Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RsponseOps][Alerting] Explicitly set access to all API routes of actions, connectors, rules, alerts, and cases plugins #193520

Merged
merged 9 commits into from
Sep 26, 2024
Merged

[RsponseOps][Alerting] Explicitly set access to all API routes of actions, connectors, rules, alerts, and cases plugins #193520

merged 9 commits into from
Sep 26, 2024

Conversation

js-jankisalvi
Copy link
Contributor

@js-jankisalvi js-jankisalvi commented Sep 20, 2024
edited by kibanamachine
Loading

Summary

Resolves #192956
This PR adds

  • access: internal option to internal routes
  • access: public option to public routes

It which will help restrict access of internal routes and allow users to access all public routes.

This PR updates api routes of following x-pack/plugins

  • actions
  • alerting
  • cases
  • rule_registry
  • stack_connectors
  • triggers_actions_ui

@js-jankisalvi js-jankisalvi self-assigned this Sep 20, 2024
@js-jankisalvi js-jankisalvi changed the title [RsponseOps][Alerting] add access to internal routes of rules and alerts apis [RsponseOps][Alerting] Explicitly set access to all API routes of actions, connectors, rules, alerts, and cases plugins Sep 20, 2024
js-jankisalvi
js-jankisalvi commented Sep 20, 2024
View reviewed changes
x-pack/plugins/alerting/server/routes/rule/apis/find/find_rules_route.ts
@@ -102,6 +102,7 @@ const buildFindRulesRoute = ({
router.post(
{
path,
options: { access: 'internal' },
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In this file, GET method has public route and path at line 45 and POST method uses internal path at line 101. However in the list internal path is listed as GET:

GET /internal/alerting/rules/_find internal  

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Related PR with a fix: #193757

js-jankisalvi
js-jankisalvi commented Sep 23, 2024
View reviewed changes
x-pack/plugins/alerting/server/routes/rule/apis/bulk_edit/bulk_edit_rules_route.ts
@@ -33,6 +33,7 @@ const buildBulkEditRulesRoute = ({ licenseState, path, router }: BuildBulkEditRu
router.post(
{
path,
options: { access: 'internal' },
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Couldn't find PATCH route, only POST.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My mistake 😄! I updated the issue.

@js-jankisalvi js-jankisalvi added release_note:skip Skip the PR/issue when compiling release notes Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) v9.0.0 v8.16.0 backport:prev-minor Backport to (8.x) the previous minor version (i.e. one version back from main) labels Sep 23, 2024
@js-jankisalvi js-jankisalvi marked this pull request as ready for review September 23, 2024 08:54
@js-jankisalvi js-jankisalvi requested review from a team as code owners September 23, 2024 08:54
@elasticmachine
Copy link
Contributor

Pinging @elastic/response-ops (Team:ResponseOps)

dominiqueclarke
dominiqueclarke approved these changes Sep 23, 2024
View reviewed changes
Copy link
Contributor

@dominiqueclarke dominiqueclarke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

obs-ux-management changes LGTM

@js-jankisalvi js-jankisalvi enabled auto-merge (squash) September 26, 2024 09:21
@js-jankisalvi js-jankisalvi merged commit 9c78643 into elastic:main Sep 26, 2024
38 checks passed
@js-jankisalvi js-jankisalvi deleted the add-access-alerting-routes branch September 26, 2024 10:00
@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @js-jankisalvi

kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Sep 26, 2024
@js-jankisalvi
[RsponseOps][Alerting] Explicitly set access to all API routes of act…
0fc2bc2 
…ions, connectors, rules, alerts, and cases plugins (elastic#193520)

## Summary
Resolves elastic#192956
This PR adds
- `access: internal` option to internal routes
-  `access: public` option to public routes

It which will help restrict access of internal routes and allow users to
access all public routes.

