From 01cd6d8dc6cb7f7fa9c65b8d3f4a3563ab36b4ea Mon Sep 17 00:00:00 2001 From: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Date: Tue, 17 Dec 2024 03:09:46 +1100 Subject: [PATCH] Unauthorized route migration for routes owned by obs-knowledge-team,obs-ux-infra_services-team (#198373) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ### Authz API migration for unauthorized routes This PR migrates unauthorized routes owned by your team to a new security configuration. Please refer to the documentation for more information: [Authorization API](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization) ### **Before migration:** ```ts router.get({ path: '/api/path', ... }, handler); ``` ### **After migration:** ```ts router.get({ path: '/api/path', security: { authz: { enabled: false, reason: 'This route is opted out from authorization because ...', }, }, ... }, handler); ``` ### What to do next? 1. Review the changes in this PR. 2. Elaborate on the reasoning to opt-out of authorization. 3. Routes without a compelling reason to opt-out of authorization should plan to introduce them as soon as possible. 2. You might need to update your tests to reflect the new security configuration: - If you have snapshot tests that include the route definition. ## Any questions? If you have any questions or need help with API authorization, please reach out to the `@elastic/kibana-security` team. Co-authored-by: jennypavlova Co-authored-by: CauĂȘ Marcondes <55978943+cauemarcondes@users.noreply.github.com> Co-authored-by: Elastic Machine --- .../create_apm_event_client/index.test.ts | 60 +++++++++++-------- .../server/routes/metric_indices/index.ts | 6 ++ 2 files changed, 42 insertions(+), 24 deletions(-) diff --git a/x-pack/plugins/observability_solution/apm_data_access/server/lib/helpers/create_es_client/create_apm_event_client/index.test.ts b/x-pack/plugins/observability_solution/apm_data_access/server/lib/helpers/create_es_client/create_apm_event_client/index.test.ts index a349c7c48f687..79084daeb22e6 100644 --- a/x-pack/plugins/observability_solution/apm_data_access/server/lib/helpers/create_es_client/create_apm_event_client/index.test.ts +++ b/x-pack/plugins/observability_solution/apm_data_access/server/lib/helpers/create_es_client/create_apm_event_client/index.test.ts @@ -47,34 +47,46 @@ describe('APMEventClient', () => { const router = createRouter('/'); let abortSignal: AbortSignal | undefined; - router.get({ path: '/', validate: false }, async (context, request, res) => { - const eventClient = new APMEventClient({ - esClient: { - search: async (params: any, { signal }: { signal: AbortSignal }) => { - abortSignal = signal; - await setTimeoutPromise(3_000, undefined, { - signal: abortSignal, - }); - return {}; + router.get( + { + path: '/', + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', }, - } as any, - debug: false, - request, - indices: {} as APMIndices, - options: { - includeFrozen: false, }, - }); + validate: false, + }, + async (context, request, res) => { + const eventClient = new APMEventClient({ + esClient: { + search: async (params: any, { signal }: { signal: AbortSignal }) => { + abortSignal = signal; + await setTimeoutPromise(3_000, undefined, { + signal: abortSignal, + }); + return {}; + }, + } as any, + debug: false, + request, + indices: {} as APMIndices, + options: { + includeFrozen: false, + }, + }); - await eventClient.search('foo', { - apm: { - events: [], - }, - body: { size: 0, track_total_hits: false }, - }); + await eventClient.search('foo', { + apm: { + events: [], + }, + body: { size: 0, track_total_hits: false }, + }); - return res.ok({ body: 'ok' }); - }); + return res.ok({ body: 'ok' }); + } + ); await server.start(); diff --git a/x-pack/plugins/observability_solution/metrics_data_access/server/routes/metric_indices/index.ts b/x-pack/plugins/observability_solution/metrics_data_access/server/routes/metric_indices/index.ts index ebd4ed1943f20..465a7fdf69f22 100644 --- a/x-pack/plugins/observability_solution/metrics_data_access/server/routes/metric_indices/index.ts +++ b/x-pack/plugins/observability_solution/metrics_data_access/server/routes/metric_indices/index.ts @@ -50,6 +50,12 @@ export function initMetricIndicesRoute({ router.get( { path: `/api/metrics/indices`, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: false, }, async (context, _req, res) => {