From 4ddeeca1ca7757b6426939e0c3154cd4c4fc30ec Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Wed, 30 Oct 2024 13:48:08 +0000 Subject: [PATCH 1/2] [Authz] Migrated unauthorized routes owned by kibana-cloud-security-posture --- .../plugins/kubernetes_security/server/routes/aggregate.ts | 6 ++++++ x-pack/plugins/kubernetes_security/server/routes/count.ts | 6 ++++++ .../server/routes/multi_terms_aggregate.ts | 6 ++++++ .../session_view/server/routes/alert_status_route.ts | 6 ++++++ x-pack/plugins/session_view/server/routes/alerts_route.ts | 6 ++++++ .../session_view/server/routes/get_total_io_bytes_route.ts | 6 ++++++ .../plugins/session_view/server/routes/io_events_route.ts | 6 ++++++ .../session_view/server/routes/process_events_route.ts | 6 ++++++ 8 files changed, 48 insertions(+) diff --git a/x-pack/plugins/kubernetes_security/server/routes/aggregate.ts b/x-pack/plugins/kubernetes_security/server/routes/aggregate.ts index f83ddc818cbb4..e8a5b616cd6a8 100644 --- a/x-pack/plugins/kubernetes_security/server/routes/aggregate.ts +++ b/x-pack/plugins/kubernetes_security/server/routes/aggregate.ts @@ -38,6 +38,12 @@ export const registerAggregateRoute = (router: IRouter, logger: Logger) => { .addVersion( { version: '1', + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: { query: schema.object({ diff --git a/x-pack/plugins/kubernetes_security/server/routes/count.ts b/x-pack/plugins/kubernetes_security/server/routes/count.ts index 0922adeb0cf45..788c3ce4adb98 100644 --- a/x-pack/plugins/kubernetes_security/server/routes/count.ts +++ b/x-pack/plugins/kubernetes_security/server/routes/count.ts @@ -28,6 +28,12 @@ export const registerCountRoute = (router: IRouter, logger: Logger) => { .addVersion( { version: '1', + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: { query: schema.object({ diff --git a/x-pack/plugins/kubernetes_security/server/routes/multi_terms_aggregate.ts b/x-pack/plugins/kubernetes_security/server/routes/multi_terms_aggregate.ts index 83f5b70efe051..6eda8b3c9af2f 100644 --- a/x-pack/plugins/kubernetes_security/server/routes/multi_terms_aggregate.ts +++ b/x-pack/plugins/kubernetes_security/server/routes/multi_terms_aggregate.ts @@ -35,6 +35,12 @@ export const registerMultiTermsAggregateRoute = (router: IRouter, logger: Logger .addVersion( { version: '1', + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: { query: schema.object({ diff --git a/x-pack/plugins/session_view/server/routes/alert_status_route.ts b/x-pack/plugins/session_view/server/routes/alert_status_route.ts index e0b95f9705e9d..6f2605ab48c1f 100644 --- a/x-pack/plugins/session_view/server/routes/alert_status_route.ts +++ b/x-pack/plugins/session_view/server/routes/alert_status_route.ts @@ -31,6 +31,12 @@ export const registerAlertStatusRoute = ( .addVersion( { version: '1', + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: { query: schema.object({ diff --git a/x-pack/plugins/session_view/server/routes/alerts_route.ts b/x-pack/plugins/session_view/server/routes/alerts_route.ts index c6b7fd8db7896..8e6817c80d787 100644 --- a/x-pack/plugins/session_view/server/routes/alerts_route.ts +++ b/x-pack/plugins/session_view/server/routes/alerts_route.ts @@ -36,6 +36,12 @@ export const registerAlertsRoute = ( .addVersion( { version: '1', + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: { query: schema.object({ diff --git a/x-pack/plugins/session_view/server/routes/get_total_io_bytes_route.ts b/x-pack/plugins/session_view/server/routes/get_total_io_bytes_route.ts index 50f36ac47f5a4..bb9972804ed18 100644 --- a/x-pack/plugins/session_view/server/routes/get_total_io_bytes_route.ts +++ b/x-pack/plugins/session_view/server/routes/get_total_io_bytes_route.ts @@ -22,6 +22,12 @@ export const registerGetTotalIOBytesRoute = (router: IRouter, logger: Logger) => .addVersion( { version: '1', + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: { query: schema.object({ diff --git a/x-pack/plugins/session_view/server/routes/io_events_route.ts b/x-pack/plugins/session_view/server/routes/io_events_route.ts index 9810f9da5aa77..0f982cd1903ad 100644 --- a/x-pack/plugins/session_view/server/routes/io_events_route.ts +++ b/x-pack/plugins/session_view/server/routes/io_events_route.ts @@ -29,6 +29,12 @@ export const registerIOEventsRoute = (router: IRouter, logger: Logger) => { .addVersion( { version: '1', + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: { query: schema.object({ diff --git a/x-pack/plugins/session_view/server/routes/process_events_route.ts b/x-pack/plugins/session_view/server/routes/process_events_route.ts index bc6b24fc36bc5..a9a491cd4c0da 100644 --- a/x-pack/plugins/session_view/server/routes/process_events_route.ts +++ b/x-pack/plugins/session_view/server/routes/process_events_route.ts @@ -43,6 +43,12 @@ export const registerProcessEventsRoute = ( .addVersion( { version: '1', + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: { query: schema.object({ From ded55a75813e5612a1e844cc65a64c77b55d800d Mon Sep 17 00:00:00 2001 From: Paulo Henrique Date: Wed, 13 Nov 2024 11:35:51 -0800 Subject: [PATCH 2/2] privilege requirement for session_view and kubernetes dashboard routes --- x-pack/plugins/kubernetes_security/server/routes/aggregate.ts | 3 +-- x-pack/plugins/kubernetes_security/server/routes/count.ts | 3 +-- .../kubernetes_security/server/routes/multi_terms_aggregate.ts | 3 +-- x-pack/plugins/session_view/server/routes/alerts_route.ts | 3 +-- .../session_view/server/routes/get_total_io_bytes_route.ts | 3 +-- x-pack/plugins/session_view/server/routes/io_events_route.ts | 3 +-- .../plugins/session_view/server/routes/process_events_route.ts | 3 +-- 7 files changed, 7 insertions(+), 14 deletions(-) diff --git a/x-pack/plugins/kubernetes_security/server/routes/aggregate.ts b/x-pack/plugins/kubernetes_security/server/routes/aggregate.ts index e8a5b616cd6a8..4ddb828b68976 100644 --- a/x-pack/plugins/kubernetes_security/server/routes/aggregate.ts +++ b/x-pack/plugins/kubernetes_security/server/routes/aggregate.ts @@ -40,8 +40,7 @@ export const registerAggregateRoute = (router: IRouter, logger: Logger) => { version: '1', security: { authz: { - enabled: false, - reason: 'This route is opted out from authorization', + requiredPrivileges: ['securitySolution'], }, }, validate: { diff --git a/x-pack/plugins/kubernetes_security/server/routes/count.ts b/x-pack/plugins/kubernetes_security/server/routes/count.ts index 788c3ce4adb98..b73452e8e45fc 100644 --- a/x-pack/plugins/kubernetes_security/server/routes/count.ts +++ b/x-pack/plugins/kubernetes_security/server/routes/count.ts @@ -30,8 +30,7 @@ export const registerCountRoute = (router: IRouter, logger: Logger) => { version: '1', security: { authz: { - enabled: false, - reason: 'This route is opted out from authorization', + requiredPrivileges: ['securitySolution'], }, }, validate: { diff --git a/x-pack/plugins/kubernetes_security/server/routes/multi_terms_aggregate.ts b/x-pack/plugins/kubernetes_security/server/routes/multi_terms_aggregate.ts index 6eda8b3c9af2f..b4a0271b63edc 100644 --- a/x-pack/plugins/kubernetes_security/server/routes/multi_terms_aggregate.ts +++ b/x-pack/plugins/kubernetes_security/server/routes/multi_terms_aggregate.ts @@ -37,8 +37,7 @@ export const registerMultiTermsAggregateRoute = (router: IRouter, logger: Logger version: '1', security: { authz: { - enabled: false, - reason: 'This route is opted out from authorization', + requiredPrivileges: ['securitySolution'], }, }, validate: { diff --git a/x-pack/plugins/session_view/server/routes/alerts_route.ts b/x-pack/plugins/session_view/server/routes/alerts_route.ts index 8e6817c80d787..c875236989efe 100644 --- a/x-pack/plugins/session_view/server/routes/alerts_route.ts +++ b/x-pack/plugins/session_view/server/routes/alerts_route.ts @@ -38,8 +38,7 @@ export const registerAlertsRoute = ( version: '1', security: { authz: { - enabled: false, - reason: 'This route is opted out from authorization', + requiredPrivileges: ['securitySolution'], }, }, validate: { diff --git a/x-pack/plugins/session_view/server/routes/get_total_io_bytes_route.ts b/x-pack/plugins/session_view/server/routes/get_total_io_bytes_route.ts index bb9972804ed18..e2dcf34813cc5 100644 --- a/x-pack/plugins/session_view/server/routes/get_total_io_bytes_route.ts +++ b/x-pack/plugins/session_view/server/routes/get_total_io_bytes_route.ts @@ -24,8 +24,7 @@ export const registerGetTotalIOBytesRoute = (router: IRouter, logger: Logger) => version: '1', security: { authz: { - enabled: false, - reason: 'This route is opted out from authorization', + requiredPrivileges: ['securitySolution'], }, }, validate: { diff --git a/x-pack/plugins/session_view/server/routes/io_events_route.ts b/x-pack/plugins/session_view/server/routes/io_events_route.ts index 0f982cd1903ad..3956e5c3575b8 100644 --- a/x-pack/plugins/session_view/server/routes/io_events_route.ts +++ b/x-pack/plugins/session_view/server/routes/io_events_route.ts @@ -31,8 +31,7 @@ export const registerIOEventsRoute = (router: IRouter, logger: Logger) => { version: '1', security: { authz: { - enabled: false, - reason: 'This route is opted out from authorization', + requiredPrivileges: ['securitySolution'], }, }, validate: { diff --git a/x-pack/plugins/session_view/server/routes/process_events_route.ts b/x-pack/plugins/session_view/server/routes/process_events_route.ts index a9a491cd4c0da..df707b5a96a93 100644 --- a/x-pack/plugins/session_view/server/routes/process_events_route.ts +++ b/x-pack/plugins/session_view/server/routes/process_events_route.ts @@ -45,8 +45,7 @@ export const registerProcessEventsRoute = ( version: '1', security: { authz: { - enabled: false, - reason: 'This route is opted out from authorization', + requiredPrivileges: ['securitySolution'], }, }, validate: {