Skip to content

[25.3] Security report Admin API #35

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Nov 19, 2025
Merged

[25.3] Security report Admin API #35

Changes from 2 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
71fbcf6
Add security report endpoint
kbatuigas Nov 10, 2025
d04a001
Minor edit
kbatuigas Nov 10, 2025
9875f1a
Rephrase
kbatuigas Nov 12, 2025
efb1d79
Merge branch 'main' into DOC-1594-api-refernce-document-feature-secur…
JakeSCahill Nov 12, 2025
4d87019
Minor edits
kbatuigas Nov 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
238 changes: 237 additions & 1 deletion admin/admin.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -546,7 +546,54 @@ paths:
content:
application/json:
schema:
$ref: '#/components/schemas/oidc_keys_cache_invalidate_error_response'
$ref: '#/components/schemas/oidc_keys_cache_invalidate_error_response'
/v1/security/report:
get:
tags:
- Security
summary: Get security report
description: |
Get a comprehensive security report for the cluster, including information about
security configurations for all interfaces (Kafka, RPC, Admin, Schema Registry,
HTTP Proxy), authentication methods, TLS settings, and security alerts.
operationId: get_security_report
responses:
'200':
description: Security report
content:
application/json:
schema:
type: object
properties:
interfaces:
type: object
properties:
kafka:
type: array
items:
$ref: '#/components/schemas/kafka_interface_security_report'
rpc:
$ref: '#/components/schemas/rpc_interface_security_report'
admin:
type: array
items:
$ref: '#/components/schemas/admin_interface_security_report'
schema_registry:
type: array
items:
$ref: '#/components/schemas/schema_registry_interface_security_report'
schema_registry_client:
$ref: '#/components/schemas/client_security_report'
pandaproxy:
type: array
items:
$ref: '#/components/schemas/pandaproxy_interface_security_report'
audit_log_client:
$ref: '#/components/schemas/client_security_report'
alerts:
type: array
items:
$ref: '#/components/schemas/security_report_alert'
/v1/status/ready:
get:
tags:
Expand Down Expand Up @@ -6021,6 +6068,190 @@ components:
id:
type: integer
format: int32
security_report_alert:
type: object
properties:
affected_interface:
type: string
enum:
- kafka
- rpc
- admin
- schema_registry
- schema_registry_client
- pandaproxy
- audit_log_client
listener_name:
description: The listener name of the affected interface, if provided.
type: string
issue:
type: string
enum:
- NO_TLS
- NO_AUTHN
- NO_AUTHZ
- SASL_PLAIN
- PP_CONFIGURED_CLIENT
- INSECURE_MIN_TLS_VERSION
- TLS_RENEGOTIATION
description:
description: Human-readable description of the alert
type: string
required:
- issue
- description
kafka_interface_security_report:
description: Security report for Kafka interfaces
type: object
properties:
name:
type: string
host:
type: string
port:
type: integer
advertised_host:
type: string
advertised_port:
type: integer
tls_enabled:
type: boolean
mutual_tls_enabled:
type: boolean
authentication_method:
type: string
enum:
- SASL
- mTLS
- None
authorization_enabled:
type: boolean
supported_sasl_mechanisms:
type: array
items:
type: string
rpc_interface_security_report:
description: Security report for RPC interface
type: object
properties:
host:
type: string
port:
type: integer
advertised_host:
type: string
advertised_port:
type: integer
tls_enabled:
type: boolean
mutual_tls_enabled:
type: boolean
admin_interface_security_report:
description: Security report for Admin API interfaces
type: object
properties:
name:
type: string
host:
type: string
port:
type: integer
tls_enabled:
type: boolean
mutual_tls_enabled:
type: boolean
authentication_methods:
type: array
items:
type: string
enum:
- BASIC
- OIDC
authorization_enabled:
type: boolean
schema_registry_interface_security_report:
description: Security report for Schema Registry interfaces
type: object
properties:
name:
type: string
host:
type: string
port:
type: integer
tls_enabled:
type: boolean
mutual_tls_enabled:
type: boolean
authentication_methods:
type: array
items:
type: string
enum:
- BASIC
- OIDC
authorization_enabled:
type: boolean
pandaproxy_interface_security_report:
description: Security report for HTTP Proxy (pandaproxy) interfaces
type: object
properties:
name:
type: string
host:
type: string
port:
type: integer
advertised_host:
type: string
advertised_port:
type: integer
tls_enabled:
type: boolean
mutual_tls_enabled:
type: boolean
authentication_methods:
type: array
items:
type: string
enum:
- BASIC
- OIDC
authorization_enabled:
type: boolean
configured_authentication_method:
type: string
enum:
- None
- SCRAM_Configured
- SCRAM_Proxied
host_port:
type: object
properties:
host:
type: string
port:
type: integer
client_security_report:
description: Security report for Kafka client interfaces
type: object
properties:
kafka_listener_name:
type: string
brokers:
type: array
items:
$ref: '#/components/schemas/host_port'
tls_enabled:
type: boolean
mutual_tls_enabled:
type: boolean
configured_authentication_method:
type: string
enum:
- None
- SCRAM_Configured
- SCRAM_Ephemeral
tags:
- name: Authentication
description: |
Expand Down Expand Up @@ -6061,6 +6292,11 @@ tags:
Debug a Redpanda cluster.

For details about debugging in the latest version of Redpanda version, see [Cluster Diagnostics](https://docs.redpanda.com/docs/manage/cluster-maintenance/cluster-diagnostics/).
- name: Security
description: |
Security management and reporting endpoints.

Monitor security configurations and generate security reports.
- name: Services
description: Manage Redpanda services.
- name: Unstable APIs
Expand Down