From dd55c46bfe8334f57dfd831b56197ed3574a8a8b Mon Sep 17 00:00:00 2001 From: Quentin Pradet Date: Mon, 18 Nov 2024 10:42:16 +0400 Subject: [PATCH] Allow index name patterns in Privileges index fields (#3127) --- output/openapi/elasticsearch-openapi.json | 75 ++++++--- .../elasticsearch-serverless-openapi.json | 15 +- output/schema/schema-serverless.json | 38 +++-- output/schema/schema.json | 158 ++++++++++++------ output/typescript/types.ts | 10 +- specification/security/_types/Privileges.ts | 12 +- 6 files changed, 212 insertions(+), 96 deletions(-) diff --git a/output/openapi/elasticsearch-openapi.json b/output/openapi/elasticsearch-openapi.json index d49ea162a..4f237244e 100644 --- a/output/openapi/elasticsearch-openapi.json +++ b/output/openapi/elasticsearch-openapi.json @@ -81996,10 +81996,17 @@ }, "names": { "description": "A list of indices (or index name patterns) to which the permissions in this entry apply.", - "type": "array", - "items": { - "$ref": "#/components/schemas/_types:IndexName" - } + "oneOf": [ + { + "$ref": "#/components/schemas/_types:IndexName" + }, + { + "type": "array", + "items": { + "$ref": "#/components/schemas/_types:IndexName" + } + } + ] }, "privileges": { "description": "The index level privileges that owners of the role have on the specified indices.", @@ -82136,10 +82143,17 @@ }, "names": { "description": "A list of indices (or index name patterns) to which the permissions in this entry apply.", - "type": "array", - "items": { - "$ref": "#/components/schemas/_types:IndexName" - } + "oneOf": [ + { + "$ref": "#/components/schemas/_types:IndexName" + }, + { + "type": "array", + "items": { + "$ref": "#/components/schemas/_types:IndexName" + } + } + ] }, "privileges": { "description": "The index level privileges that owners of the role have on the specified indices.", @@ -82342,10 +82356,17 @@ "properties": { "names": { "description": "A list of indices (or index name patterns) to which the permissions in this entry apply.", - "type": "array", - "items": { - "$ref": "#/components/schemas/_types:IndexName" - } + "oneOf": [ + { + "$ref": "#/components/schemas/_types:IndexName" + }, + { + "type": "array", + "items": { + "$ref": "#/components/schemas/_types:IndexName" + } + } + ] }, "allow_restricted_indices": { "description": "This needs to be set to true if the patterns in the names field should cover system indices.", @@ -82364,10 +82385,17 @@ }, "names": { "description": "A list of indices (or index name patterns) to which the permissions in this entry apply.", - "type": "array", - "items": { - "$ref": "#/components/schemas/_types:IndexName" - } + "oneOf": [ + { + "$ref": "#/components/schemas/_types:IndexName" + }, + { + "type": "array", + "items": { + "$ref": "#/components/schemas/_types:IndexName" + } + } + ] }, "query": { "$ref": "#/components/schemas/security._types:IndicesPrivilegesQuery" @@ -82869,10 +82897,17 @@ }, "names": { "description": "A list of indices (or index name patterns) to which the permissions in this entry apply.", - "type": "array", - "items": { - "$ref": "#/components/schemas/_types:IndexName" - } + "oneOf": [ + { + "$ref": "#/components/schemas/_types:IndexName" + }, + { + "type": "array", + "items": { + "$ref": "#/components/schemas/_types:IndexName" + } + } + ] }, "privileges": { "description": "The index level privileges that owners of the role have on the specified indices.", diff --git a/output/openapi/elasticsearch-serverless-openapi.json b/output/openapi/elasticsearch-serverless-openapi.json index 261d6563c..6fbd28e68 100644 --- a/output/openapi/elasticsearch-serverless-openapi.json +++ b/output/openapi/elasticsearch-serverless-openapi.json @@ -53722,10 +53722,17 @@ }, "names": { "description": "A list of indices (or index name patterns) to which the permissions in this entry apply.", - "type": "array", - "items": { - "$ref": "#/components/schemas/_types:IndexName" - } + "oneOf": [ + { + "$ref": "#/components/schemas/_types:IndexName" + }, + { + "type": "array", + "items": { + "$ref": "#/components/schemas/_types:IndexName" + } + } + ] }, "privileges": { "description": "The index level privileges that owners of the role have on the specified indices.", diff --git a/output/schema/schema-serverless.json b/output/schema/schema-serverless.json index 3a97ce424..47a1b2cbe 100644 --- a/output/schema/schema-serverless.json +++ b/output/schema/schema-serverless.json @@ -103066,7 +103066,7 @@ "name": "IndexPrivilege", "namespace": "security._types" }, - "specLocation": "security/_types/Privileges.ts#L360-L402" + "specLocation": "security/_types/Privileges.ts#L362-L404" }, { "codegenNames": [ @@ -103080,7 +103080,7 @@ "name": "IndicesPrivilegesQuery", "namespace": "security._types" }, - "specLocation": "security/_types/Privileges.ts#L315-L323", + "specLocation": "security/_types/Privileges.ts#L317-L325", "type": { "items": [ { @@ -103130,7 +103130,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L325-L335" + "specLocation": "security/_types/Privileges.ts#L327-L337" }, { "kind": "interface", @@ -103218,7 +103218,7 @@ } ], "shortcutProperty": "source", - "specLocation": "security/_types/Privileges.ts#L337-L355" + "specLocation": "security/_types/Privileges.ts#L339-L357" }, { "codegenNames": [ @@ -103230,7 +103230,7 @@ "name": "RoleTemplateInlineQuery", "namespace": "security._types" }, - "specLocation": "security/_types/Privileges.ts#L357-L358", + "specLocation": "security/_types/Privileges.ts#L359-L360", "type": { "items": [ { @@ -139723,14 +139723,26 @@ "name": "names", "required": true, "type": { - "kind": "array_of", - "value": { - "kind": "instance_of", - "type": { - "name": "IndexName", - "namespace": "_types" + "items": [ + { + "kind": "instance_of", + "type": { + "name": "IndexName", + "namespace": "_types" + } + }, + { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "IndexName", + "namespace": "_types" + } + } } - } + ], + "kind": "union_of" } }, { @@ -139761,7 +139773,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L217-L241" + "specLocation": "security/_types/Privileges.ts#L217-L243" }, { "kind": "interface", diff --git a/output/schema/schema.json b/output/schema/schema.json index 265ae8f9c..48d79175c 100644 --- a/output/schema/schema.json +++ b/output/schema/schema.json @@ -187162,7 +187162,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L408-L410" + "specLocation": "security/_types/Privileges.ts#L410-L412" }, { "kind": "interface", @@ -187687,7 +187687,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L404-L406" + "specLocation": "security/_types/Privileges.ts#L406-L408" }, { "kind": "enum", @@ -187800,7 +187800,7 @@ "name": "IndexPrivilege", "namespace": "security._types" }, - "specLocation": "security/_types/Privileges.ts#L360-L402" + "specLocation": "security/_types/Privileges.ts#L362-L404" }, { "kind": "interface", @@ -187828,14 +187828,26 @@ "name": "names", "required": true, "type": { - "kind": "array_of", - "value": { - "kind": "instance_of", - "type": { - "name": "IndexName", - "namespace": "_types" + "kind": "union_of", + "items": [ + { + "kind": "instance_of", + "type": { + "name": "IndexName", + "namespace": "_types" + } + }, + { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "IndexName", + "namespace": "_types" + } + } } - } + ] } }, { @@ -187882,7 +187894,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L217-L241" + "specLocation": "security/_types/Privileges.ts#L217-L243" }, { "kind": "type_alias", @@ -187896,7 +187908,7 @@ "name": "IndicesPrivilegesQuery", "namespace": "security._types" }, - "specLocation": "security/_types/Privileges.ts#L315-L323", + "specLocation": "security/_types/Privileges.ts#L317-L325", "type": { "kind": "union_of", "items": [ @@ -187946,7 +187958,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L412-L414" + "specLocation": "security/_types/Privileges.ts#L414-L416" }, { "kind": "interface", @@ -188042,7 +188054,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L277-L289" + "specLocation": "security/_types/Privileges.ts#L279-L291" }, { "kind": "interface", @@ -188083,14 +188095,26 @@ "name": "names", "required": true, "type": { - "kind": "array_of", - "value": { - "kind": "instance_of", - "type": { - "name": "IndexName", - "namespace": "_types" + "kind": "union_of", + "items": [ + { + "kind": "instance_of", + "type": { + "name": "IndexName", + "namespace": "_types" + } + }, + { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "IndexName", + "namespace": "_types" + } + } } - } + ] } }, { @@ -188137,7 +188161,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L243-L275" + "specLocation": "security/_types/Privileges.ts#L245-L277" }, { "kind": "interface", @@ -188151,14 +188175,26 @@ "name": "names", "required": true, "type": { - "kind": "array_of", - "value": { - "kind": "instance_of", - "type": { - "name": "IndexName", - "namespace": "_types" + "kind": "union_of", + "items": [ + { + "kind": "instance_of", + "type": { + "name": "IndexName", + "namespace": "_types" + } + }, + { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "IndexName", + "namespace": "_types" + } + } } - } + ] } }, { @@ -188175,7 +188211,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L416-L426" + "specLocation": "security/_types/Privileges.ts#L418-L428" }, { "kind": "interface", @@ -188747,7 +188783,7 @@ "name": "RoleTemplateInlineQuery", "namespace": "security._types" }, - "specLocation": "security/_types/Privileges.ts#L357-L358", + "specLocation": "security/_types/Privileges.ts#L359-L360", "type": { "kind": "union_of", "items": [ @@ -188790,7 +188826,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L325-L335" + "specLocation": "security/_types/Privileges.ts#L327-L337" }, { "kind": "interface", @@ -188878,7 +188914,7 @@ } ], "shortcutProperty": "source", - "specLocation": "security/_types/Privileges.ts#L337-L355" + "specLocation": "security/_types/Privileges.ts#L339-L357" }, { "kind": "interface", @@ -188906,14 +188942,26 @@ "name": "names", "required": true, "type": { - "kind": "array_of", - "value": { - "kind": "instance_of", - "type": { - "name": "IndexName", - "namespace": "_types" + "kind": "union_of", + "items": [ + { + "kind": "instance_of", + "type": { + "name": "IndexName", + "namespace": "_types" + } + }, + { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "IndexName", + "namespace": "_types" + } + } } - } + ] } }, { @@ -188945,7 +188993,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L428-L448" + "specLocation": "security/_types/Privileges.ts#L430-L450" }, { "kind": "enum", @@ -189106,14 +189154,26 @@ "name": "names", "required": true, "type": { - "kind": "array_of", - "value": { - "kind": "instance_of", - "type": { - "name": "IndexName", - "namespace": "_types" + "kind": "union_of", + "items": [ + { + "kind": "instance_of", + "type": { + "name": "IndexName", + "namespace": "_types" + } + }, + { + "kind": "array_of", + "value": { + "kind": "instance_of", + "type": { + "name": "IndexName", + "namespace": "_types" + } + } } - } + ] } }, { @@ -189159,7 +189219,7 @@ } } ], - "specLocation": "security/_types/Privileges.ts#L291-L313" + "specLocation": "security/_types/Privileges.ts#L293-L315" }, { "kind": "interface", diff --git a/output/typescript/types.ts b/output/typescript/types.ts index 1d952fa3a..0b40137e2 100644 --- a/output/typescript/types.ts +++ b/output/typescript/types.ts @@ -17668,7 +17668,7 @@ export type SecurityIndexPrivilege = 'all' | 'auto_configure' | 'create' | 'crea export interface SecurityIndicesPrivileges { field_security?: SecurityFieldSecurity - names: IndexName[] + names: IndexName | IndexName[] privileges: SecurityIndexPrivilege[] query?: SecurityIndicesPrivilegesQuery allow_restricted_indices?: boolean @@ -17695,14 +17695,14 @@ export interface SecurityRemoteClusterPrivileges { export interface SecurityRemoteIndicesPrivileges { clusters: Names field_security?: SecurityFieldSecurity - names: IndexName[] + names: IndexName | IndexName[] privileges: SecurityIndexPrivilege[] query?: SecurityIndicesPrivilegesQuery allow_restricted_indices?: boolean } export interface SecurityReplicationAccess { - names: IndexName[] + names: IndexName | IndexName[] allow_restricted_indices?: boolean } @@ -17770,7 +17770,7 @@ export interface SecurityRoleTemplateScript { export interface SecuritySearchAccess { field_security?: SecurityFieldSecurity - names: IndexName[] + names: IndexName | IndexName[] query?: SecurityIndicesPrivilegesQuery allow_restricted_indices?: boolean } @@ -17789,7 +17789,7 @@ export interface SecurityUser { export interface SecurityUserIndicesPrivileges { field_security?: SecurityFieldSecurity[] - names: IndexName[] + names: IndexName | IndexName[] privileges: SecurityIndexPrivilege[] query?: SecurityIndicesPrivilegesQuery[] allow_restricted_indices: boolean diff --git a/specification/security/_types/Privileges.ts b/specification/security/_types/Privileges.ts index b7ee5bcf8..6836f8494 100644 --- a/specification/security/_types/Privileges.ts +++ b/specification/security/_types/Privileges.ts @@ -220,10 +220,12 @@ export class IndicesPrivileges { * @doc_id field-and-document-access-control */ field_security?: FieldSecurity + // We're using IndexName | IndexName[] instead of Indices in this file on purpose: + // https://github.com/elastic/elasticsearch-specification/pull/3127 /** * A list of indices (or index name patterns) to which the permissions in this entry apply. */ - names: IndexName[] + names: IndexName | IndexName[] /** * The index level privileges that owners of the role have on the specified indices. */ @@ -257,7 +259,7 @@ export class RemoteIndicesPrivileges { /** * A list of indices (or index name patterns) to which the permissions in this entry apply. */ - names: IndexName[] + names: IndexName | IndexName[] /** * The index level privileges that owners of the role have on the specified indices. */ @@ -297,7 +299,7 @@ export class UserIndicesPrivileges { /** * A list of indices (or index name patterns) to which the permissions in this entry apply. */ - names: IndexName[] + names: IndexName | IndexName[] /** * The index level privileges that owners of the role have on the specified indices. */ @@ -417,7 +419,7 @@ export class ReplicationAccess { /** * A list of indices (or index name patterns) to which the permissions in this entry apply. */ - names: IndexName[] + names: IndexName | IndexName[] /** * This needs to be set to true if the patterns in the names field should cover system indices. * @server_default false @@ -434,7 +436,7 @@ export class SearchAccess { /** * A list of indices (or index name patterns) to which the permissions in this entry apply. */ - names: IndexName[] + names: IndexName | IndexName[] /** * A search query that defines the documents the owners of the role have access to. A document within the specified indices must match this query for it to be accessible by the owners of the role. */