From 27c3f48be3e50e3a56ff983a40b0f21ade012fe8 Mon Sep 17 00:00:00 2001 From: Nicolas Chaulet Date: Wed, 30 Oct 2024 14:57:40 -0400 Subject: [PATCH] [Fleet] Remove deprecated epm APIs --- .../plugins/fleet/common/constants/routes.ts | 9 +- .../plugins/fleet/server/routes/epm/index.ts | 219 +++++++----------- .../services/security/route_required_authz.ts | 2 +- .../fleet/server/types/rest_spec/epm.ts | 50 +--- .../public/management/mocks/fleet_mocks.ts | 2 +- 5 files changed, 94 insertions(+), 188 deletions(-) diff --git a/x-pack/plugins/fleet/common/constants/routes.ts b/x-pack/plugins/fleet/common/constants/routes.ts index c071c6feecbf8..8bfb6e6cf106e 100644 --- a/x-pack/plugins/fleet/common/constants/routes.ts +++ b/x-pack/plugins/fleet/common/constants/routes.ts @@ -23,19 +23,22 @@ export const LIMITED_CONCURRENCY_ROUTE_TAG = 'ingest:limited-concurrency'; const EPM_PACKAGES_MANY = `${EPM_API_ROOT}/packages`; const EPM_PACKAGES_INSTALLED = `${EPM_API_ROOT}/packages/installed`; const EPM_PACKAGES_BULK = `${EPM_PACKAGES_MANY}/_bulk`; -const EPM_PACKAGES_ONE_DEPRECATED = `${EPM_PACKAGES_MANY}/{pkgkey}`; +const EPM_PACKAGES_ONE_WITHOUT_VERSION = `${EPM_PACKAGES_MANY}/{pkgName}`; const EPM_PACKAGES_ONE = `${EPM_PACKAGES_MANY}/{pkgName}/{pkgVersion}`; export const EPM_API_ROUTES = { BULK_INSTALL_PATTERN: EPM_PACKAGES_BULK, LIST_PATTERN: EPM_PACKAGES_MANY, INSTALLED_LIST_PATTERN: EPM_PACKAGES_INSTALLED, LIMITED_LIST_PATTERN: `${EPM_PACKAGES_MANY}/limited`, + INFO_WITHOUT_VERSION_PATTERN: EPM_PACKAGES_ONE_WITHOUT_VERSION, INFO_PATTERN: EPM_PACKAGES_ONE, DATA_STREAMS_PATTERN: `${EPM_API_ROOT}/data_streams`, INSTALL_FROM_REGISTRY_PATTERN: EPM_PACKAGES_ONE, + INSTALL_FROM_REGISTRY_WITHOUT_VERSION_PATTERN: EPM_PACKAGES_ONE_WITHOUT_VERSION, INSTALL_BY_UPLOAD_PATTERN: EPM_PACKAGES_MANY, CUSTOM_INTEGRATIONS_PATTERN: `${EPM_API_ROOT}/custom_integrations`, DELETE_PATTERN: EPM_PACKAGES_ONE, + DELETE_PATTERN_WITHOUT_VERSION_PATTERN: EPM_PACKAGES_ONE_WITHOUT_VERSION, INSTALL_KIBANA_ASSETS_PATTERN: `${EPM_PACKAGES_ONE}/kibana_assets`, DELETE_KIBANA_ASSETS_PATTERN: `${EPM_PACKAGES_ONE}/kibana_assets`, FILEPATH_PATTERN: `${EPM_PACKAGES_ONE}/{filePath*}`, @@ -45,10 +48,6 @@ export const EPM_API_ROUTES = { BULK_ASSETS_PATTERN: `${EPM_API_ROOT}/bulk_assets`, INPUTS_PATTERN: `${EPM_API_ROOT}/templates/{pkgName}/{pkgVersion}/inputs`, - INFO_PATTERN_DEPRECATED: EPM_PACKAGES_ONE_DEPRECATED, - INSTALL_FROM_REGISTRY_PATTERN_DEPRECATED: EPM_PACKAGES_ONE_DEPRECATED, - DELETE_PATTERN_DEPRECATED: EPM_PACKAGES_ONE_DEPRECATED, - REAUTHORIZE_TRANSFORMS: `${EPM_PACKAGES_ONE}/transforms/authorize`, }; diff --git a/x-pack/plugins/fleet/server/routes/epm/index.ts b/x-pack/plugins/fleet/server/routes/epm/index.ts index 0e3c5e76eb825..7f92d0284292f 100644 --- a/x-pack/plugins/fleet/server/routes/epm/index.ts +++ b/x-pack/plugins/fleet/server/routes/epm/index.ts @@ -5,8 +5,6 @@ * 2.0. */ -import type { IKibanaResponse } from '@kbn/core/server'; - import { parseExperimentalConfigValue } from '../../../common/experimental_features'; import { API_VERSIONS } from '../../../common/constants'; @@ -20,32 +18,20 @@ import { } from '../../services/security'; import type { FleetAuthzRouteConfig } from '../../services/security/types'; -import type { - DeletePackageResponse, - GetInfoResponse, - InstallPackageResponse, - UpdatePackageResponse, -} from '../../../common/types'; - import { EPM_API_ROUTES } from '../../constants'; -import { splitPkgKey } from '../../services/epm/registry'; import { GetCategoriesRequestSchema, GetPackagesRequestSchema, GetInstalledPackagesRequestSchema, GetFileRequestSchema, GetInfoRequestSchema, - GetInfoRequestSchemaDeprecated, GetBulkAssetsRequestSchema, InstallPackageFromRegistryRequestSchema, - InstallPackageFromRegistryRequestSchemaDeprecated, InstallPackageByUploadRequestSchema, DeletePackageRequestSchema, - DeletePackageRequestSchemaDeprecated, BulkInstallPackagesFromRegistryRequestSchema, GetStatsRequestSchema, UpdatePackageRequestSchema, - UpdatePackageRequestSchemaDeprecated, ReauthorizeTransformRequestSchema, GetDataStreamsRequestSchema, CreateCustomIntegrationRequestSchema, @@ -301,6 +287,37 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType getFileHandler ); + router.versioned + .get({ + path: EPM_API_ROUTES.INFO_WITHOUT_VERSION_PATTERN, + fleetAuthz: (fleetAuthz: FleetAuthz): boolean => + calculateRouteAuthz( + fleetAuthz, + getRouteRequiredAuthz('get', EPM_API_ROUTES.INFO_WITHOUT_VERSION_PATTERN) + ).granted, + description: `Get package`, + options: { + tags: ['oas-tag:Elastic Package Manager (EPM)'], + }, + }) + .addVersion( + { + version: API_VERSIONS.public.v1, + validate: { + request: GetInfoRequestSchema, + response: { + 200: { + body: () => GetInfoResponseSchema, + }, + 400: { + body: genericErrorResponse, + }, + }, + }, + }, + getInfoHandler + ); + router.versioned .get({ path: EPM_API_ROUTES.INFO_PATTERN, @@ -358,6 +375,32 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType }, updatePackageHandler ); + router.versioned + .post({ + path: EPM_API_ROUTES.INSTALL_FROM_REGISTRY_WITHOUT_VERSION_PATTERN, + fleetAuthz: INSTALL_PACKAGES_AUTHZ, + description: `Install package from registry`, + options: { + tags: ['oas-tag:Elastic Package Manager (EPM)'], + }, + }) + .addVersion( + { + version: API_VERSIONS.public.v1, + validate: { + request: InstallPackageFromRegistryRequestSchema, + response: { + 200: { + body: () => InstallPackageResponseSchema, + }, + 400: { + body: genericErrorResponse, + }, + }, + }, + }, + installPackageFromRegistryHandler + ); router.versioned .post({ @@ -537,6 +580,36 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType createCustomIntegrationHandler ); + router.versioned + .delete({ + path: EPM_API_ROUTES.DELETE_PATTERN_WITHOUT_VERSION_PATTERN, + fleetAuthz: { + integrations: { removePackages: true }, + }, + description: `Delete package`, + options: { + tags: ['oas-tag:Elastic Package Manager (EPM)'], + }, + }) + .addVersion( + { + version: API_VERSIONS.public.v1, + validate: { + request: DeletePackageRequestSchema, + response: { + 200: { + body: () => DeletePackageResponseSchema, + }, + 400: { + body: genericErrorResponse, + }, + }, + }, + }, + + deletePackageHandler + ); + router.versioned .delete({ path: EPM_API_ROUTES.DELETE_PATTERN, @@ -648,124 +721,6 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType getBulkAssetsHandler ); - // deprecated since 8.0 - // This endpoint should be marked as internal but the router selects this endpoint over the new GET one - // For now keeping it public - router.versioned - .get({ - path: EPM_API_ROUTES.INFO_PATTERN_DEPRECATED, - fleetAuthz: (fleetAuthz: FleetAuthz): boolean => - calculateRouteAuthz( - fleetAuthz, - getRouteRequiredAuthz('get', EPM_API_ROUTES.INFO_PATTERN_DEPRECATED) - ).granted, - // @ts-expect-error TODO(https://github.com/elastic/kibana/issues/196095): Replace {RouteDeprecationInfo} - deprecated: true, - }) - .addVersion( - { - version: API_VERSIONS.public.v1, - validate: { request: GetInfoRequestSchemaDeprecated }, - }, - async (context, request, response) => { - const newRequest = { ...request, params: splitPkgKey(request.params.pkgkey) } as any; - const resp: IKibanaResponse = await getInfoHandler( - context, - newRequest, - response - ); - if (resp.payload?.item) { - // returning item as well here, because pkgVersion is optional in new GET endpoint, and if not specified, the router selects the deprecated route - return response.ok({ body: { item: resp.payload.item, response: resp.payload.item } }); - } - return resp; - } - ); - - router.versioned - .put({ - path: EPM_API_ROUTES.INFO_PATTERN_DEPRECATED, - fleetAuthz: { - integrations: { writePackageSettings: true }, - }, - // @ts-expect-error TODO(https://github.com/elastic/kibana/issues/196095): Replace {RouteDeprecationInfo} - deprecated: true, - }) - .addVersion( - { - version: API_VERSIONS.public.v1, - validate: { request: UpdatePackageRequestSchemaDeprecated }, - }, - async (context, request, response) => { - const newRequest = { ...request, params: splitPkgKey(request.params.pkgkey) } as any; - const resp: IKibanaResponse = await updatePackageHandler( - context, - newRequest, - response - ); - if (resp.payload?.item) { - return response.ok({ body: { response: resp.payload.item } }); - } - return resp; - } - ); - - // This endpoint should be marked as internal but the router selects this endpoint over the new POST - router.versioned - .post({ - path: EPM_API_ROUTES.INSTALL_FROM_REGISTRY_PATTERN_DEPRECATED, - fleetAuthz: INSTALL_PACKAGES_AUTHZ, - // @ts-expect-error TODO(https://github.com/elastic/kibana/issues/196095): Replace {RouteDeprecationInfo} - deprecated: true, - }) - .addVersion( - { - version: API_VERSIONS.public.v1, - validate: { request: InstallPackageFromRegistryRequestSchemaDeprecated }, - }, - async (context, request, response) => { - const newRequest = { - ...request, - params: splitPkgKey(request.params.pkgkey), - query: request.query, - } as any; - const resp: IKibanaResponse = - await installPackageFromRegistryHandler(context, newRequest, response); - if (resp.payload?.items) { - return response.ok({ body: { ...resp.payload, response: resp.payload.items } }); - } - return resp; - } - ); - - router.versioned - .delete({ - path: EPM_API_ROUTES.DELETE_PATTERN_DEPRECATED, - fleetAuthz: { - integrations: { removePackages: true }, - }, - // @ts-expect-error TODO(https://github.com/elastic/kibana/issues/196095): Replace {RouteDeprecationInfo} - deprecated: true, - }) - .addVersion( - { - version: API_VERSIONS.public.v1, - validate: { request: DeletePackageRequestSchemaDeprecated }, - }, - async (context, request, response) => { - const newRequest = { ...request, params: splitPkgKey(request.params.pkgkey) } as any; - const resp: IKibanaResponse = await deletePackageHandler( - context, - newRequest, - response - ); - if (resp.payload?.items) { - return response.ok({ body: { response: resp.payload.items } }); - } - return resp; - } - ); - // Update transforms with es-secondary-authorization headers, // append authorized_by to transform's _meta, and start transforms router.versioned diff --git a/x-pack/plugins/fleet/server/services/security/route_required_authz.ts b/x-pack/plugins/fleet/server/services/security/route_required_authz.ts index bbc1b07010fb7..37ab96b96afb7 100644 --- a/x-pack/plugins/fleet/server/services/security/route_required_authz.ts +++ b/x-pack/plugins/fleet/server/services/security/route_required_authz.ts @@ -164,7 +164,7 @@ const ROUTE_AUTHZ_REQUIREMENTS = deepFreeze