diff --git a/x-pack/plugins/actions/server/routes/connector/get_all_system/get_all_system.ts b/x-pack/plugins/actions/server/routes/connector/get_all_system/get_all_system.ts index 9ba51287c56fd..747d97e5ba8a3 100644 --- a/x-pack/plugins/actions/server/routes/connector/get_all_system/get_all_system.ts +++ b/x-pack/plugins/actions/server/routes/connector/get_all_system/get_all_system.ts @@ -21,6 +21,9 @@ export const getAllConnectorsIncludingSystemRoute = ( { path: `${INTERNAL_BASE_ACTION_API_PATH}/connectors`, validate: {}, + options: { + access: 'internal', + }, }, router.handleLegacyErrors( verifyAccessAndContext(licenseState, async function (context, req, res) { diff --git a/x-pack/plugins/actions/server/routes/connector/list_types_system/list_types_system.ts b/x-pack/plugins/actions/server/routes/connector/list_types_system/list_types_system.ts index 6611830f6a3c7..c43912ecbc7e4 100644 --- a/x-pack/plugins/actions/server/routes/connector/list_types_system/list_types_system.ts +++ b/x-pack/plugins/actions/server/routes/connector/list_types_system/list_types_system.ts @@ -27,6 +27,9 @@ export const listTypesWithSystemRoute = ( validate: { query: connectorTypesQuerySchemaV1, }, + options: { + access: 'internal', + }, }, router.handleLegacyErrors( verifyAccessAndContext(licenseState, async function (context, req, res) { diff --git a/x-pack/plugins/actions/server/routes/get_global_execution_kpi.ts b/x-pack/plugins/actions/server/routes/get_global_execution_kpi.ts index 978a957b70ce8..93034745584a7 100644 --- a/x-pack/plugins/actions/server/routes/get_global_execution_kpi.ts +++ b/x-pack/plugins/actions/server/routes/get_global_execution_kpi.ts @@ -45,6 +45,9 @@ export const getGlobalExecutionKPIRoute = ( validate: { body: bodySchema, }, + options: { + access: 'internal', + }, }, router.handleLegacyErrors( verifyAccessAndContext(licenseState, async function (context, req, res) { diff --git a/x-pack/plugins/actions/server/routes/get_global_execution_logs.ts b/x-pack/plugins/actions/server/routes/get_global_execution_logs.ts index 959ab2b62b090..d42ce07a814cf 100644 --- a/x-pack/plugins/actions/server/routes/get_global_execution_logs.ts +++ b/x-pack/plugins/actions/server/routes/get_global_execution_logs.ts @@ -57,6 +57,9 @@ export const getGlobalExecutionLogRoute = ( validate: { body: bodySchema, }, + options: { + access: 'internal', + }, }, router.handleLegacyErrors( verifyAccessAndContext(licenseState, async function (context, req, res) { diff --git a/x-pack/plugins/actions/server/routes/get_oauth_access_token.ts b/x-pack/plugins/actions/server/routes/get_oauth_access_token.ts index e556a5f6c9fbc..b703c0de220f1 100644 --- a/x-pack/plugins/actions/server/routes/get_oauth_access_token.ts +++ b/x-pack/plugins/actions/server/routes/get_oauth_access_token.ts @@ -66,6 +66,9 @@ export const getOAuthAccessToken = ( validate: { body: bodySchema, }, + options: { + access: 'internal', + }, }, router.handleLegacyErrors( verifyAccessAndContext(licenseState, async function (context, req, res) { diff --git a/x-pack/plugins/alerting/server/plugin.ts b/x-pack/plugins/alerting/server/plugin.ts index a7595eb4c5bac..5619b266c85bd 100644 --- a/x-pack/plugins/alerting/server/plugin.ts +++ b/x-pack/plugins/alerting/server/plugin.ts @@ -409,6 +409,7 @@ export class AlertingPlugin { getAlertIndicesAlias: createGetAlertIndicesAliasFn(this.ruleTypeRegistry!), encryptedSavedObjects: plugins.encryptedSavedObjects, config$: plugins.unifiedSearch.autocomplete.getInitializerContextConfig().create(), + isServerless: !!plugins.serverless, }); return { diff --git a/x-pack/plugins/alerting/server/routes/backfill/apis/delete/delete_backfill_route.ts b/x-pack/plugins/alerting/server/routes/backfill/apis/delete/delete_backfill_route.ts index 57e0a2ed2af8d..6c343ac125188 100644 --- a/x-pack/plugins/alerting/server/routes/backfill/apis/delete/delete_backfill_route.ts +++ b/x-pack/plugins/alerting/server/routes/backfill/apis/delete/delete_backfill_route.ts @@ -20,6 +20,9 @@ export const deleteBackfillRoute = ( router.delete( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/rules/backfill/{id}`, + options: { + access: 'internal', + }, validate: { params: deleteParamsSchemaV1, }, diff --git a/x-pack/plugins/alerting/server/routes/backfill/apis/find/find_backfill_route.ts b/x-pack/plugins/alerting/server/routes/backfill/apis/find/find_backfill_route.ts index 4a6e5c5ef5e31..fea2925c0983b 100644 --- a/x-pack/plugins/alerting/server/routes/backfill/apis/find/find_backfill_route.ts +++ b/x-pack/plugins/alerting/server/routes/backfill/apis/find/find_backfill_route.ts @@ -28,6 +28,9 @@ export const findBackfillRoute = ( validate: { query: findQuerySchemaV1, }, + options: { + access: 'internal', + }, }, router.handleLegacyErrors( verifyAccessAndContext(licenseState, async function (context, req, res) { diff --git a/x-pack/plugins/alerting/server/routes/backfill/apis/get/get_backfill_route.ts b/x-pack/plugins/alerting/server/routes/backfill/apis/get/get_backfill_route.ts index 6d84aee4a5f84..bfb178d875c8b 100644 --- a/x-pack/plugins/alerting/server/routes/backfill/apis/get/get_backfill_route.ts +++ b/x-pack/plugins/alerting/server/routes/backfill/apis/get/get_backfill_route.ts @@ -22,6 +22,9 @@ export const getBackfillRoute = ( router.get( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/rules/backfill/{id}`, + options: { + access: 'internal', + }, validate: { params: getParamsSchemaV1, }, diff --git a/x-pack/plugins/alerting/server/routes/backfill/apis/schedule/schedule_backfill_route.ts b/x-pack/plugins/alerting/server/routes/backfill/apis/schedule/schedule_backfill_route.ts index 5f7e89d38ce33..466c69b2b6aa5 100644 --- a/x-pack/plugins/alerting/server/routes/backfill/apis/schedule/schedule_backfill_route.ts +++ b/x-pack/plugins/alerting/server/routes/backfill/apis/schedule/schedule_backfill_route.ts @@ -22,6 +22,7 @@ export const scheduleBackfillRoute = ( router.post( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/rules/backfill/_schedule`, + options: { access: 'internal' }, validate: { body: scheduleBodySchemaV1, }, diff --git a/x-pack/plugins/alerting/server/routes/get_action_error_log.ts b/x-pack/plugins/alerting/server/routes/get_action_error_log.ts index 7e8028cad7f16..5da2189c1d43d 100644 --- a/x-pack/plugins/alerting/server/routes/get_action_error_log.ts +++ b/x-pack/plugins/alerting/server/routes/get_action_error_log.ts @@ -63,6 +63,9 @@ export const getActionErrorLogRoute = ( params: paramSchema, query: querySchema, }, + options: { + access: 'internal', + }, }, router.handleLegacyErrors( verifyAccessAndContext(licenseState, async function (context, req, res) { diff --git a/x-pack/plugins/alerting/server/routes/get_flapping_settings.test.ts b/x-pack/plugins/alerting/server/routes/get_flapping_settings.test.ts index b1353a6e328db..9ab3c5b41ec80 100644 --- a/x-pack/plugins/alerting/server/routes/get_flapping_settings.test.ts +++ b/x-pack/plugins/alerting/server/routes/get_flapping_settings.test.ts @@ -37,6 +37,7 @@ describe('getFlappingSettingsRoute', () => { expect(config).toMatchInlineSnapshot(` Object { "options": Object { + "access": "internal", "tags": Array [ "access:read-flapping-settings", ], diff --git a/x-pack/plugins/alerting/server/routes/get_flapping_settings.ts b/x-pack/plugins/alerting/server/routes/get_flapping_settings.ts index 5d4795d664ed5..a8638c32e5a5c 100644 --- a/x-pack/plugins/alerting/server/routes/get_flapping_settings.ts +++ b/x-pack/plugins/alerting/server/routes/get_flapping_settings.ts @@ -38,6 +38,7 @@ export const getFlappingSettingsRoute = ( path: `${INTERNAL_BASE_ALERTING_API_PATH}/rules/settings/_flapping`, validate: false, options: { + access: 'internal', tags: [`access:${API_PRIVILEGES.READ_FLAPPING_SETTINGS}`], }, }, diff --git a/x-pack/plugins/alerting/server/routes/get_global_execution_kpi.ts b/x-pack/plugins/alerting/server/routes/get_global_execution_kpi.ts index 2aec9d998a9e6..795b473dc8c66 100644 --- a/x-pack/plugins/alerting/server/routes/get_global_execution_kpi.ts +++ b/x-pack/plugins/alerting/server/routes/get_global_execution_kpi.ts @@ -37,6 +37,9 @@ export const getGlobalExecutionKPIRoute = ( router.get( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/_global_execution_kpi`, + options: { + access: 'internal', + }, validate: { query: querySchema, }, diff --git a/x-pack/plugins/alerting/server/routes/get_global_execution_logs.ts b/x-pack/plugins/alerting/server/routes/get_global_execution_logs.ts index e08ec1ac5bcb8..9c9e09e81bd45 100644 --- a/x-pack/plugins/alerting/server/routes/get_global_execution_logs.ts +++ b/x-pack/plugins/alerting/server/routes/get_global_execution_logs.ts @@ -62,6 +62,9 @@ export const getGlobalExecutionLogRoute = ( router.get( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/_global_execution_logs`, + options: { + access: 'internal', + }, validate: { query: querySchema, }, diff --git a/x-pack/plugins/alerting/server/routes/get_rule_alert_summary.ts b/x-pack/plugins/alerting/server/routes/get_rule_alert_summary.ts index c0d31d1ccbfac..7eaf5d4645ecb 100644 --- a/x-pack/plugins/alerting/server/routes/get_rule_alert_summary.ts +++ b/x-pack/plugins/alerting/server/routes/get_rule_alert_summary.ts @@ -65,6 +65,9 @@ export const getRuleAlertSummaryRoute = ( router.get( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/rule/{id}/_alert_summary`, + options: { + access: 'internal', + }, validate: { params: paramSchema, query: querySchema, diff --git a/x-pack/plugins/alerting/server/routes/get_rule_execution_kpi.ts b/x-pack/plugins/alerting/server/routes/get_rule_execution_kpi.ts index 11f7085c53290..af15520d3c32f 100644 --- a/x-pack/plugins/alerting/server/routes/get_rule_execution_kpi.ts +++ b/x-pack/plugins/alerting/server/routes/get_rule_execution_kpi.ts @@ -38,6 +38,9 @@ export const getRuleExecutionKPIRoute = ( router.get( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/rule/{id}/_execution_kpi`, + options: { + access: 'internal', + }, validate: { params: paramSchema, query: querySchema, diff --git a/x-pack/plugins/alerting/server/routes/get_rule_execution_log.ts b/x-pack/plugins/alerting/server/routes/get_rule_execution_log.ts index 4a8a91089203d..619bc82bd6378 100644 --- a/x-pack/plugins/alerting/server/routes/get_rule_execution_log.ts +++ b/x-pack/plugins/alerting/server/routes/get_rule_execution_log.ts @@ -63,6 +63,9 @@ export const getRuleExecutionLogRoute = ( router.get( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/rule/{id}/_execution_log`, + options: { + access: 'internal', + }, validate: { params: paramSchema, query: querySchema, diff --git a/x-pack/plugins/alerting/server/routes/get_rule_state.ts b/x-pack/plugins/alerting/server/routes/get_rule_state.ts index 50ad1f776110e..7530f1d4964cd 100644 --- a/x-pack/plugins/alerting/server/routes/get_rule_state.ts +++ b/x-pack/plugins/alerting/server/routes/get_rule_state.ts @@ -38,6 +38,9 @@ export const getRuleStateRoute = ( router.get( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/rule/{id}/state`, + options: { + access: 'internal', + }, validate: { params: paramSchema, }, diff --git a/x-pack/plugins/alerting/server/routes/index.ts b/x-pack/plugins/alerting/server/routes/index.ts index cf32ddf503ad4..93b1800208c7d 100644 --- a/x-pack/plugins/alerting/server/routes/index.ts +++ b/x-pack/plugins/alerting/server/routes/index.ts @@ -79,6 +79,7 @@ export interface RouteOptions { getAlertIndicesAlias?: GetAlertIndicesAlias; usageCounter?: UsageCounter; config$?: Observable; + isServerless?: boolean; } export function defineRoutes(opts: RouteOptions) { diff --git a/x-pack/plugins/alerting/server/routes/legacy/create.test.ts b/x-pack/plugins/alerting/server/routes/legacy/create.test.ts index d50d7fcb79e38..52917ad5f3023 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/create.test.