github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 09:19:04 -04:00
Code Issues Projects Releases Packages Wiki Activity

[9.0] [Authz]: added authorization opt-out reason for monitoring routes (#213884) (#214050)

Browse source 
# Backport

This will backport the following commits from `main` to `9.0`:
- [[Authz]: added authorization opt-out reason for monitoring routes
(#213884)](https://github.com/elastic/kibana/pull/213884)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Elena
Shostak","email":"165678770+elena-shostak@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-03-12T06:31:45Z","message":"[Authz]:
added authorization opt-out reason for monitoring routes (#213884)\n\n##
Summary\n\n Added authorization opt-out reason for monitoring
routes.\n\n\n### Checklist\n\n- [x] The PR description includes the
appropriate Release Notes section,\nand the correct `release_note:*`
label is applied per
the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"78fb6883f102c09a63429507c67a810991d4a804","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Feature:Security/Authorization","backport:prev-minor","backport:version","Authz:
API migration","v9.1.0","v8.19.0"],"title":"[Authz]: added authorization
opt-out reason for monitoring
routes","number":213884,"url":"https://github.com/elastic/kibana/pull/213884","mergeCommit":{"message":"[Authz]:
added authorization opt-out reason for monitoring routes (#213884)\n\n##
Summary\n\n Added authorization opt-out reason for monitoring
routes.\n\n\n### Checklist\n\n- [x] The PR description includes the
appropriate Release Notes section,\nand the correct `release_note:*`
label is applied per
the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"78fb6883f102c09a63429507c67a810991d4a804"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/213884","number":213884,"mergeCommit":{"message":"[Authz]:
added authorization opt-out reason for monitoring routes (#213884)\n\n##
Summary\n\n Added authorization opt-out reason for monitoring
routes.\n\n\n### Checklist\n\n- [x] The PR description includes the
appropriate Release Notes section,\nand the correct `release_note:*`
label is applied per
the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"78fb6883f102c09a63429507c67a810991d4a804"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Elena Shostak <165678770+elena-shostak@users.noreply.github.com>
This commit is contained in:
Kibana Machine 2025-03-12 19:24:31 +11:00 committed by GitHub
parent 23c1e5cd0b
commit 46ef0fd07b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
39 changed files with 234 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/_health/index.ts
View file

@ -27,6 +27,12 @@ export function registerV1HealthRoute(server: MonitoringCore) {
server.route({
method: 'get',
path: '/api/monitoring/v1/_health',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
query: validateQuery,
},

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/alerts/enable.ts
View file

@ -18,6 +18,12 @@ export function enableAlertsRoute(server: MonitoringCore, npRoute: RouteDependen
npRoute.router.post(
{
path: '/api/monitoring/v1/alerts/enable',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: false,
options: {
access: 'internal',

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/alerts/status.ts
View file

@ -28,6 +28,12 @@ export function alertStatusRoute(npRoute: RouteDependencies) {
}),
}),
},
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
options: {
access: 'internal',
},

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/apm/instance.ts
View file

@ -25,6 +25,12 @@ export function apmInstanceRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/apm/{apmUuid}',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/apm/instances.ts
View file

@ -23,6 +23,12 @@ export function apmInstancesRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/apm/instances',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/apm/overview.ts
View file

@ -24,6 +24,12 @@ export function apmOverviewRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/apm',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/beats/beat_detail.ts
View file

@ -25,6 +25,12 @@ export function beatsDetailRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/beats/beat/{beatUuid}',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/beats/beats.ts
View file

@ -23,6 +23,12 @@ export function beatsListingRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/beats/beats',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/beats/overview.ts
View file

@ -25,6 +25,12 @@ export function beatsOverviewRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/beats',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/check_access/check_access.ts
View file

@ -20,6 +20,12 @@ export function checkAccessRoute(server: MonitoringCore) {
server.route({
method: 'get',
path: '/api/monitoring/v1/check_access',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {},
options: {
access: 'internal',

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/cluster/cluster.ts
View file

@ -26,6 +26,12 @@ export function clusterRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/cluster/clusters.ts
View file

@ -27,6 +27,12 @@ export function clustersRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
body: validateBody,
},

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/elasticsearch/ccr.ts
View file

@ -267,6 +267,12 @@ export function ccrRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/elasticsearch/ccr',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/elasticsearch/ccr_shard.ts
View file

@ -91,6 +91,12 @@ export function ccrShardRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/elasticsearch/ccr/{index}/shard/{shardId}',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/elasticsearch/index_detail.ts
View file

@ -32,6 +32,12 @@ export function esIndexRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/elasticsearch/indices/{id}',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/elasticsearch/indices.ts
View file

