-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[EEM] Disable authorization checks on endpoints #198695
[EEM] Disable authorization checks on endpoints #198695
Conversation
x-pack/plugins/entity_manager/server/lib/entities/find_entity_definition.ts
Show resolved
Hide resolved
@klacabane This LGTM but I cannot approve since I opened the PR, so feel free to approve and merge 👍🏼 |
💚 Build Succeeded
Metrics [docs]
History
cc @klacabane |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM from EA
@klacabane I think we should backport this to 8.x |
Disable authorization checks on all entity manager endpoints. Also makes two notable changes to the endpoints/EntityClient behaviour: - previously the EntityClient accepted a `IScopedClusterClient` and abstracted usage of asInternalUser/asCurrentUser in its methods which may result in unwanted behavior for consumers. It now only accepts an `ElasticsearchClient` that is preauthenticated by the consumers - added permissions verifications to custom definition endpoints --------- Co-authored-by: Kevin Lacabane <[email protected]> Co-authored-by: kibanamachine <[email protected]>
Disable authorization checks on all entity manager endpoints. Also makes two notable changes to the endpoints/EntityClient behaviour: - previously the EntityClient accepted a `IScopedClusterClient` and abstracted usage of asInternalUser/asCurrentUser in its methods which may result in unwanted behavior for consumers. It now only accepts an `ElasticsearchClient` that is preauthenticated by the consumers - added permissions verifications to custom definition endpoints --------- Co-authored-by: Kevin Lacabane <[email protected]> Co-authored-by: kibanamachine <[email protected]>
Starting backport for target branches: 8.x https://github.com/elastic/kibana/actions/runs/11893308484 |
Starting backport for target branches: 8.x https://github.com/elastic/kibana/actions/runs/11893308515 |
Disable authorization checks on all entity manager endpoints. Also makes two notable changes to the endpoints/EntityClient behaviour: - previously the EntityClient accepted a `IScopedClusterClient` and abstracted usage of asInternalUser/asCurrentUser in its methods which may result in unwanted behavior for consumers. It now only accepts an `ElasticsearchClient` that is preauthenticated by the consumers - added permissions verifications to custom definition endpoints --------- Co-authored-by: Kevin Lacabane <[email protected]> Co-authored-by: kibanamachine <[email protected]> (cherry picked from commit 94d7df3)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
Disable authorization checks on all entity manager endpoints. Also makes two notable changes to the endpoints/EntityClient behaviour: - previously the EntityClient accepted a `IScopedClusterClient` and abstracted usage of asInternalUser/asCurrentUser in its methods which may result in unwanted behavior for consumers. It now only accepts an `ElasticsearchClient` that is preauthenticated by the consumers - added permissions verifications to custom definition endpoints --------- Co-authored-by: Kevin Lacabane <[email protected]> Co-authored-by: kibanamachine <[email protected]> (cherry picked from commit 94d7df3)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
) # Backport This will backport the following commits from `main` to `8.x`: - [[EEM] Disable authorization checks on endpoints (#198695)](#198695) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Milton Hultgren","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-11-14T08:32:57Z","message":"[EEM] Disable authorization checks on endpoints (#198695)\n\nDisable authorization checks on all entity manager endpoints.\r\n\r\nAlso makes two notable changes to the endpoints/EntityClient behaviour:\r\n- previously the EntityClient accepted a `IScopedClusterClient` and\r\nabstracted usage of asInternalUser/asCurrentUser in its methods which\r\nmay result in unwanted behavior for consumers. It now only accepts an\r\n`ElasticsearchClient` that is preauthenticated by the consumers\r\n- added permissions verifications to custom definition endpoints\r\n\r\n---------\r\n\r\nCo-authored-by: Kevin Lacabane <[email protected]>\r\nCo-authored-by: kibanamachine <[email protected]>","sha":"94d7df3ae7ae6c482906ec8946e61a62e05b1960","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","backport:prev-minor"],"title":"[EEM] Disable authorization checks on endpoints","number":198695,"url":"https://github.com/elastic/kibana/pull/198695","mergeCommit":{"message":"[EEM] Disable authorization checks on endpoints (#198695)\n\nDisable authorization checks on all entity manager endpoints.\r\n\r\nAlso makes two notable changes to the endpoints/EntityClient behaviour:\r\n- previously the EntityClient accepted a `IScopedClusterClient` and\r\nabstracted usage of asInternalUser/asCurrentUser in its methods which\r\nmay result in unwanted behavior for consumers. It now only accepts an\r\n`ElasticsearchClient` that is preauthenticated by the consumers\r\n- added permissions verifications to custom definition endpoints\r\n\r\n---------\r\n\r\nCo-authored-by: Kevin Lacabane <[email protected]>\r\nCo-authored-by: kibanamachine <[email protected]>","sha":"94d7df3ae7ae6c482906ec8946e61a62e05b1960"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/198695","number":198695,"mergeCommit":{"message":"[EEM] Disable authorization checks on endpoints (#198695)\n\nDisable authorization checks on all entity manager endpoints.\r\n\r\nAlso makes two notable changes to the endpoints/EntityClient behaviour:\r\n- previously the EntityClient accepted a `IScopedClusterClient` and\r\nabstracted usage of asInternalUser/asCurrentUser in its methods which\r\nmay result in unwanted behavior for consumers. It now only accepts an\r\n`ElasticsearchClient` that is preauthenticated by the consumers\r\n- added permissions verifications to custom definition endpoints\r\n\r\n---------\r\n\r\nCo-authored-by: Kevin Lacabane <[email protected]>\r\nCo-authored-by: kibanamachine <[email protected]>","sha":"94d7df3ae7ae6c482906ec8946e61a62e05b1960"}}]}] BACKPORT--> Co-authored-by: Milton Hultgren <[email protected]>
Disable authorization checks on all entity manager endpoints.
Also makes two notable changes to the endpoints/EntityClient behaviour:
IScopedClusterClient
and abstracted usage of asInternalUser/asCurrentUser in its methods which may result in unwanted behavior for consumers. It now only accepts anElasticsearchClient
that is preauthenticated by the consumers