From 30442e0471d4ae5d43d3afd7d829164e5b023fcd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9Cjeramysoucy=E2=80=9D?= Date: Mon, 11 Nov 2024 15:23:23 +0100 Subject: [PATCH 01/11] Uses the deprecated route config option on v1 endpoints --- .../authentication/providers/saml.test.ts | 14 ++-- .../server/authentication/providers/saml.ts | 2 +- .../server/routes/authentication/common.ts | 40 ++++++++++-- .../server/routes/authentication/oidc.ts | 65 +++++++++++++++++-- .../server/routes/authentication/saml.ts | 21 +++++- 5 files changed, 125 insertions(+), 17 deletions(-) diff --git a/x-pack/plugins/security/server/authentication/providers/saml.test.ts b/x-pack/plugins/security/server/authentication/providers/saml.test.ts index 15ff615af9ad2..1674ea3479860 100644 --- a/x-pack/plugins/security/server/authentication/providers/saml.test.ts +++ b/x-pack/plugins/security/server/authentication/providers/saml.test.ts @@ -788,7 +788,7 @@ describe('SAMLAuthenticationProvider', () => { method: 'POST', path: '/_security/saml/prepare', body: { - acs: 'test-protocol://test-hostname:1234/mock-server-basepath/api/security/v1/saml', + acs: 'test-protocol://test-hostname:1234/mock-server-basepath/api/security/saml/callback', }, }); @@ -830,7 +830,7 @@ describe('SAMLAuthenticationProvider', () => { method: 'POST', path: '/_security/saml/prepare', body: { - acs: 'test-protocol://test-hostname:1234/mock-server-basepath/api/security/v1/saml', + acs: 'test-protocol://test-hostname:1234/mock-server-basepath/api/security/saml/callback', }, }); @@ -900,7 +900,7 @@ describe('SAMLAuthenticationProvider', () => { method: 'POST', path: '/_security/saml/prepare', body: { - acs: 'test-protocol://test-hostname:1234/mock-server-basepath/api/security/v1/saml', + acs: 'test-protocol://test-hostname:1234/mock-server-basepath/api/security/saml/callback', }, }); }); @@ -1003,7 +1003,7 @@ describe('SAMLAuthenticationProvider', () => { method: 'POST', path: '/_security/saml/prepare', body: { - acs: 'test-protocol://test-hostname:1234/mock-server-basepath/api/security/v1/saml', + acs: 'test-protocol://test-hostname:1234/mock-server-basepath/api/security/saml/callback', }, }); }); @@ -1294,7 +1294,7 @@ describe('SAMLAuthenticationProvider', () => { path: '/_security/saml/invalidate', body: { query_string: 'SAMLRequest=xxx%20yyy', - acs: 'test-protocol://test-hostname:1234/mock-server-basepath/api/security/v1/saml', + acs: 'test-protocol://test-hostname:1234/mock-server-basepath/api/security/saml/callback', }, }); }); @@ -1408,7 +1408,7 @@ describe('SAMLAuthenticationProvider', () => { path: '/_security/saml/invalidate', body: { query_string: 'SAMLRequest=xxx%20yyy', - acs: 'test-protocol://test-hostname:1234/mock-server-basepath/api/security/v1/saml', + acs: 'test-protocol://test-hostname:1234/mock-server-basepath/api/security/saml/callback', }, }); }); @@ -1430,7 +1430,7 @@ describe('SAMLAuthenticationProvider', () => { path: '/_security/saml/invalidate', body: { query_string: 'SAMLRequest=xxx%20yyy', - acs: 'test-protocol://test-hostname:1234/mock-server-basepath/api/security/v1/saml', + acs: 'test-protocol://test-hostname:1234/mock-server-basepath/api/security/saml/callback', }, }); }); diff --git a/x-pack/plugins/security/server/authentication/providers/saml.ts b/x-pack/plugins/security/server/authentication/providers/saml.ts index 56dbd78b2ef34..5f8545003d04a 100644 --- a/x-pack/plugins/security/server/authentication/providers/saml.ts +++ b/x-pack/plugins/security/server/authentication/providers/saml.ts @@ -659,7 +659,7 @@ export class SAMLAuthenticationProvider extends BaseAuthenticationProvider { private getACS() { return `${this.options.getServerBaseURL()}${ this.options.basePath.serverBasePath - }/api/security/v1/saml`; + }/api/security/saml/callback`; } /** diff --git a/x-pack/plugins/security/server/routes/authentication/common.ts b/x-pack/plugins/security/server/routes/authentication/common.ts index 0c91a6c7f3858..01a625ce98dbe 100644 --- a/x-pack/plugins/security/server/routes/authentication/common.ts +++ b/x-pack/plugins/security/server/routes/authentication/common.ts @@ -7,6 +7,7 @@ import type { TypeOf } from '@kbn/config-schema'; import { schema } from '@kbn/config-schema'; +import { i18n } from '@kbn/i18n'; import { parseNextURL } from '@kbn/std'; import type { RouteDefinitionParams } from '..'; @@ -40,6 +41,7 @@ export function defineCommonRoutes({ '/api/security/logout', ...(buildFlavor !== 'serverless' ? ['/api/security/v1/logout'] : []), ]) { + const isDeprecated = path === '/api/security/v1/logout'; router.get( { path, @@ -57,11 +59,27 @@ export function defineCommonRoutes({ excludeFromOAS: true, authRequired: false, tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW], + ...(isDeprecated && { + deprecated: { + documentationUrl: 'https://elastic.co/', + severity: 'critical', + message: i18n.translate('xpack.security.deprecations.logoutRouteMessage', { + defaultMessage: + 'The "{path}" URL is deprecated and will be removed in the next major version, please use "/api/security/logout" instead.', + values: { path }, + }), + reason: { + type: 'migrate', + newApiMethod: 'GET', + newApiPath: '/api/security/logout', + }, + }, + }), }, }, async (context, request, response) => { const serverBasePath = basePath.serverBasePath; - if (path === '/api/security/v1/logout') { + if (isDeprecated) { logger.warn( `The "${serverBasePath}${path}" URL is deprecated and will stop working in the next major version, please use "${serverBasePath}/api/security/logout" URL instead.`, { tags: ['deprecation'] } @@ -96,7 +114,7 @@ export function defineCommonRoutes({ '/internal/security/me', ...(buildFlavor !== 'serverless' ? ['/api/security/v1/me'] : []), ]) { - const deprecated = path === '/api/security/v1/me'; + const isDeprecated = path === '/api/security/v1/me'; router.get( { path, @@ -107,10 +125,24 @@ export function defineCommonRoutes({ }, }, validate: false, - options: { access: deprecated ? 