diff --git a/oas_docs/bundle.json b/oas_docs/bundle.json
index 84ce538ee1311..067c970ba3da0 100644
--- a/oas_docs/bundle.json
+++ b/oas_docs/bundle.json
@@ -8595,6 +8595,7 @@
},
"/api/fleet/agent_download_sources": {
"get": {
+ "description": "[Required authorization] Route required privileges: ANY of [fleet-agent-policies-read OR fleet-settings-read].",
"operationId": "get-fleet-agent-download-sources",
"parameters": [],
"responses": {
@@ -8690,6 +8691,7 @@
]
},
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-settings-all].",
"operationId": "post-fleet-agent-download-sources",
"parameters": [
{
@@ -8818,7 +8820,7 @@
},
"/api/fleet/agent_download_sources/{sourceId}": {
"delete": {
- "description": "Delete an agent binary download source by ID.",
+ "description": "Delete an agent binary download source by ID.
[Required authorization] Route required privileges: ALL of [fleet-settings-all].",
"operationId": "delete-fleet-agent-download-sources-sourceid",
"parameters": [
{
@@ -8891,7 +8893,7 @@
]
},
"get": {
- "description": "Get an agent binary download source by ID.",
+ "description": "Get an agent binary download source by ID.
[Required authorization] Route required privileges: ANY of [fleet-agent-policies-read OR fleet-settings-read].",
"operationId": "get-fleet-agent-download-sources-sourceid",
"parameters": [
{
@@ -8981,7 +8983,7 @@
]
},
"put": {
- "description": "Update an agent binary download source by ID.",
+ "description": "Update an agent binary download source by ID.
[Required authorization] Route required privileges: ALL of [fleet-settings-all].",
"operationId": "put-fleet-agent-download-sources-sourceid",
"parameters": [
{
@@ -9118,6 +9120,7 @@
},
"/api/fleet/agent_policies": {
"get": {
+ "description": "[Required authorization] Route required privileges: ANY of [fleet-agent-policies-read OR fleet-agents-read OR fleet-setup].",
"operationId": "get-fleet-agent-policies",
"parameters": [
{
@@ -9955,6 +9958,7 @@
]
},
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all].",
"operationId": "post-fleet-agent-policies",
"parameters": [
{
@@ -10955,6 +10959,7 @@
},
"/api/fleet/agent_policies/_bulk_get": {
"post": {
+ "description": "[Required authorization] Route required privileges: ANY of [fleet-agent-policies-read OR fleet-agents-read OR fleet-setup].",
"operationId": "post-fleet-agent-policies-bulk-get",
"parameters": [
{
@@ -11741,7 +11746,7 @@
},
"/api/fleet/agent_policies/delete": {
"post": {
- "description": "Delete an agent policy by ID.",
+ "description": "Delete an agent policy by ID.
[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all].",
"operationId": "post-fleet-agent-policies-delete",
"parameters": [
{
@@ -11834,7 +11839,7 @@
},
"/api/fleet/agent_policies/outputs": {
"post": {
- "description": "Get a list of outputs associated with agent policies.",
+ "description": "Get a list of outputs associated with agent policies.
[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, fleet-settings-read].",
"operationId": "post-fleet-agent-policies-outputs",
"parameters": [
{
@@ -12007,7 +12012,7 @@
},
"/api/fleet/agent_policies/{agentPolicyId}": {
"get": {
- "description": "Get an agent policy by ID.",
+ "description": "Get an agent policy by ID.
[Required authorization] Route required privileges: ANY of [fleet-agent-policies-read OR fleet-agents-read OR fleet-setup].",
"operationId": "get-fleet-agent-policies-agentpolicyid",
"parameters": [
{
@@ -12758,7 +12763,7 @@
]
},
"put": {
- "description": "Update an agent policy by ID.",
+ "description": "Update an agent policy by ID.
[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all].",
"operationId": "put-fleet-agent-policies-agentpolicyid",
"parameters": [
{
@@ -13771,7 +13776,7 @@
},
"/api/fleet/agent_policies/{agentPolicyId}/copy": {
"post": {
- "description": "Copy an agent policy by ID.",
+ "description": "Copy an agent policy by ID.
[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all].",
"operationId": "post-fleet-agent-policies-agentpolicyid-copy",
"parameters": [
{
@@ -14556,7 +14561,7 @@
},
"/api/fleet/agent_policies/{agentPolicyId}/download": {
"get": {
- "description": "Download an agent policy by ID.",
+ "description": "Download an agent policy by ID.
[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, fleet-setup].",
"operationId": "get-fleet-agent-policies-agentpolicyid-download",
"parameters": [
{
@@ -14661,7 +14666,7 @@
},
"/api/fleet/agent_policies/{agentPolicyId}/full": {
"get": {
- "description": "Get a full agent policy by ID.",
+ "description": "Get a full agent policy by ID.
[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read].",
"operationId": "get-fleet-agent-policies-agentpolicyid-full",
"parameters": [
{
@@ -15187,7 +15192,7 @@
},
"/api/fleet/agent_policies/{agentPolicyId}/outputs": {
"get": {
- "description": "Get a list of outputs associated with agent policy by policy id.",
+ "description": "Get a list of outputs associated with agent policy by policy id.
[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, fleet-settings-read].",
"operationId": "get-fleet-agent-policies-agentpolicyid-outputs",
"parameters": [
{
@@ -15468,6 +15473,7 @@
},
"/api/fleet/agent_status/data": {
"get": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-read].",
"operationId": "get-fleet-agent-status-data",
"parameters": [
{
@@ -15587,6 +15593,7 @@
},
"/api/fleet/agents": {
"get": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-read].",
"operationId": "get-fleet-agents",
"parameters": [
{
@@ -16126,6 +16133,7 @@
]
},
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-read].",
"operationId": "post-fleet-agents",
"parameters": [
{
@@ -16216,6 +16224,7 @@
},
"/api/fleet/agents/action_status": {
"get": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-read].",
"operationId": "get-fleet-agents-action-status",
"parameters": [
{
@@ -16439,6 +16448,7 @@
},
"/api/fleet/agents/actions/{actionId}/cancel": {
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-all].",
"operationId": "post-fleet-agents-actions-actionid-cancel",
"parameters": [
{
@@ -16567,6 +16577,7 @@
},
"/api/fleet/agents/available_versions": {
"get": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-read].",
"operationId": "get-fleet-agents-available-versions",
"parameters": [],
"responses": {
@@ -16625,6 +16636,7 @@
},
"/api/fleet/agents/bulk_reassign": {
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-all].",
"operationId": "post-fleet-agents-bulk-reassign",
"parameters": [
{
@@ -16730,6 +16742,7 @@
},
"/api/fleet/agents/bulk_request_diagnostics": {
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-read].",
"operationId": "post-fleet-agents-bulk-request-diagnostics",
"parameters": [
{
@@ -16836,6 +16849,7 @@
},
"/api/fleet/agents/bulk_unenroll": {
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-all].",
"operationId": "post-fleet-agents-bulk-unenroll",
"parameters": [
{
@@ -16947,6 +16961,7 @@
},
"/api/fleet/agents/bulk_update_agent_tags": {
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-all].",
"operationId": "post-fleet-agents-bulk-update-agent-tags",
"parameters": [
{
@@ -17060,6 +17075,7 @@
},
"/api/fleet/agents/bulk_upgrade": {
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-all].",
"operationId": "post-fleet-agents-bulk-upgrade",
"parameters": [
{
@@ -17181,7 +17197,7 @@
},
"/api/fleet/agents/files/{fileId}": {
"delete": {
- "description": "Delete a file uploaded by an agent.",
+ "description": "Delete a file uploaded by an agent.
[Required authorization] Route required privileges: ALL of [fleet-agents-all].",
"operationId": "delete-fleet-agents-files-fileid",
"parameters": [
{
@@ -17260,7 +17276,7 @@
},
"/api/fleet/agents/files/{fileId}/{fileName}": {
"get": {
- "description": "Get a file uploaded by an agent.",
+ "description": "Get a file uploaded by an agent.
[Required authorization] Route required privileges: ALL of [fleet-agents-read].",
"operationId": "get-fleet-agents-files-fileid-filename",
"parameters": [
{
@@ -17324,6 +17340,7 @@
},
"/api/fleet/agents/setup": {
"get": {
+ "description": "[Required authorization] Route required privileges: ANY of [fleet-agents-read OR fleet-agent-policies-read OR fleet-settings-read OR fleet-setup].",
"operationId": "get-fleet-agents-setup",
"parameters": [],
"responses": {
@@ -17411,6 +17428,7 @@
]
},
"post": {
+ "description": "[Required authorization] Route required privileges: ANY of [fleet-agents-read OR fleet-agent-policies-read OR fleet-settings-read OR fleet-setup].",
"operationId": "post-fleet-agents-setup",
"parameters": [
{
@@ -17498,6 +17516,7 @@
},
"/api/fleet/agents/tags": {
"get": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-read].",
"operationId": "get-fleet-agents-tags",
"parameters": [
{
@@ -17574,7 +17593,7 @@
},
"/api/fleet/agents/{agentId}": {
"delete": {
- "description": "Delete an agent by ID.",
+ "description": "Delete an agent by ID.
[Required authorization] Route required privileges: ALL of [fleet-agents-all].",
"operationId": "delete-fleet-agents-agentid",
"parameters": [
{
@@ -17650,7 +17669,7 @@
]
},
"get": {
- "description": "Get an agent by ID.",
+ "description": "Get an agent by ID.
[Required authorization] Route required privileges: ALL of [fleet-agents-read].",
"operationId": "get-fleet-agents-agentid",
"parameters": [
{
@@ -18104,7 +18123,7 @@
]
},
"put": {
- "description": "Update an agent by ID.",
+ "description": "Update an agent by ID.
[Required authorization] Route required privileges: ALL of [fleet-agents-all].",
"operationId": "put-fleet-agents-agentid",
"parameters": [
{
@@ -18583,6 +18602,7 @@
},
"/api/fleet/agents/{agentId}/actions": {
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-all].",
"operationId": "post-fleet-agents-agentid-actions",
"parameters": [
{
@@ -18786,6 +18806,7 @@
},
"/api/fleet/agents/{agentId}/reassign": {
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-all].",
"operationId": "post-fleet-agents-agentid-reassign",
"parameters": [
{
@@ -18871,6 +18892,7 @@
},
"/api/fleet/agents/{agentId}/request_diagnostics": {
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-read].",
"operationId": "post-fleet-agents-agentid-request-diagnostics",
"parameters": [
{
@@ -18967,6 +18989,7 @@
},
"/api/fleet/agents/{agentId}/unenroll": {
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-all].",
"operationId": "post-fleet-agents-agentid-unenroll",
"parameters": [
{
@@ -19016,6 +19039,7 @@
},
"/api/fleet/agents/{agentId}/upgrade": {
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-all].",
"operationId": "post-fleet-agents-agentid-upgrade",
"parameters": [
{
@@ -19110,6 +19134,7 @@
},
"/api/fleet/agents/{agentId}/uploads": {
"get": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-read].",
"operationId": "get-fleet-agents-agentid-uploads",
"parameters": [
{
@@ -19289,6 +19314,7 @@
},
"/api/fleet/data_streams": {
"get": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-all, fleet-agent-policies-all, fleet-settings-all].",
"operationId": "get-fleet-data-streams",
"parameters": [],
"responses": {
@@ -19433,6 +19459,7 @@
},
"/api/fleet/enrollment_api_keys": {
"get": {
+ "description": "[Required authorization] Route required privileges: ANY of [fleet-agents-all OR fleet-setup].",
"operationId": "get-fleet-enrollment-api-keys",
"parameters": [
{
@@ -19608,6 +19635,7 @@
]
},
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-all].",
"operationId": "post-fleet-enrollment-api-keys",
"parameters": [
{
@@ -19741,7 +19769,7 @@
},
"/api/fleet/enrollment_api_keys/{keyId}": {
"delete": {
- "description": "Revoke an enrollment API key by ID by marking it as inactive.",
+ "description": "Revoke an enrollment API key by ID by marking it as inactive.
[Required authorization] Route required privileges: ALL of [fleet-agents-all].",
"operationId": "delete-fleet-enrollment-api-keys-keyid",
"parameters": [
{
@@ -19817,7 +19845,7 @@
]
},
"get": {
- "description": "Get an enrollment API key by ID.",
+ "description": "Get an enrollment API key by ID.
[Required authorization] Route required privileges: ANY of [fleet-agents-all OR fleet-setup].",
"operationId": "get-fleet-enrollment-api-keys-keyid",
"parameters": [
{
@@ -19918,6 +19946,7 @@
},
"/api/fleet/epm/bulk_assets": {
"post": {
+ "description": "[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].",
"operationId": "post-fleet-epm-bulk-assets",
"parameters": [
{
@@ -20056,6 +20085,7 @@
},
"/api/fleet/epm/categories": {
"get": {
+ "description": "[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].",
"operationId": "get-fleet-epm-categories",
"parameters": [
{
@@ -20154,6 +20184,7 @@
},
"/api/fleet/epm/custom_integrations": {
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].",
"operationId": "post-fleet-epm-custom-integrations",
"parameters": [
{
@@ -20350,6 +20381,7 @@
},
"/api/fleet/epm/data_streams": {
"get": {
+ "description": "[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].",
"operationId": "get-fleet-epm-data-streams",
"parameters": [
{
@@ -20463,6 +20495,7 @@
},
"/api/fleet/epm/packages": {
"get": {
+ "description": "[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].",
"operationId": "get-fleet-epm-packages",
"parameters": [
{
@@ -21022,6 +21055,7 @@
]
},
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].",
"operationId": "post-fleet-epm-packages",
"parameters": [
{
@@ -21198,6 +21232,7 @@
},
"/api/fleet/epm/packages/_bulk": {
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].",
"operationId": "post-fleet-epm-packages-bulk",
"parameters": [
{
@@ -21463,6 +21498,7 @@
},
"/api/fleet/epm/packages/installed": {
"get": {
+ "description": "[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].",
"operationId": "get-fleet-epm-packages-installed",
"parameters": [
{
@@ -21691,6 +21727,7 @@
},
"/api/fleet/epm/packages/limited": {
"get": {
+ "description": "[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].",
"operationId": "get-fleet-epm-packages-limited",
"parameters": [],
"responses": {
@@ -21749,6 +21786,7 @@
},
"/api/fleet/epm/packages/{pkgName}/stats": {
"get": {
+ "description": "[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].",
"operationId": "get-fleet-epm-packages-pkgname-stats",
"parameters": [
{
@@ -21822,6 +21860,7 @@
},
"/api/fleet/epm/packages/{pkgName}/{pkgVersion}": {
"delete": {
+ "description": "[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].",
"operationId": "delete-fleet-epm-packages-pkgname-pkgversion",
"parameters": [
{
@@ -22658,6 +22697,7 @@
]
},
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].",
"operationId": "post-fleet-epm-packages-pkgname-pkgversion",
"parameters": [
{
@@ -22867,6 +22907,7 @@
]
},
"put": {
+ "description": "[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].",
"operationId": "put-fleet-epm-packages-pkgname-pkgversion",
"parameters": [
{
@@ -23662,6 +23703,7 @@
},
"/api/fleet/epm/packages/{pkgName}/{pkgVersion}/{filePath}": {
"get": {
+ "description": "[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].",
"operationId": "get-fleet-epm-packages-pkgname-pkgversion-filepath",
"parameters": [
{
@@ -23731,6 +23773,7 @@
},
"/api/fleet/epm/templates/{pkgName}/{pkgVersion}/inputs": {
"get": {
+ "description": "[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].",
"operationId": "get-fleet-epm-templates-pkgname-pkgversion-inputs",
"parameters": [
{
@@ -23887,6 +23930,7 @@
},
"/api/fleet/epm/verification_key_id": {
"get": {
+ "description": "[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].",
"operationId": "get-fleet-epm-verification-key-id",
"parameters": [],
"responses": {
@@ -23943,6 +23987,7 @@
},
"/api/fleet/fleet_server_hosts": {
"get": {
+ "description": "[Required authorization] Route required privileges: ANY of [fleet-agents-all OR fleet-settings-read].",
"operationId": "get-fleet-fleet-server-hosts",
"parameters": [],
"responses": {
@@ -24047,6 +24092,7 @@
]
},
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-settings-all].",
"operationId": "post-fleet-fleet-server-hosts",
"parameters": [
{
@@ -24193,7 +24239,7 @@
},
"/api/fleet/fleet_server_hosts/{itemId}": {
"delete": {
- "description": "Delete a Fleet Server host by ID.",
+ "description": "Delete a Fleet Server host by ID.
[Required authorization] Route required privileges: ALL of [fleet-settings-all].",
"operationId": "delete-fleet-fleet-server-hosts-itemid",
"parameters": [
{
@@ -24266,7 +24312,7 @@
]
},
"get": {
- "description": "Get a Fleet Server host by ID.",
+ "description": "Get a Fleet Server host by ID.
[Required authorization] Route required privileges: ALL of [fleet-settings-read].",
"operationId": "get-fleet-fleet-server-hosts-itemid",
"parameters": [
{
@@ -24365,7 +24411,7 @@
]
},
"put": {
- "description": "Update a Fleet Server host by ID.",
+ "description": "Update a Fleet Server host by ID.
[Required authorization] Route required privileges: ALL of [fleet-settings-all].",
"operationId": "put-fleet-fleet-server-hosts-itemid",
"parameters": [
{
@@ -24511,6 +24557,7 @@
},
"/api/fleet/health_check": {
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-settings-all].",
"operationId": "post-fleet-health-check",
"parameters": [
{
@@ -24626,6 +24673,7 @@
},
"/api/fleet/kubernetes": {
"get": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, fleet-setup].",
"operationId": "get-fleet-kubernetes",
"parameters": [
{
@@ -24706,6 +24754,7 @@
},
"/api/fleet/kubernetes/download": {
"get": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, fleet-setup].",
"operationId": "get-fleet-kubernetes-download",
"parameters": [
{
@@ -24802,6 +24851,7 @@
},
"/api/fleet/logstash_api_keys": {
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-settings-all].",
"operationId": "post-fleet-logstash-api-keys",
"parameters": [
{
@@ -24868,6 +24918,7 @@
},
"/api/fleet/message_signing_service/rotate_key_pair": {
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-all, fleet-agent-policies-all, fleet-settings-all].",
"operationId": "post-fleet-message-signing-service-rotate-key-pair",
"parameters": [
{
@@ -24968,6 +25019,7 @@
},
"/api/fleet/outputs": {
"get": {
+ "description": "[Required authorization] Route required privileges: ANY of [fleet-settings-read OR fleet-agent-policies-read].",
"operationId": "get-fleet-outputs",
"parameters": [],
"responses": {
@@ -26051,6 +26103,7 @@
]
},
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-settings-all].",
"operationId": "post-fleet-outputs",
"parameters": [
{
@@ -28156,7 +28209,7 @@
},
"/api/fleet/outputs/{outputId}": {
"delete": {
- "description": "Delete output by ID.",
+ "description": "Delete output by ID.
[Required authorization] Route required privileges: ALL of [fleet-settings-all].",
"operationId": "delete-fleet-outputs-outputid",
"parameters": [
{
@@ -28254,7 +28307,7 @@
]
},
"get": {
- "description": "Get output by ID.",
+ "description": "Get output by ID.
[Required authorization] Route required privileges: ANY of [fleet-settings-read OR fleet-agent-policies-read].",
"operationId": "get-fleet-outputs-outputid",
"parameters": [
{
@@ -29332,7 +29385,7 @@
]
},
"put": {
- "description": "Update output by ID.",
+ "description": "Update output by ID.
[Required authorization] Route required privileges: ANY of [fleet-settings-all OR fleet-agent-policies-all].",
"operationId": "put-fleet-outputs-outputid",
"parameters": [
{
@@ -31422,6 +31475,7 @@
},
"/api/fleet/outputs/{outputId}/health": {
"get": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-settings-read].",
"operationId": "get-fleet-outputs-outputid-health",
"parameters": [
{
@@ -34175,6 +34229,7 @@
},
"/api/fleet/package_policies/delete": {
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all, integrations-all].",
"operationId": "post-fleet-package-policies-delete",
"parameters": [
{
@@ -34366,7 +34421,7 @@
},
"/api/fleet/package_policies/upgrade": {
"post": {
- "description": "Upgrade a package policy to a newer package version.",
+ "description": "Upgrade a package policy to a newer package version.
[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all, integrations-all].",
"operationId": "post-fleet-package-policies-upgrade",
"parameters": [
{
@@ -34479,6 +34534,7 @@
},
"/api/fleet/package_policies/upgrade/dryrun": {
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, integrations-read].",
"operationId": "post-fleet-package-policies-upgrade-dryrun",
"parameters": [
{
@@ -35664,7 +35720,7 @@
},
"/api/fleet/package_policies/{packagePolicyId}": {
"delete": {
- "description": "Delete a package policy by ID.",
+ "description": "Delete a package policy by ID.
