Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[8.x] Authorized route migration for routes owned by security-solution (
#198382) (#200782) # Backport This will backport the following commits from `main` to `8.x`: - [Authorized route migration for routes owned by security-solution (#198382)](#198382) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Kibana Machine","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-11-19T17:19:44Z","message":"Authorized route migration for routes owned by security-solution (#198382)\n\n### Authz API migration for authorized routes\r\n\r\nThis PR migrates `access:<privilege>` tags used in route definitions to\r\nnew security configuration.\r\nPlease refer to the documentation for more information: [Authorization\r\nAPI](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization)\r\n\r\n### **Before migration:**\r\nAccess control tags were defined in the `options` object of the route:\r\n\r\n```ts\r\nrouter.get({\r\n path: '/api/path',\r\n options: {\r\n tags: ['access:<privilege_1>', 'access:<privilege_2>'],\r\n },\r\n ...\r\n}, handler);\r\n```\r\n\r\n### **After migration:**\r\nTags have been replaced with the more robust\r\n`security.authz.requiredPrivileges` field under `security`:\r\n\r\n```ts\r\nrouter.get({\r\n path: '/api/path',\r\n security: {\r\n authz: {\r\n requiredPrivileges: ['<privilege_1>', '<privilege_2>'],\r\n },\r\n },\r\n ...\r\n}, handler);\r\n```\r\n\r\n### What to do next?\r\n1. Review the changes in this PR.\r\n2. You might need to update your tests to reflect the new security\r\nconfiguration:\r\n - If you have tests that rely on checking `access` tags.\r\n - If you have snapshot tests that include the route definition.\r\n- If you have FTR tests that rely on checking unauthorized error\r\nmessage. The error message changed to also include missing privileges.\r\n\r\n## Any questions?\r\nIf you have any questions or need help with API authorization, please\r\nreach out to the `@elastic/kibana-security` team.\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"3e9d77a091b56016d13c1eee30e697dd3066029c","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["enhancement","release_note:skip","Feature:Security/Authorization","v9.0.0","Team: SecuritySolution","backport:prev-minor","Authz: API migration"],"title":"Authorized route migration for routes owned by security-solution","number":198382,"url":"https://github.com/elastic/kibana/pull/198382","mergeCommit":{"message":"Authorized route migration for routes owned by security-solution (#198382)\n\n### Authz API migration for authorized routes\r\n\r\nThis PR migrates `access:<privilege>` tags used in route definitions to\r\nnew security configuration.\r\nPlease refer to the documentation for more information: [Authorization\r\nAPI](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization)\r\n\r\n### **Before migration:**\r\nAccess control tags were defined in the `options` object of the route:\r\n\r\n```ts\r\nrouter.get({\r\n path: '/api/path',\r\n options: {\r\n tags: ['access:<privilege_1>', 'access:<privilege_2>'],\r\n },\r\n ...\r\n}, handler);\r\n```\r\n\r\n### **After migration:**\r\nTags have been replaced with the more robust\r\n`security.authz.requiredPrivileges` field under `security`:\r\n\r\n```ts\r\nrouter.get({\r\n path: '/api/path',\r\n security: {\r\n authz: {\r\n requiredPrivileges: ['<privilege_1>', '<privilege_2>'],\r\n },\r\n },\r\n ...\r\n}, handler);\r\n```\r\n\r\n### What to do next?\r\n1. Review the changes in this PR.\r\n2. You might need to update your tests to reflect the new security\r\nconfiguration:\r\n - If you have tests that rely on checking `access` tags.\r\n - If you have snapshot tests that include the route definition.\r\n- If you have FTR tests that rely on checking unauthorized error\r\nmessage. The error message changed to also include missing privileges.\r\n\r\n## Any questions?\r\nIf you have any questions or need help with API authorization, please\r\nreach out to the `@elastic/kibana-security` team.\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"3e9d77a091b56016d13c1eee30e697dd3066029c"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/198382","number":198382,"mergeCommit":{"message":"Authorized route migration for routes owned by security-solution (#198382)\n\n### Authz API migration for authorized routes\r\n\r\nThis PR migrates `access:<privilege>` tags used in route definitions to\r\nnew security configuration.\r\nPlease refer to the documentation for more information: [Authorization\r\nAPI](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization)\r\n\r\n### **Before migration:**\r\nAccess control tags were defined in the `options` object of the route:\r\n\r\n```ts\r\nrouter.get({\r\n path: '/api/path',\r\n options: {\r\n tags: ['access:<privilege_1>', 'access:<privilege_2>'],\r\n },\r\n ...\r\n}, handler);\r\n```\r\n\r\n### **After migration:**\r\nTags have been replaced with the more robust\r\n`security.authz.requiredPrivileges` field under `security`:\r\n\r\n```ts\r\nrouter.get({\r\n path: '/api/path',\r\n security: {\r\n authz: {\r\n requiredPrivileges: ['<privilege_1>', '<privilege_2>'],\r\n },\r\n },\r\n ...\r\n}, handler);\r\n```\r\n\r\n### What to do next?\r\n1. Review the changes in this PR.\r\n2. You might need to update your tests to reflect the new security\r\nconfiguration:\r\n - If you have tests that rely on checking `access` tags.\r\n - If you have snapshot tests that include the route definition.\r\n- If you have FTR tests that rely on checking unauthorized error\r\nmessage. The error message changed to also include missing privileges.\r\n\r\n## Any questions?\r\nIf you have any questions or need help with API authorization, please\r\nreach out to the `@elastic/kibana-security` team.\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"3e9d77a091b56016d13c1eee30e697dd3066029c"}}]}] BACKPORT-->
- Loading branch information