Authz info for a number of REST api routes owned by Kibana Management…

… team (#204682) ## Summary Part of #204681 Simply adding authz info
elastic · Dec 27, 2024 · 2a63063 · 2a63063
1 parent 04ff8aa
commit 2a63063
Show file tree

Hide file tree

Showing 116 changed files with 964 additions and 70 deletions.
diff --git a/.../cross_cluster_replication/server/routes/api/auto_follow_pattern/register_create_route.ts b/.../cross_cluster_replication/server/routes/api/auto_follow_pattern/register_create_route.ts
@@ -29,6 +29,12 @@ export const registerCreateRoute = ({
   router.post(
     {
       path: addBasePath('/auto_follow_patterns'),
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'Relies on es client for authorization',
+        },
+      },
       validate: {
         body: bodySchema,
       },

diff --git a/.../cross_cluster_replication/server/routes/api/auto_follow_pattern/register_delete_route.ts b/.../cross_cluster_replication/server/routes/api/auto_follow_pattern/register_delete_route.ts
@@ -25,6 +25,12 @@ export const registerDeleteRoute = ({
   router.delete(
     {
       path: addBasePath('/auto_follow_patterns/{id}'),
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'Relies on es client for authorization',
+        },
+      },
       validate: {
         params: paramsSchema,
       },

diff --git a/...e/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_fetch_route.ts b/...e/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_fetch_route.ts
@@ -20,6 +20,12 @@ export const registerFetchRoute = ({
   router.get(
     {
       path: addBasePath('/auto_follow_patterns'),
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'Relies on es client for authorization',
+        },
+      },
       validate: false,
     },
     license.guardApiRoute(async (context, request, response) => {

diff --git a/...ate/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_get_route.ts b/...ate/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_get_route.ts
@@ -26,6 +26,12 @@ export const registerGetRoute = ({
   router.get(
     {
       path: addBasePath('/auto_follow_patterns/{id}'),
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'Relies on es client for authorization',
+        },
+      },
       validate: {
         params: paramsSchema,
       },

diff --git a/...e/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_pause_route.ts b/...e/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_pause_route.ts
@@ -24,6 +24,12 @@ export const registerPauseRoute = ({
   router.post(
     {
       path: addBasePath('/auto_follow_patterns/{id}/pause'),
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'Relies on es client for authorization',
+        },
+      },
       validate: {
         params: paramsSchema,
       },

diff --git a/.../cross_cluster_replication/server/routes/api/auto_follow_pattern/register_resume_route.ts b/.../cross_cluster_replication/server/routes/api/auto_follow_pattern/register_resume_route.ts
@@ -24,6 +24,12 @@ export const registerResumeRoute = ({
   router.post(
     {
       path: addBasePath('/auto_follow_patterns/{id}/resume'),
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'Relies on es client for authorization',
+        },
+      },
       validate: {
         params: paramsSchema,
       },

diff --git a/.../cross_cluster_replication/server/routes/api/auto_follow_pattern/register_update_route.ts b/.../cross_cluster_replication/server/routes/api/auto_follow_pattern/register_update_route.ts
@@ -33,6 +33,12 @@ export const registerUpdateRoute = ({
   router.put(
     {
       path: addBasePath('/auto_follow_patterns/{id}'),
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'Relies on es client for authorization',
+        },
+      },
       validate: {
         params: paramsSchema,
         body: bodySchema,

diff --git a/...ter_replication/server/routes/api/cross_cluster_replication/register_permissions_route.ts b/...ter_replication/server/routes/api/cross_cluster_replication/register_permissions_route.ts
@@ -19,6 +19,12 @@ export const registerPermissionsRoute = ({
   router.get(
     {
       path: addBasePath('/permissions'),
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'Relies on es client for authorization',
+        },
+      },
       validate: false,
     },
     license.guardApiRoute(async (context, request, response) => {

diff --git a/...s_cluster_replication/server/routes/api/cross_cluster_replication/register_stats_route.ts b/...s_cluster_replication/server/routes/api/cross_cluster_replication/register_stats_route.ts
@@ -20,6 +20,12 @@ export const registerStatsRoute = ({
   router.get(
     {
       path: addBasePath('/stats/auto_follow'),
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'Relies on es client for authorization',
+        },
+      },
       validate: false,
     },
     license.guardApiRoute(async (context, request, response) => {

diff --git a/...ivate/cross_cluster_replication/server/routes/api/follower_index/register_create_route.ts b/...ivate/cross_cluster_replication/server/routes/api/follower_index/register_create_route.ts
@@ -39,6 +39,12 @@ export const registerCreateRoute = ({
   router.post(
     {
       path: addBasePath('/follower_indices'),
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'Relies on es client for authorization',
+        },
+      },
       validate: {
         body: bodySchema,
       },