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/create.test.ts @@ -110,6 +110,8 @@ describe('createAlertRoute', () => { expect(config.path).toMatchInlineSnapshot(`"/api/alerts/alert/{id?}"`); + expect(config.options?.access).toBe('public'); + rulesClient.create.mockResolvedValueOnce(createResult); const [context, req, res] = mockHandlerArguments( @@ -164,6 +166,28 @@ describe('createAlertRoute', () => { }); }); + it('should have internal access for serverless', async () => { + const licenseState = licenseStateMock.create(); + const router = httpServiceMock.createRouter(); + const encryptedSavedObjects = encryptedSavedObjectsMock.createSetup({ canEncrypt: true }); + const mockUsageCountersSetup = usageCountersServiceMock.createSetupContract(); + const mockUsageCounter = mockUsageCountersSetup.createUsageCounter('test'); + + createAlertRoute({ + router, + licenseState, + encryptedSavedObjects, + usageCounter: mockUsageCounter, + isServerless: true, + }); + + const [config] = router.post.mock.calls[0]; + + expect(config.path).toMatchInlineSnapshot(`"/api/alerts/alert/{id?}"`); + + expect(config.options?.access).toBe('internal'); + }); + it('allows providing a custom id when space is undefined', async () => { const expectedResult = { ...createResult, diff --git a/x-pack/plugins/alerting/server/routes/legacy/create.ts b/x-pack/plugins/alerting/server/routes/legacy/create.ts index 0d706f1c0ce94..d8505fdc8453d 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/create.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/create.ts @@ -44,7 +44,12 @@ export const bodySchema = schema.object({ notifyWhen: schema.nullable(schema.string({ validate: validateNotifyWhenType })), }); -export const createAlertRoute = ({ router, licenseState, usageCounter }: RouteOptions) => { +export const createAlertRoute = ({ + router, + licenseState, + usageCounter, + isServerless, +}: RouteOptions) => { router.post( { path: `${LEGACY_BASE_ALERT_API_PATH}/alert/{id?}`, @@ -57,6 +62,7 @@ export const createAlertRoute = ({ router, licenseState, usageCounter }: RouteOp body: bodySchema, }, options: { + access: isServerless ? 'internal' : 'public', summary: 'Create an alert', tags: ['oas-tag:alerting'], deprecated: true, diff --git a/x-pack/plugins/alerting/server/routes/legacy/delete.test.ts b/x-pack/plugins/alerting/server/routes/legacy/delete.test.ts index 9a3ccdf84c82c..95a28904f4796 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/delete.test.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/delete.test.ts @@ -38,6 +38,7 @@ describe('deleteAlertRoute', () => { const [config, handler] = router.delete.mock.calls[0]; expect(config.path).toMatchInlineSnapshot(`"/api/alerts/alert/{id}"`); + expect(config.options?.access).toBe('public'); rulesClient.delete.mockResolvedValueOnce({}); @@ -65,6 +66,18 @@ describe('deleteAlertRoute', () => { expect(res.noContent).toHaveBeenCalled(); }); + it('should have internal access for serverless', async () => { + const licenseState = licenseStateMock.create(); + const router = httpServiceMock.createRouter(); + + deleteAlertRoute(router, licenseState, undefined, true); + + const [config] = router.delete.mock.calls[0]; + + expect(config.path).toMatchInlineSnapshot(`"/api/alerts/alert/{id}"`); + expect(config.options?.access).toBe('internal'); + }); + it('ensures the license allows deleting alerts', async () => { const licenseState = licenseStateMock.create(); const router = httpServiceMock.createRouter(); diff --git a/x-pack/plugins/alerting/server/routes/legacy/delete.ts b/x-pack/plugins/alerting/server/routes/legacy/delete.ts index 1356a0866cfda..f931af10ccbbf 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/delete.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/delete.ts @@ -20,7 +20,8 @@ const paramSchema = schema.object({ export const deleteAlertRoute = ( router: AlertingRouter, licenseState: ILicenseState, - usageCounter?: UsageCounter + usageCounter?: UsageCounter, + isServerless?: boolean ) => { router.delete( { @@ -29,6 +30,7 @@ export const deleteAlertRoute = ( params: paramSchema, }, options: { + access: isServerless ? 'internal' : 'public', summary: 'Delete an alert', tags: ['oas-tag:alerting'], deprecated: true, diff --git a/x-pack/plugins/alerting/server/routes/legacy/disable.test.ts b/x-pack/plugins/alerting/server/routes/legacy/disable.test.ts index 3a6a4bf4daf5b..1c8ee110aca94 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/disable.test.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/disable.test.ts @@ -37,6 +37,7 @@ describe('disableAlertRoute', () => { const [config, handler] = router.post.mock.calls[0]; expect(config.path).toMatchInlineSnapshot(`"/api/alerts/alert/{id}/_disable"`); + expect(config.options?.access).toBe('public'); rulesClient.disableRule.mockResolvedValueOnce(); @@ -64,6 +65,18 @@ describe('disableAlertRoute', () => { expect(res.noContent).toHaveBeenCalled(); }); + it('should have internal access for serverless', async () => { + const licenseState = licenseStateMock.create(); + const router = httpServiceMock.createRouter(); + + disableAlertRoute(router, licenseState, undefined, true); + + const [config] = router.post.mock.calls[0]; + + expect(config.path).toMatchInlineSnapshot(`"/api/alerts/alert/{id}/_disable"`); + expect(config.options?.access).toBe('internal'); + }); + it('ensures the alert type gets validated for the license', async () => { const licenseState = licenseStateMock.create(); const router = httpServiceMock.createRouter(); diff --git a/x-pack/plugins/alerting/server/routes/legacy/disable.ts b/x-pack/plugins/alerting/server/routes/legacy/disable.ts index 283dbcf0ab90c..486bef89dd197 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/disable.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/disable.ts @@ -21,7 +21,8 @@ const paramSchema = schema.object({ export const disableAlertRoute = ( router: AlertingRouter, licenseState: ILicenseState, - usageCounter?: UsageCounter + usageCounter?: UsageCounter, + isServerless?: boolean ) => { router.post( { @@ -30,6 +31,7 @@ export const disableAlertRoute = ( params: paramSchema, }, options: { + access: isServerless ? 'internal' : 'public', summary: 'Disable an alert', tags: ['oas-tag:alerting'], deprecated: true, diff --git a/x-pack/plugins/alerting/server/routes/legacy/enable.test.ts b/x-pack/plugins/alerting/server/routes/legacy/enable.test.ts index 908e2e1a1538d..d2ed24cc3fa15 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/enable.test.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/enable.test.ts @@ -37,6 +37,7 @@ describe('enableAlertRoute', () => { const [config, handler] = router.post.mock.calls[0]; expect(config.path).toMatchInlineSnapshot(`"/api/alerts/alert/{id}/_enable"`); + expect(config.options?.access).toBe('public'); rulesClient.enableRule.mockResolvedValueOnce(); @@ -64,6 +65,18 @@ describe('enableAlertRoute', () => { expect(res.noContent).toHaveBeenCalled(); }); + it('should have internal access for serverless', async () => { + const licenseState = licenseStateMock.create(); + const router = httpServiceMock.createRouter(); + + enableAlertRoute(router, licenseState, undefined, true); + + const [config] = router.post.mock.calls[0]; + + expect(config.path).toMatchInlineSnapshot(`"/api/alerts/alert/{id}/_enable"`); + expect(config.options?.access).toBe('internal'); + }); + it('ensures the alert type gets validated for the license', async () => { const licenseState = licenseStateMock.create(); const router = httpServiceMock.createRouter(); diff --git a/x-pack/plugins/alerting/server/routes/legacy/enable.ts b/x-pack/plugins/alerting/server/routes/legacy/enable.ts index 4f2e8e7859857..c5076b3de1a54 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/enable.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/enable.ts @@ -22,7 +22,8 @@ const paramSchema = schema.object({ export const enableAlertRoute = ( router: AlertingRouter, licenseState: ILicenseState, - usageCounter?: UsageCounter + usageCounter?: UsageCounter, + isServerless?: boolean ) => { router.post( { @@ -31,6 +32,7 @@ export const enableAlertRoute = ( params: paramSchema, }, options: { + access: isServerless ? 'internal' : 'public', summary: 'Enable an alert', tags: ['oas-tag:alerting'], deprecated: true, diff --git a/x-pack/plugins/alerting/server/routes/legacy/find.test.ts b/x-pack/plugins/alerting/server/routes/legacy/find.test.ts index 013fa119dbdf1..0b8584be43da7 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/find.test.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/find.test.ts @@ -44,6 +44,7 @@ describe('findAlertRoute', () => { const [config, handler] = router.get.mock.calls[0]; expect(config.path).toMatchInlineSnapshot(`"/api/alerts/_find"`); + expect(config.options?.access).toBe('public'); const findResult = { page: 1, @@ -95,6 +96,18 @@ describe('findAlertRoute', () => { }); }); + it('should have internal access for serverless', async () => { + const licenseState = licenseStateMock.create(); + const router = httpServiceMock.createRouter(); + + findAlertRoute(router, licenseState, undefined, true); + + const [config] = router.get.mock.calls[0]; + + expect(config.path).toMatchInlineSnapshot(`"/api/alerts/_find"`); + expect(config.options?.access).toBe('internal'); + }); + it('ensures the license allows finding alerts', async () => { const licenseState = licenseStateMock.create(); const router = httpServiceMock.createRouter(); diff --git a/x-pack/plugins/alerting/server/routes/legacy/find.ts b/x-pack/plugins/alerting/server/routes/legacy/find.ts index 0c8027a0a1d4a..ad85f3c7333b0 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/find.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/find.ts @@ -64,7 +64,8 @@ const querySchema = schema.object({ export const findAlertRoute = ( router: AlertingRouter, licenseState: ILicenseState, - usageCounter?: UsageCounter + usageCounter?: UsageCounter, + isServerless?: boolean ) => { router.get( { @@ -73,6 +74,7 @@ export const findAlertRoute = ( query: querySchema, }, options: { + access: isServerless ? 'internal' : 'public', summary: 'Find alerts', tags: ['oas-tag:alerting'], description: diff --git a/x-pack/plugins/alerting/server/routes/legacy/get.test.ts b/x-pack/plugins/alerting/server/routes/legacy/get.test.ts index e97996837f1d7..f27210c773878 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/get.test.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/get.test.ts @@ -86,6 +86,7 @@ describe('getAlertRoute', () => { const [config, handler] = router.get.mock.calls[0]; expect(config.path).toMatchInlineSnapshot(`"/api/alerts/alert/{id}"`); + expect(config.options?.access).toBe('public'); rulesClient.get.mockResolvedValueOnce(mockedAlert); @@ -106,6 +107,17 @@ describe('getAlertRoute', () => { }); }); + it('should have internal access for serverless', async () => { + const licenseState = licenseStateMock.create(); + const router = httpServiceMock.createRouter(); + + getAlertRoute(router, licenseState, undefined, true); + const [config] = router.get.mock.calls[0]; + + expect(config.path).toMatchInlineSnapshot(`"/api/alerts/alert/{id}"`); + expect(config.options?.access).toBe('internal'); + }); + it('ensures the license allows getting alerts', async () => { const licenseState = licenseStateMock.create(); const router = httpServiceMock.createRouter(); diff --git a/x-pack/plugins/alerting/server/routes/legacy/get.ts b/x-pack/plugins/alerting/server/routes/legacy/get.ts index 3408bea210a96..8437b888f7c0f 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/get.