'public' : 'internal' }, + options: { + access: isDeprecated ? 'public' : 'internal', + ...(isDeprecated && { + deprecated: { + documentationUrl: 'https://elastic.co/', // ToDo + severity: 'critical', + message: i18n.translate('xpack.security.deprecations.meRouteMessage', { + defaultMessage: + 'The "{path}" endpoint is deprecated and will be removed in the next major version.', + values: { path }, + }), + reason: { type: 'remove' }, + }, + }), + }, }, createLicensedRouteHandler(async (context, request, response) => { - if (deprecated) { + if (isDeprecated) { logger.warn( `The "${basePath.serverBasePath}${path}" endpoint is deprecated and will be removed in the next major version.`, { tags: ['deprecation'] } diff --git a/x-pack/plugins/security/server/routes/authentication/oidc.ts b/x-pack/plugins/security/server/routes/authentication/oidc.ts index bb1ed6959e690..433be851c52fc 100644 --- a/x-pack/plugins/security/server/routes/authentication/oidc.ts +++ b/x-pack/plugins/security/server/routes/authentication/oidc.ts @@ -28,6 +28,7 @@ export function defineOIDCRoutes({ }: RouteDefinitionParams) { // Generate two identical routes with new and deprecated URL and issue a warning if route with deprecated URL is ever used. for (const path of ['/api/security/oidc/implicit', '/api/security/v1/oidc/implicit']) { + const isDeprecated = path === '/api/security/v1/oidc/implicit'; /** * The route should be configured as a redirect URI in OP when OpenID Connect implicit flow * is used, so that we can extract authentication response from URL fragment and send it to @@ -37,11 +38,31 @@ export function defineOIDCRoutes({ { path, validate: false, - options: { authRequired: false, excludeFromOAS: true }, + options: { + authRequired: false, + excludeFromOAS: true, + ...(isDeprecated && { + deprecated: { + documentationUrl: + 'https://elastic.co/guide/en/elasticsearch/reference/current/oidc-guide.html', + severity: 'critical', + message: i18n.translate('xpack.security.deprecations.oidcImplicitRouteMessage', { + defaultMessage: + 'The "{path}" URL is deprecated and will be removed in the next major version, please use "/api/security/oidc/implicit" instead.', + values: { path }, + }), + reason: { + type: 'migrate', + newApiMethod: 'GET', + newApiPath: '/api/security/oidc/implicit', + }, + }, + }), + }, }, (context, request, response) => { const serverBasePath = basePath.serverBasePath; - if (path === '/api/security/v1/oidc/implicit') { + if (isDeprecated) { logger.warn( `The "${serverBasePath}${path}" URL is deprecated and will stop working in the next major version, please use "${serverBasePath}/api/security/oidc/implicit" URL instead.`, { tags: ['deprecation'] } @@ -84,6 +105,7 @@ export function defineOIDCRoutes({ // Generate two identical routes with new and deprecated URL and issue a warning if route with deprecated URL is ever used. for (const path of ['/api/security/oidc/callback', '/api/security/v1/oidc']) { + const isDeprecated = path === '/api/security/v1/oidc'; router.get( { path, @@ -117,6 +139,23 @@ export function defineOIDCRoutes({ excludeFromOAS: true, authRequired: false, tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW], + ...(isDeprecated && { + deprecated: { + documentationUrl: + 'https://elastic.co/guide/en/elasticsearch/reference/current/oidc-guide.html', + severity: 'critical', + message: i18n.translate('xpack.security.deprecations.oidcCallbackRouteMessage', { + defaultMessage: + 'The "{path}" URL is deprecated and will be removed in the next major version, please use "/api/security/oidc/callback" instead.', + values: { path }, + }), + reason: { + type: 'migrate', + newApiMethod: 'GET', + newApiPath: '/api/security/oidc/callback', + }, + }, + }), }, }, createLicensedRouteHandler(async (context, request, response) => { @@ -133,7 +172,7 @@ export function defineOIDCRoutes({ authenticationResponseURI: request.query.authenticationResponseURI, }; } else if (request.query.code || request.query.error) { - if (path === '/api/security/v1/oidc') { + if (isDeprecated) { logger.warn( `The "${serverBasePath}${path}" URL is deprecated and will stop working in the next major version, please use "${serverBasePath}/api/security/oidc/callback" URL instead.`, { tags: ['deprecation'] } @@ -175,6 +214,7 @@ export function defineOIDCRoutes({ // Generate two identical routes with new and deprecated URL and issue a warning if route with deprecated URL is ever used. for (const path of ['/api/security/oidc/initiate_login', '/api/security/v1/oidc']) { + const isDeprecated = path === '/api/security/v1/oidc'; /** * An HTTP POST request with the payload parameter named `iss` as part of a 3rd party initiated authentication. * See more details at https://openid.net/specs/openid-connect-core-1_0.html#ThirdPartyInitiatedLogin @@ -206,11 +246,28 @@ export function defineOIDCRoutes({ authRequired: false, xsrfRequired: false, tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW], + ...(isDeprecated && { + deprecated: { + documentationUrl: + 'https://elastic.co/guide/en/elasticsearch/reference/current/oidc-guide.html', + severity: 'critical', + message: i18n.translate('xpack.security.deprecations.oidcInitiateRouteMessage', { + defaultMessage: + 'The "{path}" URL is deprecated and will be removed in the next major version, please use "/api/security/oidc/initiate_login" instead.', + values: { path }, + }), + reason: { + type: 'migrate', + newApiMethod: 'POST', + newApiPath: '/api/security/oidc/initiate_login', + }, + }, + }), }, }, createLicensedRouteHandler(async (context, request, response) => { const serverBasePath = basePath.serverBasePath; - if (path === '/api/security/v1/oidc') { + if (isDeprecated) { logger.warn( `The "${serverBasePath}${path}" URL is deprecated and will stop working in the next major version, please use "${serverBasePath}/api/security/oidc/initiate_login" URL for Third-Party Initiated login instead.