@ -27,6 +27,12 @@ export function esIndicesRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/elasticsearch/indices',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
query: validateQuery,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/elasticsearch/ml_jobs.ts
View file

@ -25,6 +25,12 @@ export function mlJobRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/elasticsearch/ml_jobs',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/elasticsearch/node_detail.ts
View file

@ -37,6 +37,12 @@ export function esNodeRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/elasticsearch/nodes/{nodeUuid}',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/elasticsearch/nodes.ts
View file

@ -28,6 +28,12 @@ export function esNodesRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/elasticsearch/nodes',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/elasticsearch/overview.ts
View file

@ -30,6 +30,12 @@ export function esOverviewRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/elasticsearch',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/elasticsearch_settings/check/cluster.ts
View file

@ -17,6 +17,12 @@ export function clusterSettingsCheckRoute(server: MonitoringCore) {
server.route({
method: 'get',
path: '/api/monitoring/v1/elasticsearch_settings/check/cluster',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {},
options: {
access: 'internal',

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/elasticsearch_settings/check/internal_monitoring.ts
View file

@ -83,6 +83,12 @@ export function internalMonitoringCheckRoute(server: MonitoringCore, npRoute: Ro
validate: {
body: validateBody,
},
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
options: {
access: 'internal',
},

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/elasticsearch_settings/check/nodes.ts
View file

@ -17,6 +17,12 @@ export function nodesSettingsCheckRoute(server: MonitoringCore) {
server.route({
method: 'get',
path: '/api/monitoring/v1/elasticsearch_settings/check/nodes',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {},
options: {
access: 'internal',

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/elasticsearch_settings/set/collection_enabled.ts
View file

@ -17,6 +17,12 @@ export function setCollectionEnabledRoute(server: MonitoringCore) {
server.route({
method: 'put',
path: '/api/monitoring/v1/elasticsearch_settings/set/collection_enabled',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {},
options: {
access: 'internal',

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/elasticsearch_settings/set/collection_interval.ts
View file

@ -17,6 +17,12 @@ export function setCollectionIntervalRoute(server: MonitoringCore) {
server.route({
method: 'put',
path: '/api/monitoring/v1/elasticsearch_settings/set/collection_interval',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {},
options: {
access: 'internal',

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/enterprise_search/overview.ts
View file

@ -24,6 +24,12 @@ export function entSearchOverviewRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/enterprise_search',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/kibana/instance.ts
View file

@ -25,6 +25,12 @@ export function kibanaInstanceRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/kibana/{kibanaUuid}',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/kibana/instances.ts
View file

@ -23,6 +23,12 @@ export function kibanaInstancesRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/kibana/instances',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/kibana/overview.ts
View file

@ -25,6 +25,12 @@ export function kibanaOverviewRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/kibana',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/logstash/node.ts
View file

@ -30,6 +30,12 @@ export function logstashNodeRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/logstash/node/{logstashUuid}',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/logstash/nodes.ts
View file

@ -22,6 +22,12 @@ export function logstashNodesRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/logstash/nodes',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/logstash/overview.ts
View file

@ -24,6 +24,12 @@ export function logstashOverviewRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/logstash',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/logstash/pipeline.ts
View file

@ -30,6 +30,12 @@ export function logstashPipelineRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/logstash/pipeline/{pipelineId}/{pipelineHash?}',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/logstash/pipelines/cluster_pipeline_ids.ts
View file

@ -21,6 +21,12 @@ export function logstashClusterPipelineIdsRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/logstash/pipeline_ids',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/logstash/pipelines/cluster_pipelines.ts
View file

@ -31,6 +31,12 @@ export function logstashClusterPipelinesRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/logstash/pipelines',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/logstash/pipelines/node_pipelines.ts
View file

@ -30,6 +30,12 @@ export function logstashNodePipelinesRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/logstash/node/{logstashUuid}/pipelines',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/setup/cluster_setup_status.ts
View file

@ -30,6 +30,12 @@ export function clusterSetupStatusRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/setup/collection/cluster/{clusterUuid?}',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
query: validateQuery,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/setup/disable_elasticsearch_internal_collection.ts
View file

@ -16,6 +16,12 @@ export function disableElasticsearchInternalCollectionRoute(server: MonitoringCo
server.route({
method: 'post',
path: '/api/monitoring/v1/setup/collection/{clusterUuid}/disable_internal_collection',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: createValidationFunction(postDisableInternalCollectionRequestParamsRT),
},

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/setup/node_setup_status.ts
View file

@ -30,6 +30,12 @@ export function nodeSetupStatusRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/setup/collection/node/{nodeUuid}',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
query: validateQuery,