Skip to content

Commit

Permalink
[8.x] [APM] Update deprecated access tags to the new security configu…
Browse files Browse the repository at this point in the history 
…ration in routes (elastic#204058) (elastic#204245)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[APM] Update deprecated access tags to the new security configuration
in routes (elastic#204058)](elastic#204058)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Irene
Blanco","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-12-13T15:43:04Z","message":"[APM]
Update deprecated access tags to the new security configuration in
routes (elastic#204058)\n\n## Summary\r\n\r\nCloses
https://github.com/elastic/kibana/issues/203792\r\n\r\nThis PR replaces
the deprecated `access` tags with the new
`security`\r\nconfiguration.\r\n\r\nAll instances of `options: {tags:
['access:<privilege>']}` are now\r\nupdated to `security: {authz:
{requiredPrivileges: [<privilege>]}}`.\r\n\r\nThese are the access tags
currently used in APM that have been migrated:\r\n- `access:apm` \r\n-
`access:apm_write` \r\n- `access:apm_settings_write` \r\n-
`access:ml:canGetJobs` \r\n- `access:ml:canCreateJob` \r\n-
`access:ml:canCloseJob` \r\n-
`access:ai_assistant`","sha":"a4cf54c5d5c24c780e95349232cf2b83c469d3b1","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","backport:prev-minor","ci:project-deploy-observability","Team:obs-ux-infra_services","Authz:
API migration","v8.18.0"],"title":"[APM] Update deprecated access tags
to the new security configuration in
routes","number":204058,"url":"https://github.com/elastic/kibana/pull/204058","mergeCommit":{"message":"[APM]
Update deprecated access tags to the new security configuration in
routes (elastic#204058)\n\n## Summary\r\n\r\nCloses
https://github.com/elastic/kibana/issues/203792\r\n\r\nThis PR replaces
the deprecated `access` tags with the new
`security`\r\nconfiguration.\r\n\r\nAll instances of `options: {tags:
['access:<privilege>']}` are now\r\nupdated to `security: {authz:
{requiredPrivileges: [<privilege>]}}`.\r\n\r\nThese are the access tags
currently used in APM that have been migrated:\r\n- `access:apm` \r\n-
`access:apm_write` \r\n- `access:apm_settings_write` \r\n-
`access:ml:canGetJobs` \r\n- `access:ml:canCreateJob` \r\n-
`access:ml:canCloseJob` \r\n-
`access:ai_assistant`","sha":"a4cf54c5d5c24c780e95349232cf2b83c469d3b1"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/204058","number":204058,"mergeCommit":{"message":"[APM]
Update deprecated access tags to the new security configuration in
routes (elastic#204058)\n\n## Summary\r\n\r\nCloses
https://github.com/elastic/kibana/issues/203792\r\n\r\nThis PR replaces
the deprecated `access` tags with the new
`security`\r\nconfiguration.\r\n\r\nAll instances of `options: {tags:
['access:<privilege>']}` are now\r\nupdated to `security: {authz:
{requiredPrivileges: [<privilege>]}}`.\r\n\r\nThese are the access tags
currently used in APM that have been migrated:\r\n- `access:apm` \r\n-
`access:apm_write` \r\n- `access:apm_settings_write` \r\n-
`access:ml:canGetJobs` \r\n- `access:ml:canCreateJob` \r\n-
`access:ml:canCloseJob` \r\n-
`access:ai_assistant`","sha":"a4cf54c5d5c24c780e95349232cf2b83c469d3b1"}},{"branch":"8.x","label":"v8.18.0","branchLabelMappingKey":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Irene Blanco <[email protected]>
  • Loading branch information
@kibanamachine @iblancof
kibanamachine and iblancof authored Dec 13, 2024
1 parent 16f7615 commit a6e263e
Show file tree
Hide file tree
Showing 45 changed files with 291 additions and 271 deletions.
6 changes: 3 additions & 3 deletions x-pack/plugins/observability_solution/apm/server/routes/agent_explorer/route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ import {

const agentExplorerRoute = createApmServerRoute({
endpoint: 'GET /internal/apm/get_agents_per_service',
options: { tags: ['access:apm'] },
security: { authz: { requiredPrivileges: ['apm'] } },
params: t.type({
query: t.intersection([
environmentRt,
Expand Down Expand Up @@ -62,7 +62,7 @@ const agentExplorerRoute = createApmServerRoute({

const latestAgentVersionsRoute = createApmServerRoute({
endpoint: 'GET /internal/apm/get_latest_agent_versions',
options: { tags: ['access:apm'] },
security: { authz: { requiredPrivileges: ['apm'] } },
async handler(resources): Promise<AgentLatestVersionsResponse> {
const { logger, config } = resources;

