diff --git a/src/platform/plugins/shared/console/server/routes/api/console/convert_request_to_language/index.ts b/src/platform/plugins/shared/console/server/routes/api/console/convert_request_to_language/index.ts index 115ece83859fa..e48c77c0b5fe9 100644 --- a/src/platform/plugins/shared/console/server/routes/api/console/convert_request_to_language/index.ts +++ b/src/platform/plugins/shared/console/server/routes/api/console/convert_request_to_language/index.ts @@ -77,6 +77,11 @@ export const registerConvertRequestRoute = ({ router.post( { path: '/api/console/convert_request_to_language', + security: { + authz: { + requiredPrivileges: ['console'], + }, + }, validate: routeValidationConfig, }, handler diff --git a/x-pack/platform/plugins/private/upgrade_assistant/server/routes/ml_snapshots.ts b/x-pack/platform/plugins/private/upgrade_assistant/server/routes/ml_snapshots.ts index feb52c2ddd9e7..ce1bb76b02735 100644 --- a/x-pack/platform/plugins/private/upgrade_assistant/server/routes/ml_snapshots.ts +++ b/x-pack/platform/plugins/private/upgrade_assistant/server/routes/ml_snapshots.ts @@ -345,6 +345,12 @@ export function registerMlSnapshotRoutes({ router.get( { path: `${API_BASE_PATH}/ml_upgrade_mode`, + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: false, }, versionCheckHandlerWrapper(async ({ core }, request, response) => { @@ -387,6 +393,12 @@ export function registerMlSnapshotRoutes({ router.delete( { path: `${API_BASE_PATH}/ml_snapshots/{jobId}/{snapshotId}`, + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: schema.object({ snapshotId: schema.string(), diff --git a/x-pack/platform/plugins/private/upgrade_assistant/server/routes/reindex_data_streams/reindex_data_stream.ts b/x-pack/platform/plugins/private/upgrade_assistant/server/routes/reindex_data_streams/reindex_data_stream.ts index a4fbf56125adf..2c92dba377c3b 100644 --- a/x-pack/platform/plugins/private/upgrade_assistant/server/routes/reindex_data_streams/reindex_data_stream.ts +++ b/x-pack/platform/plugins/private/upgrade_assistant/server/routes/reindex_data_streams/reindex_data_stream.ts @@ -90,6 +90,12 @@ export function registerReindexDataStreamRoutes({ access: 'public', summary: `Get data stream status`, }, + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: schema.object({ dataStreamName: schema.string(), @@ -144,6 +150,12 @@ export function registerReindexDataStreamRoutes({ access: 'public', summary: `Get data stream reindexing metadata`, }, + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: schema.object({ dataStreamName: schema.string(), diff --git a/x-pack/platform/plugins/private/upgrade_assistant/server/routes/reindex_indices/reindex_indices.ts b/x-pack/platform/plugins/private/upgrade_assistant/server/routes/reindex_indices/reindex_indices.ts index 67b3792ea044b..ec5e8875fa25a 100644 --- a/x-pack/platform/plugins/private/upgrade_assistant/server/routes/reindex_indices/reindex_indices.ts +++ b/x-pack/platform/plugins/private/upgrade_assistant/server/routes/reindex_indices/reindex_indices.ts @@ -91,6 +91,12 @@ export function registerReindexIndicesRoutes( access: 'public', summary: `Get reindex status`, }, + security: { + authz: { + enabled: false, + reason: 'Relies on es and saved object clients for authorization', + }, + }, validate: { params: schema.object({ indexName: schema.string(), @@ -152,6 +158,12 @@ export function registerReindexIndicesRoutes( access: 'public', summary: `Cancel reindex`, }, + security: { + authz: { + enabled: false, + reason: 'Relies on es and saved object clients for authorization', + }, + }, validate: { params: schema.object({ indexName: schema.string(), diff --git a/x-pack/platform/plugins/private/upgrade_assistant/server/routes/system_indices_migration.ts b/x-pack/platform/plugins/private/upgrade_assistant/server/routes/system_indices_migration.ts index 152703ef6c365..b28d9a62624fc 100644 --- a/x-pack/platform/plugins/private/upgrade_assistant/server/routes/system_indices_migration.ts +++ b/x-pack/platform/plugins/private/upgrade_assistant/server/routes/system_indices_migration.ts @@ -52,7 +52,16 @@ export function registerSystemIndicesMigrationRoutes({ // POST starts the system indices migration router.post( - { path: `${API_BASE_PATH}/system_indices_migration`, validate: false }, + { + path: `${API_BASE_PATH}/system_indices_migration`, + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: false, + }, versionCheckHandlerWrapper(async ({ core }, request, response) => { try { const { diff --git a/x-pack/platform/plugins/private/watcher/server/routes/api/watch/action/register_acknowledge_route.ts b/x-pack/platform/plugins/private/watcher/server/routes/api/watch/action/register_acknowledge_route.ts index 60c466d53fa88..90d6f0bc03636 100644 --- a/x-pack/platform/plugins/private/watcher/server/routes/api/watch/action/register_acknowledge_route.ts +++ b/x-pack/platform/plugins/private/watcher/server/routes/api/watch/action/register_acknowledge_route.ts @@ -35,6 +35,12 @@ export function registerAcknowledgeRoute({ router.put( { path: '/api/watcher/watch/{watchId}/action/{actionId}/acknowledge', + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, validate: { params: paramsSchema, }, diff --git a/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/get.ts b/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/get.ts index 084ba8bb7b1b6..21cb1eac10c48 100644 --- a/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/get.ts +++ b/x-pack/platform/plugins/shared/ingest_pipelines/server/routes/api/get.ts @@ -17,23 +17,35 @@ const paramsSchema = schema.object({ export const registerGetRoutes = ({ router, lib: { handleEsError } }: RouteDependencies): void => { // Get all pipelines - router.get({ path: API_BASE_PATH, validate: false }, async (ctx, req, res) => { - const { client: clusterClient } = (await ctx.core).elasticsearch; + router.get( + { + path: API_BASE_PATH, + security: { + authz: { + enabled: false, + reason: 'Relies on es client for authorization', + }, + }, + validate: false, + }, + async (ctx, req, res) => { + const { client: clusterClient } = (await ctx.core).elasticsearch; - try { - const pipelines = await clusterClient.asCurrentUser.ingest.getPipeline(); + try { + const pipelines = await clusterClient.asCurrentUser.ingest.getPipeline(); - return res.ok({ body: deserializePipelines(pipelines) }); - } catch (error) { - const esErrorResponse = handleEsError({ error, response: res }); - if (esErrorResponse.status === 404) { - // ES returns 404 when there are no pipelines - // Instead, we return an empty array and 200 status back to the client - return res.ok({ body: [] }); + return res.ok({ body: deserializePipelines(pipelines) }); + } catch (error) { + const esErrorResponse = handleEsError({ error, response: res }); + if (esErrorResponse.status === 404) { + // ES returns 404 when there are no pipelines + // Instead, we return an empty array and 200 status back to the client + return res.ok({ body: [] }); + } + return esErrorResponse; } - return esErrorResponse; } - }); + ); // Get single pipeline router.get(