Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Surface deprecation of platform security v1 endpoints #197389

Closed
jeramysoucy opened this issue Oct 23, 2024 · 1 comment · Fixed by #199656
Closed

Surface deprecation of platform security v1 endpoints #197389

jeramysoucy opened this issue Oct 23, 2024 · 1 comment · Fixed by #199656
Assignees
@jeramysoucy
Labels
Feature:Security/Authentication Platform Security - Authentication Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!

Comments

@jeramysoucy
Copy link
Contributor

PR #196081 adds support for surfacing deprecated APIs in the upgrade assistant.

We should utilize this feature to mark all of our v1 endpoints as deprecated.

  • GET /api/security/v1/logout: type migrate, replaced by GET /api/security/logout
  • GET /api/security/v1/me: type remove
  • GET /api/security/v1/oidc/implicit: type migrate, replaced by GET /api/security/oidc/implicit
  • GET /api/security/v1/oidc: type migrate, replaced by GET /api/security/oidc/callback
  • POST /api/security/v1/oidc: type migrate, replaced by POST /api/security/oidc/initiate_login
  • POST /api/security/v1/saml: type migrate, replaced by POST /api/security/saml/callback
@jeramysoucy jeramysoucy added the Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! label Oct 23, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security (Team:Security)

@azasypkin azasypkin added the Feature:Security/Authentication Platform Security - Authentication label Oct 23, 2024
@jeramysoucy jeramysoucy self-assigned this Nov 11, 2024
@jeramysoucy jeramysoucy changed the title Set deprecation of platform security v1 endpoints Surface deprecation of platform security v1 endpoints Nov 11, 2024
@jeramysoucy jeramysoucy mentioned this issue Nov 11, 2024
Merged
jeramysoucy added a commit to jeramysoucy/kibana that referenced this issue Nov 22, 2024
@jeramysoucy
Surface Kibana security route deprecations in Upgrade Assistant (elas…
83f5860 
…tic#199656)

Closes elastic#197389

## Summary

Uses the `deprecated` route configuration option on all Kibana Security
"v1" endpoints. This will surface deprecation information in the Upgrade
Assistant.

## Related PRs
- elastic#50695 - `7.6.0`, deprecated
    - `/api/security/v1/me`
    - `/api/security/v1/logout`
    - `/api/security/v1/oidc/implicit`
    - `/api/security/v1/oidc` (POST)
- elastic#53886 - `7.6.0`, deprecated
`/api/security/v1/oidc` (GET)
- elastic#47929 - `8.0.0`, dropped
`/api/security/v1/saml` (`breaking` release note)
- elastic#106665 - restored
`/api/security/v1/saml` but warned as deprecated (no release note)

## Testing
1.  Start ES & Kibana in trial license mode
2. Make several calls to one or more of the deprecated endpoints
3. Navigate to `Stack Management`->`Upgrade Assistant`
4. Click on Kibana warnings
<img width="1003" alt="Screenshot 2024-11-18 at 10 01 10 AM"
src="https://github.com/user-attachments/assets/da44af13-57eb-4ffd-a507-e423eb767a11">
5. Confirm the called endpoints are displayed as warnings in the Upgrade
Assistant
<img width="1274" alt="Screenshot 2024-11-18 at 9 59 34 AM"
src="https://github.com/user-attachments/assets/4c054fbe-6838-48cf-8b1b-8c161252db0f">

## Previous release notes
### v7.6.0

https://www.elastic.co/guide/en/kibana/7.6/release-notes-7.6.0.html#deprecation-7.6.0
https://www.elastic.co/guide/en/kibana/7.6/breaking-changes-7.6.html
The deprecations are not listed in the release notes or breaking changes
notes.

