Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable restriction of internal APIs for serverless #161733

Closed
wants to merge 1 commit into from
Closed

Enable restriction of internal APIs for serverless #161733

wants to merge 1 commit into from

Conversation

pheyos
Copy link
Member

@pheyos pheyos commented Jul 12, 2023

Summary

This PR enables the serverless configuration entry to restrict internal API access and adds the required header to serverless API integration tests so they can still request these APIs.

Follow up on #156935

@pheyos pheyos added release_note:skip Skip the PR/issue when compiling release notes backport:skip This commit does not require backporting v8.10.0 labels Jul 12, 2023
@pheyos pheyos self-assigned this Jul 12, 2023
@pheyos pheyos requested a review from a team as a code owner July 12, 2023 09:07
@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

Unknown metric groups

ESLint disabled line counts

id before after diff
enterpriseSearch 14 16 +2
securitySolution 409 413 +4
total +6

Total ESLint disabled count

id before after diff
enterpriseSearch 15 17 +2
securitySolution 488 492 +4
total +6

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @pheyos

pgayvallet
pgayvallet reviewed Jul 13, 2023
View reviewed changes
config/serverless.yml
Comment on lines 50 to +51
# Enforce restring access to internal APIs see https://github.com/elastic/kibana/issues/151940
# server.restrictInternalApis: true
server.restrictInternalApis: true
Copy link
Contributor

@pgayvallet pgayvallet Jul 13, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hum, Tina or JL would need to confirm, but I think doing that in the "production" config file may break a lot of things ATM.

Why not doing it via CLI args in the FTR suites that are supposed to run against serverless, as we do for every other suite and/or setting when we need to override the defaults for a given FTR suite?

More globally, I don't think a test-only feature or change should ever need to touch the config folder.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jloleysens I missed this.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, we are working through this on this PR #162636.

We plan on turning this on here in ~1 week #162149

@pheyos
Copy link
Member Author

pheyos commented Aug 22, 2023

Closing as all the work has already been done in #162636 and #162149.

@pheyos pheyos closed this Aug 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pgayvallet pgayvallet pgayvallet left review comments

@jloleysens jloleysens jloleysens left review comments

@dmlemeshko dmlemeshko Awaiting requested review from dmlemeshko

@TinaHeiligers TinaHeiligers Awaiting requested review from TinaHeiligers

Assignees

@pheyos pheyos

Labels
backport:skip This commit does not require backporting release_note:skip Skip the PR/issue when compiling release notes v8.10.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@pheyos @kibana-ci @pgayvallet @jloleysens @TinaHeiligers