the groups field when there are multiple groups. + This pattern matches any of the groups (rather than all of the groups). +# type: request +value: |- + { + "role_templates": [ + { + "template": { "source": "{{#tojson}}groups{{/tojson}}" }, + "format" : "json" + } + ], + "rules": { + "field" : { "realm.name" : "saml1" } + }, + "enabled": true + } diff --git a/specification/security/put_role_mapping/examples/request/SecurityPutRoleMappingRequestExample6.yaml b/specification/security/put_role_mapping/examples/request/SecurityPutRoleMappingRequestExample6.yaml new file mode 100644 index 0000000000..a79d774aab --- /dev/null +++ b/specification/security/put_role_mapping/examples/request/SecurityPutRoleMappingRequestExample6.yaml @@ -0,0 +1,26 @@ +summary: Templated roles for groups +# method_request: POST /_security/role_mapping/mapping6 +description: > + Run `POST /_security/role_mapping/mapping6` for rare cases when the names of your groups may be an exact match for the names of your Elasticsearch roles. + This can be the case when your SAML Identity Provider includes its own "group mapping" feature and can be configured to release Elasticsearch role names in the user's SAML attributes. + In these cases it is possible to use a template that treats the group names as role names. + + NOTE: This should only be done if you intend to define roles for all of the provided groups. + Mapping a user to a large number of unnecessary or undefined roles is inefficient and can have a negative effect on system performance. + If you only need to map a subset of the groups, you should do it by using explicit mappings. + + The `tojson` mustache function is used to convert the list of group names into a valid JSON array. Because the template produces a JSON array, the `format` must be set to `json`. +# type: request +value: |- + { + "role_templates": [ + { + "template": { "source": "{{#tojson}}groups{{/tojson}}" }, + "format" : "json" + } + ], + "rules": { + "field" : { "realm.name" : "saml1" } + }, + "enabled": true + } diff --git a/specification/security/put_role_mapping/examples/request/SecurityPutRoleMappingRequestExample7.yaml b/specification/security/put_role_mapping/examples/request/SecurityPutRoleMappingRequestExample7.yaml new file mode 100644 index 0000000000..83f7c37d98 --- /dev/null +++ b/specification/security/put_role_mapping/examples/request/SecurityPutRoleMappingRequestExample7.yaml @@ -0,0 +1,16 @@ +summary: Users in a LDAP sub-tree and realm +# method_request: POST /_security/role_mapping/mapping7 +description: > + Run `POST /_security/role_mapping/mapping7` to match users within a particular LDAP sub-tree in a specific realm. +# type: request +value: |- + { + "roles": [ "ldap-example-user" ], + "enabled": true, + "rules": { + "all": [ + { "field" : { "dn" : "*,ou=subtree,dc=example,dc=com" } }, + { "field" : { "realm.name" : "ldap1" } } + ] + } + } diff --git a/specification/security/put_role_mapping/examples/request/SecurityPutRoleMappingRequestExample8.yaml b/specification/security/put_role_mapping/examples/request/SecurityPutRoleMappingRequestExample8.yaml new file mode 100644 index 0000000000..01c37dee78 --- /dev/null +++ b/specification/security/put_role_mapping/examples/request/SecurityPutRoleMappingRequestExample8.yaml @@ -0,0 +1,40 @@ +summary: Complex roles +# method_request: POST /_security/role_mapping/mapping8 +description: > + Run `POST /_security/role_mapping/mapping8` to assign rules that are complex and include wildcard matching. For example, this mapping matches any user where all of these conditions are met: the Distinguished Name matches the pattern `*,ou=admin,dc=example,dc=com`, or the `username` is `es-admin`, or the `username` is `es-system`; the user is in the `cn=people,dc=example,dc=com` group; the user does not have a `terminated_date`. +# type: request +value: |- + { + "roles": [ "superuser" ], + "enabled": true, + "rules": { + "all": [ + { + "any": [ + { + "field": { + "dn": "*,ou=admin,dc=example,dc=com" + } + }, + { + "field": { + "username": [ "es-admin", "es-system" ] + } + } + ] + }, + { + "field": { + "groups": "cn=people,dc=example,dc=com" + } + }, + { + "except": { + "field": { + "metadata.terminated_date": null + } + } + } + ] + } + } diff --git a/specification/security/put_role_mapping/examples/request/SecurityPutRoleMappingRequestExample9.yaml b/specification/security/put_role_mapping/examples/request/SecurityPutRoleMappingRequestExample9.yaml new file mode 100644 index 0000000000..ea0b62332b --- /dev/null +++ b/specification/security/put_role_mapping/examples/request/SecurityPutRoleMappingRequestExample9.yaml @@ -0,0 +1,16 @@ +summary: Templated roles +# method_request: POST /_security/role_mapping/mapping9 +description: > + Run `POST /_security/role_mapping/mapping9` to use templated roles to automatically map every user to their own custom role. + In this example every user who authenticates using the `cloud-saml` realm will be automatically mapped to two roles: the `saml_user` role and a role that is their username prefixed with `_user_`. + For example, the user `nwong` would be assigned the `saml_user` and `_user_nwong` roles. +# type: request +value: |- + { + "rules": { "field": { "realm.name": "cloud-saml" } }, + "role_templates": [ + { "template": { "source" : "saml_user" } }, + { "template": { "source" : "_user_{{username}}" } } + ], + "enabled": true + } diff --git a/specification/security/put_role_mapping/examples/response/SecurityPutRoleMappingResponseExample1.yaml b/specification/security/put_role_mapping/examples/response/SecurityPutRoleMappingResponseExample1.yaml new file mode 100644 index 0000000000..e46872a51a --- /dev/null +++ b/specification/security/put_role_mapping/examples/response/SecurityPutRoleMappingResponseExample1.yaml @@ -0,0 +1,10 @@ +# summary: +description: A successful response from `POST /_security/role_mapping/mapping1`. +# type: response +# response_code: +value: |- + { + "role_mapping" : { + "created" : true + } + } diff --git a/specification/security/put_user/examples/request/SecurityPutUserRequestExample1.yaml b/specification/security/put_user/examples/request/SecurityPutUserRequestExample1.yaml new file mode 100644 index 0000000000..ee76cbe16e --- /dev/null +++ b/specification/security/put_user/examples/request/SecurityPutUserRequestExample1.yaml @@ -0,0 +1,15 @@ +# summary: +# method_request: POST /_security/user/jacknich +description: > + Run `POST /_security/user/jacknich` to create a user. +# type: request +value: |- + { + "password" : "l0ng-r4nd0m-p@ssw0rd", + "roles" : [ "admin", "other_role1" ], + "full_name" : "Jack Nicholson", + "email" : "jacknich@example.com", + "metadata" : { + "intelligence" : 7 + } + } diff --git a/specification/security/put_user/examples/response/SecurityPutUserResponseExample1.yaml b/specification/security/put_user/examples/response/SecurityPutUserResponseExample1.yaml new file mode 100644 index 0000000000..6874681d7d --- /dev/null +++ b/specification/security/put_user/examples/response/SecurityPutUserResponseExample1.yaml @@ -0,0 +1,10 @@ +# summary: +description: > + A successful response from `POST /_security/user/jacknich`. + When an existing user is updated, `created` is set to `false`. +# type: response +# response_code: +value: |- + { + "created": true + } From 9c1fae6b4d0b8eabd43940d05ac943d249a071e8 Mon Sep 17 00:00:00 2001 From: lcawl Date: Fri, 10 Jan 2025 00:01:50 -0800 Subject: [PATCH 4/5] Add more examples --- .../examples/request/RequestExample1.yaml | 15 ++ .../examples/response/ResponseExample1.yaml | 25 +++ ...eateCrossClusterApiKeyRequestExample1.yaml | 30 +++ ...ateCrossClusterApiKeyResponseExample1.yaml | 13 ++ .../CreateServiceTokenRequestExample1.yaml | 10 + ...urityDeletePrivilegesResponseExample1.yaml | 13 ++ .../SecurityDeleteRoleResponseExample1.yaml | 9 + ...rityDeleteRoleMappingResponseExample1.yaml | 9 + .../DeleteServiceTokenResponseExample1.yaml | 9 + .../SecurityDeleteUserResponseExample1.yaml | 9 + .../examples/response/ResponseExample1.yaml | 12 + .../examples/response/ResponseExample1.yaml | 15 ++ .../SecurityGetApiKeyResponseExample1.yaml | 49 +++++ .../SecurityGetApiKeyResponseExample2.yaml | 58 +++++ ...yGetBuiltinPrivilegesResponseExample1.yaml | 99 +++++++++ ...SecurityGetPrivilegesResponseExample1.yaml | 22 ++ .../SecurityGetRoleResponseExample1.yaml | 30 +++ ...ecurityGetRoleMappingResponseExample1.yaml | 19 ++ .../GetServiceAccountsResponseExample1.yaml | 206 ++++++++++++++++++ ...GetServiceCredentialsResponseExample1.yaml | 27 +++ .../GetUserAccessTokenRequestExample1.yaml | 9 + .../GetUserAccessTokenRequestExample2.yaml | 12 + .../GetUserAccessTokenResponseExample1.yaml | 29 +++ .../GetUserAccessTokenResponseExample2.yaml | 29 +++ .../SecurityGetUserResponseExample1.yaml | 20 ++ ...rityGetUserPrivilegesResponseExample1.yaml | 36 +++ .../examples/response/ResponseExample1.yaml | 33 +++ .../examples/response/ResponseExample2.yaml | 36 +++ .../examples/response/ResponseExample3.yaml | 18 ++ .../SecurityGrantApiKeyRequestExample1.yaml | 43 ++++ .../SecurityGrantApiKeyRequestExample2.yaml | 17 ++ .../SecurityHasPrivilegesRequestExample1.yaml | 25 +++ ...SecurityHasPrivilegesResponseExample1.yaml | 33 +++ ...curityInvalidateApiKeyRequestExample1.yaml | 8 + ...curityInvalidateApiKeyRequestExample2.yaml | 8 + ...curityInvalidateApiKeyRequestExample3.yaml | 8 + ...curityInvalidateApiKeyRequestExample4.yaml | 8 + ...curityInvalidateApiKeyRequestExample5.yaml | 9 + ...curityInvalidateApiKeyRequestExample6.yaml | 9 + ...urityInvalidateApiKeyResponseExample1.yaml | 34 +++ ...ecurityInvalidateTokenRequestExample1.yaml | 9 + ...ecurityInvalidateTokenRequestExample2.yaml | 9 + ...ecurityInvalidateTokenRequestExample3.yaml | 8 + ...ecurityInvalidateTokenRequestExample4.yaml | 8 + ...ecurityInvalidateTokenRequestExample5.yaml | 9 + ...ecurityInvalidateTokenRequestExample6.yaml | 15 ++ ...curityInvalidateTokenResponseExample1.yaml | 30 +++ .../examples/request/RequestExample1.yaml | 13 ++ .../examples/response/ResponseExample1.yaml | 13 ++ .../examples/request/RequestExample1.yaml | 9 + .../examples/response/ResponseExample1.yaml | 8 + .../examples/request/RequestExample1.yaml | 9 + .../examples/request/RequestExample2.yaml | 11 + .../examples/request/RequestExample3.yaml | 11 + .../examples/response/ResponseExample1.yaml | 13 ++ .../SecurityPutUserRequestExample1.yaml | 14 +- .../request/QueryApiKeysRequestExample1.yaml | 14 ++ .../request/QueryApiKeysRequestExample2.yaml | 55 +++++ .../request/QueryApiKeysRequestExample3.yaml | 14 ++ .../QueryApiKeysResponseExample1.yaml | 53 +++++ .../QueryApiKeysResponseExample2.yaml | 46 ++++ .../QueryApiKeysResponseExample3.yaml | 65 ++++++ .../GetCertificatesResponseExample1.yaml | 35 +++ 63 files changed, 1565 insertions(+), 9 deletions(-) create mode 100644 