github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 09:48:58 -04:00
Code Issues Projects Releases Packages Wiki Activity

[Authz] Mandatory Security Config (#215180)

Browse source 
## Summary

This PR makes `security` a required field for route registration. To
incorporate the new required filed, changes has been made:

1. **Test file updates**. A lot of the updates made in this PR were made
in tests.
2. **Versioned route security configuration**. For the versioned route
`security` config has been lifted up to the top-level definition:

    Before
    ```ts
    router.versioned
      .get({
        path: '/api/path',
        options: { ... },
        ...
      }, handler)
      .addVersion({
         version: 1,
         validate: false,
         security: {
          authz: {
            requiredPrivileges: ['privilege'],
          },
         },
      });
    ```
    
    After
    ```ts
    router.versioned
      .get({
        path: '/api/path',
        options: { ... },
         security: {
          authz: {
            requiredPrivileges: ['privilege'],
          },
         },
        ...
      }, handler)
      .addVersion({
         version: 1,
         validate: false,
      });
    ```

3. **Type adjustments for route wrappers**. Type changes has been made
in:
-
`x-pack/solutions/observability/plugins/infra/server/lib/adapters/framework/adapter_types.ts`
-
`x-pack/solutions/observability/plugins/metrics_data_access/server/lib/adapters/framework/adapter_types.ts`
-
`x-pack/solutions/observability/plugins/synthetics/server/routes/types.ts`
-
`x-pack/solutions/observability/plugins/uptime/server/legacy_uptime/routes/types.ts`

Security was made an optional field for the wrappers defined in those
files, since the default security is provided in the wrapper itself and
then passed down to the core router.

### Checklist

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)


__Closes: https://github.com/elastic/kibana/issues/215331__

---------

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
This commit is contained in:
Elena Shostak 2025-03-27 20:04:53 +01:00 committed by GitHub
parent 2aa857643d
commit 7a41906d88
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
253 changed files with 6835 additions and 3201 deletions
Download patch file Download diff file Expand all files Collapse all files

18
examples/eso_model_version_example/server/plugin.ts
View file

@ -307,6 +307,12 @@ export class EsoModelVersionExample
{
path: '/internal/eso_mv_example/generate',
validate: false,
security: {
authz: {
enabled: false,
reason: 'This routes delegates authorization to SO client.',
},
},
},
async (context, request, response) => {
const { elasticsearch } = await context.core;
@ -358,6 +364,12 @@ export class EsoModelVersionExample
{
path: '/internal/eso_mv_example/read_raw',
validate: false,
security: {
authz: {
enabled: false,
reason: 'This routes delegates authorization to SO client.',
},
},
},
async (context, request, response) => {
// Read the raw documents so we can display the model versions prior to migration transformations
@ -394,6 +406,9 @@ export class EsoModelVersionExample
{
path: '/internal/eso_mv_example/get_objects',
validate: false,
security: {
authz: { enabled: false, reason: 'This routes delegates authorization to SO client.' },
},
},
async (context, request, response) => {
// Get the objects via the SO client so we can display how the objects are migrated via the MV definitions
@ -431,6 +446,9 @@ export class EsoModelVersionExample
{
path: '/internal/eso_mv_example/get_decrypted',
validate: false,
security: {
authz: { enabled: false, reason: 'This route delegates authorization to SO client.' },
},
},
async (context, request, response) => {
// Decrypt the objects as the internal user so we can display the secrets

1
examples/feature_control_examples/server/plugin.ts
View file

@ -56,6 +56,7 @@ export class FeatureControlsPluginExample
{
path: '/internal/my_plugin/read',
validate: false,
security: { authz: { requiredPrivileges: ['my_closed_example_api'] } },
},
async (context, request, response) => {
return response.ok({

3
examples/feature_flags_example/server/routes/index.ts
View file

@ -16,6 +16,9 @@ export function defineRoutes(router: IRouter) {
.get({
path: '/api/feature_flags_example/example',
access: 'public',
security: {
authz: { enabled: false, reason: 'Public route that does not require authorization' },
},
})
.addVersion(
{

21
examples/preboot_example/server/plugin.ts
View file

@ -40,6 +40,12 @@ export class PrebootExamplePlugin implements PrebootPlugin {
prebootRouter.get(
{
path: '/api/preboot/state',
security: {
authz: {
enabled: false,
reason: 'This route is opted out of authorization as it is a core preboot route',
},
},
validate: false,
options: { authRequired: false },
},
@ -55,6 +61,12 @@ export class PrebootExamplePlugin implements PrebootPlugin {
prebootRouter.post(
{
path: '/api/preboot/complete_setup',
security: {
authz: {
enabled: false,
reason: 'This route is opted out of authorization as it is a core preboot route',
},
},
validate: {
body: schema.object({ shouldReloadConfig: schema.boolean() }),
},
@ -69,6 +81,12 @@ export class PrebootExamplePlugin implements PrebootPlugin {
prebootRouter.post(
{
path: '/api/preboot/write_config',
security: {
authz: {
enabled: false,
reason: 'This route is opted out of authorization as it is a core preboot route',
},
},
validate: {
body: schema.object({ key: schema.string(), value: schema.string() }),
},
@ -91,6 +109,9 @@ export class PrebootExamplePlugin implements PrebootPlugin {
prebootRouter.post(
{
path: '/api/preboot/connect_to_es',
security: {
authz: { enabled: false, reason: 'This route delegates authorization to es client' },
},
validate: {
body: schema.object({
host: schema.string(),

6
examples/response_stream/server/routes/reducer_stream.ts
View file

@ -27,6 +27,12 @@ export const defineReducerStreamRoute = (router: IRouter, logger: Logger) => {
.post({
path: RESPONSE_STREAM_API_ENDPOINT.REDUCER_STREAM,
access: 'internal',
security: {
authz: {
enabled: false,
reason: 'This route is opted out of authorization as it is a developer example endpoint.',
},
},
})
.addVersion(
{

6
examples/response_stream/server/routes/redux_stream.ts
View file

@ -27,6 +27,12 @@ export const defineReduxStreamRoute = (router: IRouter, logger: Logger) => {
.post({
path: RESPONSE_STREAM_API_ENDPOINT.REDUX_STREAM,
access: 'internal',
security: {
authz: {
enabled: false,
reason: 'This route is opted out of authorization as it is a developer example endpoint.',
},
},
})
.addVersion(
{

6
examples/response_stream/server/routes/single_string_stream.ts
View file

@ -22,6 +22,12 @@ export const defineSimpleStringStreamRoute = (router: IRouter, logger: Logger) =
.post({
path: RESPONSE_STREAM_API_ENDPOINT.SIMPLE_STRING_STREAM,
access: 'internal',
security: {
authz: {
enabled: false,
reason: 'This route is opted out of authorization as it is a developer example endpoint.',
},
},
})
.addVersion(
{

14
examples/routing_example/server/routes/deprecated_routes/internal.ts
View file

@ -14,6 +14,13 @@ export const registerInternalDeprecatedRoute = (router: IRouter) => {
router.get(
{
path: DEPRECATED_ROUTES.INTERNAL_DEPRECATED_ROUTE,
security: {
authz: {
enabled: false,
reason:
'This route is opted out of authorization because it is only intended for test use',
},
},
validate: false,
options: {
// Explicitly set access is to internal
@ -40,6 +47,13 @@ export const registerInternalDeprecatedRoute = (router: IRouter) => {
{
path: DEPRECATED_ROUTES.INTERNAL_ONLY_ROUTE,
validate: false,
security: {
authz: {
enabled: false,
reason:
'This route is opted out of authorization because it is only intended for test use',
},
},
// If no access is specified then it defaults to internal
},
async (ctx, req, res) => {

21
examples/routing_example/server/routes/deprecated_routes/unversioned.ts
View file

@ -16,6 +16,13 @@ export const registerDeprecatedRoute = (router: IRouter) => {
{
path: DEPRECATED_ROUTES.DEPRECATED_ROUTE,
validate: false,
security: {
authz: {
enabled: false,
reason:
'This route is opted out of authorization because it is only intended for test use',
},
},
options: {
access: 'public',
deprecated: {
@ -38,6 +45,13 @@ export const registerDeprecatedRoute = (router: IRouter) => {
{
path: DEPRECATED_ROUTES.REMOVED_ROUTE,
validate: false,
security: {
authz: {
enabled: false,
reason:
'This route is opted out of authorization because it is only intended for test use',
},
},
options: {
access: 'public',
deprecated: {
@ -57,6 +71,13 @@ export const registerDeprecatedRoute = (router: IRouter) => {
router.post(
{
path: DEPRECATED_ROUTES.MIGRATED_ROUTE,
security: {
authz: {
enabled: false,
reason:
'This route is opted out of authorization because it is only intended for test use',
},
},
validate: {
body: schema.object({
test: schema.maybe(schema.boolean()),

14
examples/routing_example/server/routes/deprecated_routes/versioned.ts
View file

@ -14,6 +14,13 @@ export const registerVersionedDeprecatedRoute = (router: IRouter) => {
router.versioned
.get({
path: DEPRECATED_ROUTES.VERSIONED_ROUTE,
security: {
authz: {
enabled: false,
reason:
'This route is opted out of authorization because it is only intended for test use',
},
},
description: 'Routing example plugin deprecated versioned route.',
access: 'public',
options: {
@ -43,6 +50,13 @@ export const registerVersionedDeprecatedRoute = (router: IRouter) => {
router.versioned
.get({
path: DEPRECATED_ROUTES.VERSIONED_INTERNAL_ROUTE,
security: {
authz: {
enabled: false,
reason:
'This route is opted out of authorization because it is only intended for test use',
},
},
description: 'Routing example plugin deprecated versioned route.',
access: 'internal',
options: {

14
examples/routing_example/server/routes/message_routes.ts
View file

@ -30,6 +30,13 @@ export function registerPostMessageRoute(router: IRouter) {
router.post(
{
path: `${POST_MESSAGE_ROUTE_PATH}/{id}`,
security: {
authz: {
enabled: false,
reason:
'This route is opted out of authorization because it is only intended for test use',
},
},
validate: {
params: schema.object({
// This parameter name matches the one in POST_MESSAGE_ROUTE_PATH: `api/post_message/{id}`.
@ -63,6 +70,13 @@ export function registerGetMessageByIdRoute(router: IRouter) {
router.get(
{
path: `${INTERNAL_GET_MESSAGE_BY_ID_ROUTE}/{id}`,
security: {
authz: {
enabled: false,
reason:
'This route is opted out of authorization because it is only intended for test use',
},
},
options: {
access: 'internal',
},

7
examples/routing_example/server/routes/random_number_between_generator.ts
View file

@ -19,6 +19,13 @@ export function registerGetRandomNumberBetweenRoute(router: IRouter) {
router.get(
{
path: RANDOM_NUMBER_BETWEEN_ROUTE_PATH,
security: {
authz: {
enabled: false,
reason:
'This route is opted out of authorization because it is only intended for test use',
},
},
validate: {
query: schema.object({
max: schema.number({ defaultValue: 10 }),

7
examples/routing_example/server/routes/random_number_generator.ts
View file

@ -19,6 +19,13 @@ export function registerGetRandomNumberRoute(router: IRouter) {
router.get(
{
path: RANDOM_NUMBER_ROUTE_PATH,
security: {
authz: {
enabled: false,
reason:
'This route is opted out of authorization because it is only intended for test use',
},
},
validate: {},
},
async (context, request, response) => {

8
examples/screenshot_mode_example/server/routes.ts
View file

@ -12,7 +12,13 @@ import { BASE_API_ROUTE } from '../common';
export const registerRoutes = ({ router, log, screenshotMode }: RouteDependencies) => {
router.get(
{ path: `${BASE_API_ROUTE}/check_is_screenshot`, validate: false },
{
path: `${BASE_API_ROUTE}/check_is_screenshot`,
validate: false,
security: {
authz: { enabled: false, reason: 'Screenshot api is public' },
},
},
async (ctx, req, res) => {
log.info(`Reading screenshot mode from a request: ${screenshotMode.isScreenshotMode(req)}`);
log.info(`Reading is screenshot mode from ctx: ${(await ctx.screenshotMode).isScreenshot}`);

6
examples/search_examples/server/routes/server_search_route.ts
View file

@ -24,6 +24,12 @@ export function registerServerSearchRoute(router: IRouter<DataRequestHandlerCont
field: schema.maybe(schema.string()),
}),
},
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization check to es.',
},
},
},
async (context, request, response) => {
const { index, field } = request.query;

6
examples/sse_example/server/routes/index.ts
View file

@ -17,6 +17,12 @@ export function defineRoutes(router: IRouter, logger: Logger) {
.get({
path: '/internal/sse_examples/clock',
access: 'internal',
security: {
authz: {
enabled: false,
reason: 'This route is opted out of authorization since it is an example sse route',
},
},
})
.addVersion(
{

1
examples/v8_profiler_examples/server/routes/cpu_profile.ts
View file

@ -24,6 +24,7 @@ const routeValidation = {
const routeConfig = {
path: '/_dev/cpu_profile',
validate: routeValidation,
security: { authz: { requiredPrivileges: ['foo'] } },
};
export function registerRoute(logger: Logger, router: IRouter): void {

1
examples/v8_profiler_examples/server/routes/heap_profile.ts
View file

@ -26,6 +26,7 @@ const routeValidation = {
const routeConfig = {
path: '/_dev/heap_profile',
validate: routeValidation,
security: { authz: { requiredPrivileges: ['foo'] } },
};
export function registerRoute(logger: Logger, router: IRouter): void {

4
packages/kbn-mock-idp-plugin/server/plugin.ts
View file

@ -71,6 +71,7 @@ export const plugin: PluginInitializer<
path: MOCK_IDP_LOGIN_PATH,
validate: false,
options: { authRequired: false },
security: { authz: { enabled: false, reason: '' } },
},
async (context, request, response) => {
return response.renderAnonymousCoreApp();
@ -85,6 +86,7 @@ export const plugin: PluginInitializer<
path: '/mock_idp/supported_roles',
validate: false,
options: { authRequired: false },
security: { authz: { enabled: false, reason: '' } },
},
(context, request, response) => {
try {
@ -110,6 +112,7 @@ export const plugin: PluginInitializer<
body: createSAMLResponseSchema,
},
options: { authRequired: false },
security: { authz: { enabled: false, reason: '' } },
},
async (context, request, response) => {
const { protocol, hostname, port } = core.http.getServerInfo();
@ -134,6 +137,7 @@ export const plugin: PluginInitializer<
path: MOCK_IDP_LOGOUT_PATH,
validate: false,
options: { authRequired: false },
security: { authz: { enabled: false, reason: '' } },
},
async (context, request, response) => {
return response.redirected({ headers: { location: '/' } });

6
src/core/packages/apps/server-internal/src/bundle_routes/bundle_route.test.ts
View file

@ -48,6 +48,12 @@ describe('registerRouteForBundle', () => {
httpResource: true,
},
validate: expect.any(Object),
security: {
authz: {
enabled: false,
reason: expect.any(String),
},
},
},
handler
);

6
src/core/packages/apps/server-internal/src/bundle_routes/bundles_route.ts
View file

@ -41,6 +41,12 @@ export function registerRouteForBundle(
path: schema.string(),
}),
},
security: {
authz: {
enabled: false,
reason: 'This route is used for serving assets and does not require authorization.',
},
},
},
createDynamicAssetHandler({
publicPath,

10
src/core/packages/http/resources-server-internal/src/http_resources_service.test.ts
View file

@ -48,7 +48,15 @@ describe('HttpResources service', () => {
getDeps: () => PrebootDeps | SetupDeps
) {
describe(`${name} register`, () => {
const routeConfig: RouteConfig<any, any, any, 'get'> = { path: '/', validate: false };
const routeConfig: RouteConfig<any, any, any, 'get'> = {
path: '/',
validate: false,
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
};
let register: HttpResources['register'];
beforeEach(async () => {

