Surface Kibana security route deprecations in Upgrade Assistant #199656
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jeramysoucy
added
Team:Security
jeramysoucy
changed the title
jeramysoucy
commented
Nov 13, 2024
Comment on lines
-808
to
-827
| [discrete] | ||
| [[breaking-47929]] | ||
| .[Security] Removed `/api/security/v1/saml` route. (8.0) | ||
| [%collapsible] | ||
| ==== | ||
| *Details* + | ||
| The `/api/security/v1/saml` route has been removed and is reflected in the kibana.yml `server.xsrf.whitelist` setting, {es}, and the Identity Provider SAML settings. For more information, refer to {kibana-pull}47929[#47929] | ||
|
|
||
| *Impact* + | ||
| Use the `/api/security/saml/callback` route, or wait to upgrade to 8.0.0-alpha2 when the `/api/security/saml/callback` route breaking change is reverted. | ||
| ==== |
There was a problem hiding this comment.
I opted to remove this section as it seemed redundant with the new section. Plus it was only applicable to 8.0.0-alpha1.
There was a problem hiding this comment.
After #199519 main will only contain 9.0+ changes for this file
|
Pinging @elastic/kibana-security (Team:Security) |
jloleysens
approved these changes
Nov 14, 2024
There was a problem hiding this comment.
LGTM! Thanks for populating these fields @jeramysoucy ! I left a q about populating the links so long.
Did not test locally, are the deprecations showing up as expected in UA?
| @@ -57,11 +59,27 @@ export function defineCommonRoutes({ | |||
| excludeFromOAS: true, | |||
| authRequired: false, | |||
| tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW], | |||
| ...(isDeprecated && { | |||
| deprecated: { | |||
| documentationUrl: 'https://elastic.co', // ToDo: Update with docLink to upgrade note | |||
There was a problem hiding this comment.
With the PR known and the release note added, I think we can go ahead and populate this following the template's instructions about doc links. Ditto for other instances!
There was a problem hiding this comment.
@jloleysens Done in 97153f1
I tested with a couple of the routes, and the deprecations showed up in the UA, however there was a bit of a delay from calling the APIs to when the UA would begin displaying them. |
florent-leborgne
approved these changes
Nov 18, 2024
There was a problem hiding this comment.
LGTM from docs perspective. Thanks for completing the upgrade-notes file. Note that this file will just contain 9.0+ entries on main after I merge #199519
Comment on lines
-808
to
-827
| [discrete] | ||
| [[breaking-47929]] | ||
| .[Security] Removed `/api/security/v1/saml` route. (8.0) | ||
| [%collapsible] | ||
| ==== | ||
| *Details* + | ||
| The `/api/security/v1/saml` route has been removed and is reflected in the kibana.yml `server.xsrf.whitelist` setting, {es}, and the Identity Provider SAML settings. For more information, refer to {kibana-pull}47929[#47929] | ||
|
|
||
| *Impact* + | ||
| Use the `/api/security/saml/callback` route, or wait to upgrade to 8.0.0-alpha2 when the `/api/security/saml/callback` route breaking change is reverted. | ||
| ==== |
There was a problem hiding this comment.
After #199519 main will only contain 9.0+ changes for this file
azasypkin
approved these changes
Nov 18, 2024
💛 Build succeeded, but was flaky
Failed CI StepsTest FailuresMetrics [docs]Async chunks
Page load bundle
History
|
|
Starting backport for target branches: 8.15, 8.16, 8.x https://github.com/elastic/kibana/actions/runs/11909463316 |
💔 All backports failed
Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
This was referenced Nov 19, 2024
kibanamachine
added
the
backport missing
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
jeramysoucy
added
backport:prev-minor
|
Starting backport for target branches: 8.17, 8.x https://github.com/elastic/kibana/actions/runs/11969286800 |
💔 All backports failed
Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
jeramysoucy
added a commit
to jeramysoucy/kibana
that referenced
this pull request
Nov 22, 2024