### v8.0.0

https://www.elastic.co/guide/en/kibana/current/release-notes-8.0.0-alpha1.html#rest-api-changes
SAML endpoint deprecation only appears in the 8.0.0-alpha1 release
notes, and was reverted in 8.0.0-alpha2

# Release note
See `docs/upgrade-notes.asciidoc` in file changes

# Follow-up
A follow-up PR must be created to create and backfill the docLinks.

---------

Co-authored-by: kibanamachine <[email protected]>
(cherry picked from commit 742ae9f)

# Conflicts:
#	docs/upgrade-notes.asciidoc
#	x-pack/plugins/security/tsconfig.json
jeramysoucy added a commit that referenced this issue Nov 22, 2024
@jeramysoucy
[8.x] Surface Kibana security route deprecations in Upgrade Assistant (
d783031 
…#199656) (#201320)

# Backport

This will backport the following commits from `main` to `8.x`:
- [Surface Kibana security route deprecations in Upgrade Assistant
(#199656)](#199656)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Jeramy
Soucy","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-11-19T08:54:40Z","message":"Surface
Kibana security route deprecations in Upgrade Assistant
(#199656)\n\nCloses #197389\r\n\r\n## Summary\r\n\r\nUses the
`deprecated` route configuration option on all Kibana Security\r\n\"v1\"
endpoints. This will surface deprecation information in the
Upgrade\r\nAssistant.\r\n\r\n## Related PRs\r\n-
#50695 - `7.6.0`, deprecated\r\n -
`/api/security/v1/me`\r\n - `/api/security/v1/logout`\r\n -
`/api/security/v1/oidc/implicit`\r\n - `/api/security/v1/oidc`
(POST)\r\n- #53886 - `7.6.0`,
deprecated\r\n`/api/security/v1/oidc` (GET)\r\n-
#47929 - `8.0.0`,
dropped\r\n`/api/security/v1/saml` (`breaking` release note)\r\n-
#106665 -
restored\r\n`/api/security/v1/saml` but warned as deprecated (no release
note)\r\n\r\n## Testing\r\n1. Start ES & Kibana in trial license
mode\r\n2. Make several calls to one or more of the deprecated
endpoints\r\n3. Navigate to `Stack Management`->`Upgrade
Assistant`\r\n4. Click on Kibana warnings\r\n<img width=\"1003\"
alt=\"Screenshot 2024-11-18 at 10 01
10 AM\"\r\nsrc=\"https://github.com/user-attachments/assets/da44af13-57eb-4ffd-a507-e423eb767a11\">\r\n5.
Confirm the called endpoints are displayed as warnings in the
Upgrade\r\nAssistant\r\n<img width=\"1274\" alt=\"Screenshot 2024-11-18
at 9 59
34 AM\"\r\nsrc=\"https://github.com/user-attachments/assets/4c054fbe-6838-48cf-8b1b-8c161252db0f\">\r\n\r\n##
Previous release notes \r\n###
v7.6.0\r\n\r\nhttps://www.elastic.co/guide/en/kibana/7.6/release-notes-7.6.0.html#deprecation-7.6.0\r\nhttps://www.elastic.co/guide/en/kibana/7.6/breaking-changes-7.6.html\r\nThe
deprecations are not listed in the release notes or breaking
changes\r\nnotes.\r\n\r\n###
v8.0.0\r\n\r\nhttps://www.elastic.co/guide/en/kibana/current/release-notes-8.0.0-alpha1.html#rest-api-changes\r\nSAML
endpoint deprecation only appears in the 8.0.0-alpha1 release\r\nnotes,
and was reverted in 8.0.0-alpha2\r\n\r\n# Release note\r\nSee
`docs/upgrade-notes.asciidoc` in file changes\r\n\r\n# Follow-up\r\nA
follow-up PR must be created to create and backfill the
docLinks.\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine
<[email protected]>","sha":"742ae9fd2a255d5ba15100d644e7de3540e28f60","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:deprecation","Team:Security","backport
missing","v9.0.0","backport:prev-minor","v8.18.0"],"number":199656,"url":"https://github.com/elastic/kibana/pull/199656","mergeCommit":{"message":"Surface
Kibana security route deprecations in Upgrade Assistant
(#199656)\n\nCloses #197389\r\n\r\n## Summary\r\n\r\nUses the
`deprecated` route configuration option on all Kibana Security\r\n\"v1\"
endpoints. This will surface deprecation information in the
Upgrade\r\nAssistant.\r\n\r\n## Related PRs\r\n-
#50695 - `7.6.0`, deprecated\r\n -
`/api/security/v1/me`\r\n - `/api/security/v1/logout`\r\n -
`/api/security/v1/oidc/implicit`\r\n - `/api/security/v1/oidc`
(POST)\r\n- #53886 - `7.6.0`,
deprecated\r\n`/api/security/v1/oidc` (GET)\r\n-
#47929 - `8.0.0`,
dropped\r\n`/api/security/v1/saml` (`breaking` release note)\r\n-
#106665 -