specification/security/activate_user_profile/examples/request/RequestExample1.yaml create mode 100644 specification/security/activate_user_profile/examples/response/ResponseExample1.yaml create mode 100644 specification/security/create_cross_cluster_api_key/examples/request/CreateCrossClusterApiKeyRequestExample1.yaml create mode 100644 specification/security/create_cross_cluster_api_key/examples/response/CreateCrossClusterApiKeyResponseExample1.yaml create mode 100644 specification/security/create_service_token/examples/response/CreateServiceTokenRequestExample1.yaml create mode 100644 specification/security/delete_privileges/examples/response/SecurityDeletePrivilegesResponseExample1.yaml create mode 100644 specification/security/delete_role/examples/response/SecurityDeleteRoleResponseExample1.yaml create mode 100644 specification/security/delete_role_mapping/examples/response/SecurityDeleteRoleMappingResponseExample1.yaml create mode 100644 specification/security/delete_service_token/examples/response/DeleteServiceTokenResponseExample1.yaml create mode 100644 specification/security/delete_user/examples/response/SecurityDeleteUserResponseExample1.yaml create mode 100644 specification/security/enroll_kibana/examples/response/ResponseExample1.yaml create mode 100644 specification/security/enroll_node/examples/response/ResponseExample1.yaml create mode 100644 specification/security/get_api_key/examples/response/SecurityGetApiKeyResponseExample1.yaml create mode 100644 specification/security/get_api_key/examples/response/SecurityGetApiKeyResponseExample2.yaml create mode 100644 specification/security/get_builtin_privileges/examples/response/SecurityGetBuiltinPrivilegesResponseExample1.yaml create mode 100644 specification/security/get_privileges/examples/response/SecurityGetPrivilegesResponseExample1.yaml create mode 100644 specification/security/get_role/examples/response/SecurityGetRoleResponseExample1.yaml create mode 100644 specification/security/get_role_mapping/examples/response/SecurityGetRoleMappingResponseExample1.yaml create mode 100644 specification/security/get_service_accounts/examples/response/GetServiceAccountsResponseExample1.yaml create mode 100644 specification/security/get_service_credentials/examples/response/GetServiceCredentialsResponseExample1.yaml create mode 100644 specification/security/get_token/examples/request/GetUserAccessTokenRequestExample1.yaml create mode 100644 specification/security/get_token/examples/request/GetUserAccessTokenRequestExample2.yaml create mode 100644 specification/security/get_token/examples/response/GetUserAccessTokenResponseExample1.yaml create mode 100644 specification/security/get_token/examples/response/GetUserAccessTokenResponseExample2.yaml create mode 100644 specification/security/get_user/examples/response/SecurityGetUserResponseExample1.yaml create mode 100644 specification/security/get_user_privileges/examples/response/SecurityGetUserPrivilegesResponseExample1.yaml create mode 100644 specification/security/get_user_profile/examples/response/ResponseExample1.yaml create mode 100644 specification/security/get_user_profile/examples/response/ResponseExample2.yaml create mode 100644 specification/security/get_user_profile/examples/response/ResponseExample3.yaml create mode 100644 specification/security/grant_api_key/examples/request/SecurityGrantApiKeyRequestExample1.yaml create mode 100644 specification/security/grant_api_key/examples/request/SecurityGrantApiKeyRequestExample2.yaml create mode 100644 specification/security/has_privileges/examples/request/SecurityHasPrivilegesRequestExample1.yaml create mode 100644 specification/security/has_privileges/examples/response/SecurityHasPrivilegesResponseExample1.yaml create mode 100644 specification/security/invalidate_api_key/examples/request/SecurityInvalidateApiKeyRequestExample1.yaml create mode 100644 specification/security/invalidate_api_key/examples/request/SecurityInvalidateApiKeyRequestExample2.yaml create mode 100644 specification/security/invalidate_api_key/examples/request/SecurityInvalidateApiKeyRequestExample3.yaml create mode 100644 specification/security/invalidate_api_key/examples/request/SecurityInvalidateApiKeyRequestExample4.yaml create mode 100644 specification/security/invalidate_api_key/examples/request/SecurityInvalidateApiKeyRequestExample5.yaml create mode 100644 specification/security/invalidate_api_key/examples/request/SecurityInvalidateApiKeyRequestExample6.yaml create mode 100644 specification/security/invalidate_api_key/examples/response/SecurityInvalidateApiKeyResponseExample1.yaml create mode 100644 specification/security/invalidate_token/examples/request/SecurityInvalidateTokenRequestExample1.yaml create mode 100644 specification/security/invalidate_token/examples/request/SecurityInvalidateTokenRequestExample2.yaml create mode 100644 specification/security/invalidate_token/examples/request/SecurityInvalidateTokenRequestExample3.yaml create mode 100644 specification/security/invalidate_token/examples/request/SecurityInvalidateTokenRequestExample4.yaml create mode 100644 specification/security/invalidate_token/examples/request/SecurityInvalidateTokenRequestExample5.yaml create mode 100644 specification/security/invalidate_token/examples/request/SecurityInvalidateTokenRequestExample6.yaml create mode 100644 specification/security/invalidate_token/examples/response/SecurityInvalidateTokenResponseExample1.yaml create mode 100644 specification/security/oidc_authenticate/examples/request/RequestExample1.yaml create mode 100644 specification/security/oidc_authenticate/examples/response/ResponseExample1.yaml create mode 100644 specification/security/oidc_logout/examples/request/RequestExample1.yaml create mode 100644 specification/security/oidc_logout/examples/response/ResponseExample1.yaml create mode 100644 specification/security/oidc_prepare_authentication/examples/request/RequestExample1.yaml create mode 100644 specification/security/oidc_prepare_authentication/examples/request/RequestExample2.yaml create mode 100644 specification/security/oidc_prepare_authentication/examples/request/RequestExample3.yaml create mode 100644 specification/security/oidc_prepare_authentication/examples/response/ResponseExample1.yaml create mode 100644 specification/security/query_api_keys/examples/request/QueryApiKeysRequestExample1.yaml create mode 100644 specification/security/query_api_keys/examples/request/QueryApiKeysRequestExample2.yaml create mode 100644 specification/security/query_api_keys/examples/request/QueryApiKeysRequestExample3.yaml create mode 100644 specification/security/query_api_keys/examples/response/QueryApiKeysResponseExample1.yaml create mode 100644 specification/security/query_api_keys/examples/response/QueryApiKeysResponseExample2.yaml create mode 100644 specification/security/query_api_keys/examples/response/QueryApiKeysResponseExample3.yaml create mode 100644 specification/ssl/certificates/examples/response/GetCertificatesResponseExample1.yaml diff --git a/specification/security/activate_user_profile/examples/request/RequestExample1.yaml b/specification/security/activate_user_profile/examples/request/RequestExample1.yaml new file mode 100644 index 0000000000..ee76cbe16e --- /dev/null +++ b/specification/security/activate_user_profile/examples/request/RequestExample1.yaml @@ -0,0 +1,15 @@ +# summary: +# method_request: POST /_security/user/jacknich +description: > + Run `POST /_security/user/jacknich` to create a user. +# type: request +value: |- + { + "password" : "l0ng-r4nd0m-p@ssw0rd", + "roles" : [ "admin", "other_role1" ], + "full_name" : "Jack Nicholson", + "email" : "jacknich@example.com", + "metadata" : { + "intelligence" : 7 + } + } diff --git a/specification/security/activate_user_profile/examples/response/ResponseExample1.yaml b/specification/security/activate_user_profile/examples/response/ResponseExample1.yaml new file mode 100644 index 0000000000..f2d0e5b456 --- /dev/null +++ b/specification/security/activate_user_profile/examples/response/ResponseExample1.yaml @@ -0,0 +1,25 @@ +# summary: +description: A successful response from `POST /_security/profile/_activate`. +# type: response +# response_code: +value: |- + { + "uid": "u_79HkWkwmnBH5gqFKwoxggWPjEBOur1zLPXQPEl1VBW0_0", + "enabled": true, + "last_synchronized": 1642650651037, + "user": { + "username": "jacknich", + "roles": [ + "admin", "other_role1" + ], + "realm_name": "native", + "full_name": "Jack Nicholson", + "email": "jacknich@example.com" + }, + "labels": {}, + "data": {}, + "_doc": { + "_primary_term": 88, + "_seq_no": 66 + } + } diff --git a/specification/security/create_cross_cluster_api_key/examples/request/CreateCrossClusterApiKeyRequestExample1.yaml b/specification/security/create_cross_cluster_api_key/examples/request/CreateCrossClusterApiKeyRequestExample1.yaml new file mode 100644 index 0000000000..4b6332bf08 --- /dev/null +++ b/specification/security/create_cross_cluster_api_key/examples/request/CreateCrossClusterApiKeyRequestExample1.yaml @@ -0,0 +1,30 @@ +# summary: +# method_request: POST /_security/cross_cluster/api_key +description: > + Run `POST /_security/cross_cluster/api_key` to create a cross-cluster API key. +# type: request +value: |- + { + "name": "my-cross-cluster-api-key", + "expiration": "1d", + "access": { + "search": [ + { + "names": ["logs*"] + } + ], + "replication": [ + { + "names": ["archive*"] + } + ] + }, + "metadata": { + "description": "phase one", + "environment": { + "level": 1, + "trusted": true, + "tags": ["dev", "staging"] + } + } + } diff --git a/specification/security/create_cross_cluster_api_key/examples/response/CreateCrossClusterApiKeyResponseExample1.yaml b/specification/security/create_cross_cluster_api_key/examples/response/CreateCrossClusterApiKeyResponseExample1.yaml new file mode 100644 index 0000000000..63a86c2cf3 --- /dev/null +++ b/specification/security/create_cross_cluster_api_key/examples/response/CreateCrossClusterApiKeyResponseExample1.yaml @@ -0,0 +1,13 @@ +# summary: +description: > + A successful response from `POST /_security/service/elastic/fleet-server/credential/token`. +# type: response +# response_code: +value: |- + { + "created": true, + "token": { + "name": "Jk5J1HgBuyBK5TpDrdo4", + "value": "AAEAAWVsYXN0aWM...vZmxlZXQtc2VydmVyL3Rva2VuMTo3TFdaSDZ" + } + } diff --git a/specification/security/create_service_token/examples/response/CreateServiceTokenRequestExample1.yaml b/specification/security/create_service_token/examples/response/CreateServiceTokenRequestExample1.yaml new file mode 100644 index 0000000000..6874681d7d --- /dev/null +++ b/specification/security/create_service_token/examples/response/CreateServiceTokenRequestExample1.yaml @@ -0,0 +1,10 @@ +# summary: +description: > + A successful response from `POST /_security/user/jacknich`. + When an existing user is updated, `created` is set to `false`. +# type: response +# response_code: +value: |- + { + "created": true + } diff --git a/specification/security/delete_privileges/examples/response/SecurityDeletePrivilegesResponseExample1.yaml b/specification/security/delete_privileges/examples/response/SecurityDeletePrivilegesResponseExample1.yaml new file mode 100644 index 0000000000..08f616dfa3 --- /dev/null +++ b/specification/security/delete_privileges/examples/response/SecurityDeletePrivilegesResponseExample1.yaml @@ -0,0 +1,13 @@ +# summary: +description: > + A successful response from `DELETE /_security/privilege/myapp/read`. +# type: response +# response_code: +value: |- + { + "myapp": { + "read": { + "found" : true + } + } + } diff --git a/specification/security/delete_role/examples/response/SecurityDeleteRoleResponseExample1.yaml b/specification/security/delete_role/examples/response/SecurityDeleteRoleResponseExample1.yaml new file mode 100644 index 0000000000..d9a6ecdd9c --- /dev/null +++ b/specification/security/delete_role/examples/response/SecurityDeleteRoleResponseExample1.yaml @@ -0,0 +1,9 @@ +# summary: +description: > + A successful response from `DELETE /_security/role/my_admin_role`. +# type: response +# response_code: +value: |- + { + "found" : true + } diff --git a/specification/security/delete_role_mapping/examples/response/SecurityDeleteRoleMappingResponseExample1.yaml b/specification/security/delete_role_mapping/examples/response/SecurityDeleteRoleMappingResponseExample1.yaml new file mode 100644 index 0000000000..db59697bff --- /dev/null +++ b/specification/security/delete_role_mapping/examples/response/SecurityDeleteRoleMappingResponseExample1.yaml @@ -0,0 +1,9 @@ +# summary: +description: > + A successful response from `DELETE /_security/role_mapping/mapping1`. +# type: response +# response_code: +value: |- + { + "found" : true + } diff --git a/specification/security/delete_service_token/examples/response/DeleteServiceTokenResponseExample1.yaml b/specification/security/delete_service_token/examples/response/DeleteServiceTokenResponseExample1.yaml new file mode 100644 index 0000000000..29e099621f --- /dev/null +++ b/specification/security/delete_service_token/examples/response/DeleteServiceTokenResponseExample1.yaml @@ -0,0 +1,9 @@ +# summary: +description: > + A successful response from `DELETE /_security/service/elastic/fleet-server/credential/token/token42`. +# type: response +# response_code: +value: |- + { + "found" : true + } diff --git a/specification/security/delete_user/examples/response/SecurityDeleteUserResponseExample1.yaml b/specification/security/delete_user/examples/response/SecurityDeleteUserResponseExample1.yaml new file mode 100644 index 0000000000..55bf5cccb6 --- /dev/null +++ b/specification/security/delete_user/examples/response/SecurityDeleteUserResponseExample1.yaml @@ -0,0 +1,9 @@ +# summary: +description: > + A successful response from `DELETE /_security/user/jacknich`. +# type: response +# response_code: +value: |- + { + "found" : true + } diff --git a/specification/security/enroll_kibana/examples/response/ResponseExample1.yaml b/specification/security/enroll_kibana/examples/response/ResponseExample1.yaml new file mode 100644 index 0000000000..db74d609c4 --- /dev/null +++ b/specification/security/enroll_kibana/examples/response/ResponseExample1.yaml @@ -0,0 +1,12 @@ +# summary: +description: A successful response from `GET /_security/enroll/kibana`. +# type: response +# response_code: +value: |- + { + "token" : { + "name" : "enroll-process-token-1629123923000", + "value": "AAEAAWVsYXN0aWM...vZmxlZXQtc2VydmVyL3Rva2VuMTo3TFdaSDZ" + }, + "http_ca" : "MIIJlAIBAzVoGCSqGSIb3...vsDfsA3UZBAjEPfhubpQysAICAA=", + } diff --git a/specification/security/enroll_node/examples/response/ResponseExample1.yaml b/specification/security/enroll_node/examples/response/ResponseExample1.yaml new file mode 100644 index 0000000000..081db7c106 --- /dev/null +++ b/specification/security/enroll_node/examples/response/ResponseExample1.yaml @@ -0,0 +1,15 @@ +# summary: +description: A successful response from `PGET /security/enroll/node`. +# type: response +# response_code: +value: |- + { + "http_ca_key" : "MIIJlAIBAzCCCVoGCSqGSIb3DQEHAaCCCUsEgglHMIIJQzCCA98GCSqGSIb3DQ....vsDfsA3UZBAjEPfhubpQysAICCAA=", + "http_ca_cert" : "MIIJlAIBAzCCCVoGCSqGSIb3DQEHAaCCCUsEgglHMIIJQzCCA98GCSqGSIb3DQ....vsDfsA3UZBAjEPfhubpQysAICCAA=", + "transport_ca_cert" : "MIIJlAIBAzCCCVoGCSqGSIb3DQEHAaCCCUsEgglHMIIJQzCCA98GCSqG....vsDfsA3UZBAjEPfhubpQysAICCAA=", + "transport_key" : "MIIEJgIBAzCCA98GCSqGSIb3DQEHAaCCA9AEggPMMIIDyDCCA8QGCSqGSIb3....YuEiOXvqZ6jxuVSQ0CAwGGoA==", + "transport_cert" : "MIIEJgIBAzCCA98GCSqGSIb3DQEHAaCCA9AEggPMMIIDyDCCA8QGCSqGSIb3....YuEiOXvqZ6jxuVSQ0CAwGGoA==", + "nodes_addresses" : [ + "192.168.1.2:9300" + ] + } diff --git a/specification/security/get_api_key/examples/response/SecurityGetApiKeyResponseExample1.yaml b/specification/security/get_api_key/examples/response/SecurityGetApiKeyResponseExample1.yaml new file mode 100644 index 0000000000..b3a7a08630 --- /dev/null +++ b/specification/security/get_api_key/examples/response/SecurityGetApiKeyResponseExample1.yaml @@ -0,0 +1,49 @@ +summary: Get a key by ID +description: A successful response from `GET /_security/api_key?id=VuaCfGcBCdbkQm-e5aOx&with_limited_by=true`. +# type: response +# response_code: +value: |- + { + "api_keys": [ + { + "id": "VuaCfGcBCdbkQm-e5aOx", + "name": "my-api-key", + "creation": 1548550550158, + "expiration": 1548551550158, + "invalidated": false, + "username": "myuser", + "realm": "native1", + "realm_type": "native", + "metadata": { + "application": "myapp" + }, + "role_descriptors": { }, + "limited_by": [ + { + "role-power-user": { + "cluster": [ + "monitor" + ], + "indices": [ + { + "names": [ + "*" + ], + "privileges": [ + "read" + ], + "allow_restricted_indices": false + } + ], + "applications": [ ], + "run_as": [ ], + "metadata": { }, + "transient_metadata": { + "enabled": true + } + } + } + ] + } + ] + } diff --git a/specification/security/get_api_key/examples/response/SecurityGetApiKeyResponseExample2.yaml b/specification/security/get_api_key/examples/response/SecurityGetApiKeyResponseExample2.yaml new file mode 100644 index 0000000000..fd5234d570 --- /dev/null +++ b/specification/security/get_api_key/examples/response/SecurityGetApiKeyResponseExample2.yaml @@ -0,0 +1,58 @@ +summary: Get all keys for a user +description: > + A successful response from `GET /_security/api_key?username=myuser&realm_name=native1`. + The response contains all API keys for the user `myuser` in the `native1` realm. +# type: response +# response_code: +value: |- + { + "api_keys": [ + { + "id": "0GF5GXsBCXxz2eDxWwFN", + "name": "hadoop_myuser_key", + "creation": 1548550550158, + "expiration": 1548551550158, + "invalidated": false, + "username": "myuser", + "realm": "native1", + "realm_type": "native", + "metadata": { + "application": "myapp" + }, + "role_descriptors": { + "role-a": { + "cluster": [ + "monitor" + ], + "indices": [ + { + "names": [ + "index-a" + ], + "privileges": [ + "read" + ], + "allow_restricted_indices": false + } + ], + "applications": [ ], + "run_as": [ ], + "metadata": { }, + "transient_metadata": { + "enabled": true + } + } + } + }, + { + "id": "6wHJmcQpReKBa42EHV5SBw", + "name": "api-key-name-2", + "creation": 1548550550158, + "invalidated": false, + "username": "user-y", + "realm": "realm-2", + "metadata": {}, + "role_descriptors": { } + } + ] + } diff --git a/specification/security/get_builtin_privileges/examples/response/SecurityGetBuiltinPrivilegesResponseExample1.yaml b/specification/security/get_builtin_privileges/examples/response/SecurityGetBuiltinPrivilegesResponseExample1.yaml new file mode 100644 index 0000000000..90a9d86e91 --- /dev/null +++ b/specification/security/get_builtin_privileges/examples/response/SecurityGetBuiltinPrivilegesResponseExample1.yaml @@ -0,0 +1,99 @@ +# summary: +description: A successful response from `GET /_security/privilege/_builtin`. +# type: response +# response_code: +value: |- + { + "cluster" : [ + "all", + "cancel_task", + "create_snapshot", + "cross_cluster_replication", + "cross_cluster_search", + "delegate_pki", + "grant_api_key", + "manage", + "manage_api_key", + "manage_autoscaling", + "manage_behavioral_analytics", + "manage_ccr", + "manage_connector", + "manage_data_frame_transforms", + "manage_data_stream_global_retention", + "manage_enrich", + "manage_ilm", + "manage_index_templates", + "manage_inference", + "manage_ingest_pipelines", + "manage_logstash_pipelines", + "manage_ml", + "manage_oidc", + "manage_own_api_key", + "manage_pipeline", + "manage_rollup", + "manage_saml", + "manage_search_application", + "manage_search_query_rules", + "manage_search_synonyms", + "manage_security", + "manage_service_account", + "manage_slm", + "manage_token", + "manage_transform", + "manage_user_profile", + "manage_watcher", + "monitor", + "monitor_connector", + "monitor_data_frame_transforms", + "monitor_data_stream_global_retention", + "monitor_enrich", + "monitor_inference", + "monitor_ml", + "monitor_rollup", + "monitor_snapshot", + "monitor_stats", + "monitor_text_structure", + "monitor_transform", + "monitor_watcher", + "none", + "post_behavioral_analytics_event", + "read_ccr", + "read_connector_secrets", + "read_fleet_secrets", + "read_ilm", + "read_pipeline", + "read_security", + "read_slm", + "transport_client", + "write_connector_secrets", + "write_fleet_secrets" + ], + "index" : [ + "all", + "auto_configure", + "create", + "create_doc", + "create_index", + "cross_cluster_replication", + "cross_cluster_replication_internal", + "delete", + "delete_index", + "index", + "maintenance", + "manage", + "manage_data_stream_lifecycle", + "manage_follow_index", + "manage_ilm", + "manage_leader_index", + "monitor", + "none", + "read", + "read_cross_cluster", + "view_index_metadata", + "write" + ], + "remote_cluster" : [ + "monitor_enrich", + "monitor_stats" + ] + } diff --git a/specification/security/get_privileges/examples/response/SecurityGetPrivilegesResponseExample1.yaml b/specification/security/get_privileges/examples/response/SecurityGetPrivilegesResponseExample1.yaml new file mode 100644 index 0000000000..f7decac520 --- /dev/null +++ b/specification/security/get_privileges/examples/response/SecurityGetPrivilegesResponseExample1.yaml @@ -0,0 +1,22 @@ +# summary: +description: > + A successful response from `GET /_security/privilege/myapp/read`. + The response contains information about the `read` privilege for the `app01` application. +# type: response +# response_code: +value: |- + { + "myapp": { + "read": { + "application": "myapp", + "name": "read", + "actions": [ + "data:read/*", + "action:login" + ], + "metadata": { + "description": "Read access to myapp" + } + } + } + } diff --git a/specification/security/get_role/examples/response/SecurityGetRoleResponseExample1.yaml