…tic#199656) Closes elastic#197389 ## Summary Uses the `deprecated` route configuration option on all Kibana Security "v1" endpoints. This will surface deprecation information in the Upgrade Assistant. ## Related PRs - elastic#50695 - `7.6.0`, deprecated - `/api/security/v1/me` - `/api/security/v1/logout` - `/api/security/v1/oidc/implicit` - `/api/security/v1/oidc` (POST) - elastic#53886 - `7.6.0`, deprecated `/api/security/v1/oidc` (GET) - elastic#47929 - `8.0.0`, dropped `/api/security/v1/saml` (`breaking` release note) - elastic#106665 - restored `/api/security/v1/saml` but warned as deprecated (no release note) ## Testing 1. Start ES & Kibana in trial license mode 2. Make several calls to one or more of the deprecated endpoints 3. Navigate to `Stack Management`->`Upgrade Assistant` 4. Click on Kibana warnings <img width="1003" alt="Screenshot 2024-11-18 at 10 01 10 AM" src="https://github.com/user-attachments/assets/da44af13-57eb-4ffd-a507-e423eb767a11"> 5. Confirm the called endpoints are displayed as warnings in the Upgrade Assistant <img width="1274" alt="Screenshot 2024-11-18 at 9 59 34 AM" src="https://github.com/user-attachments/assets/4c054fbe-6838-48cf-8b1b-8c161252db0f"> ## Previous release notes ### v7.6.0 https://www.elastic.co/guide/en/kibana/7.6/release-notes-7.6.0.html#deprecation-7.6.0 https://www.elastic.co/guide/en/kibana/7.6/breaking-changes-7.6.html The deprecations are not listed in the release notes or breaking changes notes. ### v8.0.0 https://www.elastic.co/guide/en/kibana/current/release-notes-8.0.0-alpha1.html#rest-api-changes SAML endpoint deprecation only appears in the 8.0.0-alpha1 release notes, and was reverted in 8.0.0-alpha2 # Release note See `docs/upgrade-notes.asciidoc` in file changes # Follow-up A follow-up PR must be created to create and backfill the docLinks. --------- Co-authored-by: kibanamachine <[email protected]> (cherry picked from commit 742ae9f) # Conflicts: # docs/upgrade-notes.asciidoc # x-pack/plugins/security/tsconfig.json
jeramysoucy
added a commit
that referenced
this pull request
Nov 22, 2024
…#199656) (#201320) # Backport This will backport the following commits from `main` to `8.x`: - [Surface Kibana security route deprecations in Upgrade Assistant (#199656)](#199656) <!--- Backport version: 8.9.8 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Jeramy Soucy","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-11-19T08:54:40Z","message":"Surface Kibana security route deprecations in Upgrade Assistant (#199656)\n\nCloses #197389\r\n\r\n## Summary\r\n\r\nUses the `deprecated` route configuration option on all Kibana Security\r\n\"v1\" endpoints. This will surface deprecation information in the Upgrade\r\nAssistant.\r\n\r\n## Related PRs\r\n- #50695 - `7.6.0`, deprecated\r\n - `/api/security/v1/me`\r\n - `/api/security/v1/logout`\r\n - `/api/security/v1/oidc/implicit`\r\n - `/api/security/v1/oidc` (POST)\r\n- #53886 - `7.6.0`, deprecated\r\n`/api/security/v1/oidc` (GET)\r\n- #47929 - `8.0.0`, dropped\r\n`/api/security/v1/saml` (`breaking` release note)\r\n- #106665 - restored\r\n`/api/security/v1/saml` but warned as deprecated (no release note)\r\n\r\n## Testing\r\n1. Start ES & Kibana in trial license mode\r\n2. Make several calls to one or more of the deprecated endpoints\r\n3. Navigate to `Stack Management`->`Upgrade Assistant`\r\n4. Click on Kibana warnings\r\n<img width=\"1003\" alt=\"Screenshot 2024-11-18 at 10 01 10 AM\"\r\nsrc=\"https://github.com/user-attachments/assets/da44af13-57eb-4ffd-a507-e423eb767a11\">\r\n5. Confirm the called endpoints are displayed as warnings in the Upgrade\r\nAssistant\r\n<img width=\"1274\" alt=\"Screenshot 2024-11-18 at 9 59 34 AM\"\r\nsrc=\"https://github.com/user-attachments/assets/4c054fbe-6838-48cf-8b1b-8c161252db0f\">\r\n\r\n## Previous release notes \r\n### v7.6.0\r\n\r\nhttps://www.elastic.co/guide/en/kibana/7.6/release-notes-7.6.0.html#deprecation-7.6.0\r\nhttps://www.elastic.co/guide/en/kibana/7.6/breaking-changes-7.6.html\r\nThe deprecations are not listed in the release notes or breaking changes\r\nnotes.\r\n\r\n### v8.0.0\r\n\r\nhttps://www.elastic.co/guide/en/kibana/current/release-notes-8.0.0-alpha1.html#rest-api-changes\r\nSAML endpoint deprecation only appears in the 8.0.0-alpha1 release\r\nnotes, and was reverted in 8.0.0-alpha2\r\n\r\n# Release note\r\nSee `docs/upgrade-notes.asciidoc` in file changes\r\n\r\n# Follow-up\r\nA follow-up PR must be created to create and backfill the docLinks.