From 005b9d95ea974750c45b162338d16928b9c1b72d Mon Sep 17 00:00:00 2001 From: Elena Shostak Date: Wed, 30 Oct 2024 17:15:21 +0100 Subject: [PATCH] [Authz] Added section for migration routes created by utility function --- dev_docs/key_concepts/api_authorization.mdx | 17 +++++++++++++++++ .../rules/no_deprecated_authz_config.js | 2 +- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/dev_docs/key_concepts/api_authorization.mdx b/dev_docs/key_concepts/api_authorization.mdx index b781808757c9a..cda6ad5de21ce 100644 --- a/dev_docs/key_concepts/api_authorization.mdx +++ b/dev_docs/key_concepts/api_authorization.mdx @@ -313,6 +313,23 @@ Routes without a compelling reason to opt-out of authorization should plan to in MIGRATE_DISABLED_AUTHZ=true MIGRATE_ENABLED_AUTHZ=true npx eslint --ext .ts --fix path/to/your/folder ``` +**How to migrate if you have an utility function for route creation?** +If you have utility function that creates routes, i.e `createApmServerRoute` or `createObservabilityOnboardingServerRoute`, you can easily modify the eslint rule to handle your case. +For example, you register the route with `access` tags in your utility function: +```ts +createApmServerRoute({ + endpoint: 'GET /your/route/path', + options: { tags: ['access:apm'] }, + handler: async (resources): => { + // your handler logic + }, +}) +``` +You can modify [the rule](https://github.com/elastic/kibana/blob/6a50066e00ae38a64c5365fd66b4dc32857ba1fc/packages/kbn-eslint-plugin-eslint/rules/no_deprecated_authz_config.js#L312-#L315) to handle your case by adding the following code: +```ts +callee.type === 'Identifier' && callee.name === 'createApmServerRoute' +``` + ## Questions? If you have any questions or need help with API authorization, please reach out to the `@elastic/kibana-security` team. diff --git a/packages/kbn-eslint-plugin-eslint/rules/no_deprecated_authz_config.js b/packages/kbn-eslint-plugin-eslint/rules/no_deprecated_authz_config.js index 0f0b8759b4a82..8661c5e1c52d6 100644 --- a/packages/kbn-eslint-plugin-eslint/rules/no_deprecated_authz_config.js +++ b/packages/kbn-eslint-plugin-eslint/rules/no_deprecated_authz_config.js @@ -7,7 +7,7 @@ * License v3.0 only", or the "Server Side Public License, v 1". */ -const routeMethods = ['get', 'put', 'delete', 'post']; +const routeMethods = ['get', 'put', 'delete', 'post', 'patch']; const ACCESS_TAG_PREFIX = 'access:'; const isStringLiteral = (el) => el.type === 'Literal' && typeof el.value === 'string';