After introducing the security route option [here], we need to add support for this new configuration in the Product Features route check.
The Product Feature route control ensures the route is available and included in the current product tier the application is running, this logic is implemented using http.registerOnPostAuth, as part of the ProductFeatureService at:
Add support for the new requiredPrivileges route security config in the ProductFeatureService route control (it can be retrieved using request.security.authz.requiredPrivileges)
Keep support for the old access:* tags method as well. When the route configs migration is finished and the access:* tags are deprecated we'll be able to remove the code related to access:* tags in the ProductFeatureService.
The securitySolutionProductFeature: tag feature should remain unchanged. It's unrelated to this task.
Summary
After introducing the
security
route option [here], we need to add support for this new configuration in the Product Features route check.The Product Feature route control ensures the route is available and included in the current product tier the application is running, this logic is implemented using
http.registerOnPostAuth
, as part of theProductFeatureService
at:https://github.com/elastic/kibana/blob/0dada14ac580088b24a084d1d1b61b08a7055ebb/x-pack/plugins/security_solution/server/lib/product_features_service/product_features_service.ts#L134-L164
Task
requiredPrivileges
route security config in theProductFeatureService
route control (it can be retrieved usingrequest.security.authz.requiredPrivileges
)access:*
tags method as well. When the route configs migration is finished and theaccess:*
tags are deprecated we'll be able to remove the code related toaccess:*
tags in theProductFeatureService
.securitySolutionProductFeature:
tag feature should remain unchanged. It's unrelated to this task.Related issue: https://github.com/elastic/kibana/issues/184674