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/get.ts @@ -20,7 +20,8 @@ const paramSchema = schema.object({ export const getAlertRoute = ( router: AlertingRouter, licenseState: ILicenseState, - usageCounter?: UsageCounter + usageCounter?: UsageCounter, + isServerless?: boolean ) => { router.get( { @@ -29,6 +30,7 @@ export const getAlertRoute = ( params: paramSchema, }, options: { + access: isServerless ? 'internal' : 'public', summary: 'Get an alert', tags: ['oas-tag:alerting'], deprecated: true, diff --git a/x-pack/plugins/alerting/server/routes/legacy/get_alert_instance_summary.test.ts b/x-pack/plugins/alerting/server/routes/legacy/get_alert_instance_summary.test.ts index c04aa0b39c022..4ecc085c3bb40 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/get_alert_instance_summary.test.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/get_alert_instance_summary.test.ts @@ -60,6 +60,7 @@ describe('getAlertInstanceSummaryRoute', () => { const [config, handler] = router.get.mock.calls[0]; expect(config.path).toMatchInlineSnapshot(`"/api/alerts/alert/{id}/_instance_summary"`); + expect(config.options?.access).toBe('public'); rulesClient.getAlertSummary.mockResolvedValueOnce(mockedAlertInstanceSummary); @@ -89,6 +90,18 @@ describe('getAlertInstanceSummaryRoute', () => { expect(res.ok).toHaveBeenCalled(); }); + it('should have internal access for serverless', async () => { + const licenseState = licenseStateMock.create(); + const router = httpServiceMock.createRouter(); + + getAlertInstanceSummaryRoute(router, licenseState, undefined, true); + + const [config] = router.get.mock.calls[0]; + + expect(config.path).toMatchInlineSnapshot(`"/api/alerts/alert/{id}/_instance_summary"`); + expect(config.options?.access).toBe('internal'); + }); + it('returns NOT-FOUND when alert is not found', async () => { const licenseState = licenseStateMock.create(); const router = httpServiceMock.createRouter(); diff --git a/x-pack/plugins/alerting/server/routes/legacy/get_alert_instance_summary.ts b/x-pack/plugins/alerting/server/routes/legacy/get_alert_instance_summary.ts index 86bac56936d37..fd1fae64b538f 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/get_alert_instance_summary.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/get_alert_instance_summary.ts @@ -30,7 +30,8 @@ const rewriteBodyRes = ({ ruleTypeId, alerts, ...rest }: AlertSummary) => ({ export const getAlertInstanceSummaryRoute = ( router: AlertingRouter, licenseState: ILicenseState, - usageCounter?: UsageCounter + usageCounter?: UsageCounter, + isServerless?: boolean ) => { router.get( { @@ -40,6 +41,7 @@ export const getAlertInstanceSummaryRoute = ( query: querySchema, }, options: { + access: isServerless ? 'internal' : 'public', summary: 'Get an alert summary', tags: ['oas-tag:alerting'], deprecated: true, diff --git a/x-pack/plugins/alerting/server/routes/legacy/get_alert_state.test.ts b/x-pack/plugins/alerting/server/routes/legacy/get_alert_state.test.ts index eab550ee4b304..f8f1d4caeed9f 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/get_alert_state.test.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/get_alert_state.test.ts @@ -55,6 +55,7 @@ describe('getAlertStateRoute', () => { const [config, handler] = router.get.mock.calls[0]; expect(config.path).toMatchInlineSnapshot(`"/api/alerts/alert/{id}/state"`); + expect(config.options?.access).toBe('public'); rulesClient.getAlertState.mockResolvedValueOnce(mockedAlertState); @@ -82,6 +83,18 @@ describe('getAlertStateRoute', () => { expect(res.ok).toHaveBeenCalled(); }); + it('should have internal access for serverless', async () => { + const licenseState = licenseStateMock.create(); + const router = httpServiceMock.createRouter(); + + getAlertStateRoute(router, licenseState, undefined, true); + + const [config] = router.get.mock.calls[0]; + + expect(config.path).toMatchInlineSnapshot(`"/api/alerts/alert/{id}/state"`); + expect(config.options?.access).toBe('internal'); + }); + it('returns NO-CONTENT when alert exists but has no task state yet', async () => { const licenseState = licenseStateMock.create(); const router = httpServiceMock.createRouter(); diff --git a/x-pack/plugins/alerting/server/routes/legacy/get_alert_state.ts b/x-pack/plugins/alerting/server/routes/legacy/get_alert_state.ts index 5cd898ca31535..5943ab7203599 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/get_alert_state.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/get_alert_state.ts @@ -20,7 +20,8 @@ const paramSchema = schema.object({ export const getAlertStateRoute = ( router: AlertingRouter, licenseState: ILicenseState, - usageCounter?: UsageCounter + usageCounter?: UsageCounter, + isServerless?: boolean ) => { router.get( { @@ -29,6 +30,7 @@ export const getAlertStateRoute = ( params: paramSchema, }, options: { + access: isServerless ? 'internal' : 'public', summary: 'Get the state of an alert', tags: ['oas-tag:alerting'], deprecated: true, diff --git a/x-pack/plugins/alerting/server/routes/legacy/health.test.ts b/x-pack/plugins/alerting/server/routes/legacy/health.test.ts index d582a8e0ec480..6c0b3ae6f67a4 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/health.test.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/health.test.ts @@ -91,6 +91,21 @@ describe('healthRoute', () => { const [config] = router.get.mock.calls[0]; expect(config.path).toMatchInlineSnapshot(`"/api/alerts/_health"`); + expect(config.options?.access).toBe('public'); + }); + + it('should have internal access for serverless', async () => { + rulesClient.listRuleTypes.mockResolvedValueOnce(new Set(ruleTypes)); + const router = httpServiceMock.createRouter(); + + const licenseState = licenseStateMock.create(); + const encryptedSavedObjects = encryptedSavedObjectsMock.createSetup({ canEncrypt: true }); + healthRoute(router, licenseState, encryptedSavedObjects, undefined, true); + + const [config] = router.get.mock.calls[0]; + + expect(config.path).toMatchInlineSnapshot(`"/api/alerts/_health"`); + expect(config.options?.access).toBe('internal'); }); it('throws error when user does not have any access to any rule types', async () => { diff --git a/x-pack/plugins/alerting/server/routes/legacy/health.ts b/x-pack/plugins/alerting/server/routes/legacy/health.ts index 859d9cabe1989..90bfda371932a 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/health.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/health.ts @@ -18,13 +18,15 @@ export function healthRoute( router: AlertingRouter, licenseState: ILicenseState, encryptedSavedObjects: EncryptedSavedObjectsPluginSetup, - usageCounter?: UsageCounter + usageCounter?: UsageCounter, + isServerless?: boolean ) { router.get( { path: '/api/alerts/_health', validate: false, options: { + access: isServerless ? 'internal' : 'public', summary: 'Get the alerting framework health', tags: ['oas-tag:alerting'], deprecated: true, diff --git a/x-pack/plugins/alerting/server/routes/legacy/index.ts b/x-pack/plugins/alerting/server/routes/legacy/index.ts index f915cff705318..99220106d5ac1 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/index.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/index.ts @@ -24,22 +24,22 @@ import { healthRoute } from './health'; import { RouteOptions } from '..'; export function defineLegacyRoutes(opts: RouteOptions) { - const { router, licenseState, encryptedSavedObjects, usageCounter } = opts; + const { router, licenseState, encryptedSavedObjects, usageCounter, isServerless } = opts; createAlertRoute(opts); - deleteAlertRoute(router, licenseState, usageCounter); - findAlertRoute(router, licenseState, usageCounter); - getAlertRoute(router, licenseState, usageCounter); - getAlertStateRoute(router, licenseState, usageCounter); - getAlertInstanceSummaryRoute(router, licenseState, usageCounter); - listAlertTypesRoute(router, licenseState, usageCounter); - updateAlertRoute(router, licenseState, usageCounter); - enableAlertRoute(router, licenseState, usageCounter); - disableAlertRoute(router, licenseState, usageCounter); - updateApiKeyRoute(router, licenseState, usageCounter); - muteAllAlertRoute(router, licenseState, usageCounter); - unmuteAllAlertRoute(router, licenseState, usageCounter); - muteAlertInstanceRoute(router, licenseState, usageCounter); - unmuteAlertInstanceRoute(router, licenseState, usageCounter); - healthRoute(router, licenseState, encryptedSavedObjects, usageCounter); + deleteAlertRoute(router, licenseState, usageCounter, isServerless); + findAlertRoute(router, licenseState, usageCounter, isServerless); + getAlertRoute(router, licenseState, usageCounter, isServerless); + getAlertStateRoute(router, licenseState, usageCounter, isServerless); + getAlertInstanceSummaryRoute(router, licenseState, usageCounter, isServerless); + listAlertTypesRoute(router, licenseState, usageCounter, isServerless); + updateAlertRoute(router, licenseState, usageCounter, isServerless); + enableAlertRoute(router, licenseState, usageCounter, isServerless); + disableAlertRoute(router, licenseState, usageCounter, isServerless); + updateApiKeyRoute(router, licenseState, usageCounter, isServerless); + muteAllAlertRoute(router, licenseState, usageCounter, isServerless); + unmuteAllAlertRoute(router, licenseState, usageCounter, isServerless); + muteAlertInstanceRoute(router, licenseState, usageCounter, isServerless); + unmuteAlertInstanceRoute(router, licenseState, usageCounter, isServerless); + healthRoute(router, licenseState, encryptedSavedObjects, usageCounter, isServerless); } diff --git a/x-pack/plugins/alerting/server/routes/legacy/list_alert_types.test.ts b/x-pack/plugins/alerting/server/routes/legacy/list_alert_types.test.ts index b9abeafd00ecc..80298f7fd288e 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/list_alert_types.test.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/list_alert_types.test.ts @@ -40,6 +40,7 @@ describe('listAlertTypesRoute', () => { const [config, handler] = router.get.mock.calls[0]; expect(config.path).toMatchInlineSnapshot(`"/api/alerts/list_alert_types"`); + expect(config.options?.access).toBe('public'); const listTypes = [ { @@ -114,6 +115,18 @@ describe('listAlertTypesRoute', () => { }); }); + it('should have internal access for serverless', async () => { + const licenseState = licenseStateMock.create(); + const router = httpServiceMock.createRouter(); + + listAlertTypesRoute(router, licenseState, undefined, true); + + const [config] = router.get.mock.calls[0]; + + expect(config.path).toMatchInlineSnapshot(`"/api/alerts/list_alert_types"`); + expect(config.options?.access).toBe('internal'); + }); + it('ensures the license allows listing alert types', async () => { const licenseState = licenseStateMock.create(); const router = httpServiceMock.createRouter(); diff --git a/x-pack/plugins/alerting/server/routes/legacy/list_alert_types.ts b/x-pack/plugins/alerting/server/routes/legacy/list_alert_types.ts index 8c9346fe880f8..6668ff219ade0 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/list_alert_types.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/list_alert_types.ts @@ -14,13 +14,15 @@ import { trackLegacyRouteUsage } from '../../lib/track_legacy_route_usage'; export const listAlertTypesRoute = ( router: AlertingRouter, licenseState: ILicenseState, - usageCounter?: UsageCounter + usageCounter?: UsageCounter, + isServerless?: boolean ) => { router.get( { path: `${LEGACY_BASE_ALERT_API_PATH}/list_alert_types`, validate: {}, options: { + access: isServerless ? 'internal' : 'public', summary: 'Get the alert types', tags: ['oas-tag:alerting'], deprecated: true, diff --git a/x-pack/plugins/alerting/server/routes/legacy/mute_all.test.ts b/x-pack/plugins/alerting/server/routes/legacy/mute_all.test.ts index ee3dca51a4340..9a9ea27ba6751 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/mute_all.test.