naftiko: 1.0.0-alpha2 info: label: OpenSearch Security Plugin REST API — Certificates description: 'OpenSearch Security Plugin REST API — Certificates. 3 operations. Lead operation: Get SSL certificates loaded by the cluster. Self-contained Naftiko capability covering one Opensearch business surface.' tags: - Opensearch - Certificates created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: OPENSEARCH_API_KEY: OPENSEARCH_API_KEY capability: consumes: - type: http namespace: security-certificates baseUri: https://{cluster-host}:9200 description: OpenSearch Security Plugin REST API — Certificates business capability. Self-contained, no shared references. resources: - name: _plugins-_security-api-ssl-certs path: /_plugins/_security/api/ssl/certs operations: - name: getcertificates method: GET description: Get SSL certificates loaded by the cluster outputRawFormat: json outputParameters: - name: result type: object value: $. - name: _plugins-_security-api-ssl-http-reloadcerts path: /_plugins/_security/api/ssl/http/reloadcerts operations: - name: reloadhttpcerts method: PUT description: Reload HTTP-layer SSL certificates outputRawFormat: json outputParameters: - name: result type: object value: $. - name: _plugins-_security-api-ssl-transport-reloadcerts path: /_plugins/_security/api/ssl/transport/reloadcerts operations: - name: reloadtransportcerts method: PUT description: Reload transport-layer SSL certificates outputRawFormat: json outputParameters: - name: result type: object value: $. authentication: type: basic username: '{{env.OPENSEARCH_USER}}' password: '{{env.OPENSEARCH_PASS}}' exposes: - type: rest namespace: security-certificates-rest port: 8080 description: REST adapter for OpenSearch Security Plugin REST API — Certificates. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/plugins/security/api/ssl/certs name: plugins-security-api-ssl-certs description: REST surface for _plugins-_security-api-ssl-certs. operations: - method: GET name: getcertificates description: Get SSL certificates loaded by the cluster call: security-certificates.getcertificates outputParameters: - type: object mapping: $. - path: /v1/plugins/security/api/ssl/http/reloadcerts name: plugins-security-api-ssl-http-reloadcerts description: REST surface for _plugins-_security-api-ssl-http-reloadcerts. operations: - method: PUT name: reloadhttpcerts description: Reload HTTP-layer SSL certificates call: security-certificates.reloadhttpcerts outputParameters: - type: object mapping: $. - path: /v1/plugins/security/api/ssl/transport/reloadcerts name: plugins-security-api-ssl-transport-reloadcerts description: REST surface for _plugins-_security-api-ssl-transport-reloadcerts. operations: - method: PUT name: reloadtransportcerts description: Reload transport-layer SSL certificates call: security-certificates.reloadtransportcerts outputParameters: - type: object mapping: $. - type: mcp namespace: security-certificates-mcp port: 9090 transport: http description: MCP adapter for OpenSearch Security Plugin REST API — Certificates. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: get-ssl-certificates-loaded-cluster description: Get SSL certificates loaded by the cluster hints: readOnly: true destructive: false idempotent: true call: security-certificates.getcertificates outputParameters: - type: object mapping: $. - name: reload-http-layer-ssl-certificates description: Reload HTTP-layer SSL certificates hints: readOnly: false destructive: false idempotent: true call: security-certificates.reloadhttpcerts outputParameters: - type: object mapping: $. - name: reload-transport-layer-ssl-certificates description: Reload transport-layer SSL certificates hints: readOnly: false destructive: false idempotent: true call: security-certificates.reloadtransportcerts outputParameters: - type: object mapping: $.