From d7842364338c3bb2a2ebef68d677d77a8f060c20 Mon Sep 17 00:00:00 2001
From: Lisa Cawley <lcawley@elastic.co>
Date: Wed, 23 Oct 2024 09:10:31 -0700
Subject: [PATCH] [OpenAPI] Edit SSL certificate API (#3056)

(cherry picked from commit e46f57185b918c1d540b11daec587b0da55cd037)
---
 .../elasticsearch-shared-overlays.yaml         |  2 --
 output/openapi/elasticsearch-openapi.json      |  5 +++--
 output/schema/schema.json                      |  7 ++++---
 .../ssl/certificates/GetCertificatesRequest.ts | 18 ++++++++++++++++++
 4 files changed, 25 insertions(+), 7 deletions(-)

diff --git a/docs/overlays/elasticsearch-shared-overlays.yaml b/docs/overlays/elasticsearch-shared-overlays.yaml
index 30824c5dd6..cd7feb4a0d 100644
--- a/docs/overlays/elasticsearch-shared-overlays.yaml
+++ b/docs/overlays/elasticsearch-shared-overlays.yaml
@@ -193,8 +193,6 @@ actions:
           x-displayName: Searchable snapshots
         - name: security
           x-displayName: Security
-        - name: ssl
-          x-displayName: Security - SSL
         - name: snapshot
           x-displayName: Snapshot and restore
           description: >
diff --git a/output/openapi/elasticsearch-openapi.json b/output/openapi/elasticsearch-openapi.json
index 0e44dfd86d..fe5b866b26 100644
--- a/output/openapi/elasticsearch-openapi.json
+++ b/output/openapi/elasticsearch-openapi.json
@@ -32073,9 +32073,10 @@
     "/_ssl/certificates": {
       "get": {
         "tags": [
-          "ssl"
+          "security"
         ],
-        "summary": "Retrieves information about the X.509 certificates used to encrypt communications in the cluster",
+        "summary": "Get SSL certificates",
+        "description": "Get information about the X.509 certificates that are used to encrypt communications in the cluster.\nThe API returns a list that includes certificates from all TLS contexts including:\n\n- Settings for transport and HTTP interfaces\n- TLS settings that are used within authentication realms\n- TLS settings for remote monitoring exporters\n\nThe list includes certificates that are used for configuring trust, such as those configured in the `xpack.security.transport.ssl.truststore` and `xpack.security.transport.ssl.certificate_authorities` settings.\nIt also includes certificates that are used for configuring server identity, such as `xpack.security.http.ssl.keystore` and `xpack.security.http.ssl.certificate settings`.\n\nThe list does not include certificates that are sourced from the default SSL context of the Java Runtime Environment (JRE), even if those certificates are in use within Elasticsearch.\n\nNOTE: When a PKCS#11 token is configured as the truststore of the JRE, the API returns all the certificates that are included in the PKCS#11 token irrespective of whether these are used in the Elasticsearch TLS configuration.\n\nIf Elasticsearch is configured to use a keystore or truststore, the API output includes all certificates in that store, even though some of the certificates might not be in active use within the cluster.",
         "operationId": "ssl-certificates",
         "responses": {
           "200": {
diff --git a/output/schema/schema.json b/output/schema/schema.json
index eef0be4cae..90d2f3cebf 100644
--- a/output/schema/schema.json
+++ b/output/schema/schema.json
@@ -18540,7 +18540,8 @@
           "stability": "stable"
         }
       },
-      "description": "Retrieves information about the X.509 certificates used to encrypt communications in the cluster.",
+      "description": "Get SSL certificates.\n\nGet information about the X.509 certificates that are used to encrypt communications in the cluster.\nThe API returns a list that includes certificates from all TLS contexts including:\n\n- Settings for transport and HTTP interfaces\n- TLS settings that are used within authentication realms\n- TLS settings for remote monitoring exporters\n\nThe list includes certificates that are used for configuring trust, such as those configured in the `xpack.security.transport.ssl.truststore` and `xpack.security.transport.ssl.certificate_authorities` settings.\nIt also includes certificates that are used for configuring server identity, such as `xpack.security.http.ssl.keystore` and `xpack.security.http.ssl.certificate settings`.\n\nThe list does not include certificates that are sourced from the default SSL context of the Java Runtime Environment (JRE), even if those certificates are in use within Elasticsearch.\n\nNOTE: When a PKCS#11 token is configured as the truststore of the JRE, the API returns all the certificates that are included in the PKCS#11 token irrespective of whether these are used in the Elasticsearch TLS configuration.\n\nIf Elasticsearch is configured to use a keystore or truststore, the API output includes all certificates in that store, even though some of the certificates might not be in active use within the cluster.",
+      "docTag": "security",
       "docUrl": "https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-ssl.html",
       "name": "ssl.certificates",
       "request": {
@@ -203365,7 +203366,7 @@
       "body": {
         "kind": "no_body"
       },
-      "description": "Retrieves information about the X.509 certificates used to encrypt communications in the cluster.",
+      "description": "Get SSL certificates.\n\nGet information about the X.509 certificates that are used to encrypt communications in the cluster.\nThe API returns a list that includes certificates from all TLS contexts including:\n\n- Settings for transport and HTTP interfaces\n- TLS settings that are used within authentication realms\n- TLS settings for remote monitoring exporters\n\nThe list includes certificates that are used for configuring trust, such as those configured in the `xpack.security.transport.ssl.truststore` and `xpack.security.transport.ssl.certificate_authorities` settings.\nIt also includes certificates that are used for configuring server identity, such as `xpack.security.http.ssl.keystore` and `xpack.security.http.ssl.certificate settings`.\n\nThe list does not include certificates that are sourced from the default SSL context of the Java Runtime Environment (JRE), even if those certificates are in use within Elasticsearch.\n\nNOTE: When a PKCS#11 token is configured as the truststore of the JRE, the API returns all the certificates that are included in the PKCS#11 token irrespective of whether these are used in the Elasticsearch TLS configuration.\n\nIf Elasticsearch is configured to use a keystore or truststore, the API output includes all certificates in that store, even though some of the certificates might not be in active use within the cluster.",
       "inherits": {
         "type": {
           "name": "RequestBase",
@@ -203378,7 +203379,7 @@
       },
       "path": [],
       "query": [],
-      "specLocation": "ssl/certificates/GetCertificatesRequest.ts#L22-L27"
+      "specLocation": "ssl/certificates/GetCertificatesRequest.ts#L22-L45"
     },
     {
       "kind": "response",
diff --git a/specification/ssl/certificates/GetCertificatesRequest.ts b/specification/ssl/certificates/GetCertificatesRequest.ts
index 68d1cfd311..f3bf4898c7 100644
--- a/specification/ssl/certificates/GetCertificatesRequest.ts
+++ b/specification/ssl/certificates/GetCertificatesRequest.ts
@@ -20,8 +20,26 @@
 import { RequestBase } from '@_types/Base'
 
