Skip to content

Commit

Permalink
Merge branch '8.x' into update-bundled-packages-20241022133714
Browse files Browse the repository at this point in the history
  • Loading branch information
elasticmachine authored Oct 23, 2024
2 parents ce2620b + 722dd5d commit ba122ce
Show file tree
Hide file tree
Showing 227 changed files with 5,789 additions and 1,447 deletions.
1 change: 1 addition & 0 deletions .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
Expand Up @@ -727,6 +727,7 @@ packages/kbn-resizable-layout @elastic/kibana-data-discovery
examples/resizable_layout_examples @elastic/kibana-data-discovery
x-pack/test/plugin_functional/plugins/resolver_test @elastic/security-solution
packages/response-ops/feature_flag_service @elastic/response-ops
packages/response-ops/rule_params @elastic/response-ops
examples/response_stream @elastic/ml-ui
packages/kbn-rison @elastic/kibana-operations
x-pack/packages/rollup @elastic/kibana-management
Expand Down
8 changes: 2 additions & 6 deletions oas_docs/output/kibana.serverless.staging.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -30472,9 +30472,7 @@ components:
name:
type: string
source:
items:
type: string
type: array
type: string
required:
- name
- source
Expand Down Expand Up @@ -30626,9 +30624,7 @@ components:
name:
type: string
source:
items:
type: string
type: array
type: string
required:
- name
- source
Expand Down
8 changes: 2 additions & 6 deletions oas_docs/output/kibana.serverless.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -30472,9 +30472,7 @@ components:
name:
type: string
source:
items:
type: string
type: array
type: string
required:
- name
- source
Expand Down Expand Up @@ -30626,9 +30624,7 @@ components:
name:
type: string
source:
items:
type: string
type: array
type: string
required:
- name
- source
Expand Down
8 changes: 2 additions & 6 deletions oas_docs/output/kibana.staging.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -39302,9 +39302,7 @@ components:
name:
type: string
source:
items:
type: string
type: array
type: string
required:
- name
- source
Expand Down Expand Up @@ -39456,9 +39454,7 @@ components:
name:
type: string
source:
items:
type: string
type: array
type: string
required:
- name
- source
Expand Down
8 changes: 2 additions & 6 deletions oas_docs/output/kibana.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -39302,9 +39302,7 @@ components:
name:
type: string
source:
items:
type: string
type: array
type: string
required:
- name
- source
Expand Down Expand Up @@ -39456,9 +39454,7 @@ components:
name:
type: string
source:
items:
type: string
type: array
type: string
required:
- name
- source
Expand Down
1 change: 1 addition & 0 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -746,6 +746,7 @@
"@kbn/resizable-layout-examples-plugin": "link:examples/resizable_layout_examples",
"@kbn/resolver-test-plugin": "link:x-pack/test/plugin_functional/plugins/resolver_test",
"@kbn/response-ops-feature-flag-service": "link:packages/response-ops/feature_flag_service",
"@kbn/response-ops-rule-params": "link:packages/response-ops/rule_params",
"@kbn/response-stream-plugin": "link:examples/response_stream",
"@kbn/rison": "link:packages/kbn-rison",
"@kbn/rollup": "link:x-pack/packages/rollup",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,10 @@ describe('Router', () => {
discontinued: 'post test discontinued',
summary: 'post test summary',
description: 'post test description',
availability: {
since: '1.0.0',
stability: 'experimental',
},
},
},
(context, req, res) => res.ok()
Expand All @@ -72,6 +76,10 @@ describe('Router', () => {
discontinued: 'post test discontinued',
summary: 'post test summary',
description: 'post test description',
availability: {
since: '1.0.0',
stability: 'experimental',
},
},
});
});
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
*/

import { validRouteSecurity } from './security_route_config_validator';
import { ReservedPrivilegesSet } from '@kbn/core-http-server';

describe('RouteSecurity validation', () => {
it('should pass validation for valid route security with authz enabled and valid required privileges', () => {
Expand Down Expand Up @@ -276,4 +277,31 @@ describe('RouteSecurity validation', () => {
`"[authz.requiredPrivileges]: anyRequired privileges must contain unique values"`
);
});

