github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 09:48:58 -04:00
Code Issues Projects Releases Packages Wiki Activity

[9.0] Unauthorized route migration for routes owned by search-kibana (#214786) (#215036)

Browse source 
# Backport

This will backport the following commits from `main` to `9.0`:
- [Unauthorized route migration for routes owned by search-kibana
(#214786)](https://github.com/elastic/kibana/pull/214786)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Elena
Shostak","email":"165678770+elena-shostak@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-03-18T17:29:08Z","message":"Unauthorized
route migration for routes owned by search-kibana (#214786)\n\n### Authz
API migration for unauthorized routes\n\nThis PR migrates last
unauthorized routes owned by your team to a new\nsecurity
configuration.\nPlease refer to the documentation for more information:
[Authorization\nAPI](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization)\n\n###
**Before migration:**\n```ts\nrouter.get({\n path: '/api/path',\n
...\n}, handler);\n```\n\n### **After
migration:**\n```ts\nrouter.get({\n path: '/api/path',\n security: {\n
authz: {\n enabled: false,\n reason: 'This route is opted out from
authorization because ...',\n },\n },\n ...\n},
handler);\n```","sha":"a3dd168cb1d8fb22a96e84994a6850b27a11d762","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["enhancement","release_note:skip","Feature:Security/Authorization","Team:Search","backport:prev-minor","backport:version","Authz:
API migration","v9.1.0","v8.19.0"],"title":"Unauthorized route migration
for routes owned by
search-kibana","number":214786,"url":"https://github.com/elastic/kibana/pull/214786","mergeCommit":{"message":"Unauthorized
route migration for routes owned by search-kibana (#214786)\n\n### Authz
API migration for unauthorized routes\n\nThis PR migrates last
unauthorized routes owned by your team to a new\nsecurity
configuration.\nPlease refer to the documentation for more information:
[Authorization\nAPI](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization)\n\n###
**Before migration:**\n```ts\nrouter.get({\n path: '/api/path',\n
...\n}, handler);\n```\n\n### **After
migration:**\n```ts\nrouter.get({\n path: '/api/path',\n security: {\n
authz: {\n enabled: false,\n reason: 'This route is opted out from
authorization because ...',\n },\n },\n ...\n},
handler);\n```","sha":"a3dd168cb1d8fb22a96e84994a6850b27a11d762"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/214786","number":214786,"mergeCommit":{"message":"Unauthorized
route migration for routes owned by search-kibana (#214786)\n\n### Authz
API migration for unauthorized routes\n\nThis PR migrates last
unauthorized routes owned by your team to a new\nsecurity
configuration.\nPlease refer to the documentation for more information:
[Authorization\nAPI](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization)\n\n###
**Before migration:**\n```ts\nrouter.get({\n path: '/api/path',\n
...\n}, handler);\n```\n\n### **After
migration:**\n```ts\nrouter.get({\n path: '/api/path',\n security: {\n
authz: {\n enabled: false,\n reason: 'This route is opted out from
authorization because ...',\n },\n },\n ...\n},
handler);\n```","sha":"a3dd168cb1d8fb22a96e84994a6850b27a11d762"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Elena Shostak <165678770+elena-shostak@users.noreply.github.com>
This commit is contained in:
Kibana Machine 2025-03-18 20:20:22 +01:00 committed by GitHub
parent 23c067bdb4
commit eb8c5c58e0
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 36 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

12
x-pack/solutions/search/packages/kbn-search-api-keys-server/src/routes/routes.ts
View file

@ -20,6 +20,12 @@ export function registerSearchApiKeysRoutes(router: IRouter, logger: Logger) {
router.post(
{
path: APIRoutes.API_KEY_VALIDITY,
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES client',
},
},
validate: {
body: schema.object({
id: schema.string(),
@ -60,6 +66,12 @@ export function registerSearchApiKeysRoutes(router: IRouter, logger: Logger) {
router.post(
{
path: APIRoutes.API_KEYS,
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES client',
},
},
validate: {},
options: {
access: 'internal',

12
x-pack/solutions/search/plugins/search_inference_endpoints/server/routes.ts
View file

@ -17,6 +17,12 @@ export function defineRoutes({ logger, router }: { logger: Logger; router: IRout
router.get(
{
path: APIRoutes.GET_INFERENCE_ENDPOINTS,
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES client',
},
},
validate: {},
},
errorHandler(logger)(async (context, request, response) => {
@ -38,6 +44,12 @@ export function defineRoutes({ logger, router }: { logger: Logger; router: IRout
router.delete(
{
path: APIRoutes.INFERENCE_ENDPOINT,
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES client',
},
},
validate: {
params: schema.object({
type: schema.string(),

12
x-pack/solutions/search/plugins/search_notebooks/server/routes/index.ts
View file

@ -16,6 +16,12 @@ export function defineRoutes({ config, notebooksCache, logger, router }: RouteDe
router.get(
{
path: '/internal/search_notebooks/notebooks',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the notebook service',
},
},
validate: {
query: schema.object({
list: schema.maybe(schema.string()),
@ -44,6 +50,12 @@ export function defineRoutes({ config, notebooksCache, logger, router }: RouteDe
router.get(
{
path: '/internal/search_notebooks/notebooks/{notebookId}',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the notebook service',
},
},
validate: {
params: schema.object({
notebookId: schema.string(),