github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 09:48:58 -04:00
Code Issues Projects Releases Packages Wiki Activity

Unauthorized route migration for routes owned by obs-knowledge-team,obs-ux-infra_services-team (#198373)

Browse source 
### Authz API migration for unauthorized routes

This PR migrates unauthorized routes owned by your team to a new
security configuration.
Please refer to the documentation for more information: [Authorization
API](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization)

### **Before migration:**
```ts
router.get({
  path: '/api/path',
  ...
}, handler);
```

### **After migration:**
```ts
router.get({
  path: '/api/path',
  security: {
    authz: {
      enabled: false,
      reason: 'This route is opted out from authorization because ...',
    },
  },
  ...
}, handler);
```

### What to do next?
1. Review the changes in this PR.
2. Elaborate on the reasoning to opt-out of authorization.
3. Routes without a compelling reason to opt-out of authorization should
plan to introduce them as soon as possible.
2. You might need to update your tests to reflect the new security
configuration:
  - If you have snapshot tests that include the route definition.

## Any questions?
If you have any questions or need help with API authorization, please
reach out to the `@elastic/kibana-security` team.

Co-authored-by: jennypavlova <dzheni.pavlova@elastic.co>
Co-authored-by: Cauê Marcondes <55978943+cauemarcondes@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
This commit is contained in:
Kibana Machine 2024-12-17 03:09:46 +11:00 committed by GitHub
parent 64630ab11f
commit 01cd6d8dc6
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 42 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

60
x-pack/plugins/observability_solution/apm_data_access/server/lib/helpers/create_es_client/create_apm_event_client/index.test.ts
View file

@ -47,34 +47,46 @@ describe('APMEventClient', () => {
const router = createRouter('/');
let abortSignal: AbortSignal | undefined;
router.get({ path: '/', validate: false }, async (context, request, res) => {
const eventClient = new APMEventClient({
esClient: {
search: async (params: any, { signal }: { signal: AbortSignal }) => {
abortSignal = signal;
await setTimeoutPromise(3_000, undefined, {
signal: abortSignal,
});
return {};
router.get(
{
path: '/',
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
} as any,
debug: false,
request,
indices: {} as APMIndices,
options: {
includeFrozen: false,
},
});
validate: false,
},
async (context, request, res) => {
const eventClient = new APMEventClient({
esClient: {
search: async (params: any, { signal }: { signal: AbortSignal }) => {
abortSignal = signal;
await setTimeoutPromise(3_000, undefined, {
signal: abortSignal,
});
return {};
},
} as any,
debug: false,
request,
indices: {} as APMIndices,
options: {
includeFrozen: false,
},
});
await eventClient.search('foo', {
apm: {
events: [],
},
body: { size: 0, track_total_hits: false },
});
await eventClient.search('foo', {
apm: {
events: [],
},
body: { size: 0, track_total_hits: false },
});
return res.ok({ body: 'ok' });
});
return res.ok({ body: 'ok' });
}
);
await server.start();

6
x-pack/plugins/observability_solution/metrics_data_access/server/routes/metric_indices/index.ts
View file

@ -50,6 +50,12 @@ export function initMetricIndicesRoute<T extends RequestHandlerContext>({
router.get<unknown, unknown, MetricIndicesAPIResponse>(
{
path: `/api/metrics/indices`,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: false,
},
async (context, _req, res) => {