From ec391f7f172a102a19d65ec8e418ac2c7c671844 Mon Sep 17 00:00:00 2001
From: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Date: Sat, 2 Nov 2024 01:15:30 +1100
Subject: [PATCH] Unauthorized route migration for routes owned by
 security-threat-hunting-explore (#198339)

### Authz API migration for unauthorized routes

This PR migrates unauthorized routes owned by your team to a new
security configuration.
Please refer to the documentation for more information: [Authorization
API](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization)

### **Before migration:**
```ts
router.post({
  path: '/api/path',
  ...
}, handler);
```

### **After migration:**
```ts
router.post({
  path: '/api/path',
  access: 'internal',
  security: {
        authz: {
          requiredPrivileges: ['securitySolution'],
        },
      },
  ...
}, handler);
```

### What to do next?
1. Review the changes in this PR.
2. Elaborate on the reasoning to opt-out of authorization.
3. Routes without a compelling reason to opt-out of authorization should
plan to introduce them as soon as possible.
2. You might need to update your tests to reflect the new security
configuration:
  - If you have snapshot tests that include the route definition.

## Any questions?
If you have any questions or need help with API authorization, please
reach out to the `@elastic/kibana-security` team.

---------

Co-authored-by: Angela Chuang <yi-chun.chuang@elastic.co>
Co-authored-by: Angela Chuang <6295984+angorayc@users.noreply.github.com>
---
 .../server/routes/get_unallowed_field_values.ts              | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/x-pack/plugins/ecs_data_quality_dashboard/server/routes/get_unallowed_field_values.ts b/x-pack/plugins/ecs_data_quality_dashboard/server/routes/get_unallowed_field_values.ts
index 76f0827caaad2..9fb743d207d08 100644
--- a/x-pack/plugins/ecs_data_quality_dashboard/server/routes/get_unallowed_field_values.ts
+++ b/x-pack/plugins/ecs_data_quality_dashboard/server/routes/get_unallowed_field_values.ts
@@ -19,6 +19,11 @@ export const getUnallowedFieldValuesRoute = (router: IRouter, logger: Logger) =>
     .post({
       path: GET_UNALLOWED_FIELD_VALUES,
       access: 'internal',
+      security: {
+        authz: {
+          requiredPrivileges: ['securitySolution'],
+        },
+      },
     })
     .addVersion(
       {