Expand All @@ -72,7 +72,7 @@ const latestAgentVersionsRoute = createApmServerRoute({

const agentExplorerInstanceRoute = createApmServerRoute({
endpoint: 'GET /internal/apm/services/{serviceName}/agent_instances',
options: { tags: ['access:apm'] },
security: { authz: { requiredPrivileges: ['apm'] } },
params: t.type({
path: t.type({ serviceName: t.string }),
query: t.intersection([environmentRt, kueryRt, rangeRt, probabilityRt]),
Expand Down
18 changes: 13 additions & 5 deletions x-pack/plugins/observability_solution/apm/server/routes/agent_keys/route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ import { privilegesTypeRt } from '../../../common/privilege_type';

const agentKeysRoute = createApmServerRoute({
endpoint: 'GET /internal/apm/agent_keys',
options: { tags: ['access:apm'] },
security: { authz: { requiredPrivileges: ['apm'] } },

handler: async (resources): Promise<AgentKeysResponse> => {
const { context } = resources;
Expand All @@ -31,8 +31,7 @@ const agentKeysRoute = createApmServerRoute({

const agentKeysPrivilegesRoute = createApmServerRoute({
endpoint: 'GET /internal/apm/agent_keys/privileges',
options: { tags: ['access:apm'] },

security: { authz: { requiredPrivileges: ['apm'] } },
handler: async (resources): Promise<AgentKeysPrivilegesResponse> => {
const {
plugins: { security },
Expand All @@ -55,7 +54,11 @@ const agentKeysPrivilegesRoute = createApmServerRoute({

const invalidateAgentKeyRoute = createApmServerRoute({
endpoint: 'POST /internal/apm/api_key/invalidate',
options: { tags: ['access:apm', 'access:apm_settings_write'] },
security: {
authz: {
requiredPrivileges: ['apm', 'apm_settings_write'],
},
},
params: t.type({
body: t.type({ id: t.string }),
}),
Expand Down Expand Up @@ -91,7 +94,12 @@ const invalidateAgentKeyRoute = createApmServerRoute({

const createAgentKeyRoute = createApmServerRoute({
endpoint: 'POST /api/apm/agent_keys 2023-10-31',
options: { tags: ['access:apm', 'access:apm_settings_write', 'oas-tag:APM agent keys'] },
options: { tags: ['oas-tag:APM agent keys'] },
security: {
authz: {
requiredPrivileges: ['apm', 'apm_settings_write'],
},
},
params: t.type({
body: t.type({
name: t.string,
Expand Down
6 changes: 3 additions & 3 deletions x-pack/plugins/observability_solution/apm/server/routes/alerts/route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ export type AlertParams = t.TypeOf<typeof alertParamsRt>;
const transactionErrorRateChartPreview = createApmServerRoute({
endpoint: 'GET /internal/apm/rule_types/transaction_error_rate/chart_preview',
params: t.type({ query: alertParamsRt }),
options: { tags: ['access:apm'] },
security: { authz: { requiredPrivileges: ['apm'] } },
handler: async (
resources
): Promise<{
Expand All @@ -84,7 +84,7 @@ const transactionErrorRateChartPreview = createApmServerRoute({
const transactionErrorCountChartPreview = createApmServerRoute({
endpoint: 'GET /internal/apm/rule_types/error_count/chart_preview',
params: t.type({ query: alertParamsRt }),
options: { tags: ['access:apm'] },
security: { authz: { requiredPrivileges: ['apm'] } },
handler: async (
resources
): Promise<{
Expand All @@ -107,7 +107,7 @@ const transactionErrorCountChartPreview = createApmServerRoute({
const transactionDurationChartPreview = createApmServerRoute({
endpoint: 'GET /internal/apm/rule_types/transaction_duration/chart_preview',
params: t.type({ query: alertParamsRt }),
options: { tags: ['access:apm'] },
security: { authz: { requiredPrivileges: ['apm'] } },
handler: async (
resources
): Promise<{
Expand Down
49 changes: 22 additions & 27 deletions ...ns/observability_solution/apm/server/routes/apm_routes/register_apm_server_routes.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,13 @@ const getRegisterRouteDependencies = () => {

