Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authz info for a number of REST api routes owned by Kibana Management team #204682

Merged
merged 13 commits into from
Dec 27, 2024
Merged

Authz info for a number of REST api routes owned by Kibana Management team #204682

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
eeffbe8
authz info for api routes
mattkime Dec 18, 2024
e4698d9
Merge branch 'main' into authz_info_for_some_kbn_mgmt_api_routes
mattkime Dec 20, 2024
7dae1de
add remote_clusters
mattkime Dec 22, 2024
e79ed10
add a few more
mattkime Dec 22, 2024
daf5d6a
add index_management
mattkime Dec 23, 2024
b6e2000
add watcher
mattkime Dec 23, 2024
a584c23
Merge branch 'main' into authz_info_for_some_kbn_mgmt_api_routes
mattkime Dec 23, 2024
9c6363f
add two more
mattkime Dec 23, 2024
20c986c
partial console authz info
mattkime Dec 26, 2024
c938376
Merge branch 'main' into authz_info_for_some_kbn_mgmt_api_routes
mattkime Dec 26, 2024
3ac6e8b
Merge branch 'main' into authz_info_for_some_kbn_mgmt_api_routes
mattkime Dec 26, 2024
c919fba
Merge branch 'authz_info_for_some_kbn_mgmt_api_routes' of github.com:…
mattkime Dec 26, 2024
435bcc5
revert console changes
mattkime Dec 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .../cross_cluster_replication/server/routes/api/auto_follow_pattern/register_create_route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,12 @@ export const registerCreateRoute = ({
router.post(
{
path: addBasePath('/auto_follow_patterns'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
body: bodySchema,
},
Expand Down
6 changes: 6 additions & 0 deletions .../cross_cluster_replication/server/routes/api/auto_follow_pattern/register_delete_route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,12 @@ export const registerDeleteRoute = ({
router.delete(
{
path: addBasePath('/auto_follow_patterns/{id}'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
params: paramsSchema,
},
Expand Down
6 changes: 6 additions & 0 deletions ...e/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_fetch_route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,12 @@ export const registerFetchRoute = ({
router.get(
{
path: addBasePath('/auto_follow_patterns'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: false,
},
license.guardApiRoute(async (context, request, response) => {
Expand Down
6 changes: 6 additions & 0 deletions ...ate/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_get_route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,12 @@ export const registerGetRoute = ({
router.get(
{
path: addBasePath('/auto_follow_patterns/{id}'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
params: paramsSchema,
},
Expand Down
6 changes: 6 additions & 0 deletions ...e/cross_cluster_replication/server/routes/api/auto_follow_pattern/register_pause_route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,12 @@ export const registerPauseRoute = ({
router.post(
{
path: addBasePath('/auto_follow_patterns/{id}/pause'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
params: paramsSchema,
},
Expand Down
6 changes: 6 additions & 0 deletions .../cross_cluster_replication/server/routes/api/auto_follow_pattern/register_resume_route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,12 @@ export const registerResumeRoute = ({
router.post(
{
path: addBasePath('/auto_follow_patterns/{id}/resume'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
params: paramsSchema,
},
Expand Down
6 changes: 6 additions & 0 deletions .../cross_cluster_replication/server/routes/api/auto_follow_pattern/register_update_route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,12 @@ export const registerUpdateRoute = ({
router.put(
{
path: addBasePath('/auto_follow_patterns/{id}'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
params: paramsSchema,
body: bodySchema,
Expand Down
6 changes: 6 additions & 0 deletions ...ter_replication/server/routes/api/cross_cluster_replication/register_permissions_route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,12 @@ export const registerPermissionsRoute = ({
router.get(
{
path: addBasePath('/permissions'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: false,
},
license.guardApiRoute(async (context, request, response) => {
Expand Down
6 changes: 6 additions & 0 deletions ...s_cluster_replication/server/routes/api/cross_cluster_replication/register_stats_route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,12 @@ export const registerStatsRoute = ({
router.get(
{
path: addBasePath('/stats/auto_follow'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: false,
},
