Skip to content

Commit

Permalink
[8.x] Set spaces and roles CRUD APIs to public (#193534) (#196242)
Browse files Browse the repository at this point in the history
# Backport

This will backport the following commits from `main` to `8.x`:
- [Set spaces and roles CRUD APIs to public
(#193534)](#193534)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Jeramy
Soucy","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-10-03T14:28:54Z","message":"Set
spaces and roles CRUD APIs to public (#193534)\n\nCloses
#192153\r\n\r\n## Summary\r\n\r\nThis PR sets the spaces and roles CRUD
operation HTTP API endpoints to\r\npublic in both stateful and
serverless offerings, and additionally,\r\nswitches to the versioned
router to register these endpoints.\r\n\r\nPrior to this PR, the access
level was not explicitly set, thus any\r\nendpoints registered in
serverless were by default internal. CRUD\r\noperations for spaces and
roles are being set to public to support the\r\nrollout of custom roles
in serverless, which coincides with enabling\r\nmultiple
spaces.\r\n\r\n### Note\r\n- Currently, roles APIs are only available in
serverless via a feature\r\nflag
(`xpack.security.roleManagementEnabled`)\r\n- Spaces APIs are already
registered in serverless, however, the maximum\r\nnumber of spaces is by
default 1, rendering create and delete operations\r\nunusable. By
overriding `xpack.spaces.maxSpaces` to a number greater\r\nthan 1
(stateful default is 1000), it will effectively enable use of
the\r\nspaces CRUD operations in serverless.\r\n\r\n##
Tests\r\n-\r\nx-pack/test_serverless/api_integration/test_suites/common/management/multiple_spaces_enabled.ts\r\n-\r\nx-pack/test_serverless/api_integration/test_suites/common/management/spaces.ts\r\n-\r\nx-pack/test_serverless/api_integration/test_suites/common/platform_security/authorization.ts\r\n-\r\nx-pack/test_serverless/api_integration/test_suites/common/platform_security/roles_routes_feature_flag.ts\r\n-
Unit tests for each endpoint (to account for versioned router)\r\n-
Flaky Test
Runner:\r\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7002\r\n\r\n##
Manual Testing\r\n1. Start ES & Kibana in serverless mode with config
options to enable\r\nrole management and multiple
spaces\r\n\r\nElasticsearch:\r\n```\r\nxpack.security.authc.native_roles.enabled:
true\r\n```\r\n KIbana:\r\n```\r\n xpack.security.roleManagementEnabled:
true\r\n xpack.spaces.maxSpaces: 100\r\n```\r\n3. Issue each CRUD HTTP
API without including the internal origin
header\r\n('x-elastic-internal-origin') and verify you do not receive a
400 with\r\nthe message \"method [get|post|put|delete] exists but is not
available\r\nwith the current configuration\"\r\n4. Repeat steps 1 & 2
from the current head of main and verify that you\r\nDO receive a 400
with the message \"method [get|post|put|delete] exists\r\nbut is not
available with the current configuration\"\r\n\r\nRegression testing -
ensure that interfaces which leverage spaces and\r\nroles APIs are
functioning properly\r\n- Spaces management\r\n- Space navigation\r\n-
Roles management\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine
<[email protected]>","sha":"26f2928b0887c9fda4403c0ce3fcc332b7c0e69a","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Security","Feature:Security/Spaces","release_note:skip","Feature:Security/Authorization","v9.0.0","backport:prev-minor","Project:Serverless"],"number":193534,"url":"https://github.com/elastic/kibana/pull/193534","mergeCommit":{"message":"Set
spaces and roles CRUD APIs to public (#193534)\n\nCloses
#192153\r\n\r\n## Summary\r\n\r\nThis PR sets the spaces and roles CRUD
operation HTTP API endpoints to\r\npublic in both stateful and
serverless offerings, and additionally,\r\nswitches to the versioned
router to register these endpoints.\r\n\r\nPrior to this PR, the access
level was not explicitly set, thus any\r\nendpoints registered in
serverless were by default internal. CRUD\r\noperations for spaces and
roles are being set to public to support the\r\nrollout of custom roles
in serverless, which coincides with enabling\r\nmultiple
spaces.\r\n\r\n### Note\r\n- Currently, roles APIs are only available in
serverless via a feature\r\nflag
(`xpack.security.roleManagementEnabled`)\r\n- Spaces APIs are already
registered in serverless, however, the maximum\r\nnumber of spaces is by
default 1, rendering create and delete operations\r\nunusable. By
overriding `xpack.spaces.maxSpaces` to a number greater\r\nthan 1
(stateful default is 1000), it will effectively enable use of
the\r\nspaces CRUD operations in serverless.\r\n\r\n##
Tests\r\n-\r\nx-pack/test_serverless/api_integration/test_suites/common/management/multiple_spaces_enabled.ts\r\n-\r\nx-pack/test_serverless/api_integration/test_suites/common/management/spaces.ts\r\n-\r\nx-pack/test_serverless/api_integration/test_suites/common/platform_security/authorization.ts\r\n-\r\nx-pack/test_serverless/api_integration/test_suites/common/platform_security/roles_routes_feature_flag.ts\r\n-
Unit tests for each endpoint (to account for versioned router)\r\n-
Flaky Test
Runner:\r\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7002\r\n\r\n##
Manual Testing\r\n1. Start ES & Kibana in serverless mode with config
options to enable\r\nrole management and multiple
spaces\r\n\r\nElasticsearch:\r\n```\r\nxpack.security.authc.native_roles.enabled:
true\r\n```\r\n KIbana:\r\n```\r\n xpack.security.roleManagementEnabled:
true\r\n xpack.spaces.maxSpaces: 100\r\n```\r\n3. Issue each CRUD HTTP
API without including the internal origin
header\r\n('x-elastic-internal-origin') and verify you do not receive a
400 with\r\nthe message \"method [get|post|put|delete] exists but is not
available\r\nwith the current configuration\"\r\n4. Repeat steps 1 & 2
from the current head of main and verify that you\r\nDO receive a 400
with the message \"method [get|post|put|delete] exists\r\nbut is not
available with the current configuration\"\r\n\r\nRegression testing -
ensure that interfaces which leverage spaces and\r\nroles APIs are
functioning properly\r\n- Spaces management\r\n- Space navigation\r\n-
Roles management\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine
<[email protected]>","sha":"26f2928b0887c9fda4403c0ce3fcc332b7c0e69a"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/193534","number":193534,"mergeCommit":{"message":"Set
spaces and roles CRUD APIs to public (#193534)\n\nCloses
#192153\r\n\r\n## Summary\r\n\r\nThis PR sets the spaces and roles CRUD
operation HTTP API endpoints to\r\npublic in both stateful and
serverless offerings, and additionally,\r\nswitches to the versioned
router to register these endpoints.\r\n\r\nPrior to this PR, the access
level was not explicitly set, thus any\r\nendpoints registered in
serverless were by default internal. CRUD\r\noperations for spaces and
roles are being set to public to support the\r\nrollout of custom roles
in serverless, which coincides with enabling\r\nmultiple
spaces.\r\n\r\n### Note\r\n- Currently, roles APIs are only available in
serverless via a feature\r\nflag
(`xpack.security.roleManagementEnabled`)\r\n- Spaces APIs are already
registered in serverless, however, the maximum\r\nnumber of spaces is by
default 1, rendering create and delete operations\r\nunusable. By
overriding `xpack.spaces.maxSpaces` to a number greater\r\nthan 1
(stateful default is 1000), it will effectively enable use of
the\r\nspaces CRUD operations in serverless.\r\n\r\n##
Tests\r\n-\r\nx-pack/test_serverless/api_integration/test_suites/common/management/multiple_spaces_enabled.ts\r\n-\r\nx-pack/test_serverless/api_integration/test_suites/common/management/spaces.ts\r\n-\r\nx-pack/test_serverless/api_integration/test_suites/common/platform_security/authorization.ts\r\n-\r\nx-pack/test_serverless/api_integration/test_suites/common/platform_security/roles_routes_feature_flag.ts\r\n-
Unit tests for each endpoint (to account for versioned router)\r\n-
Flaky Test
Runner:\r\nhttps://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7002\r\n\r\n##
Manual Testing\r\n1. Start ES & Kibana in serverless mode with config
options to enable\r\nrole management and multiple
spaces\r\n\r\nElasticsearch:\r\n```\r\nxpack.security.authc.native_roles.enabled:
true\r\n```\r\n KIbana:\r\n```\r\n xpack.security.roleManagementEnabled:
true\r\n xpack.spaces.maxSpaces: 100\r\n```\r\n3. Issue each CRUD HTTP
API without including the internal origin
header\r\n('x-elastic-internal-origin') and verify you do not receive a
400 with\r\nthe message \"method [get|post|put|delete] exists but is not
available\r\nwith the current configuration\"\r\n4. Repeat steps 1 & 2
from the current head of main and verify that you\r\nDO receive a 400
with the message \"method [get|post|put|delete] exists\r\nbut is not
available with the current configuration\"\r\n\r\nRegression testing -
ensure that interfaces which leverage spaces and\r\nroles APIs are
functioning properly\r\n- Spaces management\r\n- Space navigation\r\n-
Roles management\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine
<[email protected]>","sha":"26f2928b0887c9fda4403c0ce3fcc332b7c0e69a"}}]}]
BACKPORT-->

---------

Co-authored-by: kibanamachine <[email protected]>
  • Loading branch information
jeramysoucy and kibanamachine authored Oct 16, 2024
1 parent cbd40a8 commit d216933
Show file tree
Hide file tree
Showing 45 changed files with 5,143 additions and 628 deletions.
2 changes: 1 addition & 1 deletion .buildkite/scripts/steps/capture_oas_snapshot.sh
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ set -euo pipefail
source .buildkite/scripts/common/util.sh

echo --- Capture OAS snapshot
cmd="node scripts/capture_oas_snapshot --include-path /api/status --include-path /api/alerting/rule/ --include-path /api/alerting/rules --include-path /api/actions"
cmd="node scripts/capture_oas_snapshot --include-path /api/status --include-path /api/alerting/rule/ --include-path /api/alerting/rules --include-path /api/actions --include-path /api/security/role --include-path /api/spaces"
if is_pr && ! is_auto_commit_disabled; then
cmd="$cmd --update"
fi
Expand Down
Loading

0 comments on commit d216933

Please sign in to comment.