[Security Solution] Create missing OpenAPI specs for Endpoint management API

[maximpn]

Epic: https://github.com/elastic/security-team/issues/9525

Deadline: Jul 29, 2024 (see milestones in https://github.com/elastic/security-team/issues/9400)

Summary

As part of the Serverless project, we need to create OpenAPI specs for all public Endpoint management API endpoints, because we want all of them documented before Serverless GA. Please look for more context in the epic.

During a Security Solution public API research we discovered that some public Endpoint management API endpoints have missing OpenAPI specs. We need to add them.

API endpoints

The following public API endpoints were discovered during research, and don't have any OpenAPI specs:

• [ ] POST /api/endpoint/protection_updates_note/{package_policy_id}
• [ ] GET /api/endpoint/protection_updates_note/{package_policy_id}

Detections and response:

• [ ] POST /api/endpoint/isolate
• [ ] POST /api/endpoint/unisolate

Note that two of the above endpoints are marked as deprecated in the code base and should be considered to be available only in ESS:

• POST /api/endpoint/isolate
• POST /api/endpoint/unisolate

 AC

• [ ] Revisit api's listed at API endpoints section and create those missing or update existing ones if needed.
• [ ] Revisit other public API's we want/need to add OpenAPI documentation for Endpoint Management related.

To do

• Create OpenAPI specs for the endpoints listed above.
• Check if there are any other public endpoints that you own that don't have OpenAPI specs and add them to the list above.
• Make sure the specs you add are valid OpenAPI documents.
• Make sure the specs you add match the actual API contract defined in the code.
• Mark the endpoints as available in ESS, or Serverless, or in both offerings (depends on: https://github.com/elastic/security-team/issues/9516).

[elasticmachine]

Pinging @elastic/security-defend-workflows (Team:Defend Workflows)

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)