github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-06-27 18:51:07 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Authz] Mandatory Security Config (#215180)

Browse source 
## Summary

This PR makes `security` a required field for route registration. To
incorporate the new required filed, changes has been made:

1. **Test file updates**. A lot of the updates made in this PR were made
in tests.
2. **Versioned route security configuration**. For the versioned route
`security` config has been lifted up to the top-level definition:

    Before
    ```ts
    router.versioned
      .get({
        path: '/api/path',
        options: { ... },
        ...
      }, handler)
      .addVersion({
         version: 1,
         validate: false,
         security: {
          authz: {
            requiredPrivileges: ['privilege'],
          },
         },
      });
    ```
    
    After
    ```ts
    router.versioned
      .get({
        path: '/api/path',
        options: { ... },
         security: {
          authz: {
            requiredPrivileges: ['privilege'],
          },
         },
        ...
      }, handler)
      .addVersion({
         version: 1,
         validate: false,
      });
    ```

3. **Type adjustments for route wrappers**. Type changes has been made
in:
-
`x-pack/solutions/observability/plugins/infra/server/lib/adapters/framework/adapter_types.ts`
-
`x-pack/solutions/observability/plugins/metrics_data_access/server/lib/adapters/framework/adapter_types.ts`
-
`x-pack/solutions/observability/plugins/synthetics/server/routes/types.ts`
-
`x-pack/solutions/observability/plugins/uptime/server/legacy_uptime/routes/types.ts`

Security was made an optional field for the wrappers defined in those
files, since the default security is provided in the wrapper itself and
then passed down to the core router.

### Checklist

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)


__Closes: https://github.com/elastic/kibana/issues/215331__

---------

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
This commit is contained in:
Elena Shostak 2025-03-27 20:04:53 +01:00 committed by GitHub
parent 2aa857643d
commit 7a41906d88
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
253 changed files with 6835 additions and 3201 deletions
Download patch file Download diff file Expand all files Collapse all files

1
examples/v8_profiler_examples/server/routes/cpu_profile.ts
View file

@ -24,6 +24,7 @@ const routeValidation = {
const routeConfig = {
path: '/_dev/cpu_profile',
validate: routeValidation,
security: { authz: { requiredPrivileges: ['foo'] } },
};
export function registerRoute(logger: Logger, router: IRouter): void {

1
examples/v8_profiler_examples/server/routes/heap_profile.ts
View file

@ -26,6 +26,7 @@ const routeValidation = {
const routeConfig = {
path: '/_dev/heap_profile',
validate: routeValidation,
security: { authz: { requiredPrivileges: ['foo'] } },
};
export function registerRoute(logger: Logger, router: IRouter): void {