Skip to content

Commit

Permalink
[APM] Update deprecated access tags to the new security configuration…
Browse files Browse the repository at this point in the history
… in routes (#204058)

## Summary

Closes #203792

This PR replaces the deprecated `access` tags with the new `security`
configuration.

All instances of `options: {tags: ['access:<privilege>']}` are now
updated to `security: {authz: {requiredPrivileges: [<privilege>]}}`.

These are the access tags currently used in APM that have been migrated:
- `access:apm`  
- `access:apm_write`  
- `access:apm_settings_write`  
- `access:ml:canGetJobs`  
- `access:ml:canCreateJob`  
- `access:ml:canCloseJob`  
- `access:ai_assistant`
  • Loading branch information
iblancof authored Dec 13, 2024
1 parent 0cd82ae commit a4cf54c
Show file tree
Hide file tree
Showing 45 changed files with 291 additions and 271 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ import {

const agentExplorerRoute = createApmServerRoute({
endpoint: 'GET /internal/apm/get_agents_per_service',
options: { tags: ['access:apm'] },
security: { authz: { requiredPrivileges: ['apm'] } },
params: t.type({
query: t.intersection([
environmentRt,
Expand Down Expand Up @@ -62,7 +62,7 @@ const agentExplorerRoute = createApmServerRoute({

const latestAgentVersionsRoute = createApmServerRoute({
endpoint: 'GET /internal/apm/get_latest_agent_versions',
options: { tags: ['access:apm'] },
security: { authz: { requiredPrivileges: ['apm'] } },
async handler(resources): Promise<AgentLatestVersionsResponse> {
const { logger, config } = resources;

Expand All @@ -72,7 +72,7 @@ const latestAgentVersionsRoute = createApmServerRoute({

const agentExplorerInstanceRoute = createApmServerRoute({
endpoint: 'GET /internal/apm/services/{serviceName}/agent_instances',
options: { tags: ['access:apm'] },
security: { authz: { requiredPrivileges: ['apm'] } },
params: t.type({
path: t.type({ serviceName: t.string }),
query: t.intersection([environmentRt, kueryRt, rangeRt, probabilityRt]),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ import { privilegesTypeRt } from '../../../common/privilege_type';

const agentKeysRoute = createApmServerRoute({
endpoint: 'GET /internal/apm/agent_keys',
options: { tags: ['access:apm'] },
security: { authz: { requiredPrivileges: ['apm'] } },

handler: async (resources): Promise<AgentKeysResponse> => {
const { context } = resources;
Expand All @@ -31,8 +31,7 @@ const agentKeysRoute = createApmServerRoute({

const agentKeysPrivilegesRoute = createApmServerRoute({
endpoint: 'GET /internal/apm/agent_keys/privileges',
options: { tags: ['access:apm'] },

security: { authz: { requiredPrivileges: ['apm'] } },
handler: async (resources): Promise<AgentKeysPrivilegesResponse> => {
const {
plugins: { security },
Expand All @@ -55,7 +54,11 @@ const agentKeysPrivilegesRoute = createApmServerRoute({

const invalidateAgentKeyRoute = createApmServerRoute({
endpoint: 'POST /internal/apm/api_key/invalidate',
options: { tags: ['access:apm', 'access:apm_settings_write'] },
security: {
authz: {
requiredPrivileges: ['apm', 'apm_settings_write'],
},
},
params: t.type({
body: t.type({ id: t.string }),
}),
Expand Down Expand Up @@ -91,7 +94,12 @@ const invalidateAgentKeyRoute = createApmServerRoute({

const createAgentKeyRoute = createApmServerRoute({
endpoint: 'POST /api/apm/agent_keys 2023-10-31',
options: { tags: ['access:apm', 'access:apm_settings_write', 'oas-tag:APM agent keys'] },
options: { tags: ['oas-tag:APM agent keys'] },
security: {
authz: {
requiredPrivileges: ['apm', 'apm_settings_write'],
},
},
params: t.type({
body: t.type({
name: t.string,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ export type AlertParams = t.TypeOf<typeof alertParamsRt>;
const transactionErrorRateChartPreview = createApmServerRoute({
endpoint: 'GET /internal/apm/rule_types/transaction_error_rate/chart_preview',
params: t.type({ query: alertParamsRt }),
options: { tags: ['access:apm'] },
security: { authz: { requiredPrivileges: ['apm'] } },
handler: async (
resources
): Promise<{
Expand All @@ -84,7 +84,7 @@ const transactionErrorRateChartPreview = createApmServerRoute({
const transactionErrorCountChartPreview = createApmServerRoute({
endpoint: 'GET /internal/apm/rule_types/error_count/chart_preview',
params: t.type({ query: alertParamsRt }),
options: { tags: ['access:apm'] },
security: { authz: { requiredPrivileges: ['apm'] } },
handler: async (
resources
): Promise<{
Expand All @@ -107,7 +107,7 @@ const transactionErrorCountChartPreview = createApmServerRoute({
const transactionDurationChartPreview = createApmServerRoute({
endpoint: 'GET /internal/apm/rule_types/transaction_duration/chart_preview',
params: t.type({ query: alertParamsRt }),
options: { tags: ['access:apm'] },
security: { authz: { requiredPrivileges: ['apm'] } },
handler: async (
resources
): Promise<{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,13 @@ const getRegisterRouteDependencies = () => {

