Skip to content

Commit 3c429f8

Browse files
delvedordelvedor
authored
Add security prerequisites support (#717)
1 parent 41fd698 commit 3c429f8

File tree

6 files changed

+78
-1
lines changed

6 files changed

+78
-1
lines changed

compiler/model/metamodel.ts

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -366,6 +366,10 @@ export class Endpoint {
366366
visibility?: Visibility
367367
accept?: string[]
368368
contentType?: string[]
369+
securityPrerequisites?: {
370+
index?: string[]
371+
cluster?: string[]
372+
}
369373
}
370374

371375
export class UrlTemplate {

compiler/model/utils.ts

Lines changed: 28 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -544,7 +544,7 @@ export function hoistRequestAnnotations (
544544
request: model.Request, jsDocs: JSDoc[], mappings: Record<string, model.Endpoint>, response: model.TypeName | null
545545
): void {
546546
const knownRequestAnnotations = [
547-
'since', 'rest_spec_name', 'stability', 'visibility', 'behavior', 'class_serializer', 'doc_id'
547+
'since', 'rest_spec_name', 'stability', 'visibility', 'behavior', 'class_serializer', 'security_prerequisites_index', 'security_prerequisites_cluster', 'doc_id'
548548
]
549549
// in most of the cases the jsDocs comes in a single block,
550550
// but it can happen that the user defines multiple single line jsDoc.
@@ -584,6 +584,33 @@ export function hoistRequestAnnotations (
584584
} else if (tag === 'since') {
585585
assert(jsDocs, semver.valid(value), `Request ${request.name.name}'s @since is not valid semver: ${value}`)
586586
endpoint.since = value
587+
} else if (tag === 'security_prerequisites_index') {
588+
const privileges = [
589+
'all', 'auto_configure', 'create', 'create_doc', 'create_index', 'delete', 'delete_index', 'index',
590+
'maintenance', 'manage', 'manage_follow_index', 'manage_ilm', 'manage_leader_index', 'monitor',
591+
'read', 'read_cross_cluster', 'view_index_metadata', 'write'
592+
]
593+
const values = value.split(',').map(v => v.trim())
594+
for (const v of values) {
595+
assert(jsDocs, privileges.includes(v), `The index privilege '${v}' does not exists.`)
596+
}
597+
endpoint.securityPrerequisites = endpoint.securityPrerequisites ?? {}
598+
endpoint.securityPrerequisites.index = values
599+
} else if (tag === 'security_prerequisites_cluster') {
600+
const privileges = [
601+
'all', 'cancel_task', 'create_snapshot', 'grant_api_key', 'manage', 'manage_api_key', 'manage_ccr',
602+
'manage_ilm', 'manage_index_templates', 'manage_ingest_pipelines', 'manage_logstash_pipelines',
603+
'manage_ml', 'manage_oidc', 'manage_own_api_key', 'manage_pipeline', 'manage_rollup', 'manage_saml',
604+
'manage_security', 'manage_service_account', 'manage_slm', 'manage_token', 'manage_transform',
605+
'manage_watcher', 'monitor', 'monitor_ml', 'monitor_rollup', 'monitor_snapshot', 'monitor_text_structure',
606+
'monitor_transform', 'monitor_watcher', 'read_ccr', 'read_ilm', 'read_pipeline', 'read_slm', 'transport_client'
607+
]
608+
const values = value.split(',').map(v => v.trim())
609+
for (const v of values) {
610+
assert(jsDocs, privileges.includes(v), `The cluster privilege '${v}' does not exists.`)
611+
}
612+
endpoint.securityPrerequisites = endpoint.securityPrerequisites ?? {}
613+
endpoint.securityPrerequisites.cluster = values
587614
} else if (tag === 'doc_id') {
588615
assert(jsDocs, value.trim() !== '', `Request ${request.name.name}'s @doc_id is cannot be empty`)
589616
endpoint.docId = value

docs/modeling-guide.md

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -484,3 +484,35 @@ export interface Request<TDocument> extends RequestBase {
484484
body?: TDocument
485485
}
486486
```
487+
488+
#### `@security_prerequisites_index`
489+
490+
If an endpoint has some index security prerequisites to satisfy, you can specify them here with a comma separated list.
491+
492+
```ts
493+
/**
494+
* @rest_spec_name indices.create
495+
* @since 0.0.0
496+
* @stability stable
497+
* @security_prerequisites_index create_index, manage
498+
*/
499+
export interface Request extends RequestBase {
500+
...
501+
}
502+
```
503+
504+
#### `@security_prerequisites_cluster`
505+
506+
If an endpoint has some cluster security prerequisites to satisfy, you can specify them here with a comma separated list.
507+
508+
```ts
509+
/**
510+
* @rest_spec_name cluster.state
511+
* @since 1.3.0
512+
* @stability stable
513+
* @security_prerequisites_cluster monitor, manage
514+
*/
515+
export interface Request extends RequestBase {
516+
...
517+
}
518+
```

output/schema/schema.json

Lines changed: 12 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

specification/cluster/state/ClusterStateRequest.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,7 @@ import { Time } from '@_types/Time'
3030
* @rest_spec_name cluster.state
3131
* @since 1.3.0
3232
* @stability stable
33+
* @security_prerequisites_cluster monitor, manage
3334
*/
3435
export interface Request extends RequestBase {
3536
path_parts: {

specification/indices/create/IndicesCreateRequest.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,7 @@ import { Time } from '@_types/Time'
2929
* @rest_spec_name indices.create
3030
* @since 0.0.0
3131
* @stability stable
32+
* @security_prerequisites_index create_index, manage
3233
*/
3334
export interface Request extends RequestBase {
3435
path_parts: {

0 commit comments

Comments
 (0)