From eeffbe8cd31be46912bb31d29d2e77d916bbfd63 Mon Sep 17 00:00:00 2001 From: Matthew Kime Date: Tue, 17 Dec 2024 23:05:38 -0600 Subject: [PATCH 1/8] authz info for api routes --- .../register_create_route.ts | 6 ++++ .../register_delete_route.ts | 6 ++++ .../register_fetch_route.ts | 6 ++++ .../auto_follow_pattern/register_get_route.ts | 6 ++++ .../register_pause_route.ts | 6 ++++ .../register_resume_route.ts | 6 ++++ .../register_update_route.ts | 6 ++++ .../register_permissions_route.ts | 6 ++++ .../register_stats_route.ts | 6 ++++ .../follower_index/register_create_route.ts | 6 ++++ .../follower_index/register_fetch_route.ts | 6 ++++ .../api/follower_index/register_get_route.ts | 6 ++++ .../follower_index/register_pause_route.ts | 6 ++++ .../follower_index/register_resume_route.ts | 6 ++++ .../follower_index/register_unfollow_route.ts | 6 ++++ .../follower_index/register_update_route.ts | 6 ++++ .../register_grok_simulate_route.ts | 6 ++++ .../api/index/register_add_policy_route.ts | 11 ++++++- .../routes/api/index/register_remove_route.ts | 11 ++++++- .../routes/api/index/register_retry_route.ts | 11 ++++++- .../api/nodes/register_details_route.ts | 11 ++++++- .../routes/api/nodes/register_list_route.ts | 11 ++++++- .../api/policies/register_create_route.ts | 11 ++++++- .../api/policies/register_delete_route.ts | 11 ++++++- .../api/policies/register_fetch_route.ts | 11 ++++++- .../snapshot_policies/register_fetch_route.ts | 11 ++++++- .../register_fetch_route.ts | 11 ++++++- .../templates/register_add_policy_route.ts | 11 ++++++- .../api/templates/register_fetch_route.ts | 11 ++++++- .../api/license/register_license_route.ts | 6 ++++ .../api/license/register_permissions_route.ts | 30 +++++++++++++------ .../api/license/register_start_basic_route.ts | 6 ++++ .../license/register_start_trial_routes.ts | 26 +++++++++++----- 33 files changed, 274 insertions(+), 28 deletions(-) diff --git a/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_create_route.ts b/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_create_route.ts index aa23555033f5c..40f08389fef63 100644 --- a/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_create_route.ts +++ b/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_create_route.ts @@ -29,6 +29,12 @@ export const registerCreateRoute = ({ router.post( { path: addBasePath('/auto_follow_patterns'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { body: bodySchema, }, diff --git a/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_delete_route.ts b/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_delete_route.ts index 95da1239061b1..bdde8828eaca0 100644 --- a/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_delete_route.ts +++ b/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_delete_route.ts @@ -25,6 +25,12 @@ export const registerDeleteRoute = ({ router.delete( { path: addBasePath('/auto_follow_patterns/{id}'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: paramsSchema, }, diff --git a/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_fetch_route.ts b/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_fetch_route.ts index 006199673410e..1c47b58c00d71 100644 --- a/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_fetch_route.ts +++ b/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_fetch_route.ts @@ -20,6 +20,12 @@ export const registerFetchRoute = ({ router.get( { path: addBasePath('/auto_follow_patterns'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: false, }, license.guardApiRoute(async (context, request, response) => { diff --git a/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_get_route.ts b/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_get_route.ts index 0a0c2f4317d77..e88af9fc86d13 100644 --- a/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_get_route.ts +++ b/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_get_route.ts @@ -26,6 +26,12 @@ export const registerGetRoute = ({ router.get( { path: addBasePath('/auto_follow_patterns/{id}'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: paramsSchema, }, diff --git a/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_pause_route.ts b/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_pause_route.ts index b355d37fc5919..0cdbfa867df46 100644 --- a/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_pause_route.ts +++ b/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_pause_route.ts @@ -24,6 +24,12 @@ export const registerPauseRoute = ({ router.post( { path: addBasePath('/auto_follow_patterns/{id}/pause'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: paramsSchema, }, diff --git a/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_resume_route.ts b/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_resume_route.ts index 79d31f84398f1..da81498b624b7 100644 --- a/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_resume_route.ts +++ b/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_resume_route.ts @@ -24,6 +24,12 @@ export const registerResumeRoute = ({ router.post( { path: addBasePath('/auto_follow_patterns/{id}/resume'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: paramsSchema, }, diff --git a/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_update_route.ts b/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_update_route.ts index 0a0ec51ad44d1..3fbd2902ef831 100644 --- a/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_update_route.ts +++ b/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_update_route.ts @@ -33,6 +33,12 @@ export const registerUpdateRoute = ({ router.put( { path: addBasePath('/auto_follow_patterns/{id}'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: paramsSchema, body: bodySchema, diff --git a/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/cross_cluster_replication/register_permissions_route.ts b/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/cross_cluster_replication/register_permissions_route.ts index e4b80b273d4eb..4b59f7eb1b9d3 100644 --- a/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/cross_cluster_replication/register_permissions_route.ts +++ b/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/cross_cluster_replication/register_permissions_route.ts @@ -19,6 +19,12 @@ export const registerPermissionsRoute = ({ router.get( { path: addBasePath('/permissions'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: false, }, license.guardApiRoute(async (context, request, response) => { diff --git a/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/cross_cluster_replication/register_stats_route.ts b/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/cross_cluster_replication/register_stats_route.ts index b9bf86d877a69..6747806bd0332 100644 --- a/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/cross_cluster_replication/register_stats_route.ts +++ b/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/cross_cluster_replication/register_stats_route.ts @@ -20,6 +20,12 @@ export const registerStatsRoute = ({ router.get( { path: addBasePath('/stats/auto_follow'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: false, }, license.guardApiRoute(async (context, request, response) => { diff --git a/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/follower_index/register_create_route.ts b/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/follower_index/register_create_route.ts index d7d3a1dce0ce7..75a930da608d5 100644 --- a/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/follower_index/register_create_route.ts +++ b/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/follower_index/register_create_route.ts @@ -39,6 +39,12 @@ export const registerCreateRoute = ({ router.post( { path: addBasePath('/follower_indices'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { body: bodySchema, }, diff --git a/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/follower_index/register_fetch_route.ts b/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/follower_index/register_fetch_route.ts index da71d96669efb..2a00805e1e0be 100644 --- a/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/follower_index/register_fetch_route.ts +++ b/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/follower_index/register_fetch_route.ts @@ -20,6 +20,12 @@ export const registerFetchRoute = ({ router.get( { path: addBasePath('/follower_indices'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: false, }, license.guardApiRoute(async (context, request, response) => { diff --git a/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/follower_index/register_get_route.ts b/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/follower_index/register_get_route.ts index 44babd1bbcc46..297dc54496572 100644 --- a/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/follower_index/register_get_route.ts +++ b/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/follower_index/register_get_route.ts @@ -25,6 +25,12 @@ export const registerGetRoute = ({ router.get( { path: addBasePath('/follower_indices/{id}'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: paramsSchema, }, diff --git a/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/follower_index/register_pause_route.ts b/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/follower_index/register_pause_route.ts index 3d77ffefec9fe..c9dac46fac4ce 100644 --- a/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/follower_index/register_pause_route.ts +++ b/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/follower_index/register_pause_route.ts @@ -22,6 +22,12 @@ export const registerPauseRoute = ({ router.put( { path: addBasePath('/follower_indices/{id}/pause'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: paramsSchema, }, diff --git a/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/follower_index/register_resume_route.ts b/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/follower_index/register_resume_route.ts index da01b3d0e891f..e21bc3ead8a31 100644 --- a/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/follower_index/register_resume_route.ts +++ b/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/follower_index/register_resume_route.ts @@ -22,6 +22,12 @@ export const registerResumeRoute = ({ router.put( { path: addBasePath('/follower_indices/{id}/resume'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: paramsSchema, }, diff --git a/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/follower_index/register_unfollow_route.ts b/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/follower_index/register_unfollow_route.ts index f7987029ebc77..6c58667e246b7 100644 --- a/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/follower_index/register_unfollow_route.ts +++ b/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/follower_index/register_unfollow_route.ts @@ -22,6 +22,12 @@ export const registerUnfollowRoute = ({ router.put( { path: addBasePath('/follower_indices/{id}/unfollow'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: paramsSchema, }, diff --git a/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/follower_index/register_update_route.ts b/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/follower_index/register_update_route.ts index 3c0850ac5984c..4c5b1ec1390d1 100644 --- a/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/follower_index/register_update_route.ts +++ b/x-pack/platform/plugins/private/cross_cluster_replication/server/routes/api/follower_index/register_update_route.ts @@ -38,6 +38,12 @@ export const registerUpdateRoute = ({ router.put( { path: addBasePath('/follower_indices/{id}'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: paramsSchema, body: bodySchema, diff --git a/x-pack/platform/plugins/private/grokdebugger/server/routes/api/grokdebugger/register_grok_simulate_route.ts b/x-pack/platform/plugins/private/grokdebugger/server/routes/api/grokdebugger/register_grok_simulate_route.ts index 56e8fc672dd3d..0e86beddb7773 100644 --- a/x-pack/platform/plugins/private/grokdebugger/server/routes/api/grokdebugger/register_grok_simulate_route.ts +++ b/x-pack/platform/plugins/private/grokdebugger/server/routes/api/grokdebugger/register_grok_simulate_route.ts @@ -26,6 +26,12 @@ export function registerGrokSimulateRoute(framework: KibanaFramework) { { method: 'post', path: '/api/grokdebugger/simulate', + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { body: requestBodySchema, }, diff --git a/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/index/register_add_policy_route.ts b/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/index/register_add_policy_route.ts index 1d4821e10211c..7d6039ba0df72 100644 --- a/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/index/register_add_policy_route.ts +++ b/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/index/register_add_policy_route.ts @@ -39,7 +39,16 @@ export function registerAddPolicyRoute({ lib: { handleEsError }, }: RouteDependencies) { router.post( - { path: addBasePath('/index/add'), validate: { body: bodySchema } }, + { + path: addBasePath('/index/add'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: { body: bodySchema }, + }, license.guardApiRoute(async (context, request, response) => { const body = request.body as typeof bodySchema.type; const { indexName, policyName, alias = '' } = body; diff --git a/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/index/register_remove_route.ts b/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/index/register_remove_route.ts index cec5da7aad90c..f83e4fc4403ad 100644 --- a/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/index/register_remove_route.ts +++ b/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/index/register_remove_route.ts @@ -33,7 +33,16 @@ export function registerRemoveRoute({ lib: { handleEsError }, }: RouteDependencies) { router.post( - { path: addBasePath('/index/remove'), validate: { body: bodySchema } }, + { + path: addBasePath('/index/remove'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: { body: bodySchema }, + }, license.guardApiRoute(async (context, request, response) => { const body = request.body as typeof bodySchema.type; const { indexNames } = body; diff --git a/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/index/register_retry_route.ts b/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/index/register_retry_route.ts index 42bcffcbd8122..c0a9181698b67 100644 --- a/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/index/register_retry_route.ts +++ b/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/index/register_retry_route.ts @@ -30,7 +30,16 @@ const bodySchema = schema.object({ export function registerRetryRoute({ router, license, lib: { handleEsError } }: RouteDependencies) { router.post( - { path: addBasePath('/index/retry'), validate: { body: bodySchema } }, + { + path: addBasePath('/index/retry'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: { body: bodySchema }, + }, license.guardApiRoute(async (context, request, response) => { const body = request.body as typeof bodySchema.type; const { indexNames } = body; diff --git a/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/nodes/register_details_route.ts b/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/nodes/register_details_route.ts index 13393182d0528..2ebf55fc1d04e 100644 --- a/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/nodes/register_details_route.ts +++ b/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/nodes/register_details_route.ts @@ -36,7 +36,16 @@ export function registerDetailsRoute({ lib: { handleEsError }, }: RouteDependencies) { router.get( - { path: addBasePath('/nodes/{nodeAttrs}/details'), validate: { params: paramsSchema } }, + { + path: addBasePath('/nodes/{nodeAttrs}/details'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: { params: paramsSchema }, + }, license.guardApiRoute(async (context, request, response) => { const params = request.params as typeof paramsSchema.type; const { nodeAttrs } = params; diff --git a/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/nodes/register_list_route.ts b/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/nodes/register_list_route.ts index a9b17c25110b0..fa9c147b73b20 100644 --- a/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/nodes/register_list_route.ts +++ b/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/nodes/register_list_route.ts @@ -85,7 +85,16 @@ export function registerListRoute({ const disallowedNodeAttributes = [...NODE_ATTRS_KEYS_TO_IGNORE, ...filteredNodeAttributes]; router.get( - { path: addBasePath('/nodes/list'), validate: false }, + { + path: addBasePath('/nodes/list'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: false, + }, license.guardApiRoute(async (context, request, response) => { try { const esClient = (await context.core).elasticsearch.client; diff --git a/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/policies/register_create_route.ts b/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/policies/register_create_route.ts index dabfaa73231d6..97370b4a15039 100644 --- a/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/policies/register_create_route.ts +++ b/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/policies/register_create_route.ts @@ -50,7 +50,16 @@ export function registerCreateRoute({ lib: { handleEsError }, }: RouteDependencies) { router.post( - { path: addBasePath('/policies'), validate: { body: bodySchema } }, + { + path: addBasePath('/policies'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: { body: bodySchema }, + }, license.guardApiRoute(async (context, request, response) => { const body = request.body as typeof bodySchema.type; const { name, ...rest } = body; diff --git a/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/policies/register_delete_route.ts b/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/policies/register_delete_route.ts index d113e646f0b38..1ccd18b000052 100644 --- a/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/policies/register_delete_route.ts +++ b/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/policies/register_delete_route.ts @@ -30,7 +30,16 @@ export function registerDeleteRoute({ lib: { handleEsError }, }: RouteDependencies) { router.delete( - { path: addBasePath('/policies/{policyNames}'), validate: { params: paramsSchema } }, + { + path: addBasePath('/policies/{policyNames}'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: { params: paramsSchema }, + }, license.guardApiRoute(async (context, request, response) => { const params = request.params as typeof paramsSchema.type; const { policyNames } = params; diff --git a/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/policies/register_fetch_route.ts b/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/policies/register_fetch_route.ts index 9526aca51d33f..ec6e0a06f15b4 100644 --- a/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/policies/register_fetch_route.ts +++ b/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/policies/register_fetch_route.ts @@ -60,7 +60,16 @@ async function fetchPolicies(client: ElasticsearchClient): Promise { const { asCurrentUser } = (await context.core).elasticsearch.client; diff --git a/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/snapshot_policies/register_fetch_route.ts b/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/snapshot_policies/register_fetch_route.ts index 5a01908287896..fe25075b69022 100644 --- a/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/snapshot_policies/register_fetch_route.ts +++ b/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/snapshot_policies/register_fetch_route.ts @@ -10,7 +10,16 @@ import { addBasePath } from '../../../services'; export function registerFetchRoute({ router, license, lib: { handleEsError } }: RouteDependencies) { router.get( - { path: addBasePath('/snapshot_policies'), validate: false }, + { + path: addBasePath('/snapshot_policies'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: false, + }, license.guardApiRoute(async (context, request, response) => { try { const esClient = (await context.core).elasticsearch.client; diff --git a/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/snapshot_repositories/register_fetch_route.ts b/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/snapshot_repositories/register_fetch_route.ts index 45a55cfce5da1..4adcf726365ef 100644 --- a/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/snapshot_repositories/register_fetch_route.ts +++ b/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/snapshot_repositories/register_fetch_route.ts @@ -16,7 +16,16 @@ import { handleEsError } from '../../../shared_imports'; export const registerFetchRoute = ({ router, license }: RouteDependencies) => { router.get( - { path: addBasePath('/snapshot_repositories'), validate: false }, + { + path: addBasePath('/snapshot_repositories'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: false, + }, async (ctx, request, response) => { if (!license.isCurrentLicenseAtLeast(MIN_SEARCHABLE_SNAPSHOT_LICENSE)) { return response.forbidden({ diff --git a/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/templates/register_add_policy_route.ts b/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/templates/register_add_policy_route.ts index ef119db413707..13f4dfedacee6 100644 --- a/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/templates/register_add_policy_route.ts +++ b/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/templates/register_add_policy_route.ts @@ -101,7 +101,16 @@ export function registerAddPolicyRoute({ lib: { handleEsError }, }: RouteDependencies) { router.post( - { path: addBasePath('/template'), validate: { body: bodySchema, query: querySchema } }, + { + path: addBasePath('/template'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: { body: bodySchema, query: querySchema }, + }, license.guardApiRoute(async (context, request, response) => { const body = request.body as typeof bodySchema.type; const { templateName, policyName, aliasName } = body; diff --git a/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/templates/register_fetch_route.ts b/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/templates/register_fetch_route.ts index e70f2ed2bdac0..17d609687e6d4 100644 --- a/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/templates/register_fetch_route.ts +++ b/x-pack/platform/plugins/private/index_lifecycle_management/server/routes/api/templates/register_fetch_route.ts @@ -84,7 +84,16 @@ const querySchema = schema.object({ export function registerFetchRoute({ router, license, lib: { handleEsError } }: RouteDependencies) { router.get( - { path: addBasePath('/templates'), validate: { query: querySchema } }, + { + path: addBasePath('/templates'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: { query: querySchema }, + }, license.guardApiRoute(async (context, request, response) => { const isLegacy = (request.query as TypeOf).legacy === 'true'; try { diff --git a/x-pack/platform/plugins/shared/license_management/server/routes/api/license/register_license_route.ts b/x-pack/platform/plugins/shared/license_management/server/routes/api/license/register_license_route.ts index a9a7ef596b3a7..b3d7a822c415e 100644 --- a/x-pack/platform/plugins/shared/license_management/server/routes/api/license/register_license_route.ts +++ b/x-pack/platform/plugins/shared/license_management/server/routes/api/license/register_license_route.ts @@ -18,6 +18,12 @@ export function registerLicenseRoute({ router.put( { path: addBasePath(''), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { query: schema.object({ acknowledge: schema.string() }), body: schema.object({ diff --git a/x-pack/platform/plugins/shared/license_management/server/routes/api/license/register_permissions_route.ts b/x-pack/platform/plugins/shared/license_management/server/routes/api/license/register_permissions_route.ts index 8372273726911..bbb7003f50f2c 100644 --- a/x-pack/platform/plugins/shared/license_management/server/routes/api/license/register_permissions_route.ts +++ b/x-pack/platform/plugins/shared/license_management/server/routes/api/license/register_permissions_route.ts @@ -14,15 +14,27 @@ export function registerPermissionsRoute({ lib: { handleEsError }, config: { isSecurityEnabled }, }: RouteDependencies) { - router.post({ path: addBasePath('/permissions'), validate: false }, async (ctx, req, res) => { - const { client } = (await ctx.core).elasticsearch; + router.post( + { + path: addBasePath('/permissions'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: false, + }, + async (ctx, req, res) => { + const { client } = (await ctx.core).elasticsearch; - try { - return res.ok({ - body: await getPermissions({ client, isSecurityEnabled }), - }); - } catch (error) { - return handleEsError({ error, response: res }); + try { + return res.ok({ + body: await getPermissions({ client, isSecurityEnabled }), + }); + } catch (error) { + return handleEsError({ error, response: res }); + } } - }); + ); } diff --git a/x-pack/platform/plugins/shared/license_management/server/routes/api/license/register_start_basic_route.ts b/x-pack/platform/plugins/shared/license_management/server/routes/api/license/register_start_basic_route.ts index fa9f13ade07a1..581d6fca1de26 100644 --- a/x-pack/platform/plugins/shared/license_management/server/routes/api/license/register_start_basic_route.ts +++ b/x-pack/platform/plugins/shared/license_management/server/routes/api/license/register_start_basic_route.ts @@ -18,6 +18,12 @@ export function registerStartBasicRoute({ router.post( { path: addBasePath('/start_basic'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { query: schema.object({ acknowledge: schema.string() }) }, }, async (ctx, req, res) => { diff --git a/x-pack/platform/plugins/shared/license_management/server/routes/api/license/register_start_trial_routes.ts b/x-pack/platform/plugins/shared/license_management/server/routes/api/license/register_start_trial_routes.ts index 5ff25f4d21308..3fbdfd18f4a5a 100644 --- a/x-pack/platform/plugins/shared/license_management/server/routes/api/license/register_start_trial_routes.ts +++ b/x-pack/platform/plugins/shared/license_management/server/routes/api/license/register_start_trial_routes.ts @@ -14,14 +14,26 @@ export function registerStartTrialRoutes({ lib: { handleEsError }, plugins: { licensing }, }: RouteDependencies) { - router.get({ path: addBasePath('/start_trial'), validate: false }, async (ctx, req, res) => { - const { client } = (await