const initApi = (
routes: Array<
ServerRoute<any, t.Any | undefined, APMRouteHandlerResources, any, APMRouteCreateOptions>
ServerRoute<
any,
t.Any | undefined,
APMRouteHandlerResources,
any,
APMRouteCreateOptions | undefined
>
>
) => {
const { mocks, dependencies } = getRegisterRouteDependencies();
Expand Down Expand Up @@ -134,36 +140,30 @@ describe('createApi', () => {
} = initApi([
{
endpoint: 'GET /foo',
options: { tags: ['access:apm'] },
security: { authz: { requiredPrivileges: ['apm'] } },
handler: async () => ({}),
},
{
endpoint: 'POST /bar',
params: t.type({
body: t.string,
}),
options: { tags: ['access:apm'] },
security: { authz: { requiredPrivileges: ['apm'] } },
handler: async () => ({}),
},
{
endpoint: 'PUT /baz',
options: {
tags: ['access:apm', 'access:apm_write'],
},
security: { authz: { requiredPrivileges: ['apm', 'apm_write'] } },
handler: async () => ({}),
},
{
endpoint: 'GET /qux',
options: {
tags: ['access:apm', 'access:apm_write'],
},
security: { authz: { requiredPrivileges: ['apm', 'apm_write'] } },
handler: async () => ({}),
},
{
endpoint: 'GET /fez',
options: {
tags: ['access:apm', 'access:apm_settings_write'],
},
security: { authz: { requiredPrivileges: ['apm', 'apm_settings_write'] } },
handler: async () => ({}),
},
]);
Expand All @@ -175,41 +175,36 @@ describe('createApi', () => {
expect(put).toHaveBeenCalledTimes(1);

expect(get.mock.calls[0][0]).toEqual({
options: {
tags: ['access:apm'],
},
options: {},
security: { authz: { requiredPrivileges: ['apm'] } },
path: '/foo',
validate: expect.anything(),
});

expect(get.mock.calls[1][0]).toEqual({
options: {
tags: ['access:apm', 'access:apm_write'],
},
options: {},
security: { authz: { requiredPrivileges: ['apm', 'apm_write'] } },
path: '/qux',
validate: expect.anything(),
});

expect(get.mock.calls[2][0]).toEqual({
options: {
tags: ['access:apm', 'access:apm_settings_write'],
},
options: {},
security: { authz: { requiredPrivileges: ['apm', 'apm_settings_write'] } },
path: '/fez',
validate: expect.anything(),
});

expect(post.mock.calls[0][0]).toEqual({
options: {
tags: ['access:apm'],
},
options: {},
security: { authz: { requiredPrivileges: ['apm'] } },
path: '/bar',
validate: expect.anything(),
});

expect(put.mock.calls[0][0]).toEqual({
options: {
tags: ['access:apm', 'access:apm_write'],
},
options: {},
security: { authz: { requiredPrivileges: ['apm', 'apm_write'] } },
path: '/baz',
validate: expect.anything(),
});
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,10 @@ import { getApmTimeseries, getApmTimeseriesRt, type ApmTimeseries } from './get_