it('should fail validation when anyRequired has superuser privileges set', () => {
const invalidRouteSecurity = {
authz: {
requiredPrivileges: [
{ anyRequired: ['privilege1', 'privilege1'], allRequired: ['privilege4'] },
{ anyRequired: ['privilege5', ReservedPrivilegesSet.superuser] },
],
},
};

expect(() => validRouteSecurity(invalidRouteSecurity)).toThrowErrorMatchingInlineSnapshot(
`"[authz.requiredPrivileges]: Combining superuser with other privileges is redundant, superuser privileges set can be only used as a standalone privilege."`
);
});

it('should fail validation when allRequired combines superuser privileges set with other privileges', () => {
const invalidRouteSecurity = {
authz: {
requiredPrivileges: [ReservedPrivilegesSet.superuser, 'privilege1'],
},
};

expect(() => validRouteSecurity(invalidRouteSecurity)).toThrowErrorMatchingInlineSnapshot(
`"[authz.requiredPrivileges]: Combining superuser with other privileges is redundant, superuser privileges set can be only used as a standalone privilege."`
);
});
});
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@

import { schema } from '@kbn/config-schema';
import type { RouteSecurity, RouteConfigOptions } from '@kbn/core-http-server';
import { ReservedPrivilegesSet } from '@kbn/core-http-server';
import type { DeepPartial } from '@kbn/utility-types';

const privilegeSetSchema = schema.object(
Expand Down Expand Up @@ -49,6 +50,15 @@ const requiredPrivilegesSchema = schema.arrayOf(
}
});

// Combining superuser with other privileges is redundant.
// If user is a superuser, they inherently have access to all the privileges that may come with other roles.
if (
anyRequired.includes(ReservedPrivilegesSet.superuser) ||
(allRequired.includes(ReservedPrivilegesSet.superuser) && allRequired.length > 1)
) {
return 'Combining superuser with other privileges is redundant, superuser privileges set can be only used as a standalone privilege.';
}

if (anyRequired.length && allRequired.length) {
for (const privilege of anyRequired) {
if (allRequired.includes(privilege)) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,46 @@ describe('Versioned route', () => {
jest.clearAllMocks();
});

describe('#getRoutes', () => {
it('returns the expected metadata', () => {
const versionedRouter = CoreVersionedRouter.from({ router });
versionedRouter
.get({
path: '/test/{id}',
access: 'public',
options: {
httpResource: true,
availability: {
since: '1.0.0',
stability: 'experimental',
},
excludeFromOAS: true,
tags: ['1', '2', '3'],
},
description: 'test',
summary: 'test',
enableQueryVersion: false,
})
.addVersion({ version: '2023-10-31', validate: false }, handlerFn);

expect(versionedRouter.getRoutes()[0].options).toMatchObject({
access: 'public',
enableQueryVersion: false,
description: 'test',
summary: 'test',
options: {
httpResource: true,
availability: {
since: '1.0.0',
stability: 'experimental',
},
excludeFromOAS: true,
tags: ['1', '2', '3'],
},
});
});
});

it('can register multiple handlers', () => {
const versionedRouter = CoreVersionedRouter.from({ router });
versionedRouter
Expand Down Expand Up @@ -133,14 +173,15 @@ describe('Versioned route', () => {
const opts: Parameters<typeof versionedRouter.post>[0] = {
path: '/test/{id}',
access: 'internal',
summary: 'test',
description: 'test',
options: {
authRequired: true,
tags: ['access:test'],
timeout: { payload: 60_000, idleSocket: 10_000 },
xsrfRequired: false,
excludeFromOAS: true,
httpResource: true,
summary: `test`,
},
};