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/mute_all.test.ts @@ -37,6 +37,7 @@ describe('muteAllAlertRoute', () => { const [config, handler] = router.post.mock.calls[0]; expect(config.path).toMatchInlineSnapshot(`"/api/alerts/alert/{id}/_mute_all"`); + expect(config.options?.access).toBe('public'); rulesClient.muteAll.mockResolvedValueOnce(); @@ -64,6 +65,18 @@ describe('muteAllAlertRoute', () => { expect(res.noContent).toHaveBeenCalled(); }); + it('should have internal access for serverless', async () => { + const licenseState = licenseStateMock.create(); + const router = httpServiceMock.createRouter(); + + muteAllAlertRoute(router, licenseState, undefined, true); + + const [config] = router.post.mock.calls[0]; + + expect(config.path).toMatchInlineSnapshot(`"/api/alerts/alert/{id}/_mute_all"`); + expect(config.options?.access).toBe('internal'); + }); + it('ensures the alert type gets validated for the license', async () => { const licenseState = licenseStateMock.create(); const router = httpServiceMock.createRouter(); diff --git a/x-pack/plugins/alerting/server/routes/legacy/mute_all.ts b/x-pack/plugins/alerting/server/routes/legacy/mute_all.ts index a553bd6d41af4..eaa989dc8fb6a 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/mute_all.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/mute_all.ts @@ -21,7 +21,8 @@ const paramSchema = schema.object({ export const muteAllAlertRoute = ( router: AlertingRouter, licenseState: ILicenseState, - usageCounter?: UsageCounter + usageCounter?: UsageCounter, + isServerless?: boolean ) => { router.post( { @@ -30,6 +31,7 @@ export const muteAllAlertRoute = ( params: paramSchema, }, options: { + access: isServerless ? 'internal' : 'public', summary: 'Mute all alert instances', tags: ['oas-tag:alerting'], deprecated: true, diff --git a/x-pack/plugins/alerting/server/routes/legacy/mute_instance.test.ts b/x-pack/plugins/alerting/server/routes/legacy/mute_instance.test.ts index 648a2a963246f..7a142e4e94854 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/mute_instance.test.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/mute_instance.test.ts @@ -39,6 +39,7 @@ describe('muteAlertInstanceRoute', () => { expect(config.path).toMatchInlineSnapshot( `"/api/alerts/alert/{alert_id}/alert_instance/{alert_instance_id}/_mute"` ); + expect(config.options?.access).toBe('public'); rulesClient.muteInstance.mockResolvedValueOnce(); @@ -68,6 +69,20 @@ describe('muteAlertInstanceRoute', () => { expect(res.noContent).toHaveBeenCalled(); }); + it('should have internal access for serverless', async () => { + const licenseState = licenseStateMock.create(); + const router = httpServiceMock.createRouter(); + + muteAlertInstanceRoute(router, licenseState, undefined, true); + + const [config] = router.post.mock.calls[0]; + + expect(config.path).toMatchInlineSnapshot( + `"/api/alerts/alert/{alert_id}/alert_instance/{alert_instance_id}/_mute"` + ); + expect(config.options?.access).toBe('internal'); + }); + it('ensures the alert type gets validated for the license', async () => { const licenseState = licenseStateMock.create(); const router = httpServiceMock.createRouter(); diff --git a/x-pack/plugins/alerting/server/routes/legacy/mute_instance.ts b/x-pack/plugins/alerting/server/routes/legacy/mute_instance.ts index d9799a4e7744d..c309dd36b7744 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/mute_instance.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/mute_instance.ts @@ -24,7 +24,8 @@ const paramSchema = schema.object({ export const muteAlertInstanceRoute = ( router: AlertingRouter, licenseState: ILicenseState, - usageCounter?: UsageCounter + usageCounter?: UsageCounter, + isServerless?: boolean ) => { router.post( { @@ -33,6 +34,7 @@ export const muteAlertInstanceRoute = ( params: paramSchema, }, options: { + access: isServerless ? 'internal' : 'public', summary: 'Mute an alert', tags: ['oas-tag:alerting'], deprecated: true, diff --git a/x-pack/plugins/alerting/server/routes/legacy/unmute_all.test.ts b/x-pack/plugins/alerting/server/routes/legacy/unmute_all.test.ts index e781fee392ce6..6a88335ec98ae 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/unmute_all.test.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/unmute_all.test.ts @@ -37,6 +37,7 @@ describe('unmuteAllAlertRoute', () => { const [config, handler] = router.post.mock.calls[0]; expect(config.path).toMatchInlineSnapshot(`"/api/alerts/alert/{id}/_unmute_all"`); + expect(config.options?.access).toBe('public'); rulesClient.unmuteAll.mockResolvedValueOnce(); @@ -64,6 +65,18 @@ describe('unmuteAllAlertRoute', () => { expect(res.noContent).toHaveBeenCalled(); }); + it('should have internal access for serverless', async () => { + const licenseState = licenseStateMock.create(); + const router = httpServiceMock.createRouter(); + + unmuteAllAlertRoute(router, licenseState, undefined, true); + + const [config] = router.post.mock.calls[0]; + + expect(config.path).toMatchInlineSnapshot(`"/api/alerts/alert/{id}/_unmute_all"`); + expect(config.options?.access).toBe('internal'); + }); + it('ensures the alert type gets validated for the license', async () => { const licenseState = licenseStateMock.create(); const router = httpServiceMock.createRouter(); diff --git a/x-pack/plugins/alerting/server/routes/legacy/unmute_all.ts b/x-pack/plugins/alerting/server/routes/legacy/unmute_all.ts index 554d64d8cce4e..70dfd65e33c79 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/unmute_all.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/unmute_all.ts @@ -21,7 +21,8 @@ const paramSchema = schema.object({ export const unmuteAllAlertRoute = ( router: AlertingRouter, licenseState: ILicenseState, - usageCounter?: UsageCounter + usageCounter?: UsageCounter, + isServerless?: boolean ) => { router.post( { @@ -30,6 +31,7 @@ export const unmuteAllAlertRoute = ( params: paramSchema, }, options: { + access: isServerless ? 'internal' : 'public', summary: 'Unmute all alert instances', tags: ['oas-tag:alerting'], deprecated: true, diff --git a/x-pack/plugins/alerting/server/routes/legacy/unmute_instance.test.ts b/x-pack/plugins/alerting/server/routes/legacy/unmute_instance.test.ts index 0cc1856bc6a27..b04f376c38ca1 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/unmute_instance.test.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/unmute_instance.test.ts @@ -39,6 +39,7 @@ describe('unmuteAlertInstanceRoute', () => { expect(config.path).toMatchInlineSnapshot( `"/api/alerts/alert/{alertId}/alert_instance/{alertInstanceId}/_unmute"` ); + expect(config.options?.access).toBe('public'); rulesClient.unmuteInstance.mockResolvedValueOnce(); @@ -68,6 +69,20 @@ describe('unmuteAlertInstanceRoute', () => { expect(res.noContent).toHaveBeenCalled(); }); + it('should have internal access for serverless', async () => { + const licenseState = licenseStateMock.create(); + const router = httpServiceMock.createRouter(); + + unmuteAlertInstanceRoute(router, licenseState, undefined, true); + + const [config] = router.post.mock.calls[0]; + + expect(config.path).toMatchInlineSnapshot( + `"/api/alerts/alert/{alertId}/alert_instance/{alertInstanceId}/_unmute"` + ); + expect(config.options?.access).toBe('internal'); + }); + it('ensures the alert type gets validated for the license', async () => { const licenseState = licenseStateMock.create(); const router = httpServiceMock.createRouter(); diff --git a/x-pack/plugins/alerting/server/routes/legacy/unmute_instance.ts b/x-pack/plugins/alerting/server/routes/legacy/unmute_instance.ts index 0382948732cc8..7990539d6c20d 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/unmute_instance.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/unmute_instance.ts @@ -22,7 +22,8 @@ const paramSchema = schema.object({ export const unmuteAlertInstanceRoute = ( router: AlertingRouter, licenseState: ILicenseState, - usageCounter?: UsageCounter + usageCounter?: UsageCounter, + isServerless?: boolean ) => { router.post( { @@ -31,6 +32,7 @@ export const unmuteAlertInstanceRoute = ( params: paramSchema, }, options: { + access: isServerless ? 'internal' : 'public', summary: 'Unmute an alert', tags: ['oas-tag:alerting'], deprecated: true, diff --git a/x-pack/plugins/alerting/server/routes/legacy/update.test.ts b/x-pack/plugins/alerting/server/routes/legacy/update.test.ts index 44a4cf629813a..fc4a814c26a27 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/update.test.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/update.test.ts @@ -71,6 +71,7 @@ describe('updateAlertRoute', () => { const [config, handler] = router.put.mock.calls[0]; expect(config.path).toMatchInlineSnapshot(`"/api/alerts/alert/{id}"`); + expect(config.options?.access).toBe('public'); rulesClient.update.mockResolvedValueOnce(mockedResponse as unknown as SanitizedRule); @@ -140,6 +141,18 @@ describe('updateAlertRoute', () => { expect(res.ok).toHaveBeenCalled(); }); + it('should have internal access for serverless', async () => { + const licenseState = licenseStateMock.create(); + const router = httpServiceMock.createRouter(); + + updateAlertRoute(router, licenseState, undefined, true); + + const [config] = router.put.mock.calls[0]; + + expect(config.path).toMatchInlineSnapshot(`"/api/alerts/alert/{id}"`); + expect(config.options?.access).toBe('internal'); + }); + it('ensures the license allows updating alerts', async () => { const licenseState = licenseStateMock.create(); const router = httpServiceMock.createRouter(); diff --git a/x-pack/plugins/alerting/server/routes/legacy/update.ts b/x-pack/plugins/alerting/server/routes/legacy/update.ts index 2df485d38885d..b65579e17b087 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/update.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/update.ts @@ -47,7 +47,8 @@ const bodySchema = schema.object({ export const updateAlertRoute = ( router: AlertingRouter, licenseState: ILicenseState, - usageCounter?: UsageCounter + usageCounter?: UsageCounter, + isServerless?: boolean ) => { router.put( { @@ -57,6 +58,7 @@ export const updateAlertRoute = ( params: paramSchema, }, options: { + access: isServerless ? 'internal' : 'public', summary: 'Update an alert', tags: ['oas-tag:alerting'], deprecated: true, diff --git a/x-pack/plugins/alerting/server/routes/legacy/update_api_key.test.ts b/x-pack/plugins/alerting/server/routes/legacy/update_api_key.test.ts index 3b726898138c0..cd5b6639ad004 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/update_api_key.test.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/update_api_key.test.ts @@ -37,6 +37,7 @@ describe('updateApiKeyRoute', () => { const [config, handler] = router.post.mock.calls[0]; expect(config.path).toMatchInlineSnapshot(`"/api/alerts/alert/{id}/_update_api_key"`); + expect(config.options?.access).toBe('public'); rulesClient.updateRuleApiKey.mockResolvedValueOnce(); @@ -64,6 +65,18 @@ describe('updateApiKeyRoute', () => { expect(res.noContent).toHaveBeenCalled(); }); + it('should have internal access for serverless', async () => { + const licenseState = licenseStateMock.create(); + const router = httpServiceMock.createRouter(); + + updateApiKeyRoute(router, licenseState, undefined, true); + + const [config] = router.post.mock.calls[0]; + + expect(config.path).toMatchInlineSnapshot(`"/api/alerts/alert/{id}/_update_api_key"`); + expect(config.options?.access).toBe('internal'); + }); + it('ensures the alert type gets validated for the license', async () => { const licenseState = licenseStateMock.create(); const router = httpServiceMock.createRouter(); diff --git a/x-pack/plugins/alerting/server/routes/legacy/update_api_key.ts b/x-pack/plugins/alerting/server/routes/legacy/update_api_key.ts index 7cacf14f269f5..06c466333967c 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/update_api_key.