97
src/core/packages/http/router-server-internal/src/router.test.ts
View file

@ -53,6 +53,11 @@ describe('Router', () => {
{
path: '/',
validate: { body: validation, query: validation, params: validation },
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
options: {
deprecated: {
documentationUrl: 'https://fake-url.com',
@ -103,12 +108,22 @@ describe('Router', () => {
.post({
path: '/versioned',
access: 'internal',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
})
.addVersion({ version: '999', validate: false }, async (ctx, req, res) => res.ok());
router.get(
{
path: '/unversioned',
validate: { body: validation, query: validation, params: validation },
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => res.ok()
);
@ -131,6 +146,11 @@ describe('Router', () => {
{
path: '/',
validate: staticOrLazy ? fooValidation : () => fooValidation,
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => res.ok()
);
@ -158,6 +178,11 @@ describe('Router', () => {
router.post(
{
path: '/public',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
options: {
access: 'public',
},
@ -168,6 +193,11 @@ describe('Router', () => {
router.post(
{
path: '/internal',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
options: {
access: 'internal',
},
@ -194,6 +224,11 @@ describe('Router', () => {
router.post(
{
path: '/public',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
options: {
access: 'public',
},
@ -204,6 +239,11 @@ describe('Router', () => {
router.post(
{
path: '/public-resource',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
options: {
access: 'public',
httpResource: true,
@ -240,6 +280,11 @@ describe('Router', () => {
router.post(
{
path: '/',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
validate: lazyValidation,
},
(context, req, res) => res.ok()
@ -299,6 +344,11 @@ describe('Router', () => {
{
path: '/',
validate: { params: { validate: () => 'error' } } as any,
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => res.ok({})
)
@ -316,6 +366,11 @@ describe('Router', () => {
path: '/',
validate: false,
options: { security: { authz: { requiredPrivileges: [] } } } as any,
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => res.ok({})
)
@ -333,6 +388,11 @@ describe('Router', () => {
path: '/',
options: { body: { output: 'file' } } as any, // We explicitly don't support 'file'
validate: { body: schema.object({}, { unknowns: 'allow' }) },
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => res.ok({})
)
@ -384,7 +444,18 @@ describe('Router', () => {
it('should default `output: "stream" and parse: false` when no body validation is required but not a GET', () => {
const router = new Router('', logger, enhanceWithContext, routerOptions);
router.post({ path: '/', validate: {} }, (context, req, res) => res.ok({}));
router.post(
{
path: '/',
validate: {},
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => res.ok({})
);
const [route] = router.getRoutes();
expect(route.options).toEqual({ body: { output: 'stream', parse: false } });
});
@ -392,7 +463,16 @@ describe('Router', () => {
it('should NOT default `output: "stream" and parse: false` when the user has specified body options (he cares about it)', () => {
const router = new Router('', logger, enhanceWithContext, routerOptions);
router.post(
{ path: '/', options: { body: { maxBytes: 1 } }, validate: {} },
{
path: '/',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
options: { body: { maxBytes: 1 } },
validate: {},
},
(context, req, res) => res.ok({})
);
const [route] = router.getRoutes();
@ -401,7 +481,18 @@ describe('Router', () => {
it('should NOT default `output: "stream" and parse: false` when no body validation is required and GET', () => {
const router = new Router('', logger, enhanceWithContext, routerOptions);
router.get({ path: '/', validate: {} }, (context, req, res) => res.ok({}));
router.get(
{
path: '/',
validate: {},
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => res.ok({})
);
const [route] = router.getRoutes();
expect(route.options).toEqual({});
});

400
src/core/packages/http/router-server-internal/src/versioned_router/core_versioned_route.test.ts
View file

@ -65,6 +65,11 @@ describe('Versioned route', () => {
description: 'test',
summary: 'test',
enableQueryVersion: false,
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
})
.addVersion({ version: '2023-10-31', validate: false }, handlerFn);
@ -88,7 +93,15 @@ describe('Versioned route', () => {
it('can register multiple handlers', () => {
versionedRouter
.get({ path: '/test/{id}', access: 'internal' })
.get({
path: '/test/{id}',
access: 'internal',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
})
.addVersion({ version: '1', validate: false }, handlerFn)
.addVersion({ version: '2', validate: false }, handlerFn)
.addVersion({ version: '3', validate: false }, handlerFn);
@ -111,7 +124,15 @@ describe('Versioned route', () => {
it('does not allow specifying a handler for the same version more than once', () => {
expect(() =>
versionedRouter
.get({ path: '/test/{id}', access: 'internal' })
.get({
path: '/test/{id}',
access: 'internal',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
})
.addVersion({ version: '1', validate: false }, handlerFn)
.addVersion({ version: '1', validate: false }, handlerFn)
.addVersion({ version: '3', validate: false }, handlerFn)
@ -123,22 +144,54 @@ describe('Versioned route', () => {
it('only allows versions that are numbers greater than 0 for internal APIs', () => {
expect(() =>
versionedRouter
.get({ path: '/test/{id}', access: 'internal' })
.get({
path: '/test/{id}',
access: 'internal',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
})
.addVersion({ version: 'foo' as ApiVersion, validate: false }, handlerFn)
).toThrowError(`Invalid version number`);
expect(() =>
versionedRouter
.get({ path: '/test/{id}', access: 'internal' })
.get({
path: '/test/{id}',
access: 'internal',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
})
.addVersion({ version: '-1', validate: false }, handlerFn)
).toThrowError(`Invalid version number`);
expect(() =>
versionedRouter
.get({ path: '/test/{id}', access: 'internal' })
.get({
path: '/test/{id}',
access: 'internal',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
})
.addVersion({ version: '1.1', validate: false }, handlerFn)
).toThrowError(`Invalid version number`);
expect(() =>
versionedRouter
.get({ path: '/test/{id}', access: 'internal' })
.get({
path: '/test/{id}',
access: 'internal',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
})
.addVersion({ version: '1', validate: false }, handlerFn)
).not.toThrow();
});
@ -146,22 +199,54 @@ describe('Versioned route', () => {
it('only allows correctly formatted version date strings for public APIs', () => {
expect(() =>
versionedRouter
.get({ path: '/test/{id}', access: 'public' })
.get({
path: '/test/{id}',
access: 'public',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
})
.addVersion({ version: '1-1-2020' as ApiVersion, validate: false }, handlerFn)
).toThrowError(/Invalid version/);
expect(() =>
versionedRouter
.get({ path: '/test/{id}', access: 'public' })
.get({
path: '/test/{id}',
access: 'public',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
})
.addVersion({ version: '', validate: false }, handlerFn)
).toThrowError(/Invalid version/);
expect(() =>
versionedRouter
.get({ path: '/test/{id}', access: 'public' })
.get({
path: '/test/{id}',
access: 'public',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
})
.addVersion({ version: 'abc', validate: false }, handlerFn)
).toThrowError(/Invalid version/);
expect(() =>
versionedRouter
.get({ path: '/test/{id}', access: 'public' })
.get({
path: '/test/{id}',
access: 'public',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
})
.addVersion({ version: '2023-10-31', validate: false }, handlerFn)
).not.toThrow();
});
@ -180,6 +265,11 @@ describe('Versioned route', () => {
excludeFromOAS: true,
httpResource: true,
},
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
};
versionedRouter.post(opts);
@ -206,7 +296,15 @@ describe('Versioned route', () => {
it('allows public versions other than "2023-10-31"', () => {
expect(() =>
CoreVersionedRouter.from({ router, log: loggingSystemMock.createLogger(), env: notDevEnv })
.get({ access: 'public', path: '/foo' })
.get({
access: 'public',
path: '/foo',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
})
.addVersion({ version: '2023-01-31', validate: false }, (ctx, req, res) => res.ok())
).not.toThrow();
});
@ -219,13 +317,23 @@ describe('Versioned route', () => {
testValidation;
(router.registerRoute as jest.Mock).mockImplementation((opts) => (handler = opts.handler));
versionedRouter.post({ path: '/test/{id}', access: 'internal' }).addVersion(
{
version: '1',
validate: staticOrLazy === 'static' ? fooValidation : () => fooValidation,
},
handlerFn
);
versionedRouter
.post({
path: '/test/{id}',
access: 'internal',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
})
.addVersion(
{
version: '1',
validate: staticOrLazy === 'static' ? fooValidation : () => fooValidation,
},
handlerFn
);
const kibanaResponse = await handler!(
createRequest({
@ -258,13 +366,23 @@ describe('Versioned route', () => {
(router.registerRoute as jest.Mock).mockImplementation((opts) => (handler = opts.handler));
const lazyValidation = jest.fn(() => fooValidation);
versionedRouter.post({ path: '/test/{id}', access: 'internal' }).addVersion(
{
version: '1',
validate: lazyValidation,
},
handlerFn
);
versionedRouter
.post({
path: '/test/{id}',
access: 'internal',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
})
.addVersion(
{
version: '1',
validate: lazyValidation,
},
handlerFn
);
for (let i = 0; i < 10; i++) {
const { status } = await handler!(
@ -312,7 +430,15 @@ describe('Versioned route', () => {
it('only allows "2023-10-31" as public route versions', () => {
expect(() =>
versionedRouter
.get({ access: 'public', path: '/foo' })
.get({
access: 'public',
path: '/foo',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
})
.addVersion({ version: '2023-01-31', validate: false }, (ctx, req, res) => res.ok())
).toThrow(/Invalid public version/);
});
@ -323,13 +449,23 @@ describe('Versioned route', () => {
testValidation;
(router.registerRoute as jest.Mock).mockImplementation((opts) => (handler = opts.handler));
versionedRouter.post({ path: '/test/{id}', access: 'internal' }).addVersion(
{
version: '1',
validate: fooValidation,
},
handlerFn
);
versionedRouter
.post({
path: '/test/{id}',
access: 'internal',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
})
.addVersion(
{
version: '1',
validate: fooValidation,
},
handlerFn
);
const kibanaResponse = await handler!(
createRequest({
@ -356,13 +492,23 @@ describe('Versioned route', () => {
env: devEnv,
log: loggingSystemMock.createLogger(),
});
versionedRouter.post({ path: '/test/{id}', access: 'internal' }).addVersion(
{
version: '1',
validate: { response: { 500: { description: 'jest description', body: undefined } } },
},
async (ctx, req, res) => res.custom({ statusCode: 500 })
);
versionedRouter
.post({
path: '/test/{id}',
access: 'internal',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
})
.addVersion(
{
version: '1',
validate: { response: { 500: { description: 'jest description', body: undefined } } },
},
async (ctx, req, res) => res.custom({ statusCode: 500 })
);
await expect(
handler!(
@ -389,13 +535,23 @@ describe('Versioned route', () => {
env: devEnv,
log: loggingSystemMock.createLogger(),
});
versionedRouter.post({ path: '/test/{id}', access: 'internal' }).addVersion(
{
version: '1',
validate: fooValidation,
},
handlerFn
);
versionedRouter
.post({
path: '/test/{id}',
access: 'internal',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
})
.addVersion(
{
version: '1',
validate: fooValidation,
},
handlerFn
);
const kibanaResponse = await handler!(
createRequest({
@ -427,37 +583,67 @@ describe('Versioned route', () => {
(router.registerRoute as jest.Mock).mockImplementation(
(opts) => (bypassVersionHandler = opts.handler)
);
versionedRouter.post({ path: '/bypass_me/{id?}', access: 'internal' }).addVersion(
{
version: '1',
validate: false,
},
handlerFn
);
versionedRouter
.post({
path: '/bypass_me/{id?}',
access: 'internal',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
})
.addVersion(
{
version: '1',
validate: false,
},
handlerFn
);
let doNotBypassHandler1: InternalRouteHandler;
(router.registerRoute as jest.Mock).mockImplementation(
(opts) => (doNotBypassHandler1 = opts.handler)
);
versionedRouter.put({ path: '/do_not_bypass_me/{id}', access: 'internal' }).addVersion(
{
version: '1',
validate: false,
},
handlerFn
);
versionedRouter
.put({
path: '/do_not_bypass_me/{id}',
access: 'internal',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
})
.addVersion(
{
version: '1',
validate: false,
},
handlerFn
);
let doNotBypassHandler2: InternalRouteHandler;
(router.registerRoute as jest.Mock).mockImplementation(
(opts) => (doNotBypassHandler2 = opts.handler)
);
versionedRouter.get({ path: '/do_not_bypass_me_either', access: 'internal' }).addVersion(
{
version: '1',
validate: false,
},
handlerFn
);
versionedRouter
.get({
path: '/do_not_bypass_me_either',
access: 'internal',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
})
.addVersion(
{
version: '1',
validate: false,
},
handlerFn
);
const byPassedVersionResponse = await bypassVersionHandler!(
createRequest({ version: undefined })
@ -497,7 +683,15 @@ describe('Versioned route', () => {
},
};
versionedRouter
.get({ path: '/test/{id}', access: 'internal' })
.get({
path: '/test/{id}',
access: 'internal',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
})
.addVersion(
{
version: '1',
@ -705,20 +899,30 @@ describe('Versioned route', () => {
it('for routes with validation', async () => {
const { fooValidation } = testValidation;
(router.registerRoute as jest.Mock).mockImplementation((opts) => (handler = opts.handler));
versionedRouter.post({ path: '/test/{id}', access: 'internal' }).addVersion(
{
version: '1',
validate: fooValidation,
options: {
deprecated: {
severity: 'warning',
reason: { type: 'bump', newApiVersion: '123' },
documentationUrl: 'http://test.foo',
versionedRouter
.post({
path: '/test/{id}',
access: 'internal',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
handlerFn
);
})
.addVersion(
{
version: '1',
validate: fooValidation,
options: {
deprecated: {
severity: 'warning',
reason: { type: 'bump', newApiVersion: '123' },
documentationUrl: 'http://test.foo',
},
},
},
handlerFn
);
await handler!(
createRequest({
@ -762,20 +966,30 @@ describe('Versioned route', () => {
it('for routes without validation', async () => {
(router.registerRoute as jest.Mock).mockImplementation((opts) => (handler = opts.handler));
versionedRouter.post({ path: '/test/{id}', access: 'internal' }).addVersion(
{
version: '1',
validate: false,
options: {
deprecated: {
severity: 'warning',
reason: { type: 'bump', newApiVersion: '123' },
documentationUrl: 'http://test.foo',
versionedRouter
.post({
path: '/test/{id}',
access: 'internal',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
handlerFn
);
})
.addVersion(
{
version: '1',
validate: false,
options: {
deprecated: {
severity: 'warning',
reason: { type: 'bump', newApiVersion: '123' },
documentationUrl: 'http://test.foo',
},
},
},
handlerFn
);
await handler!(createRequest({ version: '1' }));
expect(router.emitPostValidate).toHaveBeenCalledTimes(1);

71
src/core/packages/http/router-server-internal/src/versioned_router/core_versioned_router.test.ts
View file

@ -27,9 +27,33 @@ describe('Versioned router', () => {
});
it('can register multiple routes', () => {
versionedRouter.get({ path: '/test/{id}', access: 'internal' });
versionedRouter.post({ path: '/test', access: 'internal' });
versionedRouter.delete({ path: '/test', access: 'internal' });
versionedRouter.get({
path: '/test/{id}',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
access: 'internal',
});
versionedRouter.post({
path: '/test',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
access: 'internal',
});
versionedRouter.delete({
path: '/test',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
access: 'internal',
});
expect(versionedRouter.getRoutes()).toHaveLength(3);
});
@ -42,14 +66,32 @@ describe('Versioned router', () => {
path: '/test/{id}',
access: 'internal',
discontinued: 'x.y.z',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
});
versionedRouter.post({
path: '/test',
access: 'internal',
summary: 'Post test',
description: 'Post test description',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
});
versionedRouter.delete({
path: '/test',
access: 'internal',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
});
versionedRouter.delete({ path: '/test', access: 'internal' });
expect(versionedRouter.getRoutes()).toMatchInlineSnapshot(`
Array [
Object {
@ -59,6 +101,13 @@ describe('Versioned router', () => {
"options": Object {
"access": "internal",
"discontinued": "x.y.z",
"security": Object {
"authz": Object {
"requiredPrivileges": Array [
"foo",
],
},
},
},
"path": "/test/{id}",
},
@ -69,6 +118,13 @@ describe('Versioned router', () => {
"options": Object {
"access": "internal",
"description": "Post test description",
"security": Object {
"authz": Object {
"requiredPrivileges": Array [
"foo",
],
},
},
"summary": "Post test",
},
"path": "/test",
@ -79,6 +135,13 @@ describe('Versioned router', () => {
"method": "delete",
"options": Object {
"access": "internal",
"security": Object {
"authz": Object {
"requiredPrivileges": Array [
"foo",
],
},
},
},
"path": "/test",
},

