From 6c187109a9bf2471410fd26f8aafd68736329da2 Mon Sep 17 00:00:00 2001 From: Elena Shostak Date: Mon, 17 Mar 2025 15:00:08 +0100 Subject: [PATCH] [Authz]: Migrated routes owned by response-ops --- .../server/routes/gaps/apis/fill/fill_gap_by_id_route.ts | 6 ++++++ .../server/routes/gaps/apis/find/find_gaps_route.ts | 6 ++++++ .../get_gaps_summary_by_rule_ids_route.ts | 6 ++++++ .../get_rule_ids_with_gaps/get_rule_ids_with_gaps_route.ts | 6 ++++++ .../shared/cases/server/routes/api/cases/get_case.ts | 1 + .../plugins/shared/cases/server/routes/api/cases/similar.ts | 2 ++ .../cases/server/routes/api/internal/find_user_actions.ts | 2 ++ .../server/routes/api/observables/delete_observable.ts | 2 ++ .../cases/server/routes/api/observables/patch_observable.ts | 2 ++ .../cases/server/routes/api/observables/post_observable.ts | 2 ++ 10 files changed, 35 insertions(+) diff --git a/x-pack/platform/plugins/shared/alerting/server/routes/gaps/apis/fill/fill_gap_by_id_route.ts b/x-pack/platform/plugins/shared/alerting/server/routes/gaps/apis/fill/fill_gap_by_id_route.ts index da3442da0926a..5e2ab67efa01f 100644 --- a/x-pack/platform/plugins/shared/alerting/server/routes/gaps/apis/fill/fill_gap_by_id_route.ts +++ b/x-pack/platform/plugins/shared/alerting/server/routes/gaps/apis/fill/fill_gap_by_id_route.ts @@ -22,6 +22,12 @@ export const fillGapByIdRoute = ( router.post( { path: `${INTERNAL_ALERTING_GAPS_FILL_BY_ID_API_PATH}`, + security: { + authz: { + enabled: false, + reason: 'This route delegates authorization to the scoped ES client', + }, + }, validate: { query: fillGapByIdQuerySchemaV1, }, diff --git a/x-pack/platform/plugins/shared/alerting/server/routes/gaps/apis/find/find_gaps_route.ts b/x-pack/platform/plugins/shared/alerting/server/routes/gaps/apis/find/find_gaps_route.ts index e1cbc97d1df6b..d153d4c024242 100644 --- a/x-pack/platform/plugins/shared/alerting/server/routes/gaps/apis/find/find_gaps_route.ts +++ b/x-pack/platform/plugins/shared/alerting/server/routes/gaps/apis/find/find_gaps_route.ts @@ -23,6 +23,12 @@ export const findGapsRoute = ( router.post( { path: INTERNAL_ALERTING_GAPS_FIND_API_PATH, + security: { + authz: { + enabled: false, + reason: 'This route delegates authorization to the scoped ES client', + }, + }, validate: { body: findGapsBodySchemaV1, }, diff --git a/x-pack/platform/plugins/shared/alerting/server/routes/gaps/apis/get_gaps_summary_by_rule_ids/get_gaps_summary_by_rule_ids_route.ts b/x-pack/platform/plugins/shared/alerting/server/routes/gaps/apis/get_gaps_summary_by_rule_ids/get_gaps_summary_by_rule_ids_route.ts index aaa04e6bf929a..1402f97ccd9a4 100644 --- a/x-pack/platform/plugins/shared/alerting/server/routes/gaps/apis/get_gaps_summary_by_rule_ids/get_gaps_summary_by_rule_ids_route.ts +++ b/x-pack/platform/plugins/shared/alerting/server/routes/gaps/apis/get_gaps_summary_by_rule_ids/get_gaps_summary_by_rule_ids_route.ts @@ -23,6 +23,12 @@ export const getGapsSummaryByRuleIdsRoute = ( router.post( { path: `${INTERNAL_ALERTING_GAPS_GET_SUMMARY_BY_RULE_IDS_API_PATH}`, + security: { + authz: { + enabled: false, + reason: 'This route delegates authorization to the scoped ES client', + }, + }, validate: { body: getGapsSummaryByRuleIdsBodySchemaV1, }, diff --git a/x-pack/platform/plugins/shared/alerting/server/routes/gaps/apis/get_rule_ids_with_gaps/get_rule_ids_with_gaps_route.ts b/x-pack/platform/plugins/shared/alerting/server/routes/gaps/apis/get_rule_ids_with_gaps/get_rule_ids_with_gaps_route.ts index 71172511af0e1..10e04babd499c 100644 --- a/x-pack/platform/plugins/shared/alerting/server/routes/gaps/apis/get_rule_ids_with_gaps/get_rule_ids_with_gaps_route.ts +++ b/x-pack/platform/plugins/shared/alerting/server/routes/gaps/apis/get_rule_ids_with_gaps/get_rule_ids_with_gaps_route.ts @@ -23,6 +23,12 @@ export const getRuleIdsWithGapsRoute = ( router.post( { path: `${INTERNAL_ALERTING_GAPS_GET_RULES_API_PATH}`, + security: { + authz: { + enabled: false, + reason: 'This route delegates authorization to the scoped ES client', + }, + }, validate: { body: getRuleIdsWithGapBodySchemaV1, }, diff --git a/x-pack/platform/plugins/shared/cases/server/routes/api/cases/get_case.ts b/x-pack/platform/plugins/shared/cases/server/routes/api/cases/get_case.ts index 028f8ba796b89..145beb4102b64 100644 --- a/x-pack/platform/plugins/shared/cases/server/routes/api/cases/get_case.ts +++ b/x-pack/platform/plugins/shared/cases/server/routes/api/cases/get_case.ts @@ -59,6 +59,7 @@ export const getCaseRoute = () => export const resolveCaseRoute = createCasesRoute({ method: 'get', path: `${CASE_DETAILS_URL}/resolve`, + security: DEFAULT_CASES_ROUTE_SECURITY, routerOptions: { access: 'internal', }, diff --git a/x-pack/platform/plugins/shared/cases/server/routes/api/cases/similar.ts b/x-pack/platform/plugins/shared/cases/server/routes/api/cases/similar.ts index c1516d7648082..0444a8a4c213d 100644 --- a/x-pack/platform/plugins/shared/cases/server/routes/api/cases/similar.ts +++ b/x-pack/platform/plugins/shared/cases/server/routes/api/cases/similar.ts @@ -10,10 +10,12 @@ import { INTERNAL_CASE_SIMILAR_CASES_URL } from '../../../../common/constants'; import { createCaseError } from '../../../common/error'; import { createCasesRoute } from '../create_cases_route'; import type { caseApiV1 } from '../../../../common/types/api'; +import { DEFAULT_CASES_ROUTE_SECURITY } from '../constants'; export const similarCaseRoute = createCasesRoute({ method: 'post', path: INTERNAL_CASE_SIMILAR_CASES_URL, + security: DEFAULT_CASES_ROUTE_SECURITY, params: { params: schema.object({ case_id: schema.string(), diff --git a/x-pack/platform/plugins/shared/cases/server/routes/api/internal/find_user_actions.ts b/x-pack/platform/plugins/shared/cases/server/routes/api/internal/find_user_actions.ts index 9ad00346a565c..30c54ee9f36c9 100644 --- a/x-pack/platform/plugins/shared/cases/server/routes/api/internal/find_user_actions.ts +++ b/x-pack/platform/plugins/shared/cases/server/routes/api/internal/find_user_actions.ts @@ -12,6 +12,7 @@ import type { attachmentApiV1, userActionApiV1 } from '../../../../common/types/ import { INTERNAL_CASE_FIND_USER_ACTIONS_URL } from '../../../../common/constants'; import { createCaseError } from '../../../common/error'; import { createCasesRoute } from '../create_cases_route'; +import { DEFAULT_CASES_ROUTE_SECURITY } from '../constants'; const