[console] Add REST API Authz content (#205183)

## Summary Part of https://github.com/elastic/kibana/issues/204681
2025-04-24 01:38:56 -04:00 · 2025-01-06 11:45:01 -06:00 · 2025-01-06 11:45:01 -06:00 · 1128787cd1
commit 1128787cd1
parent 3d6711bb95
4 changed files with 48 additions and 14 deletions
--- a/src/platform/plugins/shared/console/server/routes/api/console/autocomplete_entities/index.ts
+++ b/src/platform/plugins/shared/console/server/routes/api/console/autocomplete_entities/index.ts
@ -90,6 +90,12 @@ export const registerAutocompleteEntitiesRoute = (deps: RouteDependencies) => {
      options: {
        tags: ['access:console'],
      },
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'Relies on es client for authorization',
+        },
+      },
      validate: autoCompleteEntitiesValidationConfig,
    },
    async (context, request, response) => {
--- a/src/platform/plugins/shared/console/server/routes/api/console/es_config/index.ts
+++ b/src/platform/plugins/shared/console/server/routes/api/console/es_config/index.ts
@ -11,19 +11,31 @@ import { EsConfigApiResponse } from '../../../../../common/types/api_responses';
 import { RouteDependencies } from '../../..';

 export const registerEsConfigRoute = ({ router, services }: RouteDependencies): void => {
-  router.get({ path: '/api/console/es_config', validate: false }, async (ctx, req, res) => {
-    const cloudUrl = services.esLegacyConfigService.getCloudUrl();
-    if (cloudUrl) {
-      const body: EsConfigApiResponse = { host: cloudUrl };
+  router.get(
+    {
+      path: '/api/console/es_config',
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'Low effort request for config content',
+        },
+      },
+      validate: false,
+    },
+    async (ctx, req, res) => {
+      const cloudUrl = services.esLegacyConfigService.getCloudUrl();
+      if (cloudUrl) {
+        const body: EsConfigApiResponse = { host: cloudUrl };
+
+        return res.ok({ body });
+      }
+      const {
+        hosts: [host],
+      } = await services.esLegacyConfigService.readConfig();
+
+      const body: EsConfigApiResponse = { host };

      return res.ok({ body });
    }
-    const {
-      hosts: [host],
-    } = await services.esLegacyConfigService.readConfig();
-
-    const body: EsConfigApiResponse = { host };
-
-    return res.ok({ body });
-  });
+  );
 };
--- a/src/platform/plugins/shared/console/server/routes/api/console/proxy/index.ts
+++ b/src/platform/plugins/shared/console/server/routes/api/console/proxy/index.ts
@ -17,12 +17,16 @@ export const registerProxyRoute = (deps: RouteDependencies) => {
    {
      path: '/api/console/proxy',
      options: {
-        tags: ['access:console'],
        body: {
          output: 'stream',
          parse: false,
        },
      },
+      security: {
+        authz: {
+          requiredPrivileges: ['console'],
+        },
+      },
      validate: routeValidationConfig,
    },
    createHandler(deps)
--- a/src/platform/plugins/shared/console/server/routes/api/console/spec_definitions/index.ts
+++ b/src/platform/plugins/shared/console/server/routes/api/console/spec_definitions/index.ts
@ -32,5 +32,17 @@ export const registerSpecDefinitionsRoute = ({ router, services }: RouteDependen
    });
  };

-  router.get({ path: '/api/console/api_server', validate: false }, handler);
+  router.get(
+    {
+      path: '/api/console/api_server',
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'Low effort request for config info',
+        },
+      },
+      validate: false,
+    },
+    handler
+  );
 };