[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all, integrations-all].",
"operationId": "delete-fleet-package-policies-packagepolicyid",
"parameters": [
{
@@ -37685,6 +37741,7 @@
},
"/api/fleet/proxies": {
"get": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-settings-read].",
"operationId": "get-fleet-proxies",
"parameters": [],
"responses": {
@@ -37803,6 +37860,7 @@
]
},
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-settings-all].",
"operationId": "post-fleet-proxies",
"parameters": [
{
@@ -37977,7 +38035,7 @@
},
"/api/fleet/proxies/{itemId}": {
"delete": {
- "description": "Delete a proxy by ID",
+ "description": "Delete a proxy by ID
[Required authorization] Route required privileges: ALL of [fleet-settings-all].",
"operationId": "delete-fleet-proxies-itemid",
"parameters": [
{
@@ -38050,7 +38108,7 @@
]
},
"get": {
- "description": "Get a proxy by ID.",
+ "description": "Get a proxy by ID.
[Required authorization] Route required privileges: ALL of [fleet-settings-read].",
"operationId": "get-fleet-proxies-itemid",
"parameters": [
{
@@ -38163,7 +38221,7 @@
]
},
"put": {
- "description": "Update a proxy by ID.",
+ "description": "Update a proxy by ID.
[Required authorization] Route required privileges: ALL of [fleet-settings-all].",
"operationId": "put-fleet-proxies-itemid",
"parameters": [
{
@@ -38341,6 +38399,7 @@
},
"/api/fleet/service_tokens": {
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-all].",
"operationId": "post-fleet-service-tokens",
"parameters": [
{
@@ -38428,6 +38487,7 @@
},
"/api/fleet/settings": {
"get": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-settings-read].",
"operationId": "get-fleet-settings",
"parameters": [],
"responses": {
@@ -38560,6 +38620,7 @@
]
},
"put": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-settings-all].",
"operationId": "put-fleet-settings",
"parameters": [
{
@@ -38752,6 +38813,7 @@
},
"/api/fleet/setup": {
"post": {
+ "description": "[Required authorization] Route required privileges: ANY of [fleet-agents-read OR fleet-agent-policies-read OR fleet-settings-read OR fleet-setup].",
"operationId": "post-fleet-setup",
"parameters": [
{
@@ -38858,7 +38920,7 @@
},
"/api/fleet/uninstall_tokens": {
"get": {
- "description": "List the metadata for the latest uninstall tokens per agent policy.",
+ "description": "List the metadata for the latest uninstall tokens per agent policy.
[Required authorization] Route required privileges: ALL of [fleet-agents-all].",
"operationId": "get-fleet-uninstall-tokens",
"parameters": [
{
@@ -38995,7 +39057,7 @@
},
"/api/fleet/uninstall_tokens/{uninstallTokenId}": {
"get": {
- "description": "Get one decrypted uninstall token by its ID.",
+ "description": "Get one decrypted uninstall token by its ID.
[Required authorization] Route required privileges: ALL of [fleet-agents-all].",
"operationId": "get-fleet-uninstall-tokens-uninstalltokenid",
"parameters": [
{
diff --git a/oas_docs/bundle.serverless.json b/oas_docs/bundle.serverless.json
index 68f4c181fc541..4a0e3f14391b9 100644
--- a/oas_docs/bundle.serverless.json
+++ b/oas_docs/bundle.serverless.json
@@ -8595,6 +8595,7 @@
},
"/api/fleet/agent_download_sources": {
"get": {
+ "description": "[Required authorization] Route required privileges: ANY of [fleet-agent-policies-read OR fleet-settings-read].",
"operationId": "get-fleet-agent-download-sources",
"parameters": [],
"responses": {
@@ -8690,6 +8691,7 @@
]
},
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-settings-all].",
"operationId": "post-fleet-agent-download-sources",
"parameters": [
{
@@ -8818,7 +8820,7 @@
},
"/api/fleet/agent_download_sources/{sourceId}": {
"delete": {
- "description": "Delete an agent binary download source by ID.",
+ "description": "Delete an agent binary download source by ID.
[Required authorization] Route required privileges: ALL of [fleet-settings-all].",
"operationId": "delete-fleet-agent-download-sources-sourceid",
"parameters": [
{
@@ -8891,7 +8893,7 @@
]
},
"get": {
- "description": "Get an agent binary download source by ID.",
+ "description": "Get an agent binary download source by ID.
[Required authorization] Route required privileges: ANY of [fleet-agent-policies-read OR fleet-settings-read].",
"operationId": "get-fleet-agent-download-sources-sourceid",
"parameters": [
{
@@ -8981,7 +8983,7 @@
]
},
"put": {
- "description": "Update an agent binary download source by ID.",
+ "description": "Update an agent binary download source by ID.
[Required authorization] Route required privileges: ALL of [fleet-settings-all].",
"operationId": "put-fleet-agent-download-sources-sourceid",
"parameters": [
{
@@ -9118,6 +9120,7 @@
},
"/api/fleet/agent_policies": {
"get": {
+ "description": "[Required authorization] Route required privileges: ANY of [fleet-agent-policies-read OR fleet-agents-read OR fleet-setup].",
"operationId": "get-fleet-agent-policies",
"parameters": [
{
@@ -9955,6 +9958,7 @@
]
},
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all].",
"operationId": "post-fleet-agent-policies",
"parameters": [
{
@@ -10955,6 +10959,7 @@
},
"/api/fleet/agent_policies/_bulk_get": {
"post": {
+ "description": "[Required authorization] Route required privileges: ANY of [fleet-agent-policies-read OR fleet-agents-read OR fleet-setup].",
"operationId": "post-fleet-agent-policies-bulk-get",
"parameters": [
{
@@ -11741,7 +11746,7 @@
},
"/api/fleet/agent_policies/delete": {
"post": {
- "description": "Delete an agent policy by ID.",
+ "description": "Delete an agent policy by ID.
[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all].",
"operationId": "post-fleet-agent-policies-delete",
"parameters": [
{
@@ -11834,7 +11839,7 @@
},
"/api/fleet/agent_policies/outputs": {
"post": {
- "description": "Get a list of outputs associated with agent policies.",
+ "description": "Get a list of outputs associated with agent policies.
[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, fleet-settings-read].",
"operationId": "post-fleet-agent-policies-outputs",
"parameters": [
{
@@ -12007,7 +12012,7 @@
},
"/api/fleet/agent_policies/{agentPolicyId}": {
"get": {
- "description": "Get an agent policy by ID.",
+ "description": "Get an agent policy by ID.
[Required authorization] Route required privileges: ANY of [fleet-agent-policies-read OR fleet-agents-read OR fleet-setup].",
"operationId": "get-fleet-agent-policies-agentpolicyid",
"parameters": [
{
@@ -12758,7 +12763,7 @@
]
},
"put": {
- "description": "Update an agent policy by ID.",
+ "description": "Update an agent policy by ID.
[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all].",
"operationId": "put-fleet-agent-policies-agentpolicyid",
"parameters": [
{
@@ -13771,7 +13776,7 @@
},
"/api/fleet/agent_policies/{agentPolicyId}/copy": {
"post": {
- "description": "Copy an agent policy by ID.",
+ "description": "Copy an agent policy by ID.
[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all].",
"operationId": "post-fleet-agent-policies-agentpolicyid-copy",
"parameters": [
{
@@ -14556,7 +14561,7 @@
},
"/api/fleet/agent_policies/{agentPolicyId}/download": {
"get": {
- "description": "Download an agent policy by ID.",
+ "description": "Download an agent policy by ID.
[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, fleet-setup].",
"operationId": "get-fleet-agent-policies-agentpolicyid-download",
"parameters": [
{
@@ -14661,7 +14666,7 @@
},
"/api/fleet/agent_policies/{agentPolicyId}/full": {
"get": {
- "description": "Get a full agent policy by ID.",
+ "description": "Get a full agent policy by ID.
[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read].",
"operationId": "get-fleet-agent-policies-agentpolicyid-full",
"parameters": [
{
@@ -15187,7 +15192,7 @@
},
"/api/fleet/agent_policies/{agentPolicyId}/outputs": {
"get": {
- "description": "Get a list of outputs associated with agent policy by policy id.",
+ "description": "Get a list of outputs associated with agent policy by policy id.
[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, fleet-settings-read].",
"operationId": "get-fleet-agent-policies-agentpolicyid-outputs",
"parameters": [
{
@@ -15468,6 +15473,7 @@
},
"/api/fleet/agent_status/data": {
"get": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-read].",
"operationId": "get-fleet-agent-status-data",
"parameters": [
{
@@ -15587,6 +15593,7 @@
},
"/api/fleet/agents": {
"get": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-read].",
"operationId": "get-fleet-agents",
"parameters": [
{
@@ -16126,6 +16133,7 @@
]
},
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-read].",
"operationId": "post-fleet-agents",
"parameters": [
{
@@ -16216,6 +16224,7 @@
},
"/api/fleet/agents/action_status": {
"get": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-read].",
"operationId": "get-fleet-agents-action-status",
"parameters": [
{
@@ -16439,6 +16448,7 @@
},
"/api/fleet/agents/actions/{actionId}/cancel": {
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-all].",
"operationId": "post-fleet-agents-actions-actionid-cancel",
"parameters": [
{
@@ -16567,6 +16577,7 @@
},
"/api/fleet/agents/available_versions": {
"get": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-read].",
"operationId": "get-fleet-agents-available-versions",
"parameters": [],
"responses": {
@@ -16625,6 +16636,7 @@
},
"/api/fleet/agents/bulk_reassign": {
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-all].",
"operationId": "post-fleet-agents-bulk-reassign",
"parameters": [
{
@@ -16730,6 +16742,7 @@
},
"/api/fleet/agents/bulk_request_diagnostics": {
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-read].",
"operationId": "post-fleet-agents-bulk-request-diagnostics",
"parameters": [
{
@@ -16836,6 +16849,7 @@
},
"/api/fleet/agents/bulk_unenroll": {
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-all].",
"operationId": "post-fleet-agents-bulk-unenroll",
"parameters": [
{
@@ -16947,6 +16961,7 @@
},
"/api/fleet/agents/bulk_update_agent_tags": {
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-all].",
"operationId": "post-fleet-agents-bulk-update-agent-tags",
"parameters": [
{
@@ -17060,6 +17075,7 @@
},
"/api/fleet/agents/bulk_upgrade": {
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-all].",
"operationId": "post-fleet-agents-bulk-upgrade",
"parameters": [
{
@@ -17181,7 +17197,7 @@
},
"/api/fleet/agents/files/{fileId}": {
"delete": {
- "description": "Delete a file uploaded by an agent.",
+ "description": "Delete a file uploaded by an agent.
[Required authorization] Route required privileges: ALL of [fleet-agents-all].",
"operationId": "delete-fleet-agents-files-fileid",
"parameters": [
{
@@ -17260,7 +17276,7 @@
},
"/api/fleet/agents/files/{fileId}/{fileName}": {
"get": {
- "description": "Get a file uploaded by an agent.",
+ "description": "Get a file uploaded by an agent.
[Required authorization] Route required privileges: ALL of [fleet-agents-read].",
"operationId": "get-fleet-agents-files-fileid-filename",
"parameters": [
{
@@ -17324,6 +17340,7 @@
},
"/api/fleet/agents/setup": {
"get": {
+ "description": "[Required authorization] Route required privileges: ANY of [fleet-agents-read OR fleet-agent-policies-read OR fleet-settings-read OR fleet-setup].",
"operationId": "get-fleet-agents-setup",
"parameters": [],
"responses": {
@@ -17411,6 +17428,7 @@
]
},
"post": {
+ "description": "[Required authorization] Route required privileges: ANY of [fleet-agents-read OR fleet-agent-policies-read OR fleet-settings-read OR fleet-setup].",
"operationId": "post-fleet-agents-setup",
"parameters": [
{
@@ -17498,6 +17516,7 @@
},
"/api/fleet/agents/tags": {
"get": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-read].",
"operationId": "get-fleet-agents-tags",
"parameters": [
{
@@ -17574,7 +17593,7 @@
},
"/api/fleet/agents/{agentId}": {
"delete": {
- "description": "Delete an agent by ID.",
+ "description": "Delete an agent by ID.
[Required authorization] Route required privileges: ALL of [fleet-agents-all].",
"operationId": "delete-fleet-agents-agentid",
"parameters": [
{
@@ -17650,7 +17669,7 @@
]
},
"get": {
- "description": "Get an agent by ID.",
+ "description": "Get an agent by ID.
[Required authorization] Route required privileges: ALL of [fleet-agents-read].",
"operationId": "get-fleet-agents-agentid",
"parameters": [
{
@@ -18104,7 +18123,7 @@
]
},
"put": {
- "description": "Update an agent by ID.",
+ "description": "Update an agent by ID.
[Required authorization] Route required privileges: ALL of [fleet-agents-all].",
"operationId": "put-fleet-agents-agentid",
"parameters": [
{
@@ -18583,6 +18602,7 @@
},
"/api/fleet/agents/{agentId}/actions": {
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-all].",
"operationId": "post-fleet-agents-agentid-actions",
"parameters": [
{
@@ -18786,6 +18806,7 @@
},
"/api/fleet/agents/{agentId}/reassign": {
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-all].",
"operationId": "post-fleet-agents-agentid-reassign",
"parameters": [
{
@@ -18871,6 +18892,7 @@
},
"/api/fleet/agents/{agentId}/request_diagnostics": {
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-read].",
"operationId": "post-fleet-agents-agentid-request-diagnostics",
"parameters": [
{
@@ -18967,6 +18989,7 @@
},
"/api/fleet/agents/{agentId}/unenroll": {
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-all].",
"operationId": "post-fleet-agents-agentid-unenroll",
"parameters": [
{
@@ -19016,6 +19039,7 @@
},
"/api/fleet/agents/{agentId}/upgrade": {
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-all].",
"operationId": "post-fleet-agents-agentid-upgrade",
"parameters": [
{
@@ -19110,6 +19134,7 @@
},
"/api/fleet/agents/{agentId}/uploads": {
"get": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-read].",
"operationId": "get-fleet-agents-agentid-uploads",
"parameters": [
{
@@ -19289,6 +19314,7 @@
},
"/api/fleet/data_streams": {
"get": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-all, fleet-agent-policies-all, fleet-settings-all].",
"operationId": "get-fleet-data-streams",
"parameters": [],
"responses": {
@@ -19433,6 +19459,7 @@
},
"/api/fleet/enrollment_api_keys": {
"get": {
+ "description": "[Required authorization] Route required privileges: ANY of [fleet-agents-all OR fleet-setup].",
"operationId": "get-fleet-enrollment-api-keys",
"parameters": [
{
@@ -19608,6 +19635,7 @@
]
},
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-all].",
"operationId": "post-fleet-enrollment-api-keys",
"parameters": [
{
@@ -19741,7 +19769,7 @@
},
"/api/fleet/enrollment_api_keys/{keyId}": {
"delete": {
- "description": "Revoke an enrollment API key by ID by marking it as inactive.",
+ "description": "Revoke an enrollment API key by ID by marking it as inactive.
[Required authorization] Route required privileges: ALL of [fleet-agents-all].",
"operationId": "delete-fleet-enrollment-api-keys-keyid",
"parameters": [
{
@@ -19817,7 +19845,7 @@
]
},
"get": {
- "description": "Get an enrollment API key by ID.",
+ "description": "Get an enrollment API key by ID.
[Required authorization] Route required privileges: ANY of [fleet-agents-all OR fleet-setup].",
"operationId": "get-fleet-enrollment-api-keys-keyid",
"parameters": [
{
@@ -19918,6 +19946,7 @@
},
"/api/fleet/epm/bulk_assets": {
"post": {
+ "description": "[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].",
"operationId": "post-fleet-epm-bulk-assets",
"parameters": [
{
@@ -20056,6 +20085,7 @@
},
"/api/fleet/epm/categories": {
"get": {
+ "description": "[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].",
"operationId": "get-fleet-epm-categories",
"parameters": [
{
@@ -20154,6 +20184,7 @@
},
"/api/fleet/epm/custom_integrations": {
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].",
"operationId": "post-fleet-epm-custom-integrations",
"parameters": [
{
@@ -20350,6 +20381,7 @@
},
"/api/fleet/epm/data_streams": {
"get": {
+ "description": "[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].",
"operationId": "get-fleet-epm-data-streams",
"parameters": [
{
@@ -20463,6 +20495,7 @@
},
"/api/fleet/epm/packages": {
"get": {
+ "description": "[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].",
"operationId": "get-fleet-epm-packages",
"parameters": [
{
@@ -21022,6 +21055,7 @@
]
},
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].",
"operationId": "post-fleet-epm-packages",
"parameters": [
{
@@ -21198,6 +21232,7 @@
},
"/api/fleet/epm/packages/_bulk": {
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].",
"operationId": "post-fleet-epm-packages-bulk",
"parameters": [
{
@@ -21463,6 +21498,7 @@
},
"/api/fleet/epm/packages/installed": {
"get": {
+ "description": "[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].",
"operationId": "get-fleet-epm-packages-installed",
"parameters": [
{
@@ -21691,6 +21727,7 @@
},
"/api/fleet/epm/packages/limited": {
"get": {
+ "description": "[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].",
"operationId": "get-fleet-epm-packages-limited",
"parameters": [],
"responses": {
@@ -21749,6 +21786,7 @@
},
"/api/fleet/epm/packages/{pkgName}/stats": {
"get": {
+ "description": "[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].",
"operationId": "get-fleet-epm-packages-pkgname-stats",
"parameters": [
{
@@ -21822,6 +21860,7 @@
},
"/api/fleet/epm/packages/{pkgName}/{pkgVersion}": {
"delete": {
+ "description": "[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].",
"operationId": "delete-fleet-epm-packages-pkgname-pkgversion",
"parameters": [
{
@@ -22658,6 +22697,7 @@
]
},
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].",
"operationId": "post-fleet-epm-packages-pkgname-pkgversion",
"parameters": [
{
@@ -22867,6 +22907,7 @@
]
},
"put": {
+ "description": "[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].",
"operationId": "put-fleet-epm-packages-pkgname-pkgversion",
"parameters": [
{
@@ -23662,6 +23703,7 @@
},
"/api/fleet/epm/packages/{pkgName}/{pkgVersion}/{filePath}": {
"get": {
+ "description": "[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].",
"operationId": "get-fleet-epm-packages-pkgname-pkgversion-filepath",
"parameters": [
{
@@ -23731,6 +23773,7 @@
},
"/api/fleet/epm/templates/{pkgName}/{pkgVersion}/inputs": {
"get": {
+ "description": "[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].",
"operationId": "get-fleet-epm-templates-pkgname-pkgversion-inputs",
"parameters": [
{
@@ -23887,6 +23930,7 @@
},
"/api/fleet/epm/verification_key_id": {
"get": {
+ "description": "[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].",
"operationId": "get-fleet-epm-verification-key-id",
"parameters": [],
"responses": {
@@ -23943,6 +23987,7 @@
},
"/api/fleet/fleet_server_hosts": {
"get": {
+ "description": "[Required authorization] Route required privileges: ANY of [fleet-agents-all OR fleet-settings-read].",
"operationId": "get-fleet-fleet-server-hosts",
"parameters": [],
"responses": {
@@ -24047,6 +24092,7 @@
]
},
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-settings-all].",
"operationId": "post-fleet-fleet-server-hosts",
"parameters": [
{
@@ -24193,7 +24239,7 @@
},
"/api/fleet/fleet_server_hosts/{itemId}": {
"delete": {
- "description": "Delete a Fleet Server host by ID.",
+ "description": "Delete a Fleet Server host by ID.
[Required authorization] Route required privileges: ALL of [fleet-settings-all].",
"operationId": "delete-fleet-fleet-server-hosts-itemid",
"parameters": [
{
@@ -24266,7 +24312,7 @@
]
},
"get": {
- "description": "Get a Fleet Server host by ID.",
+ "description": "Get a Fleet Server host by ID.
[Required authorization] Route required privileges: ALL of [fleet-settings-read].",
"operationId": "get-fleet-fleet-server-hosts-itemid",
"parameters": [
{
@@ -24365,7 +24411,7 @@
]
},
"put": {
- "description": "Update a Fleet Server host by ID.",
+ "description": "Update a Fleet Server host by ID.
[Required authorization] Route required privileges: ALL of [fleet-settings-all].",
"operationId": "put-fleet-fleet-server-hosts-itemid",
"parameters": [
{
@@ -24511,6 +24557,7 @@
},
"/api/fleet/health_check": {
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-settings-all].",
"operationId": "post-fleet-health-check",
"parameters": [
{
@@ -24626,6 +24673,7 @@
},
"/api/fleet/kubernetes": {
"get": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, fleet-setup].",
"operationId": "get-fleet-kubernetes",
"parameters": [
{
@@ -24706,6 +24754,7 @@
},
"/api/fleet/kubernetes/download": {
"get": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, fleet-setup].",
"operationId": "get-fleet-kubernetes-download",
"parameters": [
{
@@ -24802,6 +24851,7 @@
},
"/api/fleet/logstash_api_keys": {
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-settings-all].",
"operationId": "post-fleet-logstash-api-keys",
"parameters": [
{
@@ -24868,6 +24918,7 @@
},
"/api/fleet/message_signing_service/rotate_key_pair": {
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-all, fleet-agent-policies-all, fleet-settings-all].",
"operationId": "post-fleet-message-signing-service-rotate-key-pair",
"parameters": [
{
@@ -24968,6 +25019,7 @@
},
"/api/fleet/outputs": {
"get": {
+ "description": "[Required authorization] Route required privileges: ANY of [fleet-settings-read OR fleet-agent-policies-read].",
"operationId": "get-fleet-outputs",
"parameters": [],
"responses": {
@@ -26051,6 +26103,7 @@
]
},
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-settings-all].",
"operationId": "post-fleet-outputs",
"parameters": [
{
@@ -28156,7 +28209,7 @@
},
"/api/fleet/outputs/{outputId}": {
"delete": {
- "description": "Delete output by ID.",
+ "description": "Delete output by ID.