b/specification/security/get_role/examples/response/SecurityGetRoleResponseExample1.yaml new file mode 100644 index 0000000000..ee4a9165f4 --- /dev/null +++ b/specification/security/get_role/examples/response/SecurityGetRoleResponseExample1.yaml @@ -0,0 +1,30 @@ +# summary: +description: > + A successful response from `GET /_security/role/my_admin_role`. + The response contains information about the `my_admin_role` role in the native realm. +# type: response +# response_code: +value: |- + { + "my_admin_role": { + "description": "Grants full access to all management features within the cluster.", + "cluster" : [ "all" ], + "indices" : [ + { + "names" : [ "index1", "index2" ], + "privileges" : [ "all" ], + "allow_restricted_indices" : false, + "field_security" : { + "grant" : [ "title", "body" ]} + } + ], + "applications" : [ ], + "run_as" : [ "other_user" ], + "metadata" : { + "version" : 1 + }, + "transient_metadata": { + "enabled": true + } + } + } diff --git a/specification/security/get_role_mapping/examples/response/SecurityGetRoleMappingResponseExample1.yaml b/specification/security/get_role_mapping/examples/response/SecurityGetRoleMappingResponseExample1.yaml new file mode 100644 index 0000000000..30af7af5d2 --- /dev/null +++ b/specification/security/get_role_mapping/examples/response/SecurityGetRoleMappingResponseExample1.yaml @@ -0,0 +1,19 @@ +# summary: +description: A successful response from `GET /_security/role_mapping/mapping1`. +# type: response +# response_code: +value: |- + { + "mapping1": { + "enabled": true, + "roles": [ + "user" + ], + "rules": { + "field": { + "username": "*" + } + }, + "metadata": {} + } + } diff --git a/specification/security/get_service_accounts/examples/response/GetServiceAccountsResponseExample1.yaml b/specification/security/get_service_accounts/examples/response/GetServiceAccountsResponseExample1.yaml new file mode 100644 index 0000000000..4ada7e2d8f --- /dev/null +++ b/specification/security/get_service_accounts/examples/response/GetServiceAccountsResponseExample1.yaml @@ -0,0 +1,206 @@ +# summary: +description: > + A successful response from `GET /_security/service/elastic/fleet-server`. + The response contains information about the `elastic/fleet-server` service account. +# type: response +# response_code: +value: |- + { + "elastic/fleet-server": { + "role_descriptor": { + "cluster": [ + "monitor", + "manage_own_api_key", + "read_fleet_secrets" + ], + "indices": [ + { + "names": [ + "logs-*", + "metrics-*", + "traces-*", + ".logs-endpoint.diagnostic.collection-*", + ".logs-endpoint.action.responses-*", + ".logs-endpoint.heartbeat-*" + ], + "privileges": [ + "write", + "create_index", + "auto_configure" + ], + "allow_restricted_indices": false + }, + { + "names": [ + "profiling-*" + ], + "privileges": [ + "read", + "write" + ], + "allow_restricted_indices": false + }, + { + "names": [ + "traces-apm.sampled-*" + ], + "privileges": [ + "read", + "monitor", + "maintenance" + ], + "allow_restricted_indices": false + }, + { + "names": [ + ".fleet-secrets*" + ], + "privileges": [ + "read" + ], + "allow_restricted_indices": true + }, + { + "names": [ + ".fleet-actions*" + ], + "privileges": [ + "read", + "write", + "monitor", + "create_index", + "auto_configure", + "maintenance" + ], + "allow_restricted_indices": true + }, + { + "names": [ + ".fleet-agents*" + ], + "privileges": [ + "read", + "write", + "monitor", + "create_index", + "auto_configure", + "maintenance" + ], + "allow_restricted_indices": true + }, + { + "names": [ + ".fleet-artifacts*" + ], + "privileges": [ + "read", + "write", + "monitor", + "create_index", + "auto_configure", + "maintenance" + ], + "allow_restricted_indices": true + }, + { + "names": [ + ".fleet-enrollment-api-keys*" + ], + "privileges": [ + "read", + "write", + "monitor", + "create_index", + "auto_configure", + "maintenance" + ], + "allow_restricted_indices": true + }, + { + "names": [ + ".fleet-policies*" + ], + "privileges": [ + "read", + "write", + "monitor", + "create_index", + "auto_configure", + "maintenance" + ], + "allow_restricted_indices": true + }, + { + "names": [ + ".fleet-policies-leader*" + ], + "privileges": [ + "read", + "write", + "monitor", + "create_index", + "auto_configure", + "maintenance" + ], + "allow_restricted_indices": true + }, + { + "names": [ + ".fleet-servers*" + ], + "privileges": [ + "read", + "write", + "monitor", + "create_index", + "auto_configure", + "maintenance" + ], + "allow_restricted_indices": true + }, + { + "names": [ + ".fleet-fileds*" + ], + "privileges": [ + "read", + "write", + "monitor", + "create_index", + "auto_configure", + "maintenance" + ], + "allow_restricted_indices": true + }, + { + "names": [ + "synthetics-*" + ], + "privileges": [ + "read", + "write", + "create_index", + "auto_configure" + ], + "allow_restricted_indices": false + } + ], + "applications": [ + { + "application": "kibana-*", + "privileges": [ + "reserved_fleet-setup" + ], + "resources": [ + "*" + ] + } + ], + "run_as": [], + "metadata": {}, + "transient_metadata": { + "enabled": true + } + } + } + } diff --git a/specification/security/get_service_credentials/examples/response/GetServiceCredentialsResponseExample1.yaml b/specification/security/get_service_credentials/examples/response/GetServiceCredentialsResponseExample1.yaml new file mode 100644 index 0000000000..c975605583 --- /dev/null +++ b/specification/security/get_service_credentials/examples/response/GetServiceCredentialsResponseExample1.yaml @@ -0,0 +1,27 @@ +# summary: +description: > + A successful response from `GET /_security/service/elastic/fleet-server/credential`. + The response contains all credentials for the `elastic/fleet-server` service account. +# type: response +# response_code: +value: |- + { + "service_account": "elastic/fleet-server", + "count": 3, + "tokens": { + "token1": {}, + "token42": {} + }, + "nodes_credentials": { + "_nodes": { + "total": 3, + "successful": 3, + "failed": 0 + }, + "file_tokens": { + "my-token": { + "nodes": [ "node0", "node1" ] + } + } + } + } diff --git a/specification/security/get_token/examples/request/GetUserAccessTokenRequestExample1.yaml b/specification/security/get_token/examples/request/GetUserAccessTokenRequestExample1.yaml new file mode 100644 index 0000000000..2a384dc3aa --- /dev/null +++ b/specification/security/get_token/examples/request/GetUserAccessTokenRequestExample1.yaml @@ -0,0 +1,9 @@ +summary: A client_credentials grant type example +# method_request: POST /_security/oauth2/token +description: > + Run `POST /_security/oauth2/token` to obtain a token using the `client_credentials` grant type, which simply creates a token as the authenticated user. +# type: request +value: |- + { + "grant_type" : "client_credentials" + } diff --git a/specification/security/get_token/examples/request/GetUserAccessTokenRequestExample2.yaml b/specification/security/get_token/examples/request/GetUserAccessTokenRequestExample2.yaml new file mode 100644 index 0000000000..1ae7dcda75 --- /dev/null +++ b/specification/security/get_token/examples/request/GetUserAccessTokenRequestExample2.yaml @@ -0,0 +1,12 @@ +summary: A password grant type example +# method_request: POST /_security/oauth2/token +description: > + Run `POST /_security/oauth2/token` to obtain a token for the `test_admin` user using the password grant type. + This request needs to be made by an authenticated user with sufficient privileges that may or may not be the same as the one whose username is passed in the `username` parameter. +# type: request +value: |- + { + "grant_type" : "password", + "username" : "test_admin", + "password" : "x-pack-test-password" + } diff --git a/specification/security/get_token/examples/response/GetUserAccessTokenResponseExample1.yaml b/specification/security/get_token/examples/response/GetUserAccessTokenResponseExample1.yaml new file mode 100644 index 0000000000..aeee326642 --- /dev/null +++ b/specification/security/get_token/examples/response/GetUserAccessTokenResponseExample1.yaml @@ -0,0 +1,29 @@ +summary: A client_credentials grant type example +description: A successful response from `POST /_security/oauth2/token`. +# type: response +# response_code: +value: |- + { + "access_token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==", + "type" : "Bearer", + "expires_in" : 1200, + "authentication" : { + "username" : "test_admin", + "roles" : [ + "superuser" + ], + "full_name" : null, + "email" : null, + "metadata" : { }, + "enabled" : true, + "authentication_realm" : { + "name" : "file", + "type" : "file" + }, + "lookup_realm" : { + "name" : "file", + "type" : "file" + }, + "authentication_type" : "realm" + } + } diff --git a/specification/security/get_token/examples/response/GetUserAccessTokenResponseExample2.yaml b/specification/security/get_token/examples/response/GetUserAccessTokenResponseExample2.yaml new file mode 100644 index 0000000000..fca5a225cb --- /dev/null +++ b/specification/security/get_token/examples/response/GetUserAccessTokenResponseExample2.yaml @@ -0,0 +1,29 @@ +summary: A password grant type example +description: A successful response from `POST /_security/oauth2/token`. +# type: response +# response_code: +value: |- + { + "access_token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==", + "type" : "Bearer", + "expires_in" : 1200, + "authentication" : { + "username" : "test_admin", + "roles" : [ + "superuser" + ], + "full_name" : null, + "email" : null, + "metadata" : { }, + "enabled" : true, + "authentication_realm" : { + "name" : "file", + "type" : "file" + }, + "lookup_realm" : { + "name" : "file", + "type" : "file" + }, + "authentication_type" : "realm" + } + } diff --git a/specification/security/get_user/examples/response/SecurityGetUserResponseExample1.yaml b/specification/security/get_user/examples/response/SecurityGetUserResponseExample1.yaml new file mode 100644 index 0000000000..41a782b13b --- /dev/null +++ b/specification/security/get_user/examples/response/SecurityGetUserResponseExample1.yaml @@ -0,0 +1,20 @@ +# summary: +description: > + A successful response from `GET /_security/user/jacknich?with_profile_uid=true`. + It includes the user `profile_uid` as part of the response. +# type: response +# response_code: +value: |- + { + "jacknich": { + "username": "jacknich", + "roles": [ + "admin", "other_role1" + ], + "full_name": "Jack Nicholson", + "email": "jacknich@example.com", + "metadata": { "intelligence" : 7 }, + "enabled": true, + "profile_uid": "u_79HkWkwmnBH5gqFKwoxggWPjEBOur1zLPXQPEl1VBW0_0" + } + } diff --git a/specification/security/get_user_privileges/examples/response/SecurityGetUserPrivilegesResponseExample1.yaml b/specification/security/get_user_privileges/examples/response/SecurityGetUserPrivilegesResponseExample1.yaml new file mode 100644 index 0000000000..ea92a83dde --- /dev/null +++ b/specification/security/get_user_privileges/examples/response/SecurityGetUserPrivilegesResponseExample1.yaml @@ -0,0 +1,36 @@ +# summary: +description: A successful response from `GET /_security/user/_privileges`. +# type: response +# response_code: +value: |- + { + "cluster" : [ + "all" + ], + "global" : [ ], + "indices" : [ + { + "names" : [ + "*" + ], + "privileges" : [ + "all" + ], + "allow_restricted_indices" : true + } + ], + "applications" : [ + { + "application" : "*", + "privileges" : [ + "*" + ], + "resources" : [ + "*" + ] + } + ], + "run_as" : [ + "*" + ] + } diff --git a/specification/security/get_user_profile/examples/response/ResponseExample1.yaml b/specification/security/get_user_profile/examples/response/ResponseExample1.yaml new file mode 100644 index 0000000000..842575afb4 --- /dev/null +++ b/specification/security/get_user_profile/examples/response/ResponseExample1.yaml @@ -0,0 +1,33 @@ +summary: Profile details for a UUID +description: > + A successful response from `GET /_security/profile/u_79HkWkwmnBH5gqFKwoxggWPjEBOur1zLPXQPEl1VBW0_0`. + By default, no content is returned in the `data` field. +# type: response +# response_code: +value: |- + { + "profiles": [ + { + "uid": "u_79HkWkwmnBH5gqFKwoxggWPjEBOur1zLPXQPEl1VBW0_0", + "enabled": true, + "last_synchronized": 1642650651037, + "user": { + "username": "jacknich", + "roles": [ + "admin", "other_role1" + ], + "realm_name": "native", + "full_name": "Jack Nicholson", + "email": "jacknich@example.com" + }, + "labels": { + "direction": "north" + }, + "data": {}, + "_doc": { + "_primary_term": 88, + "_seq_no": 66 + } + } + ] + } diff --git a/specification/security/get_user_profile/examples/response/ResponseExample2.yaml b/specification/security/get_user_profile/examples/response/ResponseExample2.yaml new file mode 100644 index 0000000000..55c31797c4 --- /dev/null +++ b/specification/security/get_user_profile/examples/response/ResponseExample2.yaml @@ -0,0 +1,36 @@ +summary: Profile details for a UUID and data key +description: > + A successful response from `GET /_security/profile/u_79HkWkwmnBH5gqFKwoxggWPjEBOur1zLPXQPEl1VBW0_0?data=app1.key1`. +# type: response +# response_code: +value: |- + { + "profiles": [ + { + "uid": "u_79HkWkwmnBH5gqFKwoxggWPjEBOur1zLPXQPEl1VBW0_0", + "enabled": true, + "last_synchronized": 1642650651037, + "user": { + "username": "jacknich", + "roles": [ + "admin", "other_role1" + ], + "realm_name": "native", + "full_name": "Jack Nicholson", + "email": "jacknich@example.com" + }, + "labels": { + "direction": "north" + }, + "data": { + "app1": { + "key1": "value1" + } + }, + "_doc": { + "_primary_term": 88, + "_seq_no": 66 + } + } + ] + } diff --git a/specification/security/get_user_profile/examples/response/ResponseExample3.yaml b/specification/security/get_user_profile/examples/response/ResponseExample3.yaml new file mode 100644 index 0000000000..e263a8476c --- /dev/null +++ b/specification/security/get_user_profile/examples/response/ResponseExample3.yaml @@ -0,0 +1,18 @@ +summary: Profile details with errors +description: > + A response that contains errors that occurred while retrieving user profiles. +# type: response +# response_code: +value: |- + { + "profiles": [], + "errors": { + "count": 1, + "details": { + "u_FmxQt3gr1BBH5wpnz9HkouPj3Q710XkOgg1PWkwLPBW_5": { + "type": "resource_not_found_exception", + "reason": "profile document not found" + } + } + } + } diff --git a/specification/security/grant_api_key/examples/request/SecurityGrantApiKeyRequestExample1.yaml b/specification/security/grant_api_key/examples/request/SecurityGrantApiKeyRequestExample1.yaml new file mode 100644 index 0000000000..aae6977da8 --- /dev/null +++ b/specification/security/grant_api_key/examples/request/SecurityGrantApiKeyRequestExample1.yaml @@ -0,0 +1,43 @@ +summary: Grant an API key +# method_request: POST /_security/api_key/grant +description: > + Run `POST /_security/api_key/grant` to create an API key on behalf of the `test_admin` user. +# type: request +value: |- + { + "grant_type": "password", + "username" : "test_admin", + "password" : "x-pack-test-password", + "api_key" : { + "name": "my-api-key", + "expiration": "1d", + "role_descriptors": { + "role-a": { + "cluster": ["all"], + "indices": [ + { + "names": ["index-a*"], + "privileges": ["read"] + } + ] + }, + "role-b": { + "cluster": ["all"], + "indices": [ + { + "names": ["index-b*"], + "privileges": ["all"] + } + ] + } + }, + "metadata": { + "application": "my-application", + "environment": { + "level": 1, + "trusted": true, + "tags": ["dev", "staging"] + } + } + } + } diff --git a/specification/security/grant_api_key/examples/request/SecurityGrantApiKeyRequestExample2.yaml b/specification/security/grant_api_key/examples/request/SecurityGrantApiKeyRequestExample2.yaml new file mode 100644 index 0000000000..4ebfe94ec3 --- /dev/null +++ b/specification/security/grant_api_key/examples/request/SecurityGrantApiKeyRequestExample2.yaml @@ -0,0 +1,17 @@ +summary: Grant an API key with run_as +# method_request: POST /_security/api_key/grant +description: > + Run `POST /_security/api_key/grant`. + The user (`test_admin`) whose credentials are provided can "run as" another user (`test_user`). + The API key will be granted to the impersonated user (`test_user`). +# type: request +value: |- + { + "grant_type": "password", + "username" : "test_admin", + "password" : "x-pack-test-password", + "run_as": "test_user", + "api_key" : { + "name": "another-api-key" + } + } diff --git a/specification/security/has_privileges/examples/request/SecurityHasPrivilegesRequestExample1.yaml b/specification/security/has_privileges/examples/request/SecurityHasPrivilegesRequestExample1.yaml new file mode 100644 index 0000000000..fb89ddd5f7 --- /dev/null +++ b/specification/security/has_privileges/examples/request/SecurityHasPrivilegesRequestExample1.yaml @@ -0,0 +1,25 @@ +# summary: +# method_request: GET /_security/user/_has_privileges +description: Run `GET /_security/user/_has_privileges` to check whether the current user has a specific set of cluster, index, and application privileges. +# type: request +value: |- + { + "cluster": [ "monitor", "manage" ], + "index" : [ + { + "names": [ "suppliers", "products" ], + "privileges": [ "read" ] + }, + { + "names": [ "inventory" ], + "privileges" : [ "read", "write" ] + } + ], + "application": [ + { + "application": "inventory_manager", + "privileges" : [ "read", "data:write/inventory" ], + "resources" : [ "product/1852563" ] + } + ] + } diff --git a/specification/security/has_privileges/examples/response/SecurityHasPrivilegesResponseExample1.yaml b/specification/security/has_privileges/examples/response/SecurityHasPrivilegesResponseExample1.yaml new file mode 100644 index 0000000000..d107488f85 --- /dev/null +++ b/specification/security/has_privileges/examples/response/SecurityHasPrivilegesResponseExample1.yaml @@ -0,0 +1,33 @@ +# summary: +description: A successful response from `GET /_security/user/_has_privileges`, which lists the privileges for the `rdeniro` user. +# type: response +# response_code: +value: |- + { + "username": "rdeniro", + "has_all_requested" : false, + "cluster" : { + "monitor" : true, + "manage" : false + }, + "index" : { + "suppliers" : { + "read" : true + }, + "products" : { + "read" : true + }, + "inventory" : { + "read" : true, + "write" : false + } + }, + "application" : { + "inventory_manager" : { + "product/1852563" : { + "read": false, + "data:write/inventory": false + } + } + } + } diff --git a/specification/security/invalidate_api_key/examples/request/SecurityInvalidateApiKeyRequestExample1.yaml b/specification/security/invalidate_api_key/examples/request/SecurityInvalidateApiKeyRequestExample1.yaml new file mode 100644 index 0000000000..737d78aad1 --- /dev/null +++ b/specification/security/invalidate_api_key/examples/request/SecurityInvalidateApiKeyRequestExample1.yaml @@ -0,0 +1,8 @@ +summary: API keys by ID +# method_request: DELETE /_security/api_key +description: Run `DELETE /_security/api_key` to invalidate the API keys identified by ID. +# type: request +value: |- + { + "ids" : [ "VuaCfGcBCdbkQm-e5aOx" ] + } diff --git a/specification/security/invalidate_api_key/examples/request/SecurityInvalidateApiKeyRequestExample2.yaml b/specification/security/invalidate_api_key/examples/request/SecurityInvalidateApiKeyRequestExample2.yaml new file mode 100644 index 0000000000..7dc81724d4 --- /dev/null +++ b/specification/security/invalidate_api_key/examples/request/SecurityInvalidateApiKeyRequestExample2.yaml @@ -0,0 +1,8 @@ +summary: API keys by name +# method_request: DELETE /_security/api_key +description: Run `DELETE /_security/api_key` to invalidate the API keys identified by name. +# type: request +value: |- + { + "name" : "my-api-key" + } diff --git a/specification/security/invalidate_api_key/examples/request/SecurityInvalidateApiKeyRequestExample3.yaml b/specification/security/invalidate_api_key/examples/request/SecurityInvalidateApiKeyRequestExample3.yaml new file mode 100644 index 0000000000..2fa91b91a9 --- /dev/null +++ b/specification/security/invalidate_api_key/examples/request/SecurityInvalidateApiKeyRequestExample3.yaml @@ -0,0 +1,8 @@ +summary: API keys by realm +# method_request: DELETE /_security/api_key +description: Run `DELETE /_security/api_key` to invalidate all API keys for the `native1` realm. +# type: request +value: |- + { + "realm_name" : "native1" + } diff --git a/specification/security/invalidate_api_key/examples/request/SecurityInvalidateApiKeyRequestExample4.yaml b/specification/security/invalidate_api_key/examples/request/SecurityInvalidateApiKeyRequestExample4.yaml new file mode 100644 index 0000000000..892a8c3b2e --- /dev/null +++ b/specification/security/invalidate_api_key/examples/request/SecurityInvalidateApiKeyRequestExample4.yaml @@ -0,0 +1,8 @@ +summary: API keys by user +# method_request: DELETE /_security/api_key +description: Run `DELETE /_security/api_key` to invalidate all API keys for the user `myuser` in all realms. +# type: request +value: |- + { + "username" : "myuser" + } diff --git a/specification/security/invalidate_api_key/examples/request/SecurityInvalidateApiKeyRequestExample5.yaml b/specification/security/invalidate_api_key/examples/request/SecurityInvalidateApiKeyRequestExample5.yaml new file mode 100644 index 0000000000..78e79e7551 --- /dev/null +++ b/specification/security/invalidate_api_key/examples/request/SecurityInvalidateApiKeyRequestExample5.yaml @@ -0,0 +1,9 @@ +summary: API keys by ID and owner +# method_request: DELETE /_security/api_key +description: Run `DELETE /_security/api_key` to invalidate the API keys identified by ID if they are owned by the currently authenticated user. +# type: request +value: |- + { + "ids" : ["VuaCfGcBCdbkQm-e5aOx"], + "owner" : "true" + } diff --git a/specification/security/invalidate_api_key/examples/request/SecurityInvalidateApiKeyRequestExample6.yaml