const initApi = (
routes: Array<
ServerRoute<any, t.Any | undefined, APMRouteHandlerResources, any, APMRouteCreateOptions>
ServerRoute<
any,
t.Any | undefined,
APMRouteHandlerResources,
any,
APMRouteCreateOptions | undefined
>
>
) => {
const { mocks, dependencies } = getRegisterRouteDependencies();
Expand Down Expand Up @@ -134,36 +140,30 @@ describe('createApi', () => {
} = initApi([
{
endpoint: 'GET /foo',
options: { tags: ['access:apm'] },
security: { authz: { requiredPrivileges: ['apm'] } },
handler: async () => ({}),
},
{
endpoint: 'POST /bar',
params: t.type({
body: t.string,
}),
options: { tags: ['access:apm'] },
security: { authz: { requiredPrivileges: ['apm'] } },
handler: async () => ({}),
},
{
endpoint: 'PUT /baz',
options: {
tags: ['access:apm', 'access:apm_write'],
},
security: { authz: { requiredPrivileges: ['apm', 'apm_write'] } },
handler: async () => ({}),
},
{
endpoint: 'GET /qux',
options: {
tags: ['access:apm', 'access:apm_write'],
},
security: { authz: { requiredPrivileges: ['apm', 'apm_write'] } },
handler: async () => ({}),
},
{
endpoint: 'GET /fez',
options: {
tags: ['access:apm', 'access:apm_settings_write'],
},
security: { authz: { requiredPrivileges: ['apm', 'apm_settings_write'] } },
handler: async () => ({}),
},
]);
Expand All @@ -175,41 +175,36 @@ describe('createApi', () => {
expect(put).toHaveBeenCalledTimes(1);

expect(get.mock.calls[0][0]).toEqual({
options: {
tags: ['access:apm'],
},
options: {},
security: { authz: { requiredPrivileges: ['apm'] } },
path: '/foo',
validate: expect.anything(),
});

expect(get.mock.calls[1][0]).toEqual({
options: {
tags: ['access:apm', 'access:apm_write'],
},
options: {},
security: { authz: { requiredPrivileges: ['apm', 'apm_write'] } },
path: '/qux',
validate: expect.anything(),
});

expect(get.mock.calls[2][0]).toEqual({
options: {
tags: ['access:apm', 'access:apm_settings_write'],
},
options: {},
security: { authz: { requiredPrivileges: ['apm', 'apm_settings_write'] } },
path: '/fez',
validate: expect.anything(),
});

expect(post.mock.calls[0][0]).toEqual({
options: {
tags: ['access:apm'],
},
options: {},
security: { authz: { requiredPrivileges: ['apm'] } },
path: '/bar',
validate: expect.anything(),
});

expect(put.mock.calls[0][0]).toEqual({
options: {
tags: ['access:apm', 'access:apm_write'],
},
options: {},
security: { authz: { requiredPrivileges: ['apm', 'apm_write'] } },
path: '/baz',
validate: expect.anything(),
});
Expand Down
10 changes: 5 additions & 5 deletions x-pack/plugins/observability_solution/apm/server/routes/assistant_functions/route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,10 @@ import { getApmTimeseries, getApmTimeseriesRt, type ApmTimeseries } from './get_

const getApmTimeSeriesRoute = createApmServerRoute({
endpoint: 'POST /internal/apm/assistant/get_apm_timeseries',
options: {
tags: ['access:apm', 'access:ai_assistant'],
security: {
authz: {
requiredPrivileges: ['apm', 'ai_assistant'],
},
},
params: t.type({
body: getApmTimeseriesRt,
Expand Down Expand Up @@ -51,9 +53,7 @@ const getDownstreamDependenciesRoute = createApmServerRoute({
params: t.type({
query: downstreamDependenciesRouteRt,
}),
options: {
tags: ['access:apm'],
},
security: { authz: { requiredPrivileges: ['apm'] } },
handler: async (resources): Promise<{ content: APMDownstreamDependency[] }> => {
const {
params,
Expand Down
10 changes: 5 additions & 5 deletions x-pack/plugins/observability_solution/apm/server/routes/correlations/route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ const fieldCandidatesTransactionsRoute = createApmServerRoute({
rangeRt,
]),
}),
options: { tags: ['access:apm'] },
security: { authz: { requiredPrivileges: ['apm'] } },
handler: async (resources): Promise<DurationFieldCandidatesResponse> => {
const { context } = resources;
const { license } = await context.licensing;
Expand Down Expand Up @@ -104,7 +104,7 @@ const fieldValueStatsTransactionsRoute = createApmServerRoute({
}),
]),
}),
options: { tags: ['access:apm'] },
security: { authz: { requiredPrivileges: ['apm'] } },
handler: async (resources): Promise<TopValuesStats> => {
const { context } = resources;
const { license } = await context.licensing;
Expand Down Expand Up @@ -172,7 +172,7 @@ const fieldValuePairsTransactionsRoute = createApmServerRoute({
}),
]),
}),
options: { tags: ['access:apm'] },
security: { authz: { requiredPrivileges: ['apm'] } },
handler: async (resources): Promise<FieldValuePairsResponse> => {
const { context } = resources;
const { license } = await context.licensing;
Expand Down Expand Up @@ -240,7 +240,7 @@ const significantCorrelationsTransactionsRoute = createApmServerRoute({
}),
]),
}),
options: { tags: ['access:apm'] },
security: { authz: { requiredPrivileges: ['apm'] } },
handler: async (resources): Promise<SignificantCorrelationsResponse> => {
const apmEventClient = await getApmEventClient(resources);
const {
Expand Down Expand Up @@ -299,7 +299,7 @@ const pValuesTransactionsRoute = createApmServerRoute({
}),
]),
}),
options: { tags: ['access:apm'] },
security: { authz: { requiredPrivileges: ['apm'] } },
handler: async (resources): Promise<PValuesResponse> => {
const apmEventClient = await getApmEventClient(resources);