[Required authorization] Route required privileges: ALL of [fleet-settings-all].",
"operationId": "delete-fleet-outputs-outputid",
"parameters": [
{
@@ -28254,7 +28307,7 @@
]
},
"get": {
- "description": "Get output by ID.",
+ "description": "Get output by ID.
[Required authorization] Route required privileges: ANY of [fleet-settings-read OR fleet-agent-policies-read].",
"operationId": "get-fleet-outputs-outputid",
"parameters": [
{
@@ -29332,7 +29385,7 @@
]
},
"put": {
- "description": "Update output by ID.",
+ "description": "Update output by ID.
[Required authorization] Route required privileges: ANY of [fleet-settings-all OR fleet-agent-policies-all].",
"operationId": "put-fleet-outputs-outputid",
"parameters": [
{
@@ -31422,6 +31475,7 @@
},
"/api/fleet/outputs/{outputId}/health": {
"get": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-settings-read].",
"operationId": "get-fleet-outputs-outputid-health",
"parameters": [
{
@@ -34175,6 +34229,7 @@
},
"/api/fleet/package_policies/delete": {
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all, integrations-all].",
"operationId": "post-fleet-package-policies-delete",
"parameters": [
{
@@ -34366,7 +34421,7 @@
},
"/api/fleet/package_policies/upgrade": {
"post": {
- "description": "Upgrade a package policy to a newer package version.",
+ "description": "Upgrade a package policy to a newer package version.
[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all, integrations-all].",
"operationId": "post-fleet-package-policies-upgrade",
"parameters": [
{
@@ -34479,6 +34534,7 @@
},
"/api/fleet/package_policies/upgrade/dryrun": {
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, integrations-read].",
"operationId": "post-fleet-package-policies-upgrade-dryrun",
"parameters": [
{
@@ -35664,7 +35720,7 @@
},
"/api/fleet/package_policies/{packagePolicyId}": {
"delete": {
- "description": "Delete a package policy by ID.",
+ "description": "Delete a package policy by ID.
[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all, integrations-all].",
"operationId": "delete-fleet-package-policies-packagepolicyid",
"parameters": [
{
@@ -37685,6 +37741,7 @@
},
"/api/fleet/proxies": {
"get": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-settings-read].",
"operationId": "get-fleet-proxies",
"parameters": [],
"responses": {
@@ -37803,6 +37860,7 @@
]
},
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-settings-all].",
"operationId": "post-fleet-proxies",
"parameters": [
{
@@ -37977,7 +38035,7 @@
},
"/api/fleet/proxies/{itemId}": {
"delete": {
- "description": "Delete a proxy by ID",
+ "description": "Delete a proxy by ID
[Required authorization] Route required privileges: ALL of [fleet-settings-all].",
"operationId": "delete-fleet-proxies-itemid",
"parameters": [
{
@@ -38050,7 +38108,7 @@
]
},
"get": {
- "description": "Get a proxy by ID.",
+ "description": "Get a proxy by ID.
[Required authorization] Route required privileges: ALL of [fleet-settings-read].",
"operationId": "get-fleet-proxies-itemid",
"parameters": [
{
@@ -38163,7 +38221,7 @@
]
},
"put": {
- "description": "Update a proxy by ID.",
+ "description": "Update a proxy by ID.
[Required authorization] Route required privileges: ALL of [fleet-settings-all].",
"operationId": "put-fleet-proxies-itemid",
"parameters": [
{
@@ -38341,6 +38399,7 @@
},
"/api/fleet/service_tokens": {
"post": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-agents-all].",
"operationId": "post-fleet-service-tokens",
"parameters": [
{
@@ -38428,6 +38487,7 @@
},
"/api/fleet/settings": {
"get": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-settings-read].",
"operationId": "get-fleet-settings",
"parameters": [],
"responses": {
@@ -38560,6 +38620,7 @@
]
},
"put": {
+ "description": "[Required authorization] Route required privileges: ALL of [fleet-settings-all].",
"operationId": "put-fleet-settings",
"parameters": [
{
@@ -38752,6 +38813,7 @@
},
"/api/fleet/setup": {
"post": {
+ "description": "[Required authorization] Route required privileges: ANY of [fleet-agents-read OR fleet-agent-policies-read OR fleet-settings-read OR fleet-setup].",
"operationId": "post-fleet-setup",
"parameters": [
{
@@ -38858,7 +38920,7 @@
},
"/api/fleet/uninstall_tokens": {
"get": {
- "description": "List the metadata for the latest uninstall tokens per agent policy.",
+ "description": "List the metadata for the latest uninstall tokens per agent policy.
[Required authorization] Route required privileges: ALL of [fleet-agents-all].",
"operationId": "get-fleet-uninstall-tokens",
"parameters": [
{
@@ -38995,7 +39057,7 @@
},
"/api/fleet/uninstall_tokens/{uninstallTokenId}": {
"get": {
- "description": "Get one decrypted uninstall token by its ID.",
+ "description": "Get one decrypted uninstall token by its ID.
[Required authorization] Route required privileges: ALL of [fleet-agents-all].",
"operationId": "get-fleet-uninstall-tokens-uninstalltokenid",
"parameters": [
{
diff --git a/oas_docs/output/kibana.serverless.yaml b/oas_docs/output/kibana.serverless.yaml
index b9c0acda9e793..8af2c5522a740 100644
--- a/oas_docs/output/kibana.serverless.yaml
+++ b/oas_docs/output/kibana.serverless.yaml
@@ -11199,6 +11199,7 @@ paths:
x-beta: true
/api/fleet/agent_download_sources:
get:
+ description: '[Required authorization] Route required privileges: ANY of [fleet-agent-policies-read OR fleet-settings-read].'
operationId: get-fleet-agent-download-sources
parameters: []
responses:
@@ -11265,6 +11266,7 @@ paths:
- Elastic Agent binary download sources
x-beta: true
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-settings-all].'
operationId: post-fleet-agent-download-sources
parameters:
- description: A required header to protect against CSRF attacks
@@ -11352,7 +11354,7 @@ paths:
x-beta: true
/api/fleet/agent_download_sources/{sourceId}:
delete:
- description: Delete an agent binary download source by ID.
+ description: 'Delete an agent binary download source by ID.
[Required authorization] Route required privileges: ALL of [fleet-settings-all].'
operationId: delete-fleet-agent-download-sources-sourceid
parameters:
- description: A required header to protect against CSRF attacks
@@ -11400,7 +11402,7 @@ paths:
- Elastic Agent binary download sources
x-beta: true
get:
- description: Get an agent binary download source by ID.
+ description: 'Get an agent binary download source by ID.
[Required authorization] Route required privileges: ANY of [fleet-agent-policies-read OR fleet-settings-read].'
operationId: get-fleet-agent-download-sources-sourceid
parameters:
- in: path
@@ -11461,7 +11463,7 @@ paths:
- Elastic Agent binary download sources
x-beta: true
put:
- description: Update an agent binary download source by ID.
+ description: 'Update an agent binary download source by ID.
[Required authorization] Route required privileges: ALL of [fleet-settings-all].'
operationId: put-fleet-agent-download-sources-sourceid
parameters:
- description: A required header to protect against CSRF attacks
@@ -11554,6 +11556,7 @@ paths:
x-beta: true
/api/fleet/agent_policies:
get:
+ description: '[Required authorization] Route required privileges: ANY of [fleet-agent-policies-read OR fleet-agents-read OR fleet-setup].'
operationId: get-fleet-agent-policies
parameters:
- in: query
@@ -12133,6 +12136,7 @@ paths:
- Elastic Agent policies
x-beta: true
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all].'
operationId: post-fleet-agent-policies
parameters:
- description: A required header to protect against CSRF attacks
@@ -12826,6 +12830,7 @@ paths:
x-beta: true
/api/fleet/agent_policies/_bulk_get:
post:
+ description: '[Required authorization] Route required privileges: ANY of [fleet-agent-policies-read OR fleet-agents-read OR fleet-setup].'
operationId: post-fleet-agent-policies-bulk-get
parameters:
- description: A required header to protect against CSRF attacks
@@ -13371,7 +13376,7 @@ paths:
x-beta: true
/api/fleet/agent_policies/{agentPolicyId}:
get:
- description: Get an agent policy by ID.
+ description: 'Get an agent policy by ID.
[Required authorization] Route required privileges: ANY of [fleet-agent-policies-read OR fleet-agents-read OR fleet-setup].'
operationId: get-fleet-agent-policies-agentpolicyid
parameters:
- in: path
@@ -13893,7 +13898,7 @@ paths:
- Elastic Agent policies
x-beta: true
put:
- description: Update an agent policy by ID.
+ description: 'Update an agent policy by ID.
[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all].'
operationId: put-fleet-agent-policies-agentpolicyid
parameters:
- description: A required header to protect against CSRF attacks
@@ -14595,7 +14600,7 @@ paths:
x-beta: true
/api/fleet/agent_policies/{agentPolicyId}/copy:
post:
- description: Copy an agent policy by ID.
+ description: 'Copy an agent policy by ID.
[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all].'
operationId: post-fleet-agent-policies-agentpolicyid-copy
parameters:
- description: A required header to protect against CSRF attacks
@@ -15139,7 +15144,7 @@ paths:
x-beta: true
/api/fleet/agent_policies/{agentPolicyId}/download:
get:
- description: Download an agent policy by ID.
+ description: 'Download an agent policy by ID.
[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, fleet-setup].'
operationId: get-fleet-agent-policies-agentpolicyid-download
parameters:
- in: path
@@ -15206,7 +15211,7 @@ paths:
x-beta: true
/api/fleet/agent_policies/{agentPolicyId}/full:
get:
- description: Get a full agent policy by ID.
+ description: 'Get a full agent policy by ID.
[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read].'
operationId: get-fleet-agent-policies-agentpolicyid-full
parameters:
- in: path
@@ -15555,7 +15560,7 @@ paths:
x-beta: true
/api/fleet/agent_policies/{agentPolicyId}/outputs:
get:
- description: Get a list of outputs associated with agent policy by policy id.
+ description: 'Get a list of outputs associated with agent policy by policy id.
[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, fleet-settings-read].'
operationId: get-fleet-agent-policies-agentpolicyid-outputs
parameters:
- in: path
@@ -15652,7 +15657,7 @@ paths:
x-beta: true
/api/fleet/agent_policies/delete:
post:
- description: Delete an agent policy by ID.
+ description: 'Delete an agent policy by ID.
[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all].'
operationId: post-fleet-agent-policies-delete
parameters:
- description: A required header to protect against CSRF attacks
@@ -15713,7 +15718,7 @@ paths:
x-beta: true
/api/fleet/agent_policies/outputs:
post:
- description: Get a list of outputs associated with agent policies.
+ description: 'Get a list of outputs associated with agent policies.
[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, fleet-settings-read].'
operationId: post-fleet-agent-policies-outputs
parameters:
- description: A required header to protect against CSRF attacks
@@ -15916,6 +15921,7 @@ paths:
x-beta: true
/api/fleet/agent_status/data:
get:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].'
operationId: get-fleet-agent-status-data
parameters:
- in: query
@@ -15991,6 +15997,7 @@ paths:
x-beta: true
/api/fleet/agents:
get:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].'
operationId: get-fleet-agents
parameters:
- in: query
@@ -16370,6 +16377,7 @@ paths:
- Elastic Agents
x-beta: true
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].'
operationId: post-fleet-agents
parameters:
- description: A required header to protect against CSRF attacks
@@ -16428,7 +16436,7 @@ paths:
x-beta: true
/api/fleet/agents/{agentId}:
delete:
- description: Delete an agent by ID.
+ description: 'Delete an agent by ID.
[Required authorization] Route required privileges: ALL of [fleet-agents-all].'
operationId: delete-fleet-agents-agentid
parameters:
- description: A required header to protect against CSRF attacks
@@ -16478,7 +16486,7 @@ paths:
- Elastic Agents
x-beta: true
get:
- description: Get an agent by ID.
+ description: 'Get an agent by ID.
[Required authorization] Route required privileges: ALL of [fleet-agents-read].'
operationId: get-fleet-agents-agentid
parameters:
- in: path
@@ -16800,7 +16808,7 @@ paths:
- Elastic Agents
x-beta: true
put:
- description: Update an agent by ID.
+ description: 'Update an agent by ID.
[Required authorization] Route required privileges: ALL of [fleet-agents-all].'
operationId: put-fleet-agents-agentid
parameters:
- description: A required header to protect against CSRF attacks
@@ -17138,6 +17146,7 @@ paths:
x-beta: true
/api/fleet/agents/{agentId}/actions:
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].'
operationId: post-fleet-agents-agentid-actions
parameters:
- description: A required header to protect against CSRF attacks
@@ -17274,6 +17283,7 @@ paths:
x-beta: true
/api/fleet/agents/{agentId}/reassign:
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].'
operationId: post-fleet-agents-agentid-reassign
parameters:
- description: A required header to protect against CSRF attacks
@@ -17329,6 +17339,7 @@ paths:
x-beta: true
/api/fleet/agents/{agentId}/request_diagnostics:
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].'
operationId: post-fleet-agents-agentid-request-diagnostics
parameters:
- description: A required header to protect against CSRF attacks
@@ -17391,6 +17402,7 @@ paths:
x-beta: true
/api/fleet/agents/{agentId}/unenroll:
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].'
operationId: post-fleet-agents-agentid-unenroll
parameters:
- description: A required header to protect against CSRF attacks
@@ -17424,6 +17436,7 @@ paths:
x-beta: true
/api/fleet/agents/{agentId}/upgrade:
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].'
operationId: post-fleet-agents-agentid-upgrade
parameters:
- description: A required header to protect against CSRF attacks
@@ -17485,6 +17498,7 @@ paths:
x-beta: true
/api/fleet/agents/{agentId}/uploads:
get:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].'
operationId: get-fleet-agents-agentid-uploads
parameters:
- in: path
@@ -17558,6 +17572,7 @@ paths:
x-beta: true
/api/fleet/agents/action_status:
get:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].'
operationId: get-fleet-agents-action-status
parameters:
- in: query
@@ -17716,6 +17731,7 @@ paths:
x-beta: true
/api/fleet/agents/actions/{actionId}/cancel:
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].'
operationId: post-fleet-agents-actions-actionid-cancel
parameters:
- description: A required header to protect against CSRF attacks
@@ -17802,6 +17818,7 @@ paths:
x-beta: true
/api/fleet/agents/available_versions:
get:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].'
operationId: get-fleet-agents-available-versions
parameters: []
responses:
@@ -17840,6 +17857,7 @@ paths:
x-beta: true
/api/fleet/agents/bulk_reassign:
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].'
operationId: post-fleet-agents-bulk-reassign
parameters:
- description: A required header to protect against CSRF attacks
@@ -17906,6 +17924,7 @@ paths:
x-beta: true
/api/fleet/agents/bulk_request_diagnostics:
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].'
operationId: post-fleet-agents-bulk-request-diagnostics
parameters:
- description: A required header to protect against CSRF attacks
@@ -17972,6 +17991,7 @@ paths:
x-beta: true
/api/fleet/agents/bulk_unenroll:
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].'
operationId: post-fleet-agents-bulk-unenroll
parameters:
- description: A required header to protect against CSRF attacks
@@ -18043,6 +18063,7 @@ paths:
x-beta: true
/api/fleet/agents/bulk_update_agent_tags:
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].'
operationId: post-fleet-agents-bulk-update-agent-tags
parameters:
- description: A required header to protect against CSRF attacks
@@ -18114,6 +18135,7 @@ paths:
x-beta: true
/api/fleet/agents/bulk_upgrade:
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].'
operationId: post-fleet-agents-bulk-upgrade
parameters:
- description: A required header to protect against CSRF attacks
@@ -18191,7 +18213,7 @@ paths:
x-beta: true
/api/fleet/agents/files/{fileId}:
delete:
- description: Delete a file uploaded by an agent.
+ description: 'Delete a file uploaded by an agent.
[Required authorization] Route required privileges: ALL of [fleet-agents-all].'
operationId: delete-fleet-agents-files-fileid
parameters:
- description: A required header to protect against CSRF attacks
@@ -18243,7 +18265,7 @@ paths:
x-beta: true
/api/fleet/agents/files/{fileId}/{fileName}:
get:
- description: Get a file uploaded by an agent.
+ description: 'Get a file uploaded by an agent.
[Required authorization] Route required privileges: ALL of [fleet-agents-read].'
operationId: get-fleet-agents-files-fileid-filename
parameters:
- in: path
@@ -18284,6 +18306,7 @@ paths:
x-beta: true
/api/fleet/agents/setup:
get:
+ description: '[Required authorization] Route required privileges: ANY of [fleet-agents-read OR fleet-agent-policies-read OR fleet-settings-read OR fleet-setup].'
operationId: get-fleet-agents-setup
parameters: []
responses:
@@ -18344,6 +18367,7 @@ paths:
- Elastic Agents
x-beta: true
post:
+ description: '[Required authorization] Route required privileges: ANY of [fleet-agents-read OR fleet-agent-policies-read OR fleet-settings-read OR fleet-setup].'
operationId: post-fleet-agents-setup
parameters:
- description: A required header to protect against CSRF attacks
@@ -18402,6 +18426,7 @@ paths:
x-beta: true
/api/fleet/agents/tags:
get:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].'
operationId: get-fleet-agents-tags
parameters:
- in: query
@@ -18498,6 +18523,7 @@ paths:
x-beta: true
/api/fleet/data_streams:
get:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all, fleet-agent-policies-all, fleet-settings-all].'
operationId: get-fleet-data-streams
parameters: []
responses:
@@ -18595,6 +18621,7 @@ paths:
x-beta: true
/api/fleet/enrollment_api_keys:
get:
+ description: '[Required authorization] Route required privileges: ANY of [fleet-agents-all OR fleet-setup].'
operationId: get-fleet-enrollment-api-keys
parameters:
- in: query
@@ -18718,6 +18745,7 @@ paths:
- Fleet enrollment API keys
x-beta: true
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].'
operationId: post-fleet-enrollment-api-keys
parameters:
- description: A required header to protect against CSRF attacks
@@ -18808,7 +18836,7 @@ paths:
x-beta: true
/api/fleet/enrollment_api_keys/{keyId}:
delete:
- description: Revoke an enrollment API key by ID by marking it as inactive.
+ description: 'Revoke an enrollment API key by ID by marking it as inactive.
[Required authorization] Route required privileges: ALL of [fleet-agents-all].'
operationId: delete-fleet-enrollment-api-keys-keyid
parameters:
- description: A required header to protect against CSRF attacks
@@ -18858,7 +18886,7 @@ paths:
- Fleet enrollment API keys
x-beta: true
get:
- description: Get an enrollment API key by ID.
+ description: 'Get an enrollment API key by ID.
