Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authorized route migration for routes owned by @elastic/ml-ui #198190

Merged
merged 11 commits into from
Nov 13, 2024
12 changes: 8 additions & 4 deletions x-pack/plugins/data_visualizer/server/routes.ts
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,10 @@ export function routes(coreSetup: CoreSetup<StartDeps, unknown>, logger: Logger)
.post({
path: '/internal/data_visualizer/test_grok_pattern',
access: 'internal',
options: {
tags: ['access:fileUpload:analyzeFile'],
security: {
authz: {
requiredPrivileges: ['fileUpload:analyzeFile'],
},
},
})
.addVersion(
Expand Down Expand Up @@ -78,8 +80,10 @@ export function routes(coreSetup: CoreSetup<StartDeps, unknown>, logger: Logger)
.get({
path: '/internal/data_visualizer/inference_endpoints',
access: 'internal',
options: {
tags: ['access:fileUpload:analyzeFile'],
security: {
authz: {
requiredPrivileges: ['fileUpload:analyzeFile'],
},
},
})
.addVersion(
Expand Down
6 changes: 4 additions & 2 deletions x-pack/plugins/ml/server/routes/alerting.ts
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,10 @@ export function alertingRoutes(
.post({
access: 'internal',
path: `${ML_INTERNAL_BASE_PATH}/alerting/preview`,
options: {
tags: ['access:ml:canGetJobs'],
security: {
authz: {
requiredPrivileges: ['ml:canGetJobs'],
},
},
summary: 'Previews an alerting condition',
description: 'Returns a preview of the alerting condition',
Expand Down
18 changes: 12 additions & 6 deletions x-pack/plugins/ml/server/routes/annotations.ts
Original file line number Diff line number Diff line change
Expand Up @@ -46,8 +46,10 @@ export function annotationRoutes(
.post({
path: `${ML_INTERNAL_BASE_PATH}/annotations`,
access: 'internal',
options: {
tags: ['access:ml:canGetAnnotations'],
security: {
authz: {
requiredPrivileges: ['ml:canGetAnnotations'],
},
},
summary: 'Gets annotations',
description: 'Gets annotations.',
Expand Down Expand Up @@ -83,8 +85,10 @@ export function annotationRoutes(
.put({
path: `${ML_INTERNAL_BASE_PATH}/annotations/index`,
access: 'internal',
options: {
tags: ['access:ml:canCreateAnnotation'],
security: {
authz: {
requiredPrivileges: ['ml:canCreateAnnotation'],
},
},
summary: 'Indexes annotation',
description: 'Indexes the annotation.',
Expand Down Expand Up @@ -127,8 +131,10 @@ export function annotationRoutes(
.delete({
path: `${ML_INTERNAL_BASE_PATH}/annotations/delete/{annotationId}`,
access: 'internal',
options: {
tags: ['access:ml:canDeleteAnnotation'],
security: {
authz: {
requiredPrivileges: ['ml:canDeleteAnnotation'],
},
},
summary: 'Deletes annotation',
description: 'Deletes the specified annotation.',
Expand Down
108 changes: 72 additions & 36 deletions x-pack/plugins/ml/server/routes/anomaly_detectors.ts
Original file line number Diff line number Diff line change
Expand Up @@ -36,8 +36,10 @@ export function jobRoutes({ router, routeGuard }: RouteInitialization) {
.get({
path: `${ML_INTERNAL_BASE_PATH}/anomaly_detectors`,
access: 'internal',
options: {
tags: ['access:ml:canGetJobs'],
security: {
authz: {
requiredPrivileges: ['ml:canGetJobs'],
},
},
summary: 'Gets anomaly detectors',
description: 'Returns the list of anomaly detection jobs.',
Expand Down Expand Up @@ -67,8 +69,10 @@ export function jobRoutes({ router, routeGuard }: RouteInitialization) {
.get({
path: `${ML_INTERNAL_BASE_PATH}/anomaly_detectors/{jobId}`,
access: 'internal',
options: {
tags: ['access:ml:canGetJobs'],
security: {
authz: {
requiredPrivileges: ['ml:canGetJobs'],
},
},
summary: 'Gets anomaly detector by ID',
description: 'Returns the anomaly detection job by ID',
Expand Down Expand Up @@ -99,8 +103,10 @@ export function jobRoutes({ router, routeGuard }: RouteInitialization) {
.get({
path: `${ML_INTERNAL_BASE_PATH}/anomaly_detectors/_stats`,
access: 'internal',
options: {
tags: ['access:ml:canGetJobs'],
security: {
authz: {
requiredPrivileges: ['ml:canGetJobs'],
},
},
summary: 'Gets anomaly detectors stats',
description: 'Returns the anomaly detection jobs statistics.',
Expand All @@ -126,8 +132,10 @@ export function jobRoutes({ router, routeGuard }: RouteInitialization) {
.get({
path: `${ML_INTERNAL_BASE_PATH}/anomaly_detectors/{jobId}/_stats`,
