Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[8.x] Authorized route migration for routes owned by @elastic/security-detection-engine (#198195) #199752

Merged
merged 2 commits into from
Nov 19, 2024

Conversation

nkhristinin
Copy link
Contributor

Backport

This will backport the following commits from main to 8.x:

Questions ?

Please refer to the Backport tool documentation

…ction-engine (elastic#198195)

### Authz API migration for authorized routes

This PR migrates `access:<privilege>` tags used in route definitions to
new security configuration.
Please refer to the documentation for more information: [Authorization
API](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization)

### **Before migration:**
Access control tags were defined in the `options` object of the route:

```ts
router.get({
  path: '/api/path',
  options: {
    tags: ['access:<privilege_1>', 'access:<privilege_2>'],
  },
  ...
}, handler);
```

### **After migration:**
Tags have been replaced with the more robust
`security.authz.requiredPrivileges` field under `security`:

```ts
router.get({
  path: '/api/path',
  security: {
    authz: {
      requiredPrivileges: ['<privilege_1>', '<privilege_2>'],
    },
  },
  ...
}, handler);
```

### What to do next?
1. Review the changes in this PR.
2. You might need to update your tests to reflect the new security
configuration:
  - If you have tests that rely on checking `access` tags.
  - If you have snapshot tests that include the route definition.
- If you have FTR tests that rely on checking unauthorized error
message. The error message changed to also include missing privileges.

## Any questions?
If you have any questions or need help with API authorization, please
reach out to the `@elastic/kibana-security` team.

---------

Co-authored-by: Elastic Machine <[email protected]>
Co-authored-by: Nikita Khristinin <[email protected]>
(cherry picked from commit 32f0396)

# Conflicts:
#	x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/indicator_match/trial_license_complete_tier/indicator_match_alert_suppression.ts
@elasticmachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

✅ unchanged

@elena-shostak
Copy link
Contributor

@elasticmachine merge upstream

@elena-shostak elena-shostak self-requested a review November 19, 2024 12:59
@nkhristinin nkhristinin merged commit 43fa8a5 into elastic:8.x Nov 19, 2024
29 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants