From 87177fa87408d839c9a4aa7b36f9f39ad328278e Mon Sep 17 00:00:00 2001 From: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Date: Fri, 1 Nov 2024 02:46:24 +1100 Subject: [PATCH] Authorized route migration for routes owned by @elastic/security-threat-hunting-explore (#198191) ### Authz API migration for authorized routes This PR migrates `access:` tags used in route definitions to new security configuration. Please refer to the documentation for more information: [Authorization API](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization) ### **Before migration:** Access control tags were defined in the `options` object of the route: ```ts router.get({ path: '/api/path', options: { tags: ['access:', 'access:'], }, ... }, handler); ``` ### **After migration:** Tags have been replaced with the more robust `security.authz.requiredPrivileges` field under `security`: ```ts router.get({ path: '/api/path', security: { authz: { requiredPrivileges: ['', ''], }, }, ... }, handler); ``` ### What to do next? 1. Review the changes in this PR. 2. You might need to update your tests to reflect the new security configuration: - If you have tests that rely on checking `access` tags. - If you have snapshot tests that include the route definition. - If you have FTR tests that rely on checking unauthorized error message. The error message changed to also include missing privileges. ## Any questions? If you have any questions or need help with API authorization, please reach out to the `@elastic/kibana-security` team. --- .../server/routes/get_ilm_explain.ts | 6 +++++- .../server/routes/get_index_mappings.ts | 6 +++++- .../server/routes/get_index_stats.ts | 6 +++++- .../server/routes/results/get_index_results.ts | 6 +++++- .../server/routes/results/get_index_results_latest.ts | 6 +++++- .../server/routes/results/post_index_results.ts | 6 +++++- 6 files changed, 30 insertions(+), 6 deletions(-) diff --git a/x-pack/plugins/ecs_data_quality_dashboard/server/routes/get_ilm_explain.ts b/x-pack/plugins/ecs_data_quality_dashboard/server/routes/get_ilm_explain.ts index 31202adffed2c..ee413ea09ef67 100644 --- a/x-pack/plugins/ecs_data_quality_dashboard/server/routes/get_ilm_explain.ts +++ b/x-pack/plugins/ecs_data_quality_dashboard/server/routes/get_ilm_explain.ts @@ -19,7 +19,11 @@ export const getILMExplainRoute = (router: IRouter, logger: Logger) => { .get({ path: GET_ILM_EXPLAIN, access: 'internal', - options: { tags: ['access:securitySolution'] }, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/ecs_data_quality_dashboard/server/routes/get_index_mappings.ts b/x-pack/plugins/ecs_data_quality_dashboard/server/routes/get_index_mappings.ts index f3c59ccf9f3e2..845e118bc6f05 100755 --- a/x-pack/plugins/ecs_data_quality_dashboard/server/routes/get_index_mappings.ts +++ b/x-pack/plugins/ecs_data_quality_dashboard/server/routes/get_index_mappings.ts @@ -19,7 +19,11 @@ export const getIndexMappingsRoute = (router: IRouter, logger: Logger) => { .get({ path: GET_INDEX_MAPPINGS, access: 'internal', - options: { tags: ['access:securitySolution'] }, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/ecs_data_quality_dashboard/server/routes/get_index_stats.ts b/x-pack/plugins/ecs_data_quality_dashboard/server/routes/get_index_stats.ts index 0f4fbb83f71e6..d1bb25d34fc2a 100644 --- a/x-pack/plugins/ecs_data_quality_dashboard/server/routes/get_index_stats.ts +++ b/x-pack/plugins/ecs_data_quality_dashboard/server/routes/get_index_stats.ts @@ -26,7 +26,11 @@ export const getIndexStatsRoute = (router: IRouter, logger: Logger) => { .get({ path: GET_INDEX_STATS, access: 'internal', - options: { tags: ['access:securitySolution'] }, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/ecs_data_quality_dashboard/server/routes/results/get_index_results.ts b/x-pack/plugins/ecs_data_quality_dashboard/server/routes/results/get_index_results.ts index bbab7dede3c21..71f2422146f9c 100644 --- a/x-pack/plugins/ecs_data_quality_dashboard/server/routes/results/get_index_results.ts +++ b/x-pack/plugins/ecs_data_quality_dashboard/server/routes/results/get_index_results.ts @@ -87,7 +87,11 @@ export const getIndexResultsRoute = ( .get({ path: GET_INDEX_RESULTS, access: 'internal', - options: { tags: ['access:securitySolution'] }, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/ecs_data_quality_dashboard/server/routes/results/get_index_results_latest.ts b/x-pack/plugins/ecs_data_quality_dashboard/server/routes/results/get_index_results_latest.ts index 55ff8e01a01dc..3a294409af869 100644 --- a/x-pack/plugins/ecs_data_quality_dashboard/server/routes/results/get_index_results_latest.ts +++ b/x-pack/plugins/ecs_data_quality_dashboard/server/routes/results/get_index_results_latest.ts @@ -41,7 +41,11 @@ export const getIndexResultsLatestRoute = ( .get({ path: GET_INDEX_RESULTS_LATEST, access: 'internal', - options: { tags: ['access:securitySolution'] }, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/ecs_data_quality_dashboard/server/routes/results/post_index_results.ts b/x-pack/plugins/ecs_data_quality_dashboard/server/routes/results/post_index_results.ts index 5e87cadb4dadf..0c627d4cc0364 100644 --- a/x-pack/plugins/ecs_data_quality_dashboard/server/routes/results/post_index_results.ts +++ b/x-pack/plugins/ecs_data_quality_dashboard/server/routes/results/post_index_results.ts @@ -24,7 +24,11 @@ export const postIndexResultsRoute = ( .post({ path: POST_INDEX_RESULTS, access: 'internal', - options: { tags: ['access:securitySolution'] }, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, }) .addVersion( {