Skip to content

[8.x] Set spaces and roles CRUD APIs to public (#193534)#196242

Merged
jeramysoucy merged 7 commits intoelastic:8.xfrom
jeramysoucy:backport/8.x/pr-193534
Oct 16, 2024
Merged

[8.x] Set spaces and roles CRUD APIs to public (#193534)#196242
jeramysoucy merged 7 commits intoelastic:8.xfrom
jeramysoucy:backport/8.x/pr-193534

Conversation

@jeramysoucy
Copy link
Copy Markdown
Contributor

@jeramysoucy jeramysoucy commented Oct 15, 2024

Backport

This will backport the following commits from main to 8.x:

Questions ?

Please refer to the Backport tool documentation

@jeramysoucy
Set spaces and roles CRUD APIs to public (elastic#193534)
6b956f3 
Closes elastic#192153

## Summary

This PR sets the spaces and roles CRUD operation HTTP API endpoints to
public in both stateful and serverless offerings, and additionally,
switches to the versioned router to register these endpoints.

Prior to this PR, the access level was not explicitly set, thus any
endpoints registered in serverless were by default internal. CRUD
operations for spaces and roles are being set to public to support the
rollout of custom roles in serverless, which coincides with enabling
multiple spaces.

### Note
- Currently, roles APIs are only available in serverless via a feature
flag (`xpack.security.roleManagementEnabled`)
- Spaces APIs are already registered in serverless, however, the maximum
number of spaces is by default 1, rendering create and delete operations
unusable. By overriding `xpack.spaces.maxSpaces` to a number greater
than 1 (stateful default is 1000), it will effectively enable use of the
spaces CRUD operations in serverless.

## Tests
-
x-pack/test_serverless/api_integration/test_suites/common/management/multiple_spaces_enabled.ts
-
x-pack/test_serverless/api_integration/test_suites/common/management/spaces.ts
-
x-pack/test_serverless/api_integration/test_suites/common/platform_security/authorization.ts
-
x-pack/test_serverless/api_integration/test_suites/common/platform_security/roles_routes_feature_flag.ts
- Unit tests for each endpoint (to account for versioned router)
- Flaky Test Runner:
https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7002

## Manual Testing
1. Start ES & Kibana in serverless mode with config options to enable
role management and multiple spaces

Elasticsearch:
```
xpack.security.authc.native_roles.enabled: true
```
 KIbana:
```
 xpack.security.roleManagementEnabled: true
 xpack.spaces.maxSpaces: 100
```
3. Issue each CRUD HTTP API without including the internal origin header
('x-elastic-internal-origin') and verify you do not receive a 400 with
the message "method [get|post|put|delete] exists but is not available
with the current configuration"
4. Repeat steps 1 & 2 from the current head of main and verify that you
DO receive a 400 with the message "method [get|post|put|delete] exists
but is not available with the current configuration"

Regression testing - ensure that interfaces which leverage spaces and
roles APIs are functioning properly
- Spaces management
- Space navigation
- Roles management

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
(cherry picked from commit 26f2928)

# Conflicts:
#	oas_docs/output/kibana.serverless.yaml
#	oas_docs/output/kibana.yaml
@jeramysoucy jeramysoucy added the backport This PR is a backport of another PR label Oct 15, 2024
@jeramysoucy jeramysoucy enabled auto-merge (squash) October 15, 2024 08:15
@jeramysoucy jeramysoucy mentioned this pull request Oct 15, 2024
Merged
@jeramysoucy jeramysoucy requested a review from a team October 15, 2024 08:19
@jeramysoucy jeramysoucy requested a review from azasypkin October 15, 2024 08:29
@jeramysoucy jeramysoucy disabled auto-merge October 15, 2024 08:30
jeramysoucy and others added 4 commits October 15, 2024 11:15
@jeramysoucy
Fixes formatting from merge
9ec33d5
@kibanamachine
[CI] Auto-commit changed files from 'node scripts/capture_oas_snapsho…
9323e10 
…t --include-path /api/status --include-path /api/alerting/rule/ --include-path /api/alerting/rules --include-path /api/actions --include-path /api/security/role --include-path /api/spaces --update --no-serverless'
@kibanamachine
[CI] Auto-commit changed files from 'make api-docs && make api-docs-s…
9419b70 
…taging'
@jeramysoucy
Resolves unit test issues
cf08b17
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Oct 15, 2024

💚 Build Succeeded

Metrics [docs]

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id before after diff
@kbn/core-http-browser 37 36 -1
spaces 71 73 +2
total +1

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
security 541.9KB 541.9KB +38.0B

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
security 67.7KB 67.8KB +158.0B
spaces 33.2KB 33.4KB +201.0B
total +359.0B
Unknown metric groups

API count

id before after diff
spaces 266 269 +3

History

@jeramysoucy jeramysoucy merged commit d216933 into elastic:8.x Oct 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@azasypkin azasypkin azasypkin approved these changes

Assignees

No one assigned

Labels

backport This PR is a backport of another PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jeramysoucy @elasticmachine @azasypkin @kibanamachine