 /**
+ * Get SSL certificates.
+ *
+ * Get information about the X.509 certificates that are used to encrypt communications in the cluster.
+ * The API returns a list that includes certificates from all TLS contexts including:
+ *
+ * - Settings for transport and HTTP interfaces
+ * - TLS settings that are used within authentication realms
+ * - TLS settings for remote monitoring exporters
+ *
+ * The list includes certificates that are used for configuring trust, such as those configured in the `xpack.security.transport.ssl.truststore` and `xpack.security.transport.ssl.certificate_authorities` settings.
+ * It also includes certificates that are used for configuring server identity, such as `xpack.security.http.ssl.keystore` and `xpack.security.http.ssl.certificate settings`.
+ *
+ * The list does not include certificates that are sourced from the default SSL context of the Java Runtime Environment (JRE), even if those certificates are in use within Elasticsearch.
+ *
+ * NOTE: When a PKCS#11 token is configured as the truststore of the JRE, the API returns all the certificates that are included in the PKCS#11 token irrespective of whether these are used in the Elasticsearch TLS configuration.
+ *
+ * If Elasticsearch is configured to use a keystore or truststore, the API output includes all certificates in that store, even though some of the certificates might not be in active use within the cluster.
  * @rest_spec_name ssl.certificates
  * @availability stack since=6.2.0 stability=stable
  * @availability serverless stability=stable visibility=private
+ * @doc_tag security
  */
 export interface Request extends RequestBase {}