search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.67k stars 8.23k forks source link

[Security Solution] Disable deprecated rules bulk CRUD API endpoints #193184

Open banderror opened 2 months ago

banderror commented 2 months ago

Related to: https://github.com/elastic/security-team/issues/9707 (internal), https://github.com/elastic/security-team/issues/9691 (internal), https://github.com/elastic/security-team/issues/7242 (internal) Breaking change proposal: https://github.com/elastic/dev/issues/2772 (internal) Docs ticket: https://github.com/elastic/security-docs/issues/5981

Summary

We have deprecated certain bulk API endpoints that we don't intend to expose neither in Serverless, nor in the 9.0 stack version. These deprecated APIs are documented here:

Method Endpoint
POST /api/detection_engine/rules/_bulk_create
PUT /api/detection_engine/rules/_bulk_update
PATCH /api/detection_engine/rules/_bulk_update
DELETE /api/detection_engine/rules/_bulk_delete
POST /api/detection_engine/rules/_bulk_delete

We should unregister these endpoints in the main branch. This will disable them in Serverless (we want to do that before GA) and in the upcoming 9.0 version. We can consider completely removing their code from the repo.

This doesn't apply to the bulk actions endpoint.

Deprecation period

All these endpoints have been deprecated since Kibana v8.2 released in May 2022, which makes the deprecation period of more than 2 years:

Image Image Image

Documentation

Please open a docs ticket for documenting this breaking change in 9.0.

Also, we'd probably need to think about what should we do with the OpenAPI specs to make sure that the user of the API reference website understands that these endpoints are not available in Serverless and stack 9.0, but available in stack 8.x.

Todo

### Tasks
- [ ] https://github.com/elastic/kibana/issues/130963
- [x] Open a [proposal](https://github.com/elastic/dev/issues/2772) for the Breaking Changes Committee @banderror
- [x] Open a [docs ticket](https://github.com/elastic/security-docs/issues/5981)
- [x] Get an approval from the Breaking Changes Committee
- [x] Disable the endpoints in `main` (remove the corresponding route registrations) ([PR](https://github.com/elastic/kibana/pull/197422))
- [x] Merge changes to rule export tests to `8.x` ([PR](https://github.com/elastic/kibana/pull/198953))
- [ ] Delete the route handlers and all the associated code
- [ ] Address `TODO: https://github.com/elastic/kibana/issues/193184` comments
- [ ] For 8.last make sure to leverage Upgrade Assistant to surface warnings if users make requests to the deprecated APIs (kibana core team has added a feature to support this and can provide more details)
elasticmachine commented 2 months ago

Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)

elasticmachine commented 2 months ago

Pinging @elastic/security-detections-response (Team:Detections and Resp)

elasticmachine commented 2 months ago

Pinging @elastic/security-solution (Team: SecuritySolution)