const getApmTimeSeriesRoute = createApmServerRoute({
endpoint: 'POST /internal/apm/assistant/get_apm_timeseries',
options: {
tags: ['access:apm', 'access:ai_assistant'],
security: {
authz: {
requiredPrivileges: ['apm', 'ai_assistant'],
},
},
params: t.type({
body: getApmTimeseriesRt,
Expand Down Expand Up @@ -51,9 +53,7 @@ const getDownstreamDependenciesRoute = createApmServerRoute({
params: t.type({
query: downstreamDependenciesRouteRt,
}),
options: {
tags: ['access:apm'],
},
security: { authz: { requiredPrivileges: ['apm'] } },
handler: async (resources): Promise<{ content: APMDownstreamDependency[] }> => {
const {
params,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ const fieldCandidatesTransactionsRoute = createApmServerRoute({
rangeRt,
]),
}),
options: { tags: ['access:apm'] },
security: { authz: { requiredPrivileges: ['apm'] } },
handler: async (resources): Promise<DurationFieldCandidatesResponse> => {
const { context } = resources;
const { license } = await context.licensing;
Expand Down Expand Up @@ -104,7 +104,7 @@ const fieldValueStatsTransactionsRoute = createApmServerRoute({
}),
]),
}),
options: { tags: ['access:apm'] },
security: { authz: { requiredPrivileges: ['apm'] } },
handler: async (resources): Promise<TopValuesStats> => {
const { context } = resources;
const { license } = await context.licensing;
Expand Down Expand Up @@ -172,7 +172,7 @@ const fieldValuePairsTransactionsRoute = createApmServerRoute({
}),
]),
}),
options: { tags: ['access:apm'] },
security: { authz: { requiredPrivileges: ['apm'] } },
handler: async (resources): Promise<FieldValuePairsResponse> => {
const { context } = resources;
const { license } = await context.licensing;
Expand Down Expand Up @@ -240,7 +240,7 @@ const significantCorrelationsTransactionsRoute = createApmServerRoute({
}),
]),
}),
options: { tags: ['access:apm'] },
security: { authz: { requiredPrivileges: ['apm'] } },
handler: async (resources): Promise<SignificantCorrelationsResponse> => {
const apmEventClient = await getApmEventClient(resources);
const {
Expand Down Expand Up @@ -299,7 +299,7 @@ const pValuesTransactionsRoute = createApmServerRoute({
}),
]),
}),
options: { tags: ['access:apm'] },
security: { authz: { requiredPrivileges: ['apm'] } },
handler: async (resources): Promise<PValuesResponse> => {
const apmEventClient = await getApmEventClient(resources);

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,11 @@ const serviceDashboardSaveRoute = createApmServerRoute({
serviceEnvironmentFilterEnabled: t.boolean,
}),
}),
options: { tags: ['access:apm', 'access:apm_write'] },
security: {
authz: {
requiredPrivileges: ['apm', 'apm_write'],
},
},
handler: async (resources): Promise<SavedApmCustomDashboard> => {
const { context, params } = resources;
const { customDashboardId } = params.query;
Expand Down Expand Up @@ -62,9 +66,7 @@ const serviceDashboardsRoute = createApmServerRoute({
}),
]),
}),
options: {
tags: ['access:apm'],
},
security: { authz: { requiredPrivileges: ['apm'] } },
handler: async (resources): Promise<{ serviceDashboards: SavedApmCustomDashboard[] }> => {
const { context, params, request } = resources;
const coreContext = await context.core;
Expand Down Expand Up @@ -116,7 +118,11 @@ const serviceDashboardDeleteRoute = createApmServerRoute({
customDashboardId: t.string,
}),
}),
options: { tags: ['access:apm', 'access:apm_write'] },
security: {
authz: {
requiredPrivileges: ['apm', 'apm_write'],
},
},
handler: async (resources): Promise<void> => {
const { context, params } = resources;
const { customDashboardId } = params.query;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ import { getApmEventClient } from '../../lib/helpers/get_apm_event_client';

const staticDataViewRoute = createApmServerRoute({
endpoint: 'POST /internal/apm/data_view/static',
options: { tags: ['access:apm'] },
security: { authz: { requiredPrivileges: ['apm'] } },
handler: async (resources): CreateDataViewResponse => {
const { context, plugins, request, logger } = resources;
const apmEventClient = await getApmEventClient(resources);
Expand Down Expand Up @@ -49,7 +49,7 @@ const staticDataViewRoute = createApmServerRoute({

const dataViewTitleRoute = createApmServerRoute({
endpoint: 'GET /internal/apm/data_view/index_pattern',
options: { tags: ['access:apm'] },
security: { authz: { requiredPrivileges: ['apm'] } },
handler: async ({ getApmIndices }): Promise<{ apmDataViewIndexPattern: string }> => {
const apmIndicies = await getApmIndices();
const apmDataViewIndexPattern = getApmDataViewIndexPattern(apmIndicies);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,10 @@ import {
} from '../../../common/apm_saved_object_constants';
export const debugTelemetryRoute = createApmServerRoute({
endpoint: 'GET /internal/apm/debug-telemetry',
options: {
tags: ['access:apm', 'access:apm_write'],
security: {
authz: {
requiredPrivileges: ['apm', 'apm_write'],
},
},
handler: async (resources): Promise<APMTelemetry> => {
const { plugins, context } = resources;
Expand Down
Loading

0 comments on commit a4cf54c

Please sign in to comment.