[Osquery] Enables OpenAPI documentation for 5 new Osquery 9.4 API endpoints#262810
[Osquery] Enables OpenAPI documentation for 5 new Osquery 9.4 API endpoints#262810tomsonpl merged 11 commits intoelastic:mainfrom
Conversation
|
/ci |
tomsonpl
changed the title
tomsonpl
added
release_note:skip
|
Pinging @elastic/security-defend-workflows (Team:Defend Workflows) |
elastic-vault-github-plugin-prod
Bot
requested a review
from a team
as a code owner
natasha-moore-elastic
left a comment
natasha-moore-elastic
left a comment
There was a problem hiding this comment.
Left a couple of suggestions, but looks good overall!
One thing that we should add to the new endpoints is x-state to indicate the lifecycle (Generally available) and version applicability (Added in 9.4.0).
| name: id | ||
| required: true | ||
| schema: | ||
| $ref: '#/components/schemas/PackId' |
There was a problem hiding this comment.
The description of this param is The ID of the pack you want to run, retrieve, update, or delete.
Could we update it to either include ...or copy, or to be more generic like The ID of the pack you want to perform the action on.
| nullable: true | ||
| type: string | ||
| UnifiedHistoryRow: | ||
| oneOf: |
There was a problem hiding this comment.
When rendered in bump, these show as two separate tabs with the same name (object-2)
Could we do something similar to this
https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/docs/openapi/ess/security_solution_detections_api_2023_10_31.bundled.schema.yaml#L8599 so that when rendered the tabs have specific names:
| data: | ||
| edges: | ||
| - {} | ||
| - {} |
There was a problem hiding this comment.
Just checking these are supposed to be empty?
# Conflicts: # oas_docs/output/kibana.serverless.yaml # oas_docs/output/kibana.yaml # x-pack/platform/plugins/shared/osquery/docs/openapi/ess/osquery_api_2023_10_31.bundled.schema.yaml # x-pack/platform/plugins/shared/osquery/docs/openapi/serverless/osquery_api_2023_10_31.bundled.schema.yaml
|
Thanks @natasha-moore-elastic, I applied the suggestions 👍 |
elastic-vault-github-plugin-prod
Bot
requested a review
from a team
as a code owner
⏳ Build in-progress, with failures
Failed CI StepsTest Failures
History
cc @tomsonpl |
szwarckonrad
left a comment
szwarckonrad
left a comment
There was a problem hiding this comment.
LGTM, good job! Clean PR, everything looks correct. The x-labels flip, x-state annotations, parameter-level descriptions, discriminator on UnifiedHistoryRow, and the improved examples all look solid.
|
Starting backport for target branches: 9.4 https://github.com/elastic/kibana/actions/runs/24576089641 |
💔 All backports failed
Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
tomsonpl
added
backport:skip
7 participants
Summary
Enables OpenAPI documentation for the new Osquery 9.4 API endpoints introduced behind the feature flag. Now that the feature flag has been enabled in #262693, the API specs can be published to the official bundled documentation.
Changes
Enabled
x-labelsfor new endpointsx-labels: []withx-labels: [serverless, ess]on the following endpoints that were previously gated behind the feature flag:POST /api/osquery/packs/{id}/copy— Copy an osquery packPOST /api/osquery/saved_queries/{id}/copy— Copy an osquery saved queryGET /api/osquery/scheduled_results/{scheduleId}/{executionCount}— Get scheduled action resultsGET /api/osquery/scheduled_results/{scheduleId}/{executionCount}/results— Get scheduled query resultsGET /api/osquery/history— Get unified execution historyAdded parameter-level descriptions to OpenAPI schemas
descriptionfields at the parameter level (alongside the existing schema-level descriptions) forscheduled_results.schema.yamlandunified_history.schema.yaml. This ensures proper rendering in API documentation tools that read parameter-level metadata.Endpoints added to public API documentation
GET/api/osquery/historyPOST/api/osquery/packs/{id}/copyPOST/api/osquery/saved_queries/{id}/copyGET/api/osquery/scheduled_results/{scheduleId}/{executionCount}GET/api/osquery/scheduled_results/{scheduleId}/{executionCount}/resultsContext
This is the documentation counterpart to #262693 which enabled the Osquery 9.4 feature flag. The endpoints themselves were already implemented and functional; this PR makes them visible in the official Kibana OpenAPI specification so they appear in public API docs and can be consumed by API clients and tooling.
Risk Matrix
Test plan
.gen.tsfiles are consistent with the schema YAML (run code generation and confirm no diff)