Added DisabledAuthz utility#216633
Merged
elena-shostak merged 15 commits intoelastic:mainfrom Apr 8, 2025
Merged
Conversation
elena-shostak
added
Team:Security
Contributor
Author
|
/ci |
Contributor
Author
|
/ci |
Contributor
Author
|
/сi |
Contributor
|
Pinging @elastic/kibana-security (Team:Security) |
jloleysens
approved these changes
Apr 2, 2025
Contributor
jloleysens
left a comment
jloleysens
left a comment
There was a problem hiding this comment.
Cool, nice work @elena-shostak !
jeramysoucy
reviewed
Apr 7, 2025
| enabled: false, | ||
| reason: `This route delegates authorization to Core's scoped ES cluster client`, | ||
| }, | ||
| authz: AuthzDisabled.delegateToESClient, |
Contributor
There was a problem hiding this comment.
Will we replace all other cases where routes delegate to the ES or SO client? Or will that be follow-up work for other teams?
Contributor
Author
There was a problem hiding this comment.
It will be a follow up work
jeramysoucy
approved these changes
Apr 7, 2025
Contributor
jeramysoucy
left a comment
jeramysoucy
left a comment
There was a problem hiding this comment.
LGTM! Thanks for adding this. Just left a minor nit/suggestion.
Co-authored-by: Jeramy Soucy <jeramy.soucy@elastic.co>
Contributor
💛 Build succeeded, but was flaky
Failed CI StepsTest FailuresMetrics [docs]Public APIs missing comments
History
|
Contributor
|
Starting backport for target branches: 8.x https://github.com/elastic/kibana/actions/runs/14331805609 |
Contributor
💔 All backports failed
Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
kibanamachine
added
the
backport missing
Contributor
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
1 similar comment
Contributor
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
elena-shostak
added a commit
to elena-shostak/kibana
that referenced
this pull request
Apr 10, 2025
## Summary Added `DisabledAuthz` utility class, this will address the current repetition of the reason string `'This route delegates authorization to the ES/SO client` and other common scenarios. __Closes: https://github.com/elastic/kibana/issues/216632__ --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Jeramy Soucy <jeramy.soucy@elastic.co> (cherry picked from commit 18ca869) # Conflicts: # x-pack/platform/plugins/shared/security/server/routes/authorization/roles/delete.ts # x-pack/platform/plugins/shared/security/server/routes/authorization/roles/get.ts # x-pack/platform/plugins/shared/security/server/routes/authorization/roles/get_all.ts # x-pack/platform/plugins/shared/security/server/routes/authorization/roles/post.ts # x-pack/platform/plugins/shared/security/server/routes/authorization/roles/put.ts # x-pack/platform/plugins/shared/security/server/routes/authorization/roles/query.ts
Contributor
Author
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
elena-shostak
added a commit
to elena-shostak/kibana
that referenced
this pull request
Apr 10, 2025
## Summary Added `DisabledAuthz` utility class, this will address the current repetition of the reason string `'This route delegates authorization to the ES/SO client` and other common scenarios. __Closes: https://github.com/elastic/kibana/issues/216632__ --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Jeramy Soucy <jeramy.soucy@elastic.co> (cherry picked from commit 18ca869) # Conflicts: # x-pack/platform/plugins/shared/security/server/routes/authorization/roles/delete.ts # x-pack/platform/plugins/shared/security/server/routes/authorization/roles/get.ts # x-pack/platform/plugins/shared/security/server/routes/authorization/roles/get_all.ts # x-pack/platform/plugins/shared/security/server/routes/authorization/roles/post.ts # x-pack/platform/plugins/shared/security/server/routes/authorization/roles/put.ts # x-pack/platform/plugins/shared/security/server/routes/authorization/roles/query.ts
elena-shostak
added a commit
that referenced
this pull request
Apr 11, 2025
