elastic · jeramysoucy · Oct 3, 2024 · Sep 20, 2024 · Sep 20, 2024 · Sep 20, 2024
@@ -322,7 +322,10 @@ export interface HttpFetchOptions extends HttpRequestInit {
 
   context?: KibanaExecutionContext;
 
-  /** @experimental */
+  /**
+   * When defined, the API version string used to populate the ELASTIC_HTTP_VERSION_HEADER.
+   * Defaults to undefined.
+   */
   version?: ApiVersion;
 }
 

@@ -16,15 +16,19 @@ export class Role {
 
   public async create(name: string, role: any) {
     this.log.debug(`creating role ${name}`);
-    const { data, status, statusText } = await this.kibanaServer.request({
-      path: `/api/security/role/${name}`,
-      method: 'PUT',
-      body: {
-        kibana: role.kibana,
-        elasticsearch: role.elasticsearch,
-      },
-      retries: 0,
-    });
+    const { data, status, statusText } = await this.kibanaServer
+      .request({
+        path: `/api/security/role/${name}`,
+        method: 'PUT',
+        body: {
+          kibana: role.kibana,
+          elasticsearch: role.elasticsearch,
+        },
+        retries: 0,
+      })
+      .catch((e) => {
+        throw new Error(util.inspect(e.axiosError.response, true));
+      });
     if (status !== 204) {
       throw new Error(
         `Expected status code of 204, received ${status} ${statusText}: ${util.inspect(data)}`

@@ -13,6 +13,6 @@
     "@kbn/test-subj-selector",
     "@kbn/ftr-common-functional-services",
     "@kbn/std",
-    "@kbn/expect"
+    "@kbn/expect",
   ]
 }
@@ -120,6 +120,11 @@ export async function runTests(log: ToolingLog, options: RunTestsOptions) {
             logsDir: options.logsDir,
             installDir: options.installDir,
             onEarlyExit,
+            extraKbnOpts: [
+              config.get('serverless')
+                ? '--server.versioned.versionResolution=newest'
+                : '--server.versioned.versionResolution=oldest',
+            ],
           });
 
           if (abortCtrl.signal.aborted) {

@@ -111,3 +111,14 @@ export const SESSION_ROUTE = '/internal/security/session';
  * Allowed image file types for uploading an image as avatar
  */
 export const IMAGE_FILE_TYPES = ['image/svg+xml', 'image/jpeg', 'image/png', 'image/gif'];
+
+/**
+ * The API version numbers used with the versioned router.
+ */
+export const API_VERSIONS = {
+  roles: {
+    public: {
+      v1: '2023-10-31',
+    },
+  },
+};
@@ -9,9 +9,11 @@ import Boom from '@hapi/boom';
 
 import { kibanaResponseFactory } from '@kbn/core/server';
 import { coreMock, httpServerMock } from '@kbn/core/server/mocks';
+import type { MockedVersionedRouter } from '@kbn/core-http-router-server-mocks';
 import type { LicenseCheck } from '@kbn/licensing-plugin/server';
 
 import { defineDeleteRolesRoutes } from './delete';
+import { API_VERSIONS } from '../../../../common/constants';
 import { routeDefinitionParamsMock } from '../../index.mock';
 
 interface TestOptions {
@@ -28,6 +30,8 @@ describe('DELETE role', () => {
   ) => {
     test(description, async () => {
       const mockRouteDefinitionParams = routeDefinitionParamsMock.create();
+      const versionedRouterMock = mockRouteDefinitionParams.router
+        .versioned as MockedVersionedRouter;
       const mockCoreContext = coreMock.createRequestHandlerContext();
       const mockLicensingContext = {
         license: { check: jest.fn().mockReturnValue(licenseCheckResult) },
@@ -44,7 +48,9 @@ describe('DELETE role', () => {
       }
 
       defineDeleteRolesRoutes(mockRouteDefinitionParams);
-      const [[, handler]] = mockRouteDefinitionParams.router.delete.mock.calls;
+      const handler = versionedRouterMock.getRoute('delete', '/api/security/role/{name}').versions[
+        API_VERSIONS.roles.public.v1
+      ].handler;
 
       const headers = { authorization: 'foo' };
       const mockRequest = httpServerMock.createKibanaRequest({