b/specification/security/invalidate_api_key/examples/request/SecurityInvalidateApiKeyRequestExample6.yaml new file mode 100644 index 0000000000..7be02653d9 --- /dev/null +++ b/specification/security/invalidate_api_key/examples/request/SecurityInvalidateApiKeyRequestExample6.yaml @@ -0,0 +1,9 @@ +summary: API keys by user and realm +# method_request: DELETE /_security/api_key +description: Run `DELETE /_security/api_key` to invalidate all API keys for the user `myuser` in the `native1` realm . +# type: request +value: |- + { + "username" : "myuser", + "realm_name" : "native1" + } diff --git a/specification/security/invalidate_api_key/examples/response/SecurityInvalidateApiKeyResponseExample1.yaml b/specification/security/invalidate_api_key/examples/response/SecurityInvalidateApiKeyResponseExample1.yaml new file mode 100644 index 0000000000..963258e965 --- /dev/null +++ b/specification/security/invalidate_api_key/examples/response/SecurityInvalidateApiKeyResponseExample1.yaml @@ -0,0 +1,34 @@ +# summary: +description: > + A successful response from `DELETE /_security/api_key`. +# type: response +# response_code: +value: |- + { + "invalidated_api_keys": [ + "api-key-id-1" + ], + "previously_invalidated_api_keys": [ + "api-key-id-2", + "api-key-id-3" + ], + "error_count": 2, + "error_details": [ + { + "type": "exception", + "reason": "error occurred while invalidating api keys", + "caused_by": { + "type": "illegal_argument_exception", + "reason": "invalid api key id" + } + }, + { + "type": "exception", + "reason": "error occurred while invalidating api keys", + "caused_by": { + "type": "illegal_argument_exception", + "reason": "invalid api key id" + } + } + ] + } diff --git a/specification/security/invalidate_token/examples/request/SecurityInvalidateTokenRequestExample1.yaml b/specification/security/invalidate_token/examples/request/SecurityInvalidateTokenRequestExample1.yaml new file mode 100644 index 0000000000..e9d7a9d80d --- /dev/null +++ b/specification/security/invalidate_token/examples/request/SecurityInvalidateTokenRequestExample1.yaml @@ -0,0 +1,9 @@ +summary: Invalidate an access token +# method_request: DELETE /_security/oauth2/token +description: > + Run `DELETE /_security/oauth2/token` to invalidate an access token. +# type: request +value: |- + { + "token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==" + } diff --git a/specification/security/invalidate_token/examples/request/SecurityInvalidateTokenRequestExample2.yaml b/specification/security/invalidate_token/examples/request/SecurityInvalidateTokenRequestExample2.yaml new file mode 100644 index 0000000000..1285b6ec8a --- /dev/null +++ b/specification/security/invalidate_token/examples/request/SecurityInvalidateTokenRequestExample2.yaml @@ -0,0 +1,9 @@ +summary: Invalidate a refresh token +# method_request: DELETE /_security/oauth2/token +description: > + Run `DELETE /_security/oauth2/token` to invalidate a refresh token. +# type: request +value: |- + { + "refresh_token" : "vLBPvmAB6KvwvJZr27cS" + } diff --git a/specification/security/invalidate_token/examples/request/SecurityInvalidateTokenRequestExample3.yaml b/specification/security/invalidate_token/examples/request/SecurityInvalidateTokenRequestExample3.yaml new file mode 100644 index 0000000000..b8cdd3c7bc --- /dev/null +++ b/specification/security/invalidate_token/examples/request/SecurityInvalidateTokenRequestExample3.yaml @@ -0,0 +1,8 @@ +summary: Invalidate tokens by realm +# method_request: DELETE /_security/oauth2/token +description: Run `DELETE /_security/oauth2/token` to invalidate all access tokens and refresh tokens for the `saml1` realm. +# type: request +value: |- + { + "realm_name" : "saml1" + } diff --git a/specification/security/invalidate_token/examples/request/SecurityInvalidateTokenRequestExample4.yaml b/specification/security/invalidate_token/examples/request/SecurityInvalidateTokenRequestExample4.yaml new file mode 100644 index 0000000000..35640e0264 --- /dev/null +++ b/specification/security/invalidate_token/examples/request/SecurityInvalidateTokenRequestExample4.yaml @@ -0,0 +1,8 @@ +summary: Invalidate tokens by user +# method_request: DELETE /_security/oauth2/token +description: Run `DELETE /_security/oauth2/token` to invalidate all access tokens and refresh tokens for the user `myuser` in all realms. +# type: request +value: |- + { + "username" : "myuser" + } diff --git a/specification/security/invalidate_token/examples/request/SecurityInvalidateTokenRequestExample5.yaml b/specification/security/invalidate_token/examples/request/SecurityInvalidateTokenRequestExample5.yaml new file mode 100644 index 0000000000..7c310c5f4d --- /dev/null +++ b/specification/security/invalidate_token/examples/request/SecurityInvalidateTokenRequestExample5.yaml @@ -0,0 +1,9 @@ +summary: Invalidate tokens by user and realm +# method_request: DELETE /_security/oauth2/token +description: Run `DELETE /_security/oauth2/token` to invalidate all access tokens and refresh tokens for the user `myuser` in the `saml1` realm. +# type: request +value: |- + { + "username" : "myuser", + "realm_name" : "saml1" + } diff --git a/specification/security/invalidate_token/examples/request/SecurityInvalidateTokenRequestExample6.yaml b/specification/security/invalidate_token/examples/request/SecurityInvalidateTokenRequestExample6.yaml new file mode 100644 index 0000000000..ee76cbe16e --- /dev/null +++ b/specification/security/invalidate_token/examples/request/SecurityInvalidateTokenRequestExample6.yaml @@ -0,0 +1,15 @@ +# summary: +# method_request: POST /_security/user/jacknich +description: > + Run `POST /_security/user/jacknich` to create a user. +# type: request +value: |- + { + "password" : "l0ng-r4nd0m-p@ssw0rd", + "roles" : [ "admin", "other_role1" ], + "full_name" : "Jack Nicholson", + "email" : "jacknich@example.com", + "metadata" : { + "intelligence" : 7 + } + } diff --git a/specification/security/invalidate_token/examples/response/SecurityInvalidateTokenResponseExample1.yaml b/specification/security/invalidate_token/examples/response/SecurityInvalidateTokenResponseExample1.yaml new file mode 100644 index 0000000000..d368a0ced9 --- /dev/null +++ b/specification/security/invalidate_token/examples/response/SecurityInvalidateTokenResponseExample1.yaml @@ -0,0 +1,30 @@ +# summary: +description: > + A partially successful response from `DELETE /_security/oauth2/token`. + The response includes the number of the tokens that were invalidated, the number of errors that were encountered when invalidating the tokens, and details about these errors. +# type: response +# response_code: +value: |- + { + "invalidated_tokens":9, + "previously_invalidated_tokens":15, + "error_count":2, + "error_details":[ + { + "type":"exception", + "reason":"Elasticsearch exception [type=exception, reason=foo]", + "caused_by":{ + "type":"exception", + "reason":"Elasticsearch exception [type=illegal_argument_exception, reason=bar]" + } + }, + { + "type":"exception", + "reason":"Elasticsearch exception [type=exception, reason=boo]", + "caused_by":{ + "type":"exception", + "reason":"Elasticsearch exception [type=illegal_argument_exception, reason=far]" + } + } + ] + } diff --git a/specification/security/oidc_authenticate/examples/request/RequestExample1.yaml b/specification/security/oidc_authenticate/examples/request/RequestExample1.yaml new file mode 100644 index 0000000000..a7c3169c96 --- /dev/null +++ b/specification/security/oidc_authenticate/examples/request/RequestExample1.yaml @@ -0,0 +1,13 @@ +# summary: +# method_request: POST /_security/oidc/authenticate +description: > + Run `POST /_security/oidc/authenticate` to exchange the response that was returned from the OpenID Connect Provider after a successful authentication for an Elasticsearch access token and refresh token. + This example is from an authentication that uses the authorization code grant flow. +# type: request +value: |- + { + "redirect_uri" : "https://oidc-kibana.elastic.co:5603/api/security/oidc/callback?code=jtI3Ntt8v3_XvcLzCFGq&state=4dbrihtIAt3wBTwo6DxK-vdk-sSyDBV8Yf0AjdkdT5I", + "state" : "4dbrihtIAt3wBTwo6DxK-vdk-sSyDBV8Yf0AjdkdT5I", + "nonce" : "WaBPH0KqPVdG5HHdSxPRjfoZbXMCicm5v1OiAj0DUFM", + "realm" : "oidc1" + } diff --git a/specification/security/oidc_authenticate/examples/response/ResponseExample1.yaml b/specification/security/oidc_authenticate/examples/response/ResponseExample1.yaml new file mode 100644 index 0000000000..03f05a48e6 --- /dev/null +++ b/specification/security/oidc_authenticate/examples/response/ResponseExample1.yaml @@ -0,0 +1,13 @@ +# summary: +description: > + A successful response from `POST /_security/oidc/authenticate`. + It contains the access and refresh tokens that were generated, the token duration (in seconds), and the type. +# type: response +# response_code: +value: |- + { + "access_token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==", + "type" : "Bearer", + "expires_in" : 1200, + "refresh_token": "vLBPvmAB6KvwvJZr27cS" + } diff --git a/specification/security/oidc_logout/examples/request/RequestExample1.yaml b/specification/security/oidc_logout/examples/request/RequestExample1.yaml new file mode 100644 index 0000000000..1e6dcd7a27 --- /dev/null +++ b/specification/security/oidc_logout/examples/request/RequestExample1.yaml @@ -0,0 +1,9 @@ +# summary: +# method_request: POST /_security/oidc/logout +description: Run `POST /_security/oidc/logout` to perform the logout. +# type: request +value: |- + { + "token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==", + "refresh_token": "vLBPvmAB6KvwvJZr27cS" + } diff --git a/specification/security/oidc_logout/examples/response/ResponseExample1.yaml b/specification/security/oidc_logout/examples/response/ResponseExample1.yaml new file mode 100644 index 0000000000..763a5d32b0 --- /dev/null +++ b/specification/security/oidc_logout/examples/response/ResponseExample1.yaml @@ -0,0 +1,8 @@ +# summary: +description: A successful response from `POST /_security/oidc/logout`, which contains the URI pointing to the End Session Endpoint of the OpenID Connect Provider with all the parameters of the Logout Request as HTTP GET parameters. +# type: response +# response_code: +value: |- + { + "redirect" : "https://op-provider.org/logout?id_token_hint=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c&post_logout_redirect_uri=http%3A%2F%2Foidc-kibana.elastic.co%2Floggedout&state=lGYK0EcSLjqH6pkT5EVZjC6eIW5YCGgywj2sxROO" + } diff --git a/specification/security/oidc_prepare_authentication/examples/request/RequestExample1.yaml b/specification/security/oidc_prepare_authentication/examples/request/RequestExample1.yaml new file mode 100644 index 0000000000..d3e5f77a2e --- /dev/null +++ b/specification/security/oidc_prepare_authentication/examples/request/RequestExample1.yaml @@ -0,0 +1,9 @@ +summary: Prepare