params = { params: schema.object({ @@ -22,6 +23,7 @@ const params = { export const findUserActionsRoute = createCasesRoute({ method: 'get', path: INTERNAL_CASE_FIND_USER_ACTIONS_URL, + security: DEFAULT_CASES_ROUTE_SECURITY, params, routerOptions: { access: 'public', diff --git a/x-pack/platform/plugins/shared/cases/server/routes/api/observables/delete_observable.ts b/x-pack/platform/plugins/shared/cases/server/routes/api/observables/delete_observable.ts index 49f2b27fc0064..5ff9df335741a 100644 --- a/x-pack/platform/plugins/shared/cases/server/routes/api/observables/delete_observable.ts +++ b/x-pack/platform/plugins/shared/cases/server/routes/api/observables/delete_observable.ts @@ -9,10 +9,12 @@ import { schema } from '@kbn/config-schema'; import { INTERNAL_CASE_OBSERVABLES_DELETE_URL } from '../../../../common/constants'; import { createCaseError } from '../../../common/error'; import { createCasesRoute } from '../create_cases_route'; +import { DEFAULT_CASES_ROUTE_SECURITY } from '../constants'; export const deleteObservableRoute = createCasesRoute({ method: 'delete', path: INTERNAL_CASE_OBSERVABLES_DELETE_URL, + security: DEFAULT_CASES_ROUTE_SECURITY, params: { params: schema.object({ case_id: schema.string(), diff --git a/x-pack/platform/plugins/shared/cases/server/routes/api/observables/patch_observable.ts b/x-pack/platform/plugins/shared/cases/server/routes/api/observables/patch_observable.ts index 49630bb12ded6..35827e80ed819 100644 --- a/x-pack/platform/plugins/shared/cases/server/routes/api/observables/patch_observable.ts +++ b/x-pack/platform/plugins/shared/cases/server/routes/api/observables/patch_observable.ts @@ -10,10 +10,12 @@ import { INTERNAL_CASE_OBSERVABLES_PATCH_URL } from '../../../../common/constant import { createCaseError } from '../../../common/error'; import { createCasesRoute } from '../create_cases_route'; import type { observableApiV1 } from '../../../../common/types/api'; +import { DEFAULT_CASES_ROUTE_SECURITY } from '../constants'; export const patchObservableRoute = createCasesRoute({ method: 'patch', path: INTERNAL_CASE_OBSERVABLES_PATCH_URL, + security: DEFAULT_CASES_ROUTE_SECURITY, params: { params: schema.object({ case_id: schema.string(), diff --git a/x-pack/platform/plugins/shared/cases/server/routes/api/observables/post_observable.ts b/x-pack/platform/plugins/shared/cases/server/routes/api/observables/post_observable.ts index 6cffa0861bab4..978580f8916d3 100644 --- a/x-pack/platform/plugins/shared/cases/server/routes/api/observables/post_observable.ts +++ b/x-pack/platform/plugins/shared/cases/server/routes/api/observables/post_observable.ts @@ -10,10 +10,12 @@ import { INTERNAL_CASE_OBSERVABLES_URL } from '../../../../common/constants'; import { createCaseError } from '../../../common/error'; import { createCasesRoute } from '../create_cases_route'; import type { observableApiV1 } from '../../../../common/types/api'; +import { DEFAULT_CASES_ROUTE_SECURITY } from '../constants'; export const postObservableRoute = createCasesRoute({ method: 'post', path: INTERNAL_CASE_OBSERVABLES_URL, + security: DEFAULT_CASES_ROUTE_SECURITY, params: { params: schema.object({ case_id: schema.string(),