@@ -8,32 +8,37 @@
 import { schema } from '@kbn/config-schema';
 
 import type { RouteDefinitionParams } from '../..';
+import { API_VERSIONS } from '../../../../common/constants';
 import { wrapIntoCustomErrorResponse } from '../../../errors';
 import { createLicensedRouteHandler } from '../../licensed_route_handler';
 
 export function defineDeleteRolesRoutes({ router }: RouteDefinitionParams) {
-  router.delete(
-    {
+  router.versioned
+    .delete({
       path: '/api/security/role/{name}',
-      options: {
-        access: 'public',
-        summary: `Delete a role`,
-      },
-      validate: {
-        params: schema.object({ name: schema.string({ minLength: 1 }) }),
+      access: 'public',
+      summary: `Delete a role`,
+    })
+    .addVersion(
+      {
+        version: API_VERSIONS.roles.public.v1,
+        validate: {
+          request: {
+            params: schema.object({ name: schema.string({ minLength: 1 }) }),
+          },
+        },
       },
-    },
-    createLicensedRouteHandler(async (context, request, response) => {
-      try {
-        const esClient = (await context.core).elasticsearch.client;
-        await esClient.asCurrentUser.security.deleteRole({
-          name: request.params.name,
-        });
+      createLicensedRouteHandler(async (context, request, response) => {
+        try {
+          const esClient = (await context.core).elasticsearch.client;
+          await esClient.asCurrentUser.security.deleteRole({
+            name: request.params.name,
+          });
 
-        return response.noContent();
-      } catch (error) {
-        return response.customError(wrapIntoCustomErrorResponse(error));
-      }
-    })
-  );
+          return response.noContent();
+        } catch (error) {
+          return response.customError(wrapIntoCustomErrorResponse(error));
+        }
+      })
+    );
 }
@@ -9,9 +9,11 @@ import Boom from '@hapi/boom';
 
 import { kibanaResponseFactory } from '@kbn/core/server';
 import { coreMock, httpServerMock } from '@kbn/core/server/mocks';
+import type { MockedVersionedRouter } from '@kbn/core-http-router-server-mocks';
 import type { LicenseCheck } from '@kbn/licensing-plugin/server';
 
 import { defineGetRolesRoutes } from './get';
+import { API_VERSIONS } from '../../../../common/constants';
 import { routeDefinitionParamsMock } from '../../index.mock';
 
 const application = 'kibana-.kibana';
@@ -31,6 +33,8 @@ describe('GET role', () => {
   ) => {
     test(description, async () => {
       const mockRouteDefinitionParams = routeDefinitionParamsMock.create();
+      const versionedRouterMock = mockRouteDefinitionParams.router
+        .versioned as MockedVersionedRouter;
       mockRouteDefinitionParams.authz.applicationName = application;
       mockRouteDefinitionParams.getFeatures = jest.fn().mockResolvedValue([]);
 
@@ -50,7 +54,9 @@ describe('GET role', () => {
       }
 
       defineGetRolesRoutes(mockRouteDefinitionParams);
-      const [[, handler]] = mockRouteDefinitionParams.router.get.mock.calls;
+      const handler = versionedRouterMock.getRoute('get', '/api/security/role/{name}').versions[
+        API_VERSIONS.roles.public.v1
+      ].handler;
 
       const headers = { authorization: 'foo' };
       const mockRequest = httpServerMock.createKibanaRequest({

