forked from elastic/kibana
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[8.x] Authorized route migration for routes owned by security-entity-…
…analytics (elastic#198385) (elastic#199114) # Backport This will backport the following commits from `main` to `8.x`: - [Authorized route migration for routes owned by security-entity-analytics (elastic#198385)](elastic#198385) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Kibana Machine","email":"42973632+kibanamachine@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-11-06T12:09:41Z","message":"Authorized route migration for routes owned by security-entity-analytics (elastic#198385)\n\n### Authz API migration for authorized routes\r\n\r\nThis PR migrates `access:<privilege>` tags used in route definitions to\r\nnew security configuration.\r\nPlease refer to the documentation for more information: [Authorization\r\nAPI](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization)\r\n\r\n### **Before migration:**\r\nAccess control tags were defined in the `options` object of the route:\r\n\r\n```ts\r\nrouter.get({\r\n path: '/api/path',\r\n options: {\r\n tags: ['access:<privilege_1>', 'access:<privilege_2>'],\r\n },\r\n ...\r\n}, handler);\r\n```\r\n\r\n### **After migration:**\r\nTags have been replaced with the more robust\r\n`security.authz.requiredPrivileges` field under `security`:\r\n\r\n```ts\r\nrouter.get({\r\n path: '/api/path',\r\n security: {\r\n authz: {\r\n requiredPrivileges: ['<privilege_1>', '<privilege_2>'],\r\n },\r\n },\r\n ...\r\n}, handler);\r\n```\r\n\r\n### What to do next?\r\n1. Review the changes in this PR.\r\n2. You might need to update your tests to reflect the new security\r\nconfiguration:\r\n - If you have tests that rely on checking `access` tags.\r\n - If you have snapshot tests that include the route definition.\r\n- If you have FTR tests that rely on checking unauthorized error\r\nmessage. The error message changed to also include missing privileges.\r\n\r\n## Any questions?\r\nIf you have any questions or need help with API authorization, please\r\nreach out to the `@elastic/kibana-security` team.\r\n\r\nCo-authored-by: Pablo Machado <pablo.nevesmachado@elastic.co>","sha":"0e99a779e29946377123071dfcf61e14c21300d9","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["enhancement","release_note:skip","Feature:Security/Authorization","v9.0.0","backport:prev-minor","Team:Entity Analytics","Authz: API migration"],"title":"Authorized route migration for routes owned by security-entity-analytics","number":198385,"url":"https://github.com/elastic/kibana/pull/198385","mergeCommit":{"message":"Authorized route migration for routes owned by security-entity-analytics (elastic#198385)\n\n### Authz API migration for authorized routes\r\n\r\nThis PR migrates `access:<privilege>` tags used in route definitions to\r\nnew security configuration.\r\nPlease refer to the documentation for more information: [Authorization\r\nAPI](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization)\r\n\r\n### **Before migration:**\r\nAccess control tags were defined in the `options` object of the route:\r\n\r\n```ts\r\nrouter.get({\r\n path: '/api/path',\r\n options: {\r\n tags: ['access:<privilege_1>', 'access:<privilege_2>'],\r\n },\r\n ...\r\n}, handler);\r\n```\r\n\r\n### **After migration:**\r\nTags have been replaced with the more robust\r\n`security.authz.requiredPrivileges` field under `security`:\r\n\r\n```ts\r\nrouter.get({\r\n path: '/api/path',\r\n security: {\r\n authz: {\r\n requiredPrivileges: ['<privilege_1>', '<privilege_2>'],\r\n },\r\n },\r\n ...\r\n}, handler);\r\n```\r\n\r\n### What to do next?\r\n1. Review the changes in this PR.\r\n2. You might need to update your tests to reflect the new security\r\nconfiguration:\r\n - If you have tests that rely on checking `access` tags.\r\n - If you have snapshot tests that include the route definition.\r\n- If you have FTR tests that rely on checking unauthorized error\r\nmessage. The error message changed to also include missing privileges.\r\n\r\n## Any questions?\r\nIf you have any questions or need help with API authorization, please\r\nreach out to the `@elastic/kibana-security` team.\r\n\r\nCo-authored-by: Pablo Machado <pablo.nevesmachado@elastic.co>","sha":"0e99a779e29946377123071dfcf61e14c21300d9"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/198385","number":198385,"mergeCommit":{"message":"Authorized route migration for routes owned by security-entity-analytics (elastic#198385)\n\n### Authz API migration for authorized routes\r\n\r\nThis PR migrates `access:<privilege>` tags used in route definitions to\r\nnew security configuration.\r\nPlease refer to the documentation for more information: [Authorization\r\nAPI](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization)\r\n\r\n### **Before migration:**\r\nAccess control tags were defined in the `options` object of the route:\r\n\r\n```ts\r\nrouter.get({\r\n path: '/api/path',\r\n options: {\r\n tags: ['access:<privilege_1>', 'access:<privilege_2>'],\r\n },\r\n ...\r\n}, handler);\r\n```\r\n\r\n### **After migration:**\r\nTags have been replaced with the more robust\r\n`security.authz.requiredPrivileges` field under `security`:\r\n\r\n```ts\r\nrouter.get({\r\n path: '/api/path',\r\n security: {\r\n authz: {\r\n requiredPrivileges: ['<privilege_1>', '<privilege_2>'],\r\n },\r\n },\r\n ...\r\n}, handler);\r\n```\r\n\r\n### What to do next?\r\n1. Review the changes in this PR.\r\n2. You might need to update your tests to reflect the new security\r\nconfiguration:\r\n - If you have tests that rely on checking `access` tags.\r\n - If you have snapshot tests that include the route definition.\r\n- If you have FTR tests that rely on checking unauthorized error\r\nmessage. The error message changed to also include missing privileges.\r\n\r\n## Any questions?\r\nIf you have any questions or need help with API authorization, please\r\nreach out to the `@elastic/kibana-security` team.\r\n\r\nCo-authored-by: Pablo Machado <pablo.nevesmachado@elastic.co>","sha":"0e99a779e29946377123071dfcf61e14c21300d9"}}]}] BACKPORT-->
- Loading branch information
1 parent
0179684
commit 99174de
Showing
36 changed files
with
149 additions
and
73 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.