github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 17:59:23 -04:00
Code Issues Projects Releases Packages Wiki Activity
kibana/docs
History
Jeramy Soucy 5de13d49ac
[Saved Objects] Migrates authorization logic from repository to security extension (#148165) 
Closes #147049
Closes #149897

Migrates authorization and audit logic from the Saved Objects Repository
to the Saved Objects Security Extension. This is achieved by
implementing action-specific authorization methods within the security
extension. The SO repository is no longer responsible for making any
authorization decisions, but It is still responsible to know how to call
the extension methods. I've tried to make this as straightforward as
possible such that there is a clear ownership delineation between the
repository and the extension, by keeping the interface simple and
(hopefully) obvious.

### Security Extension Interface
New Public Extension Methods:
- authorizeCreate
- authorizeBulkCreate
- authorizeUpdate
- authorizeBulkUpdate
- authorizeDelete
- authorizeBulkDelete
- authorizeGet
- authorizeBulkGet
- authorizeCheckConflicts
- authorizeRemoveReferences
- authorizeOpenPointInTime
- auditClosePointInTime
- authorizeAndRedactMultiNamespaceReferences
- authorizeAndRedactInternalBulkResolve
- authorizeUpdateSpaces
- authorizeFind
- getFindRedactTypeMap
- authorizeDisableLegacyUrlAliases (for secure spaces client)
- auditObjectsForSpaceDeletion (for secure spaces client)

Removed from public interface:
- authorize
- enforceAuthorization
- addAuditEvent

### Tests
- Most test coverage moved from `repository.security_extension.test.ts`
to `saved_objects_security_extension.test.ts`
- `repository.security_extension.test.ts` tests extension call,
parameters, and return
- Updates repository unit tests to check that all security extension
calls are made with the current space when the spaces extension is also
enabled

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com>
2023-02-15 10:25:05 -05:00
..
api [Defend Workflows] Fix saved queries 500 (#150426) 2023-02-14 16:11:14 +01:00
api-generated [DOCS] Add summary capabilities to the open API specification (#149998) 2023-02-08 08:30:14 -08:00
apm APM: Update documentation of PHP APM agent support for service maps (#149584) (#149893) 2023-01-30 23:07:39 +01:00
canvas [DOCS] Adds the 8.6 Presentation docs (#145474) 2022-11-28 11:20:38 -05:00
concepts [DOCS] Adds content on ad-hoc data views (#146250) 2022-12-06 08:24:08 -08:00
dev-tools Add Console docs for Comments and Variables (#137225) 2022-07-28 10:52:20 -07:00
developer [Unified Histogram] Create layout container to manage Unified Histogram state (#148773) 2023-02-07 15:14:06 -04:00
development/plugins/expressions/public Remove old doc generation system for core APIs (#134313) 2022-06-21 17:43:17 +02:00
discover [DOCS] Updates Discover docs for 8.5 (#142021) 2022-10-10 15:21:23 -07:00
fleet Update Fleet overview topic (#121153) 2021-12-14 09:14:02 -08:00
getting-started [DOCS] Adds the 8.6 Presentation docs (#145474) 2022-11-28 11:20:38 -05:00
management [DOCS] Improve index connector, automate screenshots (#150126) 2023-02-07 09:42:09 -07:00
maps Adding clarification to the use of the environment variable in the Ma… (#145847) 2023-01-17 11:28:03 -07:00
migration [DOCS] Remove 8.0.0 coming tag (#125229) 2022-02-10 07:58:28 -05:00
observability Move observability content (#79978) 2020-10-13 16:08:48 +01:00
osquery Osquery: Update exported fields reference for osquery 5.7.0 (#150216) 2023-02-06 13:23:21 -05:00
settings Add Torq Connector (#149405) 2023-01-31 16:25:46 +01:00
setup Change default value of csp.disableUnsafeEval to 'true' (#150157) 2023-02-07 07:07:13 -05:00
siem [DOCS] Elastic Sec Overview (Fixing Image) (#104529) 2021-07-07 09:58:09 -04:00
spaces Removing docs about multi-tenancy (#143698) 2022-10-24 16:01:43 -04:00
user [Saved Objects] Migrates authorization logic from repository to security extension (#148165) 2023-02-15 10:25:05 -05:00
accessibility.asciidoc
action-type-template.asciidoc [Alerting] Update UI to reflect new terminology (#93597) 2021-03-15 10:03:39 -04:00
apis.asciidoc [DOCS] Create open API specification for find rules (#147061) 2022-12-12 11:36:44 -08:00
CHANGELOG.asciidoc [DOCS] Fix links in release notes (#141520) 2022-09-22 14:00:20 -07:00
gs-index.asciidoc
index-custom-title-page.html [DOCS] Updates what's new pages (#147483) 2022-12-14 07:36:12 -08:00
index.asciidoc [DOCS] Add ML open API output to appendix (#141556) 2022-09-26 11:00:00 -07:00
index.x.asciidoc
limitations.asciidoc [DOCS] Reallocates limitations to point-of-use (#79582) 2020-11-19 10:49:27 -06:00
migration.asciidoc
redirects.asciidoc Updates upgrade assistant doclinks to point to current rather than hard-coded 7.17 (#147585) 2022-12-19 09:19:26 -07:00
rule-type-template.asciidoc [Alerting][Docs] Combine rule creation and management pages (#101498) 2021-06-10 17:46:53 -04:00
template.asciidoc [DOCS] Remove snapshot and restore docs (#114836) 2021-11-16 16:59:24 -05:00