ctx.core).elasticsearch; - try { - return res.ok({ body: await canStartTrial(client) }); - } catch (error) { - return handleEsError({ error, response: res }); + router.get( + { + path: addBasePath('/start_trial'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: false, + }, + async (ctx, req, res) => { + const { client } = (await ctx.core).elasticsearch; + try { + return res.ok({ body: await canStartTrial(client) }); + } catch (error) { + return handleEsError({ error, response: res }); + } } - }); + ); router.post({ path: addBasePath('/start_trial'), validate: false }, async (ctx, req, res) => { const { client } = (await ctx.core).elasticsearch; From 7dae1de5e57a061d796fa62980b30a266551425e Mon Sep 17 00:00:00 2001 From: Matthew Kime Date: Sat, 21 Dec 2024 18:43:01 -0600 Subject: [PATCH 2/8] add remote_clusters --- .../private/remote_clusters/server/routes/api/add_route.ts | 6 ++++++ .../remote_clusters/server/routes/api/delete_route.ts | 6 ++++++ .../private/remote_clusters/server/routes/api/get_route.ts | 6 ++++++ .../remote_clusters/server/routes/api/update_route.ts | 6 ++++++ 4 files changed, 24 insertions(+) diff --git a/x-pack/platform/plugins/private/remote_clusters/server/routes/api/add_route.ts b/x-pack/platform/plugins/private/remote_clusters/server/routes/api/add_route.ts index 1023ceb6b2b75..aa690fc935470 100644 --- a/x-pack/platform/plugins/private/remote_clusters/server/routes/api/add_route.ts +++ b/x-pack/platform/plugins/private/remote_clusters/server/routes/api/add_route.ts @@ -95,6 +95,12 @@ export const register = (deps: RouteDependencies): void => { router.post( { path: API_BASE_PATH, + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { body: bodyValidation, }, diff --git a/x-pack/platform/plugins/private/remote_clusters/server/routes/api/delete_route.ts b/x-pack/platform/plugins/private/remote_clusters/server/routes/api/delete_route.ts index 8e11a0cbe2461..fbed3879a82ea 100644 --- a/x-pack/platform/plugins/private/remote_clusters/server/routes/api/delete_route.ts +++ b/x-pack/platform/plugins/private/remote_clusters/server/routes/api/delete_route.ts @@ -140,6 +140,12 @@ export const register = (deps: RouteDependencies): void => { router.delete( { path: `${API_BASE_PATH}/{nameOrNames}`, + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: paramsValidation, }, diff --git a/x-pack/platform/plugins/private/remote_clusters/server/routes/api/get_route.ts b/x-pack/platform/plugins/private/remote_clusters/server/routes/api/get_route.ts index 96805e10357cd..a10e5d0a274b7 100644 --- a/x-pack/platform/plugins/private/remote_clusters/server/routes/api/get_route.ts +++ b/x-pack/platform/plugins/private/remote_clusters/server/routes/api/get_route.ts @@ -103,6 +103,12 @@ export const register = (deps: RouteDependencies): void => { router.get( { path: API_BASE_PATH, + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: false, }, licensePreRoutingFactory(deps, allHandler) diff --git a/x-pack/platform/plugins/private/remote_clusters/server/routes/api/update_route.ts b/x-pack/platform/plugins/private/remote_clusters/server/routes/api/update_route.ts index e186262ade21c..42907760730b1 100644 --- a/x-pack/platform/plugins/private/remote_clusters/server/routes/api/update_route.ts +++ b/x-pack/platform/plugins/private/remote_clusters/server/routes/api/update_route.ts @@ -108,6 +108,12 @@ export const register = (deps: RouteDependencies): void => { router.put( { path: `${API_BASE_PATH}/{name}`, + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: paramsValidation, body: bodyValidation, From e79ed10cfad51c8911eda2b3c35b8bfd407d6788 Mon Sep 17 00:00:00 2001 From: Matthew Kime Date: Sun, 22 Dec 2024 00:09:13 -0600 Subject: [PATCH 3/8] add a few more --- .../routes/api/indices/register_get_route.ts | 6 +++++ .../register_validate_index_pattern_route.ts | 6 +++++ .../routes/api/jobs/register_create_route.ts | 6 +++++ .../routes/api/jobs/register_delete_route.ts | 6 +++++ .../routes/api/jobs/register_get_route.ts | 6 +++++ .../routes/api/jobs/register_start_route.ts | 6 +++++ .../routes/api/jobs/register_stop_route.ts | 6 +++++ .../api/search/register_search_route.ts | 6 +++++ .../snapshot_restore/server/routes/api/app.ts | 11 +++++++++- .../server/routes/api/policy.ts | 22 +++++++++++++++++-- .../server/routes/api/repositories.ts | 22 +++++++++++++++++-- .../server/routes/api/restore.ts | 11 +++++++++- .../server/routes/api/snapshots.ts | 11 +++++++++- 13 files changed, 118 insertions(+), 7 deletions(-) diff --git a/x-pack/platform/plugins/private/rollup/server/routes/api/indices/register_get_route.ts b/x-pack/platform/plugins/private/rollup/server/routes/api/indices/register_get_route.ts index c32e0e2be8f5f..22a870f7815a6 100644 --- a/x-pack/platform/plugins/private/rollup/server/routes/api/indices/register_get_route.ts +++ b/x-pack/platform/plugins/private/rollup/server/routes/api/indices/register_get_route.ts @@ -20,6 +20,12 @@ export const registerGetRoute = ({ { // this endpoint is used by the data views plugin, see https://github.com/elastic/kibana/issues/152708 path: addBasePath('/indices'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: false, }, license.guardApiRoute(async (context, request, response) => { diff --git a/x-pack/platform/plugins/private/rollup/server/routes/api/indices/register_validate_index_pattern_route.ts b/x-pack/platform/plugins/private/rollup/server/routes/api/indices/register_validate_index_pattern_route.ts index 8eaea73e42b37..e09567b51ced1 100644 --- a/x-pack/platform/plugins/private/rollup/server/routes/api/indices/register_validate_index_pattern_route.ts +++ b/x-pack/platform/plugins/private/rollup/server/routes/api/indices/register_validate_index_pattern_route.ts @@ -60,6 +60,12 @@ export const registerValidateIndexPatternRoute = ({ router.get( { path: addBasePath('/index_pattern_validity/{indexPattern}'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: schema.object({ indexPattern: schema.string(), diff --git a/x-pack/platform/plugins/private/rollup/server/routes/api/jobs/register_create_route.ts b/x-pack/platform/plugins/private/rollup/server/routes/api/jobs/register_create_route.ts index 0585526117f3e..7abb7e78f8c7a 100644 --- a/x-pack/platform/plugins/private/rollup/server/routes/api/jobs/register_create_route.ts +++ b/x-pack/platform/plugins/private/rollup/server/routes/api/jobs/register_create_route.ts @@ -17,6 +17,12 @@ export const registerCreateRoute = ({ router.put( { path: addBasePath('/create'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { body: schema.object({ job: schema.object( diff --git a/x-pack/platform/plugins/private/rollup/server/routes/api/jobs/register_delete_route.ts b/x-pack/platform/plugins/private/rollup/server/routes/api/jobs/register_delete_route.ts index f6b530ef2fc0e..3f3691e1595d5 100644 --- a/x-pack/platform/plugins/private/rollup/server/routes/api/jobs/register_delete_route.ts +++ b/x-pack/platform/plugins/private/rollup/server/routes/api/jobs/register_delete_route.ts @@ -17,6 +17,12 @@ export const registerDeleteRoute = ({ router.post( { path: addBasePath('/delete'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { body: schema.object({ jobIds: schema.arrayOf(schema.string()), diff --git a/x-pack/platform/plugins/private/rollup/server/routes/api/jobs/register_get_route.ts b/x-pack/platform/plugins/private/rollup/server/routes/api/jobs/register_get_route.ts index d74a2907254d7..59ab427962fbf 100644 --- a/x-pack/platform/plugins/private/rollup/server/routes/api/jobs/register_get_route.ts +++ b/x-pack/platform/plugins/private/rollup/server/routes/api/jobs/register_get_route.ts @@ -16,6 +16,12 @@ export const registerGetRoute = ({ router.get( { path: addBasePath('/jobs'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: false, }, license.guardApiRoute(async (context, request, response) => { diff --git a/x-pack/platform/plugins/private/rollup/server/routes/api/jobs/register_start_route.ts b/x-pack/platform/plugins/private/rollup/server/routes/api/jobs/register_start_route.ts index 85e2a508f04a9..cab2a512f77c5 100644 --- a/x-pack/platform/plugins/private/rollup/server/routes/api/jobs/register_start_route.ts +++ b/x-pack/platform/plugins/private/rollup/server/routes/api/jobs/register_start_route.ts @@ -17,6 +17,12 @@ export const registerStartRoute = ({ router.post( { path: addBasePath('/start'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { body: schema.object({ jobIds: schema.arrayOf(schema.string()), diff --git a/x-pack/platform/plugins/private/rollup/server/routes/api/jobs/register_stop_route.ts b/x-pack/platform/plugins/private/rollup/server/routes/api/jobs/register_stop_route.ts index 617023413eea3..1131b7624711e 100644 --- a/x-pack/platform/plugins/private/rollup/server/routes/api/jobs/register_stop_route.ts +++ b/x-pack/platform/plugins/private/rollup/server/routes/api/jobs/register_stop_route.ts @@ -17,6 +17,12 @@ export const registerStopRoute = ({ router.post( { path: addBasePath('/stop'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { body: schema.object({ jobIds: schema.arrayOf(schema.string()), diff --git a/x-pack/platform/plugins/private/rollup/server/routes/api/search/register_search_route.ts b/x-pack/platform/plugins/private/rollup/server/routes/api/search/register_search_route.ts index 98116e8288866..6c8124df1763a 100644 --- a/x-pack/platform/plugins/private/rollup/server/routes/api/search/register_search_route.ts +++ b/x-pack/platform/plugins/private/rollup/server/routes/api/search/register_search_route.ts @@ -17,6 +17,12 @@ export const registerSearchRoute = ({ router.post( { path: addBasePath('/search'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { body: schema.arrayOf( schema.object({ diff --git a/x-pack/platform/plugins/private/snapshot_restore/server/routes/api/app.ts b/x-pack/platform/plugins/private/snapshot_restore/server/routes/api/app.ts index 2df8f314a5f99..b933e8c7ec67a 100644 --- a/x-pack/platform/plugins/private/snapshot_restore/server/routes/api/app.ts +++ b/x-pack/platform/plugins/private/snapshot_restore/server/routes/api/app.ts @@ -30,7 +30,16 @@ export function registerAppRoutes({ lib: { handleEsError }, }: RouteDependencies) { router.get( - { path: addBasePath('privileges'), validate: false }, + { + path: addBasePath('privileges'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: false, + }, license.guardApiRoute(async (ctx, req, res) => { const { client: clusterClient } = (await ctx.core).elasticsearch; diff --git a/x-pack/platform/plugins/private/snapshot_restore/server/routes/api/policy.ts b/x-pack/platform/plugins/private/snapshot_restore/server/routes/api/policy.ts index 9f948d0d2524a..0630aede316bb 100644 --- a/x-pack/platform/plugins/private/snapshot_restore/server/routes/api/policy.ts +++ b/x-pack/platform/plugins/private/snapshot_restore/server/routes/api/policy.ts @@ -21,7 +21,16 @@ export function registerPolicyRoutes({ }: RouteDependencies) { // GET all policies router.get( - { path: addBasePath('policies'), validate: false }, + { + path: addBasePath('policies'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: false, + }, license.guardApiRoute(async (ctx, req, res) => { const { client: clusterClient } = (await ctx.core).elasticsearch; @@ -51,7 +60,16 @@ export function registerPolicyRoutes({ // GET one policy router.get( - { path: addBasePath('policy/{name}'), validate: { params: nameParameterSchema } }, + { + path: addBasePath('policy/{name}'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: { params: nameParameterSchema }, + }, license.guardApiRoute(async (ctx, req, res) => { const { client: clusterClient } = (await ctx.core).elasticsearch; const { name } = req.params as TypeOf; diff --git a/x-pack/platform/plugins/private/snapshot_restore/server/routes/api/repositories.ts b/x-pack/platform/plugins/private/snapshot_restore/server/routes/api/repositories.ts index f0413aadfbc71..39f9366f30a8e 100644 --- a/x-pack/platform/plugins/private/snapshot_restore/server/routes/api/repositories.ts +++ b/x-pack/platform/plugins/private/snapshot_restore/server/routes/api/repositories.ts @@ -40,7 +40,16 @@ export function registerRepositoriesRoutes({ }: RouteDependencies) { // GET all repositories router.get( - { path: addBasePath('repositories'), validate: false }, + { + path: addBasePath('repositories'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: false, + }, license.guardApiRoute(async (ctx, req, res) => { const { client: clusterClient } = (await ctx.core).elasticsearch; const managedRepositoryName = await getManagedRepositoryName(clusterClient.asCurrentUser); @@ -99,7 +108,16 @@ export function registerRepositoriesRoutes({ // GET one repository router.get( - { path: addBasePath('repositories/{name}'), validate: { params: nameParameterSchema } }, + { + path: addBasePath('repositories/{name}'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: { params: nameParameterSchema }, + }, license.guardApiRoute(async (ctx, req, res) => { const { client: clusterClient } = (await ctx.core).elasticsearch; const { name } = req.params as TypeOf; diff --git a/x-pack/platform/plugins/private/snapshot_restore/server/routes/api/restore.ts b/x-pack/platform/plugins/private/snapshot_restore/server/routes/api/restore.ts index e97a64f26a123..ea89298ee2163 100644 --- a/x-pack/platform/plugins/private/snapshot_restore/server/routes/api/restore.ts +++ b/x-pack/platform/plugins/private/snapshot_restore/server/routes/api/restore.ts @@ -22,7 +22,16 @@ export function registerRestoreRoutes({ }: RouteDependencies) { // GET all snapshot restores router.get( - { path: addBasePath('restores'), validate: false }, + { + path: addBasePath('restores'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: false, + }, license.guardApiRoute(async (ctx, req, res) => { const { client: clusterClient } = (await ctx.core).elasticsearch; diff --git a/x-pack/platform/plugins/private/snapshot_restore/server/routes/api/snapshots.ts b/x-pack/platform/plugins/private/snapshot_restore/server/routes/api/snapshots.ts index c486180424da5..e42014672e3bf 100644 --- a/x-pack/platform/plugins/private/snapshot_restore/server/routes/api/snapshots.ts +++ b/x-pack/platform/plugins/private/snapshot_restore/server/routes/api/snapshots.ts @@ -45,7 +45,16 @@ export function registerSnapshotsRoutes({ }: RouteDependencies) { // GET all snapshots router.get( - { path: addBasePath('snapshots'), validate: { query: snapshotListSchema } }, + { + path: addBasePath('snapshots'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: { query: snapshotListSchema }, + }, license.guardApiRoute(async (ctx, req, res) => { const { client: clusterClient } = (await ctx.core).elasticsearch; const sortField = From daf5d6a2bb5eb2973a1292b487312857449c5d10 Mon Sep 17 00:00:00 2001 From: Matthew Kime Date: Sun, 22 Dec 2024 22:40:36 -0600 Subject: [PATCH 4/8] add index_management --- .../console/autocomplete_entities/index.ts | 6 +++++ .../register_create_route.ts | 6 +++++ .../register_datastream_route.ts | 12 ++++++++++ .../register_delete_route.ts | 6 +++++ .../component_templates/register_get_route.ts | 17 ++++++++++++- .../register_update_route.ts | 6 +++++ .../api/data_streams/register_delete_route.ts | 6 +++++ .../api/data_streams/register_get_route.ts | 17 ++++++++++++- .../api/data_streams/register_post_route.ts | 12 ++++++++++ .../api/data_streams/register_put_route.ts | 6 +++++ .../enrich_policies/register_create_route.ts | 24 +++++++++++++++++++ .../enrich_policies/register_delete_route.ts | 6 +++++ .../enrich_policies/register_execute_route.ts | 6 +++++ .../enrich_policies/register_list_route.ts | 11 ++++++++- .../register_privileges_route.ts | 6 +++++ .../api/indices/register_clear_cache_route.ts | 11 ++++++++- .../api/indices/register_close_route.ts | 11 ++++++++- .../api/indices/register_create_route.ts | 11 ++++++++- .../api/indices/register_delete_route.ts | 11 ++++++++- .../api/indices/register_flush_route.ts | 11 ++++++++- .../api/indices/register_forcemerge_route.ts | 6 +++++ .../routes/api/indices/register_get_route.ts | 6 +++++ .../routes/api/indices/register_list_route.ts | 11 ++++++++- .../routes/api/indices/register_open_route.ts | 11 ++++++++- .../api/indices/register_refresh_route.ts | 11 ++++++++- .../api/indices/register_reload_route.ts | 11 ++++++++- .../api/indices/register_unfreeze_route.ts | 11 ++++++++- .../inference_models/register_get_route.ts | 6 +++++ .../api/mapping/register_mapping_route.ts | 11 ++++++++- .../mapping/register_update_mapping_route.ts | 6 +++++ .../routes/api/nodes/register_nodes_route.ts | 11 ++++++++- .../api/settings/register_load_route.ts | 11 ++++++++- .../api/settings/register_update_route.ts | 6 +++++ .../routes/api/stats/register_stats_route.ts | 11 ++++++++- .../api/templates/register_create_route.ts | 11 ++++++++- .../api/templates/register_delete_route.ts | 6 +++++ .../api/templates/register_get_routes.ts | 17 ++++++++++++- .../api/templates/register_simulate_route.ts | 6 +++++ .../api/templates/register_update_route.ts | 6 +++++ 39 files changed, 358 insertions(+), 19 deletions(-) diff --git a/src/platform/plugins/shared/console/server/routes/api/console/autocomplete_entities/index.ts b/src/platform/plugins/shared/console/server/routes/api/console/autocomplete_entities/index.ts index 0dacd8e93cc9b..bbd8720efbdd0 100644 --- a/src/platform/plugins/shared/console/server/routes/api/console/autocomplete_entities/index.ts +++ b/src/platform/plugins/shared/console/server/routes/api/console/autocomplete_entities/index.ts @@ -87,6 +87,12 @@ export const registerAutocompleteEntitiesRoute = (deps: RouteDependencies) => { deps.router.get( { path: '/api/console/autocomplete_entities', + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, options: { tags: ['access:console'], }, diff --git a/x-pack/platform/plugins/shared/index_management/server/routes/api/component_templates/register_create_route.ts b/x-pack/platform/plugins/shared/index_management/server/routes/api/component_templates/register_create_route.ts index 342cf23933324..d5538f37442d8 100644 --- a/x-pack/platform/plugins/shared/index_management/server/routes/api/component_templates/register_create_route.ts +++ b/x-pack/platform/plugins/shared/index_management/server/routes/api/component_templates/register_create_route.ts @@ -19,6 +19,12 @@ export const registerCreateRoute = ({ router.post( { path: addBasePath('/component_templates'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { body: componentTemplateSchema, }, diff --git a/x-pack/platform/plugins/shared/index_management/server/routes/api/component_templates/register_datastream_route.ts b/x-pack/platform/plugins/shared/index_management/server/routes/api/component_templates/register_datastream_route.ts index 8474c0d4c9660..aff143576b647 100644 --- a/x-pack/platform/plugins/shared/index_management/server/routes/api/component_templates/register_datastream_route.ts +++ b/x-pack/platform/plugins/shared/index_management/server/routes/api/component_templates/register_datastream_route.ts @@ -54,6 +54,12 @@ export const registerGetDatastreams = ({ router.get( { path: addBasePath('/component_templates/{name}/datastreams'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: paramsSchema, }, @@ -85,6 +91,12 @@ export const registerReferencedIndexTemplateMeta = ({ router.get( { path: addBasePath('/component_templates/{name}/referenced_index_template_meta'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: paramsSchema, }, diff --git a/x-pack/platform/plugins/shared/index_management/server/routes/api/component_templates/register_delete_route.ts b/x-pack/platform/plugins/shared/index_management/server/routes/api/component_templates/register_delete_route.ts index c06f90821b337..04a6687f6985a 100644 --- a/x-pack/platform/plugins/shared/index_management/server/routes/api/component_templates/register_delete_route.ts +++ b/x-pack/platform/plugins/shared/index_management/server/routes/api/component_templates/register_delete_route.ts @@ -21,6 +21,12 @@ export const registerDeleteRoute = ({ router.delete( { path: addBasePath('/component_templates/{names}'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: paramsSchema, }, diff --git a/x-pack/platform/plugins/shared/index_management/server/routes/api/component_templates/register_get_route.ts b/x-pack/platform/plugins/shared/index_management/server/routes/api/component_templates/register_get_route.ts index 2ccc3919e377a..e3630eea1ec92 100644 --- a/x-pack/platform/plugins/shared/index_management/server/routes/api/component_templates/register_get_route.ts +++ b/x-pack/platform/plugins/shared/index_management/server/routes/api/component_templates/register_get_route.ts @@ -22,7 +22,16 @@ const paramsSchema = schema.object({ export function registerGetAllRoute({ router, lib: { handleEsError } }: RouteDependencies) { // Get all component templates router.get( - { path: addBasePath('/component_templates'), validate: false }, + { + path: addBasePath('/component_templates'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: false, + }, async (context, request, response) => { const { client } = (await context.core).elasticsearch; @@ -53,6 +62,12 @@ export function registerGetAllRoute({ router, lib: { handleEsError } }: RouteDep router.get( { path: addBasePath('/component_templates/{name}'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: paramsSchema, }, diff --git a/x-pack/platform/plugins/shared/index_management/server/routes/api/component_templates/register_update_route.ts b/x-pack/platform/plugins/shared/index_management/server/routes/api/component_templates/register_update_route.ts index eb9fdb87d9a74..d93950e0df4ca 100644 --- a/x-pack/platform/plugins/shared/index_management/server/routes/api/component_templates/register_update_route.ts +++ b/x-pack/platform/plugins/shared/index_management/server/routes/api/component_templates/register_update_route.ts @@ -23,6 +23,12 @@ export const registerUpdateRoute = ({ router.put( { path: addBasePath('/component_templates/{name}'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { body: componentTemplateSchema, params: paramsSchema, diff --git a/x-pack/platform/plugins/shared/index_management/server/routes/api/data_streams/register_delete_route.ts b/x-pack/platform/plugins/shared/index_management/server/routes/api/data_streams/register_delete_route.ts index dcdb4056cb681..2107873bcc568 100644 --- a/x-pack/platform/plugins/shared/index_management/server/routes/api/data_streams/register_delete_route.ts +++ b/x-pack/platform/plugins/shared/index_management/server/routes/api/data_streams/register_delete_route.ts @@ -18,6 +18,12 @@ export function registerDeleteRoute({ router, lib: { handleEsError } }: RouteDep router.post( { path: addBasePath('/delete_data_streams'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { body: bodySchema }, }, async (context, request, response) => { diff --git a/x-pack/platform/plugins/shared/index_management/server/routes/api/data_streams/register_get_route.ts b/x-pack/platform/plugins/shared/index_management/server/routes/api/data_streams/register_get_route.ts index d03c79e4f698c..d6d03d7095ae8 100644 --- a/x-pack/platform/plugins/shared/index_management/server/routes/api/data_streams/register_get_route.ts +++ b/x-pack/platform/plugins/shared/index_management/server/routes/api/data_streams/register_get_route.ts @@ -138,7 +138,16 @@ export function registerGetAllRoute({ router, lib: { handleEsError }, config }: includeStats: schema.maybe(schema.oneOf([schema.literal('true'), schema.literal('false')])), }); router.get( - { path: addBasePath('/data_streams'), validate: { query: querySchema } }, + { + path: addBasePath('/data_streams'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: { query: querySchema }, + }, async (context, request, response) => { const { client } = (await context.core).elasticsearch; @@ -197,6 +206,12 @@ export function registerGetOneRoute({ router, lib: { handleEsError }, config }: router.get( { path: addBasePath('/data_streams/{name}'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: paramsSchema }, }, async (context, request, response) => { diff --git a/x-pack/platform/plugins/shared/index_management/server/routes/api/data_streams/register_post_route.ts b/x-pack/platform/plugins/shared/index_management/server/routes/api/data_streams/register_post_route.ts index 8e2a5a3790986..7d24b55fd08e7 100644 --- a/x-pack/platform/plugins/shared/index_management/server/routes/api/data_streams/register_post_route.ts +++ b/x-pack/platform/plugins/shared/index_management/server/routes/api/data_streams/register_post_route.ts @@ -29,6 +29,12 @@ export function registerPostOneApplyLatestMappings({ router.post( { path: addBasePath('/data_streams/{name}/mappings_from_template'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: paramsSchema }, }, async (context, request, response) => { @@ -79,6 +85,12 @@ export function registerPostOneRollover({ router.post( { path: addBasePath('/data_streams/{name}/rollover'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: paramsSchema }, }, async (context, request, response) => { diff --git a/x-pack/platform/plugins/shared/index_management/server/routes/api/data_streams/register_put_route.ts b/x-pack/platform/plugins/shared/index_management/server/routes/api/data_streams/register_put_route.ts index 97ea662daaa14..5aec43ced0023 100644 --- a/x-pack/platform/plugins/shared/index_management/server/routes/api/data_streams/register_put_route.ts +++ b/x-pack/platform/plugins/shared/index_management/server/routes/api/data_streams/register_put_route.ts @@ -29,6 +29,12 @@ export function registerPutDataRetention({ router, lib: { handleEsError } }: Rou router.put( { path: addBasePath('/data_streams/data_retention'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { body: bodySchema }, }, async (context, request, response) => { diff --git a/x-pack/platform/plugins/shared/index_management/server/routes/api/enrich_policies/register_create_route.ts b/x-pack/platform/plugins/shared/index_management/server/routes/api/enrich_policies/register_create_route.ts index ff165876a6ee9..e300722594bae 100644 --- a/x-pack/platform/plugins/shared/index_management/server/routes/api/enrich_policies/register_create_route.ts +++ b/x-pack/platform/plugins/shared/index_management/server/routes/api/enrich_policies/register_create_route.ts @@ -52,6 +52,12 @@ export function registerCreateRoute({ router, lib: { handleEsError } }: RouteDep router.post( { path: addInternalBasePath('/enrich_policies'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { body: validationSchema, query: