From f269ea73b86bb5a6df9234c326c4fca2ad9ef349 Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Tue, 29 Oct 2024 19:10:26 +0000 Subject: [PATCH] [Authz] Migrated authorized routes owned by @elastic/obs-ux-infra_services-team --- .../profiling/server/routes/apm.ts | 6 +++++- .../profiling/server/routes/flamechart.ts | 7 ++++++- .../profiling/server/routes/functions.ts | 7 ++++++- .../profiling/server/routes/setup/route.ts | 18 +++++++++++++++--- .../server/routes/storage_explorer/route.ts | 18 +++++++++++++++--- .../profiling/server/routes/topn.ts | 7 ++++++- 6 files changed, 53 insertions(+), 10 deletions(-) diff --git a/x-pack/plugins/observability_solution/profiling/server/routes/apm.ts b/x-pack/plugins/observability_solution/profiling/server/routes/apm.ts index e5119c17ee5da..7ad001831c0e4 100644 --- a/x-pack/plugins/observability_solution/profiling/server/routes/apm.ts +++ b/x-pack/plugins/observability_solution/profiling/server/routes/apm.ts @@ -34,8 +34,12 @@ export function registerTopNFunctionsAPMTransactionsRoute({ router.get( { path: paths.APMTransactions, + security: { + authz: { + requiredPrivileges: ['profiling', 'apm'], + }, + }, options: { - tags: ['access:profiling', 'access:apm'], timeout: { idleSocket: IDLE_SOCKET_TIMEOUT }, }, validate: { query: querySchema }, diff --git a/x-pack/plugins/observability_solution/profiling/server/routes/flamechart.ts b/x-pack/plugins/observability_solution/profiling/server/routes/flamechart.ts index 86d384f62f609..2b318e57eb364 100644 --- a/x-pack/plugins/observability_solution/profiling/server/routes/flamechart.ts +++ b/x-pack/plugins/observability_solution/profiling/server/routes/flamechart.ts @@ -23,7 +23,12 @@ export function registerFlameChartSearchRoute({ router.get( { path: paths.Flamechart, - options: { tags: ['access:profiling'], timeout: { idleSocket: IDLE_SOCKET_TIMEOUT } }, + security: { + authz: { + requiredPrivileges: ['profiling'], + }, + }, + options: { timeout: { idleSocket: IDLE_SOCKET_TIMEOUT } }, validate: { query: schema.object({ timeFrom: schema.number(), diff --git a/x-pack/plugins/observability_solution/profiling/server/routes/functions.ts b/x-pack/plugins/observability_solution/profiling/server/routes/functions.ts index 4f30ff0c8f238..1689e707a9d80 100644 --- a/x-pack/plugins/observability_solution/profiling/server/routes/functions.ts +++ b/x-pack/plugins/observability_solution/profiling/server/routes/functions.ts @@ -34,7 +34,12 @@ export function registerTopNFunctionsSearchRoute({ router.get( { path: paths.TopNFunctions, - options: { tags: ['access:profiling'], timeout: { idleSocket: IDLE_SOCKET_TIMEOUT } }, + security: { + authz: { + requiredPrivileges: ['profiling'], + }, + }, + options: { timeout: { idleSocket: IDLE_SOCKET_TIMEOUT } }, validate: { query: querySchema }, }, async (context, request, response) => { diff --git a/x-pack/plugins/observability_solution/profiling/server/routes/setup/route.ts b/x-pack/plugins/observability_solution/profiling/server/routes/setup/route.ts index cbd0f6ee2170c..a5bc8d3187bda 100644 --- a/x-pack/plugins/observability_solution/profiling/server/routes/setup/route.ts +++ b/x-pack/plugins/observability_solution/profiling/server/routes/setup/route.ts @@ -27,7 +27,11 @@ export function registerSetupRoute({ router.get( { path: paths.HasSetupESResources, - options: { tags: ['access:profiling'] }, + security: { + authz: { + requiredPrivileges: ['profiling'], + }, + }, validate: false, }, async (context, request, response) => { @@ -62,7 +66,11 @@ export function registerSetupRoute({ router.post( { path: paths.HasSetupESResources, - options: { tags: ['access:profiling'] }, + security: { + authz: { + requiredPrivileges: ['profiling'], + }, + }, validate: false, }, async (context, request, response) => { @@ -166,7 +174,11 @@ export function registerSetupRoute({ router.get( { path: paths.SetupDataCollectionInstructions, - options: { tags: ['access:profiling'] }, + security: { + authz: { + requiredPrivileges: ['profiling'], + }, + }, validate: false, }, async (context, request, response) => { diff --git a/x-pack/plugins/observability_solution/profiling/server/routes/storage_explorer/route.ts b/x-pack/plugins/observability_solution/profiling/server/routes/storage_explorer/route.ts index 2447bfea61011..d3148fd9ff03a 100644 --- a/x-pack/plugins/observability_solution/profiling/server/routes/storage_explorer/route.ts +++ b/x-pack/plugins/observability_solution/profiling/server/routes/storage_explorer/route.ts @@ -29,7 +29,11 @@ export function registerStorageExplorerRoute({ router.get( { path: paths.StorageExplorerSummary, - options: { tags: ['access:profiling'] }, + security: { + authz: { + requiredPrivileges: ['profiling'], + }, + }, validate: { query: schema.object({ indexLifecyclePhase: schema.oneOf([ @@ -112,7 +116,11 @@ export function registerStorageExplorerRoute({ router.get( { path: paths.StorageExplorerHostStorageDetails, - options: { tags: ['access:profiling'] }, + security: { + authz: { + requiredPrivileges: ['profiling'], + }, + }, validate: { query: schema.object({ indexLifecyclePhase: schema.oneOf([ @@ -156,7 +164,11 @@ export function registerStorageExplorerRoute({ router.get( { path: paths.StorageExplorerIndicesStorageDetails, - options: { tags: ['access:profiling'] }, + security: { + authz: { + requiredPrivileges: ['profiling'], + }, + }, validate: { query: schema.object({ indexLifecyclePhase: schema.oneOf([ diff --git a/x-pack/plugins/observability_solution/profiling/server/routes/topn.ts b/x-pack/plugins/observability_solution/profiling/server/routes/topn.ts index 944245a9d15cc..a675cc8e4b31a 100644 --- a/x-pack/plugins/observability_solution/profiling/server/routes/topn.ts +++ b/x-pack/plugins/observability_solution/profiling/server/routes/topn.ts @@ -171,7 +171,12 @@ export function queryTopNCommon({ router.get( { path: pathName, - options: { tags: ['access:profiling'], timeout: { idleSocket: IDLE_SOCKET_TIMEOUT } }, + security: { + authz: { + requiredPrivileges: ['profiling'], + }, + }, + options: { timeout: { idleSocket: IDLE_SOCKET_TIMEOUT } }, validate: { query: schema.object({ timeFrom: schema.number(),