34
src/core/packages/http/router-server-mocks/src/versioned_router_mock_route.test.ts
View file

@ -13,13 +13,29 @@ describe('createVersionedRouterMock#getRoute', () => {
it('throws if no routes are registered', () => {
const versionedRouter = createVersionedRouterMock();
expect(() => versionedRouter.getRoute('get', '/foo')).toThrow(/No routes registered/);
versionedRouter.get({ path: '/foo', access: 'internal' });
versionedRouter.get({
path: '/foo',
access: 'internal',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
});
expect(() => versionedRouter.getRoute('get', '/foo')).not.toThrow();
expect(() => versionedRouter.getRoute('get', '/bar')).toThrow(/No routes registered/);
});
it('allows versioned routes to be introspected', () => {
const versionedRouter = createVersionedRouterMock();
const route = versionedRouter.get({ path: '/foo', access: 'internal' });
const route = versionedRouter.get({
path: '/foo',
access: 'internal',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
});
// Empty case
expect(versionedRouter.getRoute('get', '/foo')).toMatchInlineSnapshot(`
@ -27,6 +43,13 @@ describe('createVersionedRouterMock#getRoute', () => {
"config": Object {
"access": "internal",
"path": "/foo",
"security": Object {
"authz": Object {
"requiredPrivileges": Array [
"foo",
],
},
},
},
"versions": Object {},
}
@ -44,6 +67,13 @@ describe('createVersionedRouterMock#getRoute', () => {
"config": Object {
"access": "internal",
"path": "/foo",
"security": Object {
"authz": Object {
"requiredPrivileges": Array [
"foo",
],
},
},
},
"versions": Object {
"1": Object {

390
src/core/packages/http/server-internal/src/http_server.test.ts
View file

@ -211,6 +211,11 @@ test('valid params', async () => {
test: schema.string(),
}),
},
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => {
return res.ok({ body: req.params.test });
@ -241,6 +246,11 @@ test('invalid params', async () => {
test: schema.number(),
}),
},
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => {
return res.ok({ body: String(req.params.test) });
@ -276,6 +286,11 @@ test('valid query', async () => {
quux: schema.number(),
}),
},
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => {
return res.ok({ body: req.query });
@ -306,6 +321,11 @@ test('invalid query', async () => {
bar: schema.number(),
}),
},
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => {
return res.ok({ body: req.query });
@ -341,6 +361,11 @@ test('valid body', async () => {
baz: schema.number(),
}),
},
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => {
return res.ok({ body: req.body });
@ -379,6 +404,11 @@ test('valid body with validate function', async () => {
}
},
},
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => {
return res.ok({ body: req.body });
@ -422,6 +452,11 @@ test('not inline validation - specifying params', async () => {
validate: {
body: bodyValidation,
},
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => {
return res.ok({ body: req.body });
@ -465,6 +500,11 @@ test('not inline validation - specifying validation handler', async () => {
validate: {
body: bodyValidation,
},
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => {
return res.ok({ body: req.body });
@ -517,6 +557,11 @@ test('not inline handler - KibanaRequest', async () => {
}
},
},
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
handler
);
@ -566,6 +611,11 @@ test('not inline handler - RequestHandler', async () => {
}
},
},
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
handler
);
@ -598,6 +648,11 @@ test('invalid body', async () => {
bar: schema.number(),
}),
},
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => {
return res.ok({ body: req.body });
@ -633,6 +688,11 @@ test('handles putting', async () => {
key: schema.string(),
}),
},
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => {
return res.ok({ body: req.body });
@ -664,6 +724,11 @@ test('handles deleting', async () => {
id: schema.number(),
}),
},
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => {
return res.ok({ body: { key: req.params.id } });
@ -695,9 +760,29 @@ describe('with `basepath: /bar` and `rewriteBasePath: false`', () => {
} as HttpConfig;
const router = new Router('/', logger, enhanceWithContext, routerOptions);
router.get({ path: '/', validate: false }, (context, req, res) => res.ok({ body: 'value:/' }));
router.get({ path: '/foo', validate: false }, (context, req, res) =>
res.ok({ body: 'value:/foo' })
router.get(
{
path: '/',
validate: false,
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => res.ok({ body: 'value:/' })
);
router.get(
{
path: '/foo',
validate: false,
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => res.ok({ body: 'value:/foo' })
);
const { registerRouter, server: innerServer } = await server.setup({
@ -752,9 +837,29 @@ describe('with `basepath: /bar` and `rewriteBasePath: true`', () => {
} as HttpConfig;
const router = new Router('/', logger, enhanceWithContext, routerOptions);
router.get({ path: '/', validate: false }, (context, req, res) => res.ok({ body: 'value:/' }));
router.get({ path: '/foo', validate: false }, (context, req, res) =>
res.ok({ body: 'value:/foo' })
router.get(
{
path: '/',
validate: false,
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => res.ok({ body: 'value:/' })
);
router.get(
{
path: '/foo',
validate: false,
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => res.ok({ body: 'value:/foo' })
);
const { registerRouter, server: innerServer } = await server.setup({
@ -804,7 +909,18 @@ describe('with `basepath: /bar` and `rewriteBasePath: true`', () => {
test('with defined `redirectHttpFromPort`', async () => {
const router = new Router('/', logger, enhanceWithContext, routerOptions);
router.get({ path: '/', validate: false }, (context, req, res) => res.ok({ body: 'value:/' }));
router.get(
{
path: '/',
validate: false,
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => res.ok({ body: 'value:/' })
);
const { registerRouter } = await server.setup({ config$: configWithSSL$ });
registerRouter(router);
@ -834,11 +950,30 @@ test('allows attaching metadata to attach meta-data tag strings to a route', asy
const { registerRouter, server: innerServer } = await server.setup({ config$ });
const router = new Router('', logger, enhanceWithContext, routerOptions);
router.get({ path: '/with-tags', validate: false, options: { tags } }, (context, req, res) =>
res.ok({ body: { tags: req.route.options.tags } })
router.get(
{
path: '/with-tags',
validate: false,
options: { tags },
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => res.ok({ body: { tags: req.route.options.tags } })
);
router.get({ path: '/without-tags', validate: false }, (context, req, res) =>
res.ok({ body: { tags: req.route.options.tags } })
router.get(
{
path: '/without-tags',
validate: false,
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => res.ok({ body: { tags: req.route.options.tags } })
);
registerRouter(router);
@ -853,11 +988,30 @@ test('allows declaring route access to flag a route as public or internal', asyn
const { registerRouter, server: innerServer } = await server.setup({ config$ });
const router = new Router('', logger, enhanceWithContext, routerOptions);
router.get({ path: '/with-access', validate: false, options: { access } }, (context, req, res) =>
res.ok({ body: { access: req.route.options.access } })
router.get(
{
path: '/with-access',
validate: false,
options: { access },
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => res.ok({ body: { access: req.route.options.access } })
);
router.get({ path: '/without-access', validate: false }, (context, req, res) =>
res.ok({ body: { access: req.route.options.access } })
router.get(
{
path: '/without-access',
validate: false,
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => res.ok({ body: { access: req.route.options.access } })
);
registerRouter(router);
@ -871,18 +1025,54 @@ test(`sets access flag to 'internal' if not defined`, async () => {
const { registerRouter, server: innerServer } = await server.setup({ config$ });
const router = new Router('', logger, enhanceWithContext, routerOptions);
router.get({ path: '/internal/foo', validate: false }, (context, req, res) =>
res.ok({ body: { access: req.route.options.access } })
router.get(
{
path: '/internal/foo',
validate: false,
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => res.ok({ body: { access: req.route.options.access } })
);
router.get({ path: '/random/foo', validate: false }, (context, req, res) =>
res.ok({ body: { access: req.route.options.access } })
router.get(
{
path: '/random/foo',
validate: false,
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => res.ok({ body: { access: req.route.options.access } })
);
router.get({ path: '/random/internal/foo', validate: false }, (context, req, res) =>
res.ok({ body: { access: req.route.options.access } })
router.get(
{
path: '/random/internal/foo',
validate: false,
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => res.ok({ body: { access: req.route.options.access } })
);
router.get({ path: '/api/foo/internal/my-foo', validate: false }, (context, req, res) =>
res.ok({ body: { access: req.route.options.access } })
router.get(
{
path: '/api/foo/internal/my-foo',
validate: false,
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => res.ok({ body: { access: req.route.options.access } })
);
registerRouter(router);
@ -902,7 +1092,18 @@ test('exposes route details of incoming request to a route handler', async () =>
const { registerRouter, server: innerServer } = await server.setup({ config$ });
const router = new Router('', logger, enhanceWithContext, routerOptions);
router.get({ path: '/', validate: false }, (context, req, res) => res.ok({ body: req.route }));
router.get(
{
path: '/',
validate: false,
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => res.ok({ body: req.route })
);
registerRouter(router);
await server.start();
@ -918,6 +1119,11 @@ test('exposes route details of incoming request to a route handler', async () =>
access: 'internal',
tags: [],
timeout: {},
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
});
});
@ -933,7 +1139,18 @@ describe('conditional compression', () => {
body: 'hello'.repeat(500),
headers: { 'Content-Type': 'text/html; charset=UTF-8' },
};
router.get({ path: '/', validate: false }, (_context, _req, res) => res.ok(largeRequest));
router.get(
{
path: '/',
validate: false,
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(_context, _req, res) => res.ok(largeRequest)
);
registerRouter(router);
await server.start();
return innerServer.listener;
@ -1038,7 +1255,18 @@ describe('response headers', () => {
});
const router = new Router('', logger, enhanceWithContext, routerOptions);
router.get({ path: '/', validate: false }, (context, req, res) => res.ok({ body: req.route }));
router.get(
{
path: '/',
validate: false,
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => res.ok({ body: req.route })
);
registerRouter(router);
await server.start();
@ -1055,7 +1283,18 @@ describe('response headers', () => {
const { registerRouter, server: innerServer } = await server.setup({ config$ });
const router = new Router('', logger, enhanceWithContext, routerOptions);
router.get({ path: '/', validate: false }, (context, req, res) => res.ok({ body: req.route }));
router.get(
{
path: '/',
validate: false,
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => res.ok({ body: req.route })
);
registerRouter(router);
await server.start();
@ -1082,6 +1321,11 @@ test('exposes route details of incoming request to a route handler (POST + paylo
path: '/',
validate: { body: schema.object({ test: schema.number() }) },
options: { body: { accepts: 'application/json' } },
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => res.ok({ body: req.route })
);
@ -1103,6 +1347,11 @@ test('exposes route details of incoming request to a route handler (POST + paylo
timeout: {
payload: 10000,
},
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
body: {
parse: true, // hapi populates the default
maxBytes: 1024, // hapi populates the default
@ -1123,6 +1372,11 @@ describe('body options', () => {
path: '/',
validate: { body: schema.object({ test: schema.number() }) },
options: { body: { accepts: 'multipart/form-data' } }, // supertest sends 'application/json'
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => res.ok({ body: req.route })
);
@ -1145,6 +1399,11 @@ describe('body options', () => {
path: '/',
validate: { body: schema.object({ test: schema.number() }) },
options: { body: { maxBytes: 1 } },
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => res.ok({ body: req.route })
);
@ -1167,6 +1426,11 @@ describe('body options', () => {
path: '/',
validate: { body: schema.buffer() },
options: { body: { parse: false } },
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => {
expect(req.body).toBeInstanceOf(Buffer);
@ -1200,6 +1464,11 @@ describe('timeout options', () => {
payload: 300000,
},
},
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => {
return res.ok({
@ -1234,6 +1503,11 @@ describe('timeout options', () => {
payload: 300000,
},
},
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => {
return res.ok({
@ -1267,6 +1541,11 @@ describe('timeout options', () => {
payload: 300000,
},
},
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => {
return res.ok({
@ -1300,6 +1579,11 @@ describe('timeout options', () => {
payload: 300000,
},
},
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => {
return res.ok({
@ -1335,6 +1619,11 @@ describe('timeout options', () => {
{
path: '/',
validate: { body: schema.maybe(schema.any()) },
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => {
return res.ok({
@ -1371,6 +1660,11 @@ describe('timeout options', () => {
path: '/',
validate: { body: schema.maybe(schema.any()) },
options: { timeout: { idleSocket: 12000 } },
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => {
return res.ok({
@ -1407,6 +1701,11 @@ describe('timeout options', () => {
idleSocket: 10,
},
},
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => {
return res.ok({ body: { timeout: req.route.options.timeout } });
@ -1429,6 +1728,11 @@ test('should return a stream in the body', async () => {
path: '/',
validate: { body: schema.stream() },
options: { body: { output: 'stream' } },
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => {
expect(req.body).toBeInstanceOf(Readable);
@ -1454,11 +1758,33 @@ test('closes sockets on timeout', async () => {
});
const router = new Router('', logger, enhanceWithContext, routerOptions);
router.get({ path: '/a', validate: false }, async (context, req, res) => {
await new Promise((resolve) => setTimeout(resolve, 2000));
return res.ok({});
});
router.get({ path: '/b', validate: false }, (context, req, res) => res.ok({}));
router.get(
{
path: '/a',
validate: false,
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
async (context, req, res) => {
await new Promise((resolve) => setTimeout(resolve, 2000));
return res.ok({});
}
);
router.get(
{
path: '/b',
validate: false,
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
(context, req, res) => res.ok({})
);
registerRouter(router);

2
src/core/packages/http/server/src/router/route.ts
View file

@ -557,7 +557,7 @@ export interface RouteConfig<P, Q, B, Method extends RouteMethod> {
/**
* Defines the security requirements for a route, including authorization and authentication.
*/
security?: RouteSecurity;
security: RouteSecurity;
/**
* Additional route options {@link RouteConfigOptions}.