restored\r\n`/api/security/v1/saml` but warned as deprecated (no release
note)\r\n\r\n## Testing\r\n1. Start ES & Kibana in trial license
mode\r\n2. Make several calls to one or more of the deprecated
endpoints\r\n3. Navigate to `Stack Management`->`Upgrade
Assistant`\r\n4. Click on Kibana warnings\r\n<img width=\"1003\"
alt=\"Screenshot 2024-11-18 at 10 01
10 AM\"\r\nsrc=\"https://github.com/user-attachments/assets/da44af13-57eb-4ffd-a507-e423eb767a11\">\r\n5.
Confirm the called endpoints are displayed as warnings in the
Upgrade\r\nAssistant\r\n<img width=\"1274\" alt=\"Screenshot 2024-11-18
at 9 59
34 AM\"\r\nsrc=\"https://github.com/user-attachments/assets/4c054fbe-6838-48cf-8b1b-8c161252db0f\">\r\n\r\n##
Previous release notes \r\n###
v7.6.0\r\n\r\nhttps://www.elastic.co/guide/en/kibana/7.6/release-notes-7.6.0.html#deprecation-7.6.0\r\nhttps://www.elastic.co/guide/en/kibana/7.6/breaking-changes-7.6.html\r\nThe
deprecations are not listed in the release notes or breaking
changes\r\nnotes.\r\n\r\n###
v8.0.0\r\n\r\nhttps://www.elastic.co/guide/en/kibana/current/release-notes-8.0.0-alpha1.html#rest-api-changes\r\nSAML
endpoint deprecation only appears in the 8.0.0-alpha1 release\r\nnotes,
and was reverted in 8.0.0-alpha2\r\n\r\n# Release note\r\nSee
`docs/upgrade-notes.asciidoc` in file changes\r\n\r\n# Follow-up\r\nA
follow-up PR must be created to create and backfill the
docLinks.\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine
<[email protected]>","sha":"742ae9fd2a255d5ba15100d644e7de3540e28f60"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/199656","number":199656,"mergeCommit":{"message":"Surface
Kibana security route deprecations in Upgrade Assistant
(#199656)\n\nCloses #197389\r\n\r\n## Summary\r\n\r\nUses the
`deprecated` route configuration option on all Kibana Security\r\n\"v1\"
endpoints. This will surface deprecation information in the
Upgrade\r\nAssistant.\r\n\r\n## Related PRs\r\n-
#50695 - `7.6.0`, deprecated\r\n -
`/api/security/v1/me`\r\n - `/api/security/v1/logout`\r\n -
`/api/security/v1/oidc/implicit`\r\n - `/api/security/v1/oidc`
(POST)\r\n- #53886 - `7.6.0`,
deprecated\r\n`/api/security/v1/oidc` (GET)\r\n-
#47929 - `8.0.0`,
dropped\r\n`/api/security/v1/saml` (`breaking` release note)\r\n-
#106665 -
restored\r\n`/api/security/v1/saml` but warned as deprecated (no release
note)\r\n\r\n## Testing\r\n1. Start ES & Kibana in trial license
mode\r\n2. Make several calls to one or more of the deprecated
endpoints\r\n3. Navigate to `Stack Management`->`Upgrade
Assistant`\r\n4. Click on Kibana warnings\r\n<img width=\"1003\"
alt=\"Screenshot 2024-11-18 at 10 01
10 AM\"\r\nsrc=\"https://github.com/user-attachments/assets/da44af13-57eb-4ffd-a507-e423eb767a11\">\r\n5.
Confirm the called endpoints are displayed as warnings in the
Upgrade\r\nAssistant\r\n<img width=\"1274\" alt=\"Screenshot 2024-11-18
at 9 59
34 AM\"\r\nsrc=\"https://github.com/user-attachments/assets/4c054fbe-6838-48cf-8b1b-8c161252db0f\">\r\n\r\n##
Previous release notes \r\n###
v7.6.0\r\n\r\nhttps://www.elastic.co/guide/en/kibana/7.6/release-notes-7.6.0.html#deprecation-7.6.0\r\nhttps://www.elastic.co/guide/en/kibana/7.6/breaking-changes-7.6.html\r\nThe
deprecations are not listed in the release notes or breaking
changes\r\nnotes.\r\n\r\n###
v8.0.0\r\n\r\nhttps://www.elastic.co/guide/en/kibana/current/release-notes-8.0.0-alpha1.html#rest-api-changes\r\nSAML
endpoint deprecation only appears in the 8.0.0-alpha1 release\r\nnotes,
and was reverted in 8.0.0-alpha2\r\n\r\n# Release note\r\nSee
`docs/upgrade-notes.asciidoc` in file changes\r\n\r\n# Follow-up\r\nA
follow-up PR must be created to create and backfill the
docLinks.\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine
<[email protected]>","sha":"742ae9fd2a255d5ba15100d644e7de3540e28f60"}},{"branch":"8.18","label":"v8.18.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->
CAWilson94 pushed a commit to CAWilson94/kibana that referenced this issue Dec 12, 2024
@jeramysoucy @kibanamachine @CAWilson94
Surface Kibana security route deprecations in Upgrade Assistant (elas…
8bf9487 
…tic#199656)

