github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-06-28 11:05:39 -04:00
Code Issues Projects Releases Packages Wiki Activity
kibana/examples/routing_example/server/routes/message_routes.ts
Elena Shostak 7a41906d88
[Authz] Mandatory Security Config (#215180) 
## Summary

This PR makes `security` a required field for route registration. To
incorporate the new required filed, changes has been made:

1. **Test file updates**. A lot of the updates made in this PR were made
in tests.
2. **Versioned route security configuration**. For the versioned route
`security` config has been lifted up to the top-level definition:

    Before
    ```ts
    router.versioned
      .get({
        path: '/api/path',
        options: { ... },
        ...
      }, handler)
      .addVersion({
         version: 1,
         validate: false,
         security: {
          authz: {
            requiredPrivileges: ['privilege'],
          },
         },
      });
    ```
    
    After
    ```ts
    router.versioned
      .get({
        path: '/api/path',
        options: { ... },
         security: {
          authz: {
            requiredPrivileges: ['privilege'],
          },
         },
        ...
      }, handler)
      .addVersion({
         version: 1,
         validate: false,
      });
    ```

3. **Type adjustments for route wrappers**. Type changes has been made
in:
-
`x-pack/solutions/observability/plugins/infra/server/lib/adapters/framework/adapter_types.ts`
-
`x-pack/solutions/observability/plugins/metrics_data_access/server/lib/adapters/framework/adapter_types.ts`
-
`x-pack/solutions/observability/plugins/synthetics/server/routes/types.ts`
-
`x-pack/solutions/observability/plugins/uptime/server/legacy_uptime/routes/types.ts`

Security was made an optional field for the wrappers defined in those
files, since the default security is provided in the wrapper itself and
then passed down to the core router.

### Checklist

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)


__Closes: https://github.com/elastic/kibana/issues/215331__

---------

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
2025-03-27 12:04:53 -07:00

96 lines
3 KiB
TypeScript
Raw Permalink Blame History

/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the "Elastic License
* 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
* Public License v 1"; you may not use this file except in compliance with, at
* your election, the "Elastic License 2.0", the "GNU Affero General Public
* License v3.0 only", or the "Server Side Public License, v 1".
*/
import { schema } from '@kbn/config-schema';
import { IRouter } from '@kbn/core/server';
import { POST_MESSAGE_ROUTE_PATH, INTERNAL_GET_MESSAGE_BY_ID_ROUTE } from '../../common';
/**
*
* NOTE: DON'T USE IN MEMORY DATA STRUCTURES TO STORE DATA!
*
* That won't work in a system with multiple Kibanas, which is a setup we recommend for
* load balancing. I'm only doing so here to simplify the routing example. In real life,
* Elasticsearch should be used to persist data that can be shared across multiple Kibana
* instances.
*/
const messages: { [key: string]: string } = {};
/**
* @param router Pushes a message with an id onto an in memory map.
*/
export function registerPostMessageRoute(router: IRouter) {
router.post(
{
path: `${POST_MESSAGE_ROUTE_PATH}/{id}`,
security: {
authz: {
enabled: false,
reason:
'This route is opted out of authorization because it is only intended for test use',
},
},
validate: {
params: schema.object({
// This parameter name matches the one in POST_MESSAGE_ROUTE_PATH: `api/post_message/{id}`.
// Params are often used for ids like this.
id: schema.string(),
}),
body: schema.object({
message: schema.string({ maxLength: 100 }),
}),
},
},
async (context, request, response) => {
if (messages[request.params.id]) {
return response.badRequest({
body: `Message with id ${request.params.id} already exists`,
});
}
// See note above. NEVER DO THIS IN REAL CODE! Data should only be persisted in Elasticsearch.
messages[request.params.id] = request.body.message;
return response.ok();
}
);
}
/**
* @param router Returns the message with the given id from an in memory array.
*/
export function registerGetMessageByIdRoute(router: IRouter) {
router.get(
{
path: `${INTERNAL_GET_MESSAGE_BY_ID_ROUTE}/{id}`,
security: {
authz: {
enabled: false,
reason:
'This route is opted out of authorization because it is only intended for test use',
},
},
options: {
access: 'internal',
},
validate: {
params: schema.object({
id: schema.string(),
}),
},
},
async (context, request, response) => {
if (!messages[request.params.id]) {
return response.notFound();
}
return response.ok({ body: { message: messages[request.params.id] } });
}
);
}
Reference in a new issue View git blame Copy permalink