github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-23 17:28:26 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Authz]: added authorization opt-out reason for monitoring routes (#213884)

Browse source 
## Summary

 Added authorization opt-out reason for monitoring routes.


### Checklist

- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
This commit is contained in:
Elena Shostak 2025-03-12 07:31:45 +01:00 committed by GitHub
parent 727313938b
commit 78fb6883f1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
39 changed files with 234 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/_health/index.ts
View file

@ -27,6 +27,12 @@ export function registerV1HealthRoute(server: MonitoringCore) {
server.route({
method: 'get',
path: '/api/monitoring/v1/_health',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
query: validateQuery,
},

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/alerts/enable.ts
View file

@ -18,6 +18,12 @@ export function enableAlertsRoute(server: MonitoringCore, npRoute: RouteDependen
npRoute.router.post(
{
path: '/api/monitoring/v1/alerts/enable',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: false,
options: {
access: 'internal',

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/alerts/status.ts
View file

@ -28,6 +28,12 @@ export function alertStatusRoute(npRoute: RouteDependencies) {
}),
}),
},
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
options: {
access: 'internal',
},

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/apm/instance.ts
View file

@ -25,6 +25,12 @@ export function apmInstanceRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/apm/{apmUuid}',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/apm/instances.ts
View file

@ -23,6 +23,12 @@ export function apmInstancesRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/apm/instances',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/apm/overview.ts
View file

@ -24,6 +24,12 @@ export function apmOverviewRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/apm',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/beats/beat_detail.ts
View file

@ -25,6 +25,12 @@ export function beatsDetailRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/beats/beat/{beatUuid}',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/beats/beats.ts
View file

@ -23,6 +23,12 @@ export function beatsListingRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/beats/beats',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/beats/overview.ts
View file

@ -25,6 +25,12 @@ export function beatsOverviewRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/beats',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/check_access/check_access.ts
View file

@ -20,6 +20,12 @@ export function checkAccessRoute(server: MonitoringCore) {
server.route({
method: 'get',
path: '/api/monitoring/v1/check_access',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {},
options: {
access: 'internal',

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/cluster/cluster.ts
View file

@ -26,6 +26,12 @@ export function clusterRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/cluster/clusters.ts
View file

@ -27,6 +27,12 @@ export function clustersRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
body: validateBody,
},

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/elasticsearch/ccr.ts
View file

@ -265,6 +265,12 @@ export function ccrRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/elasticsearch/ccr',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/elasticsearch/ccr_shard.ts
View file

@ -89,6 +89,12 @@ export function ccrShardRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/elasticsearch/ccr/{index}/shard/{shardId}',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/elasticsearch/index_detail.ts
View file

@ -32,6 +32,12 @@ export function esIndexRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/elasticsearch/indices/{id}',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/elasticsearch/indices.ts
View file

@ -27,6 +27,12 @@ export function esIndicesRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/elasticsearch/indices',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
query: validateQuery,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/elasticsearch/ml_jobs.ts
View file

@ -25,6 +25,12 @@ export function mlJobRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/elasticsearch/ml_jobs',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/elasticsearch/node_detail.ts
View file

@ -37,6 +37,12 @@ export function esNodeRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/elasticsearch/nodes/{nodeUuid}',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/elasticsearch/nodes.ts
View file

@ -28,6 +28,12 @@ export function esNodesRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/elasticsearch/nodes',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/elasticsearch/overview.ts
View file

@ -30,6 +30,12 @@ export function esOverviewRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/elasticsearch',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/elasticsearch_settings/check/cluster.ts
View file

@ -17,6 +17,12 @@ export function clusterSettingsCheckRoute(server: MonitoringCore) {
server.route({
method: 'get',
path: '/api/monitoring/v1/elasticsearch_settings/check/cluster',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {},
options: {
access: 'internal',

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/elasticsearch_settings/check/internal_monitoring.ts
View file

@ -83,6 +83,12 @@ export function internalMonitoringCheckRoute(server: MonitoringCore, npRoute: Ro
validate: {
body: validateBody,
},
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
options: {
access: 'internal',
},

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/elasticsearch_settings/check/nodes.ts
View file

@ -17,6 +17,12 @@ export function nodesSettingsCheckRoute(server: MonitoringCore) {
server.route({
method: 'get',
path: '/api/monitoring/v1/elasticsearch_settings/check/nodes',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {},
options: {
access: 'internal',

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/elasticsearch_settings/set/collection_enabled.ts
View file

@ -17,6 +17,12 @@ export function setCollectionEnabledRoute(server: MonitoringCore) {
server.route({
method: 'put',
path: '/api/monitoring/v1/elasticsearch_settings/set/collection_enabled',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {},
options: {
access: 'internal',

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/elasticsearch_settings/set/collection_interval.ts
View file

@ -17,6 +17,12 @@ export function setCollectionIntervalRoute(server: MonitoringCore) {
server.route({
method: 'put',
path: '/api/monitoring/v1/elasticsearch_settings/set/collection_interval',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {},
options: {
access: 'internal',

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/enterprise_search/overview.ts
View file

@ -24,6 +24,12 @@ export function entSearchOverviewRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/enterprise_search',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/kibana/instance.ts
View file

@ -25,6 +25,12 @@ export function kibanaInstanceRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/kibana/{kibanaUuid}',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/kibana/instances.ts
View file

@ -23,6 +23,12 @@ export function kibanaInstancesRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/kibana/instances',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/kibana/overview.ts
View file

@ -25,6 +25,12 @@ export function kibanaOverviewRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/kibana',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/logstash/node.ts
View file

@ -30,6 +30,12 @@ export function logstashNodeRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/logstash/node/{logstashUuid}',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/logstash/nodes.ts
View file

@ -22,6 +22,12 @@ export function logstashNodesRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/logstash/nodes',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/logstash/overview.ts
View file

@ -24,6 +24,12 @@ export function logstashOverviewRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/logstash',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/logstash/pipeline.ts
View file

@ -30,6 +30,12 @@ export function logstashPipelineRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/logstash/pipeline/{pipelineId}/{pipelineHash?}',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/logstash/pipelines/cluster_pipeline_ids.ts
View file

@ -21,6 +21,12 @@ export function logstashClusterPipelineIdsRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/logstash/pipeline_ids',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/logstash/pipelines/cluster_pipelines.ts
View file

@ -31,6 +31,12 @@ export function logstashClusterPipelinesRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/logstash/pipelines',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/logstash/pipelines/node_pipelines.ts
View file

@ -30,6 +30,12 @@ export function logstashNodePipelinesRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/clusters/{clusterUuid}/logstash/node/{logstashUuid}/pipelines',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
body: validateBody,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/setup/cluster_setup_status.ts
View file

@ -30,6 +30,12 @@ export function clusterSetupStatusRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/setup/collection/cluster/{clusterUuid?}',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
query: validateQuery,

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/setup/disable_elasticsearch_internal_collection.ts
View file

@ -16,6 +16,12 @@ export function disableElasticsearchInternalCollectionRoute(server: MonitoringCo
server.route({
method: 'post',
path: '/api/monitoring/v1/setup/collection/{clusterUuid}/disable_internal_collection',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: createValidationFunction(postDisableInternalCollectionRequestParamsRT),
},

6
x-pack/platform/plugins/private/monitoring/server/routes/api/v1/setup/node_setup_status.ts
View file

@ -30,6 +30,12 @@ export function nodeSetupStatusRoute(server: MonitoringCore) {
server.route({
method: 'post',
path: '/api/monitoring/v1/setup/collection/node/{nodeUuid}',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES cluster client',
},
},
validate: {
params: validateParams,
query: validateQuery,