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/update_api_key.ts @@ -22,7 +22,8 @@ const paramSchema = schema.object({ export const updateApiKeyRoute = ( router: AlertingRouter, licenseState: ILicenseState, - usageCounter?: UsageCounter + usageCounter?: UsageCounter, + isServerless?: boolean ) => { router.post( { @@ -31,6 +32,7 @@ export const updateApiKeyRoute = ( params: paramSchema, }, options: { + access: isServerless ? 'internal' : 'public', summary: 'Update the API key for an alert', tags: ['oas-tag:alerting'], deprecated: true, diff --git a/x-pack/plugins/alerting/server/routes/maintenance_window/apis/archive/archive_maintenance_window_route.test.ts b/x-pack/plugins/alerting/server/routes/maintenance_window/apis/archive/archive_maintenance_window_route.test.ts index 627e0570011b3..a1f06715eb4ce 100644 --- a/x-pack/plugins/alerting/server/routes/maintenance_window/apis/archive/archive_maintenance_window_route.test.ts +++ b/x-pack/plugins/alerting/server/routes/maintenance_window/apis/archive/archive_maintenance_window_route.test.ts @@ -55,7 +55,14 @@ describe('archiveMaintenanceWindowRoute', () => { ); expect(config.path).toEqual('/internal/alerting/rules/maintenance_window/{id}/_archive'); - expect(config.options?.tags?.[0]).toEqual('access:write-maintenance-window'); + expect(config.options).toMatchInlineSnapshot(` + Object { + "access": "internal", + "tags": Array [ + "access:write-maintenance-window", + ], + } + `); await handler(context, req, res); diff --git a/x-pack/plugins/alerting/server/routes/maintenance_window/apis/archive/archive_maintenance_window_route.ts b/x-pack/plugins/alerting/server/routes/maintenance_window/apis/archive/archive_maintenance_window_route.ts index 9f218220e6a92..b4ac718489103 100644 --- a/x-pack/plugins/alerting/server/routes/maintenance_window/apis/archive/archive_maintenance_window_route.ts +++ b/x-pack/plugins/alerting/server/routes/maintenance_window/apis/archive/archive_maintenance_window_route.ts @@ -35,6 +35,7 @@ export const archiveMaintenanceWindowRoute = ( body: archiveBodySchemaV1, }, options: { + access: 'internal', tags: [`access:${MAINTENANCE_WINDOW_API_PRIVILEGES.WRITE_MAINTENANCE_WINDOW}`], }, }, diff --git a/x-pack/plugins/alerting/server/routes/maintenance_window/apis/bulk_get/bulk_get_maintenance_windows_route.test.ts b/x-pack/plugins/alerting/server/routes/maintenance_window/apis/bulk_get/bulk_get_maintenance_windows_route.test.ts index eaab39665fb6b..57fbac5699205 100644 --- a/x-pack/plugins/alerting/server/routes/maintenance_window/apis/bulk_get/bulk_get_maintenance_windows_route.test.ts +++ b/x-pack/plugins/alerting/server/routes/maintenance_window/apis/bulk_get/bulk_get_maintenance_windows_route.test.ts @@ -68,7 +68,14 @@ describe('bulkGetMaintenanceWindowRoute', () => { ); expect(config.path).toEqual('/internal/alerting/rules/maintenance_window/_bulk_get'); - expect(config.options?.tags?.[0]).toEqual('access:read-maintenance-window'); + expect(config.options).toMatchInlineSnapshot(` + Object { + "access": "internal", + "tags": Array [ + "access:read-maintenance-window", + ], + } + `); await handler(context, req, res); diff --git a/x-pack/plugins/alerting/server/routes/maintenance_window/apis/bulk_get/bulk_get_maintenance_windows_route.ts b/x-pack/plugins/alerting/server/routes/maintenance_window/apis/bulk_get/bulk_get_maintenance_windows_route.ts index fd77b52e0c04f..e4796a76639ac 100644 --- a/x-pack/plugins/alerting/server/routes/maintenance_window/apis/bulk_get/bulk_get_maintenance_windows_route.ts +++ b/x-pack/plugins/alerting/server/routes/maintenance_window/apis/bulk_get/bulk_get_maintenance_windows_route.ts @@ -32,6 +32,7 @@ export const bulkGetMaintenanceWindowRoute = ( body: bulkGetBodySchemaV1, }, options: { + access: 'internal', tags: [`access:${MAINTENANCE_WINDOW_API_PRIVILEGES.READ_MAINTENANCE_WINDOW}`], }, }, diff --git a/x-pack/plugins/alerting/server/routes/maintenance_window/apis/create/create_maintenance_window_route.test.ts b/x-pack/plugins/alerting/server/routes/maintenance_window/apis/create/create_maintenance_window_route.test.ts index 9cac558652d76..171734233c746 100644 --- a/x-pack/plugins/alerting/server/routes/maintenance_window/apis/create/create_maintenance_window_route.test.ts +++ b/x-pack/plugins/alerting/server/routes/maintenance_window/apis/create/create_maintenance_window_route.test.ts @@ -59,7 +59,14 @@ describe('createMaintenanceWindowRoute', () => { ); expect(config.path).toEqual('/internal/alerting/rules/maintenance_window'); - expect(config.options?.tags?.[0]).toEqual('access:write-maintenance-window'); + expect(config.options).toMatchInlineSnapshot(` + Object { + "access": "internal", + "tags": Array [ + "access:write-maintenance-window", + ], + } + `); await handler(context, req, res); diff --git a/x-pack/plugins/alerting/server/routes/maintenance_window/apis/create/create_maintenance_window_route.ts b/x-pack/plugins/alerting/server/routes/maintenance_window/apis/create/create_maintenance_window_route.ts index 1bbc6e311068c..652eb94126225 100644 --- a/x-pack/plugins/alerting/server/routes/maintenance_window/apis/create/create_maintenance_window_route.ts +++ b/x-pack/plugins/alerting/server/routes/maintenance_window/apis/create/create_maintenance_window_route.ts @@ -33,6 +33,7 @@ export const createMaintenanceWindowRoute = ( body: createBodySchemaV1, }, options: { + access: 'internal', tags: [`access:${MAINTENANCE_WINDOW_API_PRIVILEGES.WRITE_MAINTENANCE_WINDOW}`], }, }, diff --git a/x-pack/plugins/alerting/server/routes/maintenance_window/apis/delete/delete_maintenance_window_route.test.ts b/x-pack/plugins/alerting/server/routes/maintenance_window/apis/delete/delete_maintenance_window_route.test.ts index b248fe1394318..daabef149ff98 100644 --- a/x-pack/plugins/alerting/server/routes/maintenance_window/apis/delete/delete_maintenance_window_route.test.ts +++ b/x-pack/plugins/alerting/server/routes/maintenance_window/apis/delete/delete_maintenance_window_route.test.ts @@ -47,7 +47,14 @@ describe('deleteMaintenanceWindowRoute', () => { ); expect(config.path).toEqual('/internal/alerting/rules/maintenance_window/{id}'); - expect(config.options?.tags?.[0]).toEqual('access:write-maintenance-window'); + expect(config.options).toMatchInlineSnapshot(` + Object { + "access": "internal", + "tags": Array [ + "access:write-maintenance-window", + ], + } + `); await handler(context, req, res); diff --git a/x-pack/plugins/alerting/server/routes/maintenance_window/apis/delete/delete_maintenance_window_route.ts b/x-pack/plugins/alerting/server/routes/maintenance_window/apis/delete/delete_maintenance_window_route.ts index 9abc9872b9b37..9d3facaf41f8b 100644 --- a/x-pack/plugins/alerting/server/routes/maintenance_window/apis/delete/delete_maintenance_window_route.ts +++ b/x-pack/plugins/alerting/server/routes/maintenance_window/apis/delete/delete_maintenance_window_route.ts @@ -30,6 +30,7 @@ export const deleteMaintenanceWindowRoute = ( params: deleteParamsSchemaV1, }, options: { + access: 'internal', tags: [`access:${MAINTENANCE_WINDOW_API_PRIVILEGES.WRITE_MAINTENANCE_WINDOW}`], }, }, diff --git a/x-pack/plugins/alerting/server/routes/maintenance_window/apis/find/find_maintenance_windows_route.test.ts b/x-pack/plugins/alerting/server/routes/maintenance_window/apis/find/find_maintenance_windows_route.test.ts index b296489cce6ce..bb1ff6b0e6ae6 100644 --- a/x-pack/plugins/alerting/server/routes/maintenance_window/apis/find/find_maintenance_windows_route.test.ts +++ b/x-pack/plugins/alerting/server/routes/maintenance_window/apis/find/find_maintenance_windows_route.test.ts @@ -56,7 +56,14 @@ describe('findMaintenanceWindowsRoute', () => { const [context, req, res] = mockHandlerArguments({ maintenanceWindowClient }, { body: {} }); expect(config.path).toEqual('/internal/alerting/rules/maintenance_window/_find'); - expect(config.options?.tags?.[0]).toEqual('access:read-maintenance-window'); + expect(config.options).toMatchInlineSnapshot(` + Object { + "access": "internal", + "tags": Array [ + "access:read-maintenance-window", + ], + } + `); await handler(context, req, res); diff --git a/x-pack/plugins/alerting/server/routes/maintenance_window/apis/find/find_maintenance_windows_route.ts b/x-pack/plugins/alerting/server/routes/maintenance_window/apis/find/find_maintenance_windows_route.ts index 4baf6032e4222..7a7fb13160252 100644 --- a/x-pack/plugins/alerting/server/routes/maintenance_window/apis/find/find_maintenance_windows_route.ts +++ b/x-pack/plugins/alerting/server/routes/maintenance_window/apis/find/find_maintenance_windows_route.ts @@ -26,6 +26,7 @@ export const findMaintenanceWindowsRoute = ( path: `${INTERNAL_ALERTING_API_MAINTENANCE_WINDOW_PATH}/_find`, validate: {}, options: { + access: 'internal', tags: [`access:${MAINTENANCE_WINDOW_API_PRIVILEGES.READ_MAINTENANCE_WINDOW}`], }, }, diff --git a/x-pack/plugins/alerting/server/routes/maintenance_window/apis/finish/finish_maintenance_window_route.test.ts b/x-pack/plugins/alerting/server/routes/maintenance_window/apis/finish/finish_maintenance_window_route.test.ts index f5a5949186d6a..cfab8e5ede692 100644 --- a/x-pack/plugins/alerting/server/routes/maintenance_window/apis/finish/finish_maintenance_window_route.test.ts +++ b/x-pack/plugins/alerting/server/routes/maintenance_window/apis/finish/finish_maintenance_window_route.test.ts @@ -48,7 +48,14 @@ describe('finishMaintenanceWindowRoute', () => { ); expect(config.path).toEqual('/internal/alerting/rules/maintenance_window/{id}/_finish'); - expect(config.options?.tags?.[0]).toEqual('access:write-maintenance-window'); + expect(config.options).toMatchInlineSnapshot(` + Object { + "access": "internal", + "tags": Array [ + "access:write-maintenance-window", + ], + } + `); await handler(context, req, res); diff --git a/x-pack/plugins/alerting/server/routes/maintenance_window/apis/finish/finish_maintenance_window_route.ts b/x-pack/plugins/alerting/server/routes/maintenance_window/apis/finish/finish_maintenance_window_route.ts index fe1310734d424..73b5834afd278 100644 --- a/x-pack/plugins/alerting/server/routes/maintenance_window/apis/finish/finish_maintenance_window_route.ts +++ b/x-pack/plugins/alerting/server/routes/maintenance_window/apis/finish/finish_maintenance_window_route.ts @@ -32,6 +32,7 @@ export const finishMaintenanceWindowRoute = ( params: finishParamsSchemaV1, }, options: { + access: 'internal', tags: [`access:${MAINTENANCE_WINDOW_API_PRIVILEGES.WRITE_MAINTENANCE_WINDOW}`], }, }, diff --git a/x-pack/plugins/alerting/server/routes/maintenance_window/apis/get/get_maintenance_window_route.test.ts b/x-pack/plugins/alerting/server/routes/maintenance_window/apis/get/get_maintenance_window_route.test.ts index b2752793dd588..f0dd021078314 100644 --- a/x-pack/plugins/alerting/server/routes/maintenance_window/apis/get/get_maintenance_window_route.test.ts +++ b/x-pack/plugins/alerting/server/routes/maintenance_window/apis/get/get_maintenance_window_route.test.ts @@ -48,7 +48,14 @@ describe('getMaintenanceWindowRoute', () => { ); expect(config.path).toEqual('/internal/alerting/rules/maintenance_window/{id}'); - expect(config.options?.tags?.