Expand Down
16 changes: 11 additions & 5 deletions x-pack/plugins/observability_solution/apm/server/routes/custom_dashboards/route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,11 @@ const serviceDashboardSaveRoute = createApmServerRoute({
serviceEnvironmentFilterEnabled: t.boolean,
}),
}),
options: { tags: ['access:apm', 'access:apm_write'] },
security: {
authz: {
requiredPrivileges: ['apm', 'apm_write'],
},
},
handler: async (resources): Promise<SavedApmCustomDashboard> => {
const { context, params } = resources;
const { customDashboardId } = params.query;
Expand Down Expand Up @@ -62,9 +66,7 @@ const serviceDashboardsRoute = createApmServerRoute({
}),
]),
}),
options: {
tags: ['access:apm'],
},
security: { authz: { requiredPrivileges: ['apm'] } },
handler: async (resources): Promise<{ serviceDashboards: SavedApmCustomDashboard[] }> => {
const { context, params, request } = resources;
const coreContext = await context.core;
Expand Down Expand Up @@ -116,7 +118,11 @@ const serviceDashboardDeleteRoute = createApmServerRoute({
customDashboardId: t.string,
}),
}),
options: { tags: ['access:apm', 'access:apm_write'] },
security: {
authz: {
requiredPrivileges: ['apm', 'apm_write'],
},
},
handler: async (resources): Promise<void> => {
const { context, params } = resources;
const { customDashboardId } = params.query;
Expand Down
4 changes: 2 additions & 2 deletions x-pack/plugins/observability_solution/apm/server/routes/data_view/route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ import { getApmEventClient } from '../../lib/helpers/get_apm_event_client';

const staticDataViewRoute = createApmServerRoute({
endpoint: 'POST /internal/apm/data_view/static',
options: { tags: ['access:apm'] },
security: { authz: { requiredPrivileges: ['apm'] } },
handler: async (resources): CreateDataViewResponse => {
const { context, plugins, request, logger } = resources;
const apmEventClient = await getApmEventClient(resources);
Expand Down Expand Up @@ -49,7 +49,7 @@ const staticDataViewRoute = createApmServerRoute({

const dataViewTitleRoute = createApmServerRoute({
endpoint: 'GET /internal/apm/data_view/index_pattern',
options: { tags: ['access:apm'] },
security: { authz: { requiredPrivileges: ['apm'] } },
handler: async ({ getApmIndices }): Promise<{ apmDataViewIndexPattern: string }> => {
const apmIndicies = await getApmIndices();
const apmDataViewIndexPattern = getApmDataViewIndexPattern(apmIndicies);
Expand Down
6 changes: 4 additions & 2 deletions x-pack/plugins/observability_solution/apm/server/routes/debug_telemetry/route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,10 @@ import {
} from '../../../common/apm_saved_object_constants';
export const debugTelemetryRoute = createApmServerRoute({
endpoint: 'GET /internal/apm/debug-telemetry',
options: {
tags: ['access:apm', 'access:apm_write'],
security: {
authz: {
requiredPrivileges: ['apm', 'apm_write'],
},
},
handler: async (resources): Promise<APMTelemetry> => {
const { plugins, context } = resources;
Expand Down
Loading

0 comments on commit a6e263e

Please sign in to comment.