11
src/core/packages/metrics/server-internal/src/routes/elu_history.ts
View file

@ -36,9 +36,18 @@ export function registerEluHistoryRoute(router: IRouter, elu: () => EluMetrics)
enableQueryVersion: true,
path: '/api/_elu_history',
options: {
authRequired: false,
excludeFromRateLimiter: true,
},
security: {
authz: {
enabled: false,
reason: 'This route is used for internal monitoring and does not require authorization.',
},
authc: {
enabled: false,
reason: 'This route is used for internal monitoring and does not require authentication.',
},
},
})
.addVersion(
{

417
src/core/server/integration_tests/execution_context/tracing.test.ts
View file

@ -74,11 +74,18 @@ describe('trace', () => {
const { createRouter } = http;
const router = createRouter<RequestHandlerContext>('');
router.get({ path: '/execution-context', validate: false }, async (context, req, res) => {
const esClient = (await context.core).elasticsearch.client;
const { headers } = await esClient.asInternalUser.ping({}, { meta: true });
return res.ok({ body: headers || {} });
});
router.get(
{
path: '/execution-context',
validate: false,
security: { authz: { enabled: false, reason: '' } },
},
async (context, req, res) => {
const esClient = (await context.core).elasticsearch.client;
const { headers } = await esClient.asInternalUser.ping({}, { meta: true });
return res.ok({ body: headers || {} });
}
);
await root.start();
@ -97,11 +104,18 @@ describe('trace', () => {
const { createRouter } = http;
const router = createRouter<RequestHandlerContext>('');
router.get({ path: '/execution-context', validate: false }, async (context, req, res) => {
const esClient = (await context.core).elasticsearch.client;
const { headers } = await esClient.asCurrentUser.ping({}, { meta: true });
return res.ok({ body: headers || {} });
});
router.get(
{
path: '/execution-context',
validate: false,
security: { authz: { enabled: false, reason: '' } },
},
async (context, req, res) => {
const esClient = (await context.core).elasticsearch.client;
const { headers } = await esClient.asCurrentUser.ping({}, { meta: true });
return res.ok({ body: headers || {} });
}
);
await root.start();
@ -120,11 +134,18 @@ describe('trace', () => {
const { createRouter } = http;
const router = createRouter<RequestHandlerContext>('');
router.get({ path: '/execution-context', validate: false }, async (context, req, res) => {
const esClient = (await context.core).elasticsearch.client;
const { headers } = await esClient.asInternalUser.ping({}, { meta: true });
return res.ok({ body: headers || {} });
});
router.get(
{
path: '/execution-context',
validate: false,
security: { authz: { enabled: false, reason: '' } },
},
async (context, req, res) => {
const esClient = (await context.core).elasticsearch.client;
const { headers } = await esClient.asInternalUser.ping({}, { meta: true });
return res.ok({ body: headers || {} });
}
);
await root.start();
@ -139,11 +160,18 @@ describe('trace', () => {
const { createRouter } = http;
const router = createRouter<RequestHandlerContext>('');
router.get({ path: '/execution-context', validate: false }, async (context, req, res) => {
const esClient = (await context.core).elasticsearch.client;
const { headers } = await esClient.asCurrentUser.ping({}, { meta: true });
return res.ok({ body: headers || {} });
});
router.get(
{
path: '/execution-context',
validate: false,
security: { authz: { enabled: false, reason: '' } },
},
async (context, req, res) => {
const esClient = (await context.core).elasticsearch.client;
const { headers } = await esClient.asCurrentUser.ping({}, { meta: true });
return res.ok({ body: headers || {} });
}
);
await root.start();
@ -158,17 +186,24 @@ describe('trace', () => {
const { createRouter } = http;
const router = createRouter<RequestHandlerContext>('');
router.get({ path: '/execution-context', validate: false }, async (context, req, res) => {
const esClient = (await context.core).elasticsearch.client;
const { headers } = await esClient.asInternalUser.ping(
{},
{
opaqueId: 'new-opaque-id',
meta: true,
}
);
return res.ok({ body: headers || {} });
});
router.get(
{
path: '/execution-context',
validate: false,
security: { authz: { enabled: false, reason: '' } },
},
async (context, req, res) => {
const esClient = (await context.core).elasticsearch.client;
const { headers } = await esClient.asInternalUser.ping(
{},
{
opaqueId: 'new-opaque-id',
meta: true,
}
);
return res.ok({ body: headers || {} });
}
);
await root.start();
@ -206,11 +241,18 @@ describe('trace', () => {
const { createRouter } = http;
const router = createRouter<RequestHandlerContext>('');
router.get({ path: '/execution-context', validate: false }, async (context, req, res) => {
const esClient = (await context.core).elasticsearch.client;
const { headers } = await esClient.asCurrentUser.ping({}, { meta: true });
return res.ok({ body: headers || {} });
});
router.get(
{
path: '/execution-context',
validate: false,
security: { authz: { enabled: false, reason: '' } },
},
async (context, req, res) => {
const esClient = (await context.core).elasticsearch.client;
const { headers } = await esClient.asCurrentUser.ping({}, { meta: true });
return res.ok({ body: headers || {} });
}
);
await rootExecutionContextDisabled.start();
@ -229,17 +271,24 @@ describe('trace', () => {
const { createRouter } = http;
const router = createRouter<RequestHandlerContext>('');
router.get({ path: '/execution-context', validate: false }, async (context, req, res) => {
executionContext.set(parentContext);
const esClient = (await context.core).elasticsearch.client;
const { headers } = await esClient.asCurrentUser.ping({}, { meta: true });
return res.ok({
body: {
context: executionContext.get()?.toJSON(),
header: headers?.['x-opaque-id'],
},
});
});
router.get(
{
path: '/execution-context',
validate: false,
security: { authz: { enabled: false, reason: '' } },
},
async (context, req, res) => {
executionContext.set(parentContext);
const esClient = (await context.core).elasticsearch.client;
const { headers } = await esClient.asCurrentUser.ping({}, { meta: true });
return res.ok({
body: {
context: executionContext.get()?.toJSON(),
header: headers?.['x-opaque-id'],
},
});
}
);
await rootExecutionContextDisabled.start();
@ -262,10 +311,17 @@ describe('trace', () => {
const { createRouter } = http;
const router = createRouter<RequestHandlerContext>('');
router.get({ path: '/execution-context', validate: false }, async (context, req, res) => {
executionContext.set(parentContext);
return res.ok({ body: executionContext.get() });
});
router.get(
{
path: '/execution-context',
validate: false,
security: { authz: { enabled: false, reason: '' } },
},
async (context, req, res) => {
executionContext.set(parentContext);
return res.ok({ body: executionContext.get() });
}
);
await root.start();
const response = await kbnServerRequest.get(root, '/execution-context').expect(200);
@ -277,11 +333,18 @@ describe('trace', () => {
const { createRouter } = http;
const router = createRouter<RequestHandlerContext>('');
router.get({ path: '/execution-context', validate: false }, async (context, req, res) => {
executionContext.set(parentContext);
await delay(100);
return res.ok({ body: executionContext.get() });
});
router.get(
{
path: '/execution-context',
validate: false,
security: { authz: { enabled: false, reason: '' } },
},
async (context, req, res) => {
executionContext.set(parentContext);
await delay(100);
return res.ok({ body: executionContext.get() });
}
);
await root.start();
const response = await kbnServerRequest.get(root, '/execution-context').expect(200);
@ -294,11 +357,18 @@ describe('trace', () => {
const router = createRouter<RequestHandlerContext>('');
let id = 42;
router.get({ path: '/execution-context', validate: false }, async (context, req, res) => {
executionContext.set({ ...parentContext, id: String(id++) });
await delay(100);
return res.ok({ body: executionContext.get() });
});
router.get(
{
path: '/execution-context',
validate: false,
security: { authz: { enabled: false, reason: '' } },
},
async (context, req, res) => {
executionContext.set({ ...parentContext, id: String(id++) });
await delay(100);
return res.ok({ body: executionContext.get() });
}
);
await root.start();
const responseA = await kbnServerRequest.get(root, '/execution-context').expect(200);
@ -314,11 +384,18 @@ describe('trace', () => {
const router = createRouter<RequestHandlerContext>('');
let id = 2;
router.get({ path: '/execution-context', validate: false }, async (context, req, res) => {
executionContext.set({ ...parentContext, id: String(id) });
await delay(id-- * 100);
return res.ok({ body: executionContext.get() });
});
router.get(
{
path: '/execution-context',
validate: false,
security: { authz: { enabled: false, reason: '' } },
},
async (context, req, res) => {
executionContext.set({ ...parentContext, id: String(id) });
await delay(id-- * 100);
return res.ok({ body: executionContext.get() });
}
);
await root.start();
const responseA = kbnServerRequest.get(root, '/execution-context');
@ -342,13 +419,20 @@ describe('trace', () => {
const router = createRouter<RequestHandlerContext>('');
let id = 2;
router.get({ path: '/execution-context', validate: false }, async (context, req, res) => {
executionContext.set(parentContext);
await delay(id-- * 100);
const esClient = (await context.core).elasticsearch.client;
const { headers } = await esClient.asCurrentUser.ping({}, { meta: true });
return res.ok({ body: headers || {} });
});
router.get(
{
path: '/execution-context',
validate: false,
security: { authz: { enabled: false, reason: '' } },
},
async (context, req, res) => {
executionContext.set(parentContext);
await delay(id-- * 100);
const esClient = (await context.core).elasticsearch.client;
const { headers } = await esClient.asCurrentUser.ping({}, { meta: true });
return res.ok({ body: headers || {} });
}
);
await root.start();
const responseA = kbnServerRequest
@ -376,8 +460,13 @@ describe('trace', () => {
const { createRouter } = http;
const router = createRouter<RequestHandlerContext>('');
router.get({ path: '/execution-context', validate: false }, (context, req, res) =>
res.ok({ body: executionContext.get() })
router.get(
{
path: '/execution-context',
validate: false,
security: { authz: { enabled: false, reason: '' } },
},
(context, req, res) => res.ok({ body: executionContext.get() })
);
await root.start();
@ -394,11 +483,18 @@ describe('trace', () => {
const { createRouter } = http;
const router = createRouter<RequestHandlerContext>('');
router.get({ path: '/execution-context', validate: false }, async (context, req, res) => {
const esClient = (await context.core).elasticsearch.client;
const { headers } = await esClient.asCurrentUser.ping({}, { meta: true });
return res.ok({ body: headers || {} });
});
router.get(
{
path: '/execution-context',
validate: false,
security: { authz: { enabled: false, reason: '' } },
},
async (context, req, res) => {
const esClient = (await context.core).elasticsearch.client;
const { headers } = await esClient.asCurrentUser.ping({}, { meta: true });
return res.ok({ body: headers || {} });
}
);
await root.start();
const response = await kbnServerRequest
@ -428,9 +524,16 @@ describe('trace', () => {
} = http;
const router = createRouter<RequestHandlerContext>('');
router.get({ path: '/execution-context', validate: false }, async (context, req, res) => {
return res.ok({ body: executionContext.get()?.toJSON() });
});
router.get(
{
path: '/execution-context',
validate: false,
security: { authz: { enabled: false, reason: '' } },
},
async (context, req, res) => {
return res.ok({ body: executionContext.get()?.toJSON() });
}
);
let onPreRoutingContext;
registerOnPreRouting((request, response, t) => {
@ -482,11 +585,18 @@ describe('trace', () => {
const { createRouter } = http;
const router = createRouter<RequestHandlerContext>('');
router.get({ path: '/execution-context', validate: false }, async (context, req, res) => {
const esClient = (await context.core).elasticsearch.client;
const { headers } = await esClient.asCurrentUser.ping({}, { meta: true });
return res.ok({ body: headers || {} });
});
router.get(
{
path: '/execution-context',
validate: false,
security: { authz: { enabled: false, reason: '' } },
},
async (context, req, res) => {
const esClient = (await context.core).elasticsearch.client;
const { headers } = await esClient.asCurrentUser.ping({}, { meta: true });
return res.ok({ body: headers || {} });
}
);
await root.start();
@ -504,11 +614,18 @@ describe('trace', () => {
const { createRouter } = http;
const router = createRouter<RequestHandlerContext>('');
router.get({ path: '/execution-context', validate: false }, async (context, req, res) => {
const esClient = (await context.core).elasticsearch.client;
const { headers } = await esClient.asInternalUser.ping({}, { meta: true });
return res.ok({ body: headers || {} });
});
router.get(
{
path: '/execution-context',
validate: false,
security: { authz: { enabled: false, reason: '' } },
},
async (context, req, res) => {
const esClient = (await context.core).elasticsearch.client;
const { headers } = await esClient.asInternalUser.ping({}, { meta: true });
return res.ok({ body: headers || {} });
}
);
await root.start();
@ -526,11 +643,18 @@ describe('trace', () => {
const { createRouter } = http;
const router = createRouter<RequestHandlerContext>('');
router.get({ path: '/execution-context', validate: false }, async (context, req, res) => {
const esClient = (await context.core).elasticsearch.client;
const { headers } = await esClient.asCurrentUser.ping({}, { meta: true });
return res.ok({ body: headers || {} });
});
router.get(
{
path: '/execution-context',
validate: false,
security: { authz: { enabled: false, reason: '' } },
},
async (context, req, res) => {
const esClient = (await context.core).elasticsearch.client;
const { headers } = await esClient.asCurrentUser.ping({}, { meta: true });
return res.ok({ body: headers || {} });
}
);
await root.start();
@ -549,12 +673,19 @@ describe('trace', () => {
const { createRouter } = http;
const router = createRouter<RequestHandlerContext>('');
router.get({ path: '/execution-context', validate: false }, async (context, req, res) => {
executionContext.set(parentContext);
const esClient = (await context.core).elasticsearch.client;
const { headers } = await esClient.asCurrentUser.ping({}, { meta: true });
return res.ok({ body: headers || {} });
});
router.get(
{
path: '/execution-context',
validate: false,
security: { authz: { enabled: false, reason: '' } },
},
async (context, req, res) => {
executionContext.set(parentContext);
const esClient = (await context.core).elasticsearch.client;
const { headers } = await esClient.asCurrentUser.ping({}, { meta: true });
return res.ok({ body: headers || {} });
}
);
await root.start();
@ -579,12 +710,19 @@ describe('trace', () => {
id: '42',
description: 'какое-то описание',
};
router.get({ path: '/execution-context', validate: false }, async (context, req, res) => {
executionContext.set(ctx);
const esClient = (await context.core).elasticsearch.client;
const { headers } = await esClient.asCurrentUser.ping({}, { meta: true });
return res.ok({ body: headers || {} });
});
router.get(
{
path: '/execution-context',
validate: false,
security: { authz: { enabled: false, reason: '' } },
},
async (context, req, res) => {
executionContext.set(ctx);
const esClient = (await context.core).elasticsearch.client;
const { headers } = await esClient.asCurrentUser.ping({}, { meta: true });
return res.ok({ body: headers || {} });
}
);
await root.start();
@ -600,11 +738,18 @@ describe('trace', () => {
const { createRouter } = http;
const router = createRouter<RequestHandlerContext>('');
router.get({ path: '/execution-context', validate: false }, async (context, req, res) => {
return executionContext.withContext(parentContext, () =>
res.ok({ body: executionContext.get() })
);
});
router.get(
{
path: '/execution-context',
validate: false,
security: { authz: { enabled: false, reason: '' } },
},
async (context, req, res) => {
return executionContext.withContext(parentContext, () =>
res.ok({ body: executionContext.get() })
);
}
);
await root.start();
const response = await kbnServerRequest.get(root, '/execution-context').expect(200);
@ -622,15 +767,22 @@ describe('trace', () => {
id: '43',
description: 'nested-description',
};
router.get({ path: '/execution-context', validate: false }, async (context, req, res) => {
return executionContext.withContext(parentContext, async () => {
await delay(100);
return executionContext.withContext(nestedContext, async () => {
router.get(
{
path: '/execution-context',
validate: false,
security: { authz: { enabled: false, reason: '' } },
},
async (context, req, res) => {
return executionContext.withContext(parentContext, async () => {
await delay(100);
return res.ok({ body: executionContext.get() });
return executionContext.withContext(nestedContext, async () => {
await delay(100);
return res.ok({ body: executionContext.get() });
});
});
});
});
}
);
await root.start();
const response = await kbnServerRequest.get(root, '/execution-context').expect(200);
@ -648,13 +800,20 @@ describe('trace', () => {
id: '41',
description: 'new-description',
};
router.get({ path: '/execution-context', validate: false }, async (context, req, res) => {
const esClient = (await context.core).elasticsearch.client;
const { headers } = await executionContext.withContext(newContext, () => {
return esClient.asCurrentUser.ping({}, { meta: true });
});
return res.ok({ body: headers || {} });
});
router.get(
{
path: '/execution-context',
validate: false,
security: { authz: { enabled: false, reason: '' } },
},
async (context, req, res) => {
const esClient = (await context.core).elasticsearch.client;
const { headers } = await executionContext.withContext(newContext, () => {
return esClient.asCurrentUser.ping({}, { meta: true });
});
return res.ok({ body: headers || {} });
}
);
await root.start();

123
src/core/server/integration_tests/http/cookie_session_storage.test.ts
View file