[0]).toEqual('access:read-maintenance-window'); + expect(config.options).toMatchInlineSnapshot(` + Object { + "access": "internal", + "tags": Array [ + "access:read-maintenance-window", + ], + } + `); await handler(context, req, res); diff --git a/x-pack/plugins/alerting/server/routes/maintenance_window/apis/get/get_maintenance_window_route.ts b/x-pack/plugins/alerting/server/routes/maintenance_window/apis/get/get_maintenance_window_route.ts index 2b842f3ad0449..155dc70c2843e 100644 --- a/x-pack/plugins/alerting/server/routes/maintenance_window/apis/get/get_maintenance_window_route.ts +++ b/x-pack/plugins/alerting/server/routes/maintenance_window/apis/get/get_maintenance_window_route.ts @@ -32,6 +32,7 @@ export const getMaintenanceWindowRoute = ( params: getParamsSchemaV1, }, options: { + access: 'internal', tags: [`access:${MAINTENANCE_WINDOW_API_PRIVILEGES.READ_MAINTENANCE_WINDOW}`], }, }, diff --git a/x-pack/plugins/alerting/server/routes/maintenance_window/apis/get_active/get_active_maintenance_windows_route.test.ts b/x-pack/plugins/alerting/server/routes/maintenance_window/apis/get_active/get_active_maintenance_windows_route.test.ts index a5e50194c0bf6..f9b83997d75a6 100644 --- a/x-pack/plugins/alerting/server/routes/maintenance_window/apis/get_active/get_active_maintenance_windows_route.test.ts +++ b/x-pack/plugins/alerting/server/routes/maintenance_window/apis/get_active/get_active_maintenance_windows_route.test.ts @@ -56,7 +56,14 @@ describe('getActiveMaintenanceWindowsRoute', () => { const [context, req, res] = mockHandlerArguments({ maintenanceWindowClient }, { body: {} }); expect(config.path).toEqual('/internal/alerting/rules/maintenance_window/_active'); - expect(config.options?.tags?.[0]).toEqual('access:read-maintenance-window'); + expect(config.options).toMatchInlineSnapshot(` + Object { + "access": "internal", + "tags": Array [ + "access:read-maintenance-window", + ], + } + `); await handler(context, req, res); diff --git a/x-pack/plugins/alerting/server/routes/maintenance_window/apis/get_active/get_active_maintenance_windows_route.ts b/x-pack/plugins/alerting/server/routes/maintenance_window/apis/get_active/get_active_maintenance_windows_route.ts index e7c70d23a5132..4b487babb0e0d 100644 --- a/x-pack/plugins/alerting/server/routes/maintenance_window/apis/get_active/get_active_maintenance_windows_route.ts +++ b/x-pack/plugins/alerting/server/routes/maintenance_window/apis/get_active/get_active_maintenance_windows_route.ts @@ -27,6 +27,7 @@ export const getActiveMaintenanceWindowsRoute = ( path: INTERNAL_ALERTING_API_GET_ACTIVE_MAINTENANCE_WINDOWS_PATH, validate: {}, options: { + access: 'internal', tags: [`access:${MAINTENANCE_WINDOW_API_PRIVILEGES.READ_MAINTENANCE_WINDOW}`], }, }, diff --git a/x-pack/plugins/alerting/server/routes/maintenance_window/apis/update/update_maintenance_window_route.test.ts b/x-pack/plugins/alerting/server/routes/maintenance_window/apis/update/update_maintenance_window_route.test.ts index daf1cd92dab63..37c912b69afcb 100644 --- a/x-pack/plugins/alerting/server/routes/maintenance_window/apis/update/update_maintenance_window_route.test.ts +++ b/x-pack/plugins/alerting/server/routes/maintenance_window/apis/update/update_maintenance_window_route.test.ts @@ -65,7 +65,14 @@ describe('updateMaintenanceWindowRoute', () => { ); expect(config.path).toEqual('/internal/alerting/rules/maintenance_window/{id}'); - expect(config.options?.tags?.[0]).toEqual('access:write-maintenance-window'); + expect(config.options).toMatchInlineSnapshot(` + Object { + "access": "internal", + "tags": Array [ + "access:write-maintenance-window", + ], + } + `); await handler(context, req, res); diff --git a/x-pack/plugins/alerting/server/routes/maintenance_window/apis/update/update_maintenance_window_route.ts b/x-pack/plugins/alerting/server/routes/maintenance_window/apis/update/update_maintenance_window_route.ts index 82f116e3ab8d7..44fb680eabc42 100644 --- a/x-pack/plugins/alerting/server/routes/maintenance_window/apis/update/update_maintenance_window_route.ts +++ b/x-pack/plugins/alerting/server/routes/maintenance_window/apis/update/update_maintenance_window_route.ts @@ -36,6 +36,7 @@ export const updateMaintenanceWindowRoute = ( params: updateParamsSchemaV1, }, options: { + access: 'internal', tags: [`access:${MAINTENANCE_WINDOW_API_PRIVILEGES.WRITE_MAINTENANCE_WINDOW}`], }, }, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/aggregate/aggregate_rules_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/aggregate/aggregate_rules_route.ts index a8f7a20baa4cb..9b595858793f8 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/aggregate/aggregate_rules_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/aggregate/aggregate_rules_route.ts @@ -30,6 +30,7 @@ export const aggregateRulesRoute = ( router.post( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/rules/_aggregate`, + options: { access: 'internal' }, validate: { body: aggregateRulesRequestBodySchemaV1, }, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/bulk_delete/bulk_delete_rules_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/bulk_delete/bulk_delete_rules_route.ts index ad9b77b3aba83..8bd6f7fc19916 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/bulk_delete/bulk_delete_rules_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/bulk_delete/bulk_delete_rules_route.ts @@ -28,6 +28,7 @@ export const bulkDeleteRulesRoute = ({ router.patch( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/rules/_bulk_delete`, + options: { access: 'internal' }, validate: { body: bulkDeleteRulesRequestBodySchemaV1, }, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/bulk_disable/bulk_disable_rules_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/bulk_disable/bulk_disable_rules_route.ts index 07ea4f54cf82c..724eda3ae7b87 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/bulk_disable/bulk_disable_rules_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/bulk_disable/bulk_disable_rules_route.ts @@ -29,6 +29,7 @@ export const bulkDisableRulesRoute = ({ router.patch( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/rules/_bulk_disable`, + options: { access: 'internal' }, validate: { body: bulkDisableRulesRequestBodySchemaV1, }, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/bulk_edit/bulk_edit_rules_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/bulk_edit/bulk_edit_rules_route.ts index b81675ee85d3c..4c853beeec250 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/bulk_edit/bulk_edit_rules_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/bulk_edit/bulk_edit_rules_route.ts @@ -33,6 +33,7 @@ const buildBulkEditRulesRoute = ({ licenseState, path, router }: BuildBulkEditRu router.post( { path, + options: { access: 'internal' }, validate: { body: bulkEditRulesRequestBodySchemaV1, }, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/bulk_enable/bulk_enable_rules_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/bulk_enable/bulk_enable_rules_route.ts index 9a8210dc8aed8..da97949fd0feb 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/bulk_enable/bulk_enable_rules_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/bulk_enable/bulk_enable_rules_route.ts @@ -27,6 +27,7 @@ export const bulkEnableRulesRoute = ({ router.patch( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/rules/_bulk_enable`, + options: { access: 'internal' }, validate: { body: bulkEnableBodySchemaV1, }, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/bulk_untrack/bulk_untrack_alerts_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/bulk_untrack/bulk_untrack_alerts_route.ts index 3539db62d0649..622218705b510 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/bulk_untrack/bulk_untrack_alerts_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/bulk_untrack/bulk_untrack_alerts_route.ts @@ -21,6 +21,7 @@ export const bulkUntrackAlertsRoute = ( router.post( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/alerts/_bulk_untrack`, + options: { access: 'internal' }, validate: { body: bulkUntrackBodySchemaV1, }, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/bulk_untrack_by_query/bulk_untrack_alerts_by_query_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/bulk_untrack_by_query/bulk_untrack_alerts_by_query_route.ts index 92b43570772c7..5cebdb8c6e7f4 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/bulk_untrack_by_query/bulk_untrack_alerts_by_query_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/bulk_untrack_by_query/bulk_untrack_alerts_by_query_route.ts @@ -22,6 +22,7 @@ export const bulkUntrackAlertsByQueryRoute = ( router.post( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/alerts/_bulk_untrack_by_query`, + options: { access: 'internal' }, validate: { body: bulkUntrackByQueryBodySchemaV1, }, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/clone/clone_rule_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/clone/clone_rule_route.ts index 91214233b61ea..ea6460dfb9463 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/clone/clone_rule_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/clone/clone_rule_route.ts @@ -25,6 +25,7 @@ export const cloneRuleRoute = ( router.post( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/rule/{id}/_clone/{newId?}`, + options: { access: 'internal' }, validate: { params: cloneRuleRequestParamsSchemaV1, }, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/find/find_rules_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/find/find_rules_route.ts index fbfaf65a8024b..b4384e9d8f4ef 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/find/find_rules_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/find/find_rules_route.ts @@ -108,6 +108,7 @@ const buildFindRulesRoute = ({ router.post( { path, + options: { access: 'internal' }, validate: { body: findRulesRequestQuerySchemaV1, }, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/get/get_rule_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/get/get_rule_route.ts index fa68d00eb3c8c..0c19d0c9c4f70 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/get/get_rule_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/get/get_rule_route.ts @@ -109,4 +109,5 @@ export const getInternalRuleRoute = ( licenseState, path: `${INTERNAL_BASE_ALERTING_API_PATH}/rule/{id}`, router, + options: { access: 'internal' }, }); diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/get_schedule_frequency/get_schedule_frequency_route.test.ts b/x-pack/plugins/alerting/server/routes/rule/apis/get_schedule_frequency/get_schedule_frequency_route.test.ts index 9778bc12afc68..a91a2b2728580 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/get_schedule_frequency/get_schedule_frequency_route.test.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/get_schedule_frequency/get_schedule_frequency_route.test.ts @@ -34,6 +34,9 @@ describe('getScheduleFrequencyRoute', () => { expect(config).toMatchInlineSnapshot(` Object { + "options": Object { + "access": "internal", + }, "path": "/internal/alerting/rules/_schedule_frequency", "validate": Object {}, } diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/get_schedule_frequency/get_schedule_frequency_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/get_schedule_frequency/get_schedule_frequency_route.ts index 438c2f2b4aa54..e130679a78437 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/get_schedule_frequency/get_schedule_frequency_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/get_schedule_frequency/get_schedule_frequency_route.ts @@ -19,6 +19,7 @@ export const getScheduleFrequencyRoute = ( router.get( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/rules/_schedule_frequency`, + options: { access: 'internal' }, validate: {}, }, router.handleLegacyErrors( diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/resolve/resolve_rule_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/resolve/resolve_rule_route.ts index 2e6f016b5f6ac..f67485279edc5 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/resolve/resolve_rule_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/resolve/resolve_rule_route.ts @@ -27,6 +27,7 @@ export const resolveRuleRoute = ( router.get( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/rule/{id}/_resolve`, + options: { access: 'internal' }, validate: { params: resolveParamsSchemaV1, }, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/snooze/snooze_rule_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/snooze/snooze_rule_route.ts index 93b619b50d82c..1de46fd784905 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/snooze/snooze_rule_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/snooze/snooze_rule_route.ts @@ -25,6 +25,7 @@ export const snoozeRuleRoute = ( router.post( { path: INTERNAL_ALERTING_SNOOZE_RULE, + options: { access: 'internal' }, validate: { params: snoozeParamsSchema, body: snoozeBodySchema, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/tags/get_rule_tags.ts b/x-pack/plugins/alerting/server/routes/rule/apis/tags/get_rule_tags.ts index c115ba7fc6c6c..c66bf0d61009a 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/tags/get_rule_tags.