Skip to content

Commit

Permalink
[Authz] Migrated authorized routes owned by @elastic/kibana-security
Browse files Browse the repository at this point in the history
  • Loading branch information
@kibanamachine
kibanamachine committed Oct 29, 2024
1 parent c7b8ca0 commit 4e9ab3e
Show file tree
Hide file tree
Showing 125 changed files with 649 additions and 240 deletions.
6 changes: 4 additions & 2 deletions x-pack/plugins/security/server/routes/authorization/roles/get_all_by_space.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,10 @@ export function defineGetAllRolesBySpaceRoutes({
router.get(
{
path: '/internal/security/roles/{spaceId}',
options: {
tags: ['access:manage_spaces'],
security: {
authz: {
requiredPrivileges: ['manage_spaces'],
},
},
validate: {
params: schema.object({ spaceId: schema.string({ minLength: 1 }) }),
Expand Down
7 changes: 6 additions & 1 deletion x-pack/plugins/security/server/routes/session_management/invalidate.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,14 +37,19 @@ export function defineInvalidateSessionsRoutes({
),
}),
},
security: {
authz: {
requiredPrivileges: ['sessionManagement'],
},
},
options: {
// The invalidate session API was introduced to address situations where the session index
// could grow rapidly - when session timeouts are disabled, or with anonymous access.
// In the serverless environment, sessions timeouts are always be enabled, and there is no
// anonymous access. However, keeping this endpoint available internally in serverless would
// be useful in situations where we need to batch-invalidate user sessions.
access: buildFlavor === 'serverless' ? 'internal' : 'public',
tags: ['access:sessionManagement'],

summary: `Invalidate user sessions`,
},
},
Expand Down
6 changes: 5 additions & 1 deletion x-pack/plugins/security/server/routes/user_profile/bulk_get.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,11 @@ export function defineBulkGetUserProfilesRoute({
dataPath: schema.maybe(schema.string()),
}),
},
options: { tags: ['access:bulkGetUserProfiles'] },
security: {
authz: {
requiredPrivileges: ['bulkGetUserProfiles'],
},
},
},
createLicensedRouteHandler(async (context, request, response) => {
const userProfileServiceInternal = getUserProfileService();
Expand Down
7 changes: 6 additions & 1 deletion x-pack/plugins/security_solution/server/endpoint/routes/actions/audit_log.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,12 @@ export function registerActionAuditLogRoutes(
.get({
access: 'public',
path: ENDPOINT_ACTION_LOG_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand Down
7 changes: 6 additions & 1 deletion x-pack/plugins/security_solution/server/endpoint/routes/actions/details.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,12 @@ export const registerActionDetailsRoutes = (
.get({
access: 'public',
path: ACTION_DETAILS_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand Down
7 changes: 6 additions & 1 deletion x-pack/plugins/security_solution/server/endpoint/routes/actions/file_download_handler.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,12 @@ export const registerActionFileDownloadRoutes = (
// we need to enable setting the version number via query params
enableQueryVersion: true,
path: ACTION_AGENT_FILE_DOWNLOAD_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand Down
7 changes: 6 additions & 1 deletion x-pack/plugins/security_solution/server/endpoint/routes/actions/file_info_handler.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,12 @@ export const registerActionFileInfoRoute = (
.get({
access: 'public',
path: ACTION_AGENT_FILE_INFO_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand Down
7 changes: 6 additions & 1 deletion x-pack/plugins/security_solution/server/endpoint/routes/actions/list.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,12 @@ export function registerActionListRoutes(
.get({
access: 'public',
path: BASE_ENDPOINT_ACTION_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand Down
77 changes: 66 additions & 11 deletions x-pack/plugins/security_solution/server/endpoint/routes/actions/response_actions.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,12 @@ export function registerResponseActionRoutes(
.post({
access: 'public',
path: ISOLATE_HOST_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand All @@ -99,7 +104,12 @@ export function registerResponseActionRoutes(
.post({
access: 'public',
path: UNISOLATE_HOST_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand All @@ -119,7 +129,12 @@ export function registerResponseActionRoutes(
.post({
access: 'public',
path: ISOLATE_HOST_ROUTE_V2,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand All @@ -139,7 +154,12 @@ export function registerResponseActionRoutes(
.post({
access: 'public',
path: UNISOLATE_HOST_ROUTE_V2,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand All @@ -159,7 +179,12 @@ export function registerResponseActionRoutes(
.post({
access: 'public',
path: KILL_PROCESS_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand All @@ -182,7 +207,12 @@ export function registerResponseActionRoutes(
.post({
access: 'public',
path: SUSPEND_PROCESS_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand All @@ -205,7 +235,12 @@ export function registerResponseActionRoutes(
.post({
access: 'public',
path: GET_PROCESSES_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand All @@ -225,7 +260,12 @@ export function registerResponseActionRoutes(
.post({
access: 'public',
path: GET_FILE_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand All @@ -245,7 +285,12 @@ export function registerResponseActionRoutes(
.post({
access: 'public',
path: EXECUTE_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand All @@ -265,9 +310,14 @@ export function registerResponseActionRoutes(
.post({
access: 'public',
path: UPLOAD_ROUTE,
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: {
authRequired: true,
tags: ['access:securitySolution'],

body: {
accepts: ['multipart/form-data'],
output: 'stream',
Expand All @@ -293,7 +343,12 @@ export function registerResponseActionRoutes(
.post({
access: 'public',
path: SCAN_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand Down
7 changes: 6 additions & 1 deletion x-pack/plugins/security_solution/server/endpoint/routes/actions/state.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,12 @@ export function registerActionStateRoutes(
.get({
access: 'public',
path: ACTION_STATE_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand Down
7 changes: 6 additions & 1 deletion x-pack/plugins/security_solution/server/endpoint/routes/actions/status.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,12 @@ export function registerActionStatusRoutes(
.get({
access: 'public',
path: ACTION_STATUS_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand Down
7 changes: 6 additions & 1 deletion x-pack/plugins/security_solution/server/endpoint/routes/agent/agent_status_handler.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,12 @@ export const registerAgentStatusRoute = (
.get({
access: 'internal',
path: AGENT_STATUS_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand Down
21 changes: 18 additions & 3 deletions x-pack/plugins/security_solution/server/endpoint/routes/metadata/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,12 @@ export function registerEndpointRoutes(
.get({
access: 'public',
path: HOST_METADATA_LIST_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand Down Expand Up @@ -94,7 +99,12 @@ export function registerEndpointRoutes(
.get({
access: 'public',
path: METADATA_TRANSFORMS_STATUS_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
// @ts-expect-error TODO(https://github.com/elastic/kibana/issues/196095): Replace {RouteDeprecationInfo}
deprecated: true,
})
Expand All @@ -114,7 +124,12 @@ export function registerEndpointRoutes(
.get({
access: 'internal',
path: METADATA_TRANSFORMS_STATUS_INTERNAL_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand Down
14 changes: 12 additions & 2 deletions x-pack/plugins/security_solution/server/endpoint/routes/protection_updates_note/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,12 @@ export function registerProtectionUpdatesNoteRoutes(
.post({
access: 'public',
path: PROTECTION_UPDATES_NOTE_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand All @@ -45,7 +50,12 @@ export function registerProtectionUpdatesNoteRoutes(
.get({
access: 'public',
path: PROTECTION_UPDATES_NOTE_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand Down
Loading

0 comments on commit 4e9ab3e

Please sign in to comment.