@ -121,11 +121,14 @@ describe('Cookie based SessionStorage', () => {
const { server: innerServer, createRouter } = await server.setup(setupDeps);
const router = createRouter('');
router.get({ path, validate: false }, (context, req, res) => {
const sessionStorage = factory.asScoped(req);
sessionStorage.set(sessVal());
return res.ok({});
});
router.get(
{ path, validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => {
const sessionStorage = factory.asScoped(req);
sessionStorage.set(sessVal());
return res.ok({});
}
);
const factory = await createCookieSessionStorageFactory(
logger.get(),
@ -156,15 +159,18 @@ describe('Cookie based SessionStorage', () => {
const { server: innerServer, createRouter } = await server.setup(setupDeps);
const router = createRouter('');
router.get({ path: '/', validate: false }, async (context, req, res) => {
const sessionStorage = factory.asScoped(req);
const sessionValue = await sessionStorage.get();
if (!sessionValue) {
sessionStorage.set(sessVal());
return res.ok();
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
async (context, req, res) => {
const sessionStorage = factory.asScoped(req);
const sessionValue = await sessionStorage.get();
if (!sessionValue) {
sessionStorage.set(sessVal());
return res.ok();
}
return res.ok({ body: { value: sessionValue.value } });
}
return res.ok({ body: { value: sessionValue.value } });
});
);
const factory = await createCookieSessionStorageFactory(
logger.get(),
@ -193,11 +199,14 @@ describe('Cookie based SessionStorage', () => {
const { server: innerServer, createRouter } = await server.setup(setupDeps);
const router = createRouter('');
router.get({ path: '/', validate: false }, async (context, req, res) => {
const sessionStorage = factory.asScoped(req);
const sessionValue = await sessionStorage.get();
return res.ok({ body: { value: sessionValue } });
});
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
async (context, req, res) => {
const sessionStorage = factory.asScoped(req);
const sessionValue = await sessionStorage.get();
return res.ok({ body: { value: sessionValue } });
}
);
const factory = await createCookieSessionStorageFactory(
logger.get(),
@ -220,16 +229,19 @@ describe('Cookie based SessionStorage', () => {
const router = createRouter('');
let setOnce = false;
router.get({ path: '/', validate: false }, async (context, req, res) => {
const sessionStorage = factory.asScoped(req);
if (!setOnce) {
setOnce = true;
sessionStorage.set(sessVal());
return res.ok({ body: { value: userData } });
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
async (context, req, res) => {
const sessionStorage = factory.asScoped(req);
if (!setOnce) {
setOnce = true;
sessionStorage.set(sessVal());
return res.ok({ body: { value: userData } });
}
const sessionValue = await sessionStorage.get();
return res.ok({ body: { value: sessionValue } });
}
const sessionValue = await sessionStorage.get();
return res.ok({ body: { value: sessionValue } });
});
);
const factory = await createCookieSessionStorageFactory(
logger.get(),
@ -267,16 +279,19 @@ describe('Cookie based SessionStorage', () => {
const router = createRouter('');
let setOnce = false;
router.get({ path: '/', validate: false }, async (context, req, res) => {
const sessionStorage = factory.asScoped(req);
if (!setOnce) {
setOnce = true;
sessionStorage.set({ ...sessVal(), path: '/foo' });
return res.ok({ body: { value: userData } });
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
async (context, req, res) => {
const sessionStorage = factory.asScoped(req);
if (!setOnce) {
setOnce = true;
sessionStorage.set({ ...sessVal(), path: '/foo' });
return res.ok({ body: { value: userData } });
}
const sessionValue = await sessionStorage.get();
return res.ok({ body: { value: sessionValue } });
}
const sessionValue = await sessionStorage.get();
return res.ok({ body: { value: sessionValue } });
});
);
const factory = await createCookieSessionStorageFactory(
logger.get(),
@ -409,15 +424,18 @@ describe('Cookie based SessionStorage', () => {
const router = createRouter('');
router.get({ path: '/', validate: false }, async (context, req, res) => {
const sessionStorage = factory.asScoped(req);
if (await sessionStorage.get()) {
sessionStorage.clear();
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
async (context, req, res) => {
const sessionStorage = factory.asScoped(req);
if (await sessionStorage.get()) {
sessionStorage.clear();
return res.ok({});
}
sessionStorage.set(sessVal());
return res.ok({});
}
sessionStorage.set(sessVal());
return res.ok({});
});
);
const factory = await createCookieSessionStorageFactory(
logger.get(),
@ -471,15 +489,18 @@ describe('Cookie based SessionStorage', () => {
const { server: innerServer, createRouter } = await server.setup(setupDeps);
const router = createRouter('');
router.get({ path: '/', validate: false }, async (context, req, res) => {
const sessionStorage = factory.asScoped(req);
const sessionValue = await sessionStorage.get();
if (!sessionValue) {
sessionStorage.set(sessVal());
return res.ok();
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
async (context, req, res) => {
const sessionStorage = factory.asScoped(req);
const sessionValue = await sessionStorage.get();
if (!sessionValue) {
sessionStorage.set(sessVal());
return res.ok();
}
return res.ok({ body: { value: sessionValue.value } });
}
return res.ok({ body: { value: sessionValue.value } });
});
);
const factory = await createCookieSessionStorageFactory(
logger.get(),

113
src/core/server/integration_tests/http/core_services.test.ts
View file

@ -54,8 +54,13 @@ describe('http service', () => {
registerAuth((req, res, toolkit) => toolkit.authenticated());
const router = createRouter('');
router.get({ path: '/is-auth', validate: false }, (context, req, res) =>
res.ok({ body: { isAuthenticated: auth.isAuthenticated(req) } })
router.get(
{
path: '/is-auth',
validate: false,
security: { authz: { enabled: false, reason: '' } },
},
(context, req, res) => res.ok({ body: { isAuthenticated: auth.isAuthenticated(req) } })
);
await root.start();
@ -70,7 +75,12 @@ describe('http service', () => {
const router = createRouter('');
router.get(
{ path: '/is-auth', validate: false, options: { authRequired: false } },
{
path: '/is-auth',
validate: false,
security: { authz: { enabled: false, reason: '' } },
options: { authRequired: false },
},
(context, req, res) => res.ok({ body: { isAuthenticated: auth.isAuthenticated(req) } })
);
@ -84,7 +94,12 @@ describe('http service', () => {
const router = createRouter('');
router.get(
{ path: '/is-auth', validate: false, options: { authRequired: false } },
{
path: '/is-auth',
validate: false,
security: { authz: { enabled: false, reason: '' } },
options: { authRequired: false },
},
(context, req, res) => res.ok({ body: { isAuthenticated: auth.isAuthenticated(req) } })
);
@ -99,7 +114,12 @@ describe('http service', () => {
registerAuth((req, res, toolkit) => toolkit.authenticated());
const router = createRouter('');
router.get(
{ path: '/is-auth', validate: false, options: { authRequired: 'optional' } },
{
path: '/is-auth',
validate: false,
security: { authz: { enabled: false, reason: '' } },
options: { authRequired: 'optional' },
},
(context, req, res) => res.ok({ body: { isAuthenticated: auth.isAuthenticated(req) } })
);
@ -115,7 +135,12 @@ describe('http service', () => {
const router = createRouter('');
router.get(
{ path: '/is-auth', validate: false, options: { authRequired: 'optional' } },
{
path: '/is-auth',
validate: false,
security: { authz: { enabled: false, reason: '' } },
options: { authRequired: 'optional' },
},
(context, req, res) => res.ok({ body: { isAuthenticated: auth.isAuthenticated(req) } })
);
@ -136,8 +161,13 @@ describe('http service', () => {
});
const router = createRouter('');
router.get({ path: '/get-auth', validate: false }, (context, req, res) =>
res.ok({ body: auth.get<{ id: string }>(req) })
router.get(
{
path: '/get-auth',
validate: false,
security: { authz: { enabled: false, reason: '' } },
},
(context, req, res) => res.ok({ body: auth.get<{ id: string }>(req) })
);
await root.start();
@ -150,8 +180,13 @@ describe('http service', () => {
const { createRouter, auth } = http;
const router = createRouter('');
router.get({ path: '/get-auth', validate: false }, (context, req, res) =>
res.ok({ body: auth.get(req) })
router.get(
{
path: '/get-auth',
validate: false,
security: { authz: { enabled: false, reason: '' } },
},
(context, req, res) => res.ok({ body: auth.get(req) })
);
await root.start();
@ -166,7 +201,12 @@ describe('http service', () => {
registerAuth(authenticate);
const router = createRouter('');
router.get(
{ path: '/get-auth', validate: false, options: { authRequired: false } },
{
path: '/get-auth',
validate: false,
security: { authz: { enabled: false, reason: '' } },
options: { authRequired: false },
},
(context, req, res) => res.ok({ body: auth.get(req) })
);
@ -221,10 +261,13 @@ describe('http service', () => {
);
const router = createRouter('/new-platform');
router.get({ path: '/', validate: false }, async (context, req, res) => {
await elasticsearch.client.asScoped(req).asInternalUser.ping();
return res.ok();
});
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
async (context, req, res) => {
await elasticsearch.client.asScoped(req).asInternalUser.ping();
return res.ok();
}
);
const coreStart = await root.start();
elasticsearch = coreStart.elasticsearch;
@ -257,10 +300,13 @@ describe('http service', () => {
);
const router = createRouter('/new-platform');
router.get({ path: '/', validate: false }, async (context, req, res) => {
await elasticsearch.client.asScoped(req).asInternalUser.ping();
return res.ok();
});
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
async (context, req, res) => {
await elasticsearch.client.asScoped(req).asInternalUser.ping();
return res.ok();
}
);
const coreStart = await root.start();
elasticsearch = coreStart.elasticsearch;
@ -294,20 +340,23 @@ describe('http service', () => {
);
const router = createRouter('/new-platform');
router.get({ path: '/', validate: false }, async (context, req, res) => {
try {
const result = await elasticsearch.client
.asScoped(req)
.asInternalUser.ping({}, { meta: true });
return res.ok({
body: result,
});
} catch (e) {
return res.badRequest({
body: e,
});
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
async (context, req, res) => {
try {
const result = await elasticsearch.client
.asScoped(req)
.asInternalUser.ping({}, { meta: true });
return res.ok({
body: result,
});
} catch (e) {
return res.badRequest({
body: e,
});
}
}
});
);
const coreStart = await root.start();
elasticsearch = coreStart.elasticsearch;

75
src/core/server/integration_tests/http/http2_protocol.test.ts
View file

@ -85,26 +85,38 @@ describe('Http2 - Smoke tests', () => {
},
});
router.post({ path: '/', validate: false }, async (context, req, res) => {
return res.ok({
body: { protocol: req.protocol, httpVersion: req.httpVersion },
});
});
router.get({ path: '/', validate: false }, async (context, req, res) => {
return res.ok({
body: { protocol: req.protocol, httpVersion: req.httpVersion },
});
});
router.put({ path: '/', validate: false }, async (context, req, res) => {
return res.ok({
body: { protocol: req.protocol, httpVersion: req.httpVersion },
});
});
router.delete({ path: '/', validate: false }, async (context, req, res) => {
return res.ok({
body: { protocol: req.protocol, httpVersion: req.httpVersion },
});
});
router.post(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
async (context, req, res) => {
return res.ok({
body: { protocol: req.protocol, httpVersion: req.httpVersion },
});
}
);
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
async (context, req, res) => {
return res.ok({
body: { protocol: req.protocol, httpVersion: req.httpVersion },
});
}
);
router.put(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
async (context, req, res) => {
return res.ok({
body: { protocol: req.protocol, httpVersion: req.httpVersion },
});
}
);
router.delete(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
async (context, req, res) => {
return res.ok({
body: { protocol: req.protocol, httpVersion: req.httpVersion },
});
}
);
registerRouter(router);
@ -188,14 +200,21 @@ describe('Http2 - Smoke tests', () => {
},
});
router.get({ path: '/illegal_headers', validate: false }, async (context, req, res) => {
return res.ok({
headers: {
connection: 'close',
},
body: { protocol: req.protocol },
});
});
router.get(
{
path: '/illegal_headers',
validate: false,
security: { authz: { enabled: false, reason: '' } },
},
async (context, req, res) => {
return res.ok({
headers: {
connection: 'close',
},
body: { protocol: req.protocol },
});
}
);
registerRouter(router);

1
src/core/server/integration_tests/http/http_auth.test.ts
View file

@ -34,6 +34,7 @@ describe('http auth', () => {
router.get(
{
path: '/route',
security: { authz: { enabled: false, reason: '' } },
validate: false,
options: {
authRequired,

1
src/core/server/integration_tests/http/http_server.test.ts
View file

@ -73,6 +73,7 @@ describe('Http server', () => {
router.post(
{
path: '/',
security: { authz: { enabled: false, reason: '' } },
validate: false,
options: { body: { accepts: 'application/json' } },
},