This PR updates api routes of following `x-pack/plugins`
- actions
- alerting
- cases
- rule_registry
- stack_connectors
- triggers_actions_ui

(cherry picked from commit 9c78643)
@kibanamachine kibanamachine mentioned this pull request Sep 26, 2024
Merged
@kibanamachine
Copy link
Contributor

💚 All backports created successfully

Status Branch Result
8.x

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

kibanamachine added a commit that referenced this pull request Sep 26, 2024
@kibanamachine @js-jankisalvi
[8.x] [RsponseOps][Alerting] Explicitly set access to all API routes …
ba9a67e 
…of actions, connectors, rules, alerts, and cases plugins (#193520) (#194111)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[RsponseOps][Alerting] Explicitly set access to all API routes of
actions, connectors, rules, alerts, and cases plugins
(#193520)](#193520)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Janki
Salvi","email":"117571355+js-jankisalvi@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-09-26T10:00:08Z","message":"[RsponseOps][Alerting]
Explicitly set access to all API routes of actions, connectors, rules,
alerts, and cases plugins (#193520)\n\n## Summary\r\nResolves
#192956 PR adds \r\n-
`access: internal` option to internal routes \r\n- `access: public`
option to public routes \r\n\r\nIt which will help restrict access of
internal routes and allow users to\r\naccess all public
routes.\r\n\r\nThis PR updates api routes of following
`x-pack/plugins`\r\n- actions\r\n- alerting\r\n- cases\r\n-
rule_registry\r\n- stack_connectors\r\n-
triggers_actions_ui","sha":"9c7864309ce1c5a3d085151e3b67d1635bc558c8","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:ResponseOps","v9.0.0","backport:prev-minor","v8.16.0"],"title":"[RsponseOps][Alerting]
Explicitly set access to all API routes of actions, connectors, rules,
alerts, and cases
plugins","number":193520,"url":"#193520
Explicitly set access to all API routes of actions, connectors, rules,
alerts, and cases plugins (#193520)\n\n## Summary\r\nResolves
#192956 PR adds \r\n-
`access: internal` option to internal routes \r\n- `access: public`
option to public routes \r\n\r\nIt which will help restrict access of
internal routes and allow users to\r\naccess all public
routes.\r\n\r\nThis PR updates api routes of following
`x-pack/plugins`\r\n- actions\r\n- alerting\r\n- cases\r\n-
rule_registry\r\n- stack_connectors\r\n-
triggers_actions_ui","sha":"9c7864309ce1c5a3d085151e3b67d1635bc558c8"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"#193520
Explicitly set access to all API routes of actions, connectors, rules,
alerts, and cases plugins (#193520)\n\n## Summary\r\nResolves
#192956 PR adds \r\n-
`access: internal` option to internal routes \r\n- `access: public`
option to public routes \r\n\r\nIt which will help restrict access of
internal routes and allow users to\r\naccess all public
routes.\r\n\r\nThis PR updates api routes of following
`x-pack/plugins`\r\n- actions\r\n- alerting\r\n- cases\r\n-
rule_registry\r\n- stack_connectors\r\n-
triggers_actions_ui","sha":"9c7864309ce1c5a3d085151e3b67d1635bc558c8"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Janki Salvi <117571355+js-jankisalvi@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cnasikas cnasikas cnasikas approved these changes

@dominiqueclarke dominiqueclarke dominiqueclarke approved these changes

@jcger jcger jcger approved these changes

@adcoelho adcoelho Awaiting requested review from adcoelho

Assignees

@js-jankisalvi js-jankisalvi

Labels
backport:prev-minor Backport to (8.x) the previous minor version (i.e. one version back from main) release_note:skip Skip the PR/issue when compiling release notes Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) v8.16.0 v9.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[ResponseOps][Alerting] Explicitly set access for all of our routes
7 participants
@js-jankisalvi @elasticmachine @kibana-ci @kibanamachine @cnasikas @dominiqueclarke @jcger