`, { tags: ['deprecation'] } diff --git a/x-pack/plugins/security/server/routes/authentication/saml.ts b/x-pack/plugins/security/server/routes/authentication/saml.ts index 8cee1df2da88b..20a3f20ee39d3 100644 --- a/x-pack/plugins/security/server/routes/authentication/saml.ts +++ b/x-pack/plugins/security/server/routes/authentication/saml.ts @@ -6,6 +6,7 @@ */ import { schema } from '@kbn/config-schema'; +import { i18n } from '@kbn/i18n'; import type { RouteDefinitionParams } from '..'; import { SAMLAuthenticationProvider, SAMLLogin } from '../../authentication'; @@ -27,6 +28,7 @@ export function defineSAMLRoutes({ '/api/security/saml/callback', ...(buildFlavor !== 'serverless' ? ['/api/security/v1/saml'] : []), ]) { + const isDeprecated = path === '/api/security/v1/saml'; router.post( { path, @@ -48,10 +50,27 @@ export function defineSAMLRoutes({ authRequired: false, xsrfRequired: false, tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW], + ...(isDeprecated && { + deprecated: { + documentationUrl: + 'https://elastic.co/guide/en/elasticsearch/reference/current/saml-guide-stack.html', + severity: 'critical', + message: i18n.translate('xpack.security.deprecations.samlPostRouteMessage', { + defaultMessage: + 'The "{path}" URL is deprecated and will be removed in the next major version, please use "/api/security/saml/callback" instead.', + values: { path }, + }), + reason: { + type: 'migrate', + newApiMethod: 'POST', + newApiPath: '/api/security/saml/callback', + }, + }, + }), }, }, async (context, request, response) => { - if (path === '/api/security/v1/saml') { + if (isDeprecated) { const serverBasePath = basePath.serverBasePath; logger.warn( // When authenticating using SAML we _expect_ to redirect to the SAML Identity provider. From b0218449aa4abf3c58db7559e2a7a15329e4e88c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9Cjeramysoucy=E2=80=9D?= Date: Mon, 11 Nov 2024 16:19:00 +0100 Subject: [PATCH 02/11] Changes severity from critical to warning --- .../plugins/security/server/routes/authentication/common.ts | 4 ++-- .../plugins/security/server/routes/authentication/oidc.ts | 6 +++--- .../plugins/security/server/routes/authentication/saml.ts | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/x-pack/plugins/security/server/routes/authentication/common.ts b/x-pack/plugins/security/server/routes/authentication/common.ts index 01a625ce98dbe..d7bdff33d904f 100644 --- a/x-pack/plugins/security/server/routes/authentication/common.ts +++ b/x-pack/plugins/security/server/routes/authentication/common.ts @@ -62,7 +62,7 @@ export function defineCommonRoutes({ ...(isDeprecated && { deprecated: { documentationUrl: 'https://elastic.co/', - severity: 'critical', + severity: 'warning', message: i18n.translate('xpack.security.deprecations.logoutRouteMessage', { defaultMessage: 'The "{path}" URL is deprecated and will be removed in the next major version, please use "/api/security/logout" instead.', @@ -130,7 +130,7 @@ export function defineCommonRoutes({ ...(isDeprecated && { deprecated: { documentationUrl: 'https://elastic.co/', // ToDo - severity: 'critical', + severity: 'warning', message: i18n.translate('xpack.security.deprecations.meRouteMessage', { defaultMessage: 'The "{path}" endpoint is deprecated and will be removed in the next major version.', diff --git a/x-pack/plugins/security/server/routes/authentication/oidc.ts b/x-pack/plugins/security/server/routes/authentication/oidc.ts index 433be851c52fc..9d8d90038ae61 100644 --- a/x-pack/plugins/security/server/routes/authentication/oidc.ts +++ b/x-pack/plugins/security/server/routes/authentication/oidc.ts @@ -45,7 +45,7 @@ export function defineOIDCRoutes({ deprecated: { documentationUrl: 'https://elastic.co/guide/en/elasticsearch/reference/current/oidc-guide.html', - severity: 'critical', + severity: 'warning', message: i18n.translate('xpack.security.deprecations.oidcImplicitRouteMessage', { defaultMessage: 'The "{path}" URL is deprecated and will be removed in the next major version, please use "/api/security/oidc/implicit" instead.', @@ -143,7 +143,7 @@ export function defineOIDCRoutes({ deprecated: { documentationUrl: 'https://elastic.co/guide/en/elasticsearch/reference/current/oidc-guide.html', - severity: 'critical', + severity: 'warning', message: i18n.translate('xpack.security.deprecations.oidcCallbackRouteMessage', { defaultMessage: 'The "{path}" URL is deprecated and will be removed in the next major version, please use "/api/security/oidc/callback" instead.', @@ -250,7 +250,7 @@ export function defineOIDCRoutes({ deprecated: { documentationUrl: 'https://elastic.co/guide/en/elasticsearch/reference/current/oidc-guide.html', - severity: 'critical', + severity: 'warning', message: i18n.translate('xpack.security.deprecations.oidcInitiateRouteMessage', { defaultMessage: 'The "{path}" URL is deprecated and will be removed in the next major version, please use "/api/security/oidc/initiate_login" instead.', diff --git a/x-pack/plugins/security/server/routes/authentication/saml.ts b/x-pack/plugins/security/server/routes/authentication/saml.ts index 20a3f20ee39d3..5fd1c201c35d1 100644 --- a/x-pack/plugins/security/server/routes/authentication/saml.ts +++ b/x-pack/plugins/security/server/routes/authentication/saml.ts @@ -54,7 +54,7 @@ export function defineSAMLRoutes({ deprecated: { documentationUrl: 'https://elastic.co/guide/en/elasticsearch/reference/current/saml-guide-stack.html', - severity: 'critical', + severity: 'warning', message: i18n.translate('xpack.security.deprecations.samlPostRouteMessage', { defaultMessage: 'The "{path}" URL is deprecated and will be removed in the next major version, please use "/api/security/saml/callback" instead.', From 9d4b9f81a649c35ada9e082cebc7d69efa580f09 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9Cjeramysoucy=E2=80=9D?