From 67bbfbb290c8cf7f7ee3bb39d6dc9cf6310a2d60 Mon Sep 17 00:00:00 2001
From: David Sanchez Soler <david.sanchezsoler@elastic.co>
Date: Tue, 2 May 2023 14:43:34 +0200
Subject: [PATCH] Removes messageSigningService api definition from openApi
 spec and updates error message when no acknowledge param

---
 .../plugins/fleet/common/openapi/bundled.json | 40 -------------------
 .../plugins/fleet/common/openapi/bundled.yaml | 27 -------------
 .../fleet/common/openapi/entrypoint.yaml      |  4 --
 ...ssage_signing_service@rotate_key_pair.yaml | 24 -----------
 .../rest_spec/message_signing_service.test.ts | 10 ++---
 .../rest_spec/message_signing_service.ts      |  6 +--
 6 files changed, 6 insertions(+), 105 deletions(-)
 delete mode 100644 x-pack/plugins/fleet/common/openapi/paths/message_signing_service@rotate_key_pair.yaml

diff --git a/x-pack/plugins/fleet/common/openapi/bundled.json b/x-pack/plugins/fleet/common/openapi/bundled.json
index 6e7c9d8606955d..90e0459cb2e54c 100644
--- a/x-pack/plugins/fleet/common/openapi/bundled.json
+++ b/x-pack/plugins/fleet/common/openapi/bundled.json
@@ -3402,46 +3402,6 @@
       },
       "parameters": []
     },
-    "/message_signing_service/rotate_key_pair": {
-      "post": {
-        "summary": "Rotate key pair",
-        "tags": [
-          "Message Signing Service"
-        ],
-        "operationId": "rotate-key-pair",
-        "parameters": [
-          {
-            "schema": {
-              "type": "boolean"
-            },
-            "in": "query",
-            "name": "acknowledge",
-            "required": true,
-            "description": "When set to true, rotate key pair is done. If set to false or missing, it returns an error."
-          }
-        ],
-        "responses": {
-          "200": {
-            "description": "OK",
-            "content": {
-              "application/json": {
-                "schema": {
-                  "type": "object",
-                  "properties": {
-                    "message": {
-                      "type": "string"
-                    }
-                  }
-                }
-              }
-            }
-          },
-          "400": {
-            "$ref": "#/components/responses/error"
-          }
-        }
-      }
-    },
     "/data_streams": {
       "get": {
         "summary": "List data streams",
diff --git a/x-pack/plugins/fleet/common/openapi/bundled.yaml b/x-pack/plugins/fleet/common/openapi/bundled.yaml
index a62444586efeb5..e50525db886d0a 100644
--- a/x-pack/plugins/fleet/common/openapi/bundled.yaml
+++ b/x-pack/plugins/fleet/common/openapi/bundled.yaml
@@ -2113,33 +2113,6 @@ paths:
       parameters:
         - $ref: '#/components/parameters/kbn_xsrf'
     parameters: []
-  /message_signing_service/rotate_key_pair:
-    post:
-      summary: Rotate key pair
-      tags:
-        - Message Signing Service
-      operationId: rotate-key-pair
-      parameters:
-        - schema:
-            type: boolean
-          in: query
-          name: acknowledge
-          required: true
-          description: >-
-            When set to true, rotate key pair is done. If set to false or
-            missing, it returns an error.
-      responses:
-        '200':
-          description: OK
-          content:
-            application/json:
-              schema:
-                type: object
-                properties:
-                  message:
-                    type: string
-        '400':
-          $ref: '#/components/responses/error'
   /data_streams:
     get:
       summary: List data streams
diff --git a/x-pack/plugins/fleet/common/openapi/entrypoint.yaml b/x-pack/plugins/fleet/common/openapi/entrypoint.yaml
index ee95d9899a5709..ca9d1cd3c8e19a 100644
--- a/x-pack/plugins/fleet/common/openapi/entrypoint.yaml
+++ b/x-pack/plugins/fleet/common/openapi/entrypoint.yaml
@@ -105,10 +105,6 @@ paths:
   /agent_policies/delete:
     $ref: paths/agent_policies@delete.yaml
 