querySchema }, }, async (context, request, response) => { @@ -87,6 +93,12 @@ export function registerCreateRoute({ router, lib: { handleEsError } }: RouteDep router.post( { path: addInternalBasePath('/enrich_policies/get_matching_indices'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { body: getMatchingIndicesSchema }, }, async (context, request, response) => { @@ -114,6 +126,12 @@ export function registerCreateRoute({ router, lib: { handleEsError } }: RouteDep router.post( { path: addInternalBasePath('/enrich_policies/get_matching_data_streams'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { body: getMatchingIndicesSchema }, }, async (context, request, response) => { @@ -142,6 +160,12 @@ export function registerCreateRoute({ router, lib: { handleEsError } }: RouteDep router.post( { path: addInternalBasePath('/enrich_policies/get_fields_from_indices'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { body: getFieldsFromIndicesSchema }, }, async (context, request, response) => { diff --git a/x-pack/platform/plugins/shared/index_management/server/routes/api/enrich_policies/register_delete_route.ts b/x-pack/platform/plugins/shared/index_management/server/routes/api/enrich_policies/register_delete_route.ts index 6686da701bca7..b68e41cd92d39 100644 --- a/x-pack/platform/plugins/shared/index_management/server/routes/api/enrich_policies/register_delete_route.ts +++ b/x-pack/platform/plugins/shared/index_management/server/routes/api/enrich_policies/register_delete_route.ts @@ -20,6 +20,12 @@ export function registerDeleteRoute({ router, lib: { handleEsError } }: RouteDep router.delete( { path: addInternalBasePath('/enrich_policies/{name}'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: paramsSchema }, }, async (context, request, response) => { diff --git a/x-pack/platform/plugins/shared/index_management/server/routes/api/enrich_policies/register_execute_route.ts b/x-pack/platform/plugins/shared/index_management/server/routes/api/enrich_policies/register_execute_route.ts index b6925758d7882..d5a3973812b92 100644 --- a/x-pack/platform/plugins/shared/index_management/server/routes/api/enrich_policies/register_execute_route.ts +++ b/x-pack/platform/plugins/shared/index_management/server/routes/api/enrich_policies/register_execute_route.ts @@ -20,6 +20,12 @@ export function registerExecuteRoute({ router, lib: { handleEsError } }: RouteDe router.put( { path: addInternalBasePath('/enrich_policies/{name}'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: paramsSchema }, }, async (context, request, response) => { diff --git a/x-pack/platform/plugins/shared/index_management/server/routes/api/enrich_policies/register_list_route.ts b/x-pack/platform/plugins/shared/index_management/server/routes/api/enrich_policies/register_list_route.ts index 1df52d8f2ba17..6a7bcb06c85db 100644 --- a/x-pack/platform/plugins/shared/index_management/server/routes/api/enrich_policies/register_list_route.ts +++ b/x-pack/platform/plugins/shared/index_management/server/routes/api/enrich_policies/register_list_route.ts @@ -12,7 +12,16 @@ import { enrichPoliciesActions } from '../../../lib/enrich_policies'; export function registerListRoute({ router, lib: { handleEsError } }: RouteDependencies) { router.get( - { path: addInternalBasePath('/enrich_policies'), validate: false }, + { + path: addInternalBasePath('/enrich_policies'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: false, + }, async (context, request, response) => { const client = (await context.core).elasticsearch.client as IScopedClusterClient; try { diff --git a/x-pack/platform/plugins/shared/index_management/server/routes/api/enrich_policies/register_privileges_route.ts b/x-pack/platform/plugins/shared/index_management/server/routes/api/enrich_policies/register_privileges_route.ts index 8fc8b7ba11fb2..123785f827cfd 100644 --- a/x-pack/platform/plugins/shared/index_management/server/routes/api/enrich_policies/register_privileges_route.ts +++ b/x-pack/platform/plugins/shared/index_management/server/routes/api/enrich_policies/register_privileges_route.ts @@ -25,6 +25,12 @@ export const registerPrivilegesRoute = ({ router.get( { path: addInternalBasePath('/enrich_policies/privileges'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: false, }, async (context, request, response) => { diff --git a/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_clear_cache_route.ts b/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_clear_cache_route.ts index bfedf6f4cb0cf..3ccfbeeab74a7 100644 --- a/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_clear_cache_route.ts +++ b/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_clear_cache_route.ts @@ -17,7 +17,16 @@ const bodySchema = schema.object({ export function registerClearCacheRoute({ router, lib: { handleEsError } }: RouteDependencies) { router.post( - { path: addBasePath('/indices/clear_cache'), validate: { body: bodySchema } }, + { + path: addBasePath('/indices/clear_cache'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: { body: bodySchema }, + }, async (context, request, response) => { const { client } = (await context.core).elasticsearch; const { indices = [] } = request.body as typeof bodySchema.type; diff --git a/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_close_route.ts b/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_close_route.ts index b83c781f6457d..77f9a5f85b5de 100644 --- a/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_close_route.ts +++ b/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_close_route.ts @@ -17,7 +17,16 @@ const bodySchema = schema.object({ export function registerCloseRoute({ router, lib: { handleEsError } }: RouteDependencies) { router.post( - { path: addBasePath('/indices/close'), validate: { body: bodySchema } }, + { + path: addBasePath('/indices/close'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: { body: bodySchema }, + }, async (context, request, response) => { const { client } = (await context.core).elasticsearch; const { indices = [] } = request.body as typeof bodySchema.type; diff --git a/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_create_route.ts b/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_create_route.ts index b6de9596c77b7..45834d6591cc2 100644 --- a/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_create_route.ts +++ b/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_create_route.ts @@ -17,7 +17,16 @@ const bodySchema = schema.object({ export function registerCreateRoute({ router, lib: { handleEsError } }: RouteDependencies) { router.put( - { path: addInternalBasePath('/indices/create'), validate: { body: bodySchema } }, + { + path: addInternalBasePath('/indices/create'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: { body: bodySchema }, + }, async (context, request, response) => { const { client } = (await context.core).elasticsearch; const { indexName } = request.body as typeof bodySchema.type; diff --git a/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_delete_route.ts b/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_delete_route.ts index b3931c1d56172..f2bfdf249454d 100644 --- a/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_delete_route.ts +++ b/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_delete_route.ts @@ -17,7 +17,16 @@ const bodySchema = schema.object({ export function registerDeleteRoute({ router, lib: { handleEsError } }: RouteDependencies) { router.post( - { path: addBasePath('/indices/delete'), validate: { body: bodySchema } }, + { + path: addBasePath('/indices/delete'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: { body: bodySchema }, + }, async (context, request, response) => { const { client } = (await context.core).elasticsearch; const { indices = [] } = request.body as typeof bodySchema.type; diff --git a/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_flush_route.ts b/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_flush_route.ts index 6ba8000306fec..fa422c0748686 100644 --- a/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_flush_route.ts +++ b/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_flush_route.ts @@ -17,7 +17,16 @@ const bodySchema = schema.object({ export function registerFlushRoute({ router, lib: { handleEsError } }: RouteDependencies) { router.post( - { path: addBasePath('/indices/flush'), validate: { body: bodySchema } }, + { + path: addBasePath('/indices/flush'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: { body: bodySchema }, + }, async (context, request, response) => { const { client } = (await context.core).elasticsearch; const { indices = [] } = request.body as typeof bodySchema.type; diff --git a/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_forcemerge_route.ts b/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_forcemerge_route.ts index ffbe50598f197..c7f7cd5fe63dc 100644 --- a/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_forcemerge_route.ts +++ b/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_forcemerge_route.ts @@ -20,6 +20,12 @@ export function registerForcemergeRoute({ router, lib: { handleEsError } }: Rout router.post( { path: addBasePath('/indices/forcemerge'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { body: bodySchema, }, diff --git a/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_get_route.ts b/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_get_route.ts index ae93bd3241180..03742d35e173a 100644 --- a/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_get_route.ts +++ b/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_get_route.ts @@ -21,6 +21,12 @@ export function registerGetRoute({ router.get( { path: addInternalBasePath('/indices/{indexName}'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: schema.object({ indexName: schema.string(), diff --git a/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_list_route.ts b/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_list_route.ts index e42ebbf4a1e76..8efa513e9fe03 100644 --- a/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_list_route.ts +++ b/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_list_route.ts @@ -16,7 +16,16 @@ export function registerListRoute({ config, }: RouteDependencies) { router.get( - { path: addBasePath('/indices'), validate: false }, + { + path: addBasePath('/indices'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: false, + }, async (context, request, response) => { const { client } = (await context.core).elasticsearch; try { diff --git a/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_open_route.ts b/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_open_route.ts index 9d0ae0a44b4ec..7b93b18e2bba3 100644 --- a/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_open_route.ts +++ b/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_open_route.ts @@ -17,7 +17,16 @@ const bodySchema = schema.object({ export function registerOpenRoute({ router, lib: { handleEsError } }: RouteDependencies) { router.post( - { path: addBasePath('/indices/open'), validate: { body: bodySchema } }, + { + path: addBasePath('/indices/open'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: { body: bodySchema }, + }, async (context, request, response) => { const { client } = (await context.core).elasticsearch; const { indices = [] } = request.body as typeof bodySchema.type; diff --git a/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_refresh_route.ts b/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_refresh_route.ts index c414a73cd73c1..66e4b4a463b7d 100644 --- a/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_refresh_route.ts +++ b/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_refresh_route.ts @@ -17,7 +17,16 @@ const bodySchema = schema.object({ export function registerRefreshRoute({ router, lib: { handleEsError } }: RouteDependencies) { router.post( - { path: addBasePath('/indices/refresh'), validate: { body: bodySchema } }, + { + path: addBasePath('/indices/refresh'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: { body: bodySchema }, + }, async (context, request, response) => { const { client } = (await context.core).elasticsearch; const { indices = [] } = request.body as typeof bodySchema.type; diff --git a/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_reload_route.ts b/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_reload_route.ts index d64c6b1013d66..6154c0b703750 100644 --- a/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_reload_route.ts +++ b/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_reload_route.ts @@ -26,7 +26,16 @@ export function registerReloadRoute({ config, }: RouteDependencies) { router.post( - { path: addBasePath('/indices/reload'), validate: { body: bodySchema } }, + { + path: addBasePath('/indices/reload'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: { body: bodySchema }, + }, async (context, request, response) => { const { client } = (await context.core).elasticsearch; const { indexNames = [] } = (request.body as typeof bodySchema.type) ?? {}; diff --git a/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_unfreeze_route.ts b/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_unfreeze_route.ts index 3636a0707df8c..49967f8684a2f 100644 --- a/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_unfreeze_route.ts +++ b/x-pack/platform/plugins/shared/index_management/server/routes/api/indices/register_unfreeze_route.ts @@ -16,7 +16,16 @@ const bodySchema = schema.object({ export function registerUnfreezeRoute({ router, lib: { handleEsError } }: RouteDependencies) { router.post( - { path: addBasePath('/indices/unfreeze'), validate: { body: bodySchema } }, + { + path: addBasePath('/indices/unfreeze'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: { body: bodySchema }, + }, async (context, request, response) => { const { client } = (await context.core).elasticsearch; const { indices = [] } = request.body as typeof bodySchema.type; diff --git a/x-pack/platform/plugins/shared/index_management/server/routes/api/inference_models/register_get_route.ts b/x-pack/platform/plugins/shared/index_management/server/routes/api/inference_models/register_get_route.ts index 4709abadc3345..d8c289a19b3d5 100644 --- a/x-pack/platform/plugins/shared/index_management/server/routes/api/inference_models/register_get_route.ts +++ b/x-pack/platform/plugins/shared/index_management/server/routes/api/inference_models/register_get_route.ts @@ -14,6 +14,12 @@ export function registerGetAllRoute({ router, lib: { handleEsError } }: RouteDep router.get( { path: addBasePath('/inference/all'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: {}, }, async (context, request, response) => { diff --git a/x-pack/platform/plugins/shared/index_management/server/routes/api/mapping/register_mapping_route.ts b/x-pack/platform/plugins/shared/index_management/server/routes/api/mapping/register_mapping_route.ts index 81d084e995bb1..83cc3adb8a71d 100644 --- a/x-pack/platform/plugins/shared/index_management/server/routes/api/mapping/register_mapping_route.ts +++ b/x-pack/platform/plugins/shared/index_management/server/routes/api/mapping/register_mapping_route.ts @@ -23,7 +23,16 @@ function formatHit(hit: { [key: string]: { mappings: any } }, indexName: string) export function registerGetMappingRoute({ router, lib: { handleEsError } }: RouteDependencies) { router.get( - { path: addBasePath('/mapping/{indexName}'), validate: { params: paramsSchema } }, + { + path: addBasePath('/mapping/{indexName}'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: { params: paramsSchema }, + }, async (context, request, response) => { const { client } = (await context.core).elasticsearch; const { indexName } = request.params as typeof paramsSchema.type; diff --git a/x-pack/platform/plugins/shared/index_management/server/routes/api/mapping/register_update_mapping_route.ts b/x-pack/platform/plugins/shared/index_management/server/routes/api/mapping/register_update_mapping_route.ts index cd668a8aa1cc1..e3f3e1a5e0f39 100644 --- a/x-pack/platform/plugins/shared/index_management/server/routes/api/mapping/register_update_mapping_route.ts +++ b/x-pack/platform/plugins/shared/index_management/server/routes/api/mapping/register_update_mapping_route.ts @@ -18,6 +18,12 @@ export function registerUpdateMappingRoute({ router, lib: { handleEsError } }: R router.put( { path: addBasePath('/mapping/{indexName}'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { body: schema.maybe(schema.object({}, { unknowns: 'allow' })), params: paramsSchema, diff --git a/x-pack/platform/plugins/shared/index_management/server/routes/api/nodes/register_nodes_route.ts b/x-pack/platform/plugins/shared/index_management/server/routes/api/nodes/register_nodes_route.ts index 08a0684f69c97..67fad6ae05909 100644 --- a/x-pack/platform/plugins/shared/index_management/server/routes/api/nodes/register_nodes_route.ts +++ b/x-pack/platform/plugins/shared/index_management/server/routes/api/nodes/register_nodes_route.ts @@ -11,7 +11,16 @@ import { addBasePath } from '..'; export function registerNodesRoute({ router, lib: { handleEsError } }: RouteDependencies) { // Retrieve the es plugins installed on the cluster nodes router.get( - { path: addBasePath('/nodes/plugins'), validate: {} }, + { + path: addBasePath('/nodes/plugins'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: {}, + }, async (context, request, response) => { const { client } = (await context.core).elasticsearch; diff --git a/x-pack/platform/plugins/shared/index_management/server/routes/api/settings/register_load_route.ts b/x-pack/platform/plugins/shared/index_management/server/routes/api/settings/register_load_route.ts index 6622b07f93f45..9323f10d18bcf 100644 --- a/x-pack/platform/plugins/shared/index_management/server/routes/api/settings/register_load_route.ts +++ b/x-pack/platform/plugins/shared/index_management/server/routes/api/settings/register_load_route.ts @@ -23,7 +23,16 @@ function formatHit(hit: { [key: string]: {} }) { export function registerLoadRoute({ router, lib: { handleEsError } }: RouteDependencies) { router.get( - { path: addBasePath('/settings/{indexName}'), validate: { params: paramsSchema } }, + { + path: addBasePath('/settings/{indexName}'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: { params: paramsSchema }, + }, async (context, request, response) => { const { client } = (await context.core).elasticsearch; const { indexName } = request.params as typeof paramsSchema.type; diff --git a/x-pack/platform/plugins/shared/index_management/server/routes/api/settings/register_update_route.ts b/x-pack/platform/plugins/shared/index_management/server/routes/api/settings/register_update_route.ts index 730c7a3b24274..fa95f83f01d22 100644 --- a/x-pack/platform/plugins/shared/index_management/server/routes/api/settings/register_update_route.ts +++ b/x-pack/platform/plugins/shared/index_management/server/routes/api/settings/register_update_route.ts @@ -20,6 +20,12 @@ export function registerUpdateRoute({ router, lib: { handleEsError } }: RouteDep router.put( { path: addBasePath('/settings/{indexName}'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { body: bodySchema, params: paramsSchema }, }, async (context, request, response) => { diff --git a/x-pack/platform/plugins/shared/index_management/server/routes/api/stats/register_stats_route.ts b/x-pack/platform/plugins/shared/index_management/server/routes/api/stats/register_stats_route.ts index 8e361d8488ba3..79f947a4cec96 100644 --- a/x-pack/platform/plugins/shared/index_management/server/routes/api/stats/register_stats_route.ts +++ b/x-pack/platform/plugins/shared/index_management/server/routes/api/stats/register_stats_route.ts @@ -31,7 +31,16 @@ function formatHit(hit: Hit, indexName: string) { export function registerStatsRoute({ router, lib: { handleEsError } }: RouteDependencies) { router.get( - { path: addBasePath('/stats/{indexName}'), validate: { params: paramsSchema } }, + { + path: addBasePath('/stats/{indexName}'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: { params: paramsSchema }, + }, async (context, request, response) => { const { client } = (await context.core).elasticsearch; const { indexName } = request.params as typeof paramsSchema.type; diff --git a/x-pack/platform/plugins/shared/index_management/server/routes/api/templates/register_create_route.ts b/x-pack/platform/plugins/shared/index_management/server/routes/api/templates/register_create_route.ts index 3efa001fd12c1..0e889d365ab76 100644 --- a/x-pack/platform/plugins/shared/index_management/server/routes/api/templates/register_create_route.ts +++ b/x-pack/platform/plugins/shared/index_management/server/routes/api/templates/register_create_route.ts @@ -17,7 +17,16 @@ const bodySchema = templateSchema; export function registerCreateRoute({ router, lib: { handleEsError } }: RouteDependencies) { router.post( - { path: addBasePath('/index_templates'), validate: { body: bodySchema } }, + { + path: addBasePath('/index_templates'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: { body: bodySchema }, + }, async (context, request, response) => { const { client } = (await context.core).elasticsearch; const template = request.body as TemplateDeserialized; diff --git a/x-pack/platform/plugins/shared/index_management/server/routes/api/templates/register_delete_route.ts b/x-pack/platform/plugins/shared/index_management/server/routes/api/templates/register_delete_route.ts index b6c289f3a72a8..7982aeb564475 100644 --- a/x-pack/platform/plugins/shared/index_management/server/routes/api/templates/register_delete_route.ts +++ b/x-pack/platform/plugins/shared/index_management/server/routes/api/templates/register_delete_route.ts @@ -25,6 +25,12 @@ export function registerDeleteRoute({ router, lib: { handleEsError } }: RouteDep router.post( { path: addBasePath('/delete_index_templates'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { body: bodySchema }, }, async (context, request, response) => { diff --git a/x-pack/platform/plugins/shared/index_management/server/routes/api/templates/register_get_routes.ts b/x-pack/platform/plugins/shared/index_management/server/routes/api/templates/register_get_routes.ts index ce389af9b13e8..702fb9836a672 100644 --- a/x-pack/platform/plugins/shared/index_management/server/routes/api/templates/register_get_routes.ts +++ b/x-pack/platform/plugins/shared/index_management/server/routes/api/templates/register_get_routes.ts @@ -19,7 +19,16 @@ import { addBasePath } from '..'; export function registerGetAllRoute({ router, config, lib: { handleEsError } }: RouteDependencies) { router.get( - { path: addBasePath('/index_templates'), validate: false }, + { + path: addBasePath('/index_templates'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: false, + }, async (context, request, response) => { const { client } = (await context.core).elasticsearch; @@ -70,6 +79,12 @@ export function registerGetOneRoute({ router, config, lib: { handleEsError } }: router.get( { path: addBasePath('/index_templates/{name}'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: paramsSchema, query: querySchema }, }, async (context, request, response) => { diff --git a/x-pack/platform/plugins/shared/index_management/server/routes/api/templates/register_simulate_route.ts b/x-pack/platform/plugins/shared/index_management/server/routes/api/templates/register_simulate_route.ts index 60e2cfbf8a53a..193962d34284a 100644 --- a/x-pack/platform/plugins/shared/index_management/server/routes/api/templates/register_simulate_route.ts +++ b/x-pack/platform/plugins/shared/index_management/server/routes/api/templates/register_simulate_route.ts @@ -16,6 +16,12 @@ export function registerSimulateRoute({ router, lib: { handleEsError } }: RouteD router.post( { path: addBasePath('/index_templates/simulate/{templateName?}'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { body: schema.nullable(bodySchema), params: schema.object({ templateName: schema.maybe(schema.string()) }), diff --git a/x-pack/platform/plugins/shared/index_management/server/routes/api/templates/register_update_route.ts b/x-pack/platform/plugins/shared/index_management/server/routes/api/templates/register_update_route.ts index 30b93f2e59ec0..d04bd87487755 100644 --- a/x-pack/platform/plugins/shared/index_management/server/routes/api/templates/register_update_route.ts +++ b/x-pack/platform/plugins/shared/index_management/server/routes/api/templates/register_update_route.ts @@ -22,6 +22,12 @@ export function registerUpdateRoute({ router, lib: { handleEsError } }: RouteDep router.put( { path: addBasePath('/index_templates/{name}'), + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { body: bodySchema, params: paramsSchema }, }, async (context, request, response) => { From b6e2000fb25589b64a78866f080fe7ca1ab0e96d Mon Sep 17 00:00:00 2001 From: Matthew Kime Date: Sun, 22 Dec 2024 23:26:51 -0600 Subject: [PATCH 5/8] add watcher --- .../painless_lab/server/routes/api/execute.ts | 6 +++ .../register_get_index_patterns_route.ts | 6 +++ .../routes/api/indices/register_get_route.ts | 6 +++ .../api/license/register_refresh_route.ts | 6 +++ .../routes/api/register_load_history_route.ts | 6 +++ .../api/settings/register_load_route.ts | 6 +++ .../api/watch/register_activate_route.ts | 6 +++ .../api/watch/register_deactivate_route.ts | 6 +++ .../routes/api/watch/register_delete_route.ts | 6 +++ .../api/watch/register_execute_route.ts | 6 +++ .../api/watch/register_history_route.ts | 6 +++ .../routes/api/watch/register_load_route.ts | 6 +++ .../routes/api/watch/register_save_route.ts | 6 +++ .../api/watch/register_visualize_route.ts | 6 +++ .../api/watches/register_delete_route.ts | 6 +++ .../routes/api/watches/register_list_route.ts | 6 +++ .../server/routes/api/create.ts | 6 +++ .../server/routes/api/database/create.ts | 6 +++ .../server/routes/api/database/delete.ts | 6 +++ .../server/routes/api/database/list.ts | 44 ++++++++++++------- .../server/routes/api/delete.ts | 6 +++ .../server/routes/api/documents.ts | 6 +++ .../ingest_pipelines/server/routes/api/get.ts | 6 +++ .../server/routes/api/privileges.ts | 6 +++ .../server/routes/api/simulate.ts | 6 +++ .../server/routes/api/update.ts | 6 +++ 26 files changed, 178 insertions(+), 16 deletions(-) diff --git a/x-pack/platform/plugins/private/painless_lab/server/routes/api/execute.ts b/x-pack/platform/plugins/private/painless_lab/server/routes/api/execute.ts index 88f2156a5fb4c..43ee24af223ce 100644 --- a/x-pack/platform/plugins/private/painless_lab/server/routes/api/execute.ts +++ b/x-pack/platform/plugins/private/painless_lab/server/routes/api/execute.ts @@ -17,6 +17,12 @@ export function registerExecuteRoute({ router, license }: RouteDependencies) { router.post( { path: `${API_BASE_PATH}/execute`, + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { body: bodySchema, }, diff --git a/x-pack/platform/plugins/private/watcher/server/routes/api/indices/register_get_index_patterns_route.ts b/x-pack/platform/plugins/private/watcher/server/routes/api/indices/register_get_index_patterns_route.ts index 0c49e5ea894dd..7d11498958824 100644 --- a/x-pack/platform/plugins/private/watcher/server/routes/api/indices/register_get_index_patterns_route.ts +++ b/x-pack/platform/plugins/private/watcher/server/routes/api/indices/register_get_index_patterns_route.ts @@ -16,6 +16,12 @@ export function registerGetIndexPatternsRoute({ router.get( { path: '/api/watcher/indices/index_patterns', + security: { + authz: { + enabled: false, + reason: 'Relies on saved object client for authorization', + }, + }, validate: false, }, license.guardApiRoute(async ({ core }, request, response) => { diff --git a/x-pack/platform/plugins/private/watcher/server/routes/api/indices/register_get_route.ts b/x-pack/platform/plugins/private/watcher/server/routes/api/indices/register_get_route.ts index da78238ebd5cd..bda36d04d5c3c 100644 --- a/x-pack/platform/plugins/private/watcher/server/routes/api/indices/register_get_route.ts +++ b/x-pack/platform/plugins/private/watcher/server/routes/api/indices/register_get_route.ts @@ -79,6 +79,12 @@ export function registerGetRoute({ router, license, lib: { handleEsError } }: Ro router.post( { path: '/api/watcher/indices', + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { body: bodySchema, }, diff --git a/x-pack/platform/plugins/private/watcher/server/routes/api/license/register_refresh_route.ts b/x-pack/platform/plugins/private/watcher/server/routes/api/license/register_refresh_route.ts index 796494880b8e5..9be27d85fcf2b 100644 --- a/x-pack/platform/plugins/private/watcher/server/routes/api/license/register_refresh_route.ts +++ b/x-pack/platform/plugins/private/watcher/server/routes/api/license/register_refresh_route.ts @@ -17,6 +17,12 @@ export function registerRefreshRoute({ router, license }: RouteDependencies) { router.get( { path: '/api/watcher/license/refresh', + security: { + authz: { + enabled: false, + reason: 'Relies on license for authorization', + }, + }, validate: false, }, license.guardApiRoute((ctx, request, response) => { diff --git a/x-pack/platform/plugins/private/watcher/server/routes/api/register_load_history_route.ts b/x-pack/platform/plugins/private/watcher/server/routes/api/register_load_history_route.ts index d3a3f07e41b9a..8dd7bd722a654 100644 --- a/x-pack/platform/plugins/private/watcher/server/routes/api/register_load_history_route.ts +++ b/x-pack/platform/plugins/private/watcher/server/routes/api/register_load_history_route.ts @@ -38,6 +38,12 @@ export function registerLoadHistoryRoute({ router.get( { path: '/api/watcher/history/{id}', + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: paramsSchema, }, diff --git a/x-pack/platform/plugins/private/watcher/server/routes/api/settings/register_load_route.ts b/x-pack/platform/plugins/private/watcher/server/routes/api/settings/register_load_route.ts index 6fdbbe1de96ac..2999c0081b9a8 100644 --- a/x-pack/platform/plugins/private/watcher/server/routes/api/settings/register_load_route.ts +++ b/x-pack/platform/plugins/private/watcher/server/routes/api/settings/register_load_route.ts @@ -21,6 +21,12 @@ export function registerLoadRoute({ router, license, lib: { handleEsError } }: R router.get( { path: '/api/watcher/settings', + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: false, }, license.guardApiRoute(async (ctx, request, response) => { diff --git a/x-pack/platform/plugins/private/watcher/server/routes/api/watch/register_activate_route.ts b/x-pack/platform/plugins/private/watcher/server/routes/api/watch/register_activate_route.ts index 54a135d2ff895..c3ff190508be8 100644 --- a/x-pack/platform/plugins/private/watcher/server/routes/api/watch/register_activate_route.ts +++ b/x-pack/platform/plugins/private/watcher/server/routes/api/watch/register_activate_route.ts @@ -33,6 +33,12 @@ export function registerActivateRoute({ router.put( { path: '/api/watcher/watch/{watchId}/activate', + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: paramsSchema, }, diff --git a/x-pack/platform/plugins/private/watcher/server/routes/api/watch/register_deactivate_route.ts b/x-pack/platform/plugins/private/watcher/server/routes/api/watch/register_deactivate_route.ts index e5565bc4ee7af..7281ac129d411 100644 --- a/x-pack/platform/plugins/private/watcher/server/routes/api/watch/register_deactivate_route.ts +++ b/x-pack/platform/plugins/private/watcher/server/routes/api/watch/register_deactivate_route.ts @@ -32,6 +32,12 @@ export function registerDeactivateRoute({ router.put( { path: '/api/watcher/watch/{watchId}/deactivate', + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: paramsSchema, }, diff --git a/x-pack/platform/plugins/private/watcher/server/routes/api/watch/register_delete_route.ts b/x-pack/platform/plugins/private/watcher/server/routes/api/watch/register_delete_route.ts index c35efbd4bb320..a7cbb42643c71 100644 --- a/x-pack/platform/plugins/private/watcher/server/routes/api/watch/register_delete_route.ts +++ b/x-pack/platform/plugins/private/watcher/server/routes/api/watch/register_delete_route.ts @@ -27,6 +27,12 @@ export function registerDeleteRoute({ router.delete( { path: '/api/watcher/watch/{watchId}', + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: paramsSchema, }, diff --git a/x-pack/platform/plugins/private/watcher/server/routes/api/watch/register_execute_route.ts b/x-pack/platform/plugins/private/watcher/server/routes/api/watch/register_execute_route.ts index c7a082f640c6a..d5467d126d1aa 100644 --- a/x-pack/platform/plugins/private/watcher/server/routes/api/watch/register_execute_route.ts +++ b/x-pack/platform/plugins/private/watcher/server/routes/api/watch/register_execute_route.ts @@ -41,6 +41,12 @@ export function registerExecuteRoute({ router.put( { path: '/api/watcher/watch/execute', + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { body: bodySchema, }, diff --git a/x-pack/platform/plugins/private/watcher/server/routes/api/watch/register_history_route.ts b/x-pack/platform/plugins/private/watcher/server/routes/api/watch/register_history_route.ts index f3d810424d9a6..65d73fbd7390f 100644 --- a/x-pack/platform/plugins/private/watcher/server/routes/api/watch/register_history_route.ts +++ b/x-pack/platform/plugins/private/watcher/server/routes/api/watch/register_history_route.ts @@ -56,6 +56,12 @@ export function registerHistoryRoute({ router.get( { path: '/api/watcher/watch/{watchId}/history', + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: paramsSchema, query: querySchema, diff --git a/x-pack/platform/plugins/private/watcher/server/routes/api/watch/register_load_route.ts b/x-pack/platform/plugins/private/watcher/server/routes/api/watch/register_load_route.ts index a2fea1d5b73d4..c7db067cd0a22 100644 --- a/x-pack/platform/plugins/private/watcher/server/routes/api/watch/register_load_route.ts +++ b/x-pack/platform/plugins/private/watcher/server/routes/api/watch/register_load_route.ts @@ -26,6 +26,12 @@ export function registerLoadRoute({ router, license, lib: { handleEsError } }: R router.get( { path: '/api/watcher/watch/{id}', + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: paramsSchema, }, diff --git a/x-pack/platform/plugins/private/watcher/server/routes/api/watch/register_save_route.ts b/x-pack/platform/plugins/private/watcher/server/routes/api/watch/register_save_route.ts index 46068c2d30ebb..a2d93b0d14e0d 100644 --- a/x-pack/platform/plugins/private/watcher/server/routes/api/watch/register_save_route.ts +++ b/x-pack/platform/plugins/private/watcher/server/routes/api/watch/register_save_route.ts @@ -28,6 +28,12 @@ export function registerSaveRoute({ router, license, lib: { handleEsError } }: R router.put( { path: '/api/watcher/watch/{id}', + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: paramsSchema, body: bodySchema, diff --git a/x-pack/platform/plugins/private/watcher/server/routes/api/watch/register_visualize_route.ts b/x-pack/platform/plugins/private/watcher/server/routes/api/watch/register_visualize_route.ts index defc1b3451e6b..1c8ba085fbf65 100644 --- a/x-pack/platform/plugins/private/watcher/server/routes/api/watch/register_visualize_route.ts +++ b/x-pack/platform/plugins/private/watcher/server/routes/api/watch/register_visualize_route.ts @@ -42,6 +42,12 @@ export function registerVisualizeRoute({ router.post( { path: '/api/watcher/watch/visualize', + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { body: bodySchema, }, diff --git a/x-pack/platform/plugins/private/watcher/server/routes/api/watches/register_delete_route.ts b/x-pack/platform/plugins/private/watcher/server/routes/api/watches/register_delete_route.ts index 5458f850b33e6..7cfe3e51b6915 100644 --- a/x-pack/platform/plugins/private/watcher/server/routes/api/watches/register_delete_route.ts +++ b/x-pack/platform/plugins/private/watcher/server/routes/api/watches/register_delete_route.ts @@ -51,6 +51,12 @@ export function registerDeleteRoute({ router, license }: RouteDependencies) { router.post( { path: '/api/watcher/watches/delete', + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { body: bodySchema, }, diff --git a/x-pack/platform/plugins/private/watcher/server/routes/api/watches/register_list_route.ts b/x-pack/platform/plugins/private/watcher/server/routes/api/watches/register_list_route.ts index 56affd6be154e..bd00a7e8779fc 100644 --- a/x-pack/platform/plugins/private/watcher/server/routes/api/watches/register_list_route.ts +++ b/x-pack/platform/plugins/private/watcher/server/routes/api/watches/register_list_route.ts @@ -12,6 +12,12 @@ export function registerListRoute({ router, license, lib: { handleEsError } }: R router.get( { path: '/api/watcher/watches', + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: false, }, license.guardApiRoute(async (ctx, request, response) => { diff --git a/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/create.ts b/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/create.ts index ab23b58afba48..f43ccb7b4be81 100644 --- a/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/create.ts +++ b/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/create.ts @@ -25,6 +25,12 @@ export const registerCreateRoute = ({ router.post( { path: API_BASE_PATH, + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { body: bodySchema, }, diff --git a/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/database/create.ts b/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/database/create.ts index 56fef0e159d66..a6a519552b2e8 100644 --- a/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/database/create.ts +++ b/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/database/create.ts @@ -41,6 +41,12 @@ export const registerCreateDatabaseRoute = ({ router.post( { path: `${API_BASE_PATH}/databases`, + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { body: bodySchema, }, diff --git a/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/database/delete.ts b/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/database/delete.ts index 69dcde1436fd6..da24391958131 100644 --- a/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/database/delete.ts +++ b/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/database/delete.ts @@ -20,6 +20,12 @@ export const registerDeleteDatabaseRoute = ({ router.delete( { path: `${API_BASE_PATH}/databases/{database_id}`, + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: paramsSchema, }, diff --git a/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/database/list.ts b/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/database/list.ts index eb6eb2e7dabd8..ea3f9a07f78ee 100644 --- a/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/database/list.ts +++ b/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/database/list.ts @@ -14,25 +14,37 @@ export const registerListDatabaseRoute = ({ router, lib: { handleEsError }, }: RouteDependencies): void => { - router.get({ path: `${API_BASE_PATH}/databases`, validate: false }, async (ctx, req, res) => { - const { client: clusterClient } = (await ctx.core).elasticsearch; + router.get( + { + path: `${API_BASE_PATH}/databases`, + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: false, + }, + async (ctx, req, res) => { + const { client: clusterClient } = (await ctx.core).elasticsearch; - try { - const data = (await clusterClient.asCurrentUser.ingest.getGeoipDatabase()) as { - databases: GeoipDatabaseFromES[]; - }; + try { + const data = (await clusterClient.asCurrentUser.ingest.getGeoipDatabase()) as { + databases: GeoipDatabaseFromES[]; + }; - const body = sortBy(data.databases.map(deserializeGeoipDatabase), 'name'); + const body = sortBy(data.databases.map(deserializeGeoipDatabase), 'name'); - return res.ok({ body }); - } catch (error) { - const esErrorResponse = handleEsError({ error, response: res }); - if (esErrorResponse.status === 404) { - // ES