Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Marks public security, spaces, and encrypted saved object APIs #162410

Closed
wants to merge 5 commits into from
Closed

Marks public security, spaces, and encrypted saved object APIs #162410

wants to merge 5 commits into from

Conversation

jeramysoucy
Copy link
Contributor

Unblocks #162149

Summary

This PR uses the access 'public' option when registering public security (authentication, authorization, etc), spaces, and encrypted saved objects HTTP APIs. #161672 changes default access of registered endpoints to 'internal', meaning that API owners have to explicitly set access: public to pass the API protection restriction. This is an intermediary step to unblock the work to enable API protection in serverless (#162149). Future work (#161337, #162087) will augment how we assign access to these APIs for our serverless products.

@jeramysoucy jeramysoucy added Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! release_note:skip Skip the PR/issue when compiling release notes backport:skip This commit does not require backporting v8.10.0 labels Jul 24, 2023
@jeramysoucy jeramysoucy marked this pull request as ready for review July 24, 2023 20:40
@jeramysoucy jeramysoucy requested a review from a team as a code owner July 24, 2023 20:40
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security (Team:Security)

@kc13greiner kc13greiner self-requested a review July 24, 2023 20:58
@kibana-ci
Copy link
Collaborator

💛 Build succeeded, but was flaky

Failed CI Steps

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

kc13greiner
kc13greiner approved these changes Jul 25, 2023
View reviewed changes
Copy link
Contributor

@kc13greiner kc13greiner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

Side note - there are a few route test files, e.g. roles/get_all, don't assert on the route config.options like some of the others routes' tests that were updated. Should we create a ticket to update those tests to assert the route config?

@jeramysoucy
Copy link
Contributor Author

Closing due to misconception of requirements. See #162523

@jeramysoucy jeramysoucy deleted the set-public-api-access branch July 25, 2023 19:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kc13greiner kc13greiner kc13greiner approved these changes

Assignees
No one assigned
Labels
backport:skip This commit does not require backporting release_note:skip Skip the PR/issue when compiling release notes Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! v8.10.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jeramysoucy @elasticmachine @kibana-ci @kc13greiner