[Fleet] remove authorization header fake request fleet

x-pack/platform/plugins/shared/fleet/moon.yml

@@ -103,7 +103,6 @@ dependsOn:
   - '@kbn/reporting-public'
   - '@kbn/field-formats-plugin'
   - '@kbn/core-security-server'
-  - '@kbn/core-http-server-utils'
   - '@kbn/core-notifications-browser-mocks'
   - '@kbn/handlebars'
   - '@kbn/lock-manager'

x-pack/platform/plugins/shared/fleet/server/routes/agent_policy/handlers.ts

@@ -14,8 +14,6 @@ import { isEmpty, uniq } from 'lodash';
 
 import { ALL_SPACES_ID, FIPS_AGENT_KUERY, inputsFormat } from '../../../common/constants';
 
-import { HTTPAuthorizationHeader } from '../../../common/http_authorization_header';
-
 import { fullAgentPolicyToYaml } from '../../../common/services';
 import {
   appContextService,
@@ -360,7 +358,6 @@ export const createAgentPolicyHandler: FleetRequestHandler<
 
   const { has_fleet_server: hasFleetServer, force, ...newPolicy } = request.body;
   const spaceId = fleetContext.spaceId;
-  const authorizationHeader = HTTPAuthorizationHeader.parseFromRequest(request, user?.username);
   const { space_ids: spaceIds } = request.body;
 
   logger.debug(`Creating agent policy [${newPolicy.name}]`);
@@ -399,7 +396,7 @@ export const createAgentPolicyHandler: FleetRequestHandler<
       monitoringEnabled,
       spaceId,
       user,
-      authorizationHeader,
+      request,
       force,
     });
 

x-pack/platform/plugins/shared/fleet/server/routes/epm/bulk_handler.ts

@@ -17,7 +17,6 @@ import type {
   FleetRequestHandler,
   GetOneBulkOperationPackagesRequestSchema,
 } from '../../types';
-import { HTTPAuthorizationHeader } from '../../../common/http_authorization_header';
 
 import type {
   BulkOperationPackagesResponse,
@@ -66,20 +65,21 @@ export const postBulkUpgradePackagesHandler: FleetRequestHandler<
   const fleetContext = await context.fleet;
   const savedObjectsClient = fleetContext.internalSoClient;
   const spaceId = fleetContext.spaceId;
-  const user = appContextService.getSecurityCore().authc.getCurrentUser(request) || undefined;
-  const authorizationHeader = HTTPAuthorizationHeader.parseFromRequest(request, user?.username);
 
   const taskManagerStart = getTaskManagerStart();
   await validateInstalledPackages(savedObjectsClient, request.body.packages, 'upgrade');
 
-  const taskId = await scheduleBulkUpgrade(taskManagerStart, {
-    authorizationHeader,
-    spaceId,
-    packages: request.body.packages,
-    upgradePackagePolicies: request.body.upgrade_package_policies,
-    force: request.body.force,
-    prerelease: request.body.prerelease,
-  });
+  const taskId = await scheduleBulkUpgrade(
+    taskManagerStart,
+    {
+      spaceId,
+      packages: request.body.packages,
+      upgradePackagePolicies: request.body.upgrade_package_policies,
+      force: request.body.force,
+      prerelease: request.body.prerelease,
+    },
+    request
+  );
 
   const body: BulkOperationPackagesResponse = {
     taskId,
@@ -98,10 +98,14 @@ export const postBulkUninstallPackagesHandler: FleetRequestHandler<
   const taskManagerStart = getTaskManagerStart();
   await validateInstalledPackages(savedObjectsClient, request.body.packages, 'uninstall');
 
-  const taskId = await scheduleBulkUninstall(taskManagerStart, {
-    packages: request.body.packages,
-    force: request.body.force,
-  });
+  const taskId = await scheduleBulkUninstall(
+    taskManagerStart,
+    {
+      packages: request.body.packages,
+      force: request.body.force,
+    },
+    request
+  );
 
   const body: BulkOperationPackagesResponse = {
     taskId,
@@ -158,14 +162,18 @@ export const postBulkRollbackPackagesHandler: FleetRequestHandler<
   const taskManagerStart = getTaskManagerStart();
   await validateInstalledPackages(savedObjectsClient, request.body.packages, 'rollback');
 
-  const taskId = await scheduleBulkRollback(taskManagerStart, {
-    packages: request.body.packages,
-    spaceId,
-    packagePolicyIdsForCurrentUser: await getPackagePolicyIdsForCurrentUser(
-      request,
-      request.body.packages
-    ),
-  });
+  const taskId = await scheduleBulkRollback(
+    taskManagerStart,
+    {
+      packages: request.body.packages,
+      spaceId,
+      packagePolicyIdsForCurrentUser: await getPackagePolicyIdsForCurrentUser(
+        request,
+        request.body.packages
+      ),
+    },
+    request
+  );
 
   const body: BulkOperationPackagesResponse = {
     taskId,

x-pack/platform/plugins/shared/fleet/server/routes/epm/handlers.ts

@@ -14,7 +14,6 @@ import { omit, pick } from 'lodash';
 
 import { PACKAGE_POLICY_SAVED_OBJECT_TYPE } from '../../../common';
 
-import { HTTPAuthorizationHeader } from '../../../common/http_authorization_header';
 import { generateTransformSecondaryAuthHeaders } from '../../services/api_keys/transform_api_keys';
 import { handleTransformReauthorizeAndStart } from '../../services/epm/elasticsearch/transform/reauthorize';
 
@@ -335,12 +334,9 @@ export const installPackageFromRegistryHandler: FleetRequestHandler<
   const fleetContext = await context.fleet;
   const savedObjectsClient = fleetContext.internalSoClient;
   const esClient = coreContext.elasticsearch.client.asInternalUser;
-  const user = appContextService.getSecurityCore().authc.getCurrentUser(request) || undefined;
 
   const { pkgName, pkgVersion } = request.params;
 
-  const authorizationHeader = HTTPAuthorizationHeader.parseFromRequest(request, user?.username);
-
   const spaceId = fleetContext.spaceId;
   const installSource = 'registry';
   const res = await installPackage({
@@ -352,7 +348,7 @@ export const installPackageFromRegistryHandler: FleetRequestHandler<
     force: request.body?.force,
     ignoreConstraints: request.body?.ignore_constraints,
     prerelease: request.query?.prerelease,
-    authorizationHeader,
+    request,
     ignoreMappingUpdateErrors: request.query?.ignoreMappingUpdateErrors,
     skipDataStreamRollover: request.query?.skipDataStreamRollover,
   });
@@ -380,9 +376,7 @@ export const createCustomIntegrationHandler: FleetRequestHandler<
   const fleetContext = await context.fleet;
   const savedObjectsClient = fleetContext.internalSoClient;
   const esClient = coreContext.elasticsearch.client.asInternalUser;
-  const user = appContextService.getSecurityCore().authc.getCurrentUser(request) || undefined;
   const kibanaVersion = appContextService.getKibanaVersion();
-  const authorizationHeader = HTTPAuthorizationHeader.parseFromRequest(request, user?.username);
   const spaceId = fleetContext.spaceId;
   const { integrationName, force, datasets } = request.body;
   const installSource = 'custom';
@@ -395,7 +389,7 @@ export const createCustomIntegrationHandler: FleetRequestHandler<
       esClient,
       spaceId,
       force,
-      authorizationHeader,
+      request,
       kibanaVersion,
     });
 
@@ -481,8 +475,6 @@ export const bulkInstallPackagesFromRegistryHandler: FleetRequestHandler<
   const savedObjectsClient = fleetContext.internalSoClient;
   const esClient = coreContext.elasticsearch.client.asInternalUser;
   const spaceId = fleetContext.spaceId;
-  const user = appContextService.getSecurityCore().authc.getCurrentUser(request) || undefined;
-  const authorizationHeader = HTTPAuthorizationHeader.parseFromRequest(request, user?.username);
 
   const bulkInstalledResponses = await bulkInstallPackages({
     savedObjectsClient,
@@ -491,7 +483,7 @@ export const bulkInstallPackagesFromRegistryHandler: FleetRequestHandler<
     spaceId,
     prerelease: request.query.prerelease,
     force: request.body.force,
-    authorizationHeader,
+    request,
   });
   const payload = bulkInstalledResponses.map(bulkInstallServiceResponseToHttpEntry);
   const body: BulkInstallPackagesResponse = {
@@ -512,8 +504,6 @@ export const installPackageByUploadHandler: FleetRequestHandler<
   const contentType = request.headers['content-type'] as string; // from types it could also be string[] or undefined but this is checked later
   const archiveBuffer = Buffer.from(request.body);
   const spaceId = fleetContext.spaceId;
-  const user = appContextService.getSecurityCore().authc.getCurrentUser(request) || undefined;
-  const authorizationHeader = HTTPAuthorizationHeader.parseFromRequest(request, user?.username);
   const installSource = 'upload';
   const res = await installPackage({
     installSource,
@@ -522,7 +512,7 @@ export const installPackageByUploadHandler: FleetRequestHandler<
     archiveBuffer,
     spaceId,
     contentType,
-    authorizationHeader,
+    request,
     ignoreMappingUpdateErrors: request.query?.ignoreMappingUpdateErrors,
     skipDataStreamRollover: request.query?.skipDataStreamRollover,
   });
@@ -616,9 +606,8 @@ export const reauthorizeTransformsHandler: FleetRequestHandler<
   }
 