# Backport This will backport the following commits from `main` to `9.0`: - [Added DisabledAuthz utility (#216633)](#216633) <!--- Backport version: 9.5.1 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Elena Shostak","email":"165678770+elena-shostak@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-04-08T10:59:28Z","message":"Added DisabledAuthz utility (#216633)\n\n## Summary\n\nAdded `DisabledAuthz` utility class, this will address the current\nrepetition of the reason string `'This route delegates authorization to\nthe ES/SO client` and other common scenarios.\n\n__Closes: https://github.com/elastic/kibana/issues/216632__\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Jeramy Soucy <jeramy.soucy@elastic.co>","sha":"18ca869d926d91b126b754bbbc1234a524949e14","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Security","enhancement","release_note:skip","backport missing","backport:version","v9.1.0","v8.19.0"],"title":"Added DisabledAuthz utility","number":216633,"url":"https://github.com/elastic/kibana/pull/216633","mergeCommit":{"message":"Added DisabledAuthz utility (#216633)\n\n## Summary\n\nAdded `DisabledAuthz` utility class, this will address the current\nrepetition of the reason string `'This route delegates authorization to\nthe ES/SO client` and other common scenarios.\n\n__Closes: https://github.com/elastic/kibana/issues/216632__\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Jeramy Soucy <jeramy.soucy@elastic.co>","sha":"18ca869d926d91b126b754bbbc1234a524949e14"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/216633","number":216633,"mergeCommit":{"message":"Added DisabledAuthz utility (#216633)\n\n## Summary\n\nAdded `DisabledAuthz` utility class, this will address the current\nrepetition of the reason string `'This route delegates authorization to\nthe ES/SO client` and other common scenarios.\n\n__Closes: https://github.com/elastic/kibana/issues/216632__\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Jeramy Soucy <jeramy.soucy@elastic.co>","sha":"18ca869d926d91b126b754bbbc1234a524949e14"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT-->
elena-shostak
added a commit
that referenced
this pull request
Apr 11, 2025
# Backport This will backport the following commits from `main` to `8.x`: - [Added DisabledAuthz utility (#216633)](#216633) <!--- Backport version: 9.5.1 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Elena Shostak","email":"165678770+elena-shostak@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-04-08T10:59:28Z","message":"Added DisabledAuthz utility (#216633)\n\n## Summary\n\nAdded `DisabledAuthz` utility class, this will address the current\nrepetition of the reason string `'This route delegates authorization to\nthe ES/SO client` and other common scenarios.\n\n__Closes: https://github.com/elastic/kibana/issues/216632__\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Jeramy Soucy <jeramy.soucy@elastic.co>","sha":"18ca869d926d91b126b754bbbc1234a524949e14","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Security","enhancement","release_note:skip","backport missing","backport:version","v9.1.0","v8.19.0"],"title":"Added DisabledAuthz utility","number":216633,"url":"https://github.com/elastic/kibana/pull/216633","mergeCommit":{"message":"Added DisabledAuthz utility (#216633)\n\n## Summary\n\nAdded `DisabledAuthz` utility class, this will address the current\nrepetition of the reason string `'This route delegates authorization to\nthe ES/SO client` and other common scenarios.\n\n__Closes: https://github.com/elastic/kibana/issues/216632__\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Jeramy Soucy <jeramy.soucy@elastic.co>","sha":"18ca869d926d91b126b754bbbc1234a524949e14"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/216633","number":216633,"mergeCommit":{"message":"Added DisabledAuthz utility (#216633)\n\n## Summary\n\nAdded `DisabledAuthz` utility class, this will address the current\nrepetition of the reason string `'This route delegates authorization to\nthe ES/SO client` and other common scenarios.\n\n__Closes: https://github.com/elastic/kibana/issues/216632__\n\n---------\n\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Jeramy Soucy <jeramy.soucy@elastic.co>","sha":"18ca869d926d91b126b754bbbc1234a524949e14"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT-->
kibanamachine
removed
the
backport missing
Contributor
|
This PR didn't make it into the latest BC. Updating the labels. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Added
DisabledAuthzutility class, this will address the current repetition of the reason string'This route delegates authorization to the ES/SO clientand other common scenarios.Closes: #216632