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/tags/get_rule_tags.ts @@ -22,6 +22,7 @@ export const getRuleTagsRoute = ( router.get( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/rules/_tags`, + options: { access: 'internal' }, validate: { query: ruleTagsRequestQuerySchemaV1, }, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/unsnooze/unsnooze_rule_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/unsnooze/unsnooze_rule_route.ts index e37b5c0217f0a..69e4c91eeaf35 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/unsnooze/unsnooze_rule_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/unsnooze/unsnooze_rule_route.ts @@ -25,6 +25,7 @@ export const unsnoozeRuleRoute = ( router.post( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/rule/{id}/_unsnooze`, + options: { access: 'internal' }, validate: { params: unsnoozeParamsSchema, body: unsnoozeBodySchema, diff --git a/x-pack/plugins/alerting/server/routes/rules_settings/apis/get/get_query_delay_settings.test.ts b/x-pack/plugins/alerting/server/routes/rules_settings/apis/get/get_query_delay_settings.test.ts index e025fcf84a25b..dc6474fe50a35 100644 --- a/x-pack/plugins/alerting/server/routes/rules_settings/apis/get/get_query_delay_settings.test.ts +++ b/x-pack/plugins/alerting/server/routes/rules_settings/apis/get/get_query_delay_settings.test.ts @@ -37,6 +37,7 @@ describe('getQueryDelaySettingsRoute', () => { expect(config).toMatchInlineSnapshot(` Object { "options": Object { + "access": "internal", "tags": Array [ "access:read-query-delay-settings", ], diff --git a/x-pack/plugins/alerting/server/routes/rules_settings/apis/get/get_query_delay_settings.ts b/x-pack/plugins/alerting/server/routes/rules_settings/apis/get/get_query_delay_settings.ts index ee16be9642977..542af574d4459 100644 --- a/x-pack/plugins/alerting/server/routes/rules_settings/apis/get/get_query_delay_settings.ts +++ b/x-pack/plugins/alerting/server/routes/rules_settings/apis/get/get_query_delay_settings.ts @@ -22,6 +22,7 @@ export const getQueryDelaySettingsRoute = ( path: `${INTERNAL_BASE_ALERTING_API_PATH}/rules/settings/_query_delay`, validate: {}, options: { + access: 'internal', tags: [`access:${API_PRIVILEGES.READ_QUERY_DELAY_SETTINGS}`], }, }, diff --git a/x-pack/plugins/alerting/server/routes/rules_settings/apis/update/update_query_delay_settings.test.ts b/x-pack/plugins/alerting/server/routes/rules_settings/apis/update/update_query_delay_settings.test.ts index 34d3c8dfefe08..c912a4ff4dec9 100644 --- a/x-pack/plugins/alerting/server/routes/rules_settings/apis/update/update_query_delay_settings.test.ts +++ b/x-pack/plugins/alerting/server/routes/rules_settings/apis/update/update_query_delay_settings.test.ts @@ -45,6 +45,7 @@ describe('updateQueryDelaySettingsRoute', () => { expect(config.path).toMatchInlineSnapshot(`"/internal/alerting/rules/settings/_query_delay"`); expect(config.options).toMatchInlineSnapshot(` Object { + "access": "internal", "tags": Array [ "access:write-query-delay-settings", ], diff --git a/x-pack/plugins/alerting/server/routes/rules_settings/apis/update/update_query_delay_settings.ts b/x-pack/plugins/alerting/server/routes/rules_settings/apis/update/update_query_delay_settings.ts index 050f28942fda7..4d3107f2c9568 100644 --- a/x-pack/plugins/alerting/server/routes/rules_settings/apis/update/update_query_delay_settings.ts +++ b/x-pack/plugins/alerting/server/routes/rules_settings/apis/update/update_query_delay_settings.ts @@ -28,6 +28,7 @@ export const updateQueryDelaySettingsRoute = ( body: updateQueryDelaySettingsBodySchemaV1, }, options: { + access: 'internal', tags: [`access:${API_PRIVILEGES.WRITE_QUERY_DELAY_SETTINGS}`], }, }, diff --git a/x-pack/plugins/alerting/server/routes/run_soon.ts b/x-pack/plugins/alerting/server/routes/run_soon.ts index f6ee65597d9f2..589724ab57b06 100644 --- a/x-pack/plugins/alerting/server/routes/run_soon.ts +++ b/x-pack/plugins/alerting/server/routes/run_soon.ts @@ -22,6 +22,9 @@ export const runSoonRoute = ( router.post( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/rule/{id}/_run_soon`, + options: { + access: 'internal', + }, validate: { params: paramSchema, }, diff --git a/x-pack/plugins/alerting/server/routes/suggestions/fields_rules.ts b/x-pack/plugins/alerting/server/routes/suggestions/fields_rules.ts index d7c210f5a7c41..f3201d961e684 100644 --- a/x-pack/plugins/alerting/server/routes/suggestions/fields_rules.ts +++ b/x-pack/plugins/alerting/server/routes/suggestions/fields_rules.ts @@ -30,6 +30,7 @@ export function registerFieldsRoute( router.post( { path: '/internal/rules/saved_objects/fields', + options: { access: 'internal' }, validate: { body: schema.nullable( schema.object({ diff --git a/x-pack/plugins/alerting/server/routes/suggestions/values_suggestion_alerts.ts b/x-pack/plugins/alerting/server/routes/suggestions/values_suggestion_alerts.ts index e2feb464ea6d2..f39615efa7e8d 100644 --- a/x-pack/plugins/alerting/server/routes/suggestions/values_suggestion_alerts.ts +++ b/x-pack/plugins/alerting/server/routes/suggestions/values_suggestion_alerts.ts @@ -63,6 +63,7 @@ export function registerAlertsValueSuggestionsRoute( router.post( { path: '/internal/alerts/suggestions/values', + options: { access: 'internal' }, validate: AlertsSuggestionsSchema, }, router.handleLegacyErrors( diff --git a/x-pack/plugins/alerting/server/routes/suggestions/values_suggestion_rules.ts b/x-pack/plugins/alerting/server/routes/suggestions/values_suggestion_rules.ts index 06e98b168f937..6ada2378b3096 100644 --- a/x-pack/plugins/alerting/server/routes/suggestions/values_suggestion_rules.ts +++ b/x-pack/plugins/alerting/server/routes/suggestions/values_suggestion_rules.ts @@ -49,6 +49,7 @@ export function registerRulesValueSuggestionsRoute( router.post( { path: '/internal/rules/suggestions/values', + options: { access: 'internal' }, validate: RulesSuggestionsSchema, }, router.handleLegacyErrors( diff --git a/x-pack/plugins/alerting/server/routes/update_flapping_settings.test.ts b/x-pack/plugins/alerting/server/routes/update_flapping_settings.test.ts index 81ea7dd087b16..05563afb85176 100644 --- a/x-pack/plugins/alerting/server/routes/update_flapping_settings.test.ts +++ b/x-pack/plugins/alerting/server/routes/update_flapping_settings.test.ts @@ -47,6 +47,7 @@ describe('updateFlappingSettingsRoute', () => { expect(config.path).toMatchInlineSnapshot(`"/internal/alerting/rules/settings/_flapping"`); expect(config.options).toMatchInlineSnapshot(` Object { + "access": "internal", "tags": Array [ "access:write-flapping-settings", ], diff --git a/x-pack/plugins/alerting/server/routes/update_flapping_settings.ts b/x-pack/plugins/alerting/server/routes/update_flapping_settings.ts index 6df16434d3833..d12f185d47e07 100644 --- a/x-pack/plugins/alerting/server/routes/update_flapping_settings.ts +++ b/x-pack/plugins/alerting/server/routes/update_flapping_settings.ts @@ -61,6 +61,7 @@ export const updateFlappingSettingsRoute = ( body: bodySchema, }, options: { + access: 'internal', tags: [`access:${API_PRIVILEGES.WRITE_FLAPPING_SETTINGS}`], }, }, diff --git a/x-pack/plugins/cases/server/routes/api/cases/categories/get_categories.ts b/x-pack/plugins/cases/server/routes/api/cases/categories/get_categories.ts index fa3d2b6a3ade2..3cf1550e10f84 100644 --- a/x-pack/plugins/cases/server/routes/api/cases/categories/get_categories.ts +++ b/x-pack/plugins/cases/server/routes/api/cases/categories/get_categories.ts @@ -13,6 +13,9 @@ import type { caseApiV1 } from '../../../../../common/types/api'; export const getCategoriesRoute = createCasesRoute({ method: 'get', path: INTERNAL_GET_CASE_CATEGORIES_URL, + routerOptions: { + access: 'internal', + }, handler: async ({ context, request, response }) => { try { const caseContext = await context.cases; diff --git a/x-pack/plugins/cases/server/routes/api/cases/get_case.ts b/x-pack/plugins/cases/server/routes/api/cases/get_case.ts index b988a85aa052c..831a7be129f70 100644 --- a/x-pack/plugins/cases/server/routes/api/cases/get_case.ts +++ b/x-pack/plugins/cases/server/routes/api/cases/get_case.ts @@ -77,6 +77,9 @@ export const getCaseRoute = createCasesRoute({ export const resolveCaseRoute = createCasesRoute({ method: 'get', path: `${CASE_DETAILS_URL}/resolve`, + routerOptions: { + access: 'internal', + }, params, handler: async ({ context, request, response }) => { try { diff --git a/x-pack/plugins/cases/server/routes/api/internal/bulk_create_attachments.ts b/x-pack/plugins/cases/server/routes/api/internal/bulk_create_attachments.ts index 8074d8e626ea7..18ae3d1cf74e0 100644 --- a/x-pack/plugins/cases/server/routes/api/internal/bulk_create_attachments.ts +++ b/x-pack/plugins/cases/server/routes/api/internal/bulk_create_attachments.ts @@ -22,6 +22,9 @@ export const bulkCreateAttachmentsRoute = createCasesRoute({ }), body: schema.arrayOf(escapeHatch), }, + routerOptions: { + access: 'internal', + }, handler: async ({ context, request, response }) => { try { const casesContext = await context.cases; diff --git a/x-pack/plugins/cases/server/routes/api/internal/bulk_delete_file_attachments.ts b/x-pack/plugins/cases/server/routes/api/internal/bulk_delete_file_attachments.ts index 42fd25bb5c7b9..3e92c11766cd0 100644 --- a/x-pack/plugins/cases/server/routes/api/internal/bulk_delete_file_attachments.ts +++ b/x-pack/plugins/cases/server/routes/api/internal/bulk_delete_file_attachments.ts @@ -24,6 +24,9 @@ export const bulkDeleteFileAttachments = createCasesRoute({ }), body: escapeHatch, }, + routerOptions: { + access: 'internal', + }, handler: async ({ context, request, response }) => { try { const caseContext = await context.cases; diff --git a/x-pack/plugins/cases/server/routes/api/internal/bulk_get_attachments.ts b/x-pack/plugins/cases/server/routes/api/internal/bulk_get_attachments.ts index e747d0304e24a..f1e42a3cc8772 100644 --- a/x-pack/plugins/cases/server/routes/api/internal/bulk_get_attachments.ts +++ b/x-pack/plugins/cases/server/routes/api/internal/bulk_get_attachments.ts @@ -24,6 +24,9 @@ export const bulkGetAttachmentsRoute = createCasesRoute({ }), body: escapeHatch, }, + routerOptions: { + access: 'internal', + }, handler: async ({ context, request, response }) => { try { const caseContext = await context.cases; diff --git a/x-pack/plugins/cases/server/routes/api/internal/bulk_get_cases.ts b/x-pack/plugins/cases/server/routes/api/internal/bulk_get_cases.ts index 329cfc2483031..1ea9ae8a29778 100644 --- a/x-pack/plugins/cases/server/routes/api/internal/bulk_get_cases.ts +++ b/x-pack/plugins/cases/server/routes/api/internal/bulk_get_cases.ts @@ -17,6 +17,9 @@ export const bulkGetCasesRoute = createCasesRoute({ params: { body: escapeHatch, }, + routerOptions: { + access: 'internal', + }, handler: async ({ context, request, response }) => { const params = request.body