Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set spaces and roles CRUD APIs to public #193534

Draft
wants to merge 10 commits into
base: main
Choose a base branch
from
Draft

Set spaces and roles CRUD APIs to public #193534

wants to merge 10 commits into from
+950 −616

Conversation

jeramysoucy
Copy link
Contributor

@jeramysoucy jeramysoucy commented Sep 20, 2024
edited
Loading

Closes #192153

Summary

This PR sets the spaces and roles CRUD operation HTTP API endpoints to public in both stateful and serverless offerings, and additionally, switches to the versioned router to register these endpoints.

Prior to this PR, the access level was not explicitly set, thus any endpoints registered in serverless were by default internal. CRUD operations for spaces and roles are being set to public to support the rollout of custom roles in serverless, which coincides with enabling multiple spaces.

Note

  • Currently, roles APIs are only available in serverless via a feature flag (xpack.security.roleManagementEnabled)
  • Spaces APIs are already registered in serverless, however, the maximum number of spaces is by default 1, rendering create and delete operations unusable. By overriding xpack.spaces.maxSpaces to a number greater than 1 (stateful default is 1000), it will effectively enable use of the spaces CRUD operations in serverless.

Tests

  • x-pack/test_serverless/api_integration/test_suites/common/management/multiple_spaces_enabled.ts
  • x-pack/test_serverless/api_integration/test_suites/common/management/spaces.ts
  • x-pack/test_serverless/api_integration/test_suites/common/platform_security/authorization.ts
  • x-pack/test_serverless/api_integration/test_suites/common/platform_security/roles_routes_feature_flag.ts
  • Unit tests for each endpoint (to account for versioned router)
  • Flaky Test Runner: https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7002

Manual Testing

  1. Start ES & Kibana in serverless mode with config options to enable role management and multiple spaces
    Elasticsearch:
xpack.security.authc.native_roles.enabled: true

KIbana:

 xpack.security.roleManagementEnabled: true
 xpack.spaces.maxSpaces: 100
  1. Issue each CRUD HTTP API without including the internal origin header and verify you do not receive a 400 with the message "method [get|post|put|delete] exists but is not available with the current configuration"
  2. Repeat steps 1 & 2 from the current head of main and verify that you DO receive a 400 with the message "method [get|post|put|delete] exists but is not available with the current configuration"

@jeramysoucy jeramysoucy added Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! Feature:Security/Spaces Platform Security - Spaces feature release_note:skip Skip the PR/issue when compiling release notes Feature:Security/Authorization Platform Security - Authorization backport:skip This commit does not require backporting Project:Serverless Work as part of the Serverless project for its initial release v8.16.0 labels Sep 20, 2024
@jeramysoucy jeramysoucy changed the title Sets spaces and roles CRUD API to public Set spaces and roles CRUD API to public Sep 23, 2024
@jeramysoucy jeramysoucy changed the title Set spaces and roles CRUD API to public Set spaces and roles CRUD APIs to public Sep 23, 2024
@jeramysoucy jeramysoucy marked this pull request as ready for review September 24, 2024 07:13
@jeramysoucy jeramysoucy requested review from a team as code owners September 24, 2024 07:13
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security (Team:Security)

@jeramysoucy jeramysoucy marked this pull request as draft September 24, 2024 07:31
@elasticmachine
Copy link
Contributor

elasticmachine commented Sep 24, 2024
edited
Loading

🤖 Jobs for this PR can be triggered through checkboxes. 🚧

ℹ️ To trigger the CI, please tick the checkbox below 👇

  • Click to trigger kibana-pull-request for this PR!

@kibanamachine
Copy link
Contributor

Flaky Test Runner Stats

🎉 All tests passed! - kibana-flaky-test-suite-runner#7002

[✅] x-pack/test_serverless/api_integration/test_suites/search/config.feature_flags.ts: 50/50 tests passed.
[✅] x-pack/test_serverless/api_integration/test_suites/observability/config.feature_flags.ts: 50/50 tests passed.
[✅] x-pack/test_serverless/api_integration/test_suites/security/config.feature_flags.ts: 50/50 tests passed.

see run history

@kibana-ci
Copy link
Collaborator

kibana-ci commented Sep 24, 2024
edited
Loading

💔 Build Failed

Failed CI Steps

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sabarasaba sabarasaba sabarasaba approved these changes

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
backport:skip This commit does not require backporting Feature:Security/Authorization Platform Security - Authorization Feature:Security/Spaces Platform Security - Spaces feature Project:Serverless Work as part of the Serverless project for its initial release release_note:skip Skip the PR/issue when compiling release notes Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! v8.16.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Set spaces CRUD endpoints to public in serverless
5 participants
@jeramysoucy @elasticmachine @kibanamachine @kibana-ci @sabarasaba