returns 404 when there are no pipelines - // Instead, we return an empty array and 200 status back to the client - return res.ok({ body: [] }); + return res.ok({ body }); + } catch (error) { + const esErrorResponse = handleEsError({ error, response: res }); + if (esErrorResponse.status === 404) { + // ES returns 404 when there are no pipelines + // Instead, we return an empty array and 200 status back to the client + return res.ok({ body: [] }); + } + return esErrorResponse; } - return esErrorResponse; } - }); + ); }; diff --git a/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/delete.ts b/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/delete.ts index 1b2fdd1444400..accd2432fcb92 100644 --- a/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/delete.ts +++ b/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/delete.ts @@ -18,6 +18,12 @@ export const registerDeleteRoute = ({ router }: RouteDependencies): void => { router.delete( { path: `${API_BASE_PATH}/{names}`, + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: paramsSchema, }, diff --git a/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/documents.ts b/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/documents.ts index b5aff114e44d2..df5a6639f9939 100644 --- a/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/documents.ts +++ b/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/documents.ts @@ -22,6 +22,12 @@ export const registerDocumentsRoute = ({ router.get( { path: `${API_BASE_PATH}/documents/{index}/{id}`, + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: paramsSchema, }, diff --git a/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/get.ts b/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/get.ts index ee43eb0c4800c..084ba8bb7b1b6 100644 --- a/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/get.ts +++ b/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/get.ts @@ -39,6 +39,12 @@ export const registerGetRoutes = ({ router, lib: { handleEsError } }: RouteDepen router.get( { path: `${API_BASE_PATH}/{name}`, + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: paramsSchema, }, diff --git a/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/privileges.ts b/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/privileges.ts index 87f0e3e79f07f..418d8665f5817 100644 --- a/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/privileges.ts +++ b/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/privileges.ts @@ -26,6 +26,12 @@ export const registerPrivilegesRoute = ({ router, config }: RouteDependencies) = router.get( { path: `${API_BASE_PATH}/privileges/{permissions_type}`, + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: schema.object({ permissions_type: schema.oneOf([ diff --git a/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/simulate.ts b/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/simulate.ts index a313afbc2a2c5..276cd29e03b39 100644 --- a/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/simulate.ts +++ b/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/simulate.ts @@ -24,6 +24,12 @@ export const registerSimulateRoute = ({ router.post( { path: `${API_BASE_PATH}/simulate`, + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { body: bodySchema, }, diff --git a/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/update.ts b/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/update.ts index 3ed888e254009..c14fd46bced88 100644 --- a/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/update.ts +++ b/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/update.ts @@ -24,6 +24,12 @@ export const registerUpdateRoute = ({ router.put( { path: `${API_BASE_PATH}/{name}`, + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { body: bodySchema, params: paramsSchema, From 9c6363f96c1eb9ce9e05551039c4a0cda3af6811 Mon Sep 17 00:00:00 2001 From: Matthew Kime Date: Mon, 23 Dec 2024 10:38:31 -0600 Subject: [PATCH 6/8] add two more --- .../server/routes/api/register_list_fields_route.ts | 6 ++++++ .../shared/searchprofiler/server/routes/profile.ts | 12 ++++++++++++ 2 files changed, 18 insertions(+) diff --git a/x-pack/platform/plugins/private/watcher/server/routes/api/register_list_fields_route.ts b/x-pack/platform/plugins/private/watcher/server/routes/api/register_list_fields_route.ts index 915695eaf50fa..df2e2b3bc302e 100644 --- a/x-pack/platform/plugins/private/watcher/server/routes/api/register_list_fields_route.ts +++ b/x-pack/platform/plugins/private/watcher/server/routes/api/register_list_fields_route.ts @@ -35,6 +35,12 @@ export function registerListFieldsRoute({ router.post( { path: '/api/watcher/fields', + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { body: bodySchema, }, diff --git a/x-pack/platform/plugins/shared/searchprofiler/server/routes/profile.ts b/x-pack/platform/plugins/shared/searchprofiler/server/routes/profile.ts index 7141a51c2c7f5..8accdb2f96e41 100644 --- a/x-pack/platform/plugins/shared/searchprofiler/server/routes/profile.ts +++ b/x-pack/platform/plugins/shared/searchprofiler/server/routes/profile.ts @@ -13,6 +13,12 @@ export const register = ({ router, getLicenseStatus, log }: RouteDependencies) = router.post( { path: `${API_BASE_PATH}/profile`, + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { body: schema.object({ query: schema.object({}, { unknowns: 'allow' }), @@ -72,6 +78,12 @@ export const register = ({ router, getLicenseStatus, log }: RouteDependencies) = router.get( { path: `${API_BASE_PATH}/has_indices`, + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: false, }, async (ctx, _request, response) => { From 20c986cf3339ac951a272e39a8921a5d8fe62e12 Mon Sep 17 00:00:00 2001 From: Matthew Kime Date: Thu, 26 Dec 2024 10:45:52 -0600 Subject: [PATCH 7/8] partial console authz info --- .../routes/api/console/es_config/index.ts | 36 ++++++++++++------- .../server/routes/api/console/proxy/index.ts | 6 ++++ .../api/console/spec_definitions/index.ts | 14 +++++++- 3 files changed, 43 insertions(+), 13 deletions(-) diff --git a/src/platform/plugins/shared/console/server/routes/api/console/es_config/index.ts b/src/platform/plugins/shared/console/server/routes/api/console/es_config/index.ts index a1d1a6cdb7950..817d8d7cc7e3a 100644 --- a/src/platform/plugins/shared/console/server/routes/api/console/es_config/index.ts +++ b/src/platform/plugins/shared/console/server/routes/api/console/es_config/index.ts @@ -11,19 +11,31 @@ import { EsConfigApiResponse } from '../../../../../common/types/api_responses'; import { RouteDependencies } from '../../..'; export const registerEsConfigRoute = ({ router, services }: RouteDependencies): void => { - router.get({ path: '/api/console/es_config', validate: false }, async (ctx, req, res) => { - const cloudUrl = services.esLegacyConfigService.getCloudUrl(); - if (cloudUrl) { - const body: EsConfigApiResponse = { host: cloudUrl }; + router.get( + { + path: '/api/console/es_config', + security: { + authz: { + enabled: false, + reason: 'Low effort request for config content', + }, + }, + validate: false, + }, + async (ctx, req, res) => { + const cloudUrl = services.esLegacyConfigService.getCloudUrl(); + if (cloudUrl) { + const body: EsConfigApiResponse = { host: cloudUrl }; - return res.ok({ body }); - } - const { - hosts: [host], - } = await services.esLegacyConfigService.readConfig(); + return res.ok({ body }); + } + const { + hosts: [host], + } = await services.esLegacyConfigService.readConfig(); - const body: EsConfigApiResponse = { host }; + const body: EsConfigApiResponse = { host }; - return res.ok({ body }); - }); + return res.ok({ body }); + } + ); }; diff --git a/src/platform/plugins/shared/console/server/routes/api/console/proxy/index.ts b/src/platform/plugins/shared/console/server/routes/api/console/proxy/index.ts index d30aa32060b73..2d2dcedbb7954 100644 --- a/src/platform/plugins/shared/console/server/routes/api/console/proxy/index.ts +++ b/src/platform/plugins/shared/console/server/routes/api/console/proxy/index.ts @@ -23,6 +23,12 @@ export const registerProxyRoute = (deps: RouteDependencies) => { parse: false, }, }, + security: { + authz: { + enabled: false, + reason: 'Relies on es for authorization', + }, + }, validate: routeValidationConfig, }, createHandler(deps) diff --git a/src/platform/plugins/shared/console/server/routes/api/console/spec_definitions/index.ts b/src/platform/plugins/shared/console/server/routes/api/console/spec_definitions/index.ts index 2b2e003e7eb39..e4f500fb14e7b 100644 --- a/src/platform/plugins/shared/console/server/routes/api/console/spec_definitions/index.ts +++ b/src/platform/plugins/shared/console/server/routes/api/console/spec_definitions/index.ts @@ -32,5 +32,17 @@ export const registerSpecDefinitionsRoute = ({ router, services }: RouteDependen }); }; - router.get({ path: '/api/console/api_server', validate: false }, handler); + router.get( + { + path: '/api/console/api_server', + security: { + authz: { + enabled: false, + reason: 'Low effort request for config info', + }, + }, + validate: false, + }, + handler + ); }; From 435bcc543a0c9a65a661df4c65bf991bf35a2f5a Mon Sep 17 00:00:00 2001 From: Matthew Kime Date: Thu, 26 Dec 2024 17:23:42 -0600 Subject: [PATCH 8/8] revert console changes --- .../console/autocomplete_entities/index.ts | 6 ---- .../routes/api/console/es_config/index.ts | 36 +++++++------------ .../server/routes/api/console/proxy/index.ts | 6 ---- .../api/console/spec_definitions/index.ts | 14 +------- 4 files changed, 13 insertions(+), 49 deletions(-) diff --git a/src/platform/plugins/shared/console/server/routes/api/console/autocomplete_entities/index.ts b/src/platform/plugins/shared/console/server/routes/api/console/autocomplete_entities/index.ts index bbd8720efbdd0..0dacd8e93cc9b 100644 --- a/src/platform/plugins/shared/console/server/routes/api/console/autocomplete_entities/index.ts +++ b/src/platform/plugins/shared/console/server/routes/api/console/autocomplete_entities/index.ts @@ -87,12 +87,6 @@ export const registerAutocompleteEntitiesRoute = (deps: RouteDependencies) => { deps.router.get( { path: '/api/console/autocomplete_entities', - security: { - authz: { - enabled: false, - reason: 'Relies on es client for authorization', - }, - }, options: { tags: ['access:console'], }, diff --git a/src/platform/plugins/shared/console/server/routes/api/console/es_config/index.ts b/src/platform/plugins/shared/console/server/routes/api/console/es_config/index.ts index 817d8d7cc7e3a..a1d1a6cdb7950 100644 --- a/src/platform/plugins/shared/console/server/routes/api/console/es_config/index.ts +++ b/src/platform/plugins/shared/console/server/routes/api/console/es_config/index.ts @@ -11,31 +11,19 @@ import { EsConfigApiResponse } from '../../../../../common/types/api_responses'; import { RouteDependencies } from '../../..'; export const registerEsConfigRoute = ({ router, services }: RouteDependencies): void => { - router.get( - { - path: '/api/console/es_config', - security: { - authz: { - enabled: false, - reason: 'Low effort request for config content', - }, - }, - validate: false, - }, - async (ctx, req, res) => { - const cloudUrl = services.esLegacyConfigService.getCloudUrl(); - if (cloudUrl) { - const body: EsConfigApiResponse = { host: cloudUrl }; - - return res.ok({ body }); - } - const { - hosts: [host], - } = await services.esLegacyConfigService.readConfig(); - - const body: EsConfigApiResponse = { host }; + router.get({ path: '/api/console/es_config', validate: false }, async (ctx, req, res) => { + const cloudUrl = services.esLegacyConfigService.getCloudUrl(); + if (cloudUrl) { + const body: EsConfigApiResponse = { host: cloudUrl }; return res.ok({ body }); } - ); + const { + hosts: [host], + } = await services.esLegacyConfigService.readConfig(); + + const body: EsConfigApiResponse = { host }; + + return res.ok({ body }); + }); }; diff --git a/src/platform/plugins/shared/console/server/routes/api/console/proxy/index.ts b/src/platform/plugins/shared/console/server/routes/api/console/proxy/index.ts index 2d2dcedbb7954..d30aa32060b73 100644 --- a/src/platform/plugins/shared/console/server/routes/api/console/proxy/index.ts +++ b/src/platform/plugins/shared/console/server/routes/api/console/proxy/index.ts @@ -23,12 +23,6 @@ export const registerProxyRoute = (deps: RouteDependencies) => { parse: false, }, }, - security: { - authz: { - enabled: false, - reason: 'Relies on es for authorization', - }, - }, validate: routeValidationConfig, }, createHandler(deps) diff --git a/src/platform/plugins/shared/console/server/routes/api/console/spec_definitions/index.ts b/src/platform/plugins/shared/console/server/routes/api/console/spec_definitions/index.ts index e4f500fb14e7b..2b2e003e7eb39 100644 --- a/src/platform/plugins/shared/console/server/routes/api/console/spec_definitions/index.ts +++ b/src/platform/plugins/shared/console/server/routes/api/console/spec_definitions/index.ts @@ -32,17 +32,5 @@ export const registerSpecDefinitionsRoute = ({ router, services }: RouteDependen }); }; - router.get( - { - path: '/api/console/api_server', - security: { - authz: { - enabled: false, - reason: 'Low effort request for config info', - }, - }, - validate: false, - }, - handler - ); + router.get({ path: '/api/console/api_server', validate: false }, handler); };