Unauthorized route migration for routes owned by response-ops (#214785)

### Authz API migration for unauthorized routes This PR migrates last unauthorized routes owned by your team to a new security configuration. Please refer to the documentation for more information: [Authorization API](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization) ### **Before migration:** ```ts router.get({ path: '/api/path', ... }, handler); ``` ### **After migration:** ```ts router.get({ path: '/api/path', security: { authz: { enabled: false, reason: 'This route is opted out from authorization because ...', }, }, ... }, handler); ```
2025-04-23 01:13:23 -04:00 · 2025-03-17 17:08:59 +01:00 · 2025-03-17 17:08:59 +01:00 · 229dca52a6
commit 229dca52a6
parent f82949698a
10 changed files with 35 additions and 0 deletions
--- a/x-pack/platform/plugins/shared/alerting/server/routes/gaps/apis/fill/fill_gap_by_id_route.ts
+++ b/x-pack/platform/plugins/shared/alerting/server/routes/gaps/apis/fill/fill_gap_by_id_route.ts
@ -22,6 +22,12 @@ export const fillGapByIdRoute = (
  router.post(
    {
      path: `${INTERNAL_ALERTING_GAPS_FILL_BY_ID_API_PATH}`,
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'This route delegates authorization to the scoped ES client',
+        },
+      },
      validate: {
        query: fillGapByIdQuerySchemaV1,
      },
--- a/x-pack/platform/plugins/shared/alerting/server/routes/gaps/apis/find/find_gaps_route.ts
+++ b/x-pack/platform/plugins/shared/alerting/server/routes/gaps/apis/find/find_gaps_route.ts
@ -23,6 +23,12 @@ export const findGapsRoute = (
  router.post(
    {
      path: INTERNAL_ALERTING_GAPS_FIND_API_PATH,
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'This route delegates authorization to the scoped ES client',
+        },
+      },
      validate: {
        body: findGapsBodySchemaV1,
      },
--- a/x-pack/platform/plugins/shared/alerting/server/routes/gaps/apis/get_gaps_summary_by_rule_ids/get_gaps_summary_by_rule_ids_route.ts
+++ b/x-pack/platform/plugins/shared/alerting/server/routes/gaps/apis/get_gaps_summary_by_rule_ids/get_gaps_summary_by_rule_ids_route.ts
@ -23,6 +23,12 @@ export const getGapsSummaryByRuleIdsRoute = (
  router.post(
    {
      path: `${INTERNAL_ALERTING_GAPS_GET_SUMMARY_BY_RULE_IDS_API_PATH}`,
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'This route delegates authorization to the scoped ES client',
+        },
+      },
      validate: {
        body: getGapsSummaryByRuleIdsBodySchemaV1,
      },
--- a/x-pack/platform/plugins/shared/alerting/server/routes/gaps/apis/get_rule_ids_with_gaps/get_rule_ids_with_gaps_route.ts
+++ b/x-pack/platform/plugins/shared/alerting/server/routes/gaps/apis/get_rule_ids_with_gaps/get_rule_ids_with_gaps_route.ts
@ -23,6 +23,12 @@ export const getRuleIdsWithGapsRoute = (
  router.post(
    {
      path: `${INTERNAL_ALERTING_GAPS_GET_RULES_API_PATH}`,
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'This route delegates authorization to the scoped ES client',
+        },
+      },
      validate: {
        body: getRuleIdsWithGapBodySchemaV1,
      },
--- a/x-pack/platform/plugins/shared/cases/server/routes/api/cases/get_case.ts
+++ b/x-pack/platform/plugins/shared/cases/server/routes/api/cases/get_case.ts
@ -59,6 +59,7 @@ export const getCaseRoute = () =>
 export const resolveCaseRoute = createCasesRoute({
  method: 'get',
  path: `${CASE_DETAILS_URL}/resolve`,
+  security: DEFAULT_CASES_ROUTE_SECURITY,
  routerOptions: {
    access: 'internal',
  },
--- a/x-pack/platform/plugins/shared/cases/server/routes/api/cases/similar.ts
+++ b/x-pack/platform/plugins/shared/cases/server/routes/api/cases/similar.ts
@ -10,10 +10,12 @@ import { INTERNAL_CASE_SIMILAR_CASES_URL } from '../../../../common/constants';
 import { createCaseError } from '../../../common/error';
 import { createCasesRoute } from '../create_cases_route';
 import type { caseApiV1 } from '../../../../common/types/api';
+import { DEFAULT_CASES_ROUTE_SECURITY } from '../constants';

