Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Uptime] Change API access to new authz authorization paradigm #203319

Closed
jasonrhodes opened this issue Dec 6, 2024 · 3 comments · Fixed by #203415
Closed

[Uptime] Change API access to new authz authorization paradigm #203319

jasonrhodes opened this issue Dec 6, 2024 · 3 comments · Fixed by #203415
Assignees
@fkanout
Labels
Team:obs-ux-management Observability Management User Experience Team

Comments

@jasonrhodes
Copy link
Member

Authorization for API endpoints must be migrated away from the previous use of options.tags: ["access:some_tag"] and replaced with a new security.authz object. Information can be found here: https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization

Note: this should not be confused with the options.access value that is still used to indicate whether an API route is internal or public.

List of uptime routes

Full list of routes in need of manual migration can be found in these issues:

Route Current tag(s)
/internal/uptime/pings access:uptime-read
/internal/uptime/index_status access:uptime-read
/internal/uptime/monitor/details access:uptime-read
/internal/uptime/monitor/locations access:uptime-read
/internal/uptime/monitor/list access:uptime-read
/internal/uptime/monitor/status access:uptime-read
/internal/uptime/snapshot/count access:uptime-read
/internal/uptime/ping/histogram access:uptime-read
/internal/uptime/monitor/duration access:uptime-read
/internal/uptime/journey/{checkGroup} access:uptime-read
/internal/uptime/journey/screenshot/{checkGroup}/{stepIndex} access:uptime-read
/internal/uptime/network_events access:uptime-read
/internal/uptime/journeys/failed_steps access:uptime-read
/internal/uptime/synthetics/check/success access:uptime-read
/internal/uptime/journey/screenshot/block access:uptime-read
/internal/uptime/service/locations access:uptime-read

For an example of this migration, see the PR that migrates all SLO routes
@jasonrhodes jasonrhodes added the Team:obs-ux-management Observability Management User Experience Team label Dec 6, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/obs-ux-management-team (Team:obs-ux-management)

@fkanout fkanout self-assigned this Dec 9, 2024
@fkanout fkanout mentioned this issue Dec 9, 2024
Merged
@fkanout
Copy link
Contributor

fkanout commented Dec 9, 2024

Mostly covered in this PR and now it's completed by this one

@jasonrhodes
Copy link
Member Author

Thanks, @fkanout -- I was under the impression that everything mentioned in this issue was not able to be auto-migrated and required us to manually migrate, not sure why this isn't the case (it creates extra work and distraction for us, unfortunately). I've asked about it here.

fkanout added a commit that referenced this issue Dec 10, 2024
@fkanout
[OBS-UX-MGTM][Uptime] Change API access to new authz authorization pa…
1c6b356 
…radigm (#203415)

## Summary

It fixes #203319
And mostly covered by #198374
CAWilson94 pushed a commit to CAWilson94/kibana that referenced this issue Dec 12, 2024
@fkanout @CAWilson94
[OBS-UX-MGTM][Uptime] Change API access to new authz authorization pa…
018a352 
…radigm (elastic#203415)

## Summary

It fixes elastic#203319
And mostly covered by elastic#198374
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fkanout fkanout

Labels
Team:obs-ux-management Observability Management User Experience Team
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[OBS-UX-MGTM][Uptime] Change API access to new authz authorization paradigm fkanout/kibana
3 participants
@jasonrhodes @fkanout @elasticmachine