access: 'internal',
options: {
tags: ['access:ml:canGetJobs'],
security: {
authz: {
requiredPrivileges: ['ml:canGetJobs'],
},
},
summary: 'Gets anomaly detector stats by ID',
description: 'Returns the anomaly detection job statistics by ID',
Expand Down Expand Up @@ -158,8 +166,10 @@ export function jobRoutes({ router, routeGuard }: RouteInitialization) {
.put({
path: `${ML_INTERNAL_BASE_PATH}/anomaly_detectors/{jobId}`,
access: 'internal',
options: {
tags: ['access:ml:canCreateJob'],
security: {
authz: {
requiredPrivileges: ['ml:canCreateJob'],
},
},
summary: 'Creates an anomaly detection job',
description: 'Creates an anomaly detection job.',
Expand Down Expand Up @@ -205,8 +215,10 @@ export function jobRoutes({ router, routeGuard }: RouteInitialization) {
.post({
path: `${ML_INTERNAL_BASE_PATH}/anomaly_detectors/{jobId}/_update`,
access: 'internal',
options: {
tags: ['access:ml:canUpdateJob'],
security: {
authz: {
requiredPrivileges: ['ml:canUpdateJob'],
},
},
summary: 'Updates an anomaly detection job',
description: 'Updates certain properties of an anomaly detection job.',
Expand Down Expand Up @@ -242,8 +254,10 @@ export function jobRoutes({ router, routeGuard }: RouteInitialization) {
.post({
path: `${ML_INTERNAL_BASE_PATH}/anomaly_detectors/{jobId}/_open`,
access: 'internal',
options: {
tags: ['access:ml:canOpenJob'],
security: {
authz: {
requiredPrivileges: ['ml:canOpenJob'],
},
},
summary: 'Opens an anomaly detection job',
description: 'Opens an anomaly detection job.',
Expand Down Expand Up @@ -274,8 +288,10 @@ export function jobRoutes({ router, routeGuard }: RouteInitialization) {
.post({
path: `${ML_INTERNAL_BASE_PATH}/anomaly_detectors/{jobId}/_close`,
access: 'internal',
options: {
tags: ['access:ml:canCloseJob'],
security: {
authz: {
requiredPrivileges: ['ml:canCloseJob'],
},
},
summary: 'Closes an anomaly detection job',
description: 'Closes an anomaly detection job.',
Expand Down Expand Up @@ -313,8 +329,10 @@ export function jobRoutes({ router, routeGuard }: RouteInitialization) {
.delete({
path: `${ML_INTERNAL_BASE_PATH}/anomaly_detectors/{jobId}`,
access: 'internal',
options: {
tags: ['access:ml:canDeleteJob'],
security: {
authz: {
requiredPrivileges: ['ml:canDeleteJob'],
},
},
summary: 'Deletes an anomaly detection job',
description: 'Deletes specified anomaly detection job.',
Expand Down Expand Up @@ -353,8 +371,10 @@ export function jobRoutes({ router, routeGuard }: RouteInitialization) {
.delete({
path: `${ML_INTERNAL_BASE_PATH}/anomaly_detectors/{jobId}/_forecast/{forecastId}`,
access: 'internal',
options: {
tags: ['access:ml:canDeleteForecast'],
security: {
authz: {
requiredPrivileges: ['ml:canDeleteForecast'],
},
},
summary: 'Deletes specified forecast for specified job',
description: 'Deletes a specified forecast for the specified anomaly detection job.',
Expand Down Expand Up @@ -388,8 +408,10 @@ export function jobRoutes({ router, routeGuard }: RouteInitialization) {
.post({
path: `${ML_INTERNAL_BASE_PATH}/anomaly_detectors/{jobId}/_forecast`,
access: 'internal',
options: {
tags: ['access:ml:canForecastJob'],
security: {
authz: {
requiredPrivileges: ['ml:canForecastJob'],
},
},
summary: 'Creates forecast for specified job',
description:
Expand Down Expand Up @@ -427,8 +449,10 @@ export function jobRoutes({ router, routeGuard }: RouteInitialization) {
.post({
path: `${ML_INTERNAL_BASE_PATH}/anomaly_detectors/{jobId}/results/buckets/{timestamp?}`,
access: 'internal',
options: {
tags: ['access:ml:canGetJobs'],
security: {
authz: {
requiredPrivileges: ['ml:canGetJobs'],
},
},
summary: 'Gets bucket scores',
description:
Expand Down Expand Up @@ -470,8 +494,10 @@ export function jobRoutes({ router, routeGuard }: RouteInitialization) {
.post({
path: `${ML_INTERNAL_BASE_PATH}/anomaly_detectors/{jobId}/results/overall_buckets`,
access: 'internal',
options: {
tags: ['access:ml:canGetJobs'],
security: {
authz: {
requiredPrivileges: ['ml:canGetJobs'],
},
},
summary: 'Get overall buckets',
description:
Expand Down Expand Up @@ -510,8 +536,10 @@ export function jobRoutes({ router, routeGuard }: RouteInitialization) {
.get({
path: `${ML_INTERNAL_BASE_PATH}/anomaly_detectors/{jobId}/results/categories/{categoryId}`,
