forked from elastic/kibana
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[8.x] Unauthorized route migration for routes owned by obs-ux-managem…
…ent-team (elastic#198374) (elastic#201298) # Backport This will backport the following commits from `main` to `8.x`: - [Unauthorized route migration for routes owned by obs-ux-management-team (elastic#198374)](elastic#198374) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Kibana Machine","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-11-21T22:03:55Z","message":"Unauthorized route migration for routes owned by obs-ux-management-team (elastic#198374)\n\n### Authz API migration for unauthorized routes\r\n\r\nThis PR migrates unauthorized routes owned by your team to a new\r\nsecurity configuration.\r\nPlease refer to the documentation for more information: [Authorization\r\nAPI](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization)\r\n\r\n### **Before migration:**\r\n```ts\r\nrouter.get({\r\n path: '/api/path',\r\n ...\r\n}, handler);\r\n```\r\n\r\n### **After migration:**\r\n```ts\r\nrouter.get({\r\n path: '/api/path',\r\n security: {\r\n authz: {\r\n enabled: false,\r\n reason: 'This route is opted out from authorization because ...',\r\n },\r\n },\r\n ...\r\n}, handler);\r\n```\r\n\r\n### What to do next?\r\n1. Review the changes in this PR.\r\n2. Elaborate on the reasoning to opt-out of authorization.\r\n3. Routes without a compelling reason to opt-out of authorization should\r\nplan to introduce them as soon as possible.\r\n2. You might need to update your tests to reflect the new security\r\nconfiguration:\r\n - If you have snapshot tests that include the route definition.\r\n\r\n## Any questions?\r\nIf you have any questions or need help with API authorization, please\r\nreach out to the `@elastic/kibana-security` team.\r\n\r\n---------\r\n\r\nCo-authored-by: Dominique Belcher <[email protected]>\r\nCo-authored-by: Shahzad <[email protected]>","sha":"0b193ec81ed70e1e36cfb824e89d9bf12b7c5b0b","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["enhancement","release_note:skip","Feature:Security/Authorization","v9.0.0","backport:prev-minor","ci:project-deploy-observability","Team:obs-ux-management","Authz: API migration"],"title":"Unauthorized route migration for routes owned by obs-ux-management-team","number":198374,"url":"https://github.com/elastic/kibana/pull/198374","mergeCommit":{"message":"Unauthorized route migration for routes owned by obs-ux-management-team (elastic#198374)\n\n### Authz API migration for unauthorized routes\r\n\r\nThis PR migrates unauthorized routes owned by your team to a new\r\nsecurity configuration.\r\nPlease refer to the documentation for more information: [Authorization\r\nAPI](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization)\r\n\r\n### **Before migration:**\r\n```ts\r\nrouter.get({\r\n path: '/api/path',\r\n ...\r\n}, handler);\r\n```\r\n\r\n### **After migration:**\r\n```ts\r\nrouter.get({\r\n path: '/api/path',\r\n security: {\r\n authz: {\r\n enabled: false,\r\n reason: 'This route is opted out from authorization because ...',\r\n },\r\n },\r\n ...\r\n}, handler);\r\n```\r\n\r\n### What to do next?\r\n1. Review the changes in this PR.\r\n2. Elaborate on the reasoning to opt-out of authorization.\r\n3. Routes without a compelling reason to opt-out of authorization should\r\nplan to introduce them as soon as possible.\r\n2. You might need to update your tests to reflect the new security\r\nconfiguration:\r\n - If you have snapshot tests that include the route definition.\r\n\r\n## Any questions?\r\nIf you have any questions or need help with API authorization, please\r\nreach out to the `@elastic/kibana-security` team.\r\n\r\n---------\r\n\r\nCo-authored-by: Dominique Belcher <[email protected]>\r\nCo-authored-by: Shahzad <[email protected]>","sha":"0b193ec81ed70e1e36cfb824e89d9bf12b7c5b0b"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/198374","number":198374,"mergeCommit":{"message":"Unauthorized route migration for routes owned by obs-ux-management-team (elastic#198374)\n\n### Authz API migration for unauthorized routes\r\n\r\nThis PR migrates unauthorized routes owned by your team to a new\r\nsecurity configuration.\r\nPlease refer to the documentation for more information: [Authorization\r\nAPI](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization)\r\n\r\n### **Before migration:**\r\n```ts\r\nrouter.get({\r\n path: '/api/path',\r\n ...\r\n}, handler);\r\n```\r\n\r\n### **After migration:**\r\n```ts\r\nrouter.get({\r\n path: '/api/path',\r\n security: {\r\n authz: {\r\n enabled: false,\r\n reason: 'This route is opted out from authorization because ...',\r\n },\r\n },\r\n ...\r\n}, handler);\r\n```\r\n\r\n### What to do next?\r\n1. Review the changes in this PR.\r\n2. Elaborate on the reasoning to opt-out of authorization.\r\n3. Routes without a compelling reason to opt-out of authorization should\r\nplan to introduce them as soon as possible.\r\n2. You might need to update your tests to reflect the new security\r\nconfiguration:\r\n - If you have snapshot tests that include the route definition.\r\n\r\n## Any questions?\r\nIf you have any questions or need help with API authorization, please\r\nreach out to the `@elastic/kibana-security` team.\r\n\r\n---------\r\n\r\nCo-authored-by: Dominique Belcher <[email protected]>\r\nCo-authored-by: Shahzad <[email protected]>","sha":"0b193ec81ed70e1e36cfb824e89d9bf12b7c5b0b"}}]}] BACKPORT-->
- Loading branch information
1 parent
8f29268
commit 44be16f
Showing
11 changed files
with
276 additions
and
65 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.