Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[8.x] [upgrade assistant] Add authz info to REST api endpoints (#205071) #205597

Merged
merged 1 commit into from
Jan 6, 2025
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -43,6 +43,12 @@ export function registerAppRoutes({
router.get(
{
path: `${API_BASE_PATH}/privileges`,
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: false,
},
versionCheckHandlerWrapper(async ({ core }, request, response) => {
Original file line number Diff line number Diff line change
@@ -15,7 +15,16 @@ export function registerCloudBackupStatusRoutes({
}: RouteDependencies) {
// GET most recent Cloud snapshot
router.get(
{ path: `${API_BASE_PATH}/cloud_backup_status`, validate: false },
{
path: `${API_BASE_PATH}/cloud_backup_status`,
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: false,
},
versionCheckHandlerWrapper(async (context, request, response) => {
const { client: clusterClient } = (await context.core).elasticsearch;

Original file line number Diff line number Diff line change
@@ -17,6 +17,12 @@ export function registerClusterSettingsRoute({
router.post(
{
path: `${API_BASE_PATH}/cluster_settings`,
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
body: schema.object({
settings: schema.arrayOf(schema.string()),
Original file line number Diff line number Diff line change
@@ -11,7 +11,16 @@ import { RouteDependencies } from '../types';

export function registerClusterUpgradeStatusRoutes({ router }: RouteDependencies) {
router.get(
{ path: `${API_BASE_PATH}/cluster_upgrade_status`, validate: false },
{
path: `${API_BASE_PATH}/cluster_upgrade_status`,
security: {
authz: {
enabled: false,
reason: 'Lightweight endpoint',
},
},
validate: false,
},
// We're just depending on the version check to return a 426.
// Otherwise we just return a 200.
versionCheckHandlerWrapper(async (context, request, response) => {
Original file line number Diff line number Diff line change
@@ -28,6 +28,12 @@ export function registerDeprecationLoggingRoutes({
router.get(
{
path: `${API_BASE_PATH}/deprecation_logging`,
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: false,
},
versionCheckHandlerWrapper(async ({ core }, request, response) => {
@@ -46,6 +52,12 @@ export function registerDeprecationLoggingRoutes({
router.put(
{
path: `${API_BASE_PATH}/deprecation_logging`,
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
body: schema.object({
isEnabled: schema.boolean(),
@@ -70,6 +82,12 @@ export function registerDeprecationLoggingRoutes({
router.get(
{
path: `${API_BASE_PATH}/deprecation_logging/count`,
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
query: schema.object({
from: schema.string(),
@@ -124,6 +142,12 @@ export function registerDeprecationLoggingRoutes({
router.delete(
{
path: `${API_BASE_PATH}/deprecation_logging/cache`,
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: false,
},
versionCheckHandlerWrapper(async ({ core }, request, response) => {
Original file line number Diff line number Diff line change
@@ -22,6 +22,12 @@ export function registerESDeprecationRoutes({
router.get(
{
path: `${API_BASE_PATH}/es_deprecations`,
security: {
authz: {
enabled: false,
reason: 'Relies on es and saved object clients for authorization',
},
},
validate: false,
},
versionCheckHandlerWrapper(async ({ core }, request, response) => {
Original file line number Diff line number Diff line change
@@ -145,6 +145,12 @@ export function registerMlSnapshotRoutes({
router.post(
{
path: `${API_BASE_PATH}/ml_snapshots`,
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
body: schema.object({
snapshotId: schema.string(),
@@ -195,6 +201,12 @@ export function registerMlSnapshotRoutes({
router.get(
{
path: `${API_BASE_PATH}/ml_snapshots/{jobId}/{snapshotId}`,
security: {
authz: {
enabled: false,
reason: 'Relies on es and saved object clients for authorization',
},
},
validate: {
params: schema.object({
snapshotId: schema.string(),
Original file line number Diff line number Diff line change
@@ -47,6 +47,12 @@ export function registerNodeDiskSpaceRoute({ router, lib: { handleEsError } }: R
router.get(
{
path: `${API_BASE_PATH}/node_disk_space`,
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: false,
},
versionCheckHandlerWrapper(async ({ core }, request, response) => {
Original file line number Diff line number Diff line change
@@ -36,6 +36,12 @@ export function registerBatchReindexIndicesRoutes(
router.get(
{
path: `${BASE_PATH}/batch/queue`,
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
options: {
access: 'public',
summary: `Get the batch reindex queue`,
@@ -75,6 +81,12 @@ export function registerBatchReindexIndicesRoutes(
router.post(
{
path: `${BASE_PATH}/batch`,
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
options: {
access: 'public',
summary: `Batch start or resume reindex`,
Original file line number Diff line number Diff line change
@@ -34,6 +34,12 @@ export function registerReindexIndicesRoutes(
router.post(
{
path: `${BASE_PATH}/{indexName}`,
security: {
authz: {
enabled: false,
reason: 'Relies on es and saved object clients for authorization',
},
},
options: {
access: 'public',
summary: `Start or resume reindex`,
Original file line number Diff line number Diff line change
@@ -13,6 +13,12 @@ export function registerRemoteClustersRoute({ router, lib: { handleEsError } }:
router.get(
{
path: `${API_BASE_PATH}/remote_clusters`,
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: false,
},
versionCheckHandlerWrapper(async ({ core }, request, response) => {
Original file line number Diff line number Diff line change
@@ -24,6 +24,12 @@ export function registerUpgradeStatusRoute({
router.get(
{
path: `${API_BASE_PATH}/status`,
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
options: {
access: 'public',
summary: `Get upgrade readiness status`,
Original file line number Diff line number Diff line change
@@ -19,7 +19,16 @@ export function registerSystemIndicesMigrationRoutes({
}: RouteDependencies) {
// GET status of the system indices migration
router.get(
{ path: `${API_BASE_PATH}/system_indices_migration`, validate: false },
{
path: `${API_BASE_PATH}/system_indices_migration`,
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: false,
},
versionCheckHandlerWrapper(async ({ core }, request, response) => {
try {
const {
Original file line number Diff line number Diff line change
@@ -14,6 +14,12 @@ export function registerUpdateSettingsRoute({ router }: RouteDependencies) {
router.post(
{
path: `${API_BASE_PATH}/{indexName}/index_settings`,
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
params: schema.object({
indexName: schema.string(),