[Required authorization] Route required privileges: ANY of [fleet-agents-all OR fleet-setup].'
operationId: get-fleet-enrollment-api-keys-keyid
parameters:
- in: path
@@ -18927,6 +18955,7 @@ paths:
x-beta: true
/api/fleet/epm/bulk_assets:
post:
+ description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].'
operationId: post-fleet-epm-bulk-assets
parameters:
- description: A required header to protect against CSRF attacks
@@ -19018,6 +19047,7 @@ paths:
x-beta: true
/api/fleet/epm/categories:
get:
+ description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].'
operationId: get-fleet-epm-categories
parameters:
- in: query
@@ -19082,6 +19112,7 @@ paths:
x-beta: true
/api/fleet/epm/custom_integrations:
post:
+ description: '[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].'
operationId: post-fleet-epm-custom-integrations
parameters:
- description: A required header to protect against CSRF attacks
@@ -19217,6 +19248,7 @@ paths:
x-beta: true
/api/fleet/epm/data_streams:
get:
+ description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].'
operationId: get-fleet-epm-data-streams
parameters:
- in: query
@@ -19292,6 +19324,7 @@ paths:
x-beta: true
/api/fleet/epm/packages:
get:
+ description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].'
operationId: get-fleet-epm-packages
parameters:
- in: query
@@ -19684,6 +19717,7 @@ paths:
- Elastic Package Manager (EPM)
x-beta: true
post:
+ description: '[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].'
operationId: post-fleet-epm-packages
parameters:
- description: A required header to protect against CSRF attacks
@@ -19804,6 +19838,7 @@ paths:
x-beta: true
/api/fleet/epm/packages/_bulk:
post:
+ description: '[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].'
operationId: post-fleet-epm-packages-bulk
parameters:
- description: A required header to protect against CSRF attacks
@@ -19979,6 +20014,7 @@ paths:
x-beta: true
/api/fleet/epm/packages/{pkgName}/{pkgVersion}:
delete:
+ description: '[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].'
operationId: delete-fleet-epm-packages-pkgname-pkgversion
parameters:
- description: A required header to protect against CSRF attacks
@@ -20558,6 +20594,7 @@ paths:
- Elastic Package Manager (EPM)
x-beta: true
post:
+ description: '[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].'
operationId: post-fleet-epm-packages-pkgname-pkgversion
parameters:
- description: A required header to protect against CSRF attacks
@@ -20700,6 +20737,7 @@ paths:
- Elastic Package Manager (EPM)
x-beta: true
put:
+ description: '[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].'
operationId: put-fleet-epm-packages-pkgname-pkgversion
parameters:
- description: A required header to protect against CSRF attacks
@@ -21162,6 +21200,7 @@ paths:
x-beta: true
/api/fleet/epm/packages/{pkgName}/{pkgVersion}/{filePath}:
get:
+ description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].'
operationId: get-fleet-epm-packages-pkgname-pkgversion-filepath
parameters:
- in: path
@@ -21291,6 +21330,7 @@ paths:
x-beta: true
/api/fleet/epm/packages/{pkgName}/stats:
get:
+ description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].'
operationId: get-fleet-epm-packages-pkgname-stats
parameters:
- in: path
@@ -21338,6 +21378,7 @@ paths:
x-beta: true
/api/fleet/epm/packages/installed:
get:
+ description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].'
operationId: get-fleet-epm-packages-installed
parameters:
- in: query
@@ -21484,6 +21525,7 @@ paths:
x-beta: true
/api/fleet/epm/packages/limited:
get:
+ description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].'
operationId: get-fleet-epm-packages-limited
parameters: []
responses:
@@ -21522,6 +21564,7 @@ paths:
x-beta: true
/api/fleet/epm/templates/{pkgName}/{pkgVersion}/inputs:
get:
+ description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].'
operationId: get-fleet-epm-templates-pkgname-pkgversion-inputs
parameters:
- in: path
@@ -21622,6 +21665,7 @@ paths:
x-beta: true
/api/fleet/epm/verification_key_id:
get:
+ description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].'
operationId: get-fleet-epm-verification-key-id
parameters: []
responses:
@@ -21659,6 +21703,7 @@ paths:
x-beta: true
/api/fleet/fleet_server_hosts:
get:
+ description: '[Required authorization] Route required privileges: ANY of [fleet-agents-all OR fleet-settings-read].'
operationId: get-fleet-fleet-server-hosts
parameters: []
responses:
@@ -21731,6 +21776,7 @@ paths:
- Fleet Server hosts
x-beta: true
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-settings-all].'
operationId: post-fleet-fleet-server-hosts
parameters:
- description: A required header to protect against CSRF attacks
@@ -21830,7 +21876,7 @@ paths:
x-beta: true
/api/fleet/fleet_server_hosts/{itemId}:
delete:
- description: Delete a Fleet Server host by ID.
+ description: 'Delete a Fleet Server host by ID.
[Required authorization] Route required privileges: ALL of [fleet-settings-all].'
operationId: delete-fleet-fleet-server-hosts-itemid
parameters:
- description: A required header to protect against CSRF attacks
@@ -21878,7 +21924,7 @@ paths:
- Fleet Server hosts
x-beta: true
get:
- description: Get a Fleet Server host by ID.
+ description: 'Get a Fleet Server host by ID.
[Required authorization] Route required privileges: ALL of [fleet-settings-read].'
operationId: get-fleet-fleet-server-hosts-itemid
parameters:
- in: path
@@ -21945,7 +21991,7 @@ paths:
- Fleet Server hosts
x-beta: true
put:
- description: Update a Fleet Server host by ID.
+ description: 'Update a Fleet Server host by ID.
[Required authorization] Route required privileges: ALL of [fleet-settings-all].'
operationId: put-fleet-fleet-server-hosts-itemid
parameters:
- description: A required header to protect against CSRF attacks
@@ -22043,6 +22089,7 @@ paths:
x-beta: true
/api/fleet/health_check:
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-settings-all].'
operationId: post-fleet-health-check
parameters:
- description: A required header to protect against CSRF attacks
@@ -22117,6 +22164,7 @@ paths:
x-beta: true
/api/fleet/kubernetes:
get:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, fleet-setup].'
operationId: get-fleet-kubernetes
parameters:
- in: query
@@ -22168,6 +22216,7 @@ paths:
x-beta: true
/api/fleet/kubernetes/download:
get:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, fleet-setup].'
operationId: get-fleet-kubernetes-download
parameters:
- in: query
@@ -22229,6 +22278,7 @@ paths:
x-beta: true
/api/fleet/logstash_api_keys:
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-settings-all].'
operationId: post-fleet-logstash-api-keys
parameters:
- description: A required header to protect against CSRF attacks
@@ -22272,6 +22322,7 @@ paths:
x-beta: true
/api/fleet/message_signing_service/rotate_key_pair:
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all, fleet-agent-policies-all, fleet-settings-all].'
operationId: post-fleet-message-signing-service-rotate-key-pair
parameters:
- description: A required header to protect against CSRF attacks
@@ -22337,6 +22388,7 @@ paths:
x-beta: true
/api/fleet/outputs:
get:
+ description: '[Required authorization] Route required privileges: ANY of [fleet-settings-read OR fleet-agent-policies-read].'
operationId: get-fleet-outputs
parameters: []
responses:
@@ -23062,6 +23114,7 @@ paths:
- Fleet outputs
x-beta: true
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-settings-all].'
operationId: post-fleet-outputs
parameters:
- description: A required header to protect against CSRF attacks
@@ -24468,7 +24521,7 @@ paths:
x-beta: true
/api/fleet/outputs/{outputId}:
delete:
- description: Delete output by ID.
+ description: 'Delete output by ID.
[Required authorization] Route required privileges: ALL of [fleet-settings-all].'
operationId: delete-fleet-outputs-outputid
parameters:
- description: A required header to protect against CSRF attacks
@@ -24532,7 +24585,7 @@ paths:
- Fleet outputs
x-beta: true
get:
- description: Get output by ID.
+ description: 'Get output by ID.
[Required authorization] Route required privileges: ANY of [fleet-settings-read OR fleet-agent-policies-read].'
operationId: get-fleet-outputs-outputid
parameters:
- in: path
@@ -25252,7 +25305,7 @@ paths:
- Fleet outputs
x-beta: true
put:
- description: Update output by ID.
+ description: 'Update output by ID.
[Required authorization] Route required privileges: ANY of [fleet-settings-all OR fleet-agent-policies-all].'
operationId: put-fleet-outputs-outputid
parameters:
- description: A required header to protect against CSRF attacks
@@ -26643,6 +26696,7 @@ paths:
x-beta: true
/api/fleet/outputs/{outputId}/health:
get:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-settings-read].'
operationId: get-fleet-outputs-outputid-health
parameters:
- in: path
@@ -28454,7 +28508,7 @@ paths:
x-beta: true
/api/fleet/package_policies/{packagePolicyId}:
delete:
- description: Delete a package policy by ID.
+ description: 'Delete a package policy by ID.
[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all, integrations-all].'
operationId: delete-fleet-package-policies-packagepolicyid
parameters:
- description: A required header to protect against CSRF attacks
@@ -29782,6 +29836,7 @@ paths:
x-beta: true
/api/fleet/package_policies/delete:
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all, integrations-all].'
operationId: post-fleet-package-policies-delete
parameters:
- description: A required header to protect against CSRF attacks
@@ -29911,7 +29966,7 @@ paths:
x-beta: true
/api/fleet/package_policies/upgrade:
post:
- description: Upgrade a package policy to a newer package version.
+ description: 'Upgrade a package policy to a newer package version.
[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all, integrations-all].'
operationId: post-fleet-package-policies-upgrade
parameters:
- description: A required header to protect against CSRF attacks
@@ -29985,6 +30040,7 @@ paths:
x-beta: true
/api/fleet/package_policies/upgrade/dryrun:
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, integrations-read].'
operationId: post-fleet-package-policies-upgrade-dryrun
parameters:
- description: A required header to protect against CSRF attacks
@@ -30778,6 +30834,7 @@ paths:
x-beta: true
/api/fleet/proxies:
get:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-settings-read].'
operationId: get-fleet-proxies
parameters: []
responses:
@@ -30856,6 +30913,7 @@ paths:
- Fleet proxies
x-beta: true
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-settings-all].'
operationId: post-fleet-proxies
parameters:
- description: A required header to protect against CSRF attacks
@@ -30967,7 +31025,7 @@ paths:
x-beta: true
/api/fleet/proxies/{itemId}:
delete:
- description: Delete a proxy by ID
+ description: 'Delete a proxy by ID
[Required authorization] Route required privileges: ALL of [fleet-settings-all].'
operationId: delete-fleet-proxies-itemid
parameters:
- description: A required header to protect against CSRF attacks
@@ -31015,7 +31073,7 @@ paths:
- Fleet proxies
x-beta: true
get:
- description: Get a proxy by ID.
+ description: 'Get a proxy by ID.
[Required authorization] Route required privileges: ALL of [fleet-settings-read].'
operationId: get-fleet-proxies-itemid
parameters:
- in: path
@@ -31088,7 +31146,7 @@ paths:
- Fleet proxies
x-beta: true
put:
- description: Update a proxy by ID.
+ description: 'Update a proxy by ID.
[Required authorization] Route required privileges: ALL of [fleet-settings-all].'
operationId: put-fleet-proxies-itemid
parameters:
- description: A required header to protect against CSRF attacks
@@ -31202,6 +31260,7 @@ paths:
x-beta: true
/api/fleet/service_tokens:
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].'
operationId: post-fleet-service-tokens
parameters:
- description: A required header to protect against CSRF attacks
@@ -31259,6 +31318,7 @@ paths:
x-beta: true
/api/fleet/settings:
get:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-settings-read].'
operationId: get-fleet-settings
parameters: []
responses:
@@ -31347,6 +31407,7 @@ paths:
- Fleet internals
x-beta: true
put:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-settings-all].'
operationId: put-fleet-settings
parameters:
- description: A required header to protect against CSRF attacks
@@ -31474,6 +31535,7 @@ paths:
x-beta: true
/api/fleet/setup:
post:
+ description: '[Required authorization] Route required privileges: ANY of [fleet-agents-read OR fleet-agent-policies-read OR fleet-settings-read OR fleet-setup].'
operationId: post-fleet-setup
parameters:
- description: A required header to protect against CSRF attacks
@@ -31544,7 +31606,7 @@ paths:
x-beta: true
/api/fleet/uninstall_tokens:
get:
- description: List the metadata for the latest uninstall tokens per agent policy.
+ description: 'List the metadata for the latest uninstall tokens per agent policy.
[Required authorization] Route required privileges: ALL of [fleet-agents-all].'
operationId: get-fleet-uninstall-tokens
parameters:
- description: Partial match filtering for policy IDs
@@ -31637,7 +31699,7 @@ paths:
x-beta: true
/api/fleet/uninstall_tokens/{uninstallTokenId}:
get:
- description: Get one decrypted uninstall token by its ID.
+ description: 'Get one decrypted uninstall token by its ID.
[Required authorization] Route required privileges: ALL of [fleet-agents-all].'
operationId: get-fleet-uninstall-tokens-uninstalltokenid
parameters:
- in: path
diff --git a/oas_docs/output/kibana.yaml b/oas_docs/output/kibana.yaml
index 38cc5ab0e932f..692e97f6f7e63 100644
--- a/oas_docs/output/kibana.yaml
+++ b/oas_docs/output/kibana.yaml
@@ -13346,6 +13346,7 @@ paths:
- Security Exceptions API
/api/fleet/agent_download_sources:
get:
+ description: '[Required authorization] Route required privileges: ANY of [fleet-agent-policies-read OR fleet-settings-read].'
operationId: get-fleet-agent-download-sources
parameters: []
responses:
@@ -13411,6 +13412,7 @@ paths:
tags:
- Elastic Agent binary download sources
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-settings-all].'
operationId: post-fleet-agent-download-sources
parameters:
- description: A required header to protect against CSRF attacks
@@ -13497,7 +13499,7 @@ paths:
- Elastic Agent binary download sources
/api/fleet/agent_download_sources/{sourceId}:
delete:
- description: Delete an agent binary download source by ID.
+ description: 'Delete an agent binary download source by ID.
[Required authorization] Route required privileges: ALL of [fleet-settings-all].'
operationId: delete-fleet-agent-download-sources-sourceid
parameters:
- description: A required header to protect against CSRF attacks
@@ -13544,7 +13546,7 @@ paths:
tags:
- Elastic Agent binary download sources
get:
- description: Get an agent binary download source by ID.
+ description: 'Get an agent binary download source by ID.
[Required authorization] Route required privileges: ANY of [fleet-agent-policies-read OR fleet-settings-read].'
operationId: get-fleet-agent-download-sources-sourceid
parameters:
- in: path
@@ -13604,7 +13606,7 @@ paths:
tags:
- Elastic Agent binary download sources
put:
- description: Update an agent binary download source by ID.
+ description: 'Update an agent binary download source by ID.
[Required authorization] Route required privileges: ALL of [fleet-settings-all].'
operationId: put-fleet-agent-download-sources-sourceid
parameters:
- description: A required header to protect against CSRF attacks
@@ -13696,6 +13698,7 @@ paths:
- Elastic Agent binary download sources
/api/fleet/agent_policies:
get:
+ description: '[Required authorization] Route required privileges: ANY of [fleet-agent-policies-read OR fleet-agents-read OR fleet-setup].'
operationId: get-fleet-agent-policies
parameters:
- in: query
@@ -14274,6 +14277,7 @@ paths:
tags:
- Elastic Agent policies
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all].'
operationId: post-fleet-agent-policies
parameters:
- description: A required header to protect against CSRF attacks
@@ -14966,6 +14970,7 @@ paths:
- Elastic Agent policies
/api/fleet/agent_policies/_bulk_get:
post:
+ description: '[Required authorization] Route required privileges: ANY of [fleet-agent-policies-read OR fleet-agents-read OR fleet-setup].'
operationId: post-fleet-agent-policies-bulk-get
parameters:
- description: A required header to protect against CSRF attacks
@@ -15510,7 +15515,7 @@ paths:
- Elastic Agent policies
/api/fleet/agent_policies/{agentPolicyId}:
get:
- description: Get an agent policy by ID.
+ description: 'Get an agent policy by ID.
[Required authorization] Route required privileges: ANY of [fleet-agent-policies-read OR fleet-agents-read OR fleet-setup].'
operationId: get-fleet-agent-policies-agentpolicyid
parameters:
- in: path
@@ -16031,7 +16036,7 @@ paths:
tags:
- Elastic Agent policies
put:
- description: Update an agent policy by ID.
+ description: 'Update an agent policy by ID.
[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all].'
operationId: put-fleet-agent-policies-agentpolicyid
parameters:
- description: A required header to protect against CSRF attacks
@@ -16732,7 +16737,7 @@ paths:
- Elastic Agent policies
/api/fleet/agent_policies/{agentPolicyId}/copy:
post:
- description: Copy an agent policy by ID.
+ description: 'Copy an agent policy by ID.
[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all].'
operationId: post-fleet-agent-policies-agentpolicyid-copy
parameters:
- description: A required header to protect against CSRF attacks
@@ -17275,7 +17280,7 @@ paths:
- Elastic Agent policies
/api/fleet/agent_policies/{agentPolicyId}/download:
get:
- description: Download an agent policy by ID.
+ description: 'Download an agent policy by ID.
[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, fleet-setup].'
operationId: get-fleet-agent-policies-agentpolicyid-download
parameters:
- in: path
@@ -17341,7 +17346,7 @@ paths:
- Elastic Agent policies
/api/fleet/agent_policies/{agentPolicyId}/full:
get:
- description: Get a full agent policy by ID.
+ description: 'Get a full agent policy by ID.
[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read].'
operationId: get-fleet-agent-policies-agentpolicyid-full
parameters:
- in: path
@@ -17689,7 +17694,7 @@ paths:
- Elastic Agent policies
/api/fleet/agent_policies/{agentPolicyId}/outputs:
get:
- description: Get a list of outputs associated with agent policy by policy id.
+ description: 'Get a list of outputs associated with agent policy by policy id.
[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, fleet-settings-read].'
operationId: get-fleet-agent-policies-agentpolicyid-outputs
parameters:
- in: path
@@ -17785,7 +17790,7 @@ paths:
- Elastic Agent policies
/api/fleet/agent_policies/delete:
post:
- description: Delete an agent policy by ID.
+ description: 'Delete an agent policy by ID.
[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all].'
operationId: post-fleet-agent-policies-delete
parameters:
- description: A required header to protect against CSRF attacks
@@ -17845,7 +17850,7 @@ paths:
- Elastic Agent policies
/api/fleet/agent_policies/outputs:
post:
- description: Get a list of outputs associated with agent policies.
+ description: 'Get a list of outputs associated with agent policies.
[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, fleet-settings-read].'
operationId: post-fleet-agent-policies-outputs
parameters:
- description: A required header to protect against CSRF attacks
@@ -18046,6 +18051,7 @@ paths:
- Elastic Agent status
/api/fleet/agent_status/data:
get:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].'
operationId: get-fleet-agent-status-data
parameters:
- in: query
@@ -18120,6 +18126,7 @@ paths:
- Elastic Agents
/api/fleet/agents:
get:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].'
operationId: get-fleet-agents
parameters:
- in: query
@@ -18498,6 +18505,7 @@ paths:
tags:
- Elastic Agents
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].'
operationId: post-fleet-agents
parameters:
- description: A required header to protect against CSRF attacks
@@ -18555,7 +18563,7 @@ paths:
- Elastic Agents
/api/fleet/agents/{agentId}:
delete:
- description: Delete an agent by ID.
+ description: 'Delete an agent by ID.
[Required authorization] Route required privileges: ALL of [fleet-agents-all].'
operationId: delete-fleet-agents-agentid
parameters:
- description: A required header to protect against CSRF attacks
@@ -18604,7 +18612,7 @@ paths:
tags:
- Elastic Agents
get:
- description: Get an agent by ID.
+ description: 'Get an agent by ID.
[Required authorization] Route required privileges: ALL of [fleet-agents-read].'
operationId: get-fleet-agents-agentid
parameters:
- in: path
@@ -18925,7 +18933,7 @@ paths:
tags:
- Elastic Agents
put:
- description: Update an agent by ID.
+ description: 'Update an agent by ID.
[Required authorization] Route required privileges: ALL of [fleet-agents-all].'
operationId: put-fleet-agents-agentid
parameters:
- description: A required header to protect against CSRF attacks
@@ -19262,6 +19270,7 @@ paths:
- Elastic Agents
/api/fleet/agents/{agentId}/actions:
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].'
operationId: post-fleet-agents-agentid-actions
parameters:
- description: A required header to protect against CSRF attacks
@@ -19397,6 +19406,7 @@ paths:
- Elastic Agent actions
/api/fleet/agents/{agentId}/reassign:
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].'
operationId: post-fleet-agents-agentid-reassign
parameters:
- description: A required header to protect against CSRF attacks
@@ -19451,6 +19461,7 @@ paths:
- Elastic Agent actions
/api/fleet/agents/{agentId}/request_diagnostics:
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].'
operationId: post-fleet-agents-agentid-request-diagnostics
parameters:
- description: A required header to protect against CSRF attacks
@@ -19512,6 +19523,7 @@ paths:
- Elastic Agent actions
/api/fleet/agents/{agentId}/unenroll:
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].'
operationId: post-fleet-agents-agentid-unenroll
parameters:
- description: A required header to protect against CSRF attacks
@@ -19544,6 +19556,7 @@ paths:
- Elastic Agent actions
/api/fleet/agents/{agentId}/upgrade:
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].'
operationId: post-fleet-agents-agentid-upgrade
parameters:
- description: A required header to protect against CSRF attacks
@@ -19604,6 +19617,7 @@ paths:
- Elastic Agent actions
/api/fleet/agents/{agentId}/uploads:
get:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].'
operationId: get-fleet-agents-agentid-uploads
parameters:
- in: path
@@ -19676,6 +19690,7 @@ paths:
- Elastic Agents
/api/fleet/agents/action_status:
get:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].'
operationId: get-fleet-agents-action-status
parameters:
- in: query
@@ -19833,6 +19848,7 @@ paths:
- Elastic Agent actions
/api/fleet/agents/actions/{actionId}/cancel:
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].'
operationId: post-fleet-agents-actions-actionid-cancel
parameters:
- description: A required header to protect against CSRF attacks
@@ -19918,6 +19934,7 @@ paths:
- Elastic Agent actions
/api/fleet/agents/available_versions:
get:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].'
operationId: get-fleet-agents-available-versions
parameters: []
responses:
@@ -19955,6 +19972,7 @@ paths:
- Elastic Agents
/api/fleet/agents/bulk_reassign:
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].'
operationId: post-fleet-agents-bulk-reassign
parameters:
- description: A required header to protect against CSRF attacks
@@ -20020,6 +20038,7 @@ paths:
- Elastic Agent actions
/api/fleet/agents/bulk_request_diagnostics:
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].'
operationId: post-fleet-agents-bulk-request-diagnostics
parameters:
- description: A required header to protect against CSRF attacks
@@ -20085,6 +20104,7 @@ paths:
- Elastic Agent actions
/api/fleet/agents/bulk_unenroll:
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].'
operationId: post-fleet-agents-bulk-unenroll
parameters:
- description: A required header to protect against CSRF attacks
@@ -20155,6 +20175,7 @@ paths:
- Elastic Agent actions
/api/fleet/agents/bulk_update_agent_tags:
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].'
operationId: post-fleet-agents-bulk-update-agent-tags
parameters:
- description: A required header to protect against CSRF attacks
@@ -20225,6 +20246,7 @@ paths:
- Elastic Agent actions
/api/fleet/agents/bulk_upgrade:
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].'
operationId: post-fleet-agents-bulk-upgrade
parameters:
- description: A required header to protect against CSRF attacks
@@ -20301,7 +20323,7 @@ paths:
- Elastic Agent actions
/api/fleet/agents/files/{fileId}:
delete:
- description: Delete a file uploaded by an agent.
