github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 09:19:04 -04:00
Code Issues Projects Releases Packages Wiki Activity

Authorized route migration for routes owned by @elastic/kibana-presentation (#198193)

Browse source 
### Authz API migration for authorized routes

This PR migrates `access:<privilege>` tags used in route definitions to
new security configuration.
Please refer to the documentation for more information: [Authorization
API](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization)

### **Before migration:**
Access control tags were defined in the `options` object of the route:

```ts
router.get({
  path: '/api/path',
  options: {
    tags: ['access:<privilege_1>', 'access:<privilege_2>'],
  },
  ...
}, handler);
```

### **After migration:**
Tags have been replaced with the more robust
`security.authz.requiredPrivileges` field under `security`:

```ts
router.get({
  path: '/api/path',
  security: {
    authz: {
      requiredPrivileges: ['<privilege_1>', '<privilege_2>'],
    },
  },
  ...
}, handler);
```

### What to do next?
1. Review the changes in this PR.
2. You might need to update your tests to reflect the new security
configuration:
  - If you have tests that rely on checking `access` tags.
  - If you have snapshot tests that include the route definition.
- If you have FTR tests that rely on checking unauthorized error
message. The error message changed to also include missing privileges.

## Any questions?
If you have any questions or need help with API authorization, please
reach out to the `@elastic/kibana-security` team.

Co-authored-by: James Gowdy <jgowdy@elastic.co>
This commit is contained in:
Kibana Machine 2024-11-13 22:11:07 +11:00 committed by GitHub
parent b86dc8102a
commit 05a9b26d3c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 18 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

24
x-pack/plugins/file_upload/server/routes.ts
View file

@ -109,12 +109,16 @@ export function fileUploadRoutes(coreSetup: CoreSetup<StartDeps, unknown>, logge
.post({
path: '/internal/file_upload/analyze_file',
access: 'internal',
security: {
authz: {
requiredPrivileges: ['fileUpload:analyzeFile'],
},
},
options: {
body: {
accepts: ['text/*', 'application/json'],
maxBytes: MAX_FILE_SIZE_BYTES,
},
tags: ['access:fileUpload:analyzeFile'],
},
})
.addVersion(
@ -260,8 +264,10 @@ export function fileUploadRoutes(coreSetup: CoreSetup<StartDeps, unknown>, logge
.post({
path: '/internal/file_upload/time_field_range',
access: 'internal',
options: {
tags: ['access:fileUpload:analyzeFile'],
security: {
authz: {
requiredPrivileges: ['fileUpload:analyzeFile'],
},
},
})
.addVersion(
@ -313,8 +319,10 @@ export function fileUploadRoutes(coreSetup: CoreSetup<StartDeps, unknown>, logge
.post({
path: '/internal/file_upload/preview_index_time_range',
access: 'internal',
options: {
tags: ['access:fileUpload:analyzeFile'],
security: {
authz: {
requiredPrivileges: ['fileUpload:analyzeFile'],
},
},
})
.addVersion(
@ -356,8 +364,12 @@ export function fileUploadRoutes(coreSetup: CoreSetup<StartDeps, unknown>, logge
.post({
path: '/internal/file_upload/preview_tika_contents',
access: 'internal',
security: {
authz: {
requiredPrivileges: ['fileUpload:analyzeFile'],
},
},
options: {
tags: ['access:fileUpload:analyzeFile'],
body: {
accepts: ['application/json'],
maxBytes: MAX_TIKA_FILE_SIZE_BYTES,