diff --git a/output/openapi/elasticsearch-openapi.json b/output/openapi/elasticsearch-openapi.json index 94b72ee59..cca6df89f 100644 --- a/output/openapi/elasticsearch-openapi.json +++ b/output/openapi/elasticsearch-openapi.json @@ -84017,6 +84017,39 @@ "created" ] }, + "security._types:RemoteIndicesPrivileges": { + "type": "object", + "properties": { + "clusters": { + "$ref": "#/components/schemas/_types:Names" + }, + "field_security": { + "$ref": "#/components/schemas/security._types:FieldSecurity" + }, + "names": { + "$ref": "#/components/schemas/_types:Indices" + }, + "privileges": { + "description": "The index level privileges that owners of the role have on the specified indices.", + "type": "array", + "items": { + "$ref": "#/components/schemas/security._types:IndexPrivilege" + } + }, + "query": { + "$ref": "#/components/schemas/security._types:IndicesPrivilegesQuery" + }, + "allow_restricted_indices": { + "description": "Set to `true` if using wildcard or regular expressions for patterns that cover restricted indices. Implicitly, restricted indices have limited privileges that can cause pattern tests to fail. If restricted indices are explicitly included in the `names` list, Elasticsearch checks privileges against these indices regardless of the value set for `allow_restricted_indices`.", + "type": "boolean" + } + }, + "required": [ + "clusters", + "names", + "privileges" + ] + }, "security.query_api_keys:ApiKeyAggregationContainer": { "allOf": [ { @@ -104837,6 +104870,13 @@ "$ref": "#/components/schemas/security._types:IndicesPrivileges" } }, + "remote_indices": { + "description": "A list of remote indices permissions entries.", + "type": "array", + "items": { + "$ref": "#/components/schemas/security._types:RemoteIndicesPrivileges" + } + }, "metadata": { "$ref": "#/components/schemas/_types:Metadata" }, diff --git a/output/schema/schema-serverless.json b/output/schema/schema-serverless.json index 2ce52e936..32e22f1b1 100644 --- a/output/schema/schema-serverless.json +++ b/output/schema/schema-serverless.json @@ -101691,7 +101691,7 @@ "name": "IndexPrivilege", "namespace": "security._types" }, - "specLocation": "security/_types/Privileges.ts#L292-L334" + "specLocation": "security/_types/Privileges.ts#L325-L367" }, { "codegenNames": [ @@ -101705,7 +101705,7 @@ "name": "IndicesPrivilegesQuery", "namespace": "security._types" }, - "specLocation": "security/_types/Privileges.ts#L247-L255", + "specLocation": "security/_types/Privileges.ts#L280-L288", "type": { "items": [ { @@ -101755,7 +101755,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L257-L267" + "specLocation": "security/_types/Privileges.ts#L290-L300" }, { "kind": "interface", @@ -101843,7 +101843,7 @@ } ], "shortcutProperty": "source", - "specLocation": "security/_types/Privileges.ts#L269-L287" + "specLocation": "security/_types/Privileges.ts#L302-L320" }, { "codegenNames": [ @@ -101855,7 +101855,7 @@ "name": "RoleTemplateInlineQuery", "namespace": "security._types" }, - "specLocation": "security/_types/Privileges.ts#L289-L290", + "specLocation": "security/_types/Privileges.ts#L322-L323", "type": { "items": [ { @@ -137789,7 +137789,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L197-L221" + "specLocation": "security/_types/Privileges.ts#L198-L222" }, { "kind": "interface", diff --git a/output/schema/schema.json b/output/schema/schema.json index d91f05659..2a906773f 100644 --- a/output/schema/schema.json +++ b/output/schema/schema.json @@ -184266,7 +184266,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L340-L342" + "specLocation": "security/_types/Privileges.ts#L373-L375" }, { "kind": "interface", @@ -184783,7 +184783,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L336-L338" + "specLocation": "security/_types/Privileges.ts#L369-L371" }, { "kind": "enum", @@ -184896,7 +184896,7 @@ "name": "IndexPrivilege", "namespace": "security._types" }, - "specLocation": "security/_types/Privileges.ts#L292-L334" + "specLocation": "security/_types/Privileges.ts#L325-L367" }, { "kind": "interface", @@ -184975,7 +184975,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L197-L221" + "specLocation": "security/_types/Privileges.ts#L198-L222" }, { "kind": "type_alias", @@ -184989,7 +184989,7 @@ "name": "IndicesPrivilegesQuery", "namespace": "security._types" }, - "specLocation": "security/_types/Privileges.ts#L247-L255", + "specLocation": "security/_types/Privileges.ts#L280-L288", "type": { "kind": "union_of", "items": [ @@ -185039,7 +185039,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L344-L346" + "specLocation": "security/_types/Privileges.ts#L377-L379" }, { "kind": "interface", @@ -185073,6 +185073,97 @@ ], "specLocation": "security/_types/RealmInfo.ts#L22-L25" }, + { + "kind": "interface", + "name": { + "name": "RemoteIndicesPrivileges", + "namespace": "security._types" + }, + "properties": [ + { + "description": "A list of cluster aliases to which the permissions in this entry apply.", + "name": "clusters", + "required": true, + "type": { + "kind": "instance_of", + "type": { + "name": "Names", + "namespace": "_types" + } + } + }, + { + "description": "The document fields that the owners of the role have read access to.", + "docId": "field-and-document-access-control", + "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/{branch}/field-and-document-access-control.html", + "name": "field_security", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "FieldSecurity", + "namespace": "security._types" + } + } + }, + { + "description": "A list of indices (or index name patterns) to which the permissions in this entry apply.", + "name": "names", + "required": true, + "type": { + "kind": "instance_of", + "type": { + "name": "Indices", + "namespace": "_types" + } + } + }, + { + "description": "The index level privileges that owners of the role have on the specified indices.", + "name": "privileges", + "required": true, + "type": { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "IndexPrivilege", + "namespace": "security._types" + } + } + } + }, + { + "description": "A search query that defines the documents the owners of the role have access to. A document within the specified indices must match this query for it to be accessible by the owners of the role.", + "name": "query", + "required": false, + "type": { + "kind": "instance_of", + "type": { + "name": "IndicesPrivilegesQuery", + "namespace": "security._types" + } + } + }, + { + "availability": { + "stack": {} + }, + "description": "Set to `true` if using wildcard or regular expressions for patterns that cover restricted indices. Implicitly, restricted indices have limited privileges that can cause pattern tests to fail. If restricted indices are explicitly included in the `names` list, Elasticsearch checks privileges against these indices regardless of the value set for `allow_restricted_indices`.", + "name": "allow_restricted_indices", + "required": false, + "serverDefault": false, + "type": { + "kind": "instance_of", + "type": { + "name": "boolean", + "namespace": "_builtins" + } + } + } + ], + "specLocation": "security/_types/Privileges.ts#L226-L254" + }, { "kind": "interface", "name": { @@ -185563,7 +185654,7 @@ "name": "RoleTemplateInlineQuery", "namespace": "security._types" }, - "specLocation": "security/_types/Privileges.ts#L289-L290", + "specLocation": "security/_types/Privileges.ts#L322-L323", "type": { "kind": "union_of", "items": [ @@ -185606,7 +185697,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L257-L267" + "specLocation": "security/_types/Privileges.ts#L290-L300" }, { "kind": "interface", @@ -185694,7 +185785,7 @@ } ], "shortcutProperty": "source", - "specLocation": "security/_types/Privileges.ts#L269-L287" + "specLocation": "security/_types/Privileges.ts#L302-L320" }, { "kind": "enum", @@ -185905,7 +185996,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L223-L245" + "specLocation": "security/_types/Privileges.ts#L256-L278" }, { "kind": "interface", @@ -191529,6 +191620,21 @@ } } }, + { + "description": "A list of remote indices permissions entries.", + "name": "remote_indices", + "required": false, + "type": { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "RemoteIndicesPrivileges", + "namespace": "security._types" + } + } + } + }, { "description": "Optional metadata. Within the metadata object, keys that begin with an underscore (`_`) are reserved for system use.", "name": "metadata", @@ -191630,7 +191736,7 @@ } } ], - "specLocation": "security/put_role/SecurityPutRoleRequest.ts#L30-L84" + "specLocation": "security/put_role/SecurityPutRoleRequest.ts#L31-L89" }, { "kind": "response", diff --git a/output/typescript/types.ts b/output/typescript/types.ts index dc9647eab..74a914017 100644 --- a/output/typescript/types.ts +++ b/output/typescript/types.ts @@ -17474,6 +17474,15 @@ export interface SecurityRealmInfo { type: string } +export interface SecurityRemoteIndicesPrivileges { + clusters: Names + field_security?: SecurityFieldSecurity + names: Indices + privileges: SecurityIndexPrivilege[] + query?: SecurityIndicesPrivilegesQuery + allow_restricted_indices?: boolean +} + export interface SecurityRoleDescriptor { cluster?: SecurityClusterPrivilege[] indices?: SecurityIndicesPrivileges[] @@ -18149,6 +18158,7 @@ export interface SecurityPutRoleRequest extends RequestBase { cluster?: SecurityClusterPrivilege[] global?: Record indices?: SecurityIndicesPrivileges[] + remote_indices?: SecurityRemoteIndicesPrivileges[] metadata?: Metadata run_as?: string[] description?: string diff --git a/specification/security/_types/Privileges.ts b/specification/security/_types/Privileges.ts index 137bf8110..abfafbdef 100644 --- a/specification/security/_types/Privileges.ts +++ b/specification/security/_types/Privileges.ts @@ -19,7 +19,7 @@ import { Dictionary } from '@spec_utils/Dictionary' import { UserDefinedValue } from '@spec_utils/UserDefinedValue' -import { Id, Indices } from '@_types/common' +import { Id, Indices, Names } from '@_types/common' import { QueryContainer } from '@_types/query_dsl/abstractions' import { ScriptLanguage } from '@_types/Scripting' import { FieldSecurity } from './FieldSecurity' @@ -194,6 +194,7 @@ export enum ClusterPrivilege { write_fleet_secrets } +// Keep in sync with RemoteIndicesPrivileges export class IndicesPrivileges { /** * The document fields that the owners of the role have read access to. @@ -220,6 +221,37 @@ export class IndicesPrivileges { allow_restricted_indices?: boolean } +// Keep in sync with IndicesPrivileges +export class RemoteIndicesPrivileges { + /** + * A list of cluster aliases to which the permissions in this entry apply. + */ + clusters: Names + /** + * The document fields that the owners of the role have read access to. + * @doc_id field-and-document-access-control + */ + field_security?: FieldSecurity + /** + * A list of indices (or index name patterns) to which the permissions in this entry apply. + */ + names: Indices + /** + * The index level privileges that owners of the role have on the specified indices. + */ + privileges: IndexPrivilege[] + /** + * A search query that defines the documents the owners of the role have access to. A document within the specified indices must match this query for it to be accessible by the owners of the role. + */ + query?: IndicesPrivilegesQuery + /** + * Set to `true` if using wildcard or regular expressions for patterns that cover restricted indices. Implicitly, restricted indices have limited privileges that can cause pattern tests to fail. If restricted indices are explicitly included in the `names` list, Elasticsearch checks privileges against these indices regardless of the value set for `allow_restricted_indices`. + * @server_default false + * @availability stack + */ + allow_restricted_indices?: boolean +} + export class UserIndicesPrivileges { /** * The document fields that the owners of the role have read access to. diff --git a/specification/security/put_role/SecurityPutRoleRequest.ts b/specification/security/put_role/SecurityPutRoleRequest.ts index af4e3d723..bfe818361 100644 --- a/specification/security/put_role/SecurityPutRoleRequest.ts +++ b/specification/security/put_role/SecurityPutRoleRequest.ts @@ -20,7 +20,8 @@ import { ApplicationPrivileges, ClusterPrivilege, - IndicesPrivileges + IndicesPrivileges, + RemoteIndicesPrivileges } from '@security/_types/Privileges' import { Dictionary } from '@spec_utils/Dictionary' import { UserDefinedValue } from '@spec_utils/UserDefinedValue' @@ -63,6 +64,12 @@ export interface Request extends RequestBase { * A list of indices permissions entries. */ indices?: IndicesPrivileges[] + /** + * A list of remote indices permissions entries. + * @availability stack since=8.14.0 + * + */ + remote_indices?: RemoteIndicesPrivileges[] /** * Optional metadata. Within the metadata object, keys that begin with an underscore (`_`) are reserved for system use. */