Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Unauthorized route migration for routes owned by security-threat-hunt…
…ing-explore (#198339) ### Authz API migration for unauthorized routes This PR migrates unauthorized routes owned by your team to a new security configuration. Please refer to the documentation for more information: [Authorization API](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization) ### **Before migration:** ```ts router.post({ path: '/api/path', ... }, handler); ``` ### **After migration:** ```ts router.post({ path: '/api/path', access: 'internal', security: { authz: { requiredPrivileges: ['securitySolution'], }, }, ... }, handler); ``` ### What to do next? 1. Review the changes in this PR. 2. Elaborate on the reasoning to opt-out of authorization. 3. Routes without a compelling reason to opt-out of authorization should plan to introduce them as soon as possible. 2. You might need to update your tests to reflect the new security configuration: - If you have snapshot tests that include the route definition. ## Any questions? If you have any questions or need help with API authorization, please reach out to the `@elastic/kibana-security` team. --------- Co-authored-by: Angela Chuang <[email protected]> Co-authored-by: Angela Chuang <[email protected]>
- Loading branch information