github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 01:38:56 -04:00
Code Issues Projects Releases Packages Wiki Activity
85864 commits 432 branches 496 tags 23 GiB
Commit graph

2 commits

Author SHA1 Message Date
Elena Shostak
7a41906d88
[Authz] Mandatory Security Config (#215180) 
## Summary

This PR makes `security` a required field for route registration. To
incorporate the new required filed, changes has been made:

1. **Test file updates**. A lot of the updates made in this PR were made
in tests.
2. **Versioned route security configuration**. For the versioned route
`security` config has been lifted up to the top-level definition:

    Before
    ```ts
    router.versioned
      .get({
        path: '/api/path',
        options: { ... },
        ...
      }, handler)
      .addVersion({
         version: 1,
         validate: false,
         security: {
          authz: {
            requiredPrivileges: ['privilege'],
          },
         },
      });
    ```
    
    After
    ```ts
    router.versioned
      .get({
        path: '/api/path',
        options: { ... },
         security: {
          authz: {
            requiredPrivileges: ['privilege'],
          },
         },
        ...
      }, handler)
      .addVersion({
         version: 1,
         validate: false,
      });
    ```

3. **Type adjustments for route wrappers**. Type changes has been made
in:
-
`x-pack/solutions/observability/plugins/infra/server/lib/adapters/framework/adapter_types.ts`
-
`x-pack/solutions/observability/plugins/metrics_data_access/server/lib/adapters/framework/adapter_types.ts`
-
`x-pack/solutions/observability/plugins/synthetics/server/routes/types.ts`
-
`x-pack/solutions/observability/plugins/uptime/server/legacy_uptime/routes/types.ts`

Security was made an optional field for the wrappers defined in those
files, since the default security is provided in the wrapper itself and
then passed down to the core router.

### Checklist

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)


__Closes: https://github.com/elastic/kibana/issues/215331__

---------

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
 2025-03-27 12:04:53 -07:00
Alejandro Fernández Haro
bdf7823c54
[SSE] Fix EventSource streams (#213151) 
## Summary

Resolves #212919

We noticed that setting the header `'Content-Type':
'text/event-stream',` didn't work as the browser's native EventSource
implementation.

```JS
      return res.ok({
        headers: {
          'Content-Type': 'text/event-stream',
          'Cache-Control': 'no-cache',
        },
        body: observableIntoEventSourceStream(events$ as unknown as Observable<ServerSentEvent>, {
          signal: abortController.signal,
          logger,
        }),
      });
```

The reason, apparently, is that we need to flush the compressor's buffer
negotiated in the HTTP request.

### How to test it:

Run Kibana with examples `yarn start --no-base-path --run-examples
--http2` and open the SSE example app in Kibana. You should see a clock
updating every second in the UI (the clock is coming from the server).

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
 2025-03-11 11:33:11 +01:00