463
src/core/server/integration_tests/http/lifecycle.test.ts
View file

@ -62,7 +62,10 @@ describe('OnPreRouting', () => {
} = await server.setup(setupDeps);
const router = createRouter('/');
router.get({ path: '/', validate: false }, (context, req, res) => res.ok({ body: 'ok' }));
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => res.ok({ body: 'ok' })
);
const callingOrder: string[] = [];
registerOnPreRouting((req, res, t) => {
@ -89,11 +92,17 @@ describe('OnPreRouting', () => {
} = await server.setup(setupDeps);
const router = createRouter('/');
router.get({ path: '/initial', validate: false }, (context, req, res) =>
res.ok({ body: 'initial' })
router.get(
{ path: '/initial', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => res.ok({ body: 'initial' })
);
router.get({ path: '/redirectUrl', validate: false }, (context, req, res) =>
res.ok({ body: 'redirected' })
router.get(
{
path: '/redirectUrl',
validate: false,
security: { authz: { enabled: false, reason: '' } },
},
(context, req, res) => res.ok({ body: 'redirected' })
);
let urlBeforeForwarding;
@ -125,15 +134,18 @@ describe('OnPreRouting', () => {
} = await server.setup(setupDeps);
const router = createRouter('/');
router.get({ path: '/login', validate: false }, (context, req, res) => {
return res.ok({
body: {
rewrittenUrl: req.rewrittenUrl
? `${req.rewrittenUrl.pathname}${req.rewrittenUrl.search}`
: undefined,
},
});
});
router.get(
{ path: '/login', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => {
return res.ok({
body: {
rewrittenUrl: req.rewrittenUrl
? `${req.rewrittenUrl.pathname}${req.rewrittenUrl.search}`
: undefined,
},
});
}
);
registerOnPreRouting((req, res, t) => t.rewriteUrl('/login'));
@ -152,15 +164,18 @@ describe('OnPreRouting', () => {
} = await server.setup(setupDeps);
const router = createRouter('/');
router.get({ path: '/reroute-2', validate: false }, (context, req, res) => {
return res.ok({
body: {
rewrittenUrl: req.rewrittenUrl
? `${req.rewrittenUrl.pathname}${req.rewrittenUrl.search}`
: undefined,
},
});
});
router.get(
{ path: '/reroute-2', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => {
return res.ok({
body: {
rewrittenUrl: req.rewrittenUrl
? `${req.rewrittenUrl.pathname}${req.rewrittenUrl.search}`
: undefined,
},
});
}
);
registerOnPreRouting((req, res, t) => t.rewriteUrl('/reroute-1'));
registerOnPreRouting((req, res, t) => t.rewriteUrl('/reroute-2'));
@ -180,15 +195,18 @@ describe('OnPreRouting', () => {
} = await server.setup(setupDeps);
const router = createRouter('/');
router.get({ path: '/login', validate: false }, (context, req, res) => {
return res.ok({
body: {
rewrittenUrl: req.rewrittenUrl
? `${req.rewrittenUrl.pathname}${req.rewrittenUrl.search}`
: undefined,
},
});
});
router.get(
{ path: '/login', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => {
return res.ok({
body: {
rewrittenUrl: req.rewrittenUrl
? `${req.rewrittenUrl.pathname}${req.rewrittenUrl.search}`
: undefined,
},
});
}
);
registerOnPreRouting((req, res, t) => t.next());
@ -206,7 +224,10 @@ describe('OnPreRouting', () => {
const router = createRouter('/');
const redirectUrl = '/redirectUrl';
router.get({ path: '/initial', validate: false }, (context, req, res) => res.ok());
router.get(
{ path: '/initial', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => res.ok()
);
registerOnPreRouting((req, res, t) =>
res.redirected({
@ -230,7 +251,10 @@ describe('OnPreRouting', () => {
} = await server.setup(setupDeps);
const router = createRouter('/');
router.get({ path: '/', validate: false }, (context, req, res) => res.ok());
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => res.ok()
);
registerOnPreRouting((req, res, t) =>
res.unauthorized({
@ -254,7 +278,10 @@ describe('OnPreRouting', () => {
} = await server.setup(setupDeps);
const router = createRouter('/');
router.get({ path: '/', validate: false }, (context, req, res) => res.ok());
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => res.ok()
);
registerOnPreRouting((req, res, t) => {
throw new Error('reason');
@ -283,7 +310,10 @@ describe('OnPreRouting', () => {
} = await server.setup(setupDeps);
const router = createRouter('/');
router.get({ path: '/', validate: false }, (context, req, res) => res.ok());
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => res.ok()
);
registerOnPreRouting((req, res, t) => ({} as any));
await server.start();
@ -322,9 +352,11 @@ describe('OnPreRouting', () => {
}
return t.next();
});
router.get({ path: '/', validate: false }, (context, req, res) =>
// don't complain customField is not defined on Request type
res.ok({ body: { customField: String((req as any).customField) } })
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) =>
// don't complain customField is not defined on Request type
res.ok({ body: { customField: String((req as any).customField) } })
);
await server.start();
@ -338,7 +370,10 @@ describe('OnPreAuth', () => {
const { registerOnPreAuth, server: innerServer, createRouter } = await server.setup(setupDeps);
const router = createRouter('/');
router.get({ path: '/', validate: false }, (context, req, res) => res.ok({ body: 'ok' }));
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => res.ok({ body: 'ok' })
);
const callingOrder: string[] = [];
registerOnPreAuth((req, res, t) => {
@ -362,7 +397,10 @@ describe('OnPreAuth', () => {
const router = createRouter('/');
const redirectUrl = '/redirectUrl';
router.get({ path: '/initial', validate: false }, (context, req, res) => res.ok());
router.get(
{ path: '/initial', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => res.ok()
);
registerOnPreAuth((req, res, t) =>
res.redirected({
@ -382,7 +420,10 @@ describe('OnPreAuth', () => {
const { registerOnPreAuth, server: innerServer, createRouter } = await server.setup(setupDeps);
const router = createRouter('/');
router.get({ path: '/', validate: false }, (context, req, res) => res.ok());
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => res.ok()
);
registerOnPreAuth((req, res, t) =>
res.unauthorized({
@ -402,7 +443,10 @@ describe('OnPreAuth', () => {
const { registerOnPreAuth, server: innerServer, createRouter } = await server.setup(setupDeps);
const router = createRouter('/');
router.get({ path: '/', validate: false }, (context, req, res) => res.ok());
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => res.ok()
);
registerOnPreAuth((req, res, t) => {
throw new Error('reason');
@ -427,7 +471,10 @@ describe('OnPreAuth', () => {
const { registerOnPreAuth, server: innerServer, createRouter } = await server.setup(setupDeps);
const router = createRouter('/');
router.get({ path: '/', validate: false }, (context, req, res) => res.ok());
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => res.ok()
);
registerOnPreAuth((req, res, t) => ({} as any));
await server.start();
@ -462,9 +509,11 @@ describe('OnPreAuth', () => {
}
return t.next();
});
router.get({ path: '/', validate: false }, (context, req, res) =>
// @ts-expect-error customField property is not defined on request object
res.ok({ body: { customField: String(req.customField) } })
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) =>
// @ts-expect-error customField property is not defined on request object
res.ok({ body: { customField: String(req.customField) } })
);
await server.start();
@ -484,6 +533,7 @@ describe('OnPreAuth', () => {
router.post(
{
path: '/',
security: { authz: { enabled: false, reason: '' } },
validate: {
body: schema.object({
term: schema.string(),
@ -511,7 +561,10 @@ describe('OnPostAuth', () => {
const { registerOnPostAuth, server: innerServer, createRouter } = await server.setup(setupDeps);
const router = createRouter('/');
router.get({ path: '/', validate: false }, (context, req, res) => res.ok({ body: 'ok' }));
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => res.ok({ body: 'ok' })
);
const callingOrder: string[] = [];
registerOnPostAuth((req, res, t) => {
@ -535,7 +588,10 @@ describe('OnPostAuth', () => {
const router = createRouter('/');
const redirectUrl = '/redirectUrl';
router.get({ path: '/initial', validate: false }, (context, req, res) => res.ok());
router.get(
{ path: '/initial', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => res.ok()
);
registerOnPostAuth((req, res, t) =>
res.redirected({
@ -555,7 +611,10 @@ describe('OnPostAuth', () => {
const { registerOnPostAuth, server: innerServer, createRouter } = await server.setup(setupDeps);
const router = createRouter('/');
router.get({ path: '/', validate: false }, (context, req, res) => res.ok(undefined));
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => res.ok(undefined)
);
registerOnPostAuth((req, res, t) =>
res.unauthorized({
headers: {
@ -574,7 +633,10 @@ describe('OnPostAuth', () => {
const { registerOnPostAuth, server: innerServer, createRouter } = await server.setup(setupDeps);
const router = createRouter('/');
router.get({ path: '/', validate: false }, (context, req, res) => res.ok(undefined));
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => res.ok(undefined)
);
registerOnPostAuth((req, res, t) => {
throw new Error('reason');
});
@ -598,7 +660,10 @@ describe('OnPostAuth', () => {
const { registerOnPostAuth, server: innerServer, createRouter } = await server.setup(setupDeps);
const router = createRouter('/');
router.get({ path: '/', validate: false }, (context, req, res) => res.ok());
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => res.ok()
);
registerOnPostAuth((req, res, t) => ({} as any));
await server.start();
@ -633,9 +698,11 @@ describe('OnPostAuth', () => {
return t.next();
});
router.get({ path: '/', validate: false }, (context, req, res) =>
// don't complain customField is not defined on Request type
res.ok({ body: { customField: String((req as any).customField) } })
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) =>
// don't complain customField is not defined on Request type
res.ok({ body: { customField: String((req as any).customField) } })
);
await server.start();
@ -655,6 +722,7 @@ describe('OnPostAuth', () => {
router.post(
{
path: '/',
security: { authz: { enabled: false, reason: '' } },
validate: {
body: schema.object({
term: schema.string(),
@ -697,8 +765,9 @@ describe('Auth', () => {
const { registerAuth, server: innerServer, createRouter } = await server.setup(setupDeps);
const router = createRouter('/');
router.get({ path: '/', validate: false }, (context, req, res) =>
res.ok({ body: { content: 'ok' } })
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => res.ok({ body: { content: 'ok' } })
);
registerAuth((req, res, t) => t.authenticated());
await server.start();
@ -710,8 +779,9 @@ describe('Auth', () => {
const { registerAuth, server: innerServer, createRouter } = await server.setup(setupDeps);
const router = createRouter('/');
router.get({ path: '/', validate: false }, (context, req, res) =>
res.ok({ body: { content: 'ok' } })
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => res.ok({ body: { content: 'ok' } })
);
registerAuth((req, res, t) => t.notHandled());
await server.start();
@ -725,8 +795,9 @@ describe('Auth', () => {
const { registerAuth, server: innerServer, createRouter } = await server.setup(setupDeps);
const router = createRouter('/');
router.get({ path: '/', validate: false }, (context, req, res) =>
res.ok({ body: { authRequired: req.route.options.authRequired } })
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => res.ok({ body: { authRequired: req.route.options.authRequired } })
);
const authenticate = jest.fn().mockImplementation((req, res, t) => t.authenticated());
registerAuth(authenticate);
@ -742,7 +813,12 @@ describe('Auth', () => {
const router = createRouter('/');
router.get(
{ path: '/', validate: false, options: { authRequired: false } },
{
path: '/',
validate: false,
security: { authz: { enabled: false, reason: '' } },
options: { authRequired: false },
},
(context, req, res) => res.ok({ body: { authRequired: req.route.options.authRequired } })
);
@ -760,7 +836,12 @@ describe('Auth', () => {
const router = createRouter('/');
router.get(
{ path: '/', validate: false, options: { authRequired: true } },
{
path: '/',
validate: false,
security: { authz: { enabled: false, reason: '' } },
options: { authRequired: true },
},
(context, req, res) => res.ok({ body: { authRequired: req.route.options.authRequired } })
);
@ -777,7 +858,10 @@ describe('Auth', () => {
const { registerAuth, server: innerServer, createRouter } = await server.setup(setupDeps);
const router = createRouter('/');
router.get({ path: '/', validate: false }, (context, req, res) => res.ok());
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => res.ok()
);
registerAuth((req, res) => res.unauthorized());
await server.start();
@ -788,7 +872,10 @@ describe('Auth', () => {
const { registerAuth, server: innerServer, createRouter } = await server.setup(setupDeps);
const router = createRouter('/');
router.get({ path: '/', validate: false }, (context, req, res) => res.ok());
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => res.ok()
);
const redirectTo = '/redirect-url';
registerAuth((req, res, t) =>
t.redirected({
@ -805,7 +892,10 @@ describe('Auth', () => {
const { registerAuth, server: innerServer, createRouter } = await server.setup(setupDeps);
const router = createRouter('/');
router.get({ path: '/', validate: false }, (context, req, res) => res.ok());
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => res.ok()
);
registerAuth((req, res, t) => t.redirected({} as any));
await server.start();
@ -816,7 +906,10 @@ describe('Auth', () => {
const { registerAuth, server: innerServer, createRouter } = await server.setup(setupDeps);
const router = createRouter('/');
router.get({ path: '/', validate: false }, (context, req, res) => res.ok());
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => res.ok()
);
registerAuth((req, t) => {
throw new Error('reason');
});
@ -845,7 +938,10 @@ describe('Auth', () => {
} = await server.setup(setupDeps);
const router = createRouter('/');
router.get({ path: '/', validate: false }, (context, req, res) => res.ok());
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => res.ok()
);
const sessionStorageFactory = await createCookieSessionStorageFactory<StorageData>(
cookieOptions
@ -895,12 +991,22 @@ describe('Auth', () => {
return toolkit.authenticated();
});
router.get({ path: '/', validate: false }, (context, req, res) => res.ok());
router.get({ path: '/with-cookie', validate: false }, (context, req, res) => {
const sessionStorage = sessionStorageFactory.asScoped(req);
sessionStorage.clear();
return res.ok();
});
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => res.ok()
);
router.get(
{
path: '/with-cookie',
validate: false,
security: { authz: { enabled: false, reason: '' } },
},
(context, req, res) => {
const sessionStorage = sessionStorageFactory.asScoped(req);
sessionStorage.clear();
return res.ok();
}
);
await server.start();
const responseToSetCookie = await supertest(innerServer.listener).get('/').expect(200);
@ -946,10 +1052,13 @@ describe('Auth', () => {
let fromRouteHandler;
router.get({ path: '/', validate: false }, (context, req, res) => {
fromRouteHandler = req.headers.authorization;
return res.ok();
});
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => {
fromRouteHandler = req.headers.authorization;
return res.ok();
}
);
await server.start();
const token = 'Basic: user:password';
@ -972,7 +1081,10 @@ describe('Auth', () => {
return toolkit.authenticated({ responseHeaders: authResponseHeader });
});
router.get({ path: '/', validate: false }, (context, req, res) => res.ok());
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => res.ok()
);
await server.start();
const response = await supertest(innerServer.listener).get('/').expect(200);
@ -991,7 +1103,10 @@ describe('Auth', () => {
return toolkit.authenticated({ responseHeaders: authResponseHeader });
});
router.get({ path: '/', validate: false }, (context, req, res) => res.badRequest());
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => res.badRequest()
);
await server.start();
const response = await supertest(innerServer.listener).get('/').expect(400);
@ -1011,13 +1126,15 @@ describe('Auth', () => {
return toolkit.authenticated({ responseHeaders: authResponseHeader });
});
router.get({ path: '/', validate: false }, (context, req, res) =>
res.ok({
headers: {
'www-authenticate': 'from handler',
'another-header': 'yet another header',
},
})
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) =>
res.ok({
headers: {
'www-authenticate': 'from handler',
'another-header': 'yet another header',
},
})
);
await server.start();
@ -1043,12 +1160,14 @@ describe('Auth', () => {
return toolkit.authenticated({ responseHeaders: authResponseHeader });
});
router.get({ path: '/', validate: false }, (context, req, res) =>
res.badRequest({
headers: {
'www-authenticate': 'from handler',
},
})
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) =>
res.badRequest({
headers: {
'www-authenticate': 'from handler',
},
})
);
await server.start();
@ -1072,7 +1191,10 @@ describe('Auth', () => {
const router = createRouter('/');
const redirectUrl = '/redirectUrl';
router.get({ path: '/initial', validate: false }, (context, req, res) => res.ok());
router.get(
{ path: '/initial', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => res.ok()
);
registerOnPostAuth((req, res, t) =>
res.redirected({
headers: {
@ -1091,7 +1213,10 @@ describe('Auth', () => {
const { registerOnPostAuth, server: innerServer, createRouter } = await server.setup(setupDeps);
const router = createRouter('/');
router.get({ path: '/', validate: false }, (context, req, res) => res.ok(undefined));
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => res.ok(undefined)
);
registerOnPostAuth((req, res, t) =>
res.unauthorized({
@ -1111,7 +1236,10 @@ describe('Auth', () => {
const { registerOnPostAuth, server: innerServer, createRouter } = await server.setup(setupDeps);
const router = createRouter('/');
router.get({ path: '/', validate: false }, (context, req, res) => res.ok(undefined));
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => res.ok(undefined)
);
registerOnPostAuth((req, res, t) => {
throw new Error('reason');
});
@ -1135,7 +1263,10 @@ describe('Auth', () => {
const { registerOnPostAuth, server: innerServer, createRouter } = await server.setup(setupDeps);
const router = createRouter('/');
router.get({ path: '/', validate: false }, (context, req, res) => res.ok());
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => res.ok()
);
registerOnPostAuth((req, res, t) => ({} as any));
await server.start();
@ -1169,9 +1300,11 @@ describe('Auth', () => {
}
return t.next();
});
router.get({ path: '/', validate: false }, (context, req, res) =>
// don't complain customField is not defined on Request type
res.ok({ body: { customField: String((req as any).customField) } })
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) =>
// don't complain customField is not defined on Request type
res.ok({ body: { customField: String((req as any).customField) } })
);
await server.start();
@ -1191,6 +1324,7 @@ describe('Auth', () => {
router.post(
{
path: '/',
security: { authz: { enabled: false, reason: '' } },
validate: {
body: schema.object({
term: schema.string(),
@ -1222,7 +1356,10 @@ describe('OnPreResponse', () => {
} = await server.setup(setupDeps);
const router = createRouter('/');
router.get({ path: '/', validate: false }, (context, req, res) => res.ok({ body: 'ok' }));
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => res.ok({ body: 'ok' })
);
const callingOrder: string[] = [];
registerOnPreResponse((req, res, t) => {
@ -1249,12 +1386,14 @@ describe('OnPreResponse', () => {
} = await server.setup(setupDeps);
const router = createRouter('/');
router.get({ path: '/', validate: false }, (context, req, res) =>
res.ok({
headers: {
'x-my-header': 'foo',
},
})
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) =>
res.ok({
headers: {
'x-my-header': 'foo',
},
})
);
registerOnPreResponse((req, res, t) =>
@ -1280,10 +1419,12 @@ describe('OnPreResponse', () => {
} = await server.setup(setupDeps);
const router = createRouter('/');
router.get({ path: '/', validate: false }, (context, req, res) =>
res.ok({
headers: { 'x-kibana-header': 'value' },
})
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) =>
res.ok({
headers: { 'x-kibana-header': 'value' },
})
);
registerOnPreResponse((req, res, t) =>
t.next({
@ -1309,7 +1450,10 @@ describe('OnPreResponse', () => {
} = await server.setup(setupDeps);
const router = createRouter('/');
router.get({ path: '/', validate: false }, (context, req, res) => res.ok(undefined));
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => res.ok(undefined)
);
registerOnPreResponse((req, res, t) => {
throw new Error('reason');
});
@ -1337,7 +1481,10 @@ describe('OnPreResponse', () => {
} = await server.setup(setupDeps);
const router = createRouter('/');
router.get({ path: '/', validate: false }, (context, req, res) => res.ok());
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => res.ok()
);
registerOnPreResponse((req, res, t) => ({} as any));
await server.start();
@ -1368,7 +1515,10 @@ describe('OnPreResponse', () => {
return t.next();
});
router.get({ path: '/', validate: false }, (context, req, res) => res.ok({ body: 'ok' }));
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => res.ok({ body: 'ok' })
);
await server.start();
@ -1391,6 +1541,7 @@ describe('OnPreResponse', () => {
router.post(
{
path: '/',
security: { authz: { enabled: false, reason: '' } },
validate: {
body: schema.object({
term: schema.string(),
@ -1420,14 +1571,17 @@ describe('OnPreResponse', () => {
} = await server.setup(setupDeps);
const router = createRouter('/');
router.get({ path: '/', validate: false }, (context, req, res) => {
return res.ok({
headers: {
'Original-Header-A': 'A',
},
body: 'original',
});
});
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => {
return res.ok({
headers: {
'Original-Header-A': 'A',
},
body: 'original',
});
}
);
registerOnPreResponse((req, res, t) => {
return t.render({ body: 'overridden' });
@ -1448,15 +1602,18 @@ describe('OnPreResponse', () => {
} = await server.setup(setupDeps);
const router = createRouter('/');
router.get({ path: '/', validate: false }, (context, req, res) => {
return res.ok({
headers: {
'Original-Header-A': 'A',
'Original-Header-B': 'B',
},
body: 'original',
});
});
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => {
return res.ok({
headers: {
'Original-Header-A': 'A',
'Original-Header-B': 'B',
},
body: 'original',
});
}
);
registerOnPreResponse((req, res, t) => {
return t.render({
@ -1483,15 +1640,17 @@ describe('runs with default preResponse handlers', () => {
const { server: innerServer, createRouter } = await server.setup(setupDeps);
const router = createRouter('/');
router.get({ path: '/', validate: false }, (context, req, res) =>
res.ok({
headers: {
foo: 'bar',
'kbn-name': 'hijacked!',
'Content-Security-Policy': 'hijacked!',
'Content-Security-Policy-Report-Only': 'hijacked!',
},
})
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) =>
res.ok({
headers: {
foo: 'bar',
'kbn-name': 'hijacked!',
'Content-Security-Policy': 'hijacked!',
'Content-Security-Policy-Report-Only': 'hijacked!',
},
})
);
await server.start();
@ -1520,6 +1679,7 @@ describe('runs with default preResponse deprecation handlers', () => {
{
path: '/deprecated',
validate: false,
security: { authz: { enabled: false, reason: '' } },
options: {
deprecated: {
documentationUrl: 'https://fake-url.com',
@ -1547,6 +1707,7 @@ describe('runs with default preResponse deprecation handlers', () => {
{
path: '/test',
validate: false,
security: { authz: { enabled: false, reason: '' } },
},
(context, req, res) => res.ok({})
);
@ -1567,6 +1728,7 @@ describe('runs with default preResponse deprecation handlers', () => {
{
path: '/deprecated',
validate: false,
security: { authz: { enabled: false, reason: '' } },
options: {
deprecated: {
documentationUrl: 'https://fake-url.com',
@ -1593,11 +1755,13 @@ describe('runs with default preResponse deprecation handlers', () => {
.get({
access: 'internal',
path: '/test',
security: { authz: { enabled: false, reason: '' } },
})
.addVersion(
{
version: '1',
validate: false,
security: { authz: { enabled: false, reason: '' } },
options: {
deprecated: {
documentationUrl: 'https://fake-url.com',
@ -1615,6 +1779,7 @@ describe('runs with default preResponse deprecation handlers', () => {
{
version: '2',
validate: false,
security: { authz: { enabled: false, reason: '' } },
},
async (ctx, req, res) => {
return res.ok({ body: { v: '2' } });
@ -1649,11 +1814,13 @@ describe('runs with default preResponse deprecation handlers', () => {
.get({
access: 'internal',
path: '/test',
security: { authz: { enabled: false, reason: '' } },
})
.addVersion(
{
version: '1',
validate: false,
security: { authz: { enabled: false, reason: '' } },
options: {
deprecated: {
documentationUrl: 'https://fake-url.com',
@ -1671,6 +1838,7 @@ describe('runs with default preResponse deprecation handlers', () => {
{
version: '2',
validate: false,
security: { authz: { enabled: false, reason: '' } },
},
async (ctx, req, res) => {
return res.ok({ body: { v: '2' } });
@ -1733,7 +1901,10 @@ describe('run interceptors in the right order', () => {
return t.next();
});
router.get({ path: '/', validate: false }, (context, req, res) => res.ok({ body: 'ok' }));
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => res.ok({ body: 'ok' })
);
await server.start();
@ -1777,7 +1948,10 @@ describe('run interceptors in the right order', () => {
return t.next();
});
router.get({ path: '/', validate: false }, (context, req, res) => res.ok({ body: 'ok' }));
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => res.ok({ body: 'ok' })
);
await server.start();
@ -1820,7 +1994,10 @@ describe('run interceptors in the right order', () => {
return t.next();
});
router.get({ path: '/', validate: false }, (context, req, res) => res.ok({ body: 'ok' }));
router.get(
{ path: '/', validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => res.ok({ body: 'ok' })
);
await server.start();