@@ -8,6 +8,7 @@
 import { schema } from '@kbn/config-schema';
 
 import type { RouteDefinitionParams } from '../..';
+import { API_VERSIONS } from '../../../../common/constants';
 import { transformElasticsearchRoleToRole } from '../../../authorization';
 import { wrapIntoCustomErrorResponse } from '../../../errors';
 import { createLicensedRouteHandler } from '../../licensed_route_handler';
@@ -18,47 +19,51 @@ export function defineGetRolesRoutes({
   getFeatures,
   logger,
 }: RouteDefinitionParams) {
-  router.get(
-    {
+  router.versioned
+    .get({
       path: '/api/security/role/{name}',
-      options: {
-        access: 'public',
-        summary: `Get a role`,
-      },
-      validate: {
-        params: schema.object({ name: schema.string({ minLength: 1 }) }),
+      access: 'public',
+      summary: `Get a role`,
+    })
+    .addVersion(
+      {
+        version: API_VERSIONS.roles.public.v1,
+        validate: {
+          request: {
+            params: schema.object({ name: schema.string({ minLength: 1 }) }),
+          },
+        },
       },
-    },
-    createLicensedRouteHandler(async (context, request, response) => {
-      try {
-        const esClient = (await context.core).elasticsearch.client;
+      createLicensedRouteHandler(async (context, request, response) => {
+        try {
+          const esClient = (await context.core).elasticsearch.client;
 
-        const [features, elasticsearchRoles] = await Promise.all([
-          getFeatures(),
-          await esClient.asCurrentUser.security.getRole({
-            name: request.params.name,
-          }),
-        ]);
+          const [features, elasticsearchRoles] = await Promise.all([
+            getFeatures(),
+            await esClient.asCurrentUser.security.getRole({
+              name: request.params.name,
+            }),
+          ]);
 
-        const elasticsearchRole = elasticsearchRoles[request.params.name];
+          const elasticsearchRole = elasticsearchRoles[request.params.name];
 
-        if (elasticsearchRole) {
-          return response.ok({
-            body: transformElasticsearchRoleToRole(
-              features,
-              // @ts-expect-error `SecurityIndicesPrivileges.names` expected to be `string[]`
-              elasticsearchRole,
-              request.params.name,
-              authz.applicationName,
-              logger
-            ),
-          });
-        }
+          if (elasticsearchRole) {
+            return response.ok({
+              body: transformElasticsearchRoleToRole(
+                features,
+                // @ts-expect-error `SecurityIndicesPrivileges.names` expected to be `string[]`
+                elasticsearchRole,
+                request.params.name,
+                authz.applicationName,
+                logger
+              ),
+            });
+          }
 
-        return response.notFound();
-      } catch (error) {
-        return response.customError(wrapIntoCustomErrorResponse(error));
-      }
-    })
-  );
+          return response.notFound();
+        } catch (error) {
+          return response.customError(wrapIntoCustomErrorResponse(error));
+        }
+      })
+    );
 }
@@ -9,9 +9,11 @@ import Boom from '@hapi/boom';
 
 import { kibanaResponseFactory } from '@kbn/core/server';
 import { coreMock, httpServerMock } from '@kbn/core/server/mocks';
+import type { MockedVersionedRouter } from '@kbn/core-http-router-server-mocks';
 import type { LicenseCheck } from '@kbn/licensing-plugin/server';
 
 import { defineGetAllRolesRoutes } from './get_all';
+import { API_VERSIONS } from '../../../../common/constants';
 import { routeDefinitionParamsMock } from '../../index.mock';
 
 const application = 'kibana-.kibana';
@@ -31,6 +33,8 @@ describe('GET all roles', () => {
   ) => {
     test(description, async () => {
       const mockRouteDefinitionParams = routeDefinitionParamsMock.create();
+      const versionedRouterMock = mockRouteDefinitionParams.router
+        .versioned as MockedVersionedRouter;
       mockRouteDefinitionParams.authz.applicationName = application;
       mockRouteDefinitionParams.getFeatures = jest.fn().mockResolvedValue([]);
 
@@ -50,7 +54,9 @@ describe('GET all roles', () => {
       }
 
       defineGetAllRolesRoutes(mockRouteDefinitionParams);
-      const [[, handler]] = mockRouteDefinitionParams.router.get.mock.calls;
+      const handler = versionedRouterMock.getRoute('get', '/api/security/role').versions[
+        API_VERSIONS.roles.public.v1
+      ].handler;
 
       const headers = { authorization: 'foo' };
       const mockRequest = httpServerMock.createKibanaRequest({