diff --git a/spec/_superseded_operations.yaml b/spec/_superseded_operations.yaml index c5180f076..70f9e2bf8 100644 --- a/spec/_superseded_operations.yaml +++ b/spec/_superseded_operations.yaml @@ -368,6 +368,14 @@ $schema: ../json_schemas/_superseded_operations.schema.yaml superseded_by: /_plugins/_rollup/jobs/{rollupID}/_stop operations: - POST +/_opendistro/_security/api/_upgrade_check/: + superseded_by: /_plugins/_security/api/_upgrade_check/ + operations: + - GET +/_opendistro/_security/api/_upgrade_perform/: + superseded_by: /_plugins/_security/api/_upgrade_perform/ + operations: + - POST /_opendistro/_security/api/account: superseded_by: /_plugins/_security/api/account operations: @@ -393,8 +401,8 @@ $schema: ../json_schemas/_superseded_operations.schema.yaml operations: - GET - PUT - - DELETE - PATCH + - DELETE /_opendistro/_security/api/audit/: superseded_by: /_plugins/_security/api/audit/ operations: @@ -476,17 +484,33 @@ $schema: ../json_schemas/_superseded_operations.schema.yaml superseded_by: /_plugins/_security/api/ssl/certs operations: - GET -/_opendistro/_security/api/ssl/{certType}/reloadcerts/: - superseded_by: /_plugins/_security/api/ssl/{certType}/reloadcerts/ +/_opendistro/_security/api/ssl/transport/reloadcerts: + superseded_by: /_plugins/_security/api/ssl/transport/reloadcerts + operations: + - PUT +/_opendistro/_security/api/ssl/http/reloadcerts: + superseded_by: /_plugins/_security/api/ssl/http/reloadcerts + operations: + - PUT +/_opendistro/_security/api/nodesdn: + superseded_by: /_plugins/_security/api/nodesdn/ + operations: + - GET + - PATCH +/_opendistro/_security/api/nodesdn/{cluster_name}: + superseded_by: /_plugins/_security/api/nodesdn/{cluster_name} operations: + - GET - PUT + - PATCH + - DELETE /_opendistro/_security/api/tenancy/config: superseded_by: /_plugins/_security/api/tenancy/config operations: - GET - PUT -/_opendistro/_security/api/tenants/: - superseded_by: /_plugins/_security/api/tenants/ +/_opendistro/_security/api/tenants: + superseded_by: /_plugins/_security/api/tenants operations: - GET - PATCH @@ -497,8 +521,8 @@ $schema: ../json_schemas/_superseded_operations.schema.yaml - PUT - DELETE - PATCH -/_opendistro/_security/api/user/: - superseded_by: /_plugins/_security/api/user/ +/_opendistro/_security/api/user: + superseded_by: /_plugins/_security/api/user operations: - GET /_opendistro/_security/api/user/{name}: @@ -521,6 +545,12 @@ $schema: ../json_schemas/_superseded_operations.schema.yaml - GET - PUT - PATCH +/_opendistro/_security/api/allowlist: + superseded_by: /_plugins/_security/api/allowlist + operations: + - GET + - PUT + - PATCH /_opendistro/_security/authinfo: superseded_by: /_plugins/_security/authinfo operations: @@ -532,14 +562,10 @@ $schema: ../json_schemas/_superseded_operations.schema.yaml - GET - POST /_opendistro/_security/kibanainfo: - superseded_by: /_plugins/_security/kibanainfo + superseded_by: /_plugins/_security/dashboardsinfo operations: - GET - POST -/_opendistro/_security/sslinfo: - superseded_by: /_plugins/_security/sslinfo - operations: - - GET /_opendistro/_security/tenantinfo: superseded_by: /_plugins/_security/tenantinfo operations: diff --git a/spec/namespaces/security.yaml b/spec/namespaces/security.yaml index 48b48993f..97be69ec5 100644 --- a/spec/namespaces/security.yaml +++ b/spec/namespaces/security.yaml @@ -4,6 +4,171 @@ info: description: OpenSearch Security API version: 1.0.0 paths: + /_opendistro/_security/sslinfo: + get: + operationId: security.get_sslinfo.0 + x-operation-group: security.get_sslinfo + x-version-added: '1.0' + description: Retrieves the SSL configuration information. + parameters: + - $ref: '#/components/parameters/security.get_sslinfo::query.show_dn' + responses: + '200': + $ref: '#/components/responses/security.get_sslinfo@200' + '500': + $ref: '#/components/responses/security.get_sslinfo@500' + /_plugins/_security/authinfo: + get: + operationId: security.authinfo.0 + x-operation-group: security.authinfo + x-version-added: '1.0' + description: Returns the authentication information. + parameters: + - $ref: '#/components/parameters/security.authinfo::query.verbose' + - $ref: '#/components/parameters/security.authinfo::query.auth_type' + responses: + '200': + $ref: '#/components/responses/security.authinfo@200' + '500': + $ref: '#/components/responses/security.authinfo@500' + post: + operationId: security.authinfo.1 + x-operation-group: security.authinfo + x-version-added: '1.0' + description: Returns the authentication information. + parameters: + - $ref: '#/components/parameters/security.authinfo::query.verbose' + - $ref: '#/components/parameters/security.authinfo::query.auth_type' + responses: + '200': + $ref: '#/components/responses/security.authinfo@200' + '500': + $ref: '#/components/responses/security.authinfo@500' + /_plugins/_security/dashboardsinfo: + get: + operationId: security.get_dashboards_info.0 + x-operation-group: security.get_dashboards_info + x-version-added: '1.0' + description: Retrieves the current security-dashboards plugin configuration. + responses: + '200': + $ref: '#/components/responses/security.get_dashboards_info@200' + '500': + $ref: '#/components/responses/security.get_dashboards_info@500' + post: + operationId: security.post_dashboards_info.1 + x-operation-group: security.post_dashboards_info + x-version-added: '1.0' + description: Updates the current security-dashboards plugin configuration. + requestBody: + $ref: '#/components/requestBodies/security.post_dashboards_info' + responses: + '200': + $ref: '#/components/responses/security.post_dashboards_info@200' + '500': + $ref: '#/components/responses/security.post_dashboards_info@500' + /_plugins/_security/health: + get: + operationId: security.health.0 + x-operation-group: security.health + x-version-added: '1.0' + description: Checks to see if the Security plugin is up and running. + parameters: + - $ref: '#/components/parameters/security.health::query.mode' + externalDocs: + url: https://opensearch.org/docs/latest/security/access-control/api/#health-check + responses: + '200': + $ref: '#/components/responses/security.health@200' + post: + operationId: security.health.1 + x-operation-group: security.health + x-version-added: '1.0' + description: Checks to see if the Security plugin is up and running. + parameters: + - $ref: '#/components/parameters/security.health::query.mode' + externalDocs: + url: https://opensearch.org/docs/latest/security/access-control/api/#health-check + responses: + '200': + $ref: '#/components/responses/security.health@200' + /_plugins/_security/tenantinfo: + get: + operationId: security.tenant_info.0 + x-operation-group: security.tenant_info + x-version-added: '1.0' + description: Retrieves the tenant names if any exist. Only accesible to super admins or kibanaserver user. + responses: + '200': + $ref: '#/components/responses/security.tenant_info@200' + '500': + $ref: '#/components/responses/security.tenant_info@500' + post: + operationId: security.tenant_info.1 + x-operation-group: security.tenant_info + x-version-added: '1.0' + description: Retrieves the tenant names if any exist. Only accesible to super admins or kibanaserver user. + responses: + '200': + $ref: '#/components/responses/security.tenant_info@200' + '500': + $ref: '#/components/responses/security.tenant_info@500' + /_plugins/_security/whoami: + get: + operationId: security.who_am_i.0 + x-operation-group: security.who_am_i + x-version-added: '1.0' + description: Gets the user identity related information for currently logged in user. + responses: + '200': + $ref: '#/components/responses/security.who_am_i@200' + '500': + $ref: '#/components/responses/security.who_am_i@500' + post: + operationId: security.who_am_i.1 + x-operation-group: security.who_am_i + x-version-added: '1.0' + description: Gets the user identity related information for currently logged in user. + responses: + '200': + $ref: '#/components/responses/security.who_am_i@200' + '500': + $ref: '#/components/responses/security.who_am_i@500' + /_plugins/_security/whoamiprotected: + get: + operationId: security.who_am_i_protected.0 + x-operation-group: security.who_am_i_protected + x-version-added: '2.11' + description: Gets the user identity related information for currently logged in user. User needs to have access to this endpoint when authorization at REST layer is enabled. + responses: + '200': + $ref: '#/components/responses/security.who_am_i_protected@200' + '500': + $ref: '#/components/responses/security.who_am_i_protected@500' + /_plugins/_security/_upgrade_check: + get: + operationId: security.config_upgrade_check.0 + x-operation-group: security.config_upgrade_check + x-version-added: '2.14' + description: Check whether or not an upgrade can be performed and what resources can be updated. + externalDocs: + url: https://opensearch.org/docs/latest/security/access-control/api/#configuration-upgrade-check + responses: + '200': + $ref: '#/components/responses/security.config_upgrade_check@200' + /_plugins/_security/_upgrade_perform: + post: + operationId: security.config_upgrade_perform.0 + x-operation-group: security.config_upgrade_perform + x-version-added: '2.14' + description: Helps cluster operator upgrade missing defaults and stale default definitions. + externalDocs: + url: https://opensearch.org/docs/latest/security/access-control/api/#configuration-upgrade + requestBody: + $ref: '#/components/requestBodies/security.config_upgrade_perform' + responses: + '200': + $ref: '#/components/responses/security.config_upgrade_perform@200' /_plugins/_security/api/account: get: operationId: security.get_account_details.0 @@ -39,7 +204,7 @@ paths: '200': $ref: '#/components/responses/security.get_action_groups@200' patch: - operationId: security.patch_action_groups.0 + operationId: security.patch_action_groups.1 x-operation-group: security.patch_action_groups x-version-added: '1.0' description: Creates, updates, or deletes multiple action groups in a single call. @@ -51,18 +216,6 @@ paths: '200': $ref: '#/components/responses/security.patch_action_groups@200' /_plugins/_security/api/actiongroups/{action_group}: - delete: - operationId: security.delete_action_group.0 - x-operation-group: security.delete_action_group - x-version-added: '1.0' - description: Delete a specified action group. - externalDocs: - url: https://opensearch.org/docs/latest/security/access-control/api/#delete-action-group - parameters: - - $ref: '#/components/parameters/security.delete_action_group::path.action_group' - responses: - '200': - $ref: '#/components/responses/security.delete_action_group@200' get: operationId: security.get_action_group.0 x-operation-group: security.get_action_group @@ -75,6 +228,20 @@ paths: responses: '200': $ref: '#/components/responses/security.get_action_group@200' + put: + operationId: security.create_action_group.0 + x-operation-group: security.create_action_group + x-version-added: '1.0' + description: Creates or replaces the specified action group. + externalDocs: + url: https://opensearch.org/docs/latest/security/access-control/api/#create-action-group + parameters: + - $ref: '#/components/parameters/security.create_action_group::path.action_group' + requestBody: + $ref: '#/components/requestBodies/security.create_action_group' + responses: + '200': + $ref: '#/components/responses/security.create_action_group@200' patch: operationId: security.patch_action_group.0 x-operation-group: security.patch_action_group @@ -89,20 +256,53 @@ paths: responses: '200': $ref: '#/components/responses/security.patch_action_group@200' - put: - operationId: security.create_action_group.0 - x-operation-group: security.create_action_group + delete: + operationId: security.delete_action_group.0 + x-operation-group: security.delete_action_group x-version-added: '1.0' - description: Creates or replaces the specified action group. + description: Delete a specified action group. externalDocs: - url: https://opensearch.org/docs/latest/security/access-control/api/#create-action-group + url: https://opensearch.org/docs/latest/security/access-control/api/#delete-action-group parameters: - - $ref: '#/components/parameters/security.create_action_group::path.action_group' + - $ref: '#/components/parameters/security.delete_action_group::path.action_group' + responses: + '200': + $ref: '#/components/responses/security.delete_action_group@200' + /_plugins/_security/api/allowlist: + get: + operationId: security.get_allowlist.0 + x-operation-group: security.get_allowlist + x-version-added: '1.0' + description: Retrieves the current list of allowed API accessible to normal user. + externalDocs: + url: https://opensearch.org/docs/latest/security/access-control/api/#access-control-for-the-api + responses: + '200': + $ref: '#/components/responses/security.get_allowlist@200' + put: + operationId: security.create_allowlist.0 + x-operation-group: security.create_allowlist + x-version-added: '1.0' + description: Creates or replaces the allowlisted APIs. Accessible via Super Admin certificate or REST API permission. + externalDocs: + url: https://opensearch.org/docs/latest/security/access-control/api/#access-control-for-the-api requestBody: - $ref: '#/components/requestBodies/security.create_action_group' + $ref: '#/components/requestBodies/security.create_allowlist' responses: '200': - $ref: '#/components/responses/security.create_action_group@200' + $ref: '#/components/responses/security.create_allowlist@200' + patch: + operationId: security.patch_allowlist.0 + x-operation-group: security.patch_allowlist + x-version-added: '1.0' + description: Updates the current list of allowed API accessible to normal user. + externalDocs: + url: https://opensearch.org/docs/latest/security/access-control/api/#access-control-for-the-api + requestBody: + $ref: '#/components/requestBodies/security.patch_allowlist' + responses: + '200': + $ref: '#/components/responses/security.patch_allowlist@200' /_plugins/_security/api/audit: get: operationId: security.get_audit_configuration.0 @@ -139,17 +339,68 @@ paths: responses: '200': $ref: '#/components/responses/security.update_audit_configuration@200' + /_plugins/_security/api/authtoken: + post: + operationId: security.authtoken.0 + x-operation-group: security.authtoken + x-version-added: '1.0' + description: Returns the authorization token. + responses: + '200': + $ref: '#/components/responses/security.authtoken@200' /_plugins/_security/api/cache: + get: + operationId: security.cache.1 + x-operation-group: security.cache + x-ignorable: true + x-version-added: '1.0' + description: Not supported for cache API. + responses: + '501': + $ref: '#/components/responses/security.cache@501' + post: + operationId: security.cache.2 + x-operation-group: security.cache + x-version-added: '1.0' + x-ignorable: true + description: Not supported for cache API. + responses: + '501': + $ref: '#/components/responses/security.cache@501' + put: + operationId: security.cache.3 + x-operation-group: security.cache + x-version-added: '1.0' + x-ignorable: true + description: Not supported for cache API. + responses: + '501': + $ref: '#/components/responses/security.cache@501' delete: operationId: security.flush_cache.0 x-operation-group: security.flush_cache x-version-added: '1.0' description: Flushes the Security plugin user, authentication, and authorization cache. externalDocs: - url: https://opensearch.org/docs/2.7/security/access-control/api/#flush-cache + url: https://opensearch.org/docs/latest/security/access-control/api/#flush-cache responses: '200': $ref: '#/components/responses/security.flush_cache@200' + /_plugins/_security/api/generateonbehalfoftoken: + post: + operationId: security.generate_obo_token.0 + x-operation-group: security.generate_obo_token + x-version-added: '2.12' + description: Generates On-Behalf-Of token for the current user. + externalDocs: + url: https://opensearch.org/docs/latest/security/access-control/authentication-tokens/#api-endpoint + requestBody: + $ref: '#/components/requestBodies/security.generate_obo_token' + responses: + '200': + $ref: '#/components/responses/security.generate_obo_token@200' + '400': + $ref: '#/components/responses/security.generate_obo_token@400' /_plugins/_security/api/internalusers: get: operationId: security.get_users.0 @@ -174,18 +425,6 @@ paths: '200': $ref: '#/components/responses/security.patch_users@200' /_plugins/_security/api/internalusers/{username}: - delete: - operationId: security.delete_user.0 - x-operation-group: security.delete_user - x-version-added: '1.0' - description: Delete the specified user. - externalDocs: - url: https://opensearch.org/docs/latest/security/access-control/api/#delete-user - parameters: - - $ref: '#/components/parameters/security.delete_user::path.username' - responses: - '200': - $ref: '#/components/responses/security.delete_user@200' get: operationId: security.get_user.0 x-operation-group: security.get_user @@ -198,6 +437,20 @@ paths: responses: '200': $ref: '#/components/responses/security.get_user@200' + put: + operationId: security.create_user.0 + x-operation-group: security.create_user + x-version-added: '1.0' + description: Creates or replaces the specified user. + externalDocs: + url: https://opensearch.org/docs/latest/security/access-control/api/#create-user + parameters: + - $ref: '#/components/parameters/security.create_user::path.username' + requestBody: + $ref: '#/components/requestBodies/security.create_user' + responses: + '200': + $ref: '#/components/responses/security.create_user@200' patch: operationId: security.patch_user.0 x-operation-group: security.patch_user @@ -212,36 +465,62 @@ paths: responses: '200': $ref: '#/components/responses/security.patch_user@200' - put: - operationId: security.create_user.0 - x-operation-group: security.create_user + delete: + operationId: security.delete_user.0 + x-operation-group: security.delete_user x-version-added: '1.0' - description: Creates or replaces the specified user. + description: Delete the specified user. externalDocs: - url: https://opensearch.org/docs/latest/security/access-control/api/#create-user + url: https://opensearch.org/docs/latest/security/access-control/api/#delete-user parameters: - - $ref: '#/components/parameters/security.create_user::path.username' - requestBody: - $ref: '#/components/requestBodies/security.create_user' + - $ref: '#/components/parameters/security.delete_user::path.username' responses: '200': - $ref: '#/components/responses/security.create_user@200' + $ref: '#/components/responses/security.delete_user@200' + /_plugins/_security/api/internalusers/{username}/authtoken: + post: + operationId: security.generate_user_token.0 + x-operation-group: security.generate_user_token + x-version-added: '1.0' + description: Generates authorization token for the given user. + parameters: + - $ref: '#/components/parameters/security.generate_user_token::path.username' + responses: + '200': + $ref: '#/components/responses/security.generate_user_token@200' + '400': + $ref: '#/components/responses/security.generate_user_token@400' + /_plugins/_security/api/migrate: + post: + operationId: security.migrate.0 + x-operation-group: security.migrate + x-version-added: '1.0' + description: Migrates security configuration from v6 to v7. + responses: + '200': + $ref: '#/components/responses/security.migrate@200' + '400': + $ref: '#/components/responses/security.migrate@400' /_plugins/_security/api/nodesdn: get: operationId: security.get_distinguished_names.0 x-operation-group: security.get_distinguished_names x-version-added: '1.0' - description: Retrieves distinguished names. + description: Retrieves distinguished names. Only accessible to super-admins and with rest-api permissions when enabled. externalDocs: url: https://opensearch.org/docs/latest/security/access-control/api/#get-distinguished-names + parameters: + - $ref: '#/components/parameters/security.get_distinguished_names::query.show_all' responses: '200': $ref: '#/components/responses/security.get_distinguished_names@200' + '403': + $ref: '#/components/responses/security.get_distinguished_names@403' patch: operationId: security.patch_distinguished_names.0 x-operation-group: security.patch_distinguished_names x-version-added: '1.0' - description: Bulk update of distinguished names. + description: Bulk update of distinguished names. Only accessible to super-admins and with rest-api permissions when enabled. externalDocs: url: https://opensearch.org/docs/latest/security/access-control/api/#update-all-distinguished-names requestBody: @@ -249,59 +528,80 @@ paths: responses: '200': $ref: '#/components/responses/security.patch_distinguished_names@200' + '403': + $ref: '#/components/responses/security.patch_distinguished_names@403' /_plugins/_security/api/nodesdn/{cluster_name}: - delete: - operationId: security.delete_distinguished_names.0 - x-operation-group: security.delete_distinguished_names - x-version-added: '1.0' - description: Deletes all distinguished names in the specified cluster’s or node’s allow list. - externalDocs: - url: https://opensearch.org/docs/latest/security/access-control/api/#delete-distinguished-names - parameters: - - $ref: '#/components/parameters/security.delete_distinguished_names::path.cluster_name' - responses: - '200': - $ref: '#/components/responses/security.delete_distinguished_names@200' get: - operationId: security.get_distinguished_names.1 - x-operation-group: security.get_distinguished_names + operationId: security.get_distinguished_name.0 + x-operation-group: security.get_distinguished_name x-version-added: '1.0' - description: Retrieves distinguished names. + description: Retrieves distinguished names. Only accessible to super-admins and with rest-api permissions when enabled. externalDocs: url: https://opensearch.org/docs/latest/security/access-control/api/#get-distinguished-names parameters: - - $ref: '#/components/parameters/security.get_distinguished_names::path.cluster_name' + - $ref: '#/components/parameters/security.get_distinguished_name::path.cluster_name' + - $ref: '#/components/parameters/security.get_distinguished_name::query.show_all' responses: '200': - $ref: '#/components/responses/security.get_distinguished_names@200' + $ref: '#/components/responses/security.get_distinguished_name@200' + '403': + $ref: '#/components/responses/security.get_distinguished_name@403' put: - operationId: security.update_distinguished_names.0 - x-operation-group: security.update_distinguished_names + operationId: security.update_distinguished_name.0 + x-operation-group: security.update_distinguished_name x-version-added: '1.0' - description: Adds or updates the specified distinguished names in the cluster’s or node’s allow list. + description: Adds or updates the specified distinguished names in the cluster or node allow list. Only accessible to super-admins and with rest-api permissions when enabled. externalDocs: url: https://opensearch.org/docs/latest/security/access-control/api/#update-distinguished-names parameters: - - $ref: '#/components/parameters/security.update_distinguished_names::path.cluster_name' + - $ref: '#/components/parameters/security.update_distinguished_name::path.cluster_name' requestBody: - $ref: '#/components/requestBodies/security.update_distinguished_names' + $ref: '#/components/requestBodies/security.update_distinguished_name' responses: '200': - $ref: '#/components/responses/security.update_distinguished_names@200' - /_plugins/_security/api/roles: + $ref: '#/components/responses/security.update_distinguished_name@200' + '403': + $ref: '#/components/responses/security.update_distinguished_name@403' patch: - operationId: security.patch_roles.0 - x-operation-group: security.patch_roles + operationId: security.patch_distinguished_name.0 + x-operation-group: security.patch_distinguished_name x-version-added: '1.0' - description: Creates, updates, or deletes multiple roles in a single call. - externalDocs: - url: https://opensearch.org/docs/latest/security/access-control/api/#patch-roles + description: Updates a distinguished cluster name for a specific cluster. Only accessible to super-admins and with rest-api permissions when enabled. + parameters: + - $ref: '#/components/parameters/security.patch_distinguished_name::path.cluster_name' requestBody: - $ref: '#/components/requestBodies/security.patch_roles' + $ref: '#/components/requestBodies/security.patch_distinguished_name' responses: '200': - $ref: '#/components/responses/security.patch_roles@200' - /_plugins/_security/api/roles/: + $ref: '#/components/responses/security.patch_distinguished_name@200' + '403': + $ref: '#/components/responses/security.patch_distinguished_name@403' + delete: + operationId: security.delete_distinguished_name.0 + x-operation-group: security.delete_distinguished_name + x-version-added: '1.0' + description: Deletes all distinguished names in the specified cluster or node allow list. Only accessible to super-admins and with rest-api permissions when enabled. + externalDocs: + url: https://opensearch.org/docs/latest/security/access-control/api/#delete-distinguished-names + parameters: + - $ref: '#/components/parameters/security.delete_distinguished_name::path.cluster_name' + responses: + '200': + $ref: '#/components/responses/security.delete_distinguished_name@200' + '403': + $ref: '#/components/responses/security.delete_distinguished_name@403' + /_plugins/_security/api/permissionsinfo: + get: + operationId: security.get_permissions_info.0 + x-operation-group: security.get_permissions_info + x-version-added: '1.0' + description: Gets the evaluated REST API permissions for the currently logged in user. + responses: + '200': + $ref: '#/components/responses/security.get_permissions_info@200' + '500': + $ref: '#/components/responses/security.get_permissions_info@500' + /_plugins/_security/api/roles: get: operationId: security.get_roles.0 x-operation-group: security.get_roles @@ -312,19 +612,21 @@ paths: responses: '200': $ref: '#/components/responses/security.get_roles@200' - /_plugins/_security/api/roles/{role}: - delete: - operationId: security.delete_role.0 - x-operation-group: security.delete_role + patch: + operationId: security.patch_roles.0 + x-operation-group: security.patch_roles x-version-added: '1.0' - description: Delete the specified role. + description: Creates, updates, or deletes multiple roles in a single call. externalDocs: - url: https://opensearch.org/docs/latest/security/access-control/api/#delete-role - parameters: - - $ref: '#/components/parameters/security.delete_role::path.role' + url: https://opensearch.org/docs/latest/security/access-control/api/#patch-roles + requestBody: + $ref: '#/components/requestBodies/security.patch_roles' responses: '200': - $ref: '#/components/responses/security.delete_role@200' + $ref: '#/components/responses/security.patch_roles@200' + '400': + $ref: '#/components/responses/security.patch_roles@400' + /_plugins/_security/api/roles/{role}: get: operationId: security.get_role.0 x-operation-group: security.get_role @@ -337,6 +639,20 @@ paths: responses: '200': $ref: '#/components/responses/security.get_role@200' + put: + operationId: security.create_role.0 + x-operation-group: security.create_role + x-version-added: '1.0' + description: Creates or replaces the specified role. + externalDocs: + url: https://opensearch.org/docs/latest/security/access-control/api/#create-role + parameters: + - $ref: '#/components/parameters/security.create_role::path.role' + requestBody: + $ref: '#/components/requestBodies/security.create_role' + responses: + '200': + $ref: '#/components/responses/security.create_role@200' patch: operationId: security.patch_role.0 x-operation-group: security.patch_role @@ -351,20 +667,20 @@ paths: responses: '200': $ref: '#/components/responses/security.patch_role@200' - put: - operationId: security.create_role.0 - x-operation-group: security.create_role + '400': + $ref: '#/components/responses/security.patch_role@400' + delete: + operationId: security.delete_role.0 + x-operation-group: security.delete_role x-version-added: '1.0' - description: Creates or replaces the specified role. + description: Delete the specified role. externalDocs: - url: https://opensearch.org/docs/latest/security/access-control/api/#create-role + url: https://opensearch.org/docs/latest/security/access-control/api/#delete-role parameters: - - $ref: '#/components/parameters/security.create_role::path.role' - requestBody: - $ref: '#/components/requestBodies/security.create_role' + - $ref: '#/components/parameters/security.delete_role::path.role' responses: '200': - $ref: '#/components/responses/security.create_role@200' + $ref: '#/components/responses/security.delete_role@200' /_plugins/_security/api/rolesmapping: get: operationId: security.get_role_mappings.0 @@ -382,25 +698,15 @@ paths: x-version-added: '1.0' description: Creates or updates multiple role mappings in a single call. externalDocs: - url: https://opensearch.org/docs/latest/security/access-control/api/#patch-role-mappings - requestBody: - $ref: '#/components/requestBodies/security.patch_role_mappings' - responses: - '200': - $ref: '#/components/responses/security.patch_role_mappings@200' - /_plugins/_security/api/rolesmapping/{role}: - delete: - operationId: security.delete_role_mapping.0 - x-operation-group: security.delete_role_mapping - x-version-added: '1.0' - description: Deletes the specified role mapping. - externalDocs: - url: https://opensearch.org/docs/latest/security/access-control/api/#delete-role-mapping - parameters: - - $ref: '#/components/parameters/security.delete_role_mapping::path.role' + url: https://opensearch.org/docs/latest/security/access-control/api/#patch-role-mappings + requestBody: + $ref: '#/components/requestBodies/security.patch_role_mappings' responses: '200': - $ref: '#/components/responses/security.delete_role_mapping@200' + $ref: '#/components/responses/security.patch_role_mappings@200' + '400': + $ref: '#/components/responses/security.patch_role_mappings@400' + /_plugins/_security/api/rolesmapping/{role}: get: operationId: security.get_role_mapping.0 x-operation-group: security.get_role_mapping @@ -413,6 +719,20 @@ paths: responses: '200': $ref: '#/components/responses/security.get_role_mapping@200' + put: + operationId: security.create_role_mapping.0 + x-operation-group: security.create_role_mapping + x-version-added: '1.0' + description: Creates or replaces the specified role mapping. + externalDocs: + url: https://opensearch.org/docs/latest/security/access-control/api/#create-role-mapping + parameters: + - $ref: '#/components/parameters/security.create_role_mapping::path.role' + requestBody: + $ref: '#/components/requestBodies/security.create_role_mapping' + responses: + '200': + $ref: '#/components/responses/security.create_role_mapping@200' patch: operationId: security.patch_role_mapping.0 x-operation-group: security.patch_role_mapping @@ -427,20 +747,20 @@ paths: responses: '200': $ref: '#/components/responses/security.patch_role_mapping@200' - put: - operationId: security.create_role_mapping.0 - x-operation-group: security.create_role_mapping + '400': + $ref: '#/components/responses/security.patch_role_mapping@400' + delete: + operationId: security.delete_role_mapping.0 + x-operation-group: security.delete_role_mapping x-version-added: '1.0' - description: Creates or replaces the specified role mapping. + description: Deletes the specified role mapping. externalDocs: - url: https://opensearch.org/docs/latest/security/access-control/api/#create-role-mapping + url: https://opensearch.org/docs/latest/security/access-control/api/#delete-role-mapping parameters: - - $ref: '#/components/parameters/security.create_role_mapping::path.role' - requestBody: - $ref: '#/components/requestBodies/security.create_role_mapping' + - $ref: '#/components/parameters/security.delete_role_mapping::path.role' responses: '200': - $ref: '#/components/responses/security.create_role_mapping@200' + $ref: '#/components/responses/security.delete_role_mapping@200' /_plugins/_security/api/securityconfig: get: operationId: security.get_configuration.0 @@ -448,7 +768,7 @@ paths: x-version-added: '1.0' description: Returns the current Security plugin configuration in JSON format. externalDocs: - url: https://opensearch.org/docs/2.7/security/access-control/api/#get-configuration + url: https://opensearch.org/docs/latest/security/access-control/api/#get-configuration responses: '200': $ref: '#/components/responses/security.get_configuration@200' @@ -456,9 +776,9 @@ paths: operationId: security.patch_configuration.0 x-operation-group: security.patch_configuration x-version-added: '1.0' - description: A PATCH call is used to update the existing configuration using the REST API. + description: A PATCH call is used to update the existing configuration using the REST API. Only accessible by admins and users with rest api access and only when put or patch is enabled. externalDocs: - url: https://opensearch.org/docs/2.7/security/access-control/api/#patch-configuration + url: https://opensearch.org/docs/latest/security/access-control/api/#patch-configuration requestBody: $ref: '#/components/requestBodies/security.patch_configuration' responses: @@ -469,9 +789,9 @@ paths: operationId: security.update_configuration.0 x-operation-group: security.update_configuration x-version-added: '1.0' - description: Adds or updates the existing configuration using the REST API. + description: Adds or updates the existing configuration using the REST API. Only accessible by admins and users with rest api access and only when put or patch is enabled. externalDocs: - url: https://opensearch.org/docs/2.7/security/access-control/api/#update-configuration + url: https://opensearch.org/docs/latest/security/access-control/api/#update-configuration requestBody: $ref: '#/components/requestBodies/security.update_configuration' responses: @@ -482,12 +802,14 @@ paths: operationId: security.get_certificates.0 x-operation-group: security.get_certificates x-version-added: '1.0' - description: Retrieves the cluster’s security certificates. + description: Retrieves the cluster security certificates. externalDocs: url: https://opensearch.org/docs/latest/security/access-control/api/#get-certificates responses: '200': $ref: '#/components/responses/security.get_certificates@200' + '400': + $ref: '#/components/responses/security.get_certificates@400' /_plugins/_security/api/ssl/http/reloadcerts: put: operationId: security.reload_http_certificates.0 @@ -499,72 +821,111 @@ paths: responses: '200': $ref: '#/components/responses/security.reload_http_certificates@200' + '400': + $ref: '#/components/responses/security.reload_http_certificates@400' /_plugins/_security/api/ssl/transport/reloadcerts: put: operationId: security.reload_transport_certificates.0 x-operation-group: security.reload_transport_certificates x-version-added: '1.0' - description: Reload transport layer communication certificates. + description: Reload Transport layer communication certificates. externalDocs: url: https://opensearch.org/docs/latest/security/access-control/api/#reload-transport-certificates responses: '200': $ref: '#/components/responses/security.reload_transport_certificates@200' - /_plugins/_security/api/tenants/: + '400': + $ref: '#/components/responses/security.reload_transport_certificates@400' + /_plugins/_security/api/tenancy/config: + get: + operationId: security.get_tenancy_config.0 + x-operation-group: security.get_tenancy_config + x-version-added: '2.7' + description: Retrieves multi-tenancy configuration. Only accessible to admins and users with REST API permissions. + externalDocs: + url: https://opensearch.org/docs/latest/security/multi-tenancy/dynamic-config/#configuring-multi-tenancy-with-the-rest-api + responses: + '200': + $ref: '#/components/responses/security.get_tenancy_config@200' + '400': + $ref: '#/components/responses/security.get_tenancy_config@400' + put: + operationId: security.create_update_tenancy_config.0 + x-operation-group: security.create_update_tenancy_config + x-version-added: '2.7' + description: Creates or replaces the multi-tenancy configuration. Only accessible to admins and users with REST API permissions. + externalDocs: + url: https://opensearch.org/docs/latest/security/multi-tenancy/dynamic-config/#configuring-multi-tenancy-with-the-rest-api + requestBody: + $ref: '#/components/requestBodies/security.create_update_tenancy_config' + responses: + '200': + $ref: '#/components/responses/security.create_update_tenancy_config@200' + '400': + $ref: '#/components/responses/security.create_update_tenancy_config@400' + /_plugins/_security/api/tenants: get: operationId: security.get_tenants.0 x-operation-group: security.get_tenants x-version-added: '1.0' description: Retrieves all tenants. externalDocs: - url: https://opensearch.org/docs/2.7/security/access-control/api/#get-tenants + url: https://opensearch.org/docs/latest/security/access-control/api/#get-tenants responses: '200': $ref: '#/components/responses/security.get_tenants@200' + '400': + $ref: '#/components/responses/security.get_tenants@400' patch: operationId: security.patch_tenants.0 x-operation-group: security.patch_tenants x-version-added: '1.0' description: Add, delete, or modify multiple tenants in a single call. externalDocs: - url: https://opensearch.org/docs/2.7/security/access-control/api/#patch-tenants + url: https://opensearch.org/docs/latest/security/access-control/api/#patch-tenants requestBody: $ref: '#/components/requestBodies/security.patch_tenants' responses: '200': $ref: '#/components/responses/security.patch_tenants@200' + '400': + $ref: '#/components/responses/security.patch_tenants@400' /_plugins/_security/api/tenants/{tenant}: - delete: - operationId: security.delete_tenant.0 - x-operation-group: security.delete_tenant - x-version-added: '1.0' - description: Delete the specified tenant. - externalDocs: - url: https://opensearch.org/docs/latest/security/access-control/api/#delete-action-group - parameters: - - $ref: '#/components/parameters/security.delete_tenant::path.tenant' - responses: - '200': - $ref: '#/components/responses/security.delete_tenant@200' get: operationId: security.get_tenant.0 x-operation-group: security.get_tenant x-version-added: '1.0' description: Retrieves one tenant. externalDocs: - url: https://opensearch.org/docs/2.7/security/access-control/api/#get-tenant + url: https://opensearch.org/docs/latest/security/access-control/api/#get-tenant parameters: - $ref: '#/components/parameters/security.get_tenant::path.tenant' responses: '200': $ref: '#/components/responses/security.get_tenant@200' + put: + operationId: security.create_tenant.0 + x-operation-group: security.create_tenant + x-version-added: '1.0' + description: Creates or replaces the specified tenant. + externalDocs: + url: https://opensearch.org/docs/latest/security/access-control/api/#create-tenant + parameters: + - $ref: '#/components/parameters/security.create_tenant::path.tenant' + requestBody: + $ref: '#/components/requestBodies/security.create_tenant' + responses: + '200': + $ref: '#/components/responses/security.create_tenant@200' + '400': + $ref: '#/components/responses/security.create_tenant@400' patch: operationId: security.patch_tenant.0 x-operation-group: security.patch_tenant x-version-added: '1.0' description: Add, delete, or modify a single tenant. externalDocs: - url: https://opensearch.org/docs/2.7/security/access-control/api/#patch-tenant + url: https://opensearch.org/docs/latest/security/access-control/api/#patch-tenant parameters: - $ref: '#/components/parameters/security.patch_tenant::path.tenant' requestBody: @@ -572,31 +933,90 @@ paths: responses: '200': $ref: '#/components/responses/security.patch_tenant@200' - put: - operationId: security.create_tenant.0 - x-operation-group: security.create_tenant + '400': + $ref: '#/components/responses/security.patch_tenant@400' + delete: + operationId: security.delete_tenant.0 + x-operation-group: security.delete_tenant x-version-added: '1.0' - description: Creates or replaces the specified tenant. + description: Delete the specified tenant. externalDocs: - url: https://opensearch.org/docs/2.7/security/access-control/api/#create-tenant + url: https://opensearch.org/docs/latest/security/access-control/api/#delete-action-group parameters: - - $ref: '#/components/parameters/security.create_tenant::path.tenant' + - $ref: '#/components/parameters/security.delete_tenant::path.tenant' + responses: + '200': + $ref: '#/components/responses/security.delete_tenant@200' + '400': + $ref: '#/components/responses/security.delete_tenant@400' + /_plugins/_security/api/user: + get: + operationId: security.get_users_legacy.0 + x-operation-group: security.get_users_legacy + x-version-added: '1.0' + description: Retrieve all internal users. Legacy API. + responses: + '200': + $ref: '#/components/responses/security.get_users_legacy@200' + /_plugins/_security/api/user/{username}: + get: + operationId: security.get_user_legacy.0 + x-operation-group: security.get_user_legacy + x-version-added: '1.0' + description: Retrieve one user. Legacy API. + parameters: + - $ref: '#/components/parameters/security.get_user_legacy::path.username' + responses: + '200': + $ref: '#/components/responses/security.get_user_legacy@200' + put: + operationId: security.create_user_legacy.0 + x-operation-group: security.create_user_legacy + x-version-added: '1.0' + description: Creates or replaces the specified user. Legacy API. + parameters: + - $ref: '#/components/parameters/security.create_user_legacy::path.username' requestBody: - $ref: '#/components/requestBodies/security.create_tenant' + $ref: '#/components/requestBodies/security.create_user_legacy' responses: '200': - $ref: '#/components/responses/security.create_tenant@200' - /_plugins/_security/health: + $ref: '#/components/responses/security.create_user_legacy@200' + delete: + operationId: security.delete_user_legacy.0 + x-operation-group: security.delete_user_legacy + x-version-added: '1.0' + description: Delete the specified user. Legacy API. + parameters: + - $ref: '#/components/parameters/security.delete_user_legacy::path.username' + responses: + '200': + $ref: '#/components/responses/security.delete_user_legacy@200' + /_plugins/_security/api/user/{username}/authtoken: + post: + operationId: security.generate_user_token_legacy.0 + x-operation-group: security.generate_user_token_legacy + x-version-added: '1.0' + description: Generates authorization token for the given user. Legacy API. + parameters: + - $ref: '#/components/parameters/security.generate_user_token_legacy::path.username' + responses: + '200': + $ref: '#/components/responses/security.generate_user_token_legacy@200' + '400': + $ref: '#/components/responses/security.generate_user_token_legacy@400' + /_plugins/_security/api/validate: get: - operationId: security.health.0 - x-operation-group: security.health + operationId: security.validate.0 + x-operation-group: security.validate x-version-added: '1.0' - description: Checks to see if the Security plugin is up and running. - externalDocs: - url: https://opensearch.org/docs/latest/security/access-control/api/#health-check + description: Checks whether the v6 security configuration is valid and ready to be migrated to v7. + parameters: + - $ref: '#/components/parameters/security.validate::query.accept_invalid' responses: '200': - $ref: '#/components/responses/security.health@200' + $ref: '#/components/responses/security.validate@200' + '400': + $ref: '#/components/responses/security.validate@400' components: requestBodies: security.change_password: @@ -605,12 +1025,23 @@ components: schema: $ref: '../schemas/security._common.yaml#/components/schemas/ChangePasswordRequestContent' required: true + security.config_upgrade_perform: + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/ConfigUpgradePayload' security.create_action_group: content: application/json: schema: $ref: '../schemas/security._common.yaml#/components/schemas/ActionGroup' required: true + security.create_allowlist: + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/AllowlistConfig' + required: true security.create_role: content: application/json: @@ -629,15 +1060,35 @@ components: schema: $ref: '../schemas/security._common.yaml#/components/schemas/CreateTenantParams' required: true + security.create_update_tenancy_config: + content: + application/json: + schema: + type: array + items: + $ref: '../schemas/security._common.yaml#/components/schemas/MultiTenancyConfig' + required: true security.create_user: content: application/json: schema: $ref: '../schemas/security._common.yaml#/components/schemas/User' required: true + security.create_user_legacy: + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/User' + required: true + security.generate_obo_token: + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/OBOToken' + required: true security.patch_action_group: content: - application/x-ndjson: + application/json: schema: type: array items: @@ -645,7 +1096,15 @@ components: required: true security.patch_action_groups: content: - application/x-ndjson: + application/json: + schema: + type: array + items: + $ref: '../schemas/security._common.yaml#/components/schemas/PatchOperation' + required: true + security.patch_allowlist: + content: + application/json: schema: type: array items: @@ -653,7 +1112,7 @@ components: required: true security.patch_audit_configuration: content: - application/x-ndjson: + application/json: schema: type: array items: @@ -661,15 +1120,20 @@ components: required: true security.patch_configuration: content: - application/x-ndjson: + application/json: schema: type: array items: $ref: '../schemas/security._common.yaml#/components/schemas/PatchOperation' required: true + security.patch_distinguished_name: + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/PatchOperation' security.patch_distinguished_names: content: - application/x-ndjson: + application/json: schema: type: array items: @@ -677,7 +1141,7 @@ components: required: true security.patch_role: content: - application/x-ndjson: + application/json: schema: type: array items: @@ -685,7 +1149,7 @@ components: required: true security.patch_role_mapping: content: - application/x-ndjson: + application/json: schema: type: array items: @@ -693,7 +1157,7 @@ components: required: true security.patch_role_mappings: content: - application/x-ndjson: + application/json: schema: type: array items: @@ -701,7 +1165,7 @@ components: required: true security.patch_roles: content: - application/x-ndjson: + application/json: schema: type: array items: @@ -709,7 +1173,7 @@ components: required: true security.patch_tenant: content: - application/x-ndjson: + application/json: schema: type: array items: @@ -717,7 +1181,7 @@ components: required: true security.patch_tenants: content: - application/x-ndjson: + application/json: schema: type: array items: @@ -725,207 +1189,242 @@ components: required: true security.patch_user: content: - application/x-ndjson: + application/json: + schema: + type: array + items: + $ref: '../schemas/security._common.yaml#/components/schemas/PatchOperation' + required: true + security.patch_users: + content: + application/json: + schema: + type: array + items: + $ref: '../schemas/security._common.yaml#/components/schemas/PatchOperation' + required: true + security.post_dashboards_info: + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/DashboardsInfo' + required: false + security.update_audit_configuration: + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/AuditConfig' + required: true + security.update_configuration: + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/DynamicConfig' + required: true + security.update_distinguished_name: + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/PatchOperation' + responses: + security.authinfo@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/AuthInfo' + security.authinfo@500: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/InternalServerError' + security.authtoken@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.cache@501: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/MethodNotImplemented' + security.change_password@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.config_upgrade_check@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/UpgradeCheck' + security.config_upgrade_perform@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/UpgradePerform' + security.create_action_group@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.create_allowlist@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/AllowlistConfig' + security.create_role@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.create_role_mapping@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.create_tenant@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.create_tenant@400: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' + security.create_update_tenancy_config@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/MultiTenancyConfig' + security.create_update_tenancy_config@400: + description: '' + content: + application/json: schema: - type: array - items: - $ref: '../schemas/security._common.yaml#/components/schemas/PatchOperation' - required: true - security.patch_users: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' + security.create_user@200: + description: '' content: - application/x-ndjson: + application/json: schema: - type: array - items: - $ref: '../schemas/security._common.yaml#/components/schemas/PatchOperation' - required: true - security.update_audit_configuration: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.create_user_legacy@200: + description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/AuditConfig' - required: true - security.update_configuration: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.delete_action_group@200: + description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/DynamicConfig' - required: true - security.update_distinguished_names: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.delete_distinguished_name@200: + description: '' content: application/json: schema: - $ref: '../schemas/security._common.yaml#/components/schemas/DistinguishedNames' - responses: - security.change_password@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.delete_distinguished_name@403: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message - security.create_action_group@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Unauthorized' + security.delete_role@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message - security.create_role@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.delete_role_mapping@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message - security.create_role_mapping@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.delete_tenant@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message - security.create_tenant@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.delete_tenant@400: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message - security.create_user@200: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' + security.delete_user@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message - security.delete_action_group@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.delete_user_legacy@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message - security.delete_distinguished_names@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.flush_cache@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message - security.delete_role@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.generate_obo_token@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message - security.delete_role_mapping@200: + $ref: '../schemas/security._common.yaml#/components/schemas/GenerateOBOToken' + security.generate_obo_token@400: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message - security.delete_tenant@200: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' + security.generate_user_token@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message - security.delete_user@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.generate_user_token@400: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message - security.flush_cache@200: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' + security.generate_user_token_legacy@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.generate_user_token_legacy@400: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' security.get_account_details@200: description: '' content: @@ -944,6 +1443,12 @@ components: application/json: schema: $ref: '../schemas/security._common.yaml#/components/schemas/ActionGroupsMap' + security.get_allowlist@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/AllowlistConfig' security.get_audit_configuration@200: description: '' content: @@ -955,28 +1460,67 @@ components: content: application/json: schema: - type: object - properties: - http_certificates_list: - type: array - items: - $ref: '../schemas/security._common.yaml#/components/schemas/CertificatesDetail' - transport_certificates_list: - type: array - items: - $ref: '../schemas/security._common.yaml#/components/schemas/CertificatesDetail' + $ref: '../schemas/security._common.yaml#/components/schemas/GetCertificates' + security.get_certificates@400: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' security.get_configuration@200: description: '' content: application/json: schema: $ref: '../schemas/security._common.yaml#/components/schemas/DynamicConfig' + security.get_dashboards_info@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/DashboardsInfo' + security.get_dashboards_info@500: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/InternalServerError' + security.get_distinguished_name@200: + description: Show nodesDn setting for given cluster. + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/DistinguishedNames' + security.get_distinguished_name@403: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/Unauthorized' security.get_distinguished_names@200: description: '' content: application/json: schema: $ref: '../schemas/security._common.yaml#/components/schemas/DistinguishedNamesMap' + security.get_distinguished_names@403: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/Unauthorized' + security.get_permissions_info@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/PermissionsInfo' + security.get_permissions_info@500: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/InternalServerError' security.get_role@200: description: '' content: @@ -1001,274 +1545,358 @@ components: application/json: schema: $ref: '../schemas/security._common.yaml#/components/schemas/RolesMap' + security.get_sslinfo@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/SSLInfo' + security.get_sslinfo@500: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/InternalServerError' security.get_tenant@200: description: '' content: application/json: schema: $ref: '../schemas/security._common.yaml#/components/schemas/TenantsMap' + security.get_tenancy_config@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/MultiTenancyConfig' + security.get_tenancy_config@400: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' security.get_tenants@200: description: '' content: application/json: schema: $ref: '../schemas/security._common.yaml#/components/schemas/TenantsMap' + security.get_tenants@400: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' security.get_user@200: description: '' content: application/json: schema: $ref: '../schemas/security._common.yaml#/components/schemas/UsersMap' + security.get_user_legacy@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/UsersMap' security.get_users@200: description: '' content: application/json: schema: $ref: '../schemas/security._common.yaml#/components/schemas/UsersMap' + security.get_users_legacy@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/UsersMap' security.health@200: description: '' content: application/json: schema: - type: object - properties: - message: - type: string - mode: - type: string - status: - type: string + $ref: '../schemas/security._common.yaml#/components/schemas/HealthInfo' + security.migrate@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.migrate@400: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' security.patch_action_group@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' security.patch_action_groups@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.patch_allowlist@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/AllowlistConfig' security.patch_audit_configuration@200: description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' security.patch_configuration@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.patch_distinguished_name@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.patch_distinguished_name@403: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/Unauthorized' security.patch_distinguished_names@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.patch_distinguished_names@403: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/Unauthorized' security.patch_role@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.patch_role@400: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' security.patch_role_mapping@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.patch_role_mapping@400: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' security.patch_role_mappings@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.patch_role_mappings@400: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' security.patch_roles@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.patch_roles@400: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' security.patch_tenant@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.patch_tenant@400: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' security.patch_tenants@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.patch_tenants@400: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' security.patch_user@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' security.patch_users@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.post_dashboards_info@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/DashboardsInfo' + security.post_dashboards_info@500: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/InternalServerError' security.reload_http_certificates@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.reload_http_certificates@400: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' security.reload_transport_certificates@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.reload_transport_certificates@400: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' + security.tenant_info@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/TenantInfo' + security.tenant_info@500: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/InternalServerError' security.update_audit_configuration@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' security.update_configuration@200: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message - security.update_distinguished_names@200: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.update_distinguished_name@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.update_distinguished_name@403: description: '' content: application/json: schema: - type: object - properties: - status: - type: string - description: Security Operation Status - message: - type: string - description: Security Operation Message + $ref: '../schemas/security._common.yaml#/components/schemas/Unauthorized' + security.validate@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/Ok' + security.validate@400: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/BadRequest' + security.who_am_i@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/WhoAmI' + security.who_am_i@500: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/InternalServerError' + security.who_am_i_protected@200: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/WhoAmI' + security.who_am_i_protected@500: + description: '' + content: + application/json: + schema: + $ref: '../schemas/security._common.yaml#/components/schemas/InternalServerError' parameters: + security.authinfo::query.auth_type: + name: auth_type + in: query + description: The type of current authentication request. + schema: + type: string + required: false + security.authinfo::query.verbose: + name: verbose + in: query + description: Indicates whether a verbose response should be returned. + schema: + type: boolean + required: false security.create_action_group::path.action_group: name: action_group in: path - description: The name of the action group to create or replace + description: The name of the action group to create or replace. schema: type: string - description: The name of the action group to create or replace + description: The name of the action group to create or replace. required: true security.create_role::path.role: name: role @@ -1294,6 +1922,12 @@ components: schema: type: string required: true + security.create_user_legacy::path.username: + name: username + in: path + schema: + type: string + required: true security.delete_action_group::path.action_group: name: action_group in: path @@ -1302,7 +1936,7 @@ components: type: string description: Action group to delete. required: true - security.delete_distinguished_names::path.cluster_name: + security.delete_distinguished_name::path.cluster_name: name: cluster_name in: path schema: @@ -1332,6 +1966,24 @@ components: schema: type: string required: true + security.delete_user_legacy::path.username: + name: username + in: path + schema: + type: string + required: true + security.generate_user_token::path.username: + name: username + in: path + schema: + type: string + required: true + security.generate_user_token_legacy::path.username: + name: username + in: path + schema: + type: string + required: true security.get_action_group::path.action_group: name: action_group in: path @@ -1340,12 +1992,24 @@ components: type: string description: Action group to retrieve. required: true - security.get_distinguished_names::path.cluster_name: + security.get_distinguished_name::path.cluster_name: name: cluster_name in: path schema: type: string required: true + security.get_distinguished_name::query.show_all: + name: show_all + in: query + schema: + type: boolean + required: false + security.get_distinguished_names::query.show_all: + name: show_all + in: query + schema: + type: boolean + required: false security.get_role::path.role: name: role in: path @@ -1358,6 +2022,14 @@ components: schema: type: string required: true + security.get_sslinfo::query.show_dn: + name: show_dn + in: query + description: The domain names from all certificates. + schema: + type: string + description: A boolean flag to indicate whether all domain names should be returned. + required: false security.get_tenant::path.tenant: name: tenant in: path @@ -1370,12 +2042,30 @@ components: schema: type: string required: true + security.get_user_legacy::path.username: + name: username + in: path + schema: + type: string + required: true + security.health::query.mode: + name: mode + in: query + schema: + type: string + required: false security.patch_action_group::path.action_group: name: action_group in: path schema: type: string required: true + security.patch_distinguished_name::path.cluster_name: + name: cluster_name + in: path + schema: + type: string + required: true security.patch_role::path.role: name: role in: path @@ -1400,9 +2090,17 @@ components: schema: type: string required: true - security.update_distinguished_names::path.cluster_name: + security.update_distinguished_name::path.cluster_name: name: cluster_name in: path schema: type: string required: true + security.validate::query.accept_invalid: + name: accept_invalid + in: query + schema: + type: boolean + required: false + + diff --git a/spec/schemas/security._common.yaml b/spec/schemas/security._common.yaml index 00fc5dfc9..c7452bb2f 100644 --- a/spec/schemas/security._common.yaml +++ b/spec/schemas/security._common.yaml @@ -1,59 +1,11 @@ openapi: 3.1.0 info: - title: Schemas of security._common category - description: Schemas of security._common category + title: Schemas of security._common category. + description: Schemas of security._common category. version: 1.0.0 paths: {} components: schemas: - RoleMapping: - type: object - properties: - hosts: - type: array - items: - type: string - users: - type: array - items: - type: string - reserved: - type: boolean - hidden: - type: boolean - backend_roles: - type: array - items: - type: string - and_backend_roles: - type: array - items: - type: string - description: - type: string - User: - type: object - properties: - hash: - type: string - reserved: - type: boolean - hidden: - type: boolean - backend_roles: - type: array - items: - type: string - attributes: - $ref: '#/components/schemas/UserAttributes' - description: - type: string - opendistro_security_roles: - type: array - items: - type: string - static: - type: boolean AccountDetails: type: object properties: @@ -81,31 +33,7 @@ components: type: array items: type: string - UserTenants: - type: object - properties: - global_tenant: - type: boolean - admin_tenant: - type: boolean - admin: - type: boolean - ChangePasswordRequestContent: - type: object - properties: - current_password: - type: string - description: The current password - password: - type: string - description: The new password to set - required: - - current_password - - password - ActionGroupsMap: - type: object - additionalProperties: - $ref: '#/components/schemas/ActionGroup' + ActionGroup: type: object properties: @@ -123,20 +51,34 @@ components: type: string static: type: boolean - PatchOperation: + + ActionGroupsMap: + type: object + additionalProperties: + $ref: '#/components/schemas/ActionGroup' + + AllowlistConfig: type: object properties: - op: - type: string - description: 'The operation to perform. Possible values: remove,add, replace, move, copy, test.' - path: - type: string - description: The path to the resource. - value: - description: The new values used for the update. - required: - - op - - path + config: + type: object + items: + enabled: + type: boolean + requests: + type: object + description: An object with APIs as key and array of http methods as values. + + AuditConfig: + type: object + properties: + compliance: + $ref: '#/components/schemas/ComplianceConfig' + enabled: + type: boolean + audit: + $ref: '#/components/schemas/AuditLogsConfig' + AuditConfigWithReadOnly: type: object properties: @@ -146,15 +88,134 @@ components: type: string config: $ref: '#/components/schemas/AuditConfig' - AuditConfig: + + AuditLogsConfig: type: object properties: - compliance: - $ref: '#/components/schemas/ComplianceConfig' - enabled: + ignore_users: + type: array + items: + type: string + ignore_requests: + type: array + items: + type: string + disabled_rest_categories: + type: array + items: + type: string + disabled_transport_categories: + type: array + items: + type: string + log_request_body: type: boolean - audit: - $ref: '#/components/schemas/AuditLogsConfig' + resolve_indices: + type: boolean + resolve_bulk_requests: + type: boolean + exclude_sensitive_headers: + type: boolean + enable_transport: + type: boolean + enable_rest: + type: boolean + + AuthInfo: + type: object + properties: + user: + type: string + description: Stringified User object. + user_name: + type: string + description: User's name. + user_requested_tenant: + type: string + description: Name of the tenant the user wants to switch to. + remote_address: + type: string + description: The IP address of remote user. + backend_roles: + type: array + description: Backend roles associated with the user. + custom_attribute_names: + type: array + description: Name of the attributes associated with the user. + roles: + type: array + description: Roles associated with the user. + tenants: + type: object + description: Tenants the user has access to with read-write or read-only access indicator. + principal: + type: string + description: User principal. + peer_certificates: + type: number + description: Number of peer certificates. + sso_logout_url: + type: string + description: Logout url. + size_of_user: + type: string + description: Size of user in memory. + size_of_custom_attributes: + type: string + description: Size of user's custom attributes in bytes. + size_of_backendroles: + type: string + description: Size of backend roles in bytes. + + BadRequest: + type: object + properties: + status: + type: string + value: 400 + message: + type: string + description: Message returned as part of BAD_REQUEST response. + + CertificatesDetail: + type: object + properties: + issuer_dn: + type: string + subject_dn: + type: string + san: + type: string + not_before: + type: string + not_after: + type: string + + GetCertificates: + type: object + properties: + http_certificates_list: + type: array + items: + $ref: '#/components/schemas/CertificatesDetail' + transport_certificates_list: + type: array + items: + $ref: '#/components/schemas/CertificatesDetail' + + ChangePasswordRequestContent: + type: object + properties: + current_password: + type: string + description: The current password. + password: + type: string + description: The new password to set. + required: + - current_password + - password + ComplianceConfig: type: object properties: @@ -183,60 +244,232 @@ components: type: boolean internal_config: type: boolean - AuditLogsConfig: + + ConfigUpgradePayload: type: object properties: - ignore_users: - type: array - items: - type: string - ignore_requests: + config: type: array - items: - type: string - disabled_rest_categories: + description: List of configs to be upgraded. + + CreateTenantParams: + type: object + properties: + description: + type: string + + DashboardsInfo: + type: object + properties: + user_name: + type: string + description: User's name + not_fail_on_forbidden_enabled: + type: boolean + description: Indicates whether DNFOF is enabled. + opensearch_dashboards_mt_enabled: + type: boolean + description: Indicates whether multi-tenancy is enabled. + opensearch_dashboards_index: + type: string + description: Name of the dashboards index. + opensearch_dashboards_server_user: + type: string + description: Name of the user used to connect dashboards to the server. + multitenancy_enabled: + type: boolean + description: Indicates whether multi-tenancy is enabled. + private_tenant_enabled: + type: boolean + description: Indicates whether private tenant is enabled for all users. + default_tenant: + type: string + description: The default tenant setting for the dashboard. + sign_in_options: type: array - items: - type: string - disabled_transport_categories: + description: List of available sign-in options available. + password_validation_error_message: + type: string + description: Error message when password validation fails. + password_validation_regex: + type: string + description: Reg-ex to be used to perform password validation. + + DistinguishedNames: + type: object + properties: + nodes_dn: type: array items: type: string - log_request_body: + + DistinguishedNamesMap: + type: object + additionalProperties: + $ref: '#/components/schemas/DistinguishedNames' + + DynamicConfig: + type: object + properties: + dynamic: + $ref: '#/components/schemas/DynamicOptions' + + DynamicOptions: + type: object + properties: + filteredAliasMode: + type: string + disableRestAuth: type: boolean - resolve_indices: + disableIntertransportAuth: type: boolean - resolve_bulk_requests: + respectRequestIndicesOptions: type: boolean - exclude_sensitive_headers: + kibana: {} + http: {} + authc: {} + authz: {} + authFailureListeners: {} + doNotFailOnForbidden: type: boolean - enable_transport: + multiRolespanEnabled: type: boolean - enable_rest: + hostsResolverMode: + type: string + doNotFailOnForbiddenEmpty: type: boolean - UsersMap: + + GenerateOBOToken: type: object - additionalProperties: - $ref: '#/components/schemas/User' - UserAttributes: + properties: + user: + type: string + description: The name of the entity requesting token. + authenticationToken: + type: string + description: The generated OBO token. + durationSeconds: + type: string + description: The duration of the token, defaulted to 300s. + + HealthInfo: type: object - additionalProperties: - type: string - DistinguishedNamesMap: + properties: + message: + type: string + mode: + type: string + status: + type: string + + IndexPermission: type: object - additionalProperties: - $ref: '#/components/schemas/DistinguishedNames' - DistinguishedNames: + properties: + index_patterns: + type: array + items: + type: string + dls: + type: string + fls: + type: array + items: + type: string + masked_fields: + type: array + items: + type: string + allowed_actions: + type: array + items: + type: string + + InternalServerError: type: object properties: - nodes_dn: + error: + type: string + description: Error message during request execution. + + MethodNotImplemented: + type: object + properties: + status: + type: string + value: 501 + message: + type: string + description: Message returned as part of NOT_IMPLEMENTED response. + + MultiTenancyConfig: + type: object + properties: + default_tenant: + type: string + private_tenant_enabled: + type: boolean + multitenancy_enabled: + type: boolean + sign_in_options: type: array items: type: string - RolesMap: + description: Value in seconds. + + OBOToken: type: object - additionalProperties: - $ref: '#/components/schemas/Role' + properties: + description: + type: string + description: Contains the description supplied by the user to describe the token. + required: true + service: + type: string + description: A name of the service if generating a token for that service. + required: false + duration: + type: string + description: Value in seconds. + required: optional + + Ok: + type: object + properties: + status: + type: string + value: 200 + message: + type: string + description: Message returned as part of OK response. + + PatchOperation: + type: object + properties: + op: + type: string + description: 'The operation to perform. Possible values: remove, add, replace, move, copy, test.' + path: + type: string + description: The path to the resource. + value: + description: The new values used for the update. + required: + - op + - path + + PermissionsInfo: + type: object + properties: + user: + type: string + user_name: + type: string + has_api_access: + type: boolean + disabled_endpoints: + type: object + description: An object with disabled APIs as key and array of http methods as values. + Role: type: object properties: @@ -260,27 +493,104 @@ components: $ref: '#/components/schemas/TenantPermission' static: type: boolean - IndexPermission: + + RoleMapping: type: object properties: - index_patterns: + hosts: type: array items: type: string - dls: - type: string - fls: + users: type: array items: type: string - masked_fields: + reserved: + type: boolean + hidden: + type: boolean + backend_roles: type: array items: type: string - allowed_actions: + and_backend_roles: type: array items: type: string + description: + type: string + + RoleMappings: + type: object + additionalProperties: + $ref: '#/components/schemas/RoleMapping' + + RolesMap: + type: object + additionalProperties: + $ref: '#/components/schemas/Role' + + SSLInfo: + type: object + properties: + principal: + type: string + description: User principal. + peer_certificates: + type: number + description: Number of certificates. + peer_certificates_list: + type: array + description: List of domain names from peer certificates. + local_certificates_list: + type: array + description: List of domain names from local certificates. + ssl_protocol: + type: string + description: Protocol for this ssl setup. + ssl_cipher: + type: string + description: Cipher for this ssl setup. + ssl_openssl_available: + type: boolean + description: A boolean to indicate if OpenSSL is available. + ssl_openssl_version: + type: string + description: Version of openssl. + ssl_openssl_version_string: + type: string + description: Full version string for openssl version. + ssl_openssl_non_available_cause: + type: string + description: Reason for openssl unavailability. + ssl_openssl_supports_key_manager_factory: + type: boolean + description: Indicates where KMF is supported. + ssl_openssl_supports_hostname_validation: + type: boolean + description: Indicates whether hostname validation is supported. + ssl_provider_http: + type: string + description: Returns http provider's name. + ssl_provider_transport_server: + type: string + description: Returns transport server's name. + ssl_provider_transport_client: + type: string + description: Returns transport client's name. + + Tenant: + type: object + properties: + reserved: + type: boolean + hidden: + type: boolean + description: + type: string + static: + type: boolean + TenantPermission: type: object properties: @@ -292,69 +602,95 @@ components: type: array items: type: string - RoleMappings: + + TenantsMap: type: object additionalProperties: - $ref: '#/components/schemas/RoleMapping' - DynamicConfig: + $ref: '#/components/schemas/Tenant' + + Unauthorized: type: object properties: - dynamic: - $ref: '#/components/schemas/DynamicOptions' - DynamicOptions: + status: + type: string + value: 403 + message: + type: string + description: Message returned as part of FORBIDDEN response. + + UpgradeCheck: type: object properties: - filteredAliasMode: - type: string - disableRestAuth: - type: boolean - disableIntertransportAuth: - type: boolean - respectRequestIndicesOptions: - type: boolean - kibana: {} - http: {} - authc: {} - authz: {} - authFailureListeners: {} - doNotFailOnForbidden: - type: boolean - multiRolespanEnabled: - type: boolean - hostsResolverMode: + status: type: string - doNotFailOnForbiddenEmpty: + upgradeAvailable: type: boolean - CertificatesDetail: + upgradeActions: + type: object + + UpgradePerform: type: object properties: - issuer_dn: + status: type: string - subject_dn: - type: string - san: - type: string - not_before: - type: string - not_after: - type: string - TenantsMap: - type: object - additionalProperties: - $ref: '#/components/schemas/Tenant' - Tenant: + upgrades: + type: object + + User: type: object properties: + hash: + type: string reserved: type: boolean hidden: type: boolean + backend_roles: + type: array + items: + type: string + attributes: + $ref: '#/components/schemas/UserAttributes' description: type: string + opendistro_security_roles: + type: array + items: + type: string static: type: boolean - CreateTenantParams: + + UserAttributes: + type: object + additionalProperties: + type: string + + UserTenants: type: object properties: - description: + global_tenant: + type: boolean + admin_tenant: + type: boolean + admin: + type: boolean + + UsersMap: + type: object + additionalProperties: + $ref: '#/components/schemas/User' + + WhoAmI: + type: object + properties: + dn: + type: string + is_admin: + type: string + is_node_certificate_request: type: string + + TenantInfo: + type: object + additionalProperties: + type: string