= Date: Mon, 11 Nov 2024 17:34:20 +0100 Subject: [PATCH 03/11] reverts changes to support legacy config format --- .../server/authentication/providers/saml.test.ts | 14 +++++++------- .../server/authentication/providers/saml.ts | 2 +- .../server/routes/authentication/common.ts | 5 ++++- 3 files changed, 12 insertions(+), 9 deletions(-) diff --git a/x-pack/plugins/security/server/authentication/providers/saml.test.ts b/x-pack/plugins/security/server/authentication/providers/saml.test.ts index 1674ea3479860..15ff615af9ad2 100644 --- a/x-pack/plugins/security/server/authentication/providers/saml.test.ts +++ b/x-pack/plugins/security/server/authentication/providers/saml.test.ts @@ -788,7 +788,7 @@ describe('SAMLAuthenticationProvider', () => { method: 'POST', path: '/_security/saml/prepare', body: { - acs: 'test-protocol://test-hostname:1234/mock-server-basepath/api/security/saml/callback', + acs: 'test-protocol://test-hostname:1234/mock-server-basepath/api/security/v1/saml', }, }); @@ -830,7 +830,7 @@ describe('SAMLAuthenticationProvider', () => { method: 'POST', path: '/_security/saml/prepare', body: { - acs: 'test-protocol://test-hostname:1234/mock-server-basepath/api/security/saml/callback', + acs: 'test-protocol://test-hostname:1234/mock-server-basepath/api/security/v1/saml', }, }); @@ -900,7 +900,7 @@ describe('SAMLAuthenticationProvider', () => { method: 'POST', path: '/_security/saml/prepare', body: { - acs: 'test-protocol://test-hostname:1234/mock-server-basepath/api/security/saml/callback', + acs: 'test-protocol://test-hostname:1234/mock-server-basepath/api/security/v1/saml', }, }); }); @@ -1003,7 +1003,7 @@ describe('SAMLAuthenticationProvider', () => { method: 'POST', path: '/_security/saml/prepare', body: { - acs: 'test-protocol://test-hostname:1234/mock-server-basepath/api/security/saml/callback', + acs: 'test-protocol://test-hostname:1234/mock-server-basepath/api/security/v1/saml', }, }); }); @@ -1294,7 +1294,7 @@ describe('SAMLAuthenticationProvider', () => { path: '/_security/saml/invalidate', body: { query_string: 'SAMLRequest=xxx%20yyy', - acs: 'test-protocol://test-hostname:1234/mock-server-basepath/api/security/saml/callback', + acs: 'test-protocol://test-hostname:1234/mock-server-basepath/api/security/v1/saml', }, }); }); @@ -1408,7 +1408,7 @@ describe('SAMLAuthenticationProvider', () => { path: '/_security/saml/invalidate', body: { query_string: 'SAMLRequest=xxx%20yyy', - acs: 'test-protocol://test-hostname:1234/mock-server-basepath/api/security/saml/callback', + acs: 'test-protocol://test-hostname:1234/mock-server-basepath/api/security/v1/saml', }, }); }); @@ -1430,7 +1430,7 @@ describe('SAMLAuthenticationProvider', () => { path: '/_security/saml/invalidate', body: { query_string: 'SAMLRequest=xxx%20yyy', - acs: 'test-protocol://test-hostname:1234/mock-server-basepath/api/security/saml/callback', + acs: 'test-protocol://test-hostname:1234/mock-server-basepath/api/security/v1/saml', }, }); }); diff --git a/x-pack/plugins/security/server/authentication/providers/saml.ts b/x-pack/plugins/security/server/authentication/providers/saml.ts index 5f8545003d04a..56dbd78b2ef34 100644 --- a/x-pack/plugins/security/server/authentication/providers/saml.ts +++ b/x-pack/plugins/security/server/authentication/providers/saml.ts @@ -659,7 +659,7 @@ export class SAMLAuthenticationProvider extends BaseAuthenticationProvider { private getACS() { return `${this.options.getServerBaseURL()}${ this.options.basePath.serverBasePath - }/api/security/saml/callback`; + }/api/security/v1/saml`; } /** diff --git a/x-pack/plugins/security/server/routes/authentication/common.ts b/x-pack/plugins/security/server/routes/authentication/common.ts index d7bdff33d904f..4c075a3f4a0a4 100644 --- a/x-pack/plugins/security/server/routes/authentication/common.ts +++ b/x-pack/plugins/security/server/routes/authentication/common.ts @@ -7,6 +7,7 @@ import type { TypeOf } from '@kbn/config-schema'; import { schema } from '@kbn/config-schema'; +import { getDocLinks } from '@kbn/doc-links'; import { i18n } from '@kbn/i18n'; import { parseNextURL } from '@kbn/std'; @@ -24,6 +25,8 @@ import { wrapIntoCustomErrorResponse } from '../../errors'; import { createLicensedRouteHandler } from '../licensed_route_handler'; import { ROUTE_TAG_AUTH_FLOW, ROUTE_TAG_CAN_REDIRECT } from '../tags'; +const docLinks = getDocLinks(); + /** * Defines routes that are common to various authentication mechanisms. */ @@ -61,7 +64,7 @@ export function defineCommonRoutes({ tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW], ...(isDeprecated && { deprecated: { - documentationUrl: 'https://elastic.co/', + documentationUrl: docLinks.security.logout, severity: 'warning', message: i18n.translate('xpack.security.deprecations.logoutRouteMessage', { defaultMessage: From e1ab95cf897acea543e89c2c5a3d690941c16a92 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9Cjeramysoucy=E2=80=9D?