+ description: 'Delete a file uploaded by an agent.
[Required authorization] Route required privileges: ALL of [fleet-agents-all].'
operationId: delete-fleet-agents-files-fileid
parameters:
- description: A required header to protect against CSRF attacks
@@ -20352,7 +20374,7 @@ paths:
- Elastic Agents
/api/fleet/agents/files/{fileId}/{fileName}:
get:
- description: Get a file uploaded by an agent.
+ description: 'Get a file uploaded by an agent.
[Required authorization] Route required privileges: ALL of [fleet-agents-read].'
operationId: get-fleet-agents-files-fileid-filename
parameters:
- in: path
@@ -20392,6 +20414,7 @@ paths:
- Elastic Agents
/api/fleet/agents/setup:
get:
+ description: '[Required authorization] Route required privileges: ANY of [fleet-agents-read OR fleet-agent-policies-read OR fleet-settings-read OR fleet-setup].'
operationId: get-fleet-agents-setup
parameters: []
responses:
@@ -20451,6 +20474,7 @@ paths:
tags:
- Elastic Agents
post:
+ description: '[Required authorization] Route required privileges: ANY of [fleet-agents-read OR fleet-agent-policies-read OR fleet-settings-read OR fleet-setup].'
operationId: post-fleet-agents-setup
parameters:
- description: A required header to protect against CSRF attacks
@@ -20508,6 +20532,7 @@ paths:
- Elastic Agents
/api/fleet/agents/tags:
get:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-read].'
operationId: get-fleet-agents-tags
parameters:
- in: query
@@ -20602,6 +20627,7 @@ paths:
- Fleet internals
/api/fleet/data_streams:
get:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all, fleet-agent-policies-all, fleet-settings-all].'
operationId: get-fleet-data-streams
parameters: []
responses:
@@ -20698,6 +20724,7 @@ paths:
- Data streams
/api/fleet/enrollment_api_keys:
get:
+ description: '[Required authorization] Route required privileges: ANY of [fleet-agents-all OR fleet-setup].'
operationId: get-fleet-enrollment-api-keys
parameters:
- in: query
@@ -20820,6 +20847,7 @@ paths:
tags:
- Fleet enrollment API keys
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].'
operationId: post-fleet-enrollment-api-keys
parameters:
- description: A required header to protect against CSRF attacks
@@ -20909,7 +20937,7 @@ paths:
- Fleet enrollment API keys
/api/fleet/enrollment_api_keys/{keyId}:
delete:
- description: Revoke an enrollment API key by ID by marking it as inactive.
+ description: 'Revoke an enrollment API key by ID by marking it as inactive.
[Required authorization] Route required privileges: ALL of [fleet-agents-all].'
operationId: delete-fleet-enrollment-api-keys-keyid
parameters:
- description: A required header to protect against CSRF attacks
@@ -20958,7 +20986,7 @@ paths:
tags:
- Fleet enrollment API keys
get:
- description: Get an enrollment API key by ID.
+ description: 'Get an enrollment API key by ID.
[Required authorization] Route required privileges: ANY of [fleet-agents-all OR fleet-setup].'
operationId: get-fleet-enrollment-api-keys-keyid
parameters:
- in: path
@@ -21026,6 +21054,7 @@ paths:
- Fleet enrollment API keys
/api/fleet/epm/bulk_assets:
post:
+ description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].'
operationId: post-fleet-epm-bulk-assets
parameters:
- description: A required header to protect against CSRF attacks
@@ -21116,6 +21145,7 @@ paths:
- Elastic Package Manager (EPM)
/api/fleet/epm/categories:
get:
+ description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].'
operationId: get-fleet-epm-categories
parameters:
- in: query
@@ -21179,6 +21209,7 @@ paths:
- Elastic Package Manager (EPM)
/api/fleet/epm/custom_integrations:
post:
+ description: '[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].'
operationId: post-fleet-epm-custom-integrations
parameters:
- description: A required header to protect against CSRF attacks
@@ -21313,6 +21344,7 @@ paths:
- Elastic Package Manager (EPM)
/api/fleet/epm/data_streams:
get:
+ description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].'
operationId: get-fleet-epm-data-streams
parameters:
- in: query
@@ -21387,6 +21419,7 @@ paths:
- Data streams
/api/fleet/epm/packages:
get:
+ description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].'
operationId: get-fleet-epm-packages
parameters:
- in: query
@@ -21778,6 +21811,7 @@ paths:
tags:
- Elastic Package Manager (EPM)
post:
+ description: '[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].'
operationId: post-fleet-epm-packages
parameters:
- description: A required header to protect against CSRF attacks
@@ -21897,6 +21931,7 @@ paths:
- Elastic Package Manager (EPM)
/api/fleet/epm/packages/_bulk:
post:
+ description: '[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].'
operationId: post-fleet-epm-packages-bulk
parameters:
- description: A required header to protect against CSRF attacks
@@ -22071,6 +22106,7 @@ paths:
- Elastic Package Manager (EPM)
/api/fleet/epm/packages/{pkgName}/{pkgVersion}:
delete:
+ description: '[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].'
operationId: delete-fleet-epm-packages-pkgname-pkgversion
parameters:
- description: A required header to protect against CSRF attacks
@@ -22648,6 +22684,7 @@ paths:
tags:
- Elastic Package Manager (EPM)
post:
+ description: '[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].'
operationId: post-fleet-epm-packages-pkgname-pkgversion
parameters:
- description: A required header to protect against CSRF attacks
@@ -22789,6 +22826,7 @@ paths:
tags:
- Elastic Package Manager (EPM)
put:
+ description: '[Required authorization] Route required privileges: ALL of [integrations-all, fleet-agent-policies-all].'
operationId: put-fleet-epm-packages-pkgname-pkgversion
parameters:
- description: A required header to protect against CSRF attacks
@@ -23250,6 +23288,7 @@ paths:
- Elastic Package Manager (EPM)
/api/fleet/epm/packages/{pkgName}/{pkgVersion}/{filePath}:
get:
+ description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].'
operationId: get-fleet-epm-packages-pkgname-pkgversion-filepath
parameters:
- in: path
@@ -23377,6 +23416,7 @@ paths:
- Elastic Package Manager (EPM)
/api/fleet/epm/packages/{pkgName}/stats:
get:
+ description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].'
operationId: get-fleet-epm-packages-pkgname-stats
parameters:
- in: path
@@ -23423,6 +23463,7 @@ paths:
- Elastic Package Manager (EPM)
/api/fleet/epm/packages/installed:
get:
+ description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].'
operationId: get-fleet-epm-packages-installed
parameters:
- in: query
@@ -23568,6 +23609,7 @@ paths:
- Elastic Package Manager (EPM)
/api/fleet/epm/packages/limited:
get:
+ description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].'
operationId: get-fleet-epm-packages-limited
parameters: []
responses:
@@ -23605,6 +23647,7 @@ paths:
- Elastic Package Manager (EPM)
/api/fleet/epm/templates/{pkgName}/{pkgVersion}/inputs:
get:
+ description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].'
operationId: get-fleet-epm-templates-pkgname-pkgversion-inputs
parameters:
- in: path
@@ -23704,6 +23747,7 @@ paths:
- Elastic Package Manager (EPM)
/api/fleet/epm/verification_key_id:
get:
+ description: '[Required authorization] Route required privileges: ANY of [integrations-read OR fleet-setup OR fleet-all].'
operationId: get-fleet-epm-verification-key-id
parameters: []
responses:
@@ -23740,6 +23784,7 @@ paths:
- Elastic Package Manager (EPM)
/api/fleet/fleet_server_hosts:
get:
+ description: '[Required authorization] Route required privileges: ANY of [fleet-agents-all OR fleet-settings-read].'
operationId: get-fleet-fleet-server-hosts
parameters: []
responses:
@@ -23811,6 +23856,7 @@ paths:
tags:
- Fleet Server hosts
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-settings-all].'
operationId: post-fleet-fleet-server-hosts
parameters:
- description: A required header to protect against CSRF attacks
@@ -23909,7 +23955,7 @@ paths:
- Fleet Server hosts
/api/fleet/fleet_server_hosts/{itemId}:
delete:
- description: Delete a Fleet Server host by ID.
+ description: 'Delete a Fleet Server host by ID.
[Required authorization] Route required privileges: ALL of [fleet-settings-all].'
operationId: delete-fleet-fleet-server-hosts-itemid
parameters:
- description: A required header to protect against CSRF attacks
@@ -23956,7 +24002,7 @@ paths:
tags:
- Fleet Server hosts
get:
- description: Get a Fleet Server host by ID.
+ description: 'Get a Fleet Server host by ID.
[Required authorization] Route required privileges: ALL of [fleet-settings-read].'
operationId: get-fleet-fleet-server-hosts-itemid
parameters:
- in: path
@@ -24022,7 +24068,7 @@ paths:
tags:
- Fleet Server hosts
put:
- description: Update a Fleet Server host by ID.
+ description: 'Update a Fleet Server host by ID.
[Required authorization] Route required privileges: ALL of [fleet-settings-all].'
operationId: put-fleet-fleet-server-hosts-itemid
parameters:
- description: A required header to protect against CSRF attacks
@@ -24119,6 +24165,7 @@ paths:
- Fleet Server hosts
/api/fleet/health_check:
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-settings-all].'
operationId: post-fleet-health-check
parameters:
- description: A required header to protect against CSRF attacks
@@ -24192,6 +24239,7 @@ paths:
- Fleet internals
/api/fleet/kubernetes:
get:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, fleet-setup].'
operationId: get-fleet-kubernetes
parameters:
- in: query
@@ -24242,6 +24290,7 @@ paths:
- Elastic Agent policies
/api/fleet/kubernetes/download:
get:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, fleet-setup].'
operationId: get-fleet-kubernetes-download
parameters:
- in: query
@@ -24302,6 +24351,7 @@ paths:
- Elastic Agent policies
/api/fleet/logstash_api_keys:
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-settings-all].'
operationId: post-fleet-logstash-api-keys
parameters:
- description: A required header to protect against CSRF attacks
@@ -24344,6 +24394,7 @@ paths:
- Fleet outputs
/api/fleet/message_signing_service/rotate_key_pair:
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all, fleet-agent-policies-all, fleet-settings-all].'
operationId: post-fleet-message-signing-service-rotate-key-pair
parameters:
- description: A required header to protect against CSRF attacks
@@ -24408,6 +24459,7 @@ paths:
- Message Signing Service
/api/fleet/outputs:
get:
+ description: '[Required authorization] Route required privileges: ANY of [fleet-settings-read OR fleet-agent-policies-read].'
operationId: get-fleet-outputs
parameters: []
responses:
@@ -25132,6 +25184,7 @@ paths:
tags:
- Fleet outputs
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-settings-all].'
operationId: post-fleet-outputs
parameters:
- description: A required header to protect against CSRF attacks
@@ -26537,7 +26590,7 @@ paths:
- Fleet outputs
/api/fleet/outputs/{outputId}:
delete:
- description: Delete output by ID.
+ description: 'Delete output by ID.
[Required authorization] Route required privileges: ALL of [fleet-settings-all].'
operationId: delete-fleet-outputs-outputid
parameters:
- description: A required header to protect against CSRF attacks
@@ -26600,7 +26653,7 @@ paths:
tags:
- Fleet outputs
get:
- description: Get output by ID.
+ description: 'Get output by ID.
[Required authorization] Route required privileges: ANY of [fleet-settings-read OR fleet-agent-policies-read].'
operationId: get-fleet-outputs-outputid
parameters:
- in: path
@@ -27319,7 +27372,7 @@ paths:
tags:
- Fleet outputs
put:
- description: Update output by ID.
+ description: 'Update output by ID.
[Required authorization] Route required privileges: ANY of [fleet-settings-all OR fleet-agent-policies-all].'
operationId: put-fleet-outputs-outputid
parameters:
- description: A required header to protect against CSRF attacks
@@ -28709,6 +28762,7 @@ paths:
- Fleet outputs
/api/fleet/outputs/{outputId}/health:
get:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-settings-read].'
operationId: get-fleet-outputs-outputid-health
parameters:
- in: path
@@ -30516,7 +30570,7 @@ paths:
- Fleet package policies
/api/fleet/package_policies/{packagePolicyId}:
delete:
- description: Delete a package policy by ID.
+ description: 'Delete a package policy by ID.
[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all, integrations-all].'
operationId: delete-fleet-package-policies-packagepolicyid
parameters:
- description: A required header to protect against CSRF attacks
@@ -31841,6 +31895,7 @@ paths:
- Fleet package policies
/api/fleet/package_policies/delete:
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all, integrations-all].'
operationId: post-fleet-package-policies-delete
parameters:
- description: A required header to protect against CSRF attacks
@@ -31969,7 +32024,7 @@ paths:
- Fleet package policies
/api/fleet/package_policies/upgrade:
post:
- description: Upgrade a package policy to a newer package version.
+ description: 'Upgrade a package policy to a newer package version.
[Required authorization] Route required privileges: ALL of [fleet-agent-policies-all, integrations-all].'
operationId: post-fleet-package-policies-upgrade
parameters:
- description: A required header to protect against CSRF attacks
@@ -32042,6 +32097,7 @@ paths:
- Fleet package policies
/api/fleet/package_policies/upgrade/dryrun:
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agent-policies-read, integrations-read].'
operationId: post-fleet-package-policies-upgrade-dryrun
parameters:
- description: A required header to protect against CSRF attacks
@@ -32834,6 +32890,7 @@ paths:
- Fleet package policies
/api/fleet/proxies:
get:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-settings-read].'
operationId: get-fleet-proxies
parameters: []
responses:
@@ -32911,6 +32968,7 @@ paths:
tags:
- Fleet proxies
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-settings-all].'
operationId: post-fleet-proxies
parameters:
- description: A required header to protect against CSRF attacks
@@ -33021,7 +33079,7 @@ paths:
- Fleet proxies
/api/fleet/proxies/{itemId}:
delete:
- description: Delete a proxy by ID
+ description: 'Delete a proxy by ID
[Required authorization] Route required privileges: ALL of [fleet-settings-all].'
operationId: delete-fleet-proxies-itemid
parameters:
- description: A required header to protect against CSRF attacks
@@ -33068,7 +33126,7 @@ paths:
tags:
- Fleet proxies
get:
- description: Get a proxy by ID.
+ description: 'Get a proxy by ID.
[Required authorization] Route required privileges: ALL of [fleet-settings-read].'
operationId: get-fleet-proxies-itemid
parameters:
- in: path
@@ -33140,7 +33198,7 @@ paths:
tags:
- Fleet proxies
put:
- description: Update a proxy by ID.
+ description: 'Update a proxy by ID.
[Required authorization] Route required privileges: ALL of [fleet-settings-all].'
operationId: put-fleet-proxies-itemid
parameters:
- description: A required header to protect against CSRF attacks
@@ -33253,6 +33311,7 @@ paths:
- Fleet proxies
/api/fleet/service_tokens:
post:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-agents-all].'
operationId: post-fleet-service-tokens
parameters:
- description: A required header to protect against CSRF attacks
@@ -33309,6 +33368,7 @@ paths:
- Fleet service tokens
/api/fleet/settings:
get:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-settings-read].'
operationId: get-fleet-settings
parameters: []
responses:
@@ -33396,6 +33456,7 @@ paths:
tags:
- Fleet internals
put:
+ description: '[Required authorization] Route required privileges: ALL of [fleet-settings-all].'
operationId: put-fleet-settings
parameters:
- description: A required header to protect against CSRF attacks
@@ -33522,6 +33583,7 @@ paths:
- Fleet internals
/api/fleet/setup:
post:
+ description: '[Required authorization] Route required privileges: ANY of [fleet-agents-read OR fleet-agent-policies-read OR fleet-settings-read OR fleet-setup].'
operationId: post-fleet-setup
parameters:
- description: A required header to protect against CSRF attacks
@@ -33591,7 +33653,7 @@ paths:
- Fleet internals
/api/fleet/uninstall_tokens:
get:
- description: List the metadata for the latest uninstall tokens per agent policy.
+ description: 'List the metadata for the latest uninstall tokens per agent policy.
[Required authorization] Route required privileges: ALL of [fleet-agents-all].'
operationId: get-fleet-uninstall-tokens
parameters:
- description: Partial match filtering for policy IDs
@@ -33683,7 +33745,7 @@ paths:
- Fleet uninstall tokens
/api/fleet/uninstall_tokens/{uninstallTokenId}:
get:
- description: Get one decrypted uninstall token by its ID.
+ description: 'Get one decrypted uninstall token by its ID.
[Required authorization] Route required privileges: ALL of [fleet-agents-all].'
