Skip to content

Add security prerequisites support #717

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Sep 16, 2021
Merged

Add security prerequisites support #717

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
bd35614
Add security prerequisites support
delvedor Sep 10, 2021
1961532
Use a comma separated list
delvedor Sep 10, 2021
8c0d671
Merge branch 'main' into feat-713
delvedor Sep 10, 2021
ba5c927
Use a nested object
delvedor Sep 10, 2021
97bb299
Merge branch 'main' into feat-713
delvedor Sep 16, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions compiler/model/metamodel.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -365,6 +365,8 @@ export class Endpoint {
visibility?: Visibility
accept?: string[]
contentType?: string[]
securityPrerequisitesIndex?: string[]
securityPrerequisitesCluster?: string[]
}

export class UrlTemplate {
Expand Down
27 changes: 26 additions & 1 deletion compiler/model/utils.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -516,7 +516,7 @@ export function hoistRequestAnnotations (
request: model.Request, jsDocs: JSDoc[], mappings: Record<string, model.Endpoint>, response: model.TypeName | null
): void {
const knownRequestAnnotations = [
'since', 'rest_spec_name', 'stability', 'visibility', 'behavior', 'class_serializer'
'since', 'rest_spec_name', 'stability', 'visibility', 'behavior', 'class_serializer', 'security_prerequisites_index', 'security_prerequisites_cluster'
]
const tags = parseJsDocTags(jsDocs)
const apiName = tags.rest_spec_name
Expand Down Expand Up @@ -547,6 +547,31 @@ export function hoistRequestAnnotations (
} else if (tag === 'since') {
assert(jsDocs, semver.valid(value), `Request ${request.name.name}'s @since is not valid semver: ${value}`)
endpoint.since = value
} else if (tag === 'security_prerequisites_index') {
const privileges = [
'all', 'auto_configure', 'create', 'create_doc', 'create_index', 'delete', 'delete_index', 'index',
'maintenance', 'manage', 'manage_follow_index', 'manage_ilm', 'manage_leader_index', 'monitor',
'read', 'read_cross_cluster', 'view_index_metadata', 'write'
]
const values = value.split(' ')
for (const v of values) {
assert(jsDocs, privileges.includes(v), `The index privilege '${v}' does not exists.`)
}
endpoint.securityPrerequisitesIndex = values
} else if (tag === 'security_prerequisites_cluster') {
const privileges = [
'all', 'cancel_task', 'create_snapshot', 'grant_api_key', 'manage', 'manage_api_key', 'manage_ccr',
'manage_ilm', 'manage_index_templates', 'manage_ingest_pipelines', 'manage_logstash_pipelines',
'manage_ml', 'manage_oidc', 'manage_own_api_key', 'manage_pipeline', 'manage_rollup', 'manage_saml',
'manage_security', 'manage_service_account', 'manage_slm', 'manage_token', 'manage_transform',
'manage_watcher', 'monitor', 'monitor_ml', 'monitor_rollup', 'monitor_snapshot', 'monitor_text_structure',
'monitor_transform', 'monitor_watcher', 'read_ccr', 'read_ilm', 'read_pipeline', 'read_slm', 'transport_client'
]
const values = value.split(' ')
for (const v of values) {
assert(jsDocs, privileges.includes(v), `The cluster privilege '${v}' does not exists.`)
}
endpoint.securityPrerequisitesCluster = values
} else {
assert(jsDocs, false, `Unhandled tag: '${tag}' with value: '${value}' on request ${request.name.name}`)
}
Expand Down
32 changes: 32 additions & 0 deletions docs/modeling-guide.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -469,3 +469,35 @@ export interface Request<TDocument> extends RequestBase {
body?: TDocument
}
```

#### `@security_prerequisites_index`

If an endpoint has some index security prerequisites to satisfy, you can specify them here.

```ts
/**
* @rest_spec_name indices.create
* @since 0.0.0
* @stability stable
* @security_prerequisites_index create_index manage
*/
export interface Request extends RequestBase {
...
}
```

#### `@security_prerequisites_cluster`

If an endpoint has some cluster security prerequisites to satisfy, you can specify them here.

```ts
/**
* @rest_spec_name cluster.state
* @since 1.3.0
* @stability stable
* @security_prerequisites_cluster monitor manage
*/
export interface Request extends RequestBase {
...
}
```
8 changes: 8 additions & 0 deletions output/schema/schema.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions specification/cluster/state/ClusterStateRequest.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ import { Time } from '@_types/Time'
* @rest_spec_name cluster.state
* @since 1.3.0
* @stability stable
* @security_prerequisites_cluster monitor manage
*/
export interface Request extends RequestBase {
path_parts: {
Expand Down
1 change: 1 addition & 0 deletions specification/indices/create/IndicesCreateRequest.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ import { Time } from '@_types/Time'
* @rest_spec_name indices.create
* @since 0.0.0
* @stability stable
* @security_prerequisites_index create_index manage
*/
export interface Request extends RequestBase {
path_parts: {
Expand Down