= Date: Tue, 12 Nov 2024 09:43:33 +0100 Subject: [PATCH 04/11] Adds upgrade note --- docs/upgrade-notes.asciidoc | 26 +++++++++++++++++++ .../server/routes/authentication/common.ts | 4 +-- .../server/routes/authentication/oidc.ts | 9 +++---- .../server/routes/authentication/saml.ts | 3 +-- 4 files changed, 32 insertions(+), 10 deletions(-) diff --git a/docs/upgrade-notes.asciidoc b/docs/upgrade-notes.asciidoc index a0c2d6c1afccb..688ca7e441a31 100644 --- a/docs/upgrade-notes.asciidoc +++ b/docs/upgrade-notes.asciidoc @@ -49,6 +49,32 @@ For Elastic Security release information, refer to {security-guide}/release-note [float] ==== Kibana APIs +[discrete] +[[breaking-199656]] +.Removed all security v1 endpoints (9.0.0) +[%collapsible] +==== +*Details* + +All `v1` Kibana security HTTP endpoints have been removed. + +`GET /api/security/v1/logout` has been replaced by `GET /api/security/logout` +`GET /api/security/v1/oidc/implicit` has been replaced by `GET /api/security/oidc/implicit` +`GET /api/security/v1/oidc` has been replaced by GET `/api/security/oidc/callback` +`POST /api/security/v1/oidc` has been replaced by POST `/api/security/oidc/initiate_login` +`POST /api/security/v1/saml` has been replaced by POST `/api/security/saml/callback` +`GET /api/security/v1/me` has been removed with no replacement. + +For more information, refer to {kibana-pull}199656[#199656]. + +*Impact* + +Any HTTP API calls to the `v1` Kibana security endpoints will fail with a 404 status code starting from version 9.0.0. +Third party OIDC and SAML identity providers configured with `v1` endpoints will no longer work. + +*Action* + +Update any OIDC and SAML identity providers to reference the corresponding replacement endpoint listed above. +Remove references to the `/api/security/v1/me` endpoint from any automations, applications, tooling, and scripts. +==== + [discrete] [[breaking-193792]] .Access to all internal APIs is blocked (9.0.0) diff --git a/x-pack/plugins/security/server/routes/authentication/common.ts b/x-pack/plugins/security/server/routes/authentication/common.ts index 4c075a3f4a0a4..10b6c4969afb0 100644 --- a/x-pack/plugins/security/server/routes/authentication/common.ts +++ b/x-pack/plugins/security/server/routes/authentication/common.ts @@ -64,7 +64,7 @@ export function defineCommonRoutes({ tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW], ...(isDeprecated && { deprecated: { - documentationUrl: docLinks.security.logout, + documentationUrl: 'https://elastic.co', // ToDo: Update with docLink to upgrade note severity: 'warning', message: i18n.translate('xpack.security.deprecations.logoutRouteMessage', { defaultMessage: @@ -132,7 +132,7 @@ export function defineCommonRoutes({ access: isDeprecated ? 'public' : 'internal', ...(isDeprecated && { deprecated: { - documentationUrl: 'https://elastic.co/', // ToDo + documentationUrl: 'https://elastic.co', // ToDo: Update with docLink to upgrade note severity: 'warning', message: i18n.translate('xpack.security.deprecations.meRouteMessage', { defaultMessage: diff --git a/x-pack/plugins/security/server/routes/authentication/oidc.ts b/x-pack/plugins/security/server/routes/authentication/oidc.ts index 9d8d90038ae61..d31b49adbae7b 100644 --- a/x-pack/plugins/security/server/routes/authentication/oidc.ts +++ b/x-pack/plugins/security/server/routes/authentication/oidc.ts @@ -43,8 +43,7 @@ export function defineOIDCRoutes({ excludeFromOAS: true, ...(isDeprecated && { deprecated: { - documentationUrl: - 'https://elastic.co/guide/en/elasticsearch/reference/current/oidc-guide.html', + documentationUrl: 'https://elastic.co', // ToDo: Update with docLink to upgrade note severity: 'warning', message: i18n.translate('xpack.security.deprecations.oidcImplicitRouteMessage', { defaultMessage: @@ -141,8 +140,7 @@ export function defineOIDCRoutes({ tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW], ...(isDeprecated && { deprecated: { - documentationUrl: - 'https://elastic.co/guide/en/elasticsearch/reference/current/oidc-guide.html', + documentationUrl: 'https://elastic.co', // ToDo: Update with docLink to upgrade note severity: 'warning', message: i18n.translate('xpack.security.deprecations.oidcCallbackRouteMessage', { defaultMessage: @@ -248,8 +246,7 @@ export function defineOIDCRoutes({ tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW], ...(isDeprecated && { deprecated: { - documentationUrl: - 'https://elastic.co/guide/en/elasticsearch/reference/current/oidc-guide.html', + documentationUrl: 'https://elastic.co', // ToDo: Update with docLink to upgrade note severity: 'warning', message: i18n.translate('xpack.security.deprecations.oidcInitiateRouteMessage', { defaultMessage: diff --git a/x-pack/plugins/security/server/routes/authentication/saml.ts b/x-pack/plugins/security/server/routes/authentication/saml.ts index 5fd1c201c35d1..b09bde7a24ab6 100644 --- a/x-pack/plugins/security/server/routes/authentication/saml.ts +++ b/x-pack/plugins/security/server/routes/authentication/saml.ts @@ -52,8 +52,7 @@ export function defineSAMLRoutes({ tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW], ...(isDeprecated && { deprecated: { - documentationUrl: - 'https://elastic.co/guide/en/elasticsearch/reference/current/saml-guide-stack.html', + documentationUrl: 'https://elastic.co', // ToDo: Update with doc link to upgrade note severity: 'warning', message: i18n.translate('xpack.security.deprecations.samlPostRouteMessage', { defaultMessage: From 467039f190d58df91ebdf3fdfd91bb04eea80544 Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Tue, 12 Nov 2024 09:00:58 +0000 Subject: [PATCH 05/11] [CI] Auto-commit changed files from 'node scripts/lint_ts_projects --fix' --- x-pack/plugins/security/tsconfig.json | 1 + 1 file changed, 1 insertion(+) diff --git a/x-pack/plugins/security/tsconfig.json b/x-pack/plugins/security/tsconfig.json index 2a0eabcd914d4..4837d3729e3f9 100644 --- a/x-pack/plugins/security/tsconfig.json +++ b/x-pack/plugins/security/tsconfig.json @@ -87,6 +87,7 @@ "@kbn/security-ui-components", "@kbn/core-http-router-server-mocks", "@kbn/security-authorization-core-common", + "@kbn/doc-links", ], "exclude": [ "target/**/*", From 3544218b6eb4ac94dcd7230de8b022ffb3369d17 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9Cjeramysoucy=E2=80=9D?