Expand Down
1 change: 1 addition & 0 deletions packages/core/http/core-http-server/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -127,6 +127,7 @@ export {
getResponseValidation,
isFullValidatorContainer,
isKibanaResponse,
ReservedPrivilegesSet,
} from './src/router';

export type { ICspConfig } from './src/csp';
Expand Down
2 changes: 1 addition & 1 deletion packages/core/http/core-http-server/src/router/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ export type {
PrivilegeSet,
} from './route';

export { validBodyOutput } from './route';
export { validBodyOutput, ReservedPrivilegesSet } from './route';
export type {
RouteValidationFunction,
RouteValidationResultFactory,
Expand Down
25 changes: 25 additions & 0 deletions packages/core/http/core-http-server/src/router/route.ts
Original file line number Diff line number Diff line change
Expand Up @@ -187,6 +187,14 @@ export interface RouteSecurity {
authc?: RouteAuthc;
}

/**
* A set of reserved privileges that can be used to check access to the route.
*/
export enum ReservedPrivilegesSet {
operator = 'operator',
superuser = 'superuser',
}

/**
* Additional route options.
* @public
Expand Down Expand Up @@ -321,6 +329,23 @@ export interface RouteConfigOptions<Method extends RouteMethod> {
* @default false
*/
httpResource?: boolean;

/**
* Based on the the ES API specification (see https://github.com/elastic/elasticsearch-specification)
* Kibana APIs can also specify some metadata about API availability.
*
* This setting is only applicable if your route `access` is `public`.
*
* @remark intended to be used for informational purposes only.
*/
availability?: {
/** @default stable */
stability?: 'experimental' | 'beta' | 'stable';
/**
* The stack version in which the route was introduced (eg: 8.15.0).
*/
since?: string;
};
}

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ export type VersionedRouteConfig<Method extends RouteMethod> = Omit<
> & {
options?: Omit<
RouteConfigOptions<Method>,
'access' | 'description' | 'deprecated' | 'discontinued' | 'security'
'access' | 'description' | 'summary' | 'deprecated' | 'discontinued' | 'security'
>;
/** See {@link RouteConfigOptions<RouteMethod>['access']} */
access: Exclude<RouteConfigOptions<Method>['access'], undefined>;
Expand Down
27 changes: 25 additions & 2 deletions packages/kbn-esql-ast/src/ast/helpers.ts
Original file line number Diff line number Diff line change
Expand Up @@ -7,11 +7,22 @@
* License v3.0 only", or the "Server Side Public License, v 1".
*/

import { ESQLAstNode, ESQLBinaryExpression, ESQLFunction } from '../types';
import type {
ESQLAstNode,
ESQLBinaryExpression,
ESQLColumn,
ESQLFunction,
ESQLIntegerLiteral,
ESQLLiteral,
ESQLProperNode,
} from '../types';
import { BinaryExpressionGroup } from './constants';

export const isProperNode = (node: unknown): node is ESQLProperNode =>
!!node && typeof node === 'object' && !Array.isArray(node);

export const isFunctionExpression = (node: unknown): node is ESQLFunction =>
!!node && typeof node === 'object' && !Array.isArray(node) && (node as any).type === 'function';
isProperNode(node) && node.type === 'function';

/**
* Returns true if the given node is a binary expression, i.e. an operator
Expand All @@ -28,6 +39,18 @@ export const isFunctionExpression = (node: unknown): node is ESQLFunction =>
export const isBinaryExpression = (node: unknown): node is ESQLBinaryExpression =>
isFunctionExpression(node) && node.subtype === 'binary-expression';

export const isLiteral = (node: unknown): node is ESQLLiteral =>
isProperNode(node) && node.type === 'literal';

export const isIntegerLiteral = (node: unknown): node is ESQLIntegerLiteral =>
isLiteral(node) && node.literalType === 'integer';

export const isDoubleLiteral = (node: unknown): node is ESQLIntegerLiteral =>
isLiteral(node) && node.literalType === 'double';

export const isColumn = (node: unknown): node is ESQLColumn =>
isProperNode(node) && node.type === 'column';

/**
* Returns the group of a binary expression:
*
Expand Down
Loading

0 comments on commit ba122ce

Please sign in to comment.