Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Deprecations service] Restrict deprecations endpoint to admins only #127565

Closed
alisonelizabeth opened this issue Mar 14, 2022 · 5 comments
Closed

[Deprecations service] Restrict deprecations endpoint to admins only #127565

alisonelizabeth opened this issue Mar 14, 2022 · 5 comments
Labels
enhancement New value added to drive a business result Feature:Upgrade Assistant Team:Core Core services & architecture: plugins, logging, config, saved objects, http, ES client, i18n, etc

Comments

@alisonelizabeth
Copy link
Contributor

Related to #127563.

The deprecations endpoint should be restricted to administrators only to make sure that the scoped clients provided via the GetDeprecationsContext to deprecation providers have the correct permissions to have unrestricted access to all spaces.

See #127341 (comment) for more details.
@alisonelizabeth alisonelizabeth added Team:Core Core services & architecture: plugins, logging, config, saved objects, http, ES client, i18n, etc enhancement New value added to drive a business result Feature:Upgrade Assistant labels Mar 14, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-core (Team:Core)

@alisonelizabeth alisonelizabeth mentioned this issue Mar 14, 2022
Closed
@Bamieh
Copy link
Member

Bamieh commented Mar 17, 2022

@alisonelizabeth is this an enhancement or a requirement causing bugs at the moment? I'm trying to assess the priority for working on this in the upcoming weeks

@alisonelizabeth
Copy link
Contributor Author

@Bamieh I would consider this an enhancement.

We have uncovered a bug related to using Upgrade Assistant with missing spaces privileges, although this issue should be largely covered by #127563. I think restricting the deprecations endpoint will add an additional layer of protection.

@Bamieh
Copy link
Member

Bamieh commented Mar 17, 2022

Awesome thanks for clarifying 👍

@pgayvallet
Copy link
Contributor

I'll consider the issue superseded by #127563, which is addressed. Closing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New value added to drive a business result Feature:Upgrade Assistant Team:Core Core services & architecture: plugins, logging, config, saved objects, http, ES client, i18n, etc
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@pgayvallet @alisonelizabeth @Bamieh @elasticmachine