diff --git a/...rivate/cross_cluster_replication/server/routes/api/follower_index/register_fetch_route.ts b/...rivate/cross_cluster_replication/server/routes/api/follower_index/register_fetch_route.ts
@@ -20,6 +20,12 @@ export const registerFetchRoute = ({
   router.get(
     {
       path: addBasePath('/follower_indices'),
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'Relies on es client for authorization',
+        },
+      },
       validate: false,
     },
     license.guardApiRoute(async (context, request, response) => {

diff --git a/.../private/cross_cluster_replication/server/routes/api/follower_index/register_get_route.ts b/.../private/cross_cluster_replication/server/routes/api/follower_index/register_get_route.ts
@@ -25,6 +25,12 @@ export const registerGetRoute = ({
   router.get(
     {
       path: addBasePath('/follower_indices/{id}'),
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'Relies on es client for authorization',
+        },
+      },
       validate: {
         params: paramsSchema,
       },

diff --git a/...rivate/cross_cluster_replication/server/routes/api/follower_index/register_pause_route.ts b/...rivate/cross_cluster_replication/server/routes/api/follower_index/register_pause_route.ts
@@ -22,6 +22,12 @@ export const registerPauseRoute = ({
   router.put(
     {
       path: addBasePath('/follower_indices/{id}/pause'),
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'Relies on es client for authorization',
+        },
+      },
       validate: {
         params: paramsSchema,
       },

diff --git a/...ivate/cross_cluster_replication/server/routes/api/follower_index/register_resume_route.ts b/...ivate/cross_cluster_replication/server/routes/api/follower_index/register_resume_route.ts
@@ -22,6 +22,12 @@ export const registerResumeRoute = ({
   router.put(
     {
       path: addBasePath('/follower_indices/{id}/resume'),
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'Relies on es client for authorization',
+        },
+      },
       validate: {
         params: paramsSchema,
       },

diff --git a/...ate/cross_cluster_replication/server/routes/api/follower_index/register_unfollow_route.ts b/...ate/cross_cluster_replication/server/routes/api/follower_index/register_unfollow_route.ts
@@ -22,6 +22,12 @@ export const registerUnfollowRoute = ({
   router.put(
     {
       path: addBasePath('/follower_indices/{id}/unfollow'),
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'Relies on es client for authorization',
+        },
+      },
       validate: {
         params: paramsSchema,
       },

diff --git a/...ivate/cross_cluster_replication/server/routes/api/follower_index/register_update_route.ts b/...ivate/cross_cluster_replication/server/routes/api/follower_index/register_update_route.ts
@@ -38,6 +38,12 @@ export const registerUpdateRoute = ({
   router.put(
     {
       path: addBasePath('/follower_indices/{id}'),
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'Relies on es client for authorization',
+        },
+      },
       validate: {
         params: paramsSchema,
         body: bodySchema,

diff --git a/...ugins/private/grokdebugger/server/routes/api/grokdebugger/register_grok_simulate_route.ts b/...ugins/private/grokdebugger/server/routes/api/grokdebugger/register_grok_simulate_route.ts
@@ -26,6 +26,12 @@ export function registerGrokSimulateRoute(framework: KibanaFramework) {
     {
       method: 'post',
       path: '/api/grokdebugger/simulate',
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'Relies on es client for authorization',
+        },
+      },
       validate: {
         body: requestBodySchema,
       },

diff --git a/...s/private/index_lifecycle_management/server/routes/api/index/register_add_policy_route.ts b/...s/private/index_lifecycle_management/server/routes/api/index/register_add_policy_route.ts
@@ -39,7 +39,16 @@ export function registerAddPolicyRoute({
   lib: { handleEsError },
 }: RouteDependencies) {
   router.post(
-    { path: addBasePath('/index/add'), validate: { body: bodySchema } },
+    {
+      path: addBasePath('/index/add'),
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'Relies on es client for authorization',
+        },
+      },
+      validate: { body: bodySchema },
+    },
     license.guardApiRoute(async (context, request, response) => {
       const body = request.body as typeof bodySchema.type;
       const { indexName, policyName, alias = '' } = body;

diff --git a/...ugins/private/index_lifecycle_management/server/routes/api/index/register_remove_route.ts b/...ugins/private/index_lifecycle_management/server/routes/api/index/register_remove_route.ts
@@ -33,7 +33,16 @@ export function registerRemoveRoute({
   lib: { handleEsError },
 }: RouteDependencies) {
   router.post(
-    { path: addBasePath('/index/remove'), validate: { body: bodySchema } },
+    {
+      path: addBasePath('/index/remove'),
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'Relies on es client for authorization',
+        },
+      },
+      validate: { body: bodySchema },
+    },
     license.guardApiRoute(async (context, request, response) => {
       const body = request.body as typeof bodySchema.type;
       const { indexNames } = body;

diff --git a/...lugins/private/index_lifecycle_management/server/routes/api/index/register_retry_route.ts b/...lugins/private/index_lifecycle_management/server/routes/api/index/register_retry_route.ts
@@ -30,7 +30,16 @@ const bodySchema = schema.object({
 