-  # Message signing service
-  /message_signing_service/rotate_key_pair:
-   $ref: paths/message_signing_service@rotate_key_pair.yaml
-
   # Data streams endpoints
   /data_streams:
     $ref: paths/data_streams.yaml
diff --git a/x-pack/plugins/fleet/common/openapi/paths/message_signing_service@rotate_key_pair.yaml b/x-pack/plugins/fleet/common/openapi/paths/message_signing_service@rotate_key_pair.yaml
deleted file mode 100644
index 477967d3cb2b1b..00000000000000
--- a/x-pack/plugins/fleet/common/openapi/paths/message_signing_service@rotate_key_pair.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-post:
-  summary: Rotate key pair
-  tags:
-    - Message Signing Service
-  operationId: rotate-key-pair
-  parameters:
-    - schema:
-        type: boolean
-      in: query
-      name: acknowledge
-      required: true
-      description: When set to true, rotate key pair is done. If set to false or missing, it returns an error.
-  responses:
-    '200':
-      description: OK
-      content:
-        application/json:
-          schema:
-            type: object
-            properties:
-              message:
-                type: string
-    '400':
-      $ref: ../components/responses/error.yaml
\ No newline at end of file
diff --git a/x-pack/plugins/fleet/server/types/rest_spec/message_signing_service.test.ts b/x-pack/plugins/fleet/server/types/rest_spec/message_signing_service.test.ts
index fa1f34164ea998..cc06bd5acae5ec 100644
--- a/x-pack/plugins/fleet/server/types/rest_spec/message_signing_service.test.ts
+++ b/x-pack/plugins/fleet/server/types/rest_spec/message_signing_service.test.ts
@@ -5,7 +5,7 @@
  * 2.0.
  */
 
-import { RotateKeyPairSchema } from './message_signing_service';
+import { errorMessage, RotateKeyPairSchema } from './message_signing_service';
 
 describe('RotateKeyPairSchema', () => {
   it('should throw on `false` values for acknowledge', () => {
@@ -13,15 +13,11 @@ describe('RotateKeyPairSchema', () => {
       RotateKeyPairSchema.query.validate({
         acknowledge: false,
       })
-    ).toThrowError(
-      'You must acknowledge the risks of rotating the key pair with acknowledge=true in the request parameters.'
-    );
+    ).toThrowError(errorMessage);
   });
 
   it('should allow without any query', () => {
-    expect(() => RotateKeyPairSchema.query.validate({})).toThrowError(
-      'You must acknowledge the risks of rotating the key pair with acknowledge=true in the request parameters.'
-    );
+    expect(() => RotateKeyPairSchema.query.validate({})).toThrowError(errorMessage);
   });
 
   it.each([1, 'string'])('should not allow non-boolean `%s` values for acknowledge', (value) => {
diff --git a/x-pack/plugins/fleet/server/types/rest_spec/message_signing_service.ts b/x-pack/plugins/fleet/server/types/rest_spec/message_signing_service.ts
index d6037748e4682f..e643fd0505618e 100644
--- a/x-pack/plugins/fleet/server/types/rest_spec/message_signing_service.ts
+++ b/x-pack/plugins/fleet/server/types/rest_spec/message_signing_service.ts
@@ -7,6 +7,8 @@
 
 import { schema } from '@kbn/config-schema';
 
+export const errorMessage =
+  'Warning: this API will cause a key pair to rotate and should not be necessary in normal operation.  If you proceed, you may need to reinstall Agents in your network. You must acknowledge the risks of rotating the key pair with acknowledge=true in the request parameters.  For more information, reach out to your administrator.';
 export const RotateKeyPairSchema = {
   query: schema.maybe(
     schema.object(
@@ -19,9 +21,7 @@ export const RotateKeyPairSchema = {
         defaultValue: { acknowledge: false },
         validate: (value: { acknowledge: boolean }) => {
           if (!value || !value.acknowledge) {
-            throw new Error(
-              'You must acknowledge the risks of rotating the key pair with acknowledge=true in the request parameters.'
-            );
+            throw new Error(errorMessage);
           }
         },
       }