mirror of
https://github.com/elastic/kibana.git
synced 2025-04-24 09:48:58 -04:00
[8.x] Unauthorized route migration for routes owned by security-service-integrations (#198376) (#199566)
# Backport This will backport the following commits from `main` to `8.x`: - [Unauthorized route migration for routes owned by security-service-integrations (#198376)](https://github.com/elastic/kibana/pull/198376) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Kibana Machine","email":"42973632+kibanamachine@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-11-08T22:20:09Z","message":"Unauthorized route migration for routes owned by security-service-integrations (#198376)\n\n### Authz API migration for unauthorized routes\r\n\r\nThis PR migrates unauthorized routes owned by your team to a new\r\nsecurity configuration.\r\nPlease refer to the documentation for more information: [Authorization\r\nAPI](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization)\r\n\r\n### **Before migration:**\r\n```ts\r\nrouter.get({\r\n path: '/api/path',\r\n ...\r\n}, handler);\r\n```\r\n\r\n### **After migration:**\r\n```ts\r\nrouter.get({\r\n path: '/api/path',\r\n security: {\r\n authz: {\r\n enabled: false,\r\n reason: 'This route is opted out from authorization because ...',\r\n },\r\n },\r\n ...\r\n}, handler);\r\n```\r\n\r\n### What to do next?\r\n1. Review the changes in this PR.\r\n2. Elaborate on the reasoning to opt-out of authorization.\r\n3. Routes without a compelling reason to opt-out of authorization should\r\nplan to introduce them as soon as possible.\r\n2. You might need to update your tests to reflect the new security\r\nconfiguration:\r\n - If you have snapshot tests that include the route definition.\r\n\r\n## Any questions?\r\nIf you have any questions or need help with API authorization, please\r\nreach out to the `@elastic/kibana-security` team.\r\n\r\n---------\r\n\r\nCo-authored-by: Kylie Meli <kylie.geller@elastic.co>","sha":"ae15c54d18fd3d271d0e621556869df35e30dfb6","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["enhancement","release_note:skip","Feature:Security/Authorization","v9.0.0","backport:prev-minor","Team:Security-Scalability","Authz: API migration"],"title":"Unauthorized route migration for routes owned by security-service-integrations","number":198376,"url":"https://github.com/elastic/kibana/pull/198376","mergeCommit":{"message":"Unauthorized route migration for routes owned by security-service-integrations (#198376)\n\n### Authz API migration for unauthorized routes\r\n\r\nThis PR migrates unauthorized routes owned by your team to a new\r\nsecurity configuration.\r\nPlease refer to the documentation for more information: [Authorization\r\nAPI](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization)\r\n\r\n### **Before migration:**\r\n```ts\r\nrouter.get({\r\n path: '/api/path',\r\n ...\r\n}, handler);\r\n```\r\n\r\n### **After migration:**\r\n```ts\r\nrouter.get({\r\n path: '/api/path',\r\n security: {\r\n authz: {\r\n enabled: false,\r\n reason: 'This route is opted out from authorization because ...',\r\n },\r\n },\r\n ...\r\n}, handler);\r\n```\r\n\r\n### What to do next?\r\n1. Review the changes in this PR.\r\n2. Elaborate on the reasoning to opt-out of authorization.\r\n3. Routes without a compelling reason to opt-out of authorization should\r\nplan to introduce them as soon as possible.\r\n2. You might need to update your tests to reflect the new security\r\nconfiguration:\r\n - If you have snapshot tests that include the route definition.\r\n\r\n## Any questions?\r\nIf you have any questions or need help with API authorization, please\r\nreach out to the `@elastic/kibana-security` team.\r\n\r\n---------\r\n\r\nCo-authored-by: Kylie Meli <kylie.geller@elastic.co>","sha":"ae15c54d18fd3d271d0e621556869df35e30dfb6"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/198376","number":198376,"mergeCommit":{"message":"Unauthorized route migration for routes owned by security-service-integrations (#198376)\n\n### Authz API migration for unauthorized routes\r\n\r\nThis PR migrates unauthorized routes owned by your team to a new\r\nsecurity configuration.\r\nPlease refer to the documentation for more information: [Authorization\r\nAPI](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization)\r\n\r\n### **Before migration:**\r\n```ts\r\nrouter.get({\r\n path: '/api/path',\r\n ...\r\n}, handler);\r\n```\r\n\r\n### **After migration:**\r\n```ts\r\nrouter.get({\r\n path: '/api/path',\r\n security: {\r\n authz: {\r\n enabled: false,\r\n reason: 'This route is opted out from authorization because ...',\r\n },\r\n },\r\n ...\r\n}, handler);\r\n```\r\n\r\n### What to do next?\r\n1. Review the changes in this PR.\r\n2. Elaborate on the reasoning to opt-out of authorization.\r\n3. Routes without a compelling reason to opt-out of authorization should\r\nplan to introduce them as soon as possible.\r\n2. You might need to update your tests to reflect the new security\r\nconfiguration:\r\n - If you have snapshot tests that include the route definition.\r\n\r\n## Any questions?\r\nIf you have any questions or need help with API authorization, please\r\nreach out to the `@elastic/kibana-security` team.\r\n\r\n---------\r\n\r\nCo-authored-by: Kylie Meli <kylie.geller@elastic.co>","sha":"ae15c54d18fd3d271d0e621556869df35e30dfb6"}}]}] BACKPORT-->
This commit is contained in:
Kibana Machine
GitHub
parent
5f02f1f6c6
commit
715f1c39ee
1 changed files with 7 additions and 0 deletions
|
|
@ -17,6 +17,13 @@ export const getFleetManagedIndexTemplatesRoute = (router: IRouter) => {
|
|||
.addVersion(
|
||||
{
|
||||
version: '1',
|
||||
security: {
|
||||
authz: {
|
||||
enabled: false,
|
||||
reason:
|
||||
'This route delegates authorization of the current user to the Elasticsearch index template API.',
|
||||
},
|
||||
},
|
||||
validate: {},
|
||||
},
|
||||
async (context, _request, response) => {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue