Skip to content

Commit

Permalink
Unauthorized route migration for routes owned by security-threat-hunt…
Browse files Browse the repository at this point in the history
…ing-explore (#198339)

### Authz API migration for unauthorized routes

This PR migrates unauthorized routes owned by your team to a new
security configuration.
Please refer to the documentation for more information: [Authorization
API](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization)

### **Before migration:**
```ts
router.post({
  path: '/api/path',
  ...
}, handler);
```

### **After migration:**
```ts
router.post({
  path: '/api/path',
  access: 'internal',
  security: {
        authz: {
          requiredPrivileges: ['securitySolution'],
        },
      },
  ...
}, handler);
```

### What to do next?
1. Review the changes in this PR.
2. Elaborate on the reasoning to opt-out of authorization.
3. Routes without a compelling reason to opt-out of authorization should
plan to introduce them as soon as possible.
2. You might need to update your tests to reflect the new security
configuration:
  - If you have snapshot tests that include the route definition.

## Any questions?
If you have any questions or need help with API authorization, please
reach out to the `@elastic/kibana-security` team.

---------

Co-authored-by: Angela Chuang <[email protected]>
Co-authored-by: Angela Chuang <[email protected]>
  • Loading branch information
3 people authored Nov 1, 2024
1 parent 0ecef0a commit ec391f7
Showing 1 changed file with 5 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,11 @@ export const getUnallowedFieldValuesRoute = (router: IRouter, logger: Logger) =>
.post({
path: GET_UNALLOWED_FIELD_VALUES,
access: 'internal',
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
})
.addVersion(
{
Expand Down

0 comments on commit ec391f7

Please sign in to comment.