github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 09:19:04 -04:00
Code Issues Projects Releases Packages Wiki Activity

[8.x] Authorized route migration for routes owned by @elastic/security-detection-engine (#198195) (#199752)

Browse source 
# Backport

This will backport the following commits from `main` to `8.x`:
- [Authorized route migration for routes owned by
@elastic/security-detection-engine
(#198195)](https://github.com/elastic/kibana/pull/198195)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Kibana
Machine","email":"42973632+kibanamachine@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-11-08T08:39:05Z","message":"Authorized
route migration for routes owned by @elastic/security-detection-engine
(#198195)\n\n### Authz API migration for authorized routes\r\n\r\nThis
PR migrates `access:<privilege>` tags used in route definitions
to\r\nnew security configuration.\r\nPlease refer to the documentation
for more information:
[Authorization\r\nAPI](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization)\r\n\r\n###
**Before migration:**\r\nAccess control tags were defined in the
`options` object of the route:\r\n\r\n```ts\r\nrouter.get({\r\n path:
'/api/path',\r\n options: {\r\n tags: ['access:<privilege_1>',
'access:<privilege_2>'],\r\n },\r\n ...\r\n},
handler);\r\n```\r\n\r\n### **After migration:**\r\nTags have been
replaced with the more robust\r\n`security.authz.requiredPrivileges`
field under `security`:\r\n\r\n```ts\r\nrouter.get({\r\n path:
'/api/path',\r\n security: {\r\n authz: {\r\n requiredPrivileges:
['<privilege_1>', '<privilege_2>'],\r\n },\r\n },\r\n ...\r\n},
handler);\r\n```\r\n\r\n### What to do next?\r\n1. Review the changes in
this PR.\r\n2. You might need to update your tests to reflect the new
security\r\nconfiguration:\r\n - If you have tests that rely on checking
`access` tags.\r\n - If you have snapshot tests that include the route
definition.\r\n- If you have FTR tests that rely on checking
unauthorized error\r\nmessage. The error message changed to also include
missing privileges.\r\n\r\n## Any questions?\r\nIf you have any
questions or need help with API authorization, please\r\nreach out to
the `@elastic/kibana-security`
team.\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>\r\nCo-authored-by: Nikita
Khristinin
<nkhristinin@gmail.com>","sha":"32f0396b277f255ca3465de4f1a8fcf11bbddfb3","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["enhancement","release_note:skip","Feature:Security/Authorization","backport
missing","v9.0.0","backport:prev-minor","Team:Detection Engine","Authz:
API
migration"],"number":198195,"url":"https://github.com/elastic/kibana/pull/198195","mergeCommit":{"message":"Authorized
route migration for routes owned by @elastic/security-detection-engine
(#198195)\n\n### Authz API migration for authorized routes\r\n\r\nThis
PR migrates `access:<privilege>` tags used in route definitions
to\r\nnew security configuration.\r\nPlease refer to the documentation
for more information:
[Authorization\r\nAPI](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization)\r\n\r\n###
**Before migration:**\r\nAccess control tags were defined in the
`options` object of the route:\r\n\r\n```ts\r\nrouter.get({\r\n path:
'/api/path',\r\n options: {\r\n tags: ['access:<privilege_1>',
'access:<privilege_2>'],\r\n },\r\n ...\r\n},
handler);\r\n```\r\n\r\n### **After migration:**\r\nTags have been
replaced with the more robust\r\n`security.authz.requiredPrivileges`
field under `security`:\r\n\r\n```ts\r\nrouter.get({\r\n path:
'/api/path',\r\n security: {\r\n authz: {\r\n requiredPrivileges:
['<privilege_1>', '<privilege_2>'],\r\n },\r\n },\r\n ...\r\n},
handler);\r\n```\r\n\r\n### What to do next?\r\n1. Review the changes in
this PR.\r\n2. You might need to update your tests to reflect the new
security\r\nconfiguration:\r\n - If you have tests that rely on checking
`access` tags.\r\n - If you have snapshot tests that include the route
definition.\r\n- If you have FTR tests that rely on checking
unauthorized error\r\nmessage. The error message changed to also include
missing privileges.\r\n\r\n## Any questions?\r\nIf you have any
questions or need help with API authorization, please\r\nreach out to
the `@elastic/kibana-security`
team.\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>\r\nCo-authored-by: Nikita
Khristinin
<nkhristinin@gmail.com>","sha":"32f0396b277f255ca3465de4f1a8fcf11bbddfb3"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/198195","number":198195,"mergeCommit":{"message":"Authorized
route migration for routes owned by @elastic/security-detection-engine
(#198195)\n\n### Authz API migration for authorized routes\r\n\r\nThis
PR migrates `access:<privilege>` tags used in route definitions
to\r\nnew security configuration.\r\nPlease refer to the documentation
for more information:
[Authorization\r\nAPI](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization)\r\n\r\n###
**Before migration:**\r\nAccess control tags were defined in the
`options` object of the route:\r\n\r\n```ts\r\nrouter.get({\r\n path:
'/api/path',\r\n options: {\r\n tags: ['access:<privilege_1>',
'access:<privilege_2>'],\r\n },\r\n ...\r\n},
handler);\r\n```\r\n\r\n### **After migration:**\r\nTags have been
replaced with the more robust\r\n`security.authz.requiredPrivileges`
field under `security`:\r\n\r\n```ts\r\nrouter.get({\r\n path:
'/api/path',\r\n security: {\r\n authz: {\r\n requiredPrivileges:
['<privilege_1>', '<privilege_2>'],\r\n },\r\n },\r\n ...\r\n},
handler);\r\n```\r\n\r\n### What to do next?\r\n1. Review the changes in
this PR.\r\n2. You might need to update your tests to reflect the new
security\r\nconfiguration:\r\n - If you have tests that rely on checking
`access` tags.\r\n - If you have snapshot tests that include the route
definition.\r\n- If you have FTR tests that rely on checking
unauthorized error\r\nmessage. The error message changed to also include
missing privileges.\r\n\r\n## Any questions?\r\nIf you have any
questions or need help with API authorization, please\r\nreach out to
the `@elastic/kibana-security`
team.\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>\r\nCo-authored-by: Nikita
Khristinin
<nkhristinin@gmail.com>","sha":"32f0396b277f255ca3465de4f1a8fcf11bbddfb3"}}]}]
BACKPORT-->

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
This commit is contained in:
Khristinin Nikita 2024-11-19 15:42:26 +01:00 committed by GitHub
parent b7dad96699
commit 43fa8a50f8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
44 changed files with 208 additions and 124 deletions
Download patch file Download diff file Expand all files Collapse all files

8
x-pack/plugins/lists/server/routes/create_endpoint_list_item_route.ts
View file

@ -23,10 +23,12 @@ export const createEndpointListItemRoute = (router: ListsPluginRouter): void =>
router.versioned
.post({
access: 'public',
options: {
tags: ['access:lists-all'],
},
path: ENDPOINT_LIST_ITEM_URL,
security: {
authz: {
requiredPrivileges: ['lists-all'],
},
},
})
.addVersion(
{

8
x-pack/plugins/lists/server/routes/create_endpoint_list_route.ts
View file

@ -27,10 +27,12 @@ export const createEndpointListRoute = (router: ListsPluginRouter): void => {
router.versioned
.post({
access: 'public',
options: {
tags: ['access:lists-all'],
},
path: ENDPOINT_LIST_URL,
security: {
authz: {
requiredPrivileges: ['lists-all'],
},
},
})
.addVersion(
{

8
x-pack/plugins/lists/server/routes/create_exception_list_item_route.ts
View file

@ -25,10 +25,12 @@ export const createExceptionListItemRoute = (router: ListsPluginRouter): void =>
router.versioned
.post({
access: 'public',
options: {
tags: ['access:lists-all'],
},
path: EXCEPTION_LIST_ITEM_URL,
security: {
authz: {
requiredPrivileges: ['lists-all'],
},
},
})
.addVersion(
{

8
x-pack/plugins/lists/server/routes/create_exception_list_route.ts
View file

@ -22,10 +22,12 @@ export const createExceptionListRoute = (router: ListsPluginRouter): void => {
router.versioned
.post({
access: 'public',
options: {
tags: ['access:lists-all'],
},
path: EXCEPTION_LIST_URL,
security: {
authz: {
requiredPrivileges: ['lists-all'],
},
},
})
.addVersion(
{

8
x-pack/plugins/lists/server/routes/delete_endpoint_list_item_route.ts
View file

@ -25,10 +25,12 @@ export const deleteEndpointListItemRoute = (router: ListsPluginRouter): void =>
router.versioned
.delete({
access: 'public',
options: {
tags: ['access:lists-all'],
},
path: ENDPOINT_LIST_ITEM_URL,
security: {
authz: {
requiredPrivileges: ['lists-all'],
},
},
})
.addVersion(
{

