From be8e29836bd805f613a25d4bc467c43a1c7a3649 Mon Sep 17 00:00:00 2001 From: Antonio Date: Mon, 16 Dec 2024 12:54:49 +0100 Subject: [PATCH] [ResponseOps][Connectors]Migrate remaining routes. (#204042) Connected with https://github.com/elastic/kibana-team/issues/1322 ## Summary This PR migrates the remaining response-ops routes that do not use access tags. [Documentation.](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization#opting-out-of-authorization-for-specific-routes) --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> --- .../server/routes/get_inference_services.ts | 7 +++++++ .../server/routes/get_well_known_email_service.ts | 7 +++++++ .../server/routes/valid_slack_api_channels.ts | 7 +++++++ x-pack/plugins/triggers_actions_ui/server/routes/config.ts | 7 +++++++ x-pack/plugins/triggers_actions_ui/server/routes/health.ts | 7 +++++++ 5 files changed, 35 insertions(+) diff --git a/x-pack/plugins/stack_connectors/server/routes/get_inference_services.ts b/x-pack/plugins/stack_connectors/server/routes/get_inference_services.ts index 005b565dff0d5..3c4a1b3aa1a35 100644 --- a/x-pack/plugins/stack_connectors/server/routes/get_inference_services.ts +++ b/x-pack/plugins/stack_connectors/server/routes/get_inference_services.ts @@ -20,6 +20,13 @@ export const getInferenceServicesRoute = (router: IRouter) => { router.get( { path: `${INTERNAL_BASE_STACK_CONNECTORS_API_PATH}/_inference/_services`, + security: { + authz: { + enabled: false, + reason: + 'This route is opted out of authorization as it relies on ES authorization instead.', + }, + }, options: { access: 'internal', }, diff --git a/x-pack/plugins/stack_connectors/server/routes/get_well_known_email_service.ts b/x-pack/plugins/stack_connectors/server/routes/get_well_known_email_service.ts index 5e15ca4c32838..2a0d02cb860a8 100644 --- a/x-pack/plugins/stack_connectors/server/routes/get_well_known_email_service.ts +++ b/x-pack/plugins/stack_connectors/server/routes/get_well_known_email_service.ts @@ -26,6 +26,13 @@ export const getWellKnownEmailServiceRoute = (router: IRouter) => { router.get( { path: `${INTERNAL_BASE_STACK_CONNECTORS_API_PATH}/_email_config/{service}`, + security: { + authz: { + enabled: false, + reason: + 'This route is opted out from authorization as returning SMTP connection details does not require any.', + }, + }, validate: { params: paramSchema, }, diff --git a/x-pack/plugins/stack_connectors/server/routes/valid_slack_api_channels.ts b/x-pack/plugins/stack_connectors/server/routes/valid_slack_api_channels.ts index 420af8d104891..ed58456d1929f 100644 --- a/x-pack/plugins/stack_connectors/server/routes/valid_slack_api_channels.ts +++ b/x-pack/plugins/stack_connectors/server/routes/valid_slack_api_channels.ts @@ -34,6 +34,13 @@ export const validSlackApiChannelsRoute = ( router.post( { path: `${INTERNAL_BASE_STACK_CONNECTORS_API_PATH}/_slack_api/channels/_valid`, + security: { + authz: { + enabled: false, + reason: + "This route is opted out from authorization as it relies on Slack's own authorization.", + }, + }, validate: { body: bodySchema, }, diff --git a/x-pack/plugins/triggers_actions_ui/server/routes/config.ts b/x-pack/plugins/triggers_actions_ui/server/routes/config.ts index 2e10586b76924..644d6bf01f63a 100644 --- a/x-pack/plugins/triggers_actions_ui/server/routes/config.ts +++ b/x-pack/plugins/triggers_actions_ui/server/routes/config.ts @@ -38,6 +38,13 @@ export function createConfigRoute({ router.get( { path, + security: { + authz: { + enabled: false, + reason: + 'This route is opted out from authorization as it uses the alerting client authorization.', + }, + }, validate: false, options: { access: 'internal', diff --git a/x-pack/plugins/triggers_actions_ui/server/routes/health.ts b/x-pack/plugins/triggers_actions_ui/server/routes/health.ts index b57e9b3df4dc6..c9f54b617eff5 100644 --- a/x-pack/plugins/triggers_actions_ui/server/routes/health.ts +++ b/x-pack/plugins/triggers_actions_ui/server/routes/health.ts @@ -25,6 +25,13 @@ export function createHealthRoute( router.get( { path, + security: { + authz: { + enabled: false, + reason: + 'This route is opted out from authorization as the health route does not require any.', + }, + }, validate: false, options: { access: 'internal',