with realm +# method_request: POST /_security/oidc/prepare +description: > + Run `POST /_security/oidc/prepare` to generate an authentication request for the OpenID Connect Realm `oidc1`. +# type: request +value: |- + { + "realm" : "oidc1" + } diff --git a/specification/security/oidc_prepare_authentication/examples/request/RequestExample2.yaml b/specification/security/oidc_prepare_authentication/examples/request/RequestExample2.yaml new file mode 100644 index 0000000000..864c364f12 --- /dev/null +++ b/specification/security/oidc_prepare_authentication/examples/request/RequestExample2.yaml @@ -0,0 +1,11 @@ +summary: Prepare with realm, state, and nonce +# method_request: POST /_security/oidc/prepare +description: > + Run `POST /_security/oidc/prepare` to generate an authentication request for the OpenID Connect Realm `oidc1`, where the values for the `state` and the `nonce` have been generated by the client. +# type: request +value: |- + { + "realm" : "oidc1", + "state" : "lGYK0EcSLjqH6pkT5EVZjC6eIW5YCGgywj2sxROO", + "nonce" : "zOBXLJGUooRrbLbQk5YCcyC8AXw3iloynvluYhZ5" + } diff --git a/specification/security/oidc_prepare_authentication/examples/request/RequestExample3.yaml b/specification/security/oidc_prepare_authentication/examples/request/RequestExample3.yaml new file mode 100644 index 0000000000..e035d15357 --- /dev/null +++ b/specification/security/oidc_prepare_authentication/examples/request/RequestExample3.yaml @@ -0,0 +1,11 @@ +summary: Prepare by realm +# method_request: POST /_security/oidc/prepare +description: > + Run `POST /_security/oidc/prepare` to generate an authentication request for a third party initiated single sign on. + Specify the issuer that should be used for matching the appropriate OpenID Connect Authentication realm. +# type: request +value: |- + { + "iss" : "http://127.0.0.1:8080", + "login_hint": "this_is_an_opaque_string" + } diff --git a/specification/security/oidc_prepare_authentication/examples/response/ResponseExample1.yaml b/specification/security/oidc_prepare_authentication/examples/response/ResponseExample1.yaml new file mode 100644 index 0000000000..d45d2faba5 --- /dev/null +++ b/specification/security/oidc_prepare_authentication/examples/response/ResponseExample1.yaml @@ -0,0 +1,13 @@ +# summary: +description: > + A successful response from `POST /_security/oidc/prepare`. + It contains the URI pointing to the Authorization Endpoint of the OpenID Connect Provider with all the parameters of the Authentication Request as HTTP GET parameters. +# type: response +# response_code: +value: |- + { + "redirect" : "http://127.0.0.1:8080/c2id-login?scope=openid&response_type=id_token&redirect_uri=https%3A%2F%2Fmy.fantastic.rp%2Fcb&state=4dbrihtIAt3wBTwo6DxK-vdk-sSyDBV8Yf0AjdkdT5I&nonce=WaBPH0KqPVdG5HHdSxPRjfoZbXMCicm5v1OiAj0DUFM&client_id=elasticsearch-rp", + "state" : "4dbrihtIAt3wBTwo6DxK-vdk-sSyDBV8Yf0AjdkdT5I", + "nonce" : "WaBPH0KqPVdG5HHdSxPRjfoZbXMCicm5v1OiAj0DUFM", + "realm" : "oidc1" + } diff --git a/specification/security/put_user/examples/request/SecurityPutUserRequestExample1.yaml b/specification/security/put_user/examples/request/SecurityPutUserRequestExample1.yaml index ee76cbe16e..c7a0baf0af 100644 --- a/specification/security/put_user/examples/request/SecurityPutUserRequestExample1.yaml +++ b/specification/security/put_user/examples/request/SecurityPutUserRequestExample1.yaml @@ -1,15 +1,11 @@ # summary: -# method_request: POST /_security/user/jacknich +# method_request: POST /_security/profile/_activate description: > - Run `POST /_security/user/jacknich` to create a user. + Run `POST /_security/profile/_activate` to activate a user profile. # type: request value: |- { - "password" : "l0ng-r4nd0m-p@ssw0rd", - "roles" : [ "admin", "other_role1" ], - "full_name" : "Jack Nicholson", - "email" : "jacknich@example.com", - "metadata" : { - "intelligence" : 7 - } + "grant_type": "password", + "username" : "jacknich", + "password" : "l0ng-r4nd0m-p@ssw0rd" } diff --git a/specification/security/query_api_keys/examples/request/QueryApiKeysRequestExample1.yaml b/specification/security/query_api_keys/examples/request/QueryApiKeysRequestExample1.yaml new file mode 100644 index 0000000000..84df5a9a83 --- /dev/null +++ b/specification/security/query_api_keys/examples/request/QueryApiKeysRequestExample1.yaml @@ -0,0 +1,14 @@ +summary: Query API keys by ID +# method_request: GET /_security/_query/api_key?with_limited_by=true +description: Run `GET /_security/_query/api_key?with_limited_by=true` to retrieve an API key by ID. +# type: request +value: |- + { + "query": { + "ids": { + "values": [ + "VuaCfGcBCdbkQm-e5aOx" + ] + } + } + } diff --git a/specification/security/query_api_keys/examples/request/QueryApiKeysRequestExample2.yaml b/specification/security/query_api_keys/examples/request/QueryApiKeysRequestExample2.yaml new file mode 100644 index 0000000000..da8e9ead7d --- /dev/null +++ b/specification/security/query_api_keys/examples/request/QueryApiKeysRequestExample2.yaml @@ -0,0 +1,55 @@ +summary: Query API keys with pagination +# method_request: GET /_security/_query/api_key +description: > + Run `GET /_security/_query/api_key`. + Use a `bool` query to issue complex logical conditions and use `from`, `size`, and `sort` to help paginate the result. + For example, the API key name must begin with `app1-key-` and must not be `app1-key-01`. + It must be owned by a username with the wildcard pattern `org-*-user` and the `environment` metadata field must have a `production` value. + The offset to begin the search result is the twentieth (zero-based index) API key. + The page size of the response is 10 API keys. + The result is first sorted by creation date in descending order, then by name in ascending order. +# type: request +value: |- + { + "query": { + "bool": { + "must": [ + { + "prefix": { + "name": "app1-key-" + } + }, + { + "term": { + "invalidated": "false" + } + } + ], + "must_not": [ + { + "term": { + "name": "app1-key-01" + } + } + ], + "filter": [ + { + "wildcard": { + "username": "org-*-user" + } + }, + { + "term": { + "metadata.environment": "production" + } + } + ] + } + }, + "from": 20, + "size": 10, + "sort": [ + { "creation": { "order": "desc", "format": "date_time" } }, + "name" + ] + } diff --git a/specification/security/query_api_keys/examples/request/QueryApiKeysRequestExample3.yaml b/specification/security/query_api_keys/examples/request/QueryApiKeysRequestExample3.yaml new file mode 100644 index 0000000000..7f1eeb211b --- /dev/null +++ b/specification/security/query_api_keys/examples/request/QueryApiKeysRequestExample3.yaml @@ -0,0 +1,14 @@ +summary: Query API keys by name +# method_request: GET /_security/_query/api_key +description: Run `GET /_security/_query/api_key` to retrieve the API key by name. +# type: request +value: |- + { + "query": { + "term": { + "name": { + "value": "application-key-1" + } + } + } + } diff --git a/specification/security/query_api_keys/examples/response/QueryApiKeysResponseExample1.yaml b/specification/security/query_api_keys/examples/response/QueryApiKeysResponseExample1.yaml new file mode 100644 index 0000000000..8bc50ab61c --- /dev/null +++ b/specification/security/query_api_keys/examples/response/QueryApiKeysResponseExample1.yaml @@ -0,0 +1,53 @@ +summary: Query API keys by ID +description: > + A successful response from `GET /_security/_query/api_key?with_limited_by=true`. + The `limited_by` details are the owner user's permissions associated with the API key. + It is a point-in-time snapshot captured at creation and subsequent updates. + An API key's effective permissions are an intersection of its assigned privileges and the owner user's permissions. +# type: response +# response_code: +value: |- + { + "api_keys": [ + { + "id": "VuaCfGcBCdbkQm-e5aOx", + "name": "application-key-1", + "creation": 1548550550158, + "expiration": 1548551550158, + "invalidated": false, + "username": "myuser", + "realm": "native1", + "realm_type": "native", + "metadata": { + "application": "my-application" + }, + "role_descriptors": { }, + "limited_by": [ + { + "role-power-user": { + "cluster": [ + "monitor" + ], + "indices": [ + { + "names": [ + "*" + ], + "privileges": [ + "read" + ], + "allow_restricted_indices": false + } + ], + "applications": [ ], + "run_as": [ ], + "metadata": { }, + "transient_metadata": { + "enabled": true + } + } + } + ] + } + ] + } diff --git a/specification/security/query_api_keys/examples/response/QueryApiKeysResponseExample2.yaml b/specification/security/query_api_keys/examples/response/QueryApiKeysResponseExample2.yaml new file mode 100644 index 0000000000..c932dd950f --- /dev/null +++ b/specification/security/query_api_keys/examples/response/QueryApiKeysResponseExample2.yaml @@ -0,0 +1,46 @@ +summary: Query API keys with pagination +description: > + An abbreviated response from `GET /_security/_query/api_key` that contains a list of matched API keys along with their sort values. + The first sort value is creation time, which is displayed in `date_time` format. + The second sort value is the API key name. +# type: response +# response_code: +value: |- + { + "total": 100, + "count": 10, + "api_keys": [ + { + "id": "CLXgVnsBOGkf8IyjcXU7", + "name": "app1-key-79", + "creation": 1629250154811, + "invalidated": false, + "username": "org-admin-user", + "realm": "native1", + "metadata": { + "environment": "production" + }, + "role_descriptors": { }, + "_sort": [ + "2021-08-18T01:29:14.811Z", + "app1-key-79" + ] + }, + { + "id": "BrXgVnsBOGkf8IyjbXVB", + "name": "app1-key-78", + "creation": 1629250153794, + "invalidated": false, + "username": "org-admin-user", + "realm": "native1", + "metadata": { + "environment": "production" + }, + "role_descriptors": { }, + "_sort": [ + "2021-08-18T01:29:13.794Z", + "app1-key-78" + ] + } + ] + } diff --git a/specification/security/query_api_keys/examples/response/QueryApiKeysResponseExample3.yaml b/specification/security/query_api_keys/examples/response/QueryApiKeysResponseExample3.yaml new file mode 100644 index 0000000000..5108837276 --- /dev/null +++ b/specification/security/query_api_keys/examples/response/QueryApiKeysResponseExample3.yaml @@ -0,0 +1,65 @@ +summary: Query all API keys +description: > + A successful response from `GET /_security/_query/api_key`. + It includes the role descriptors that are assigned to each API key when it was created or last updated. + Note that an API key's effective permissions are an intersection of its assigned privileges and the point-in-time snapshot of the owner user's permissions. + An empty role descriptors object means the API key inherits the owner user's permissions. +# type: response +# response_code: +value: |- + { + "total": 3, + "count": 3, + "api_keys": [ + { + "id": "nkvrGXsB8w290t56q3Rg", + "name": "my-api-key-1", + "creation": 1628227480421, + "expiration": 