8
x-pack/plugins/lists/server/routes/delete_exception_list_item_route.ts
View file

@ -25,10 +25,12 @@ export const deleteExceptionListItemRoute = (router: ListsPluginRouter): void =>
router.versioned
.delete({
access: 'public',
options: {
tags: ['access:lists-all'],
},
path: EXCEPTION_LIST_ITEM_URL,
security: {
authz: {
requiredPrivileges: ['lists-all'],
},
},
})
.addVersion(
{

8
x-pack/plugins/lists/server/routes/delete_exception_list_route.ts
View file

@ -21,10 +21,12 @@ export const deleteExceptionListRoute = (router: ListsPluginRouter): void => {
router.versioned
.delete({
access: 'public',
options: {
tags: ['access:lists-all'],
},
path: EXCEPTION_LIST_URL,
security: {
authz: {
requiredPrivileges: ['lists-all'],
},
},
})
.addVersion(
{

8
x-pack/plugins/lists/server/routes/duplicate_exception_list_route.ts
View file

@ -21,10 +21,12 @@ export const duplicateExceptionsRoute = (router: ListsPluginRouter): void => {
router.versioned
.post({
access: 'public',
options: {
tags: ['access:lists-all'],
},
path: `${EXCEPTION_LIST_URL}/_duplicate`,
security: {
authz: {
requiredPrivileges: ['lists-all'],
},
},
})
.addVersion(
{

8
x-pack/plugins/lists/server/routes/export_exception_list_route.ts
View file

@ -18,10 +18,12 @@ export const exportExceptionsRoute = (router: ListsPluginRouter): void => {
router.versioned
.post({
access: 'public',
options: {
tags: ['access:lists-read'],
},
path: `${EXCEPTION_LIST_URL}/_export`,
security: {
authz: {
requiredPrivileges: ['lists-read'],
},
},
})
.addVersion(
{

8
x-pack/plugins/lists/server/routes/find_endpoint_list_item_route.ts
View file

@ -21,10 +21,12 @@ export const findEndpointListItemRoute = (router: ListsPluginRouter): void => {
router.versioned
.get({
access: 'public',
options: {
tags: ['access:lists-read'],
},
path: `${ENDPOINT_LIST_ITEM_URL}/_find`,
security: {
authz: {
requiredPrivileges: ['lists-read'],
},
},
})
.addVersion(
{

8
x-pack/plugins/lists/server/routes/find_exception_list_item_route.ts
View file

@ -21,10 +21,12 @@ export const findExceptionListItemRoute = (router: ListsPluginRouter): void => {
router.versioned
.get({
access: 'public',
options: {
tags: ['access:lists-read'],
},
path: `${EXCEPTION_LIST_ITEM_URL}/_find`,
security: {
authz: {
requiredPrivileges: ['lists-read'],
},
},
})
.addVersion(
{

8
x-pack/plugins/lists/server/routes/find_exception_list_route.ts
View file

@ -21,10 +21,12 @@ export const findExceptionListRoute = (router: ListsPluginRouter): void => {
router.versioned
.get({
access: 'public',
options: {
tags: ['access:lists-read'],
},
path: `${EXCEPTION_LIST_URL}/_find`,
security: {
authz: {
requiredPrivileges: ['lists-read'],
},
},
})
.addVersion(
{

6
x-pack/plugins/lists/server/routes/import_exceptions_route.ts
View file

@ -35,9 +35,13 @@ export const importExceptionsRoute = (router: ListsPluginRouter, config: ConfigT
maxBytes: config.maxImportPayloadBytes,
output: 'stream',
},
tags: ['access:lists-all'],
},
path: `${EXCEPTION_LIST_URL}/_import`,
security: {
authz: {
requiredPrivileges: ['lists-all'],
},
},
})
.addVersion(
{

8
x-pack/plugins/lists/server/routes/internal/create_exception_filter_route.ts
View file

@ -22,10 +22,12 @@ export const getExceptionFilterRoute = (router: ListsPluginRouter): void => {
router.versioned
.post({
access: 'internal',
options: {
tags: ['access:securitySolution'],
},
path: INTERNAL_EXCEPTION_FILTER,
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
})
.addVersion(
{

11
x-pack/plugins/lists/server/routes/internal/create_exceptions_list_route.ts
View file

