From 4ab648c4cc2a1b8804e4b2a54723bf6cc38c215a Mon Sep 17 00:00:00 2001 From: Paulo Henrique Date: Thu, 14 Nov 2024 14:03:55 -0800 Subject: [PATCH] updating security.authz for SessionView and Kubernetes Dashboard --- x-pack/plugins/kubernetes_security/server/routes/aggregate.ts | 3 +-- x-pack/plugins/kubernetes_security/server/routes/count.ts | 3 +-- .../kubernetes_security/server/routes/multi_terms_aggregate.ts | 3 +-- .../plugins/session_view/server/routes/alert_status_route.ts | 3 +-- x-pack/plugins/session_view/server/routes/alerts_route.ts | 3 +-- .../session_view/server/routes/get_total_io_bytes_route.ts | 2 +- x-pack/plugins/session_view/server/routes/io_events_route.ts | 2 +- .../plugins/session_view/server/routes/process_events_route.ts | 2 +- 8 files changed, 8 insertions(+), 13 deletions(-) diff --git a/x-pack/plugins/kubernetes_security/server/routes/aggregate.ts b/x-pack/plugins/kubernetes_security/server/routes/aggregate.ts index e8a5b616cd6a8..4ddb828b68976 100644 --- a/x-pack/plugins/kubernetes_security/server/routes/aggregate.ts +++ b/x-pack/plugins/kubernetes_security/server/routes/aggregate.ts @@ -40,8 +40,7 @@ export const registerAggregateRoute = (router: IRouter, logger: Logger) => { version: '1', security: { authz: { - enabled: false, - reason: 'This route is opted out from authorization', + requiredPrivileges: ['securitySolution'], }, }, validate: { diff --git a/x-pack/plugins/kubernetes_security/server/routes/count.ts b/x-pack/plugins/kubernetes_security/server/routes/count.ts index 788c3ce4adb98..b73452e8e45fc 100644 --- a/x-pack/plugins/kubernetes_security/server/routes/count.ts +++ b/x-pack/plugins/kubernetes_security/server/routes/count.ts @@ -30,8 +30,7 @@ export const registerCountRoute = (router: IRouter, logger: Logger) => { version: '1', security: { authz: { - enabled: false, - reason: 'This route is opted out from authorization', + requiredPrivileges: ['securitySolution'], }, }, validate: { diff --git a/x-pack/plugins/kubernetes_security/server/routes/multi_terms_aggregate.ts b/x-pack/plugins/kubernetes_security/server/routes/multi_terms_aggregate.ts index 6eda8b3c9af2f..b4a0271b63edc 100644 --- a/x-pack/plugins/kubernetes_security/server/routes/multi_terms_aggregate.ts +++ b/x-pack/plugins/kubernetes_security/server/routes/multi_terms_aggregate.ts @@ -37,8 +37,7 @@ export const registerMultiTermsAggregateRoute = (router: IRouter, logger: Logger version: '1', security: { authz: { - enabled: false, - reason: 'This route is opted out from authorization', + requiredPrivileges: ['securitySolution'], }, }, validate: { diff --git a/x-pack/plugins/session_view/server/routes/alert_status_route.ts b/x-pack/plugins/session_view/server/routes/alert_status_route.ts index 6f2605ab48c1f..64192198b5e46 100644 --- a/x-pack/plugins/session_view/server/routes/alert_status_route.ts +++ b/x-pack/plugins/session_view/server/routes/alert_status_route.ts @@ -33,8 +33,7 @@ export const registerAlertStatusRoute = ( version: '1', security: { authz: { - enabled: false, - reason: 'This route is opted out from authorization', + requiredPrivileges: ['securitySolution'], }, }, validate: { diff --git a/x-pack/plugins/session_view/server/routes/alerts_route.ts b/x-pack/plugins/session_view/server/routes/alerts_route.ts index 8e6817c80d787..c875236989efe 100644 --- a/x-pack/plugins/session_view/server/routes/alerts_route.ts +++ b/x-pack/plugins/session_view/server/routes/alerts_route.ts @@ -38,8 +38,7 @@ export const registerAlertsRoute = ( version: '1', security: { authz: { - enabled: false, - reason: 'This route is opted out from authorization', + requiredPrivileges: ['securitySolution'], }, }, validate: { diff --git a/x-pack/plugins/session_view/server/routes/get_total_io_bytes_route.ts b/x-pack/plugins/session_view/server/routes/get_total_io_bytes_route.ts index bb9972804ed18..7d54654c89cdc 100644 --- a/x-pack/plugins/session_view/server/routes/get_total_io_bytes_route.ts +++ b/x-pack/plugins/session_view/server/routes/get_total_io_bytes_route.ts @@ -25,7 +25,7 @@ export const registerGetTotalIOBytesRoute = (router: IRouter, logger: Logger) => security: { authz: { enabled: false, - reason: 'This route is opted out from authorization', + reason: `This route delegates authorization to Elasticsearch and it's not tied to a Kibana privilege.`, }, }, validate: { diff --git a/x-pack/plugins/session_view/server/routes/io_events_route.ts b/x-pack/plugins/session_view/server/routes/io_events_route.ts index 0f982cd1903ad..3e73517a978c3 100644 --- a/x-pack/plugins/session_view/server/routes/io_events_route.ts +++ b/x-pack/plugins/session_view/server/routes/io_events_route.ts @@ -32,7 +32,7 @@ export const registerIOEventsRoute = (router: IRouter, logger: Logger) => { security: { authz: { enabled: false, - reason: 'This route is opted out from authorization', + reason: `This route delegates authorization to Elasticsearch and it's not tied to a Kibana privilege.`, }, }, validate: { diff --git a/x-pack/plugins/session_view/server/routes/process_events_route.ts b/x-pack/plugins/session_view/server/routes/process_events_route.ts index a9a491cd4c0da..b30b3b6ddcc51 100644 --- a/x-pack/plugins/session_view/server/routes/process_events_route.ts +++ b/x-pack/plugins/session_view/server/routes/process_events_route.ts @@ -46,7 +46,7 @@ export const registerProcessEventsRoute = ( security: { authz: { enabled: false, - reason: 'This route is opted out from authorization', + reason: `This route delegates authorization to Elasticsearch and it's not tied to a Kibana privilege.`, }, }, validate: {