1629091480421, + "invalidated": false, + "username": "elastic", + "realm": "reserved", + "realm_type": "reserved", + "metadata": { + "letter": "a" + }, + "role_descriptors": { + "role-a": { + "cluster": [ + "monitor" + ], + "indices": [ + { + "names": [ + "index-a" + ], + "privileges": [ + "read" + ], + "allow_restricted_indices": false + } + ], + "applications": [ ], + "run_as": [ ], + "metadata": { }, + "transient_metadata": { + "enabled": true + } + } + } + }, + { + "id": "oEvrGXsB8w290t5683TI", + "name": "my-api-key-2", + "creation": 1628227498953, + "expiration": 1628313898953, + "invalidated": false, + "username": "elastic", + "realm": "reserved", + "metadata": { + "letter": "b" + }, + "role_descriptors": { } + } + ] + } diff --git a/specification/ssl/certificates/examples/response/GetCertificatesResponseExample1.yaml b/specification/ssl/certificates/examples/response/GetCertificatesResponseExample1.yaml new file mode 100644 index 0000000000..fd0c220f53 --- /dev/null +++ b/specification/ssl/certificates/examples/response/GetCertificatesResponseExample1.yaml @@ -0,0 +1,35 @@ +# summary: +description: > + A successful response from `GET /_ssl/certificates`, which provides information about the certificates on a single node of Elasticsearch. +# type: response +# response_code: +value: |- + [ + { + "path": "certs/elastic-certificates.p12", + "format": "PKCS12", + "alias": "instance", + "subject_dn": "CN=Elastic Certificate Tool Autogenerated CA", + "serial_number": "a20f0ee901e8f69dc633ff633e5cd5437cdb4137", + "has_private_key": false, + "expiry": "2021-01-15T20:42:49.000Z" + }, + { + "path": "certs/elastic-certificates.p12", + "format": "PKCS12", + "alias": "ca", + "subject_dn": "CN=Elastic Certificate Tool Autogenerated CA", + "serial_number": "a20f0ee901e8f69dc633ff633e5cd5437cdb4137", + "has_private_key": false, + "expiry": "2021-01-15T20:42:49.000Z" + }, + { + "path": "certs/elastic-certificates.p12", + "format": "PKCS12", + "alias": "instance", + "subject_dn": "CN=instance", + "serial_number": "fc1905e1494dc5230218d079c47a617088f84ce0", + "has_private_key": true, + "expiry": "2021-01-15T20:44:32.000Z" + } + ] From ef607717e282801ca80d6762955c38c1f76836c7 Mon Sep 17 00:00:00 2001 From: lcawl Date: Mon, 13 Jan 2025 22:05:51 -0800 Subject: [PATCH 5/5] Add more descriptions to SSL certificate API --- output/openapi/elasticsearch-openapi.json | 10 +++++++ output/schema/schema.json | 19 ++++++++++++-- specification/_doc_ids/table.csv | 1 + .../certificates/GetCertificatesRequest.ts | 2 ++ specification/ssl/certificates/types.ts | 26 +++++++++++++++++++ 5 files changed, 56 insertions(+), 2 deletions(-) diff --git a/output/openapi/elasticsearch-openapi.json b/output/openapi/elasticsearch-openapi.json index 619db3f0ee..de81fa624f 100644 --- a/output/openapi/elasticsearch-openapi.json +++ b/output/openapi/elasticsearch-openapi.json @@ -34887,6 +34887,9 @@ ], "summary": "Get SSL certificates", "description": "Get information about the X.509 certificates that are used to encrypt communications in the cluster.\nThe API returns a list that includes certificates from all TLS contexts including:\n\n- Settings for transport and HTTP interfaces\n- TLS settings that are used within authentication realms\n- TLS settings for remote monitoring exporters\n\nThe list includes certificates that are used for configuring trust, such as those configured in the `xpack.security.transport.ssl.truststore` and `xpack.security.transport.ssl.certificate_authorities` settings.\nIt also includes certificates that are used for configuring server identity, such as `xpack.security.http.ssl.keystore` and `xpack.security.http.ssl.certificate settings`.\n\nThe list does not include certificates that are sourced from the default SSL context of the Java Runtime Environment (JRE), even if those certificates are in use within Elasticsearch.\n\nNOTE: When a PKCS#11 token is configured as the truststore of the JRE, the API returns all the certificates that are included in the PKCS#11 token irrespective of whether these are used in the Elasticsearch TLS configuration.\n\nIf Elasticsearch is configured to use a keystore or truststore, the API output includes all certificates in that store, even though some of the certificates might not be in active use within the cluster.", + "externalDocs": { + "url": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-basic-setup.html#encrypt-internode-communication" + }, "operationId": "ssl-certificates", "responses": { "200": { @@ -88568,6 +88571,7 @@ "type": "object", "properties": { "alias": { + "description": "If the path refers to a container file (a jks keystore, or a PKCS#12 file), it is the alias of the certificate.\nOtherwise, it is null.", "oneOf": [ { "type": "string" @@ -88582,21 +88586,27 @@ "$ref": "#/components/schemas/_types:DateTime" }, "format": { + "description": "The format of the file.\nValid values include `jks`, `PKCS12`, and `PEM`.", "type": "string" }, "has_private_key": { + "description": "Indicates whether Elasticsearch has access to the private key for this certificate.", "type": "boolean" }, "issuer": { + "description": "The Distinguished Name of the certificate's issuer.", "type": "string" }, "path": { + "description": "The path to the certificate, as configured in the `elasticsearch.yml` file.", "type": "string" }, "serial_number": { + "description": "The hexadecimal representation of the certificate's serial number.", "type": "string" }, "subject_dn": { + "description": "The Distinguished Name of the certificate's subject.", "type": "string" } }, diff --git a/output/schema/schema.json b/output/schema/schema.json index b0565e74e5..0b92284599 100644 --- a/output/schema/schema.json +++ b/output/schema/schema.json @@ -19858,7 +19858,14 @@ "docId": "security-api-ssl", "docTag": "security", "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-ssl.html", + "extDocId": "security-encrypt-internode", + "extDocUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-basic-setup.html#encrypt-internode-communication", "name": "ssl.certificates", + "privileges": { + "cluster": [ + "monitor" + ] + }, "request": { "name": "Request", "namespace": "ssl.certificates" @@ -211891,6 +211898,7 @@ }, "properties": [ { + "description": "If the path refers to a container file (a jks keystore, or a PKCS#12 file), it is the alias of the certificate.\nOtherwise, it is null.", "name": "alias", "required": true, "type": { @@ -211914,6 +211922,7 @@ } }, { + "description": "The ISO formatted date of the certificate's expiry (not-after) date.", "name": "expiry", "required": true, "type": { @@ -211925,6 +211934,7 @@ } }, { + "description": "The format of the file.\nValid values include `jks`, `PKCS12`, and `PEM`.", "name": "format", "required": true, "type": { @@ -211936,6 +211946,7 @@ } }, { + "description": "Indicates whether Elasticsearch has access to the private key for this certificate.", "name": "has_private_key", "required": true, "type": { @@ -211947,6 +211958,7 @@ } }, { + "description": "The Distinguished Name of the certificate's issuer.", "name": "issuer", "required": false, "type": { @@ -211958,6 +211970,7 @@ } }, { + "description": "The path to the certificate, as configured in the `elasticsearch.yml` file.", "name": "path", "required": true, "type": { @@ -211969,6 +211982,7 @@ } }, { + "description": "The hexadecimal representation of the certificate's serial number.", "name": "serial_number", "required": true, "type": { @@ -211980,6 +211994,7 @@ } }, { + "description": "The Distinguished Name of the certificate's subject.", "name": "subject_dn", "required": true, "type": { @@ -211991,7 +212006,7 @@ } } ], - "specLocation": "ssl/certificates/types.ts#L22-L31" + "specLocation": "ssl/certificates/types.ts#L22-L57" }, { "kind": "request", @@ -212014,7 +212029,7 @@ }, "path": [], "query": [], - "specLocation": "ssl/certificates/GetCertificatesRequest.ts#L22-L46" + "specLocation": "ssl/certificates/GetCertificatesRequest.ts#L22-L48" }, { "kind": "response", diff --git a/specification/_doc_ids/table.csv b/specification/_doc_ids/table.csv index 041e28026e..1f4cbf1282 100644 --- a/specification/_doc_ids/table.csv +++ b/specification/_doc_ids/table.csv @@ -672,6 +672,7 @@ security-api-update-key,https://www.elastic.co/guide/en/elasticsearch/reference/ security-api-update-user-data,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-update-user-profile-data.html security-privileges,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-privileges.html security-api-update-settings,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-api-update-settings.html +security-encrypt-internode,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/security-basic-setup.html#encrypt-internode-communication service-accounts,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/service-accounts.html set-processor,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/set-processor.html shape,https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/shape.html diff --git a/specification/ssl/certificates/GetCertificatesRequest.ts b/specification/ssl/certificates/GetCertificatesRequest.ts index 8bcabad6c8..f3c48c8709 100644 --- a/specification/ssl/certificates/GetCertificatesRequest.ts +++ b/specification/ssl/certificates/GetCertificatesRequest.ts @@ -40,7 +40,9 @@ import { RequestBase } from '@_types/Base' * @rest_spec_name ssl.certificates * @availability stack since=6.2.0 stability=stable * @availability serverless stability=stable visibility=private + * @cluster_privileges monitor * @doc_tag security * @doc_id security-api-ssl + * @ext_doc_id security-encrypt-internode */ export interface Request extends RequestBase {} diff --git a/specification/ssl/certificates/types.ts b/specification/ssl/certificates/types.ts index bcbf78e525..b9be79bf93 100644 --- a/specification/ssl/certificates/types.ts +++ b/specification/ssl/certificates/types.ts @@ -20,12 +20,38 @@ import { DateTime } from '@_types/Time' export class CertificateInformation { + /** + * If the path refers to a container file (a jks keystore, or a PKCS#12 file), it is the alias of the certificate. + * Otherwise, it is null. + */ alias: string | null + /** + * The ISO formatted date of the certificate's expiry (not-after) date. + */ expiry: DateTime + /** + * The format of the file. + * Valid values include `jks`, `PKCS12`, and `PEM`. + */ format: string + /** + * Indicates whether Elasticsearch has access to the private key for this certificate. + */ has_private_key: boolean + /** + * The Distinguished Name of the certificate's issuer. + */ issuer?: string + /** + * The path to the certificate, as configured in the `elasticsearch.yml` file. + */ path: string + /** + * The hexadecimal representation of the certificate's serial number. + */ serial_number: string + /** + * The Distinguished Name of the certificate's subject. + */ subject_dn: string }