= Date: Tue, 12 Nov 2024 14:27:33 +0100 Subject: [PATCH 06/11] Removes unused docLinks reference --- x-pack/plugins/security/server/routes/authentication/common.ts | 3 --- 1 file changed, 3 deletions(-) diff --git a/x-pack/plugins/security/server/routes/authentication/common.ts b/x-pack/plugins/security/server/routes/authentication/common.ts index 10b6c4969afb0..08caa0bdf3e77 100644 --- a/x-pack/plugins/security/server/routes/authentication/common.ts +++ b/x-pack/plugins/security/server/routes/authentication/common.ts @@ -7,7 +7,6 @@ import type { TypeOf } from '@kbn/config-schema'; import { schema } from '@kbn/config-schema'; -import { getDocLinks } from '@kbn/doc-links'; import { i18n } from '@kbn/i18n'; import { parseNextURL } from '@kbn/std'; @@ -25,8 +24,6 @@ import { wrapIntoCustomErrorResponse } from '../../errors'; import { createLicensedRouteHandler } from '../licensed_route_handler'; import { ROUTE_TAG_AUTH_FLOW, ROUTE_TAG_CAN_REDIRECT } from '../tags'; -const docLinks = getDocLinks(); - /** * Defines routes that are common to various authentication mechanisms. */ From 37d6b2e8ce9e32a4b06cb0a04cc1cca11e9c3e8d Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Tue, 12 Nov 2024 14:17:16 +0000 Subject: [PATCH 07/11] [CI] Auto-commit changed files from 'node scripts/lint_ts_projects --fix' --- x-pack/plugins/security/tsconfig.json | 1 - 1 file changed, 1 deletion(-) diff --git a/x-pack/plugins/security/tsconfig.json b/x-pack/plugins/security/tsconfig.json index 4837d3729e3f9..2a0eabcd914d4 100644 --- a/x-pack/plugins/security/tsconfig.json +++ b/x-pack/plugins/security/tsconfig.json @@ -87,7 +87,6 @@ "@kbn/security-ui-components", "@kbn/core-http-router-server-mocks", "@kbn/security-authorization-core-common", - "@kbn/doc-links", ], "exclude": [ "target/**/*", From 49cec6cd805f4547f152061d9ae9715718155c27 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9Cjeramysoucy=E2=80=9D?= Date: Wed, 13 Nov 2024 11:45:43 +0100 Subject: [PATCH 08/11] Removes redundant deprecation section --- docs/upgrade-notes.asciidoc | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/docs/upgrade-notes.asciidoc b/docs/upgrade-notes.asciidoc index 688ca7e441a31..c35d73f5b2237 100644 --- a/docs/upgrade-notes.asciidoc +++ b/docs/upgrade-notes.asciidoc @@ -831,18 +831,6 @@ The legacy audit logger has been removed. For more information, refer to {kibana Audit logs will be written to the default location in the new ECS format. To change the output file, filter events, and more, use the <>. ==== -[discrete] -[[breaking-47929]] -.[Security] Removed `/api/security/v1/saml` route. (8.0) -[%collapsible] -==== -*Details* + -The `/api/security/v1/saml` route has been removed and is reflected in the kibana.yml `server.xsrf.whitelist` setting, {es}, and the Identity Provider SAML settings. For more information, refer to {kibana-pull}47929[#47929] - -*Impact* + -Use the `/api/security/saml/callback` route, or wait to upgrade to 8.0.0-alpha2 when the `/api/security/saml/callback` route breaking change is reverted. -==== - [discrete] [[breaking-41700]] .[Security] Legacy browsers rejected by default. (8.0) From 97153f16fe1fd349408dc4073280dd6625c543d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9Cjeramysoucy=E2=80=9D?= Date: Mon, 18 Nov 2024 14:45:56 +0100 Subject: [PATCH 09/11] Updates wording in deprecation message, implements doc link --- packages/kbn-doc-links/src/get_doc_links.ts | 1 + packages/kbn-doc-links/src/types.ts | 1 + x-pack/plugins/security/server/plugin.ts | 1 + .../server/routes/authentication/common.ts | 9 ++++---- .../server/routes/authentication/oidc.ts | 21 ++++++++++--------- .../server/routes/authentication/saml.ts | 7 ++++--- .../plugins/security/server/routes/index.ts | 3 ++- 7 files changed, 25 insertions(+), 18 deletions(-) diff --git a/packages/kbn-doc-links/src/get_doc_links.ts b/packages/kbn-doc-links/src/get_doc_links.ts index 251d08dde715a..d27504c709ffd 100644 --- a/packages/kbn-doc-links/src/get_doc_links.ts +++ b/packages/kbn-doc-links/src/get_doc_links.ts @@ -716,6 +716,7 @@ export const getDocLinks = ({ kibanaBranch, buildFlavor }: GetDocLinkOptions): D mappingRoles: `${ELASTICSEARCH_DOCS}mapping-roles.html`, mappingRolesFieldRules: `${ELASTICSEARCH_DOCS}role-mapping-resources.html#mapping-roles-rule-field`, runAsPrivilege: `${ELASTICSEARCH_DOCS}security-privileges.html#_run_as_privilege`, + deprecatedV1Endpoints: `${KIBANA_DOCS}breaking-changes-summary.html#breaking-199656`, }, spaces: { kibanaLegacyUrlAliases: `${KIBANA_DOCS}legacy-url-aliases.html`, diff --git a/packages/kbn-doc-links/src/types.ts b/packages/kbn-doc-links/src/types.ts index f1a6a8d4b578d..16ecf92d5c458 100644 --- a/packages/kbn-doc-links/src/types.ts +++ b/packages/kbn-doc-links/src/types.ts @@ -504,6 +504,7 @@ export interface DocLinks { mappingRoles: string; mappingRolesFieldRules: string; runAsPrivilege: string; + deprecatedV1Endpoints: string; }>; readonly spaces: Readonly<{ kibanaLegacyUrlAliases: string; diff --git a/x-pack/plugins/security/server/plugin.ts b/x-pack/plugins/security/server/plugin.ts index 3007973d59b47..afd21a83712ae 100644 --- a/x-pack/plugins/security/server/plugin.ts +++ b/x-pack/plugins/security/server/plugin.ts @@ -338,6 +338,7 @@ export class SecurityPlugin getUserProfileService: this.getUserProfileService, analyticsService: this.analyticsService.setup({ analytics: core.analytics }), buildFlavor: this.initializerContext.env.packageInfo.buildFlavor, + docLinks: core.docLinks, }); return Object.freeze({ diff --git a/x-pack/plugins/security/server/routes/authentication/common.ts b/x-pack/plugins/security/server/routes/authentication/common.ts index 08caa0bdf3e77..4ee2e57a33517 100644 --- a/x-pack/plugins/security/server/routes/authentication/common.ts +++ b/x-pack/plugins/security/server/routes/authentication/common.ts @@ -34,6 +34,7 @@ export function defineCommonRoutes({ license, logger, buildFlavor, + docLinks, }: RouteDefinitionParams) { // Generate two identical routes with new and deprecated URL and issue a warning if route with deprecated URL is ever used. // For a serverless build, do not register deprecated versioned routes @@ -61,11 +62,11 @@ export function defineCommonRoutes({ tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW], ...