   const logger = appContextService.getLogger();
-  const authorizationHeader = HTTPAuthorizationHeader.parseFromRequest(request, username);
   const secondaryAuth = await generateTransformSecondaryAuthHeaders({
-    authorizationHeader,
+    request,
     logger,
     username,
     pkgName,

x-pack/platform/plugins/shared/fleet/server/routes/epm/install_assets_handler.ts

@@ -8,7 +8,7 @@
 import type { KibanaRequest } from '@kbn/core/server';
 import type { TypeOf } from '@kbn/config-schema';
 
-import { FleetError, FleetNotFoundError, FleetUnauthorizedError } from '../../errors';
+import { FleetError, FleetNotFoundError } from '../../errors';
 import { appContextService } from '../../services';
 import {
   deleteKibanaAssetsAndReferencesForSpace,
@@ -26,7 +26,6 @@ import type {
 } from '../../types';
 import { createArchiveIteratorFromMap } from '../../services/epm/archive/archive_iterator';
 import { stepCreateAlertingRules } from '../../services/epm/packages/install_state_machine/steps/step_create_alerting_rules';
-import { HTTPAuthorizationHeader } from '../../../common/http_authorization_header';
 
 export async function checkIntegrationsAllPrivilegesForSpaces(
   request: KibanaRequest,
@@ -162,13 +161,6 @@ export const installRuleAssetsHandler: FleetRequestHandler<
     throw new FleetNotFoundError('Requested version is not installed');
   }
 
-  const user = appContextService.getSecurityCore().authc.getCurrentUser(request) || undefined;
-  const authorizationHeader = HTTPAuthorizationHeader.parseFromRequest(request, user?.username);
-
-  if (!authorizationHeader) {
-    throw new FleetUnauthorizedError('Authorization header is missing or invalid');
-  }
-
   const { packageInfo } = installedPkgWithAssets;
 
   await stepCreateAlertingRules({
@@ -180,7 +172,7 @@ export const installRuleAssetsHandler: FleetRequestHandler<
       archiveIterator: createArchiveIteratorFromMap(installedPkgWithAssets.assetsMap),
     },
     spaceId,
-    authorizationHeader,
+    request,
   });
 
   return response.ok({ body: { success: true } });

x-pack/platform/plugins/shared/fleet/server/routes/package_policy/handlers.ts

@@ -12,8 +12,6 @@ import type { RequestHandler } from '@kbn/core/server';
 
 import { groupBy, isEmpty, isEqual, keyBy, uniq } from 'lodash';
 
-import { HTTPAuthorizationHeader } from '../../../common/http_authorization_header';
-
 import { populatePackagePolicyAssignedAgentsCount } from '../../services/package_policies/populate_package_policy_assigned_agents_count';
 
 import {
@@ -230,12 +228,12 @@ export const createPackagePolicyHandler: FleetRequestHandler<
   const fleetContext = await context.fleet;
   const soClient = fleetContext.internalSoClient;
   const esClient = coreContext.elasticsearch.client.asInternalUser;
-  const user = appContextService.getSecurityCore().authc.getCurrentUser(request) || undefined;
+
   const { force, id, package: pkg, ...newPolicy } = request.body;
   if ('spaceIds' in newPolicy) {
     delete newPolicy.spaceIds;
   }
-  const authorizationHeader = HTTPAuthorizationHeader.parseFromRequest(request, user?.username);
+
   let wasPackageAlreadyInstalled = false;
 
   const spaceId = fleetContext.spaceId;
@@ -289,7 +287,6 @@ export const createPackagePolicyHandler: FleetRequestHandler<
         id,
         force,
         spaceId,
-        authorizationHeader,
       },
       context,
       request