access: 'internal',
options: {
tags: ['access:ml:canGetJobs'],
security: {
authz: {
requiredPrivileges: ['ml:canGetJobs'],
},
},
summary: 'Get categories',
description: 'Retrieves the categories results for the specified job ID and category ID.',
Expand Down Expand Up @@ -544,8 +572,10 @@ export function jobRoutes({ router, routeGuard }: RouteInitialization) {
.get({
path: `${ML_INTERNAL_BASE_PATH}/anomaly_detectors/{jobId}/model_snapshots`,
access: 'internal',
options: {
tags: ['access:ml:canGetJobs'],
security: {
authz: {
requiredPrivileges: ['ml:canGetJobs'],
},
},
summary: 'Get model snapshots by job ID',
description: 'Returns the model snapshots for the specified job ID',
Expand Down Expand Up @@ -577,8 +607,10 @@ export function jobRoutes({ router, routeGuard }: RouteInitialization) {
.get({
path: `${ML_INTERNAL_BASE_PATH}/anomaly_detectors/{jobId}/model_snapshots/{snapshotId}`,
access: 'internal',
options: {
tags: ['access:ml:canGetJobs'],
security: {
authz: {
requiredPrivileges: ['ml:canGetJobs'],
},
},
summary: 'Get model snapshots by id',
description: 'Returns the model snapshots for the specified job ID and snapshot ID',
Expand Down Expand Up @@ -611,8 +643,10 @@ export function jobRoutes({ router, routeGuard }: RouteInitialization) {
.post({
path: `${ML_INTERNAL_BASE_PATH}/anomaly_detectors/{jobId}/model_snapshots/{snapshotId}/_update`,
access: 'internal',
options: {
tags: ['access:ml:canCreateJob'],
security: {
authz: {
requiredPrivileges: ['ml:canCreateJob'],
},
},
summary: 'Updates model snapshot by snapshot ID',
description: 'Updates the model snapshot for the specified snapshot ID',
Expand Down Expand Up @@ -647,8 +681,10 @@ export function jobRoutes({ router, routeGuard }: RouteInitialization) {
.delete({
path: `${ML_INTERNAL_BASE_PATH}/anomaly_detectors/{jobId}/model_snapshots/{snapshotId}`,
access: 'internal',
options: {
tags: ['access:ml:canCreateJob'],
security: {
authz: {
requiredPrivileges: ['ml:canCreateJob'],
},
},
summary: 'Deletes model snapshots by snapshot ID',
description: 'Deletes the model snapshot for the specified snapshot ID',
Expand Down
30 changes: 20 additions & 10 deletions x-pack/plugins/ml/server/routes/calendars.ts
Original file line number Diff line number Diff line change
Expand Up @@ -48,8 +48,10 @@ export function calendars({ router, routeGuard }: RouteInitialization) {
.get({
path: `${ML_INTERNAL_BASE_PATH}/calendars`,
access: 'internal',
options: {
tags: ['access:ml:canGetCalendars'],
security: {
authz: {
requiredPrivileges: ['ml:canGetCalendars'],
},
},
summary: 'Gets calendars',
description: 'Gets calendars - size limit has been explicitly set to 10000',
Expand All @@ -76,8 +78,10 @@ export function calendars({ router, routeGuard }: RouteInitialization) {
.get({
path: `${ML_INTERNAL_BASE_PATH}/calendars/{calendarIds}`,
access: 'internal',
options: {
tags: ['access:ml:canGetCalendars'],
security: {
authz: {
requiredPrivileges: ['ml:canGetCalendars'],
},
},
summary: 'Gets a calendar',
description: 'Gets a calendar by id',
Expand Down Expand Up @@ -115,8 +119,10 @@ export function calendars({ router, routeGuard }: RouteInitialization) {
.put({
path: `${ML_INTERNAL_BASE_PATH}/calendars`,
access: 'internal',
options: {
tags: ['access:ml:canCreateCalendar'],
security: {
authz: {
requiredPrivileges: ['ml:canCreateCalendar'],
},
},
summary: 'Creates a calendar',
description: 'Creates a calendar',
Expand Down Expand Up @@ -149,8 +155,10 @@ export function calendars({ router, routeGuard }: RouteInitialization) {
.put({
path: `${ML_INTERNAL_BASE_PATH}/calendars/{calendarId}`,
access: 'internal',
options: {
tags: ['access:ml:canCreateCalendar'],
security: {
authz: {
requiredPrivileges: ['ml:canCreateCalendar'],
},
},
summary: 'Updates a calendar',
description: 'Updates a calendar',
Expand Down Expand Up @@ -185,8 +193,10 @@ export function calendars({ router, routeGuard }: RouteInitialization) {
.delete({
path: `${ML_INTERNAL_BASE_PATH}/calendars/{calendarId}`,
access: 'internal',
options: {
tags: ['access:ml:canDeleteCalendar'],
security: {
authz: {
requiredPrivileges: ['ml:canDeleteCalendar'],
},
},
summary: 'Deletes a calendar',
description: 'Deletes a calendar',
Expand Down
Loading