89
src/core/server/integration_tests/http/lifecycle_handlers.test.ts
View file

@ -78,9 +78,12 @@ describe('core lifecycle handlers', () => {
const testRoute = '/version_check/test/route';
beforeEach(async () => {
router.get({ path: testRoute, validate: false }, (context, req, res) => {
return res.ok({ body: 'ok' });
});
router.get(
{ path: testRoute, validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => {
return res.ok({ body: 'ok' });
}
);
await server.start();
});
@ -123,12 +126,22 @@ describe('core lifecycle handlers', () => {
};
beforeEach(async () => {
router.get({ path: testRoute, validate: false }, (context, req, res) => {
return res.ok({ body: 'ok' });
});
router.get({ path: testErrorRoute, validate: false }, (context, req, res) => {
return res.badRequest({ body: 'bad request' });
});
router.get(
{ path: testRoute, validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => {
return res.ok({ body: 'ok' });
}
);
router.get(
{
path: testErrorRoute,
validate: false,
security: { authz: { enabled: false, reason: '' } },
},
(context, req, res) => {
return res.badRequest({ body: 'bad request' });
}
);
await server.start();
});
@ -155,25 +168,37 @@ describe('core lifecycle handlers', () => {
};
beforeEach(async () => {
router.get({ path: testPath, validate: false }, (context, req, res) => {
return res.ok({ body: 'ok' });
});
router.get(
{ path: testPath, validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => {
return res.ok({ body: 'ok' });
}
);
destructiveMethods.forEach((method) => {
((router as any)[method.toLowerCase()] as RouteRegistrar<any, any>)<any, any, any>(
{ path: testPath, validate: false },
{ path: testPath, validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => {
return res.ok({ body: 'ok' });
}
);
((router as any)[method.toLowerCase()] as RouteRegistrar<any, any>)<any, any, any>(
{ path: allowlistedTestPath, validate: false },
{
path: allowlistedTestPath,
validate: false,
security: { authz: { enabled: false, reason: '' } },
},
(context, req, res) => {
return res.ok({ body: 'ok' });
}
);
((router as any)[method.toLowerCase()] as RouteRegistrar<any, any>)<any, any, any>(
{ path: xsrfDisabledTestPath, validate: false, options: { xsrfRequired: false } },
{
path: xsrfDisabledTestPath,
validate: false,
security: { authz: { enabled: false, reason: '' } },
options: { xsrfRequired: false },
},
(context, req, res) => {
return res.ok({ body: 'ok' });
}
@ -253,6 +278,7 @@ describe('core lifecycle handlers', () => {
router.get(
{
path: testInternalRoute,
security: { authz: { enabled: false, reason: '' } },
validate: { query: schema.object({ myValue: schema.string() }) },
options: { access: 'internal' },
},
@ -263,6 +289,7 @@ describe('core lifecycle handlers', () => {
router.get(
{
path: testPublicRoute,
security: { authz: { enabled: false, reason: '' } },
validate: { query: schema.object({ myValue: schema.string() }) },
options: { access: 'public' },
},
@ -338,13 +365,23 @@ describe('core lifecycle handlers with restrict internal routes enforced', () =>
const testPublicRoute = '/restrict_internal_routes/test/route_public';
beforeEach(async () => {
router.get(
{ path: testInternalRoute, validate: false, options: { access: 'internal' } },
{
path: testInternalRoute,
validate: false,
security: { authz: { enabled: false, reason: '' } },
options: { access: 'internal' },
},
(context, req, res) => {
return res.ok({ body: 'ok()' });
}
);
router.get(
{ path: testPublicRoute, validate: false, options: { access: 'public' } },
{
path: testPublicRoute,
validate: false,
security: { authz: { enabled: false, reason: '' } },
options: { access: 'public' },
},
(context, req, res) => {
return res.ok({ body: 'ok()' });
}
@ -394,12 +431,18 @@ describe('core lifecycle handlers with no strict client version check', () => {
await server.preboot({ context: contextServiceMock.createPrebootContract() });
const serverSetup = await server.setup(setupDeps);
router = serverSetup.createRouter('/');
router.get({ path: testRouteGood, validate: false }, (context, req, res) => {
return res.ok({ body: 'ok' });
});
router.get({ path: testRouteBad, validate: false }, (context, req, res) => {
return res.custom({ body: 'nok', statusCode: 500 });
});
router.get(
{ path: testRouteGood, validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => {
return res.ok({ body: 'ok' });
}
);
router.get(
{ path: testRouteBad, validate: false, security: { authz: { enabled: false, reason: '' } } },
(context, req, res) => {
return res.custom({ body: 'nok', statusCode: 500 });
}
);
innerServer = serverSetup.server;
await server.start();
});

125
src/core/server/integration_tests/http/logging.test.ts
View file

@ -54,12 +54,15 @@ describe('request logging', () => {
await root.preboot();
const { http } = await root.setup();
http
.createRouter('/')
.get(
{ path: '/ping', validate: false, options: { authRequired: 'optional' } },
(context, req, res) => res.ok({ body: 'pong' })
);
http.createRouter('/').get(
{
path: '/ping',
security: { authz: { enabled: false, reason: '' } },
validate: false,
options: { authRequired: 'optional' },
},
(context, req, res) => res.ok({ body: 'pong' })
);
await root.start();
await request.get(root, '/ping').expect(200, 'pong');
@ -95,12 +98,15 @@ describe('request logging', () => {
await root.preboot();
const { http } = await root.setup();
http
.createRouter('/')
.get(
{ path: '/ping', validate: false, options: { authRequired: 'optional' } },
(context, req, res) => res.ok({ body: 'pong' })
);
http.createRouter('/').get(
{
path: '/ping',
security: { authz: { enabled: false, reason: '' } },
validate: false,
options: { authRequired: 'optional' },
},
(context, req, res) => res.ok({ body: 'pong' })
);
await root.start();
await request.get(root, '/ping').expect(200, 'pong');
@ -151,12 +157,15 @@ describe('request logging', () => {
await root.preboot();
const { http } = await root.setup();
http
.createRouter('/')
.get(
{ path: '/ping', validate: false, options: { authRequired: 'optional' } },
(context, req, res) => res.ok({ body: 'pong' })
);
http.createRouter('/').get(
{
path: '/ping',
security: { authz: { enabled: false, reason: '' } },
validate: false,
options: { authRequired: 'optional' },
},
(context, req, res) => res.ok({ body: 'pong' })
);
await root.start();
await request.get(root, '/ping').expect(200, 'pong');
@ -177,6 +186,7 @@ describe('request logging', () => {
http.createRouter('/').post(
{
path: '/ping',
security: { authz: { enabled: false, reason: '' } },
validate: {
body: schema.object({ message: schema.string() }),
},
@ -206,12 +216,15 @@ describe('request logging', () => {
await root.preboot();
const { http } = await root.setup();
http
.createRouter('/')
.get(
{ path: '/a', validate: false, options: { authRequired: 'optional' } },
(context, req, res) => res.ok({ body: 'pong' })
);
http.createRouter('/').get(
{
path: '/a',
security: { authz: { enabled: false, reason: '' } },
validate: false,
options: { authRequired: 'optional' },
},
(context, req, res) => res.ok({ body: 'pong' })
);
await root.start();
await request.get(root, '/b').expect(404);
@ -227,12 +240,15 @@ describe('request logging', () => {
await root.preboot();
const { http } = await root.setup();
http
.createRouter('/')
.get(
{ path: '/ping', validate: false, options: { authRequired: 'optional' } },
(context, req, res) => res.ok({ body: 'pong' })
);
http.createRouter('/').get(
{
path: '/ping',
security: { authz: { enabled: false, reason: '' } },
validate: false,
options: { authRequired: 'optional' },
},
(context, req, res) => res.ok({ body: 'pong' })
);
await root.start();
await request.get(root, '/ping').query({ hey: 'ya' }).expect(200, 'pong');
@ -246,12 +262,15 @@ describe('request logging', () => {
await root.preboot();
const { http } = await root.setup();
http
.createRouter('/')
.get(
{ path: '/ping', validate: false, options: { authRequired: 'optional' } },
(context, req, res) => res.ok({ body: 'pong' })
);
http.createRouter('/').get(
{
path: '/ping',
security: { authz: { enabled: false, reason: '' } },
validate: false,
options: { authRequired: 'optional' },
},
(context, req, res) => res.ok({ body: 'pong' })
);
await root.start();
const response = await request.get(root, '/ping').expect(200, 'pong');
@ -265,12 +284,15 @@ describe('request logging', () => {
await root.preboot();
const { http } = await root.setup();
http
.createRouter('/')
.get(
{ path: '/ping', validate: false, options: { authRequired: 'optional' } },
(context, req, res) => res.ok({ headers: { bar: 'world' }, body: 'pong' })
);
http.createRouter('/').get(
{
path: '/ping',
security: { authz: { enabled: false, reason: '' } },
validate: false,
options: { authRequired: 'optional' },
},
(context, req, res) => res.ok({ headers: { bar: 'world' }, body: 'pong' })
);
await root.start();
await request.get(root, '/ping').set('foo', 'hello').expect(200);
@ -287,6 +309,7 @@ describe('request logging', () => {
http.createRouter('/').post(
{
path: '/ping',
security: { authz: { enabled: false, reason: '' } },
validate: {
body: schema.object({ message: schema.string() }),
},
@ -356,6 +379,7 @@ describe('request logging', () => {
http.createRouter('/').post(
{
path: '/ping',
security: { authz: { enabled: false, reason: '' } },
validate: {
body: schema.object({ message: schema.string() }),
},
@ -389,6 +413,7 @@ describe('request logging', () => {
http.createRouter('/').post(
{
path: '/ping',
security: { authz: { enabled: false, reason: '' } },
validate: {
body: schema.object({ message: schema.string() }),
},
@ -456,6 +481,7 @@ describe('request logging', () => {
http.createRouter('/').post(
{
path: '/ping',
security: { authz: { enabled: false, reason: '' } },
validate: {
body: schema.object({ message: schema.string() }),
},
@ -487,12 +513,15 @@ describe('request logging', () => {
await root.preboot();
const { http } = await root.setup();
http
.createRouter('/')
.get(
{ path: '/ping', validate: false, options: { authRequired: 'optional' } },
(context, req, res) => res.ok({ body: 'pong' })
);
http.createRouter('/').get(
{
path: '/ping',
security: { authz: { enabled: false, reason: '' } },
validate: false,
options: { authRequired: 'optional' },
},
(context, req, res) => res.ok({ body: 'pong' })
);
await root.start();
await request.get(root, '/ping').set('user-agent', 'world').expect(200);

61
src/core/server/integration_tests/http/oas.test.ts
View file

@ -195,20 +195,36 @@ it.each([
createRoutes: (getRouter) => {
const router1 = getRouter(Symbol('myPlugin'));
router1.get(
{ path: '/api/public-test', validate: false, options: { access: 'public' } },
{
path: '/api/public-test',
security: { authz: { enabled: false, reason: '' } },
validate: false,
options: { access: 'public' },
},
(_, __, res) => res.ok()
);
router1.post(
{ path: '/api/public-test', validate: false, options: { access: 'public' } },
{
path: '/api/public-test',
security: { authz: { enabled: false, reason: '' } },
validate: false,
options: { access: 'public' },
},
(_, __, res) => res.ok()
);
router1.get(
{ path: '/api/public-test/{id}', validate: false, options: { access: 'public' } },
{
path: '/api/public-test/{id}',
security: { authz: { enabled: false, reason: '' } },
validate: false,
options: { access: 'public' },
},
(_, __, res) => res.ok()
);
router1.get(
{
path: '/api/internal-test',
security: { authz: { enabled: false, reason: '' } },
validate: false,
options: {
/* empty */
@ -218,11 +234,19 @@ it.each([
);
router1.versioned
.get({ path: '/api/versioned', access: 'public' })
.get({
path: '/api/versioned',
security: { authz: { enabled: false, reason: '' } },
access: 'public',
})
.addVersion({ version: '2023-10-31', validate: false }, (_, __, res) => res.ok());
router1.versioned
.get({ path: '/api/versioned-internal', access: 'internal' })
.get({
path: '/api/versioned-internal',
security: { authz: { enabled: false, reason: '' } },
access: 'internal',
})
.addVersion(
{
version: '1',
@ -239,9 +263,30 @@ it.each([
);
const router2 = getRouter(Symbol('myOtherPlugin'));
router2.get({ path: '/api/my-other-plugin', validate: false }, (_, __, res) => res.ok());
router2.post({ path: '/api/my-other-plugin', validate: false }, (_, __, res) => res.ok());
router2.put({ path: '/api/my-other-plugin', validate: false }, (_, __, res) => res.ok());
router2.get(
{
path: '/api/my-other-plugin',
security: { authz: { enabled: false, reason: '' } },
validate: false,
},
(_, __, res) => res.ok()
);
router2.post(
{
path: '/api/my-other-plugin',
security: { authz: { enabled: false, reason: '' } },
validate: false,
},
(_, __, res) => res.ok()
);
router2.put(
{
path: '/api/my-other-plugin',
security: { authz: { enabled: false, reason: '' } },
validate: false,
},
(_, __, res) => res.ok()
);
},
});
const result = await supertest(server.listener).get('/api/oas').query(queryParam);