 export const similarCaseRoute = createCasesRoute({
  method: 'post',
  path: INTERNAL_CASE_SIMILAR_CASES_URL,
+  security: DEFAULT_CASES_ROUTE_SECURITY,
  params: {
    params: schema.object({
      case_id: schema.string(),
--- a/x-pack/platform/plugins/shared/cases/server/routes/api/internal/find_user_actions.ts
+++ b/x-pack/platform/plugins/shared/cases/server/routes/api/internal/find_user_actions.ts
@ -12,6 +12,7 @@ import type { attachmentApiV1, userActionApiV1 } from '../../../../common/types/
 import { INTERNAL_CASE_FIND_USER_ACTIONS_URL } from '../../../../common/constants';
 import { createCaseError } from '../../../common/error';
 import { createCasesRoute } from '../create_cases_route';
+import { DEFAULT_CASES_ROUTE_SECURITY } from '../constants';

 const params = {
  params: schema.object({
@ -22,6 +23,7 @@ const params = {
 export const findUserActionsRoute = createCasesRoute({
  method: 'get',
  path: INTERNAL_CASE_FIND_USER_ACTIONS_URL,
+  security: DEFAULT_CASES_ROUTE_SECURITY,
  params,
  routerOptions: {
    access: 'public',
--- a/x-pack/platform/plugins/shared/cases/server/routes/api/observables/delete_observable.ts
+++ b/x-pack/platform/plugins/shared/cases/server/routes/api/observables/delete_observable.ts
@ -9,10 +9,12 @@ import { schema } from '@kbn/config-schema';
 import { INTERNAL_CASE_OBSERVABLES_DELETE_URL } from '../../../../common/constants';
 import { createCaseError } from '../../../common/error';
 import { createCasesRoute } from '../create_cases_route';
+import { DEFAULT_CASES_ROUTE_SECURITY } from '../constants';

 export const deleteObservableRoute = createCasesRoute({
  method: 'delete',
  path: INTERNAL_CASE_OBSERVABLES_DELETE_URL,
+  security: DEFAULT_CASES_ROUTE_SECURITY,
  params: {
    params: schema.object({
      case_id: schema.string(),
--- a/x-pack/platform/plugins/shared/cases/server/routes/api/observables/patch_observable.ts
+++ b/x-pack/platform/plugins/shared/cases/server/routes/api/observables/patch_observable.ts
@ -10,10 +10,12 @@ import { INTERNAL_CASE_OBSERVABLES_PATCH_URL } from '../../../../common/constant
 import { createCaseError } from '../../../common/error';
 import { createCasesRoute } from '../create_cases_route';
 import type { observableApiV1 } from '../../../../common/types/api';
+import { DEFAULT_CASES_ROUTE_SECURITY } from '../constants';

 export const patchObservableRoute = createCasesRoute({
  method: 'patch',
  path: INTERNAL_CASE_OBSERVABLES_PATCH_URL,
+  security: DEFAULT_CASES_ROUTE_SECURITY,
  params: {
    params: schema.object({
      case_id: schema.string(),
--- a/x-pack/platform/plugins/shared/cases/server/routes/api/observables/post_observable.ts
+++ b/x-pack/platform/plugins/shared/cases/server/routes/api/observables/post_observable.ts
@ -10,10 +10,12 @@ import { INTERNAL_CASE_OBSERVABLES_URL } from '../../../../common/constants';
 import { createCaseError } from '../../../common/error';
 import { createCasesRoute } from '../create_cases_route';
 import type { observableApiV1 } from '../../../../common/types/api';
+import { DEFAULT_CASES_ROUTE_SECURITY } from '../constants';

 export const postObservableRoute = createCasesRoute({
  method: 'post',
  path: INTERNAL_CASE_OBSERVABLES_URL,
+  security: DEFAULT_CASES_ROUTE_SECURITY,
  params: {
    params: schema.object({
      case_id: schema.string(),