Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Saved Objects] Documents intended use of removeReferencesTo #153711

Merged
merged 2 commits into from
Mar 28, 2023
Merged

[Saved Objects] Documents intended use of removeReferencesTo #153711

merged 2 commits into from
Mar 28, 2023

Conversation

jeramysoucy
Copy link
Contributor

Summary

Updates comments for removeReferencesTo (SO Repository) and authorizeRemoveReferences (SO Security Extension) methods with remarks regarding the intended use and authorization.

Currently the only use case for removeReferencesTo is the delete method of the tags client. If the authorization check is changed to authorize an update for each referencing object, lingering references in objects which the user is not authorized to update may be left behind when a tag is deleted. We will leave the current implementation in place until a decision about if & how to manage referential integrity occurs.

This PR documents the current intended use case for removeReferencesTo as: "to provide clean up of any references to an object which is being deleted (e.g. deleting a tag)."

See issue #135259 and discussion here, for background.

@jeramysoucy jeramysoucy added Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! Feature:Saved Objects release_note:skip Skip the PR/issue when compiling release notes v8.8.0 labels Mar 24, 2023
@jeramysoucy
Copy link
Contributor Author

@elasticmachine merge upstream

@kibanamachine
Copy link
Contributor

expected head sha didn’t match current head ref.

@kibana-ci
Copy link
Collaborator

💚 Build Succeeded

Metrics [docs]

Unknown metric groups

ESLint disabled line counts

id before after diff
securitySolution 433 436 +3

Total ESLint disabled count

id before after diff
securitySolution 513 516 +3

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@jeramysoucy jeramysoucy marked this pull request as ready for review March 27, 2023 14:54
@jeramysoucy jeramysoucy requested a review from a team as a code owner March 27, 2023 14:54
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security (Team:Security)

pgayvallet
pgayvallet approved these changes Mar 28, 2023
View reviewed changes
Copy link
Contributor

@pgayvallet pgayvallet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for doing this

@jeramysoucy jeramysoucy merged commit 2cc12ce into elastic:main Mar 28, 2023
@kibanamachine kibanamachine added the backport:skip This commit does not require backporting label Mar 28, 2023
@jeramysoucy jeramysoucy deleted the updates-so-removerefs-docs branch March 28, 2023 13:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pgayvallet pgayvallet pgayvallet approved these changes

Assignees
No one assigned
Labels
backport:skip This commit does not require backporting Feature:Saved Objects release_note:skip Skip the PR/issue when compiling release notes Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! v8.8.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jeramysoucy @kibanamachine @kibana-ci @elasticmachine @pgayvallet