@ -20,13 +20,12 @@ export const internalCreateExceptionListRoute = (router: ListsPluginRouter): voi
router.versioned
.post({
access: 'internal',
options: {
// Access control is set to `read` on purpose, as this route is internal and meant to
// ensure we have lists created (if not already) for Endpoint artifacts in order to support
// the UI. The Schema ensures that only endpoint artifact list IDs are allowed.
tags: ['access:lists-read'],
},
path: INTERNAL_EXCEPTIONS_LIST_ENSURE_CREATED_URL,
security: {
authz: {
requiredPrivileges: ['lists-read'],
},
},
})
.addVersion(
{

8
x-pack/plugins/lists/server/routes/internal/find_lists_by_size_route.ts
View file

@ -23,10 +23,12 @@ export const findListsBySizeRoute = (router: ListsPluginRouter): void => {
router.versioned
.get({
access: 'internal',
options: {
tags: ['access:lists-read'],
},
path: INTERNAL_FIND_LISTS_BY_SIZE,
security: {
authz: {
requiredPrivileges: ['lists-read'],
},
},
})
.addVersion(
{

8
x-pack/plugins/lists/server/routes/list/create_list_route.ts
View file

@ -18,10 +18,12 @@ export const createListRoute = (router: ListsPluginRouter): void => {
router.versioned
.post({
access: 'public',
options: {
tags: ['access:lists-all'],
},
path: LIST_URL,
security: {
authz: {
requiredPrivileges: ['lists-all'],
},
},
})
.addVersion(
{

8
x-pack/plugins/lists/server/routes/list/delete_list_route.ts
View file

@ -30,10 +30,12 @@ export const deleteListRoute = (router: ListsPluginRouter): void => {
router.versioned
.delete({
access: 'public',
options: {
tags: ['access:lists-all'],
},
path: LIST_URL,
security: {
authz: {
requiredPrivileges: ['lists-all'],
},
},
})
.addVersion(
{

6
x-pack/plugins/lists/server/routes/list/import_list_item_route.ts
View file

@ -34,12 +34,16 @@ export const importListItemRoute = (router: ListsPluginRouter, config: ConfigTyp
maxBytes: config.maxImportPayloadBytes,
parse: false,
},
tags: ['access:lists-all'],
timeout: {
payload: config.importTimeout.asMilliseconds(),
},
},
path: `${LIST_ITEM_URL}/_import`,
security: {
authz: {
requiredPrivileges: ['lists-all'],
},
},
})
.addVersion(
{

8
x-pack/plugins/lists/server/routes/list/patch_list_route.ts
View file

@ -18,10 +18,12 @@ export const patchListRoute = (router: ListsPluginRouter): void => {
router.versioned
.patch({
access: 'public',
options: {
tags: ['access:lists-all'],
},
path: LIST_URL,
security: {
authz: {
requiredPrivileges: ['lists-all'],
},
},
})
.addVersion(
{

8
x-pack/plugins/lists/server/routes/list/read_list_route.ts
View file

@ -18,10 +18,12 @@ export const readListRoute = (router: ListsPluginRouter): void => {
router.versioned
.get({
access: 'public',
options: {
tags: ['access:lists-read'],
},
path: LIST_URL,
security: {
authz: {
requiredPrivileges: ['lists-read'],
},
},
})
.addVersion(
{

8
x-pack/plugins/lists/server/routes/list/update_list_route.ts
View file

@ -18,10 +18,12 @@ export const updateListRoute = (router: ListsPluginRouter): void => {
router.versioned
.put({
access: 'public',
options: {
tags: ['access:lists-all'],
},
path: LIST_URL,
security: {
authz: {
requiredPrivileges: ['lists-all'],
},
},
})
.addVersion(
{

8
x-pack/plugins/lists/server/routes/list_index/create_list_index_route.ts
View file

@ -17,10 +17,12 @@ export const createListIndexRoute = (router: ListsPluginRouter): void => {
router.versioned
.post({
access: 'public',
options: {
tags: ['access:lists-all'],
},
path: LIST_INDEX,
security: {
authz: {
requiredPrivileges: ['lists-all'],
},
},
})
.addVersion({ validate: false, version: '2023-10-31' }, async (context, _, response) => {
const siemResponse = buildSiemResponse(response);

8
x-pack/plugins/lists/server/routes/list_index/delete_list_index_route.ts
View file

@ -34,10 +34,12 @@ export const deleteListIndexRoute = (router: ListsPluginRouter): void => {
router.versioned
.delete({
access: 'public',
options: {
tags: ['access:lists-all'],
},
path: LIST_INDEX,
security: {
authz: {
requiredPrivileges: ['lists-all'],
},
},
})
.addVersion(
{

8
x-pack/plugins/lists/server/routes/list_index/export_list_item_route.ts
View file