license.guardApiRoute(async (context, request, response) => {
Expand Down
6 changes: 6 additions & 0 deletions ...ivate/cross_cluster_replication/server/routes/api/follower_index/register_create_route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,12 @@ export const registerCreateRoute = ({
router.post(
{
path: addBasePath('/follower_indices'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
body: bodySchema,
},
Expand Down
6 changes: 6 additions & 0 deletions ...rivate/cross_cluster_replication/server/routes/api/follower_index/register_fetch_route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,12 @@ export const registerFetchRoute = ({
router.get(
{
path: addBasePath('/follower_indices'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: false,
},
license.guardApiRoute(async (context, request, response) => {
Expand Down
6 changes: 6 additions & 0 deletions .../private/cross_cluster_replication/server/routes/api/follower_index/register_get_route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,12 @@ export const registerGetRoute = ({
router.get(
{
path: addBasePath('/follower_indices/{id}'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
params: paramsSchema,
},
Expand Down
6 changes: 6 additions & 0 deletions ...rivate/cross_cluster_replication/server/routes/api/follower_index/register_pause_route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,12 @@ export const registerPauseRoute = ({
router.put(
{
path: addBasePath('/follower_indices/{id}/pause'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
params: paramsSchema,
},
Expand Down
6 changes: 6 additions & 0 deletions ...ivate/cross_cluster_replication/server/routes/api/follower_index/register_resume_route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,12 @@ export const registerResumeRoute = ({
router.put(
{
path: addBasePath('/follower_indices/{id}/resume'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
params: paramsSchema,
},
Expand Down
6 changes: 6 additions & 0 deletions ...ate/cross_cluster_replication/server/routes/api/follower_index/register_unfollow_route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,12 @@ export const registerUnfollowRoute = ({
router.put(
{
path: addBasePath('/follower_indices/{id}/unfollow'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
params: paramsSchema,
},
Expand Down
6 changes: 6 additions & 0 deletions ...ivate/cross_cluster_replication/server/routes/api/follower_index/register_update_route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,12 @@ export const registerUpdateRoute = ({
router.put(
{
path: addBasePath('/follower_indices/{id}'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
params: paramsSchema,
body: bodySchema,
Expand Down
6 changes: 6 additions & 0 deletions ...ugins/private/grokdebugger/server/routes/api/grokdebugger/register_grok_simulate_route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,12 @@ export function registerGrokSimulateRoute(framework: KibanaFramework) {
{
method: 'post',
path: '/api/grokdebugger/simulate',
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
body: requestBodySchema,
},
Expand Down
11 changes: 10 additions & 1 deletion ...s/private/index_lifecycle_management/server/routes/api/index/register_add_policy_route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,16 @@ export function registerAddPolicyRoute({
lib: { handleEsError },
}: RouteDependencies) {
router.post(
{ path: addBasePath('/index/add'), validate: { body: bodySchema } },
{
path: addBasePath('/index/add'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: { body: bodySchema },
},
license.guardApiRoute(async (context, request, response) => {
const body = request.body as typeof bodySchema.type;
const { indexName, policyName, alias = '' } = body;
Expand Down
11 changes: 10 additions & 1 deletion ...ugins/private/index_lifecycle_management/server/routes/api/index/register_remove_route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,16 @@ export function registerRemoveRoute({
lib: { handleEsError },
}: RouteDependencies) {
router.post(
{ path: addBasePath('/index/remove'), validate: { body: bodySchema } },
{
path: addBasePath('/index/remove'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: { body: bodySchema },
},
license.guardApiRoute(async (context, request, response) => {
const body = request.body as typeof bodySchema.type;
const { indexNames } = body;
Expand Down
11 changes: 10 additions & 1 deletion ...lugins/private/index_lifecycle_management/server/routes/api/index/register_retry_route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,16 @@ const bodySchema = schema.object({

