-
Notifications
You must be signed in to change notification settings - Fork 8.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Authz] Eslint Rule for Security Config #193187
Open
elena-shostak
wants to merge
7
commits into
elastic:main
Choose a base branch
from
elena-shostak:191715-eslint-security-config
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
[Authz] Eslint Rule for Security Config #193187
elena-shostak
wants to merge
7
commits into
elastic:main
from
elena-shostak:191715-eslint-security-config
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
elena-shostak
force-pushed
the
191715-eslint-security-config
branch
from
September 19, 2024 10:41
17f511c
to
f1983c8
Compare
elena-shostak
force-pushed
the
191715-eslint-security-config
branch
from
September 19, 2024 10:43
f1983c8
to
b1d9bd6
Compare
elena-shostak
added
Team:Security
Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
release_note:skip
Skip the PR/issue when compiling release notes
labels
Sep 19, 2024
elena-shostak
changed the title
191715 eslint security config
[Authz] Eslint Rule for Security Config
Sep 19, 2024
elena-shostak
added
Feature:Security/Authorization
Platform Security - Authorization
enhancement
New value added to drive a business result
labels
Sep 19, 2024
@elasticmachine merge upstream |
/ci |
@elasticmachine merge upstream |
/ci |
Pinging @elastic/kibana-security (Team:Security) |
@elasticmachine merge upstream |
💛 Build succeeded, but was flaky
Failed CI StepsMetrics [docs]
History
To update your PR or re-run it, just comment with: |
jbudz
reviewed
Sep 23, 2024
jbudz
approved these changes
Sep 24, 2024
kc13greiner
approved these changes
Sep 24, 2024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
backport:skip
This commit does not require backporting
enhancement
New value added to drive a business result
Feature:Security/Authorization
Platform Security - Authorization
release_note:skip
Skip the PR/issue when compiling release notes
Team:Security
Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
ESLint rule is introduced to enforce the migration of access tags in route configurations to the
security.authz.requiredPrivileges
field. It ensures that security configurations are correctly applied in both standard and versioned routes. Will be enabled after #191973 is merged.The rule covers:
Access Tag Migration. Moves
access:<privilege>
tags from theoptions.tags
property tosecurity.authz.requiredPrivileges
. Preserves any non-access tags in the tags property.Missing Security Config Detection. Reports an error if no security config is found in the route or version.
Suggests adding a default security configuration
authz: { enabled: false }
.Note
There is an indentation issues with the test,
dedent
doesn't solve most of the issues and sinceRuleTester
was designed to test a single rule at a time,I couldn't enable multiple fixes (including indent ones) before checking output.Manually adjusted the indentation.
Checklist
Fixes: #191715
Related: #191710