(isDeprecated && { deprecated: { - documentationUrl: 'https://elastic.co', // ToDo: Update with docLink to upgrade note + documentationUrl: docLinks.links.security.deprecatedV1Endpoints, severity: 'warning', message: i18n.translate('xpack.security.deprecations.logoutRouteMessage', { defaultMessage: - 'The "{path}" URL is deprecated and will be removed in the next major version, please use "/api/security/logout" instead.', + 'The "{path}" URL is deprecated and will be removed in the next major version. Use "/api/security/logout" instead.', values: { path }, }), reason: { @@ -81,7 +82,7 @@ export function defineCommonRoutes({ const serverBasePath = basePath.serverBasePath; if (isDeprecated) { logger.warn( - `The "${serverBasePath}${path}" URL is deprecated and will stop working in the next major version, please use "${serverBasePath}/api/security/logout" URL instead.`, + `The "${serverBasePath}${path}" URL is deprecated and will stop working in the next major version. Use "${serverBasePath}/api/security/logout" URL instead.`, { tags: ['deprecation'] } ); } @@ -129,7 +130,7 @@ export function defineCommonRoutes({ access: isDeprecated ? 'public' : 'internal', ...(isDeprecated && { deprecated: { - documentationUrl: 'https://elastic.co', // ToDo: Update with docLink to upgrade note + documentationUrl: docLinks.links.security.deprecatedV1Endpoints, severity: 'warning', message: i18n.translate('xpack.security.deprecations.meRouteMessage', { defaultMessage: diff --git a/x-pack/plugins/security/server/routes/authentication/oidc.ts b/x-pack/plugins/security/server/routes/authentication/oidc.ts index d31b49adbae7b..d1d31f4c49a69 100644 --- a/x-pack/plugins/security/server/routes/authentication/oidc.ts +++ b/x-pack/plugins/security/server/routes/authentication/oidc.ts @@ -25,6 +25,7 @@ export function defineOIDCRoutes({ logger, getAuthenticationService, basePath, + docLinks, }: RouteDefinitionParams) { // Generate two identical routes with new and deprecated URL and issue a warning if route with deprecated URL is ever used. for (const path of ['/api/security/oidc/implicit', '/api/security/v1/oidc/implicit']) { @@ -43,11 +44,11 @@ export function defineOIDCRoutes({ excludeFromOAS: true, ...(isDeprecated && { deprecated: { - documentationUrl: 'https://elastic.co', // ToDo: Update with docLink to upgrade note + documentationUrl: docLinks.links.security.deprecatedV1Endpoints, severity: 'warning', message: i18n.translate('xpack.security.deprecations.oidcImplicitRouteMessage', { defaultMessage: - 'The "{path}" URL is deprecated and will be removed in the next major version, please use "/api/security/oidc/implicit" instead.', + 'The "{path}" URL is deprecated and will be removed in the next major version. Use "/api/security/oidc/implicit" instead.', values: { path }, }), reason: { @@ -63,7 +64,7 @@ export function defineOIDCRoutes({ const serverBasePath = basePath.serverBasePath; if (isDeprecated) { logger.warn( - `The "${serverBasePath}${path}" URL is deprecated and will stop working in the next major version, please use "${serverBasePath}/api/security/oidc/implicit" URL instead.`, + `The "${serverBasePath}${path}" URL is deprecated and will stop working in the next major version. Use "${serverBasePath}/api/security/oidc/implicit" URL instead.`, { tags: ['deprecation'] } ); } @@ -140,11 +141,11 @@ export function defineOIDCRoutes({ tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW], ...(isDeprecated && { deprecated: { - documentationUrl: 'https://elastic.co', // ToDo: Update with docLink to upgrade note + documentationUrl: docLinks.links.security.deprecatedV1Endpoints, severity: 'warning', message: i18n.translate('xpack.security.deprecations.oidcCallbackRouteMessage', { defaultMessage: - 'The "{path}" URL is deprecated and will be removed in the next major version, please use "/api/security/oidc/callback" instead.', + 'The "{path}" URL is deprecated and will be removed in the next major version. Use "/api/security/oidc/callback" instead.', values: { path }, }), reason: { @@ -172,7 +173,7 @@ export function defineOIDCRoutes({ } else if (request.query.code || request.query.error) { if (isDeprecated) { logger.warn( - `The "${serverBasePath}${path}" URL is deprecated and will stop working in the next major version, please use "${serverBasePath}/api/security/oidc/callback" URL instead.`, + `The "${serverBasePath}${path}" URL is deprecated and will stop working in the next major version. Use "${serverBasePath}/api/security/oidc/callback" URL instead.`, { tags: ['deprecation'] } ); } @@ -187,7 +188,7 @@ export function defineOIDCRoutes({ }; } else if (request.query.iss) { logger.warn( - `The "${serverBasePath}${path}" URL is deprecated and will stop working in the next major version, please use "${serverBasePath}/api/security/oidc/initiate_login" URL for Third-Party Initiated login instead.`, + `The "${serverBasePath}${path}" URL is deprecated and will stop working in the next major version. Use "${serverBasePath}/api/security/oidc/initiate_login" URL for Third-Party Initiated login instead.`, { tags: ['deprecation'] } ); // An HTTP GET request with a query parameter named `iss` as part of a 3rd party initiated authentication. @@ -246,11 +247,11 @@ export function defineOIDCRoutes({ tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW], ...