Skip to content

Commit

Permalink
Authz info for a number of REST api routes owned by Kibana Management…
Browse files Browse the repository at this point in the history
… team (elastic#204682)

## Summary

Part of elastic#204681

Simply adding authz info
  • Loading branch information
mattkime authored and benakansara committed Jan 2, 2025
1 parent 1f09001 commit 1eab0c2
Show file tree
Hide file tree
Showing 116 changed files with 964 additions and 70 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,12 @@ export const registerCreateRoute = ({
router.post(
{
path: addBasePath('/auto_follow_patterns'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
body: bodySchema,
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,12 @@ export const registerDeleteRoute = ({
router.delete(
{
path: addBasePath('/auto_follow_patterns/{id}'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
params: paramsSchema,
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,12 @@ export const registerFetchRoute = ({
router.get(
{
path: addBasePath('/auto_follow_patterns'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: false,
},
license.guardApiRoute(async (context, request, response) => {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,12 @@ export const registerGetRoute = ({
router.get(
{
path: addBasePath('/auto_follow_patterns/{id}'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
params: paramsSchema,
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,12 @@ export const registerPauseRoute = ({
router.post(
{
path: addBasePath('/auto_follow_patterns/{id}/pause'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
params: paramsSchema,
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,12 @@ export const registerResumeRoute = ({
router.post(
{
path: addBasePath('/auto_follow_patterns/{id}/resume'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
params: paramsSchema,
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,12 @@ export const registerUpdateRoute = ({
router.put(
{
path: addBasePath('/auto_follow_patterns/{id}'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
params: paramsSchema,
body: bodySchema,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,12 @@ export const registerPermissionsRoute = ({
router.get(
{
path: addBasePath('/permissions'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: false,
},
license.guardApiRoute(async (context, request, response) => {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,12 @@ export const registerStatsRoute = ({
router.get(
{
path: addBasePath('/stats/auto_follow'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: false,
},
license.guardApiRoute(async (context, request, response) => {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,12 @@ export const registerCreateRoute = ({
router.post(
{
path: addBasePath('/follower_indices'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
body: bodySchema,
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,12 @@ export const registerFetchRoute = ({
router.get(
{
path: addBasePath('/follower_indices'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: false,
},
license.guardApiRoute(async (context, request, response) => {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,12 @@ export const registerGetRoute = ({
router.get(
{
path: addBasePath('/follower_indices/{id}'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
params: paramsSchema,
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,12 @@ export const registerPauseRoute = ({
router.put(
{
path: addBasePath('/follower_indices/{id}/pause'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
params: paramsSchema,
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,12 @@ export const registerResumeRoute = ({
router.put(
{
path: addBasePath('/follower_indices/{id}/resume'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
params: paramsSchema,
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,12 @@ export const registerUnfollowRoute = ({
router.put(
{
path: addBasePath('/follower_indices/{id}/unfollow'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
params: paramsSchema,
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,12 @@ export const registerUpdateRoute = ({
router.put(
{
path: addBasePath('/follower_indices/{id}'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
params: paramsSchema,
body: bodySchema,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,12 @@ export function registerGrokSimulateRoute(framework: KibanaFramework) {
{
method: 'post',
path: '/api/grokdebugger/simulate',
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
body: requestBodySchema,
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,16 @@ export function registerAddPolicyRoute({
lib: { handleEsError },
}: RouteDependencies) {
router.post(
{ path: addBasePath('/index/add'), validate: { body: bodySchema } },
{
path: addBasePath('/index/add'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: { body: bodySchema },
},
license.guardApiRoute(async (context, request, response) => {
const body = request.body as typeof bodySchema.type;
const { indexName, policyName, alias = '' } = body;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,16 @@ export function registerRemoveRoute({
lib: { handleEsError },
}: RouteDependencies) {
router.post(
{ path: addBasePath('/index/remove'), validate: { body: bodySchema } },
{
path: addBasePath('/index/remove'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: { body: bodySchema },
},
license.guardApiRoute(async (context, request, response) => {
const body = request.body as typeof bodySchema.type;
const { indexNames } = body;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,16 @@ const bodySchema = schema.object({

export function registerRetryRoute({ router, license, lib: { handleEsError } }: RouteDependencies) {
router.post(
{ path: addBasePath('/index/retry'), validate: { body: bodySchema } },
{
path: addBasePath('/index/retry'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: { body: bodySchema },
},
license.guardApiRoute(async (context, request, response) => {
const body = request.body as typeof bodySchema.type;
const { indexNames } = body;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,16 @@ export function registerDetailsRoute({
lib: { handleEsError },
}: RouteDependencies) {
router.get(
{ path: addBasePath('/nodes/{nodeAttrs}/details'), validate: { params: paramsSchema } },
{
path: addBasePath('/nodes/{nodeAttrs}/details'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: { params: paramsSchema },
},
license.guardApiRoute(async (context, request, response) => {
const params = request.params as typeof paramsSchema.type;
const { nodeAttrs } = params;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,16 @@ export function registerListRoute({
const disallowedNodeAttributes = [...NODE_ATTRS_KEYS_TO_IGNORE, ...filteredNodeAttributes];

router.get(
{ path: addBasePath('/nodes/list'), validate: false },
{
path: addBasePath('/nodes/list'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: false,
},
license.guardApiRoute(async (context, request, response) => {
try {
const esClient = (await context.core).elasticsearch.client;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,16 @@ export function registerCreateRoute({
lib: { handleEsError },
}: RouteDependencies) {
router.post(
{ path: addBasePath('/policies'), validate: { body: bodySchema } },
{
path: addBasePath('/policies'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: { body: bodySchema },
},
license.guardApiRoute(async (context, request, response) => {
const body = request.body as typeof bodySchema.type;
const { name, ...rest } = body;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,16 @@ export function registerDeleteRoute({
lib: { handleEsError },
}: RouteDependencies) {
router.delete(
{ path: addBasePath('/policies/{policyNames}'), validate: { params: paramsSchema } },
{
path: addBasePath('/policies/{policyNames}'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: { params: paramsSchema },
},
license.guardApiRoute(async (context, request, response) => {
const params = request.params as typeof paramsSchema.type;
const { policyNames } = params;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,16 @@ async function fetchPolicies(client: ElasticsearchClient): Promise<TransportResu

export function registerFetchRoute({ router, license, lib: { handleEsError } }: RouteDependencies) {
router.get(
{ path: addBasePath('/policies'), validate: false },
{
path: addBasePath('/policies'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: false,
},
license.guardApiRoute(async (context, request, response) => {
const { asCurrentUser } = (await context.core).elasticsearch.client;

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,16 @@ import { addBasePath } from '../../../services';

export function registerFetchRoute({ router, license, lib: { handleEsError } }: RouteDependencies) {
router.get(
{ path: addBasePath('/snapshot_policies'), validate: false },
{
path: addBasePath('/snapshot_policies'),
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: false,
},
license.guardApiRoute(async (context, request, response) => {
try {
const esClient = (await context.core).elasticsearch.client;
Expand Down
Loading

0 comments on commit 1eab0c2

Please sign in to comment.