Adds upgrade note

elastic · Nov 12, 2024 · e1ab95c · e1ab95c
1 parent 9d4b9f8
commit e1ab95c
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 10 deletions.
diff --git a/docs/upgrade-notes.asciidoc b/docs/upgrade-notes.asciidoc
@@ -49,6 +49,32 @@ For Elastic Security release information, refer to {security-guide}/release-note
 [float]
 ==== Kibana APIs
 
+[discrete]
+[[breaking-199656]]
+.Removed all security v1 endpoints (9.0.0)
+[%collapsible]
+====
+*Details* +
+All `v1` Kibana security HTTP endpoints have been removed.
+
+`GET /api/security/v1/logout` has been replaced by `GET /api/security/logout`
+`GET /api/security/v1/oidc/implicit` has been replaced by `GET /api/security/oidc/implicit`
+`GET /api/security/v1/oidc` has been replaced by GET `/api/security/oidc/callback`
+`POST /api/security/v1/oidc` has been replaced by POST `/api/security/oidc/initiate_login`
+`POST /api/security/v1/saml` has been replaced by POST `/api/security/saml/callback`
+`GET /api/security/v1/me` has been removed with no replacement.
+
+For more information, refer to {kibana-pull}199656[#199656].
+
+*Impact* + 
+Any HTTP API calls to the `v1` Kibana security endpoints will fail with a 404 status code starting from version 9.0.0.
+Third party OIDC and SAML identity providers configured with `v1` endpoints will no longer work.
+
+*Action* +
+Update any OIDC and SAML identity providers to reference the corresponding replacement endpoint listed above.
+Remove references to the `/api/security/v1/me` endpoint from any automations, applications, tooling, and scripts.
+====
+
 [discrete]
 [[breaking-193792]]
 .Access to all internal APIs is blocked (9.0.0)

diff --git a/x-pack/plugins/security/server/routes/authentication/common.ts b/x-pack/plugins/security/server/routes/authentication/common.ts
@@ -64,7 +64,7 @@ export function defineCommonRoutes({
           tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW],
           ...(isDeprecated && {
             deprecated: {
-              documentationUrl: docLinks.security.logout,
+              documentationUrl: 'https://elastic.co', // ToDo: Update with docLink to upgrade note
               severity: 'warning',
               message: i18n.translate('xpack.security.deprecations.logoutRouteMessage', {
                 defaultMessage:
@@ -132,7 +132,7 @@ export function defineCommonRoutes({
           access: isDeprecated ? 'public' : 'internal',
           ...(isDeprecated && {
             deprecated: {
-              documentationUrl: 'https://elastic.co/', // ToDo
+              documentationUrl: 'https://elastic.co', // ToDo: Update with docLink to upgrade note
               severity: 'warning',
               message: i18n.translate('xpack.security.deprecations.meRouteMessage', {
                 defaultMessage:

diff --git a/x-pack/plugins/security/server/routes/authentication/oidc.ts b/x-pack/plugins/security/server/routes/authentication/oidc.ts
@@ -43,8 +43,7 @@ export function defineOIDCRoutes({
           excludeFromOAS: true,
           ...(isDeprecated && {
             deprecated: {
-              documentationUrl:
-                'https://elastic.co/guide/en/elasticsearch/reference/current/oidc-guide.html',
+              documentationUrl: 'https://elastic.co', // ToDo: Update with docLink to upgrade note
               severity: 'warning',
               message: i18n.translate('xpack.security.deprecations.oidcImplicitRouteMessage', {
                 defaultMessage:
@@ -141,8 +140,7 @@ export function defineOIDCRoutes({
           tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW],
           ...(isDeprecated && {
             deprecated: {
-              documentationUrl:
-                'https://elastic.co/guide/en/elasticsearch/reference/current/oidc-guide.html',
+              documentationUrl: 'https://elastic.co', // ToDo: Update with docLink to upgrade note
               severity: 'warning',
               message: i18n.translate('xpack.security.deprecations.oidcCallbackRouteMessage', {
                 defaultMessage:
@@ -248,8 +246,7 @@ export function defineOIDCRoutes({
           tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW],
           ...(isDeprecated && {
             deprecated: {
-              documentationUrl:
-                'https://elastic.co/guide/en/elasticsearch/reference/current/oidc-guide.html',
+              documentationUrl: 'https://elastic.co', // ToDo: Update with docLink to upgrade note
               severity: 'warning',
               message: i18n.translate('xpack.security.deprecations.oidcInitiateRouteMessage', {
                 defaultMessage:

diff --git a/x-pack/plugins/security/server/routes/authentication/saml.ts b/x-pack/plugins/security/server/routes/authentication/saml.ts
@@ -52,8 +52,7 @@ export function defineSAMLRoutes({
           tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW],
           ...(isDeprecated && {
             deprecated: {
-              documentationUrl:
-                'https://elastic.co/guide/en/elasticsearch/reference/current/saml-guide-stack.html',
+              documentationUrl: 'https://elastic.co', // ToDo: Update with doc link to upgrade note
               severity: 'warning',
               message: i18n.translate('xpack.security.deprecations.samlPostRouteMessage', {
                 defaultMessage: