Unauthorized route migration for routes owned by obs-knowledge-team,o…

…bs-ux-infra_services-team (elastic#198373) ### Authz API migration for unauthorized routes This PR migrates unauthorized routes owned by your team to a new security configuration. Please refer to the documentation for more information: [Authorization API](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization) ### **Before migration:** ```ts router.get({ path: '/api/path', ... }, handler); ``` ### **After migration:** ```ts router.get({ path: '/api/path', security: { authz: { enabled: false, reason: 'This route is opted out from authorization because ...', }, }, ... }, handler); ``` ### What to do next? 1. Review the changes in this PR. 2. Elaborate on the reasoning to opt-out of authorization. 3. Routes without a compelling reason to opt-out of authorization should plan to introduce them as soon as possible. 2. You might need to update your tests to reflect the new security configuration: - If you have snapshot tests that include the route definition. ## Any questions? If you have any questions or need help with API authorization, please reach out to the `@elastic/kibana-security` team. Co-authored-by: jennypavlova <[email protected]> Co-authored-by: Cauê Marcondes <[email protected]> Co-authored-by: Elastic Machine <[email protected]>
tsullivan · Dec 16, 2024 · 01cd6d8 · 01cd6d8
1 parent 64630ab
commit 01cd6d8
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 24 deletions.
diff --git a/...apm_data_access/server/lib/helpers/create_es_client/create_apm_event_client/index.test.ts b/...apm_data_access/server/lib/helpers/create_es_client/create_apm_event_client/index.test.ts
@@ -47,34 +47,46 @@ describe('APMEventClient', () => {
       const router = createRouter('/');
 
       let abortSignal: AbortSignal | undefined;
-      router.get({ path: '/', validate: false }, async (context, request, res) => {
-        const eventClient = new APMEventClient({
-          esClient: {
-            search: async (params: any, { signal }: { signal: AbortSignal }) => {
-              abortSignal = signal;
-              await setTimeoutPromise(3_000, undefined, {
-                signal: abortSignal,
-              });
-              return {};
+      router.get(
+        {
+          path: '/',
+          security: {
+            authz: {
+              enabled: false,
+              reason: 'This route is opted out from authorization',
             },
-          } as any,
-          debug: false,
-          request,
-          indices: {} as APMIndices,
-          options: {
-            includeFrozen: false,
           },
-        });
+          validate: false,
+        },
+        async (context, request, res) => {
+          const eventClient = new APMEventClient({
+            esClient: {
+              search: async (params: any, { signal }: { signal: AbortSignal }) => {
+                abortSignal = signal;
+                await setTimeoutPromise(3_000, undefined, {
+                  signal: abortSignal,
+                });
+                return {};
+              },
+            } as any,
+            debug: false,
+            request,
+            indices: {} as APMIndices,
+            options: {
+              includeFrozen: false,
+            },
+          });
 
-        await eventClient.search('foo', {
-          apm: {
-            events: [],
-          },
-          body: { size: 0, track_total_hits: false },
-        });
+          await eventClient.search('foo', {
+            apm: {
+              events: [],
+            },
+            body: { size: 0, track_total_hits: false },
+          });
 
-        return res.ok({ body: 'ok' });
-      });
+          return res.ok({ body: 'ok' });
+        }
+      );
 
       await server.start();
 

diff --git a/.../plugins/observability_solution/metrics_data_access/server/routes/metric_indices/index.ts b/.../plugins/observability_solution/metrics_data_access/server/routes/metric_indices/index.ts
@@ -50,6 +50,12 @@ export function initMetricIndicesRoute<T extends RequestHandlerContext>({
   router.get<unknown, unknown, MetricIndicesAPIResponse>(
     {
       path: `/api/metrics/indices`,
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'This route is opted out from authorization',
+        },
+      },
       validate: false,
     },
     async (context, _req, res) => {