 export function registerRetryRoute({ router, license, lib: { handleEsError } }: RouteDependencies) {
   router.post(
-    { path: addBasePath('/index/retry'), validate: { body: bodySchema } },
+    {
+      path: addBasePath('/index/retry'),
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'Relies on es client for authorization',
+        },
+      },
+      validate: { body: bodySchema },
+    },
     license.guardApiRoute(async (context, request, response) => {
       const body = request.body as typeof bodySchema.type;
       const { indexNames } = body;

diff --git a/...gins/private/index_lifecycle_management/server/routes/api/nodes/register_details_route.ts b/...gins/private/index_lifecycle_management/server/routes/api/nodes/register_details_route.ts
@@ -36,7 +36,16 @@ export function registerDetailsRoute({
   lib: { handleEsError },
 }: RouteDependencies) {
   router.get(
-    { path: addBasePath('/nodes/{nodeAttrs}/details'), validate: { params: paramsSchema } },
+    {
+      path: addBasePath('/nodes/{nodeAttrs}/details'),
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'Relies on es client for authorization',
+        },
+      },
+      validate: { params: paramsSchema },
+    },
     license.guardApiRoute(async (context, request, response) => {
       const params = request.params as typeof paramsSchema.type;
       const { nodeAttrs } = params;

diff --git a/...plugins/private/index_lifecycle_management/server/routes/api/nodes/register_list_route.ts b/...plugins/private/index_lifecycle_management/server/routes/api/nodes/register_list_route.ts
@@ -85,7 +85,16 @@ export function registerListRoute({
   const disallowedNodeAttributes = [...NODE_ATTRS_KEYS_TO_IGNORE, ...filteredNodeAttributes];
 
   router.get(
-    { path: addBasePath('/nodes/list'), validate: false },
+    {
+      path: addBasePath('/nodes/list'),
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'Relies on es client for authorization',
+        },
+      },
+      validate: false,
+    },
     license.guardApiRoute(async (context, request, response) => {
       try {
         const esClient = (await context.core).elasticsearch.client;

diff --git a/...ns/private/index_lifecycle_management/server/routes/api/policies/register_create_route.ts b/...ns/private/index_lifecycle_management/server/routes/api/policies/register_create_route.ts
@@ -50,7 +50,16 @@ export function registerCreateRoute({
   lib: { handleEsError },
 }: RouteDependencies) {
   router.post(
-    { path: addBasePath('/policies'), validate: { body: bodySchema } },
+    {
+      path: addBasePath('/policies'),
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'Relies on es client for authorization',
+        },
+      },
+      validate: { body: bodySchema },
+    },
     license.guardApiRoute(async (context, request, response) => {
       const body = request.body as typeof bodySchema.type;
       const { name, ...rest } = body;

diff --git a/...ns/private/index_lifecycle_management/server/routes/api/policies/register_delete_route.ts b/...ns/private/index_lifecycle_management/server/routes/api/policies/register_delete_route.ts
@@ -30,7 +30,16 @@ export function registerDeleteRoute({
   lib: { handleEsError },
 }: RouteDependencies) {
   router.delete(
-    { path: addBasePath('/policies/{policyNames}'), validate: { params: paramsSchema } },
+    {
+      path: addBasePath('/policies/{policyNames}'),
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'Relies on es client for authorization',
+        },
+      },
+      validate: { params: paramsSchema },
+    },
     license.guardApiRoute(async (context, request, response) => {
       const params = request.params as typeof paramsSchema.type;
       const { policyNames } = params;

diff --git a/...ins/private/index_lifecycle_management/server/routes/api/policies/register_fetch_route.ts b/...ins/private/index_lifecycle_management/server/routes/api/policies/register_fetch_route.ts
@@ -60,7 +60,16 @@ async function fetchPolicies(client: ElasticsearchClient): Promise<TransportResu
 
 export function registerFetchRoute({ router, license, lib: { handleEsError } }: RouteDependencies) {
   router.get(
-    { path: addBasePath('/policies'), validate: false },
+    {
+      path: addBasePath('/policies'),
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'Relies on es client for authorization',
+        },
+      },
+      validate: false,
+    },
     license.guardApiRoute(async (context, request, response) => {
       const { asCurrentUser } = (await context.core).elasticsearch.client;
 

diff --git a/...te/index_lifecycle_management/server/routes/api/snapshot_policies/register_fetch_route.ts b/...te/index_lifecycle_management/server/routes/api/snapshot_policies/register_fetch_route.ts
@@ -10,7 +10,16 @@ import { addBasePath } from '../../../services';
 
 export function registerFetchRoute({ router, license, lib: { handleEsError } }: RouteDependencies) {
   router.get(
-    { path: addBasePath('/snapshot_policies'), validate: false },
+    {
+      path: addBasePath('/snapshot_policies'),
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'Relies on es client for authorization',
+        },
+      },
+      validate: false,
+    },
     license.guardApiRoute(async (context, request, response) => {
       try {
         const esClient = (await context.core).elasticsearch.client;