Skip to content

Commit

Permalink
[8.x] Unauthorized route migration for routes owned by security-defen…
Browse files Browse the repository at this point in the history 
…d-workflows (#198375) (#200570)

# Backport

This will backport the following commits from `main` to `8.x`:
- [Unauthorized route migration for routes owned by
security-defend-workflows
(#198375)](#198375)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Kibana
Machine","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-11-18T13:38:12Z","message":"Unauthorized
route migration for routes owned by security-defend-workflows
(#198375)\n\n### Authz API migration for unauthorized routes\r\n\r\nFix
unauthorized
routes","sha":"dbab2214e9451d3a262007660cc0b7cdcea5307c","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["enhancement","release_note:skip","Feature:Security/Authorization","v9.0.0","Team:Defend
Workflows","OLM Sprint","backport:prev-minor","Authz: API
migration"],"title":"Unauthorized route migration for routes owned by
security-defend-workflows","number":198375,"url":"https://github.com/elastic/kibana/pull/198375","mergeCommit":{"message":"Unauthorized
route migration for routes owned by security-defend-workflows
(#198375)\n\n### Authz API migration for unauthorized routes\r\n\r\nFix
unauthorized
routes","sha":"dbab2214e9451d3a262007660cc0b7cdcea5307c"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/198375","number":198375,"mergeCommit":{"message":"Unauthorized
route migration for routes owned by security-defend-workflows
(#198375)\n\n### Authz API migration for unauthorized routes\r\n\r\nFix
unauthorized
routes","sha":"dbab2214e9451d3a262007660cc0b7cdcea5307c"}}]}]
BACKPORT-->
  • Loading branch information
@kibanamachine
kibanamachine authored Nov 18, 2024
1 parent 8cf7edb commit 725d0cc
Show file tree
Hide file tree
Showing 4 changed files with 32 additions and 0 deletions.
7 changes: 7 additions & 0 deletions x-pack/plugins/osquery/server/routes/live_query/create_live_query_route.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,13 @@ export const createLiveQueryRoute = (router: IRouter, osqueryContext: OsqueryApp
.addVersion(
{
version: API_VERSIONS.public.v1,
security: {
authz: {
enabled: false,
reason:
'We do the check for 2 different scenarios below (const isInvalid): writeLiveQueries and runSavedQueries with saved_query_id, or pack_id',
},
},
validate: {
request: {
body: buildRouteValidation<
Expand Down
5 changes: 5 additions & 0 deletions x-pack/plugins/security_solution/server/endpoint/routes/metadata/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,11 @@ export function registerEndpointRoutes(
.addVersion(
{
version: '2023-10-31',
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
validate: {
request: GetMetadataRequestSchema,
},
Expand Down
5 changes: 5 additions & 0 deletions x-pack/plugins/security_solution/server/endpoint/routes/policy/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,11 @@ export function registerPolicyRoutes(
.addVersion(
{
version: '2023-10-31',
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
validate: {
request: GetPolicyResponseSchema,
},
Expand Down
15 changes: 15 additions & 0 deletions x-pack/plugins/security_solution/server/endpoint/routes/resolver.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,11 @@ export const registerResolverRoutes = (
router.post(
{
path: '/api/endpoint/resolver/tree',
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
validate: validateTree,
options: { authRequired: true },
},
Expand All @@ -44,6 +49,11 @@ export const registerResolverRoutes = (
router.post(
{
path: '/api/endpoint/resolver/events',
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
validate: validateEvents,
options: { authRequired: true },
},
Expand All @@ -56,6 +66,11 @@ export const registerResolverRoutes = (
router.get(
{
path: '/api/endpoint/resolver/entity',
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
validate: validateEntities,
options: { authRequired: true },
},
Expand Down

0 comments on commit 725d0cc

Please sign in to comment.