operationId: get-fleet-uninstall-tokens-uninstalltokenid
parameters:
- in: path
diff --git a/x-pack/platform/plugins/shared/fleet/server/constants/api_privileges.ts b/x-pack/platform/plugins/shared/fleet/server/constants/api_privileges.ts
new file mode 100644
index 0000000000000..ab2cdedc3520e
--- /dev/null
+++ b/x-pack/platform/plugins/shared/fleet/server/constants/api_privileges.ts
@@ -0,0 +1,32 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { INTEGRATIONS_PLUGIN_ID, PLUGIN_ID } from '../../common';
+
+export const FLEET_API_PRIVILEGES = {
+ FLEET: {
+ READ: `${PLUGIN_ID}-read`,
+ ALL: `${PLUGIN_ID}-all`,
+ },
+ AGENTS: {
+ READ: `${PLUGIN_ID}-agents-read`,
+ ALL: `${PLUGIN_ID}-agents-all`,
+ },
+ AGENT_POLICIES: {
+ READ: `${PLUGIN_ID}-agent-policies-read`,
+ ALL: `${PLUGIN_ID}-agent-policies-all`,
+ },
+ SETTINGS: {
+ READ: `${PLUGIN_ID}-settings-read`,
+ ALL: `${PLUGIN_ID}-settings-all`,
+ },
+ INTEGRATIONS: {
+ READ: `${INTEGRATIONS_PLUGIN_ID}-read`,
+ ALL: `${INTEGRATIONS_PLUGIN_ID}-all`,
+ },
+ SETUP: `fleet-setup`,
+};
diff --git a/x-pack/platform/plugins/shared/fleet/server/routes/agent/index.ts b/x-pack/platform/plugins/shared/fleet/server/routes/agent/index.ts
index 82893b6590e30..ca9876d74c435 100644
--- a/x-pack/platform/plugins/shared/fleet/server/routes/agent/index.ts
+++ b/x-pack/platform/plugins/shared/fleet/server/routes/agent/index.ts
@@ -55,7 +55,7 @@ import {
PostNewAgentActionResponseSchema,
PostRetrieveAgentsByActionsResponseSchema,
} from '../../types/rest_spec/agent';
-
+import { FLEET_API_PRIVILEGES } from '../../constants/api_privileges';
import { calculateRouteAuthz } from '../../services/security/security';
import { genericErrorResponse } from '../schema/errors';
@@ -95,8 +95,10 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
router.versioned
.get({
path: AGENT_API_ROUTES.INFO_PATTERN,
- fleetAuthz: {
- fleet: { readAgents: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.AGENTS.READ],
+ },
},
summary: `Get an agent`,
description: `Get an agent by ID.`,
@@ -126,8 +128,10 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
router.versioned
.put({
path: AGENT_API_ROUTES.UPDATE_PATTERN,
- fleetAuthz: {
- fleet: { allAgents: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.AGENTS.ALL],
+ },
},
summary: `Update an agent`,
description: `Update an agent by ID.`,
@@ -157,8 +161,10 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
router.versioned
.post({
path: AGENT_API_ROUTES.BULK_UPDATE_AGENT_TAGS_PATTERN,
- fleetAuthz: {
- fleet: { allAgents: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.AGENTS.ALL],
+ },
},
summary: `Bulk update agent tags`,
options: {
@@ -187,8 +193,10 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
router.versioned
.delete({
path: AGENT_API_ROUTES.DELETE_PATTERN,
- fleetAuthz: {
- fleet: { allAgents: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.AGENTS.ALL],
+ },
},
summary: `Delete an agent`,
description: `Delete an agent by ID.`,
@@ -218,9 +226,10 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
router.versioned
.get({
path: AGENT_API_ROUTES.LIST_PATTERN,
-
- fleetAuthz: {
- fleet: { readAgents: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.AGENTS.READ],
+ },
},
summary: `Get agents`,
options: {
@@ -249,8 +258,10 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
router.versioned
.get({
path: AGENT_API_ROUTES.LIST_TAGS_PATTERN,
- fleetAuthz: {
- fleet: { readAgents: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.AGENTS.READ],
+ },
},
summary: `Get agent tags`,
options: {
@@ -279,8 +290,10 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
router.versioned
.post({
path: AGENT_API_ROUTES.ACTIONS_PATTERN,
- fleetAuthz: {
- fleet: { allAgents: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.AGENTS.ALL],
+ },
},
summary: `Create an agent action`,
options: {
@@ -313,8 +326,10 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
router.versioned
.post({
path: AGENT_API_ROUTES.CANCEL_ACTIONS_PATTERN,
- fleetAuthz: {
- fleet: { allAgents: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.AGENTS.ALL],
+ },
},
summary: `Cancel an agent action`,
options: {
@@ -348,8 +363,10 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
router.versioned
.post({
path: AGENT_API_ROUTES.LIST_PATTERN,
- fleetAuthz: {
- fleet: { readAgents: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.AGENTS.READ],
+ },
},
summary: `Get agents by action ids`,
options: {
@@ -377,8 +394,10 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
router.versioned
.post({
path: AGENT_API_ROUTES.UNENROLL_PATTERN,
- fleetAuthz: {
- fleet: { allAgents: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.AGENTS.ALL],
+ },
},
summary: `Unenroll an agent`,
options: {
@@ -396,8 +415,10 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
router.versioned
.post({
path: AGENT_API_ROUTES.REASSIGN_PATTERN,
- fleetAuthz: {
- fleet: { allAgents: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.AGENTS.ALL],
+ },
},
summary: `Reassign an agent`,
options: {
@@ -425,8 +446,10 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
router.versioned
.post({
path: AGENT_API_ROUTES.REQUEST_DIAGNOSTICS_PATTERN,
- fleetAuthz: {
- fleet: { readAgents: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.AGENTS.READ],
+ },
},
summary: `Request agent diagnostics`,
options: {
@@ -454,8 +477,10 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
router.versioned
.post({
path: AGENT_API_ROUTES.BULK_REQUEST_DIAGNOSTICS_PATTERN,
- fleetAuthz: {
- fleet: { readAgents: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.AGENTS.READ],
+ },
},
summary: `Bulk request diagnostics from agents`,
options: {
@@ -483,8 +508,10 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
router.versioned
.get({
path: AGENT_API_ROUTES.LIST_UPLOADS_PATTERN,
- fleetAuthz: {
- fleet: { readAgents: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.AGENTS.READ],
+ },
},
summary: `Get agent uploads`,
options: {
@@ -512,8 +539,10 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
router.versioned
.get({
path: AGENT_API_ROUTES.GET_UPLOAD_FILE_PATTERN,
- fleetAuthz: {
- fleet: { readAgents: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.AGENTS.READ],
+ },
},
summary: `Get an uploaded file`,
description: `Get a file uploaded by an agent.`,
@@ -542,8 +571,10 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
router.versioned
.delete({
path: AGENT_API_ROUTES.DELETE_UPLOAD_FILE_PATTERN,
- fleetAuthz: {
- fleet: { allAgents: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.AGENTS.ALL],
+ },
},
summary: `Delete an uploaded file`,
description: `Delete a file uploaded by an agent.`,
@@ -568,11 +599,11 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
},
deleteAgentUploadFileHandler
);
-
// Get agent status for policy
router.versioned
.get({
path: AGENT_API_ROUTES.STATUS_PATTERN,
+ // TODO move to kibana authz https://github.com/elastic/kibana/issues/203170
fleetAuthz: (fleetAuthz: FleetAuthz): boolean =>
calculateRouteAuthz(
fleetAuthz,
@@ -604,8 +635,10 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
router.versioned
.get({
path: AGENT_API_ROUTES.DATA_PATTERN,
- fleetAuthz: {
- fleet: { readAgents: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.AGENTS.READ],
+ },
},
summary: `Get incoming agent data`,
options: {
@@ -634,8 +667,10 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
router.versioned
.post({
path: AGENT_API_ROUTES.UPGRADE_PATTERN,
- fleetAuthz: {
- fleet: { allAgents: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.AGENTS.ALL],
+ },
},
summary: `Upgrade an agent`,
options: {
@@ -663,8 +698,10 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
router.versioned
.post({
path: AGENT_API_ROUTES.BULK_UPGRADE_PATTERN,
- fleetAuthz: {
- fleet: { allAgents: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.AGENTS.ALL],
+ },
},
summary: `Bulk upgrade agents`,
options: {
@@ -693,8 +730,10 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
router.versioned
.get({
path: AGENT_API_ROUTES.ACTION_STATUS_PATTERN,
- fleetAuthz: {
- fleet: { readAgents: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.AGENTS.READ],
+ },
},
summary: `Get an agent action status`,
options: {
@@ -723,8 +762,10 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
router.versioned
.post({
path: AGENT_API_ROUTES.BULK_REASSIGN_PATTERN,
- fleetAuthz: {
- fleet: { allAgents: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.AGENTS.ALL],
+ },
},
summary: `Bulk reassign agents`,
options: {
@@ -753,8 +794,10 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
router.versioned
.post({
path: AGENT_API_ROUTES.BULK_UNENROLL_PATTERN,
- fleetAuthz: {
- fleet: { allAgents: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.AGENTS.ALL],
+ },
},
summary: `Bulk unenroll agents`,
options: {
@@ -783,8 +826,10 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
router.versioned
.get({
path: AGENT_API_ROUTES.AVAILABLE_VERSIONS_PATTERN,
- fleetAuthz: {
- fleet: { readAgents: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.AGENTS.READ],
+ },
},
summary: `Get available agent versions`,
options: {
@@ -817,8 +862,10 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
.get({
path: '/internal/fleet/agents/status_runtime_field',
access: 'internal',
- fleetAuthz: {
- fleet: { readAgents: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.AGENTS.READ],
+ },
},
})
.addVersion(
diff --git a/x-pack/platform/plugins/shared/fleet/server/routes/agent_policy/index.ts b/x-pack/platform/plugins/shared/fleet/server/routes/agent_policy/index.ts
index 0d0dc6ae68c25..9450b5e0da089 100644
--- a/x-pack/platform/plugins/shared/fleet/server/routes/agent_policy/index.ts
+++ b/x-pack/platform/plugins/shared/fleet/server/routes/agent_policy/index.ts
@@ -9,7 +9,7 @@ import { schema } from '@kbn/config-schema';
import type { FleetAuthzRouter } from '../../services/security';
import { API_VERSIONS } from '../../../common/constants';
-
+import { FLEET_API_PRIVILEGES } from '../../constants/api_privileges';
import { AGENT_POLICY_API_ROUTES } from '../../constants';
import {
GetAgentPoliciesRequestSchema,
@@ -60,9 +60,18 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.get({
path: AGENT_POLICY_API_ROUTES.LIST_PATTERN,
- fleetAuthz: (authz) => {
- // Allow to retrieve agent policies metadata (no full) for user with only read agents permissions
- return authz.fleet.readAgentPolicies || authz.fleet.readAgents;
+ security: {
+ authz: {
+ requiredPrivileges: [
+ {
+ anyRequired: [
+ FLEET_API_PRIVILEGES.AGENT_POLICIES.READ,
+ FLEET_API_PRIVILEGES.AGENTS.READ,
+ FLEET_API_PRIVILEGES.SETUP,
+ ],
+ },
+ ],
+ },
},
summary: `Get agent policies`,
options: {
@@ -91,9 +100,18 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.post({
path: AGENT_POLICY_API_ROUTES.BULK_GET_PATTERN,
- fleetAuthz: (authz) => {
- // Allow to retrieve agent policies metadata (no full) for user with only read agents permissions
- return authz.fleet.readAgentPolicies || authz.fleet.readAgents;
+ security: {
+ authz: {
+ requiredPrivileges: [
+ {
+ anyRequired: [
+ FLEET_API_PRIVILEGES.AGENT_POLICIES.READ,
+ FLEET_API_PRIVILEGES.AGENTS.READ,
+ FLEET_API_PRIVILEGES.SETUP,
+ ],
+ },
+ ],
+ },
},
summary: `Bulk get agent policies`,
options: {
@@ -122,9 +140,18 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.get({
path: AGENT_POLICY_API_ROUTES.INFO_PATTERN,
- fleetAuthz: (authz) => {
- // Allow to retrieve agent policies metadata (no full) for user with only read agents permissions
- return authz.fleet.readAgentPolicies || authz.fleet.readAgents;
+ security: {
+ authz: {
+ requiredPrivileges: [
+ {
+ anyRequired: [
+ FLEET_API_PRIVILEGES.AGENT_POLICIES.READ,
+ FLEET_API_PRIVILEGES.AGENTS.READ,
+ FLEET_API_PRIVILEGES.SETUP,
+ ],
+ },
+ ],
+ },
},
summary: `Get an agent policy`,
description: `Get an agent policy by ID.`,
@@ -154,8 +181,10 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.post({
path: AGENT_POLICY_API_ROUTES.CREATE_PATTERN,
- fleetAuthz: {
- fleet: { allAgentPolicies: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.AGENT_POLICIES.ALL],
+ },
},
summary: `Create an agent policy`,
options: {
@@ -184,8 +213,10 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.put({
path: AGENT_POLICY_API_ROUTES.UPDATE_PATTERN,
- fleetAuthz: {
- fleet: { allAgentPolicies: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.AGENT_POLICIES.ALL],
+ },
},
summary: `Update an agent policy`,
description: `Update an agent policy by ID.`,
@@ -215,8 +246,10 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.post({
path: AGENT_POLICY_API_ROUTES.COPY_PATTERN,
- fleetAuthz: {
- fleet: { allAgentPolicies: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.AGENT_POLICIES.ALL],
+ },
},
summary: `Copy an agent policy`,
description: `Copy an agent policy by ID.`,
@@ -246,8 +279,10 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.post({
path: AGENT_POLICY_API_ROUTES.DELETE_PATTERN,
- fleetAuthz: {
- fleet: { allAgentPolicies: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.AGENT_POLICIES.ALL],
+ },
},
summary: `Delete an agent policy`,
description: `Delete an agent policy by ID.`,
@@ -277,8 +312,10 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.get({
path: AGENT_POLICY_API_ROUTES.FULL_INFO_PATTERN,
- fleetAuthz: {
- fleet: { readAgentPolicies: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.AGENT_POLICIES.READ],
+ },
},
summary: `Get a full agent policy`,
description: `Get a full agent policy by ID.`,
@@ -308,8 +345,13 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.get({
path: AGENT_POLICY_API_ROUTES.FULL_INFO_DOWNLOAD_PATTERN,
- fleetAuthz: {
- fleet: { readAgentPolicies: true },
+ security: {
+ authz: {
+ requiredPrivileges: [
+ FLEET_API_PRIVILEGES.AGENT_POLICIES.READ,
+ FLEET_API_PRIVILEGES.SETUP,
+ ],
+ },
},
enableQueryVersion: true,
summary: `Download an agent policy`,
@@ -343,8 +385,13 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.get({
path: K8S_API_ROUTES.K8S_INFO_PATTERN,
- fleetAuthz: {
- fleet: { readAgentPolicies: true },
+ security: {
+ authz: {
+ requiredPrivileges: [
+ FLEET_API_PRIVILEGES.AGENT_POLICIES.READ,
+ FLEET_API_PRIVILEGES.SETUP,
+ ],
+ },
},
summary: `Get a full K8s agent manifest`,
options: {
@@ -373,8 +420,13 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.get({
path: K8S_API_ROUTES.K8S_DOWNLOAD_PATTERN,
- fleetAuthz: {
- fleet: { readAgentPolicies: true },
+ security: {
+ authz: {
+ requiredPrivileges: [
+ FLEET_API_PRIVILEGES.AGENT_POLICIES.READ,
+ FLEET_API_PRIVILEGES.SETUP,
+ ],
+ },
},
enableQueryVersion: true,
summary: `Download an agent manifest`,
@@ -406,8 +458,13 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.post({
path: AGENT_POLICY_API_ROUTES.LIST_OUTPUTS_PATTERN,
- fleetAuthz: (authz) => {
- return authz.fleet.readAgentPolicies && authz.fleet.readSettings;
+ security: {
+ authz: {
+ requiredPrivileges: [
+ FLEET_API_PRIVILEGES.AGENT_POLICIES.READ,
+ FLEET_API_PRIVILEGES.SETTINGS.READ,
+ ],
+ },
},
summary: `Get outputs for agent policies`,
description: `Get a list of outputs associated with agent policies.`,
@@ -436,8 +493,13 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.get({
path: AGENT_POLICY_API_ROUTES.INFO_OUTPUTS_PATTERN,
- fleetAuthz: (authz) => {
- return authz.fleet.readAgentPolicies && authz.fleet.readSettings;
+ security: {
+ authz: {
+ requiredPrivileges: [
+ FLEET_API_PRIVILEGES.AGENT_POLICIES.READ,
+ FLEET_API_PRIVILEGES.SETTINGS.READ,
+ ],
+ },
},
summary: `Get outputs for an agent policy`,
description: `Get a list of outputs associated with agent policy by policy id.`,
diff --git a/x-pack/platform/plugins/shared/fleet/server/routes/app/index.ts b/x-pack/platform/plugins/shared/fleet/server/routes/app/index.ts
index e5198ea84a78c..aba2b2ff3acbb 100644
--- a/x-pack/platform/plugins/shared/fleet/server/routes/app/index.ts
+++ b/x-pack/platform/plugins/shared/fleet/server/routes/app/index.ts
@@ -21,6 +21,7 @@ import { CheckPermissionsRequestSchema, CheckPermissionsResponseSchema } from '.
import { enableSpaceAwarenessMigration } from '../../services/spaces/enable_space_awareness';
import { type FleetConfigType } from '../../config';
import { genericErrorResponse } from '../schema/errors';
+import { FLEET_API_PRIVILEGES } from '../../constants/api_privileges';
export const getCheckPermissionsHandler: FleetRequestHandler<
unknown,
@@ -194,8 +195,14 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType
.post({
path: '/internal/fleet/enable_space_awareness',
access: 'internal',
- fleetAuthz: {
- fleet: { all: true },
+ security: {
+ authz: {
+ requiredPrivileges: [
+ FLEET_API_PRIVILEGES.AGENTS.ALL,
+ FLEET_API_PRIVILEGES.AGENT_POLICIES.ALL,
+ FLEET_API_PRIVILEGES.SETTINGS.ALL,
+ ],
+ },
},
})
.addVersion(
@@ -236,8 +243,10 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType
.get({
path: APP_API_ROUTES.AGENT_POLICIES_SPACES,
access: 'internal',
- fleetAuthz: {
- fleet: { readAgentPolicies: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.AGENT_POLICIES.READ],
+ },
},
})
.addVersion(
@@ -251,8 +260,10 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType
router.versioned
.post({
path: APP_API_ROUTES.GENERATE_SERVICE_TOKEN_PATTERN,
- fleetAuthz: {
- fleet: { allAgents: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.AGENTS.ALL],
+ },
},
summary: `Create a service token`,
options: {
diff --git a/x-pack/platform/plugins/shared/fleet/server/routes/data_streams/index.ts b/x-pack/platform/plugins/shared/fleet/server/routes/data_streams/index.ts
index 7dc870c394bc8..e51c8ce447317 100644
--- a/x-pack/platform/plugins/shared/fleet/server/routes/data_streams/index.ts
+++ b/x-pack/platform/plugins/shared/fleet/server/routes/data_streams/index.ts
@@ -7,7 +7,7 @@
import { schema } from '@kbn/config-schema';
import type { FleetAuthzRouter } from '../../services/security';
-
+import { FLEET_API_PRIVILEGES } from '../../constants/api_privileges';
import { API_VERSIONS } from '../../../common/constants';
import { DATA_STREAM_API_ROUTES } from '../../constants';
@@ -49,8 +49,14 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.get({
path: DATA_STREAM_API_ROUTES.LIST_PATTERN,
- fleetAuthz: {
- fleet: { all: true },
+ security: {
+ authz: {
+ requiredPrivileges: [
+ FLEET_API_PRIVILEGES.AGENTS.ALL,
+ FLEET_API_PRIVILEGES.AGENT_POLICIES.ALL,
+ FLEET_API_PRIVILEGES.SETTINGS.ALL,
+ ],
+ },
},
summary: `Get data streams`,
options: {
diff --git a/x-pack/platform/plugins/shared/fleet/server/routes/debug/index.ts b/x-pack/platform/plugins/shared/fleet/server/routes/debug/index.ts
index bfe2bfd0f0e20..b3baf42552c34 100644
--- a/x-pack/platform/plugins/shared/fleet/server/routes/debug/index.ts
+++ b/x-pack/platform/plugins/shared/fleet/server/routes/debug/index.ts
@@ -9,7 +9,7 @@ import type { FleetAuthzRouter } from '../../services/security';
import { FLEET_DEBUG_ROUTES } from '../../constants';
import { API_VERSIONS } from '../../../common/constants';
-
+import { FLEET_API_PRIVILEGES } from '../../constants/api_privileges';
import {
FetchIndexRequestSchema,
FetchSavedObjectNamesRequestSchema,
@@ -27,8 +27,14 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
.post({
path: FLEET_DEBUG_ROUTES.INDEX_PATTERN,
access: 'internal',
- fleetAuthz: {
- fleet: { all: true },
+ security: {
+ authz: {
+ requiredPrivileges: [
+ FLEET_API_PRIVILEGES.AGENTS.ALL,
+ FLEET_API_PRIVILEGES.AGENT_POLICIES.ALL,
+ FLEET_API_PRIVILEGES.SETTINGS.ALL,
+ ],
+ },
},
})
.addVersion(
@@ -43,8 +49,14 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
.post({
path: FLEET_DEBUG_ROUTES.SAVED_OBJECTS_PATTERN,
access: 'internal',
- fleetAuthz: {
- fleet: { all: true },
+ security: {
+ authz: {
+ requiredPrivileges: [
+ FLEET_API_PRIVILEGES.AGENTS.ALL,
+ FLEET_API_PRIVILEGES.AGENT_POLICIES.ALL,
+ FLEET_API_PRIVILEGES.SETTINGS.ALL,
+ ],
+ },
},
})
.addVersion(
@@ -59,8 +71,14 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
.post({
path: FLEET_DEBUG_ROUTES.SAVED_OBJECT_NAMES_PATTERN,
access: 'internal',
- fleetAuthz: {
- fleet: { all: true },
+ security: {
+ authz: {
+ requiredPrivileges: [
+ FLEET_API_PRIVILEGES.AGENTS.ALL,
+ FLEET_API_PRIVILEGES.AGENT_POLICIES.ALL,
+ FLEET_API_PRIVILEGES.SETTINGS.ALL,
+ ],
+ },
},
})
.addVersion(
diff --git a/x-pack/platform/plugins/shared/fleet/server/routes/download_source/index.ts b/x-pack/platform/plugins/shared/fleet/server/routes/download_source/index.ts
index 687fdcf5f793f..62e97a731fa10 100644
--- a/x-pack/platform/plugins/shared/fleet/server/routes/download_source/index.ts
+++ b/x-pack/platform/plugins/shared/fleet/server/routes/download_source/index.ts
@@ -21,7 +21,7 @@ import {
} from '../../types';
import { genericErrorResponse } from '../schema/errors';
-
+import { FLEET_API_PRIVILEGES } from '../../constants/api_privileges';
import { ListResponseSchema } from '../schema/utils';
import {
@@ -36,8 +36,17 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.get({
path: DOWNLOAD_SOURCE_API_ROUTES.LIST_PATTERN,
- fleetAuthz: (authz) => {
- return authz.fleet.readSettings || authz.fleet.readAgentPolicies;
+ security: {
+ authz: {
+ requiredPrivileges: [
+ {
+ anyRequired: [
+ FLEET_API_PRIVILEGES.AGENT_POLICIES.READ,
+ FLEET_API_PRIVILEGES.SETTINGS.READ,
+ ],
+ },
+ ],
+ },
},
summary: `Get agent binary download sources`,
options: {
@@ -65,8 +74,17 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.get({
path: DOWNLOAD_SOURCE_API_ROUTES.INFO_PATTERN,
- fleetAuthz: (authz) => {
- return authz.fleet.readSettings || authz.fleet.readAgentPolicies;
+ security: {
+ authz: {
+ requiredPrivileges: [
+ {
+ anyRequired: [
+ FLEET_API_PRIVILEGES.AGENT_POLICIES.READ,
+ FLEET_API_PRIVILEGES.SETTINGS.READ,
+ ],
+ },
+ ],
+ },
},
summary: `Get an agent binary download source`,
description: `Get an agent binary download source by ID.`,
@@ -95,8 +113,10 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.put({
path: DOWNLOAD_SOURCE_API_ROUTES.UPDATE_PATTERN,
- fleetAuthz: {
- fleet: { allSettings: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.SETTINGS.ALL],
+ },
},
summary: `Update an agent binary download source`,
description: `Update an agent binary download source by ID.`,
@@ -125,8 +145,10 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.post({
path: DOWNLOAD_SOURCE_API_ROUTES.CREATE_PATTERN,
- fleetAuthz: {
- fleet: { allSettings: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.SETTINGS.ALL],
+ },
},
summary: `Create an agent binary download source`,
options: {
@@ -154,8 +176,10 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.delete({
path: DOWNLOAD_SOURCE_API_ROUTES.DELETE_PATTERN,
- fleetAuthz: {
- fleet: { allSettings: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.SETTINGS.ALL],
+ },
},
summary: `Delete an agent binary download source`,
description: `Delete an agent binary download source by ID.`,
diff --git a/x-pack/platform/plugins/shared/fleet/server/routes/enrollment_api_key/index.ts b/x-pack/platform/plugins/shared/fleet/server/routes/enrollment_api_key/index.ts
index e593bac3180fe..fd5ba7091ee2b 100644
--- a/x-pack/platform/plugins/shared/fleet/server/routes/enrollment_api_key/index.ts
+++ b/x-pack/platform/plugins/shared/fleet/server/routes/enrollment_api_key/index.ts
@@ -22,7 +22,7 @@ import {
} from '../../types';
import { genericErrorResponse } from '../schema/errors';
-
+import { FLEET_API_PRIVILEGES } from '../../constants/api_privileges';
import { ListResponseSchema } from '../schema/utils';
import {
@@ -36,8 +36,14 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.get({
path: ENROLLMENT_API_KEY_ROUTES.INFO_PATTERN,
- fleetAuthz: {
- fleet: { readEnrollmentTokens: true },
+ security: {
+ authz: {
+ requiredPrivileges: [
+ {
+ anyRequired: [FLEET_API_PRIVILEGES.AGENTS.ALL, FLEET_API_PRIVILEGES.SETUP],
+ },
+ ],
+ },
},
summary: `Get an enrollment API key`,
description: `Get an enrollment API key by ID.`,
@@ -66,8 +72,10 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.delete({
path: ENROLLMENT_API_KEY_ROUTES.DELETE_PATTERN,
- fleetAuthz: {
- fleet: { allAgents: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.AGENTS.ALL],
+ },
},
summary: `Revoke an enrollment API key`,
description: `Revoke an enrollment API key by ID by marking it as inactive.`,
@@ -96,8 +104,14 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.get({
path: ENROLLMENT_API_KEY_ROUTES.LIST_PATTERN,
- fleetAuthz: {
- fleet: { readEnrollmentTokens: true },
+ security: {
+ authz: {
+ requiredPrivileges: [
+ {
+ anyRequired: [FLEET_API_PRIVILEGES.AGENTS.ALL, FLEET_API_PRIVILEGES.SETUP],
+ },
+ ],
+ },
},
summary: `Get enrollment API keys`,
options: {
@@ -128,8 +142,10 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.post({
path: ENROLLMENT_API_KEY_ROUTES.CREATE_PATTERN,
- fleetAuthz: {
- fleet: { allAgents: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.AGENTS.ALL],
+ },
},
summary: `Create an enrollment API key`,
options: {
diff --git a/x-pack/platform/plugins/shared/fleet/server/routes/epm/index.ts b/x-pack/platform/plugins/shared/fleet/server/routes/epm/index.ts
index 787b02b69c3e8..49658b45ce2f8 100644
--- a/x-pack/platform/plugins/shared/fleet/server/routes/epm/index.ts
+++ b/x-pack/platform/plugins/shared/fleet/server/routes/epm/index.ts
@@ -5,8 +5,9 @@
* 2.0.
