-
Notifications
You must be signed in to change notification settings - Fork 8.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[8.x] Sets explicit access for public platform security endpoints (#1…
…95099) (#196547) # Backport This will backport the following commits from `main` to `8.x`: - [Sets explicit access for public platform security endpoints (#195099)](#195099) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Jeramy Soucy","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-10-16T13:11:25Z","message":"Sets explicit access for public platform security endpoints (#195099)\n\nRelated issue: #189833\r\n\r\n## Summary\r\n\r\nThis PR explicitly sets the access level for platform security HTTP API\r\nendpoints. This is to address restriction of internal endpoints in v9.\r\nFor details, see https://github.com/elastic/kibana/issues/189833.\r\n\r\nAdditionally, this PR sets the `excludeFromOAS` option where applicable,\r\nin order to refrain from generating documentation for endpoints which\r\nare public but should either remain undocumented, or should be\r\ndocumented as part of a specific topic (e.g. external authentication\r\nflow).\r\n\r\nNote: the invalidate sessions API has been changed to internal in\r\nserverless\r\n\r\nEndpoints excluded from OAS:\r\n- GET /api/security/logout\r\n- GET /api/security/v1/logout\r\n- /api/security/oidc/implicit\r\n- /api/security/v1/oidc/implicit\r\n- /internal/security/oidc/implicit.js\r\n- GET /api/security/oidc/callback\r\n- GET /api/security/v1/oidc\r\n- POST /api/security/oidc/initiate_login\r\n- POST /api/security/v1/oidc\r\n- GET /api/security/oidc/initiate_login\r\n- POST /api/security/saml/callback\r\n- /internal/security/reset_session_page.js\r\n- /security/access_agreement\r\n- /security/account\r\n- /internal/security/capture-url\r\n- /security/logged_out\r\n- /login\r\n- /logout\r\n- /security/overwritten_session\r\n- /spaces/space_selector","sha":"8d77cd49996281e746a0a7138c7624867c047053","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Security","release_note:skip","v9.0.0","backport:prev-minor"],"title":"Sets explicit access for public platform security endpoints","number":195099,"url":"https://github.com/elastic/kibana/pull/195099","mergeCommit":{"message":"Sets explicit access for public platform security endpoints (#195099)\n\nRelated issue: #189833\r\n\r\n## Summary\r\n\r\nThis PR explicitly sets the access level for platform security HTTP API\r\nendpoints. This is to address restriction of internal endpoints in v9.\r\nFor details, see https://github.com/elastic/kibana/issues/189833.\r\n\r\nAdditionally, this PR sets the `excludeFromOAS` option where applicable,\r\nin order to refrain from generating documentation for endpoints which\r\nare public but should either remain undocumented, or should be\r\ndocumented as part of a specific topic (e.g. external authentication\r\nflow).\r\n\r\nNote: the invalidate sessions API has been changed to internal in\r\nserverless\r\n\r\nEndpoints excluded from OAS:\r\n- GET /api/security/logout\r\n- GET /api/security/v1/logout\r\n- /api/security/oidc/implicit\r\n- /api/security/v1/oidc/implicit\r\n- /internal/security/oidc/implicit.js\r\n- GET /api/security/oidc/callback\r\n- GET /api/security/v1/oidc\r\n- POST /api/security/oidc/initiate_login\r\n- POST /api/security/v1/oidc\r\n- GET /api/security/oidc/initiate_login\r\n- POST /api/security/saml/callback\r\n- /internal/security/reset_session_page.js\r\n- /security/access_agreement\r\n- /security/account\r\n- /internal/security/capture-url\r\n- /security/logged_out\r\n- /login\r\n- /logout\r\n- /security/overwritten_session\r\n- /spaces/space_selector","sha":"8d77cd49996281e746a0a7138c7624867c047053"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/195099","number":195099,"mergeCommit":{"message":"Sets explicit access for public platform security endpoints (#195099)\n\nRelated issue: #189833\r\n\r\n## Summary\r\n\r\nThis PR explicitly sets the access level for platform security HTTP API\r\nendpoints. This is to address restriction of internal endpoints in v9.\r\nFor details, see https://github.com/elastic/kibana/issues/189833.\r\n\r\nAdditionally, this PR sets the `excludeFromOAS` option where applicable,\r\nin order to refrain from generating documentation for endpoints which\r\nare public but should either remain undocumented, or should be\r\ndocumented as part of a specific topic (e.g. external authentication\r\nflow).\r\n\r\nNote: the invalidate sessions API has been changed to internal in\r\nserverless\r\n\r\nEndpoints excluded from OAS:\r\n- GET /api/security/logout\r\n- GET /api/security/v1/logout\r\n- /api/security/oidc/implicit\r\n- /api/security/v1/oidc/implicit\r\n- /internal/security/oidc/implicit.js\r\n- GET /api/security/oidc/callback\r\n- GET /api/security/v1/oidc\r\n- POST /api/security/oidc/initiate_login\r\n- POST /api/security/v1/oidc\r\n- GET /api/security/oidc/initiate_login\r\n- POST /api/security/saml/callback\r\n- /internal/security/reset_session_page.js\r\n- /security/access_agreement\r\n- /security/account\r\n- /internal/security/capture-url\r\n- /security/logged_out\r\n- /login\r\n- /logout\r\n- /security/overwritten_session\r\n- /spaces/space_selector","sha":"8d77cd49996281e746a0a7138c7624867c047053"}}]}] BACKPORT--> Co-authored-by: Jeramy Soucy <[email protected]>
- Loading branch information
1 parent
b75aac6
commit 44eb0ca
Showing
26 changed files
with
112 additions
and
45 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.