From 61b9e688bf97592db8c1d3d224566597190c7eb1 Mon Sep 17 00:00:00 2001
From: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Date: Sat, 16 Nov 2024 03:55:00 +1100
Subject: [PATCH] Unauthorized route migration for routes owned by
 appex-ai-infra,obs-ai-assistant,security-generative-ai (#198351)

### Authz API migration for unauthorized routes

This PR migrates unauthorized routes owned by your team to a new
security configuration.
Please refer to the documentation for more information: [Authorization
API](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization)

### **Before migration:**
```ts
router.get({
  path: '/api/path',
  ...
}, handler);
```

### **After migration:**
```ts
router.get({
  path: '/api/path',
  security: {
    authz: {
      enabled: false,
      reason: 'This route is opted out from authorization because ...',
    },
  },
  ...
}, handler);
```

### What to do next?
1. Review the changes in this PR.
2. Elaborate on the reasoning to opt-out of authorization.
3. Routes without a compelling reason to opt-out of authorization should
plan to introduce them as soon as possible.
2. You might need to update your tests to reflect the new security
configuration:
  - If you have snapshot tests that include the route definition.

## Any questions?
If you have any questions or need help with API authorization, please
reach out to the `@elastic/kibana-security` team.

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
---
 x-pack/plugins/inference/server/routes/chat_complete.ts | 6 ++++++
 x-pack/plugins/inference/server/routes/connectors.ts    | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/x-pack/plugins/inference/server/routes/chat_complete.ts b/x-pack/plugins/inference/server/routes/chat_complete.ts
index 582d4ceb97d45..e4e078e58c15a 100644
--- a/x-pack/plugins/inference/server/routes/chat_complete.ts
+++ b/x-pack/plugins/inference/server/routes/chat_complete.ts
@@ -119,6 +119,12 @@ export function registerChatCompleteRoute({
   router.post(
     {
       path: '/internal/inference/chat_complete',
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'This route is opted out from authorization',
+        },
+      },
       validate: {
         body: chatCompleteBodySchema,
       },
diff --git a/x-pack/plugins/inference/server/routes/connectors.ts b/x-pack/plugins/inference/server/routes/connectors.ts
index a03a393f133b1..240e11a37f20e 100644
--- a/x-pack/plugins/inference/server/routes/connectors.ts
+++ b/x-pack/plugins/inference/server/routes/connectors.ts
@@ -23,6 +23,12 @@ export function registerConnectorsRoute({
   router.get(
     {
       path: '/internal/inference/connectors',
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'This route is opted out from authorization',
+        },
+      },
       validate: {},
     },
     async (_context, request, response) => {