@ -20,10 +20,12 @@ export const exportListItemRoute = (router: ListsPluginRouter): void => {
router.versioned
.post({
access: 'public',
options: {
tags: ['access:lists-read'],
},
path: `${LIST_ITEM_URL}/_export`,
security: {
authz: {
requiredPrivileges: ['lists-read'],
},
},
})
.addVersion(
{

8
x-pack/plugins/lists/server/routes/list_index/find_list_route.ts
View file

@ -18,10 +18,12 @@ export const findListRoute = (router: ListsPluginRouter): void => {
router.versioned
.get({
access: 'public',
options: {
tags: ['access:lists-read'],
},
path: `${LIST_URL}/_find`,
security: {
authz: {
requiredPrivileges: ['lists-read'],
},
},
})
.addVersion(
{

8
x-pack/plugins/lists/server/routes/list_index/read_list_index_route.ts
View file

@ -17,10 +17,12 @@ export const readListIndexRoute = (router: ListsPluginRouter): void => {
router.versioned
.get({
access: 'public',
options: {
tags: ['access:lists-read'],
},
path: LIST_INDEX,
security: {
authz: {
requiredPrivileges: ['lists-read'],
},
},
})
.addVersion(
{

8
x-pack/plugins/lists/server/routes/list_item/create_list_item_route.ts
View file

@ -21,10 +21,12 @@ export const createListItemRoute = (router: ListsPluginRouter): void => {
router.versioned
.post({
access: 'public',
options: {
tags: ['access:lists-all'],
},
path: LIST_ITEM_URL,
security: {
authz: {
requiredPrivileges: ['lists-all'],
},
},
})
.addVersion(
{

8
x-pack/plugins/lists/server/routes/list_item/delete_list_item_route.ts
View file

@ -21,10 +21,12 @@ export const deleteListItemRoute = (router: ListsPluginRouter): void => {
router.versioned
.delete({
access: 'public',
options: {
tags: ['access:lists-all'],
},
path: LIST_ITEM_URL,
security: {
authz: {
requiredPrivileges: ['lists-all'],
},
},
})
.addVersion(
{

8
x-pack/plugins/lists/server/routes/list_item/find_list_item_route.ts
View file

@ -21,10 +21,12 @@ export const findListItemRoute = (router: ListsPluginRouter): void => {
router.versioned
.get({
access: 'public',
options: {
tags: ['access:lists-read'],
},
path: `${LIST_ITEM_URL}/_find`,
security: {
authz: {
requiredPrivileges: ['lists-read'],
},
},
})
.addVersion(
{

8
x-pack/plugins/lists/server/routes/list_item/patch_list_item_route.ts
View file

@ -21,10 +21,12 @@ export const patchListItemRoute = (router: ListsPluginRouter): void => {
router.versioned
.patch({
access: 'public',
options: {
tags: ['access:lists-all'],
},
path: LIST_ITEM_URL,
security: {
authz: {
requiredPrivileges: ['lists-all'],
},
},
})
.addVersion(
{

8
x-pack/plugins/lists/server/routes/list_item/read_list_item_route.ts
View file

@ -21,10 +21,12 @@ export const readListItemRoute = (router: ListsPluginRouter): void => {
router.versioned
.get({
access: 'public',
options: {
tags: ['access:lists-read'],
},
path: LIST_ITEM_URL,
security: {
authz: {
requiredPrivileges: ['lists-read'],
},
},
})
.addVersion(
{

8
x-pack/plugins/lists/server/routes/list_item/update_list_item_route.ts
View file

@ -21,10 +21,12 @@ export const updateListItemRoute = (router: ListsPluginRouter): void => {
router.versioned
.put({
access: 'public',
options: {
tags: ['access:lists-all'],
},
path: LIST_ITEM_URL,
security: {
authz: {
requiredPrivileges: ['lists-all'],
},
},
})
.addVersion(
{

8
x-pack/plugins/lists/server/routes/list_privileges/read_list_privileges_route.ts
View file

@ -16,10 +16,12 @@ export const readPrivilegesRoute = (router: ListsPluginRouter): void => {
router.versioned
.get({
access: 'public',
options: {
tags: ['access:lists-read'],
},
path: LIST_PRIVILEGES_URL,
security: {
authz: {
requiredPrivileges: ['lists-read'],
},
},
})
.addVersion(
{