export function registerRetryRoute({ router, license, lib: { handleEsError } }: RouteDependencies) {
router.post(
{ path: addBasePath('/index/retry'), validate: { body: bodySchema } },
{
path: addBasePath('/index/retry'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: { body: bodySchema },
},
license.guardApiRoute(async (context, request, response) => {
const body = request.body as typeof bodySchema.type;
const { indexNames } = body;
Expand Down
11 changes: 10 additions & 1 deletion ...gins/private/index_lifecycle_management/server/routes/api/nodes/register_details_route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,16 @@ export function registerDetailsRoute({
lib: { handleEsError },
}: RouteDependencies) {
router.get(
{ path: addBasePath('/nodes/{nodeAttrs}/details'), validate: { params: paramsSchema } },
{
path: addBasePath('/nodes/{nodeAttrs}/details'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: { params: paramsSchema },
},
license.guardApiRoute(async (context, request, response) => {
const params = request.params as typeof paramsSchema.type;
const { nodeAttrs } = params;
Expand Down
11 changes: 10 additions & 1 deletion ...plugins/private/index_lifecycle_management/server/routes/api/nodes/register_list_route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,16 @@ export function registerListRoute({
const disallowedNodeAttributes = [...NODE_ATTRS_KEYS_TO_IGNORE, ...filteredNodeAttributes];

router.get(
{ path: addBasePath('/nodes/list'), validate: false },
{
path: addBasePath('/nodes/list'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: false,
},
license.guardApiRoute(async (context, request, response) => {
try {
const esClient = (await context.core).elasticsearch.client;
Expand Down
11 changes: 10 additions & 1 deletion ...ns/private/index_lifecycle_management/server/routes/api/policies/register_create_route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,16 @@ export function registerCreateRoute({
lib: { handleEsError },
}: RouteDependencies) {
router.post(
{ path: addBasePath('/policies'), validate: { body: bodySchema } },
{
path: addBasePath('/policies'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: { body: bodySchema },
},
license.guardApiRoute(async (context, request, response) => {
const body = request.body as typeof bodySchema.type;
const { name, ...rest } = body;
Expand Down
11 changes: 10 additions & 1 deletion ...ns/private/index_lifecycle_management/server/routes/api/policies/register_delete_route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,16 @@ export function registerDeleteRoute({
lib: { handleEsError },
}: RouteDependencies) {
router.delete(
{ path: addBasePath('/policies/{policyNames}'), validate: { params: paramsSchema } },
{
path: addBasePath('/policies/{policyNames}'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: { params: paramsSchema },
},
license.guardApiRoute(async (context, request, response) => {
const params = request.params as typeof paramsSchema.type;
const { policyNames } = params;
Expand Down
11 changes: 10 additions & 1 deletion ...ins/private/index_lifecycle_management/server/routes/api/policies/register_fetch_route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,16 @@ async function fetchPolicies(client: ElasticsearchClient): Promise<TransportResu

export function registerFetchRoute({ router, license, lib: { handleEsError } }: RouteDependencies) {
router.get(
{ path: addBasePath('/policies'), validate: false },
{
path: addBasePath('/policies'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: false,
},
license.guardApiRoute(async (context, request, response) => {
const { asCurrentUser } = (await context.core).elasticsearch.client;

Expand Down
11 changes: 10 additions & 1 deletion ...te/index_lifecycle_management/server/routes/api/snapshot_policies/register_fetch_route.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,16 @@ import { addBasePath } from '../../../services';

export function registerFetchRoute({ router, license, lib: { handleEsError } }: RouteDependencies) {
router.get(
{ path: addBasePath('/snapshot_policies'), validate: false },
{
path: addBasePath('/snapshot_policies'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: false,
},
license.guardApiRoute(async (context, request, response) => {
try {
const esClient = (await context.core).elasticsearch.client;
Expand Down
Loading
Loading