as caseApiV1.CasesBulkGetRequest; diff --git a/x-pack/plugins/cases/server/routes/api/internal/get_case_metrics.ts b/x-pack/plugins/cases/server/routes/api/internal/get_case_metrics.ts index 26e83adbc186a..61215828be0b0 100644 --- a/x-pack/plugins/cases/server/routes/api/internal/get_case_metrics.ts +++ b/x-pack/plugins/cases/server/routes/api/internal/get_case_metrics.ts @@ -27,6 +27,9 @@ export const getCaseMetricRoute = createCasesRoute({ ]), }), }, + routerOptions: { + access: 'internal', + }, handler: async ({ context, request, response }) => { try { const caseContext = await context.cases; diff --git a/x-pack/plugins/cases/server/routes/api/internal/get_case_user_actions_stats.ts b/x-pack/plugins/cases/server/routes/api/internal/get_case_user_actions_stats.ts index f90fbd067bf62..07393c9f1880c 100644 --- a/x-pack/plugins/cases/server/routes/api/internal/get_case_user_actions_stats.ts +++ b/x-pack/plugins/cases/server/routes/api/internal/get_case_user_actions_stats.ts @@ -18,6 +18,9 @@ export const getCaseUserActionStatsRoute = createCasesRoute({ case_id: schema.string(), }), }, + routerOptions: { + access: 'internal', + }, handler: async ({ context, request, response }) => { try { const casesContext = await context.cases; diff --git a/x-pack/plugins/cases/server/routes/api/internal/get_case_users.ts b/x-pack/plugins/cases/server/routes/api/internal/get_case_users.ts index bbf69e4378886..eec44b5c92602 100644 --- a/x-pack/plugins/cases/server/routes/api/internal/get_case_users.ts +++ b/x-pack/plugins/cases/server/routes/api/internal/get_case_users.ts @@ -19,6 +19,9 @@ export const getCaseUsersRoute = createCasesRoute({ case_id: schema.string(), }), }, + routerOptions: { + access: 'internal', + }, handler: async ({ context, request, response }) => { try { const casesContext = await context.cases; diff --git a/x-pack/plugins/cases/server/routes/api/internal/get_cases_metrics.ts b/x-pack/plugins/cases/server/routes/api/internal/get_cases_metrics.ts index 1d7a64e4e27cf..68a9489323aaf 100644 --- a/x-pack/plugins/cases/server/routes/api/internal/get_cases_metrics.ts +++ b/x-pack/plugins/cases/server/routes/api/internal/get_cases_metrics.ts @@ -16,6 +16,9 @@ import { createCasesRoute } from '../create_cases_route'; export const getCasesMetricRoute = createCasesRoute({ method: 'get', path: INTERNAL_CASE_METRICS_URL, + routerOptions: { + access: 'internal', + }, params: { query: schema.object({ features: schema.oneOf([ diff --git a/x-pack/plugins/cases/server/routes/api/internal/get_connectors.ts b/x-pack/plugins/cases/server/routes/api/internal/get_connectors.ts index bc5e2d701eb0f..a88d6ee9b5c14 100644 --- a/x-pack/plugins/cases/server/routes/api/internal/get_connectors.ts +++ b/x-pack/plugins/cases/server/routes/api/internal/get_connectors.ts @@ -19,6 +19,9 @@ export const getConnectorsRoute = createCasesRoute({ case_id: schema.string(), }), }, + routerOptions: { + access: 'internal', + }, handler: async ({ context, request, response }) => { try { const casesContext = await context.cases; diff --git a/x-pack/plugins/cases/server/routes/api/internal/replace_custom_field.ts b/x-pack/plugins/cases/server/routes/api/internal/replace_custom_field.ts index c243c10064c24..4e60982f02c53 100644 --- a/x-pack/plugins/cases/server/routes/api/internal/replace_custom_field.ts +++ b/x-pack/plugins/cases/server/routes/api/internal/replace_custom_field.ts @@ -21,6 +21,9 @@ export const replaceCustomFieldRoute = createCasesRoute({ custom_field_id: schema.string(), }), }, + routerOptions: { + access: 'internal', + }, handler: async ({ context, request, response }) => { try { const caseContext = await context.cases; diff --git a/x-pack/plugins/cases/server/routes/api/internal/search_cases.ts b/x-pack/plugins/cases/server/routes/api/internal/search_cases.ts index 193b9dab70649..c7881868a4b2a 100644 --- a/x-pack/plugins/cases/server/routes/api/internal/search_cases.ts +++ b/x-pack/plugins/cases/server/routes/api/internal/search_cases.ts @@ -14,6 +14,9 @@ import type { caseApiV1 } from '../../../../common/types/api'; export const searchCasesRoute = createCasesRoute({ method: 'post', path: `${CASES_INTERNAL_URL}/_search`, + routerOptions: { + access: 'internal', + }, handler: async ({ context, request, response }) => { try { const caseContext = await context.cases; diff --git a/x-pack/plugins/cases/server/routes/api/internal/suggest_user_profiles.ts b/x-pack/plugins/cases/server/routes/api/internal/suggest_user_profiles.ts index 747d59f1b6cf4..79a3b4588d6a5 100644 --- a/x-pack/plugins/cases/server/routes/api/internal/suggest_user_profiles.ts +++ b/x-pack/plugins/cases/server/routes/api/internal/suggest_user_profiles.ts @@ -19,6 +19,7 @@ export const suggestUserProfilesRoute = (userProfileService: UserProfileService) path: INTERNAL_SUGGEST_USER_PROFILES_URL, routerOptions: { tags: ['access:casesSuggestUserProfiles'], + access: 'internal', }, params: { body: escapeHatch, diff --git a/x-pack/plugins/rule_registry/server/routes/bulk_update_alerts.ts b/x-pack/plugins/rule_registry/server/routes/bulk_update_alerts.ts index 01f9d5c594068..84fdcafd7b211 100644 --- a/x-pack/plugins/rule_registry/server/routes/bulk_update_alerts.ts +++ b/x-pack/plugins/rule_registry/server/routes/bulk_update_alerts.ts @@ -46,6 +46,7 @@ export const bulkUpdateAlertsRoute = (router: IRouter) ), }, options: { + access: 'internal', tags: ['access:rac'], }, }, diff --git a/x-pack/plugins/rule_registry/server/routes/find.ts b/x-pack/plugins/rule_registry/server/routes/find.ts index 5075525a9dbd8..370607836b832 100644 --- a/x-pack/plugins/rule_registry/server/routes/find.ts +++ b/x-pack/plugins/rule_registry/server/routes/find.ts @@ -38,6 +38,7 @@ export const findAlertsByQueryRoute = (router: IRouter ), }, options: { + access: 'internal', tags: ['access:rac'], }, }, diff --git a/x-pack/plugins/rule_registry/server/routes/get_aad_fields_by_rule_type.ts b/x-pack/plugins/rule_registry/server/routes/get_aad_fields_by_rule_type.ts index 5ebd217053af7..39e0b96d466cb 100644 --- a/x-pack/plugins/rule_registry/server/routes/get_aad_fields_by_rule_type.ts +++ b/x-pack/plugins/rule_registry/server/routes/get_aad_fields_by_rule_type.ts @@ -27,6 +27,7 @@ export const getAADFieldsByRuleType = (router: IRouter ), }, options: { + access: 'internal', tags: ['access:rac'], }, }, diff --git a/x-pack/plugins/rule_registry/server/routes/get_alert_by_id.ts b/x-pack/plugins/rule_registry/server/routes/get_alert_by_id.ts index 2dc2d1ec2db7d..d904796c68753 100644 --- a/x-pack/plugins/rule_registry/server/routes/get_alert_by_id.ts +++ b/x-pack/plugins/rule_registry/server/routes/get_alert_by_id.ts @@ -35,6 +35,7 @@ export const getAlertByIdRoute = (router: IRouter) => ), }, options: { + access: 'internal', tags: ['access:rac'], }, }, diff --git a/x-pack/plugins/rule_registry/server/routes/get_alert_index.ts b/x-pack/plugins/rule_registry/server/routes/get_alert_index.ts index 8140f413c96f9..f828deff3301d 100644 --- a/x-pack/plugins/rule_registry/server/routes/get_alert_index.ts +++ b/x-pack/plugins/rule_registry/server/routes/get_alert_index.ts @@ -28,6 +28,7 @@ export const getAlertsIndexRoute = (router: IRouter) = ), }, options: { + access: 'internal', tags: ['access:rac'], }, }, diff --git a/x-pack/plugins/rule_registry/server/routes/get_alert_summary.ts b/x-pack/plugins/rule_registry/server/routes/get_alert_summary.ts index 838bf06e7e768..fc4ce222c81e6 100644 --- a/x-pack/plugins/rule_registry/server/routes/get_alert_summary.ts +++ b/x-pack/plugins/rule_registry/server/routes/get_alert_summary.ts @@ -40,6 +40,7 @@ export const getAlertSummaryRoute = (router: IRouter) ), }, options: { + access: 'internal', tags: ['access:rac'], }, }, diff --git a/x-pack/plugins/rule_registry/server/routes/get_alerts_group_aggregations.ts b/x-pack/plugins/rule_registry/server/routes/get_alerts_group_aggregations.ts index bd589fcda71a1..0d447d6a14210 100644 --- a/x-pack/plugins/rule_registry/server/routes/get_alerts_group_aggregations.ts +++ b/x-pack/plugins/rule_registry/server/routes/get_alerts_group_aggregations.ts @@ -36,6 +36,7 @@ export const getAlertsGroupAggregations = (router: IRouter) ), }, options: { + access: 'internal', tags: ['access:rac'], }, }, diff --git a/x-pack/plugins/stack_connectors/server/routes/get_well_known_email_service.ts b/x-pack/plugins/stack_connectors/server/routes/get_well_known_email_service.ts index 94d2d199d4b62..5e15ca4c32838 100644 --- a/x-pack/plugins/stack_connectors/server/routes/get_well_known_email_service.ts +++ b/x-pack/plugins/stack_connectors/server/routes/get_well_known_email_service.ts @@ -29,6 +29,9 @@ export const getWellKnownEmailServiceRoute = (router: IRouter) => { validate: { params: paramSchema, }, + options: { + access: 'internal', + }, }, handler ); diff --git a/x-pack/plugins/stack_connectors/server/routes/valid_slack_api_channels.ts b/x-pack/plugins/stack_connectors/server/routes/valid_slack_api_channels.ts index cd2cb113a6750..420af8d104891 100644 --- a/x-pack/plugins/stack_connectors/server/routes/valid_slack_api_channels.ts +++ b/x-pack/plugins/stack_connectors/server/routes/valid_slack_api_channels.ts @@ -37,6 +37,9 @@ export const validSlackApiChannelsRoute = ( validate: { body: bodySchema, }, + options: { + access: 'internal', + }, }, handler ); diff --git a/x-pack/plugins/triggers_actions_ui/server/data/routes/fields.ts b/x-pack/plugins/triggers_actions_ui/server/data/routes/fields.ts index 2b18bd4567243..677d90066f182 100644 --- a/x-pack/plugins/triggers_actions_ui/server/data/routes/fields.ts +++ b/x-pack/plugins/triggers_actions_ui/server/data/routes/fields.ts @@ -32,6 +32,9 @@ export function createFieldsRoute(logger: Logger, router: IRouter, baseRoute: st validate: { body: bodySchema, }, + options: { + access: 'internal', + }, }, handler ); diff --git a/x-pack/plugins/triggers_actions_ui/server/data/routes/indices.ts b/x-pack/plugins/triggers_actions_ui/server/data/routes/indices.ts index a75853be1a3e4..53c72a77d6385 100644 --- a/x-pack/plugins/triggers_actions_ui/server/data/routes/indices.ts +++ b/x-pack/plugins/triggers_actions_ui/server/data/routes/indices.ts @@ -36,6 +36,9 @@ export function createIndicesRoute(logger: Logger, router: IRouter, baseRoute: s validate: { body: bodySchema, }, + options: { + access: 'internal', + }, }, handler ); diff --git a/x-pack/plugins/triggers_actions_ui/server/data/routes/time_series_query.ts b/x-pack/plugins/triggers_actions_ui/server/data/routes/time_series_query.ts index 24a0eaf13f771..f549e46576939 100644 --- a/x-pack/plugins/triggers_actions_ui/server/data/routes/time_series_query.ts +++ b/x-pack/plugins/triggers_actions_ui/server/data/routes/time_series_query.ts @@ -31,6 +31,9 @@ export function createTimeSeriesQueryRoute( validate: { body: TimeSeriesQuerySchema, }, + options: { + access: 'internal', + }, }, handler ); diff --git a/x-pack/plugins/triggers_actions_ui/server/routes/config.ts b/x-pack/plugins/triggers_actions_ui/server/routes/config.ts index e6904681e71b4..2e10586b76924 100644 --- a/x-pack/plugins/triggers_actions_ui/server/routes/config.ts +++ b/x-pack/plugins/triggers_actions_ui/server/routes/config.ts @@ -39,6 +39,9 @@ export function createConfigRoute({ { path, validate: false, + options: { + access: 'internal', + }, }, handler ); diff --git a/x-pack/plugins/triggers_actions_ui/server/routes/health.ts b/x-pack/plugins/triggers_actions_ui/server/routes/health.ts index 679026ab56f2b..b57e9b3df4dc6 100644 --- a/x-pack/plugins/triggers_actions_ui/server/routes/health.ts +++ b/x-pack/plugins/triggers_actions_ui/server/routes/health.ts @@ -26,6 +26,9 @@ export function createHealthRoute( { path, validate: false, + options: { + access: 'internal', + }, }, handler );