(isDeprecated && { deprecated: { - documentationUrl: 'https://elastic.co', // ToDo: Update with docLink to upgrade note + documentationUrl: docLinks.links.security.deprecatedV1Endpoints, severity: 'warning', message: i18n.translate('xpack.security.deprecations.oidcInitiateRouteMessage', { defaultMessage: - 'The "{path}" URL is deprecated and will be removed in the next major version, please use "/api/security/oidc/initiate_login" instead.', + 'The "{path}" URL is deprecated and will be removed in the next major version. Use "/api/security/oidc/initiate_login" instead.', values: { path }, }), reason: { @@ -266,7 +267,7 @@ export function defineOIDCRoutes({ const serverBasePath = basePath.serverBasePath; if (isDeprecated) { logger.warn( - `The "${serverBasePath}${path}" URL is deprecated and will stop working in the next major version, please use "${serverBasePath}/api/security/oidc/initiate_login" URL for Third-Party Initiated login instead.`, + `The "${serverBasePath}${path}" URL is deprecated and will stop working in the next major version. Use "${serverBasePath}/api/security/oidc/initiate_login" URL for Third-Party Initiated login instead.`, { tags: ['deprecation'] } ); } diff --git a/x-pack/plugins/security/server/routes/authentication/saml.ts b/x-pack/plugins/security/server/routes/authentication/saml.ts index b09bde7a24ab6..c45f1eed3affd 100644 --- a/x-pack/plugins/security/server/routes/authentication/saml.ts +++ b/x-pack/plugins/security/server/routes/authentication/saml.ts @@ -21,6 +21,7 @@ export function defineSAMLRoutes({ basePath, logger, buildFlavor, + docLinks, }: RouteDefinitionParams) { // Generate two identical routes with new and deprecated URL and issue a warning if route with deprecated URL is ever used. // For a serverless build, do not register deprecated versioned routes @@ -52,11 +53,11 @@ export function defineSAMLRoutes({ tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW], ...(isDeprecated && { deprecated: { - documentationUrl: 'https://elastic.co', // ToDo: Update with doc link to upgrade note + documentationUrl: docLinks.links.security.deprecatedV1Endpoints, severity: 'warning', message: i18n.translate('xpack.security.deprecations.samlPostRouteMessage', { defaultMessage: - 'The "{path}" URL is deprecated and will be removed in the next major version, please use "/api/security/saml/callback" instead.', + 'The "{path}" URL is deprecated and will be removed in the next major version. Use "/api/security/saml/callback" instead.', values: { path }, }), reason: { @@ -73,7 +74,7 @@ export function defineSAMLRoutes({ const serverBasePath = basePath.serverBasePath; logger.warn( // When authenticating using SAML we _expect_ to redirect to the SAML Identity provider. - `The "${serverBasePath}${path}" URL is deprecated and might stop working in a future release. Please use "${serverBasePath}/api/security/saml/callback" URL instead.` + `The "${serverBasePath}${path}" URL is deprecated and might stop working in a future release. Use "${serverBasePath}/api/security/saml/callback" URL instead.` ); } diff --git a/x-pack/plugins/security/server/routes/index.ts b/x-pack/plugins/security/server/routes/index.ts index 8b986cc4a3893..cbc1569d963cf 100644 --- a/x-pack/plugins/security/server/routes/index.ts +++ b/x-pack/plugins/security/server/routes/index.ts @@ -8,7 +8,7 @@ import type { Observable } from 'rxjs'; import type { BuildFlavor } from '@kbn/config/src/types'; -import type { HttpResources, IBasePath, Logger } from '@kbn/core/server'; +import type { DocLinksServiceSetup, HttpResources, IBasePath, Logger } from '@kbn/core/server'; import type { KibanaFeature } from '@kbn/features-plugin/server'; import type { SubFeaturePrivilegeIterator } from '@kbn/features-plugin/server/feature_privilege_iterator'; import type { PublicMethodsOf } from '@kbn/utility-types'; @@ -59,6 +59,7 @@ export interface RouteDefinitionParams { getAnonymousAccessService: () => AnonymousAccessServiceStart; analyticsService: AnalyticsServiceSetup; buildFlavor: BuildFlavor; + docLinks: DocLinksServiceSetup; } export function defineRoutes(params: RouteDefinitionParams) { From 2669873feef2113ac932c3a52f5b4e32b4cd2f5a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9Cjeramysoucy=E2=80=9D?= Date: Mon, 18 Nov 2024 18:21:55 +0100 Subject: [PATCH 10/11] Fixes route def params mock to include doc links --- x-pack/plugins/security/server/routes/index.mock.ts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/x-pack/plugins/security/server/routes/index.mock.ts b/x-pack/plugins/security/server/routes/index.mock.ts index 910578a14789d..e73cd74daf300 100644 --- a/x-pack/plugins/security/server/routes/index.mock.ts +++ b/x-pack/plugins/security/server/routes/index.mock.ts @@ -13,6 +13,7 @@ import { httpServiceMock, loggingSystemMock, } from '@kbn/core/server/mocks'; +import { getDocLinks } from '@kbn/doc-links'; import { licensingMock } from '@kbn/licensing-plugin/server/mocks'; import type { DeeplyMockedKeys } from '@kbn/utility-types-jest'; @@ -50,6 +51,8 @@ export const routeDefinitionParamsMock = { getAnonymousAccessService: jest.fn(), getUserProfileService: jest.fn().mockReturnValue(userProfileServiceMock.createStart()), analyticsService: analyticsServiceMock.createSetup(), + buildFlavor: 'traditional', + docLinks: { links: getDocLinks({ kibanaBranch: 'main', buildFlavor: 'traditional' }) }, } as unknown as DeeplyMockedKeys; }, }; From 533054ec60107e576a8168e05cd8af6201974fb7 Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Mon, 18 Nov 2024 17:35:59 +0000 Subject: [PATCH 11/11] [CI] Auto-commit changed files from 'node scripts/lint_ts_projects --fix' --- x-pack/plugins/security/tsconfig.json | 1 + 1 file changed, 1 insertion(+) diff --git a/x-pack/plugins/security/tsconfig.json b/x-pack/plugins/security/tsconfig.json index 2a0eabcd914d4..4837d3729e3f9 100644 --- a/x-pack/plugins/security/tsconfig.json +++ b/x-pack/plugins/security/tsconfig.json @@ -87,6 +87,7 @@ "@kbn/security-ui-components", "@kbn/core-http-router-server-mocks", "@kbn/security-authorization-core-common", + "@kbn/doc-links", ], "exclude": [ "target/**/*",