[dashboards as code] white list control group references#245310
Merged
nreese merged 9 commits intoelastic:mainfrom Dec 29, 2025
Merged
[dashboards as code] white list control group references#245310nreese merged 9 commits intoelastic:mainfrom
nreese merged 9 commits intoelastic:mainfrom
Conversation
Contributor
Author
|
/ci |
Contributor
Author
|
/ci |
Contributor
Author
|
@elasticmachine merge upstream |
Contributor
Author
|
/ci |
Contributor
Author
|
@elasticmachine merge upstream |
Contributor
Author
|
/ci |
Contributor
Author
|
@elasticmachine merge upstream |
Contributor
Author
|
@elasticmachine merge upstream |
Contributor
Author
|
/ci |
Contributor
|
Pinging @elastic/kibana-presentation (Team:Presentation) |
kowalczyk-krzysztof
approved these changes
Dec 16, 2025
Contributor
|
Pinging @elastic/obs-ux-management-team (Team:obs-ux-management) |
AlexGPlay
approved these changes
Dec 17, 2025
Contributor
AlexGPlay
left a comment
There was a problem hiding this comment.
lgtm - code review only
nickpeihl
approved these changes
Dec 19, 2025
Contributor
nickpeihl
left a comment
There was a problem hiding this comment.
lgtm! code review and tested dashboard crud to ensure only controls references are permitted on create and update
src/platform/plugins/shared/dashboard/server/api/transforms/out/transform_references_out.ts
Show resolved
Hide resolved
baileycash-elastic
approved these changes
Dec 19, 2025
Contributor
Author
|
@elasticmachine merge upstream |
rbrtj
approved these changes
Dec 29, 2025
Contributor
Author
|
@elasticmachine merge upstream |
Contributor
💛 Build succeeded, but was flaky
Failed CI StepsTest Failures
Metrics [docs]Async chunks
Unknown metric groupsESLint disabled line counts
Total ESLint disabled count
History
|
CAWilson94
pushed a commit
to CAWilson94/kibana
that referenced
this pull request
Jan 6, 2026
) ### external team reviewers With the closing of elastic#222615, all embeddables inject and extract references in the server. As such, `transformOutInjectsReferences` flag is no longer needed and can be removed. ### presentation team reviewers This PR updates dashboard REST endpoint reference handling from black list to white list. Only control group references are white listed. * On `write` - fail request when passed non-white listed references. * On `read` - only return white listed references. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Heenawter
added a commit
that referenced
this pull request
Jan 7, 2026
dej611
pushed a commit
to dej611/kibana
that referenced
this pull request
Jan 8, 2026
) ### external team reviewers With the closing of elastic#222615, all embeddables inject and extract references in the server. As such, `transformOutInjectsReferences` flag is no longer needed and can be removed. ### presentation team reviewers This PR updates dashboard REST endpoint reference handling from black list to white list. Only control group references are white listed. * On `write` - fail request when passed non-white listed references. * On `read` - only return white listed references. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
dej611
pushed a commit
to dej611/kibana
that referenced
this pull request
Jan 8, 2026
## Summary When resolving merge conflicts with elastic#245310 in the [Controls Anywhere PR](elastic#245588), we accidentally ended up with control references being spread twice. This PR undoes that.
devamanv
pushed a commit
to devamanv/kibana
that referenced
this pull request
Jan 12, 2026
## Summary When resolving merge conflicts with elastic#245310 in the [Controls Anywhere PR](elastic#245588), we accidentally ended up with control references being spread twice. This PR undoes that.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
9 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
external team reviewers
With the closing of #222615, all embeddables inject and extract references in the server. As such,
transformOutInjectsReferencesflag is no longer needed and can be removed.presentation team reviewers
This PR updates dashboard REST endpoint reference handling from black list to white list. Only control group references are white listed.
write- fail request when passed non-white listed references.read- only return white listed references.