8
x-pack/plugins/lists/server/routes/read_endpoint_list_item_route.ts
View file

@ -25,10 +25,12 @@ export const readEndpointListItemRoute = (router: ListsPluginRouter): void => {
router.versioned
.get({
access: 'public',
options: {
tags: ['access:lists-read'],
},
path: ENDPOINT_LIST_ITEM_URL,
security: {
authz: {
requiredPrivileges: ['lists-read'],
},
},
})
.addVersion(
{

8
x-pack/plugins/lists/server/routes/read_exception_list_item_route.ts
View file

@ -25,10 +25,12 @@ export const readExceptionListItemRoute = (router: ListsPluginRouter): void => {
router.versioned
.get({
access: 'public',
options: {
tags: ['access:lists-read'],
},
path: EXCEPTION_LIST_ITEM_URL,
security: {
authz: {
requiredPrivileges: ['lists-read'],
},
},
})
.addVersion(
{

8
x-pack/plugins/lists/server/routes/read_exception_list_route.ts
View file

@ -21,10 +21,12 @@ export const readExceptionListRoute = (router: ListsPluginRouter): void => {
router.versioned
.get({
access: 'public',
options: {
tags: ['access:lists-read'],
},
path: EXCEPTION_LIST_URL,
security: {
authz: {
requiredPrivileges: ['lists-read'],
},
},
})
.addVersion(
{

8
x-pack/plugins/lists/server/routes/summary_exception_list_route.ts
View file

@ -21,10 +21,12 @@ export const summaryExceptionListRoute = (router: ListsPluginRouter): void => {
router.versioned
.get({
access: 'public',
options: {
tags: ['access:lists-summary'],
},
path: `${EXCEPTION_LIST_URL}/summary`,
security: {
authz: {
requiredPrivileges: ['lists-summary'],
},
},
})
.addVersion(
{

8
x-pack/plugins/lists/server/routes/update_endpoint_list_item_route.ts
View file

@ -23,10 +23,12 @@ export const updateEndpointListItemRoute = (router: ListsPluginRouter): void =>
router.versioned
.put({
access: 'public',
options: {
tags: ['access:lists-all'],
},
path: ENDPOINT_LIST_ITEM_URL,
security: {
authz: {
requiredPrivileges: ['lists-all'],
},
},
})
.addVersion(
{

8
x-pack/plugins/lists/server/routes/update_exception_list_item_route.ts
View file

@ -24,10 +24,12 @@ export const updateExceptionListItemRoute = (router: ListsPluginRouter): void =>
router.versioned
.put({
access: 'public',
options: {
tags: ['access:lists-all'],
},
path: EXCEPTION_LIST_ITEM_URL,
security: {
authz: {
requiredPrivileges: ['lists-all'],
},
},
})
.addVersion(
{

8
x-pack/plugins/lists/server/routes/update_exception_list_route.ts
View file

@ -21,10 +21,12 @@ export const updateExceptionListRoute = (router: ListsPluginRouter): void => {
router.versioned
.put({
access: 'public',
options: {
tags: ['access:lists-all'],
},
path: EXCEPTION_LIST_URL,
security: {
authz: {
requiredPrivileges: ['lists-all'],
},
},
})
.addVersion(
{

2
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/alert_status/alert_status.ts
View file

@ -45,7 +45,7 @@ export default ({ getService }: FtrProviderContext) => {
describe('@ess @serverless change alert status endpoints', () => {
// Flakey: See https://github.com/elastic/kibana/issues/179704
describe.skip('validation checks', () => {
describe('validation checks', () => {
describe('update by ids', () => {
it('should not give errors when querying and the alerts index does not exist yet', async () => {
const { body } = await supertest

2
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/ess_specific_index_logic/migrations/finalize_alerts_migrations.ts
View file

@ -192,7 +192,7 @@ export default ({ getService }: FtrProviderContext): void => {
// it's been skipped since it was originally introduced in
// https://github.com/elastic/kibana/pull/85690. Created ticket to track skip.
// https://github.com/elastic/kibana/issues/179593
it.skip('deletes the underlying migration task', async () => {
it('deletes the underlying migration task', async () => {
await waitFor(
async () => {
const {

1
x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/indicator_match/trial_license_complete_tier/indicator_match_alert_suppression.ts
View file

@ -167,6 +167,7 @@ export default ({ getService }: FtrProviderContext) => {
});
cases.forEach(({ eventsCount, threatsCount, title }) => {
// FLAKY: https://github.com/elastic/kibana/issues/197765
describe(`Code execution path: ${title}`, () => {
it('should suppress an alert on real rule executions', async () => {
const id = uuidv4();