*/
-import { parseExperimentalConfigValue } from '../../../common/experimental_features';
+import type { RouteSecurity } from '@kbn/core-http-server';
+import { parseExperimentalConfigValue } from '../../../common/experimental_features';
import { API_VERSIONS } from '../../../common/constants';
import type { FleetAuthz } from '../../../common';
@@ -57,7 +58,7 @@ import {
ReauthorizeTransformResponseSchema,
} from '../../types';
import type { FleetConfigType } from '../../config';
-
+import { FLEET_API_PRIVILEGES } from '../../constants/api_privileges';
import { genericErrorResponse } from '../schema/errors';
import {
@@ -91,17 +92,40 @@ export const INSTALL_PACKAGES_AUTHZ: FleetAuthzRouteConfig['fleetAuthz'] = {
integrations: { installPackages: true },
};
+export const INSTALL_PACKAGES_SECURITY: RouteSecurity = {
+ authz: {
+ requiredPrivileges: [
+ FLEET_API_PRIVILEGES.INTEGRATIONS.ALL,
+ FLEET_API_PRIVILEGES.AGENT_POLICIES.ALL,
+ ],
+ },
+};
+
export const READ_PACKAGE_INFO_AUTHZ: FleetAuthzRouteConfig['fleetAuthz'] = {
integrations: { readPackageInfo: true },
};
+export const READ_PACKAGE_INFO_SECURITY: RouteSecurity = {
+ authz: {
+ requiredPrivileges: [
+ {
+ anyRequired: [
+ FLEET_API_PRIVILEGES.INTEGRATIONS.READ,
+ FLEET_API_PRIVILEGES.SETUP,
+ FLEET_API_PRIVILEGES.FLEET.ALL,
+ ],
+ },
+ ],
+ },
+};
+
export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType) => {
const experimentalFeatures = parseExperimentalConfigValue(config.enableExperimental);
router.versioned
.get({
path: EPM_API_ROUTES.CATEGORIES_PATTERN,
- fleetAuthz: READ_PACKAGE_INFO_AUTHZ,
+ security: READ_PACKAGE_INFO_SECURITY,
summary: `Get package categories`,
options: {
tags: ['oas-tag:Elastic Package Manager (EPM)'],
@@ -128,7 +152,7 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType
router.versioned
.get({
path: EPM_API_ROUTES.LIST_PATTERN,
- fleetAuthz: READ_PACKAGE_INFO_AUTHZ,
+ security: READ_PACKAGE_INFO_SECURITY,
summary: `Get packages`,
options: {
tags: ['oas-tag:Elastic Package Manager (EPM)'],
@@ -155,7 +179,7 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType
router.versioned
.get({
path: EPM_API_ROUTES.INSTALLED_LIST_PATTERN,
- fleetAuthz: READ_PACKAGE_INFO_AUTHZ,
+ security: READ_PACKAGE_INFO_SECURITY,
summary: `Get installed packages`,
options: {
tags: ['oas-tag:Elastic Package Manager (EPM)'],
@@ -182,7 +206,7 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType
router.versioned
.get({
path: EPM_API_ROUTES.LIMITED_LIST_PATTERN,
- fleetAuthz: READ_PACKAGE_INFO_AUTHZ,
+ security: READ_PACKAGE_INFO_SECURITY,
summary: `Get a limited package list`,
options: {
tags: ['oas-tag:Elastic Package Manager (EPM)'],
@@ -209,7 +233,7 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType
router.versioned
.get({
path: EPM_API_ROUTES.STATS_PATTERN,
- fleetAuthz: READ_PACKAGE_INFO_AUTHZ,
+ security: READ_PACKAGE_INFO_SECURITY,
summary: `Get package stats`,
options: {
tags: ['oas-tag:Elastic Package Manager (EPM)'],
@@ -236,7 +260,7 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType
router.versioned
.get({
path: EPM_API_ROUTES.INPUTS_PATTERN,
- fleetAuthz: READ_PACKAGE_INFO_AUTHZ,
+ security: READ_PACKAGE_INFO_SECURITY,
summary: `Get an inputs template`,
options: {
tags: ['oas-tag:Elastic Package Manager (EPM)'],
@@ -263,7 +287,7 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType
router.versioned
.get({
path: EPM_API_ROUTES.FILEPATH_PATTERN,
- fleetAuthz: READ_PACKAGE_INFO_AUTHZ,
+ security: READ_PACKAGE_INFO_SECURITY,
summary: `Get a package file`,
options: {
tags: ['oas-tag:Elastic Package Manager (EPM)'],
@@ -290,6 +314,7 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType
router.versioned
.get({
path: EPM_API_ROUTES.INFO_PATTERN,
+ // TODO move to kibana authz https://github.com/elastic/kibana/issues/203170
fleetAuthz: (fleetAuthz: FleetAuthz): boolean =>
calculateRouteAuthz(fleetAuthz, getRouteRequiredAuthz('get', EPM_API_ROUTES.INFO_PATTERN))
.granted,
@@ -319,9 +344,7 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType
router.versioned
.put({
path: EPM_API_ROUTES.INFO_PATTERN,
- fleetAuthz: {
- integrations: { writePackageSettings: true },
- },
+ security: INSTALL_PACKAGES_SECURITY,
summary: `Update package settings`,
options: {
tags: ['oas-tag:Elastic Package Manager (EPM)'],
@@ -348,7 +371,7 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType
router.versioned
.post({
path: EPM_API_ROUTES.INSTALL_FROM_REGISTRY_PATTERN,
- fleetAuthz: INSTALL_PACKAGES_AUTHZ,
+ security: INSTALL_PACKAGES_SECURITY,
summary: `Install a package from the registry`,
options: {
tags: ['oas-tag:Elastic Package Manager (EPM)'],
@@ -376,9 +399,7 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType
router.versioned
.post({
path: EPM_API_ROUTES.INSTALL_KIBANA_ASSETS_PATTERN,
- fleetAuthz: {
- integrations: { installPackages: true },
- },
+ security: INSTALL_PACKAGES_SECURITY,
summary: `Install Kibana assets for a package`,
options: {
tags: ['oas-tag:Elastic Package Manager (EPM)'],
@@ -405,9 +426,7 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType
router.versioned
.delete({
path: EPM_API_ROUTES.DELETE_KIBANA_ASSETS_PATTERN,
- fleetAuthz: {
- integrations: { installPackages: true },
- },
+ security: INSTALL_PACKAGES_SECURITY,
summary: `Delete Kibana assets for a package`,
options: {
tags: ['oas-tag:Elastic Package Manager (EPM)'],
@@ -435,9 +454,7 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType
router.versioned
.post({
path: EPM_API_ROUTES.BULK_INSTALL_PATTERN,
- fleetAuthz: {
- integrations: { installPackages: true, upgradePackages: true },
- },
+ security: INSTALL_PACKAGES_SECURITY,
summary: `Bulk install packages`,
options: {
tags: ['oas-tag:Elastic Package Manager (EPM)'],
@@ -473,9 +490,7 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType
},
tags: [`oas-tag:Elastic Package Manager (EPM)`],
},
- fleetAuthz: {
- integrations: { uploadPackages: true },
- },
+ security: INSTALL_PACKAGES_SECURITY,
summary: `Install a package by upload`,
})
.addVersion(
@@ -499,7 +514,7 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType
router.versioned
.post({
path: EPM_API_ROUTES.CUSTOM_INTEGRATIONS_PATTERN,
- fleetAuthz: INSTALL_PACKAGES_AUTHZ,
+ security: INSTALL_PACKAGES_SECURITY,
summary: `Create a custom integration`,
options: {
tags: ['oas-tag:Elastic Package Manager (EPM)'],
@@ -526,8 +541,13 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType
router.versioned
.delete({
path: EPM_API_ROUTES.DELETE_PATTERN,
- fleetAuthz: {
- integrations: { removePackages: true },
+ security: {
+ authz: {
+ requiredPrivileges: [
+ FLEET_API_PRIVILEGES.INTEGRATIONS.ALL,
+ FLEET_API_PRIVILEGES.AGENT_POLICIES.ALL,
+ ],
+ },
},
summary: `Delete a package`,
options: {
@@ -556,7 +576,7 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType
router.versioned
.get({
path: EPM_API_ROUTES.VERIFICATION_KEY_ID,
- fleetAuthz: READ_PACKAGE_INFO_AUTHZ,
+ security: READ_PACKAGE_INFO_SECURITY,
summary: `Get a package signature verification key ID`,
options: {
tags: ['oas-tag:Elastic Package Manager (EPM)'],
@@ -583,7 +603,7 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType
router.versioned
.get({
path: EPM_API_ROUTES.DATA_STREAMS_PATTERN,
- fleetAuthz: READ_PACKAGE_INFO_AUTHZ,
+ security: READ_PACKAGE_INFO_SECURITY,
summary: `Get data streams`,
options: {
tags: ['oas-tag:Data streams'],
@@ -610,7 +630,7 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType
router.versioned
.post({
path: EPM_API_ROUTES.BULK_ASSETS_PATTERN,
- fleetAuthz: READ_PACKAGE_INFO_AUTHZ,
+ security: READ_PACKAGE_INFO_SECURITY,
summary: `Bulk get assets`,
options: {
tags: ['oas-tag:Elastic Package Manager (EPM)'],
@@ -639,6 +659,7 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType
router.versioned
.post({
path: EPM_API_ROUTES.REAUTHORIZE_TRANSFORMS,
+ // TODO move to kibana authz https://github.com/elastic/kibana/issues/203170
fleetAuthz: {
...INSTALL_PACKAGES_AUTHZ,
packagePrivileges: {
diff --git a/x-pack/platform/plugins/shared/fleet/server/routes/fleet_proxies/index.ts b/x-pack/platform/plugins/shared/fleet/server/routes/fleet_proxies/index.ts
index 1a5ad6ccc764d..09dc7c9800492 100644
--- a/x-pack/platform/plugins/shared/fleet/server/routes/fleet_proxies/index.ts
+++ b/x-pack/platform/plugins/shared/fleet/server/routes/fleet_proxies/index.ts
@@ -8,7 +8,7 @@ import { schema } from '@kbn/config-schema';
import type { FleetAuthzRouter } from '../../services/security';
import { API_VERSIONS } from '../../../common/constants';
-
+import { FLEET_API_PRIVILEGES } from '../../constants/api_privileges';
import { FLEET_PROXY_API_ROUTES } from '../../../common/constants';
import {
FleetProxyResponseSchema,
@@ -34,8 +34,10 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.get({
path: FLEET_PROXY_API_ROUTES.LIST_PATTERN,
- fleetAuthz: {
- fleet: { readSettings: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.SETTINGS.READ],
+ },
},
summary: `Get proxies`,
options: {
@@ -63,8 +65,10 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.post({
path: FLEET_PROXY_API_ROUTES.CREATE_PATTERN,
- fleetAuthz: {
- fleet: { allSettings: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.SETTINGS.ALL],
+ },
},
summary: `Create a proxy`,
options: {
@@ -92,8 +96,10 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.put({
path: FLEET_PROXY_API_ROUTES.UPDATE_PATTERN,
- fleetAuthz: {
- fleet: { allSettings: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.SETTINGS.ALL],
+ },
},
summary: `Update a proxy`,
description: `Update a proxy by ID.`,
@@ -122,8 +128,10 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.get({
path: FLEET_PROXY_API_ROUTES.INFO_PATTERN,
- fleetAuthz: {
- fleet: { readSettings: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.SETTINGS.READ],
+ },
},
summary: `Get a proxy`,
description: `Get a proxy by ID.`,
@@ -152,8 +160,10 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.delete({
path: FLEET_PROXY_API_ROUTES.DELETE_PATTERN,
- fleetAuthz: {
- fleet: { allSettings: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.SETTINGS.ALL],
+ },
},
summary: `Delete a proxy`,
description: `Delete a proxy by ID`,
diff --git a/x-pack/platform/plugins/shared/fleet/server/routes/fleet_server_hosts/index.ts b/x-pack/platform/plugins/shared/fleet/server/routes/fleet_server_hosts/index.ts
index 667a617659492..a57f6fe86e8e3 100644
--- a/x-pack/platform/plugins/shared/fleet/server/routes/fleet_server_hosts/index.ts
+++ b/x-pack/platform/plugins/shared/fleet/server/routes/fleet_server_hosts/index.ts
@@ -21,7 +21,7 @@ import {
} from '../../types';
import { genericErrorResponse } from '../schema/errors';
-
+import { FLEET_API_PRIVILEGES } from '../../constants/api_privileges';
import { ListResponseSchema } from '../schema/utils';
import {
@@ -36,8 +36,14 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.get({
path: FLEET_SERVER_HOST_API_ROUTES.LIST_PATTERN,
- fleetAuthz: (authz) => {
- return authz.fleet.addAgents || authz.fleet.addFleetServers || authz.fleet.readSettings;
+ security: {
+ authz: {
+ requiredPrivileges: [
+ {
+ anyRequired: [FLEET_API_PRIVILEGES.AGENTS.ALL, FLEET_API_PRIVILEGES.SETTINGS.READ],
+ },
+ ],
+ },
},
summary: `Get Fleet Server hosts`,
options: {
@@ -64,8 +70,10 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.post({
path: FLEET_SERVER_HOST_API_ROUTES.CREATE_PATTERN,
- fleetAuthz: {
- fleet: { allSettings: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.SETTINGS.ALL],
+ },
},
summary: `Create a Fleet Server host`,
options: {
@@ -92,8 +100,10 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.get({
path: FLEET_SERVER_HOST_API_ROUTES.INFO_PATTERN,
- fleetAuthz: {
- fleet: { readSettings: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.SETTINGS.READ],
+ },
},
summary: `Get a Fleet Server host`,
description: `Get a Fleet Server host by ID.`,
@@ -121,8 +131,10 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.delete({
path: FLEET_SERVER_HOST_API_ROUTES.DELETE_PATTERN,
- fleetAuthz: {
- fleet: { allSettings: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.SETTINGS.ALL],
+ },
},
summary: `Delete a Fleet Server host`,
description: `Delete a Fleet Server host by ID.`,
@@ -153,8 +165,10 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.put({
path: FLEET_SERVER_HOST_API_ROUTES.UPDATE_PATTERN,
- fleetAuthz: {
- fleet: { allSettings: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.SETTINGS.ALL],
+ },
},
summary: `Update a Fleet Server host`,
description: `Update a Fleet Server host by ID.`,
diff --git a/x-pack/platform/plugins/shared/fleet/server/routes/health_check/index.ts b/x-pack/platform/plugins/shared/fleet/server/routes/health_check/index.ts
index 008340d006829..daffc5552a190 100644
--- a/x-pack/platform/plugins/shared/fleet/server/routes/health_check/index.ts
+++ b/x-pack/platform/plugins/shared/fleet/server/routes/health_check/index.ts
@@ -7,7 +7,7 @@
import { API_VERSIONS } from '../../../common/constants';
import type { FleetAuthzRouter } from '../../services/security';
-
+import { FLEET_API_PRIVILEGES } from '../../constants/api_privileges';
import { APP_API_ROUTES } from '../../constants';
import { PostHealthCheckRequestSchema, PostHealthCheckResponseSchema } from '../../types';
import { genericErrorResponse } from '../schema/errors';
@@ -19,8 +19,10 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.post({
path: APP_API_ROUTES.HEALTH_CHECK_PATTERN,
- fleetAuthz: {
- fleet: { allSettings: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.SETTINGS.ALL],
+ },
},
summary: `Check Fleet Server health`,
options: {
diff --git a/x-pack/platform/plugins/shared/fleet/server/routes/message_signing_service/index.ts b/x-pack/platform/plugins/shared/fleet/server/routes/message_signing_service/index.ts
index 645e7070f901a..470ba0531bba2 100644
--- a/x-pack/platform/plugins/shared/fleet/server/routes/message_signing_service/index.ts
+++ b/x-pack/platform/plugins/shared/fleet/server/routes/message_signing_service/index.ts
@@ -10,6 +10,7 @@ import type { FleetAuthzRouter } from '../../services/security';
import { API_VERSIONS } from '../../../common/constants';
import { MESSAGE_SIGNING_SERVICE_API_ROUTES } from '../../constants';
import { RotateKeyPairSchema } from '../../types';
+import { FLEET_API_PRIVILEGES } from '../../constants/api_privileges';
import { genericErrorResponse } from '../schema/errors';
@@ -20,8 +21,14 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.post({
path: MESSAGE_SIGNING_SERVICE_API_ROUTES.ROTATE_KEY_PAIR,
- fleetAuthz: {
- fleet: { all: true },
+ security: {
+ authz: {
+ requiredPrivileges: [
+ FLEET_API_PRIVILEGES.AGENTS.ALL,
+ FLEET_API_PRIVILEGES.AGENT_POLICIES.ALL,
+ FLEET_API_PRIVILEGES.SETTINGS.ALL,
+ ],
+ },
},
summary: 'Rotate a Fleet message signing key pair',
options: {
diff --git a/x-pack/platform/plugins/shared/fleet/server/routes/output/index.ts b/x-pack/platform/plugins/shared/fleet/server/routes/output/index.ts
index dd89eaabf396b..b8b874b10eaaa 100644
--- a/x-pack/platform/plugins/shared/fleet/server/routes/output/index.ts
+++ b/x-pack/platform/plugins/shared/fleet/server/routes/output/index.ts
@@ -8,7 +8,7 @@
import type { FleetAuthzRouter } from '../../services/security';
import { API_VERSIONS } from '../../../common/constants';
-
+import { FLEET_API_PRIVILEGES } from '../../constants/api_privileges';
import { OUTPUT_API_ROUTES } from '../../constants';
import {
DeleteOutputRequestSchema,
@@ -40,8 +40,17 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.get({
path: OUTPUT_API_ROUTES.LIST_PATTERN,
- fleetAuthz: (authz) => {
- return authz.fleet.readSettings || authz.fleet.readAgentPolicies;
+ security: {
+ authz: {
+ requiredPrivileges: [
+ {
+ anyRequired: [
+ FLEET_API_PRIVILEGES.SETTINGS.READ,
+ FLEET_API_PRIVILEGES.AGENT_POLICIES.READ,
+ ],
+ },
+ ],
+ },
},
summary: 'Get outputs',
options: {
@@ -68,8 +77,17 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.get({
path: OUTPUT_API_ROUTES.INFO_PATTERN,
- fleetAuthz: (authz) => {
- return authz.fleet.readSettings || authz.fleet.readAgentPolicies;
+ security: {
+ authz: {
+ requiredPrivileges: [
+ {
+ anyRequired: [
+ FLEET_API_PRIVILEGES.SETTINGS.READ,
+ FLEET_API_PRIVILEGES.AGENT_POLICIES.READ,
+ ],
+ },
+ ],
+ },
},
summary: 'Get output',
description: 'Get output by ID.',
@@ -97,8 +115,17 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.put({
path: OUTPUT_API_ROUTES.UPDATE_PATTERN,
- fleetAuthz: (authz) => {
- return authz.fleet.allSettings || authz.fleet.allAgentPolicies;
+ security: {
+ authz: {
+ requiredPrivileges: [
+ {
+ anyRequired: [
