Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[8.13] [Synthetics] Simplify write access default behavior (elastic#1…
…77088) (elastic#177228) # Backport This will backport the following commits from `main` to `8.13`: - [[Synthetics] Simplify write access default behavior (elastic#177088)](elastic#177088) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Justin Kambic","email":"jk@elastic.co"},"sourceCommit":{"committedDate":"2024-02-19T18:11:03Z","message":"[Synthetics] Simplify write access default behavior (elastic#177088)\n\n## Summary\r\n\r\nSimplifies the override functionality. Now, `writeAccess` is the only\r\nflag controlling this. All non-GET routes are defaulted to requiring\r\nwrite access. Also applies write access restriction to the trigger\r\nroute, which is a GET.\r\n\r\n## Testing instructions\r\n\r\nTest the override routes, and the default behavior.\r\n\r\n```shell\r\n# Create a test user with user/pass: testuser/testuser\r\n\r\n# Override: trigger route should return 403\r\ncurl -X GET http://localhost:5601/internal/synthetics/service/monitors/trigger/{monitorId} -u testuser:testuser \r\n\r\n# Override: enablement route should work for read user\r\ncurl -X PUT http://localhost:5601/internal/synthetics/service/enablement -u testuser:testuser -H \"kbn-xsrf: true\"\r\n\r\n# Override: screenshot blocks should work\r\ncurl -X POST http://localhost:5601/internal/synthetics/journey/screenshot/block -u testuser:testuser -H \"kbn-xsrf: true\"\r\n\r\n# a normal GET route returns 200\r\ncurl -X GET http://localhost:5601/internal/synthetics/service/monitor/{monitorId} -u testuser:testuser \r\n\r\n# a normal non-GET route returns 403\r\ncurl -X POST http://localhost:5601/internal/synthetics/enable_default_alerting -u testuser:testuser -H \"kbn-xsrf: true\"\r\n```","sha":"b8cdae452ef9e7c83b49832b07d30f69a56b5698","branchLabelMapping":{"^v8.14.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:fix","Team:obs-ux-infra_services","v8.13.0","v8.12.2","v8.14.0"],"title":"[Synthetics] Simplify write access default behavior","number":177088,"url":"https://github.com/elastic/kibana/pull/177088","mergeCommit":{"message":"[Synthetics] Simplify write access default behavior (elastic#177088)\n\n## Summary\r\n\r\nSimplifies the override functionality. Now, `writeAccess` is the only\r\nflag controlling this. All non-GET routes are defaulted to requiring\r\nwrite access. Also applies write access restriction to the trigger\r\nroute, which is a GET.\r\n\r\n## Testing instructions\r\n\r\nTest the override routes, and the default behavior.\r\n\r\n```shell\r\n# Create a test user with user/pass: testuser/testuser\r\n\r\n# Override: trigger route should return 403\r\ncurl -X GET http://localhost:5601/internal/synthetics/service/monitors/trigger/{monitorId} -u testuser:testuser \r\n\r\n# Override: enablement route should work for read user\r\ncurl -X PUT http://localhost:5601/internal/synthetics/service/enablement -u testuser:testuser -H \"kbn-xsrf: true\"\r\n\r\n# Override: screenshot blocks should work\r\ncurl -X POST http://localhost:5601/internal/synthetics/journey/screenshot/block -u testuser:testuser -H \"kbn-xsrf: true\"\r\n\r\n# a normal GET route returns 200\r\ncurl -X GET http://localhost:5601/internal/synthetics/service/monitor/{monitorId} -u testuser:testuser \r\n\r\n# a normal non-GET route returns 403\r\ncurl -X POST http://localhost:5601/internal/synthetics/enable_default_alerting -u testuser:testuser -H \"kbn-xsrf: true\"\r\n```","sha":"b8cdae452ef9e7c83b49832b07d30f69a56b5698"}},"sourceBranch":"main","suggestedTargetBranches":["8.13","8.12"],"targetPullRequestStates":[{"branch":"8.13","label":"v8.13.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.12","label":"v8.12.2","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v8.14.0","branchLabelMappingKey":"^v8.14.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/177088","number":177088,"mergeCommit":{"message":"[Synthetics] Simplify write access default behavior (elastic#177088)\n\n## Summary\r\n\r\nSimplifies the override functionality. Now, `writeAccess` is the only\r\nflag controlling this. All non-GET routes are defaulted to requiring\r\nwrite access. Also applies write access restriction to the trigger\r\nroute, which is a GET.\r\n\r\n## Testing instructions\r\n\r\nTest the override routes, and the default behavior.\r\n\r\n```shell\r\n# Create a test user with user/pass: testuser/testuser\r\n\r\n# Override: trigger route should return 403\r\ncurl -X GET http://localhost:5601/internal/synthetics/service/monitors/trigger/{monitorId} -u testuser:testuser \r\n\r\n# Override: enablement route should work for read user\r\ncurl -X PUT http://localhost:5601/internal/synthetics/service/enablement -u testuser:testuser -H \"kbn-xsrf: true\"\r\n\r\n# Override: screenshot blocks should work\r\ncurl -X POST http://localhost:5601/internal/synthetics/journey/screenshot/block -u testuser:testuser -H \"kbn-xsrf: true\"\r\n\r\n# a normal GET route returns 200\r\ncurl -X GET http://localhost:5601/internal/synthetics/service/monitor/{monitorId} -u testuser:testuser \r\n\r\n# a normal non-GET route returns 403\r\ncurl -X POST http://localhost:5601/internal/synthetics/enable_default_alerting -u testuser:testuser -H \"kbn-xsrf: true\"\r\n```","sha":"b8cdae452ef9e7c83b49832b07d30f69a56b5698"}}]}] BACKPORT--> Co-authored-by: Justin Kambic <jk@elastic.co>
- Loading branch information