mirror of
https://github.com/elastic/kibana.git
synced 2025-04-24 17:59:23 -04:00
2ff384b02a
# Backport This will backport the following commits from `main` to `9.0`: - [[Authz] Added allOf and anyOf nested conditions (#215516)](https://github.com/elastic/kibana/pull/215516) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Elena Shostak","email":"165678770+elena-shostak@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-04-03T12:28:17Z","message":"[Authz] Added allOf and anyOf nested conditions (#215516)\n\n## Summary\n\nCurrently, our `requiredPrivileges` structure supports `allRequired` and\n`anyRequired` for defining authorization logic. However, there is [a\nneed to\nsupport](https://github.com/elastic/kibana/pull/205335#issuecomment-2569275302)\nmore complex scenarios as `(privilege1 AND privilege2) OR (privilege3\nAND privilege4)`\n\nTo achieve `anyRequired` has been extended to allow defining multiple\nAND conditions evaluated with OR logic:\n```ts\nsecurity: {\n authz: {\n requiredPrivileges: [{\n anyRequired: [\n { allOf: ['privilege1', 'privilege2'] }, \n { allOf: ['privilege3', 'privilege4'] }\n ] \n }\n ]\n }\n}\n```\n\n`allRequired` now also supports scenarios `(privilege1 OR privilege2)\nAND (privilege3 OR privilege4)`\n```ts\nsecurity: {\n authz: {\n requiredPrivileges: [{\n allRequired: [\n { anyOf: ['privilege1', 'privilege2'] }, \n { anyOf: ['privilege3', 'privilege4'] }\n ] \n }\n ]\n }\n}\n```\n\n> [!IMPORTANT]\n> We expect to have unique privileges in `anyOf` or `allOf` conditions,\nassuming that most complex conditions can be simplified by boolean\nalgebra laws (OR/AND distributive etc).\n\n\n### Checklist\n\n- [x]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for features that require explanation or tutorials\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n\n__Closes: https://github.com/elastic/kibana/issues/210977__\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"ed058086e27c2b6f5015647b446304608d6b14a9","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Security","enhancement","release_note:skip","Feature:Security/Authorization","backport:prev-minor","backport:version","v9.1.0","v8.19.0"],"title":"[Authz] Added allOf and anyOf nested conditions","number":215516,"url":"https://github.com/elastic/kibana/pull/215516","mergeCommit":{"message":"[Authz] Added allOf and anyOf nested conditions (#215516)\n\n## Summary\n\nCurrently, our `requiredPrivileges` structure supports `allRequired` and\n`anyRequired` for defining authorization logic. However, there is [a\nneed to\nsupport](https://github.com/elastic/kibana/pull/205335#issuecomment-2569275302)\nmore complex scenarios as `(privilege1 AND privilege2) OR (privilege3\nAND privilege4)`\n\nTo achieve `anyRequired` has been extended to allow defining multiple\nAND conditions evaluated with OR logic:\n```ts\nsecurity: {\n authz: {\n requiredPrivileges: [{\n anyRequired: [\n { allOf: ['privilege1', 'privilege2'] }, \n { allOf: ['privilege3', 'privilege4'] }\n ] \n }\n ]\n }\n}\n```\n\n`allRequired` now also supports scenarios `(privilege1 OR privilege2)\nAND (privilege3 OR privilege4)`\n```ts\nsecurity: {\n authz: {\n requiredPrivileges: [{\n allRequired: [\n { anyOf: ['privilege1', 'privilege2'] }, \n { anyOf: ['privilege3', 'privilege4'] }\n ] \n }\n ]\n }\n}\n```\n\n> [!IMPORTANT]\n> We expect to have unique privileges in `anyOf` or `allOf` conditions,\nassuming that most complex conditions can be simplified by boolean\nalgebra laws (OR/AND distributive etc).\n\n\n### Checklist\n\n- [x]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for features that require explanation or tutorials\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n\n__Closes: https://github.com/elastic/kibana/issues/210977__\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"ed058086e27c2b6f5015647b446304608d6b14a9"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/215516","number":215516,"mergeCommit":{"message":"[Authz] Added allOf and anyOf nested conditions (#215516)\n\n## Summary\n\nCurrently, our `requiredPrivileges` structure supports `allRequired` and\n`anyRequired` for defining authorization logic. However, there is [a\nneed to\nsupport](https://github.com/elastic/kibana/pull/205335#issuecomment-2569275302)\nmore complex scenarios as `(privilege1 AND privilege2) OR (privilege3\nAND privilege4)`\n\nTo achieve `anyRequired` has been extended to allow defining multiple\nAND conditions evaluated with OR logic:\n```ts\nsecurity: {\n authz: {\n requiredPrivileges: [{\n anyRequired: [\n { allOf: ['privilege1', 'privilege2'] }, \n { allOf: ['privilege3', 'privilege4'] }\n ] \n }\n ]\n }\n}\n```\n\n`allRequired` now also supports scenarios `(privilege1 OR privilege2)\nAND (privilege3 OR privilege4)`\n```ts\nsecurity: {\n authz: {\n requiredPrivileges: [{\n allRequired: [\n { anyOf: ['privilege1', 'privilege2'] }, \n { anyOf: ['privilege3', 'privilege4'] }\n ] \n }\n ]\n }\n}\n```\n\n> [!IMPORTANT]\n> We expect to have unique privileges in `anyOf` or `allOf` conditions,\nassuming that most complex conditions can be simplified by boolean\nalgebra laws (OR/AND distributive etc).\n\n\n### Checklist\n\n- [x]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for features that require explanation or tutorials\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n\n__Closes: https://github.com/elastic/kibana/issues/210977__\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>","sha":"ed058086e27c2b6f5015647b446304608d6b14a9"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/217050","number":217050,"state":"OPEN"}]}] BACKPORT--> --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| assets | ||
| contributing | ||
| getting_started | ||
| key_concepts | ||
| lens | ||
| operations | ||
| shared_ux | ||
| tutorials | ||
| api_welcome.mdx | ||
| kibana_server_core_components.mdx | ||
| nav-kibana-dev.docnav.json | ||