Skip to content

Commit

Permalink
[8.x] Authz info for a number of REST api routes owned by Kibana Mana…
Browse files Browse the repository at this point in the history
…gement team (#204682) (#205209)

# Backport

This will backport the following commits from `main` to `8.x`:
- [Authz info for a number of REST api routes owned by Kibana Management
team (#204682)](#204682)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Matthew
Kime","email":"matt@mattki.me"},"sourceCommit":{"committedDate":"2024-12-27T15:00:53Z","message":"Authz
info for a number of REST api routes owned by Kibana Management team
(#204682)\n\n## Summary\r\n\r\nPart of
https://github.com/elastic/kibana/issues/204681\r\n\r\nSimply adding
authz
info","sha":"2a630639b3fe4ce3f22f259336a5f893da43b503","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Kibana
Management","release_note:skip","v9.0.0","backport:prev-minor"],"title":"Authz
info for a number of REST api routes owned by Kibana Management
team","number":204682,"url":"https://github.com/elastic/kibana/pull/204682","mergeCommit":{"message":"Authz
info for a number of REST api routes owned by Kibana Management team
(#204682)\n\n## Summary\r\n\r\nPart of
https://github.com/elastic/kibana/issues/204681\r\n\r\nSimply adding
authz
info","sha":"2a630639b3fe4ce3f22f259336a5f893da43b503"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/204682","number":204682,"mergeCommit":{"message":"Authz
info for a number of REST api routes owned by Kibana Management team
(#204682)\n\n## Summary\r\n\r\nPart of
https://github.com/elastic/kibana/issues/204681\r\n\r\nSimply adding
authz info","sha":"2a630639b3fe4ce3f22f259336a5f893da43b503"}}]}]
BACKPORT-->

Co-authored-by: Matthew Kime <matt@mattki.me>
  • Loading branch information
kibanamachine and mattkime authored Dec 27, 2024
1 parent 440bf83 commit 3225c65
Show file tree
Hide file tree
Showing 116 changed files with 964 additions and 70 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,12 @@ export const registerCreateRoute = ({
router.post(
{
path: addBasePath('/auto_follow_patterns'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
body: bodySchema,
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,12 @@ export const registerDeleteRoute = ({
router.delete(
{
path: addBasePath('/auto_follow_patterns/{id}'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
params: paramsSchema,
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,12 @@ export const registerFetchRoute = ({
router.get(
{
path: addBasePath('/auto_follow_patterns'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: false,
},
license.guardApiRoute(async (context, request, response) => {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,12 @@ export const registerGetRoute = ({
router.get(
{
path: addBasePath('/auto_follow_patterns/{id}'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
params: paramsSchema,
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,12 @@ export const registerPauseRoute = ({
router.post(
{
path: addBasePath('/auto_follow_patterns/{id}/pause'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
params: paramsSchema,
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,12 @@ export const registerResumeRoute = ({
router.post(
{
path: addBasePath('/auto_follow_patterns/{id}/resume'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
params: paramsSchema,
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,12 @@ export const registerUpdateRoute = ({
router.put(
{
path: addBasePath('/auto_follow_patterns/{id}'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
params: paramsSchema,
body: bodySchema,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,12 @@ export const registerPermissionsRoute = ({
router.get(
{
path: addBasePath('/permissions'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: false,
},
license.guardApiRoute(async (context, request, response) => {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,12 @@ export const registerStatsRoute = ({
router.get(
{
path: addBasePath('/stats/auto_follow'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: false,
},
license.guardApiRoute(async (context, request, response) => {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,12 @@ export const registerCreateRoute = ({
router.post(
{
path: addBasePath('/follower_indices'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
body: bodySchema,
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,12 @@ export const registerFetchRoute = ({
router.get(
{
path: addBasePath('/follower_indices'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: false,
},
license.guardApiRoute(async (context, request, response) => {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,12 @@ export const registerGetRoute = ({
router.get(
{
path: addBasePath('/follower_indices/{id}'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
params: paramsSchema,
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,12 @@ export const registerPauseRoute = ({
router.put(
{
path: addBasePath('/follower_indices/{id}/pause'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
params: paramsSchema,
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,12 @@ export const registerResumeRoute = ({
router.put(
{
path: addBasePath('/follower_indices/{id}/resume'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
params: paramsSchema,
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,12 @@ export const registerUnfollowRoute = ({
router.put(
{
path: addBasePath('/follower_indices/{id}/unfollow'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
params: paramsSchema,
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,12 @@ export const registerUpdateRoute = ({
router.put(
{
path: addBasePath('/follower_indices/{id}'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
params: paramsSchema,
body: bodySchema,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,12 @@ export function registerGrokSimulateRoute(framework: KibanaFramework) {
{
method: 'post',
path: '/api/grokdebugger/simulate',
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
body: requestBodySchema,
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,16 @@ export function registerAddPolicyRoute({
lib: { handleEsError },
}: RouteDependencies) {
router.post(
{ path: addBasePath('/index/add'), validate: { body: bodySchema } },
{
path: addBasePath('/index/add'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: { body: bodySchema },
},
license.guardApiRoute(async (context, request, response) => {
const body = request.body as typeof bodySchema.type;
const { indexName, policyName, alias = '' } = body;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,16 @@ export function registerRemoveRoute({
lib: { handleEsError },
}: RouteDependencies) {
router.post(
{ path: addBasePath('/index/remove'), validate: { body: bodySchema } },
{
path: addBasePath('/index/remove'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: { body: bodySchema },
},
license.guardApiRoute(async (context, request, response) => {
const body = request.body as typeof bodySchema.type;
const { indexNames } = body;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,16 @@ const bodySchema = schema.object({