Closes elastic#197389

## Summary

Uses the `deprecated` route configuration option on all Kibana Security
"v1" endpoints. This will surface deprecation information in the Upgrade
Assistant.

## Related PRs
- elastic#50695 - `7.6.0`, deprecated
    - `/api/security/v1/me`
    - `/api/security/v1/logout`
    - `/api/security/v1/oidc/implicit`
    - `/api/security/v1/oidc` (POST)
- elastic#53886 - `7.6.0`, deprecated
`/api/security/v1/oidc` (GET)
- elastic#47929 - `8.0.0`, dropped
`/api/security/v1/saml` (`breaking` release note)
- elastic#106665 - restored
`/api/security/v1/saml` but warned as deprecated (no release note)

## Testing
1.  Start ES & Kibana in trial license mode
2. Make several calls to one or more of the deprecated endpoints
3. Navigate to `Stack Management`->`Upgrade Assistant`
4. Click on Kibana warnings
<img width="1003" alt="Screenshot 2024-11-18 at 10 01 10 AM"
src="https://github.com/user-attachments/assets/da44af13-57eb-4ffd-a507-e423eb767a11">
5. Confirm the called endpoints are displayed as warnings in the Upgrade
Assistant
<img width="1274" alt="Screenshot 2024-11-18 at 9 59 34 AM"
src="https://github.com/user-attachments/assets/4c054fbe-6838-48cf-8b1b-8c161252db0f">

## Previous release notes 
### v7.6.0

https://www.elastic.co/guide/en/kibana/7.6/release-notes-7.6.0.html#deprecation-7.6.0
https://www.elastic.co/guide/en/kibana/7.6/breaking-changes-7.6.html
The deprecations are not listed in the release notes or breaking changes
notes.

### v8.0.0

https://www.elastic.co/guide/en/kibana/current/release-notes-8.0.0-alpha1.html#rest-api-changes
SAML endpoint deprecation only appears in the 8.0.0-alpha1 release
notes, and was reverted in 8.0.0-alpha2

# Release note
See `docs/upgrade-notes.asciidoc` in file changes

# Follow-up
A follow-up PR must be created to create and backfill the docLinks.

---------

Co-authored-by: kibanamachine <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jeramysoucy jeramysoucy

Labels
Feature:Security/Authentication Platform Security - Authentication Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Surface Kibana security route deprecations in Upgrade Assistant jeramysoucy/kibana
3 participants
@azasypkin @elasticmachine @jeramysoucy