\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <[email protected]>","sha":"742ae9fd2a255d5ba15100d644e7de3540e28f60","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:deprecation","Team:Security","backport missing","v9.0.0","backport:prev-minor","v8.18.0"],"number":199656,"url":"https://github.com/elastic/kibana/pull/199656","mergeCommit":{"message":"Surface Kibana security route deprecations in Upgrade Assistant (#199656)\n\nCloses #197389\r\n\r\n## Summary\r\n\r\nUses the `deprecated` route configuration option on all Kibana Security\r\n\"v1\" endpoints. This will surface deprecation information in the Upgrade\r\nAssistant.\r\n\r\n## Related PRs\r\n- #50695 - `7.6.0`, deprecated\r\n - `/api/security/v1/me`\r\n - `/api/security/v1/logout`\r\n - `/api/security/v1/oidc/implicit`\r\n - `/api/security/v1/oidc` (POST)\r\n- #53886 - `7.6.0`, deprecated\r\n`/api/security/v1/oidc` (GET)\r\n- #47929 - `8.0.0`, dropped\r\n`/api/security/v1/saml` (`breaking` release note)\r\n- #106665 - restored\r\n`/api/security/v1/saml` but warned as deprecated (no release note)\r\n\r\n## Testing\r\n1. Start ES & Kibana in trial license mode\r\n2. Make several calls to one or more of the deprecated endpoints\r\n3. Navigate to `Stack Management`->`Upgrade Assistant`\r\n4. Click on Kibana warnings\r\n<img width=\"1003\" alt=\"Screenshot 2024-11-18 at 10 01 10 AM\"\r\nsrc=\"https://github.com/user-attachments/assets/da44af13-57eb-4ffd-a507-e423eb767a11\">\r\n5. Confirm the called endpoints are displayed as warnings in the Upgrade\r\nAssistant\r\n<img width=\"1274\" alt=\"Screenshot 2024-11-18 at 9 59 34 AM\"\r\nsrc=\"https://github.com/user-attachments/assets/4c054fbe-6838-48cf-8b1b-8c161252db0f\">\r\n\r\n## Previous release notes \r\n### v7.6.0\r\n\r\nhttps://www.elastic.co/guide/en/kibana/7.6/release-notes-7.6.0.html#deprecation-7.6.0\r\nhttps://www.elastic.co/guide/en/kibana/7.6/breaking-changes-7.6.html\r\nThe deprecations are not listed in the release notes or breaking changes\r\nnotes.\r\n\r\n### v8.0.0\r\n\r\nhttps://www.elastic.co/guide/en/kibana/current/release-notes-8.0.0-alpha1.html#rest-api-changes\r\nSAML endpoint deprecation only appears in the 8.0.0-alpha1 release\r\nnotes, and was reverted in 8.0.0-alpha2\r\n\r\n# Release note\r\nSee `docs/upgrade-notes.asciidoc` in file changes\r\n\r\n# Follow-up\r\nA follow-up PR must be created to create and backfill the docLinks.\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <[email protected]>","sha":"742ae9fd2a255d5ba15100d644e7de3540e28f60"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/199656","number":199656,"mergeCommit":{"message":"Surface Kibana security route deprecations in Upgrade Assistant (#199656)\n\nCloses #197389\r\n\r\n## Summary\r\n\r\nUses the `deprecated` route configuration option on all Kibana Security\r\n\"v1\" endpoints. This will surface deprecation information in the Upgrade\r\nAssistant.\r\n\r\n## Related PRs\r\n- #50695 - `7.6.0`, deprecated\r\n - `/api/security/v1/me`\r\n - `/api/security/v1/logout`\r\n - `/api/security/v1/oidc/implicit`\r\n - `/api/security/v1/oidc` (POST)\r\n- #53886 - `7.6.0`, deprecated\r\n`/api/security/v1/oidc` (GET)\r\n- #47929 - `8.0.0`, dropped\r\n`/api/security/v1/saml` (`breaking` release note)\r\n- #106665 - restored\r\n`/api/security/v1/saml` but warned as deprecated (no release note)\r\n\r\n## Testing\r\n1. Start ES & Kibana in trial license mode\r\n2. Make several calls to one or more of the deprecated endpoints\r\n3. Navigate to `Stack Management`->`Upgrade Assistant`\r\n4. Click on Kibana warnings\r\n<img width=\"1003\" alt=\"Screenshot 2024-11-18 at 10 01 10 AM\"\r\nsrc=\"https://github.com/user-attachments/assets/da44af13-57eb-4ffd-a507-e423eb767a11\">\r\n5. Confirm the called endpoints are displayed as warnings in the Upgrade\r\nAssistant\r\n<img width=\"1274\" alt=\"Screenshot 2024-11-18 at 9 59 34 AM\"\r\nsrc=\"https://github.com/user-attachments/assets/4c054fbe-6838-48cf-8b1b-8c161252db0f\">\r\n\r\n## Previous release notes \r\n### v7.6.0\r\n\r\nhttps://www.elastic.co/guide/en/kibana/7.6/release-notes-7.6.0.html#deprecation-7.6.0\r\nhttps://www.elastic.co/guide/en/kibana/7.6/breaking-changes-7.6.html\r\nThe deprecations are not listed in the release notes or breaking changes\r\nnotes.