export function registerRetryRoute({ router, license, lib: { handleEsError } }: RouteDependencies) {
router.post(
{ path: addBasePath('/index/retry'), validate: { body: bodySchema } },
{
path: addBasePath('/index/retry'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: { body: bodySchema },
},
license.guardApiRoute(async (context, request, response) => {
const body = request.body as typeof bodySchema.type;
const { indexNames } = body;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,16 @@ export function registerDetailsRoute({
lib: { handleEsError },
}: RouteDependencies) {
router.get(
{ path: addBasePath('/nodes/{nodeAttrs}/details'), validate: { params: paramsSchema } },
{
path: addBasePath('/nodes/{nodeAttrs}/details'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: { params: paramsSchema },
},
license.guardApiRoute(async (context, request, response) => {
const params = request.params as typeof paramsSchema.type;
const { nodeAttrs } = params;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,16 @@ export function registerListRoute({
const disallowedNodeAttributes = [...NODE_ATTRS_KEYS_TO_IGNORE, ...filteredNodeAttributes];

router.get(
{ path: addBasePath('/nodes/list'), validate: false },
{
path: addBasePath('/nodes/list'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: false,
},
license.guardApiRoute(async (context, request, response) => {
try {
const esClient = (await context.core).elasticsearch.client;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,16 @@ export function registerCreateRoute({
lib: { handleEsError },
}: RouteDependencies) {
router.post(
{ path: addBasePath('/policies'), validate: { body: bodySchema } },
{
path: addBasePath('/policies'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: { body: bodySchema },
},
license.guardApiRoute(async (context, request, response) => {
const body = request.body as typeof bodySchema.type;
const { name, ...rest } = body;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,16 @@ export function registerDeleteRoute({
lib: { handleEsError },
}: RouteDependencies) {
router.delete(
{ path: addBasePath('/policies/{policyNames}'), validate: { params: paramsSchema } },
{
path: addBasePath('/policies/{policyNames}'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: { params: paramsSchema },
},
license.guardApiRoute(async (context, request, response) => {
const params = request.params as typeof paramsSchema.type;
const { policyNames } = params;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,16 @@ async function fetchPolicies(client: ElasticsearchClient): Promise<TransportResu

export function registerFetchRoute({ router, license, lib: { handleEsError } }: RouteDependencies) {
router.get(
{ path: addBasePath('/policies'), validate: false },
{
path: addBasePath('/policies'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: false,
},
license.guardApiRoute(async (context, request, response) => {
const { asCurrentUser } = (await context.core).elasticsearch.client;

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,16 @@ import { addBasePath } from '../../../services';

export function registerFetchRoute({ router, license, lib: { handleEsError } }: RouteDependencies) {
router.get(
{ path: addBasePath('/snapshot_policies'), validate: false },
{
path: addBasePath('/snapshot_policies'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: false,
},
license.guardApiRoute(async (context, request, response) => {
try {
const esClient = (await context.core).elasticsearch.client;
Expand Down
Loading

0 comments on commit 3225c65

Please sign in to comment.