+ FLEET_API_PRIVILEGES.SETTINGS.ALL,
+ FLEET_API_PRIVILEGES.AGENT_POLICIES.ALL,
+ ],
+ },
+ ],
+ },
},
summary: 'Update output',
description: 'Update output by ID.',
@@ -127,8 +154,10 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.post({
path: OUTPUT_API_ROUTES.CREATE_PATTERN,
- fleetAuthz: {
- fleet: { allSettings: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.SETTINGS.ALL],
+ },
},
summary: 'Create output',
options: {
@@ -156,8 +185,10 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.delete({
path: OUTPUT_API_ROUTES.DELETE_PATTERN,
- fleetAuthz: {
- fleet: { allSettings: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.SETTINGS.ALL],
+ },
},
summary: 'Delete output',
description: 'Delete output by ID.',
@@ -189,8 +220,10 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.post({
path: OUTPUT_API_ROUTES.LOGSTASH_API_KEY_PATTERN,
- fleetAuthz: {
- fleet: { allSettings: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.SETTINGS.ALL],
+ },
},
summary: 'Generate a Logstash API key',
options: {
@@ -218,8 +251,10 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.get({
path: OUTPUT_API_ROUTES.GET_OUTPUT_HEALTH_PATTERN,
- fleetAuthz: {
- fleet: { readSettings: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.SETTINGS.READ],
+ },
},
summary: 'Get the latest output health',
options: {
diff --git a/x-pack/platform/plugins/shared/fleet/server/routes/package_policy/index.ts b/x-pack/platform/plugins/shared/fleet/server/routes/package_policy/index.ts
index 8a547f4127f97..6252a362b12d2 100644
--- a/x-pack/platform/plugins/shared/fleet/server/routes/package_policy/index.ts
+++ b/x-pack/platform/plugins/shared/fleet/server/routes/package_policy/index.ts
@@ -7,9 +7,8 @@
import { schema } from '@kbn/config-schema';
import { getRouteRequiredAuthz } from '../../services/security';
-
+import { FLEET_API_PRIVILEGES } from '../../constants/api_privileges';
import type { FleetAuthzRouter } from '../../services/security';
-
import type { FleetAuthz } from '../../../common';
import { API_VERSIONS } from '../../../common/constants';
import { PACKAGE_POLICY_API_ROUTES } from '../../constants';
@@ -56,6 +55,7 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.get({
path: PACKAGE_POLICY_API_ROUTES.LIST_PATTERN,
+ // TODO move to kibana authz https://github.com/elastic/kibana/issues/203170
fleetAuthz: (fleetAuthz: FleetAuthz): boolean =>
calculateRouteAuthz(
fleetAuthz,
@@ -88,6 +88,7 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.post({
path: PACKAGE_POLICY_API_ROUTES.BULK_GET_PATTERN,
+ // TODO move to kibana authz https://github.com/elastic/kibana/issues/203170
fleetAuthz: (fleetAuthz: FleetAuthz): boolean =>
calculateRouteAuthz(
fleetAuthz,
@@ -123,6 +124,7 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.get({
path: PACKAGE_POLICY_API_ROUTES.INFO_PATTERN,
+ // TODO move to kibana authz https://github.com/elastic/kibana/issues/203170
fleetAuthz: (fleetAuthz: FleetAuthz): boolean =>
calculateRouteAuthz(
fleetAuthz,
@@ -218,6 +220,7 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.put({
path: PACKAGE_POLICY_API_ROUTES.UPDATE_PATTERN,
+ // TODO move to kibana authz https://github.com/elastic/kibana/issues/203170
fleetAuthz: (fleetAuthz: FleetAuthz): boolean =>
calculateRouteAuthz(
fleetAuthz,
@@ -258,8 +261,13 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.post({
path: PACKAGE_POLICY_API_ROUTES.DELETE_PATTERN,
- fleetAuthz: {
- integrations: { writeIntegrationPolicies: true },
+ security: {
+ authz: {
+ requiredPrivileges: [
+ FLEET_API_PRIVILEGES.AGENT_POLICIES.ALL,
+ FLEET_API_PRIVILEGES.INTEGRATIONS.ALL,
+ ],
+ },
},
summary: 'Bulk delete package policies',
options: {
@@ -287,8 +295,13 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.delete({
path: PACKAGE_POLICY_API_ROUTES.INFO_PATTERN,
- fleetAuthz: {
- integrations: { writeIntegrationPolicies: true },
+ security: {
+ authz: {
+ requiredPrivileges: [
+ FLEET_API_PRIVILEGES.AGENT_POLICIES.ALL,
+ FLEET_API_PRIVILEGES.INTEGRATIONS.ALL,
+ ],
+ },
},
summary: 'Delete a package policy',
description: 'Delete a package policy by ID.',
@@ -318,8 +331,13 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.post({
path: PACKAGE_POLICY_API_ROUTES.UPGRADE_PATTERN,
- fleetAuthz: {
- integrations: { writeIntegrationPolicies: true },
+ security: {
+ authz: {
+ requiredPrivileges: [
+ FLEET_API_PRIVILEGES.AGENT_POLICIES.ALL,
+ FLEET_API_PRIVILEGES.INTEGRATIONS.ALL,
+ ],
+ },
},
summary: 'Upgrade a package policy',
description: 'Upgrade a package policy to a newer package version.',
@@ -349,8 +367,13 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
router.versioned
.post({
path: PACKAGE_POLICY_API_ROUTES.DRYRUN_PATTERN,
- fleetAuthz: {
- integrations: { readIntegrationPolicies: true },
+ security: {
+ authz: {
+ requiredPrivileges: [
+ FLEET_API_PRIVILEGES.AGENT_POLICIES.READ,
+ FLEET_API_PRIVILEGES.INTEGRATIONS.READ,
+ ],
+ },
},
summary: 'Dry run a package policy upgrade',
options: {
diff --git a/x-pack/platform/plugins/shared/fleet/server/routes/preconfiguration/index.ts b/x-pack/platform/plugins/shared/fleet/server/routes/preconfiguration/index.ts
index c62c86953acaa..0438050f43741 100644
--- a/x-pack/platform/plugins/shared/fleet/server/routes/preconfiguration/index.ts
+++ b/x-pack/platform/plugins/shared/fleet/server/routes/preconfiguration/index.ts
@@ -9,6 +9,7 @@ import type { FleetAuthzRouter } from '../../services/security';
import { API_VERSIONS } from '../../../common/constants';
+import { FLEET_API_PRIVILEGES } from '../../constants/api_privileges';
import { PRECONFIGURATION_API_ROUTES } from '../../constants';
import { PostResetOnePreconfiguredAgentPoliciesSchema } from '../../types';
@@ -19,8 +20,15 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
.post({
path: PRECONFIGURATION_API_ROUTES.RESET_PATTERN,
access: 'public',
- fleetAuthz: {
- fleet: { all: true },
+ security: {
+ authz: {
+ requiredPrivileges: [
+ FLEET_API_PRIVILEGES.AGENTS.ALL,
+ FLEET_API_PRIVILEGES.AGENT_POLICIES.ALL,
+ FLEET_API_PRIVILEGES.SETTINGS.ALL,
+ FLEET_API_PRIVILEGES.INTEGRATIONS.READ,
+ ],
+ },
},
})
.addVersion(
@@ -35,8 +43,15 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
.post({
path: PRECONFIGURATION_API_ROUTES.RESET_ONE_PATTERN,
access: 'public',
- fleetAuthz: {
- fleet: { all: true },
+ security: {
+ authz: {
+ requiredPrivileges: [
+ FLEET_API_PRIVILEGES.AGENTS.ALL,
+ FLEET_API_PRIVILEGES.AGENT_POLICIES.ALL,
+ FLEET_API_PRIVILEGES.SETTINGS.ALL,
+ FLEET_API_PRIVILEGES.INTEGRATIONS.READ,
+ ],
+ },
},
})
.addVersion(
diff --git a/x-pack/platform/plugins/shared/fleet/server/routes/settings/index.ts b/x-pack/platform/plugins/shared/fleet/server/routes/settings/index.ts
index 04e6c2a955634..c307fce8aa900 100644
--- a/x-pack/platform/plugins/shared/fleet/server/routes/settings/index.ts
+++ b/x-pack/platform/plugins/shared/fleet/server/routes/settings/index.ts
@@ -20,7 +20,7 @@ import {
GetEnrollmentSettingsResponseSchema,
} from '../../types';
import type { FleetConfigType } from '../../config';
-
+import { FLEET_API_PRIVILEGES } from '../../constants/api_privileges';
import { genericErrorResponse, notFoundResponse } from '../schema/errors';
import { getEnrollmentSettingsHandler } from './enrollment_settings_handler';
@@ -39,6 +39,7 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType
.get({
path: SETTINGS_API_ROUTES.SPACE_INFO_PATTERN,
fleetAuthz: (authz) => {
+ // TODO move to kibana authz https://github.com/elastic/kibana/issues/203170
return (
authz.fleet.readSettings ||
authz.integrations.writeIntegrationPolicies ||
@@ -65,8 +66,10 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType
router.versioned
.put({
path: SETTINGS_API_ROUTES.SPACE_UPDATE_PATTERN,
- fleetAuthz: {
- fleet: { allSettings: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.SETTINGS.ALL],
+ },
},
summary: `Create space settings`,
})
@@ -89,8 +92,10 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType
router.versioned
.get({
path: SETTINGS_API_ROUTES.INFO_PATTERN,
- fleetAuthz: {
- fleet: { readSettings: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.SETTINGS.READ],
+ },
},
summary: `Get settings`,
options: {
@@ -120,8 +125,10 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType
router.versioned
.put({
path: SETTINGS_API_ROUTES.UPDATE_PATTERN,
- fleetAuthz: {
- fleet: { allSettings: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.SETTINGS.ALL],
+ },
},
summary: `Update settings`,
options: {
@@ -151,8 +158,10 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType
router.versioned
.get({
path: SETTINGS_API_ROUTES.ENROLLMENT_INFO_PATTERN,
- fleetAuthz: (authz) => {
- return authz.fleet.addAgents || authz.fleet.addFleetServers;
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.AGENTS.ALL],
+ },
},
summary: `Get enrollment settings`,
options: {
diff --git a/x-pack/platform/plugins/shared/fleet/server/routes/setup/index.ts b/x-pack/platform/plugins/shared/fleet/server/routes/setup/index.ts
index 2f41ff7eb6878..1dff6368735e9 100644
--- a/x-pack/platform/plugins/shared/fleet/server/routes/setup/index.ts
+++ b/x-pack/platform/plugins/shared/fleet/server/routes/setup/index.ts
@@ -7,7 +7,7 @@
import { schema } from '@kbn/config-schema';
import type { FleetAuthzRouter } from '../../services/security';
-
+import { FLEET_API_PRIVILEGES } from '../../constants/api_privileges';
import { AGENTS_SETUP_API_ROUTES, SETUP_API_ROUTE } from '../../constants';
import { API_VERSIONS } from '../../../common/constants';
@@ -39,8 +39,19 @@ export const registerFleetSetupRoute = (router: FleetAuthzRouter) => {
router.versioned
.post({
path: SETUP_API_ROUTE,
- fleetAuthz: {
- fleet: { setup: true },
+ security: {
+ authz: {
+ requiredPrivileges: [
+ {
+ anyRequired: [
+ FLEET_API_PRIVILEGES.AGENTS.READ,
+ FLEET_API_PRIVILEGES.AGENT_POLICIES.READ,
+ FLEET_API_PRIVILEGES.SETTINGS.READ,
+ FLEET_API_PRIVILEGES.SETUP,
+ ],
+ },
+ ],
+ },
},
summary: `Initiate Fleet setup`,
options: {
@@ -101,8 +112,19 @@ export const registerCreateFleetSetupRoute = (router: FleetAuthzRouter) => {
router.versioned
.post({
path: AGENTS_SETUP_API_ROUTES.CREATE_PATTERN,
- fleetAuthz: {
- fleet: { setup: true },
+ security: {
+ authz: {
+ requiredPrivileges: [
+ {
+ anyRequired: [
+ FLEET_API_PRIVILEGES.AGENTS.READ,
+ FLEET_API_PRIVILEGES.AGENT_POLICIES.READ,
+ FLEET_API_PRIVILEGES.SETTINGS.READ,
+ FLEET_API_PRIVILEGES.SETUP,
+ ],
+ },
+ ],
+ },
},
summary: `Initiate agent setup`,
options: {
@@ -132,8 +154,19 @@ export const registerGetFleetStatusRoute = (router: FleetAuthzRouter) => {
router.versioned
.get({
path: AGENTS_SETUP_API_ROUTES.INFO_PATTERN,
- fleetAuthz: {
- fleet: { setup: true },
+ security: {
+ authz: {
+ requiredPrivileges: [
+ {
+ anyRequired: [
+ FLEET_API_PRIVILEGES.AGENTS.READ,
+ FLEET_API_PRIVILEGES.AGENT_POLICIES.READ,
+ FLEET_API_PRIVILEGES.SETTINGS.READ,
+ FLEET_API_PRIVILEGES.SETUP,
+ ],
+ },
+ ],
+ },
},
summary: `Get agent setup info`,
options: {
diff --git a/x-pack/platform/plugins/shared/fleet/server/routes/standalone_agent_api_key/index.ts b/x-pack/platform/plugins/shared/fleet/server/routes/standalone_agent_api_key/index.ts
index f0103c23e65dd..6014e6ea42a51 100644
--- a/x-pack/platform/plugins/shared/fleet/server/routes/standalone_agent_api_key/index.ts
+++ b/x-pack/platform/plugins/shared/fleet/server/routes/standalone_agent_api_key/index.ts
@@ -10,7 +10,7 @@ import type { FleetAuthzRouter } from '../../services/security';
import { API_VERSIONS } from '../../../common/constants';
import { CREATE_STANDALONE_AGENT_API_KEY_ROUTE } from '../../constants';
-
+import { FLEET_API_PRIVILEGES } from '../../constants/api_privileges';
import { PostStandaloneAgentAPIKeyRequestSchema } from '../../types';
import { createStandaloneAgentApiKeyHandler } from './handler';
@@ -20,8 +20,10 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
.post({
path: CREATE_STANDALONE_AGENT_API_KEY_ROUTE,
access: 'internal',
- fleetAuthz: {
- fleet: { addAgents: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.AGENTS.ALL],
+ },
},
})
.addVersion(
diff --git a/x-pack/platform/plugins/shared/fleet/server/routes/uninstall_token/index.ts b/x-pack/platform/plugins/shared/fleet/server/routes/uninstall_token/index.ts
index 3c5e25d414b27..9710a657ca232 100644
--- a/x-pack/platform/plugins/shared/fleet/server/routes/uninstall_token/index.ts
+++ b/x-pack/platform/plugins/shared/fleet/server/routes/uninstall_token/index.ts
@@ -7,7 +7,7 @@
import { UNINSTALL_TOKEN_ROUTES, API_VERSIONS } from '../../../common/constants';
import type { FleetConfigType } from '../../config';
-
+import { FLEET_API_PRIVILEGES } from '../../constants/api_privileges';
import type { FleetAuthzRouter } from '../../services/security';
import {
GetUninstallTokenRequestSchema,
@@ -28,8 +28,10 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType
router.versioned
.get({
path: UNINSTALL_TOKEN_ROUTES.LIST_PATTERN,
- fleetAuthz: {
- fleet: { allAgents: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.AGENTS.ALL],
+ },
},
summary: 'Get metadata for latest uninstall tokens',
description: 'List the metadata for the latest uninstall tokens per agent policy.',
@@ -58,8 +60,10 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType
router.versioned
.get({
path: UNINSTALL_TOKEN_ROUTES.INFO_PATTERN,
- fleetAuthz: {
- fleet: { allAgents: true },
+ security: {
+ authz: {
+ requiredPrivileges: [FLEET_API_PRIVILEGES.AGENTS.ALL],
+ },
},
summary: 'Get a decrypted uninstall token',
description: 'Get one decrypted uninstall token by its ID.',
diff --git a/x-pack/platform/plugins/shared/fleet/server/services/package_policy.ts b/x-pack/platform/plugins/shared/fleet/server/services/package_policy.ts
index 32ec4c90b4319..3ff369994c5c7 100644
--- a/x-pack/platform/plugins/shared/fleet/server/services/package_policy.ts
+++ b/x-pack/platform/plugins/shared/fleet/server/services/package_policy.ts
@@ -152,6 +152,7 @@ import type { PackagePolicyClientFetchAllItemIdsOptions } from './package_policy
import { validatePolicyNamespaceForSpace } from './spaces/policy_namespaces';
import { isSpaceAwarenessEnabled, isSpaceAwarenessMigrationPending } from './spaces/helpers';
import { updatePackagePolicySpaces } from './spaces/package_policy';
+import { runWithCache } from './epm/packages/cache';
export type InputsOverride = Partial & {
vars?: Array;
@@ -1694,40 +1695,42 @@ class PackagePolicyClientImpl implements PackagePolicyClient {
packagePolicy?: PackagePolicy,
pkgVersion?: string
): Promise {
- const result: UpgradePackagePolicyResponse = [];
+ return runWithCache(async () => {
+ const result: UpgradePackagePolicyResponse = [];
- for (const id of ids) {
- try {
- const {
- packagePolicy: currentPackagePolicy,
- packageInfo,
- experimentalDataStreamFeatures,
- } = await this.getUpgradePackagePolicyInfo(soClient, id, packagePolicy, pkgVersion);
-
- if (currentPackagePolicy.is_managed && !options?.force) {
- throw new PackagePolicyRestrictionRelatedError(`Cannot upgrade package policy ${id}`);
- }
+ for (const id of ids) {
+ try {
+ const {
+ packagePolicy: currentPackagePolicy,
+ packageInfo,
+ experimentalDataStreamFeatures,
+ } = await this.getUpgradePackagePolicyInfo(soClient, id, packagePolicy, pkgVersion);
+
+ if (currentPackagePolicy.is_managed && !options?.force) {
+ throw new PackagePolicyRestrictionRelatedError(`Cannot upgrade package policy ${id}`);
+ }
- await this.doUpgrade(
- soClient,
- esClient,
- id,
- currentPackagePolicy,
- result,
- packageInfo,
- experimentalDataStreamFeatures,
- options
- );
- } catch (error) {
- result.push({
- id,
- success: false,
- ...fleetErrorToResponseOptions(error),
- });
+ await this.doUpgrade(
+ soClient,
+ esClient,
+ id,
+ currentPackagePolicy,
+ result,
+ packageInfo,
+ experimentalDataStreamFeatures,
+ options
+ );
+ } catch (error) {
+ result.push({
+ id,
+ success: false,
+ ...fleetErrorToResponseOptions(error),
+ });
+ }
}
- }
- return result;
+ return result;
+ });
}
private async doUpgrade(
diff --git a/x-pack/platform/plugins/shared/fleet/server/services/security/fleet_router.ts b/x-pack/platform/plugins/shared/fleet/server/services/security/fleet_router.ts
index b727fa5ec68d1..bf637a5b1faf4 100644
--- a/x-pack/platform/plugins/shared/fleet/server/services/security/fleet_router.ts
+++ b/x-pack/platform/plugins/shared/fleet/server/services/security/fleet_router.ts
@@ -52,7 +52,7 @@ function withDefaultPublicAccess(
return {
...options,
access: PUBLIC_API_ACCESS,
- security: DEFAULT_FLEET_ROUTE_SECURITY,
+ security: options.security ? options.security : DEFAULT_FLEET_ROUTE_SECURITY,
};
}
}