Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Set spaces and roles CRUD APIs to public (elastic#193534)
Closes elastic#192153 ## Summary This PR sets the spaces and roles CRUD operation HTTP API endpoints to public in both stateful and serverless offerings, and additionally, switches to the versioned router to register these endpoints. Prior to this PR, the access level was not explicitly set, thus any endpoints registered in serverless were by default internal. CRUD operations for spaces and roles are being set to public to support the rollout of custom roles in serverless, which coincides with enabling multiple spaces. ### Note - Currently, roles APIs are only available in serverless via a feature flag (`xpack.security.roleManagementEnabled`) - Spaces APIs are already registered in serverless, however, the maximum number of spaces is by default 1, rendering create and delete operations unusable. By overriding `xpack.spaces.maxSpaces` to a number greater than 1 (stateful default is 1000), it will effectively enable use of the spaces CRUD operations in serverless. ## Tests - x-pack/test_serverless/api_integration/test_suites/common/management/multiple_spaces_enabled.ts - x-pack/test_serverless/api_integration/test_suites/common/management/spaces.ts - x-pack/test_serverless/api_integration/test_suites/common/platform_security/authorization.ts - x-pack/test_serverless/api_integration/test_suites/common/platform_security/roles_routes_feature_flag.ts - Unit tests for each endpoint (to account for versioned router) - Flaky Test Runner: https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7002 ## Manual Testing 1. Start ES & Kibana in serverless mode with config options to enable role management and multiple spaces Elasticsearch: ``` xpack.security.authc.native_roles.enabled: true ``` KIbana: ``` xpack.security.roleManagementEnabled: true xpack.spaces.maxSpaces: 100 ``` 3. Issue each CRUD HTTP API without including the internal origin header ('x-elastic-internal-origin') and verify you do not receive a 400 with the message "method [get|post|put|delete] exists but is not available with the current configuration" 4. Repeat steps 1 & 2 from the current head of main and verify that you DO receive a 400 with the message "method [get|post|put|delete] exists but is not available with the current configuration" Regression testing - ensure that interfaces which leverage spaces and roles APIs are functioning properly - Spaces management - Space navigation - Roles management --------- Co-authored-by: kibanamachine <[email protected]>
- Loading branch information