\r\n\r\n### v8.0.0\r\n\r\nhttps://www.elastic.co/guide/en/kibana/current/release-notes-8.0.0-alpha1.html#rest-api-changes\r\nSAML endpoint deprecation only appears in the 8.0.0-alpha1 release\r\nnotes, and was reverted in 8.0.0-alpha2\r\n\r\n# Release note\r\nSee `docs/upgrade-notes.asciidoc` in file changes\r\n\r\n# Follow-up\r\nA follow-up PR must be created to create and backfill the docLinks.\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine <[email protected]>","sha":"742ae9fd2a255d5ba15100d644e7de3540e28f60"}},{"branch":"8.18","label":"v8.18.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT-->
kibanamachine
removed
the
backport missing
CAWilson94
pushed a commit
to CAWilson94/kibana
that referenced
this pull request
Dec 12, 2024
…tic#199656) Closes elastic#197389 ## Summary Uses the `deprecated` route configuration option on all Kibana Security "v1" endpoints. This will surface deprecation information in the Upgrade Assistant. ## Related PRs - elastic#50695 - `7.6.0`, deprecated - `/api/security/v1/me` - `/api/security/v1/logout` - `/api/security/v1/oidc/implicit` - `/api/security/v1/oidc` (POST) - elastic#53886 - `7.6.0`, deprecated `/api/security/v1/oidc` (GET) - elastic#47929 - `8.0.0`, dropped `/api/security/v1/saml` (`breaking` release note) - elastic#106665 - restored `/api/security/v1/saml` but warned as deprecated (no release note) ## Testing 1. Start ES & Kibana in trial license mode 2. Make several calls to one or more of the deprecated endpoints 3. Navigate to `Stack Management`->`Upgrade Assistant` 4. Click on Kibana warnings <img width="1003" alt="Screenshot 2024-11-18 at 10 01 10 AM" src="https://github.com/user-attachments/assets/da44af13-57eb-4ffd-a507-e423eb767a11"> 5. Confirm the called endpoints are displayed as warnings in the Upgrade Assistant <img width="1274" alt="Screenshot 2024-11-18 at 9 59 34 AM" src="https://github.com/user-attachments/assets/4c054fbe-6838-48cf-8b1b-8c161252db0f"> ## Previous release notes ### v7.6.0 https://www.elastic.co/guide/en/kibana/7.6/release-notes-7.6.0.html#deprecation-7.6.0 https://www.elastic.co/guide/en/kibana/7.6/breaking-changes-7.6.html The deprecations are not listed in the release notes or breaking changes notes. ### v8.0.0 https://www.elastic.co/guide/en/kibana/current/release-notes-8.0.0-alpha1.html#rest-api-changes SAML endpoint deprecation only appears in the 8.0.0-alpha1 release notes, and was reverted in 8.0.0-alpha2 # Release note See `docs/upgrade-notes.asciidoc` in file changes # Follow-up A follow-up PR must be created to create and backfill the docLinks. --------- Co-authored-by: kibanamachine <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #197389
Summary
Uses the
deprecatedroute configuration option on all Kibana Security "v1" endpoints. This will surface deprecation information in the Upgrade Assistant.Related PRs
7.6.0, deprecated/api/security/v1/me/api/security/v1/logout/api/security/v1/oidc/implicit/api/security/v1/oidc(POST)/api/security/oidcto/api/security/oidc/callback. #53886 -7.6.0, deprecated/api/security/v1/oidc(GET)/api/security/v1/samlroute in favour of/api/security/saml/callback. #47929 -8.0.0, dropped/api/security/v1/saml(breakingrelease note)/api/security/v1/samlbut warned as deprecated (no release note)Testing
Stack Management->Upgrade AssistantPrevious release notes
v7.6.0
https://www.elastic.co/guide/en/kibana/7.6/release-notes-7.6.0.html#deprecation-7.6.0
https://www.elastic.co/guide/en/kibana/7.6/breaking-changes-7.6.html
The deprecations are not listed in the release notes or breaking changes notes.
v8.0.0
https://www.elastic.co/guide/en/kibana/current/release-notes-8.0.0-alpha1.html#rest-api-changes
SAML endpoint deprecation only appears in the 8.0.0-alpha1 release notes, and was reverted in 8.0.0-alpha2
Release note
See
docs/upgrade-notes.asciidocin file changesFollow-up
A follow-up PR must be created to create and backfill the docLinks.