90
src/core/server/integration_tests/http/preboot.test.ts
View file

@ -36,11 +36,21 @@ describe('Preboot HTTP server', () => {
it('accepts requests before `setup`', async () => {
const { server: innerPrebootServer, registerRoutes } = await server.preboot(prebootDeps);
registerRoutes('', (router) => {
router.get({ path: '/preboot-get', validate: false }, (context, req, res) =>
res.ok({ body: 'hello-get' })
router.get(
{
path: '/preboot-get',
security: { authz: { enabled: false, reason: '' } },
validate: false,
},
(context, req, res) => res.ok({ body: 'hello-get' })
);
router.post({ path: '/preboot-post', validate: false }, (context, req, res) =>
res.ok({ body: 'hello-post' })
router.post(
{
path: '/preboot-post',
security: { authz: { enabled: false, reason: '' } },
validate: false,
},
(context, req, res) => res.ok({ body: 'hello-post' })
);
});
@ -60,21 +70,41 @@ describe('Preboot HTTP server', () => {
it('accepts requests after `setup`, but before `start`', async () => {
const { server: innerPrebootServer, registerRoutes } = await server.preboot(prebootDeps);
registerRoutes('', (router) => {
router.get({ path: '/preboot-get', validate: false }, (context, req, res) =>
res.ok({ body: 'hello-get' })
router.get(
{
path: '/preboot-get',
security: { authz: { enabled: false, reason: '' } },
validate: false,
},
(context, req, res) => res.ok({ body: 'hello-get' })
);
router.post({ path: '/preboot-post', validate: false }, (context, req, res) =>
res.ok({ body: 'hello-post' })
router.post(
{
path: '/preboot-post',
security: { authz: { enabled: false, reason: '' } },
validate: false,
},
(context, req, res) => res.ok({ body: 'hello-post' })
);
});
const { createRouter, server: innerStandardServer } = await server.setup(setupDeps);
const standardRouter = createRouter('');
standardRouter.get({ path: '/standard-get', validate: false }, (context, req, res) =>
res.ok({ body: 'hello-get' })
standardRouter.get(
{
path: '/standard-get',
security: { authz: { enabled: false, reason: '' } },
validate: false,
},
(context, req, res) => res.ok({ body: 'hello-get' })
);
standardRouter.post({ path: '/standard-post', validate: false }, (context, req, res) =>
res.ok({ body: 'hello-post' })
standardRouter.post(
{
path: '/standard-post',
security: { authz: { enabled: false, reason: '' } },
validate: false,
},
(context, req, res) => res.ok({ body: 'hello-post' })
);
// Preboot routes should still work.
@ -101,21 +131,41 @@ describe('Preboot HTTP server', () => {
it('is not available after `start`', async () => {
const { server: innerPrebootServer, registerRoutes } = await server.preboot(prebootDeps);
registerRoutes('', (router) => {
router.get({ path: '/preboot-get', validate: false }, (context, req, res) =>
res.ok({ body: 'hello-get' })
router.get(
{
path: '/preboot-get',
security: { authz: { enabled: false, reason: '' } },
validate: false,
},
(context, req, res) => res.ok({ body: 'hello-get' })
);
router.post({ path: '/preboot-post', validate: false }, (context, req, res) =>
res.ok({ body: 'hello-post' })
router.post(
{
path: '/preboot-post',
security: { authz: { enabled: false, reason: '' } },
validate: false,
},
(context, req, res) => res.ok({ body: 'hello-post' })
);
});
const { createRouter, server: innerStandardServer } = await server.setup(setupDeps);
const standardRouter = createRouter('');
standardRouter.get({ path: '/standard-get', validate: false }, (context, req, res) =>
res.ok({ body: 'hello-get' })
standardRouter.get(
{
path: '/standard-get',
security: { authz: { enabled: false, reason: '' } },
validate: false,
},
(context, req, res) => res.ok({ body: 'hello-get' })
);
standardRouter.post({ path: '/standard-post', validate: false }, (context, req, res) =>
res.ok({ body: 'hello-post' })
standardRouter.post(
{
path: '/standard-post',
security: { authz: { enabled: false, reason: '' } },
validate: false,
},
(context, req, res) => res.ok({ body: 'hello-post' })
);
await server.start();

198
src/core/server/integration_tests/http/request.test.ts
View file

@ -48,7 +48,12 @@ describe('KibanaRequest', () => {
const { server: innerServer, createRouter } = await server.setup(setupDeps);
const router = createRouter('/');
router.get(
{ path: '/', validate: false, options: { authRequired: true } },
{
path: '/',
security: { authz: { enabled: false, reason: '' } },
validate: false,
options: { authRequired: true },
},
(context, req, res) => res.ok({ body: { isAuthenticated: req.auth.isAuthenticated } })
);
await server.start();
@ -62,7 +67,12 @@ describe('KibanaRequest', () => {
const router = createRouter('/');
registerAuth((req, res, toolkit) => toolkit.notHandled());
router.get(
{ path: '/', validate: false, options: { authRequired: 'optional' } },
{
path: '/',
security: { authz: { enabled: false, reason: '' } },
validate: false,
options: { authRequired: 'optional' },
},
(context, req, res) => res.ok({ body: { isAuthenticated: req.auth.isAuthenticated } })
);
await server.start();
@ -76,7 +86,12 @@ describe('KibanaRequest', () => {
const router = createRouter('/');
registerAuth((req, res, toolkit) => toolkit.redirected({ location: '/any' }));
router.get(
{ path: '/', validate: false, options: { authRequired: 'optional' } },
{
path: '/',
security: { authz: { enabled: false, reason: '' } },
validate: false,
options: { authRequired: 'optional' },
},
(context, req, res) => res.ok({ body: { isAuthenticated: req.auth.isAuthenticated } })
);
await server.start();
@ -90,7 +105,12 @@ describe('KibanaRequest', () => {
const router = createRouter('/');
registerAuth((req, res, toolkit) => toolkit.authenticated());
router.get(
{ path: '/', validate: false, options: { authRequired: 'optional' } },
{
path: '/',
security: { authz: { enabled: false, reason: '' } },
validate: false,
options: { authRequired: 'optional' },
},
(context, req, res) => res.ok({ body: { isAuthenticated: req.auth.isAuthenticated } })
);
await server.start();
@ -104,7 +124,12 @@ describe('KibanaRequest', () => {
const router = createRouter('/');
registerAuth((req, res, toolkit) => toolkit.authenticated());
router.get(
{ path: '/', validate: false, options: { authRequired: true } },
{
path: '/',
security: { authz: { enabled: false, reason: '' } },
validate: false,
options: { authRequired: true },
},
(context, req, res) => res.ok({ body: { isAuthenticated: req.auth.isAuthenticated } })
);
await server.start();
@ -123,7 +148,12 @@ describe('KibanaRequest', () => {
registerAuth((req, res, t) => t.authenticated());
const router = createRouter('/');
router.get(
{ path: '/', validate: false, options: { authRequired: false } },
{
path: '/',
security: { authz: { enabled: false, reason: '' } },
validate: false,
options: { authRequired: false },
},
(context, req, res) => res.ok({ body: { authRequired: req.route.options.authRequired } })
);
await server.start();
@ -137,7 +167,12 @@ describe('KibanaRequest', () => {
registerAuth((req, res, t) => t.authenticated());
const router = createRouter('/');
router.get(
{ path: '/', validate: false, options: { authRequired: 'optional' } },
{
path: '/',
security: { authz: { enabled: false, reason: '' } },
validate: false,
options: { authRequired: 'optional' },
},
(context, req, res) => res.ok({ body: { authRequired: req.route.options.authRequired } })
);
await server.start();
@ -151,7 +186,12 @@ describe('KibanaRequest', () => {
registerAuth((req, res, t) => t.authenticated());
const router = createRouter('/');
router.get(
{ path: '/', validate: false, options: { authRequired: true } },
{
path: '/',
security: { authz: { enabled: false, reason: '' } },
validate: false,
options: { authRequired: true },
},
(context, req, res) => res.ok({ body: { authRequired: req.route.options.authRequired } })
);
await server.start();
@ -173,16 +213,19 @@ describe('KibanaRequest', () => {
const nextSpy = jest.fn();
const done = new Promise<void>((resolve) => {
router.get({ path: '/', validate: false }, async (context, request, res) => {
request.events.aborted$.subscribe({
next: nextSpy,
complete: resolve,
});
router.get(
{ path: '/', security: { authz: { enabled: false, reason: '' } }, validate: false },
async (context, request, res) => {
request.events.aborted$.subscribe({
next: nextSpy,
complete: resolve,
});
// prevents the server to respond
await delay(30000);
return res.ok({ body: 'ok' });
});
// prevents the server to respond
await delay(30000);
return res.ok({ body: 'ok' });
}
);
});
await server.start();
@ -206,7 +249,11 @@ describe('KibanaRequest', () => {
const done = new Promise<void>((resolve) => {
router.post(
{ path: '/', validate: { body: schema.any() } },
{
path: '/',
security: { authz: { enabled: false, reason: '' } },
validate: { body: schema.any() },
},
async (context, request, res) => {
request.events.aborted$.subscribe({
next: nextSpy,
@ -239,14 +286,17 @@ describe('KibanaRequest', () => {
const nextSpy = jest.fn();
const completeSpy = jest.fn();
router.get({ path: '/', validate: false }, async (context, request, res) => {
request.events.aborted$.subscribe({
next: nextSpy,
complete: completeSpy,
});
router.get(
{ path: '/', security: { authz: { enabled: false, reason: '' } }, validate: false },
async (context, request, res) => {
request.events.aborted$.subscribe({
next: nextSpy,
complete: completeSpy,
});
return res.ok({ body: 'ok' });
});
return res.ok({ body: 'ok' });
}
);
await server.start();
@ -262,14 +312,17 @@ describe('KibanaRequest', () => {
const nextSpy = jest.fn();
const completeSpy = jest.fn();
router.get({ path: '/', validate: false }, async (context, request, res) => {
request.events.aborted$.subscribe({
next: nextSpy,
complete: completeSpy,
});
router.get(
{ path: '/', security: { authz: { enabled: false, reason: '' } }, validate: false },
async (context, request, res) => {
request.events.aborted$.subscribe({
next: nextSpy,
complete: completeSpy,
});
return res.badRequest();
});
return res.badRequest();
}
);
await server.start();
@ -299,7 +352,11 @@ describe('KibanaRequest', () => {
});
router.post(
{ path: '/', validate: { body: schema.any() } },
{
path: '/',
security: { authz: { enabled: false, reason: '' } },
validate: { body: schema.any() },
},
async (context, request, res) => {
expect(completeSpy).not.toHaveBeenCalled();
return res.ok({ body: 'ok' });
@ -323,16 +380,19 @@ describe('KibanaRequest', () => {
const nextSpy = jest.fn();
const completeSpy = jest.fn();
router.get({ path: '/', validate: false }, async (context, req, res) => {
req.events.completed$.subscribe({
next: nextSpy,
complete: completeSpy,
});
router.get(
{ path: '/', security: { authz: { enabled: false, reason: '' } }, validate: false },
async (context, req, res) => {
req.events.completed$.subscribe({
next: nextSpy,
complete: completeSpy,
});
expect(nextSpy).not.toHaveBeenCalled();
expect(completeSpy).not.toHaveBeenCalled();
return res.ok({ body: 'ok' });
});
expect(nextSpy).not.toHaveBeenCalled();
expect(completeSpy).not.toHaveBeenCalled();
return res.ok({ body: 'ok' });
}
);
await server.start();
@ -349,16 +409,19 @@ describe('KibanaRequest', () => {
const nextSpy = jest.fn();
const done = new Promise<void>((resolve) => {
router.get({ path: '/', validate: false }, async (context, req, res) => {
req.events.completed$.subscribe({
next: nextSpy,
complete: resolve,
});
router.get(
{ path: '/', security: { authz: { enabled: false, reason: '' } }, validate: false },
async (context, req, res) => {
req.events.completed$.subscribe({
next: nextSpy,
complete: resolve,
});
expect(nextSpy).not.toHaveBeenCalled();
await delay(30000);
return res.ok({ body: 'ok' });
});
expect(nextSpy).not.toHaveBeenCalled();
await delay(30000);
return res.ok({ body: 'ok' });
}
);
});
await server.start();
@ -381,7 +444,11 @@ describe('KibanaRequest', () => {
const done = new Promise<void>((resolve) => {
router.post(
{ path: '/', validate: { body: schema.any() } },
{
path: '/',
security: { authz: { enabled: false, reason: '' } },
validate: { body: schema.any() },
},
async (context, req, res) => {
req.events.completed$.subscribe({
next: nextSpy,
@ -413,9 +480,12 @@ describe('KibanaRequest', () => {
it('accepts x-opaque-id header case-insensitively', async () => {
const { server: innerServer, createRouter } = await server.setup(setupDeps);
const router = createRouter('/');
router.get({ path: '/', validate: false }, async (context, req, res) => {
return res.ok({ body: { requestId: req.id } });
});
router.get(
{ path: '/', security: { authz: { enabled: false, reason: '' } }, validate: false },
async (context, req, res) => {
return res.ok({ body: { requestId: req.id } });
}
);
await server.start();
const st = supertest(innerServer.listener);
@ -433,9 +503,12 @@ describe('KibanaRequest', () => {
it('generates a UUID', async () => {
const { server: innerServer, createRouter } = await server.setup(setupDeps);
const router = createRouter('/');
router.get({ path: '/', validate: false }, async (context, req, res) => {
return res.ok({ body: { requestUuid: req.uuid } });
});
router.get(
{ path: '/', security: { authz: { enabled: false, reason: '' } }, validate: false },
async (context, req, res) => {
return res.ok({ body: { requestUuid: req.uuid } });
}
);
await server.start();
const st = supertest(innerServer.listener);
@ -449,9 +522,12 @@ describe('KibanaRequest', () => {
it('returns the correct values', async () => {
const { server: innerServer, createRouter } = await server.setup(setupDeps);
const router = createRouter('/');
router.get({ path: '/', validate: false }, async (context, req, res) => {
return res.ok({ body: { httpVersion: req.httpVersion, protocol: req.protocol } });
});
router.get(
{ path: '/', security: { authz: { enabled: false, reason: '' } }, validate: false },
async (context, req, res) => {
return res.ok({ body: { httpVersion: req.httpVersion, protocol: req.protocol } });
}
);
await server.start();
const st = supertest(innerServer.listener);

65
src/core/server/integration_tests/http/request_representation.test.ts
View file

@ -49,7 +49,12 @@ describe('request logging', () => {
const { server: innerServer, createRouter } = await server.setup(setupDeps);
const router = createRouter('/');
router.get(
{ path: '/', validate: false, options: { authRequired: true } },
{
path: '/',
security: { authz: { enabled: false, reason: '' } },
validate: false,
options: { authRequired: true },
},
(context, req, res) => {
return res.ok({ body: { req: String(req) } });
}
@ -66,7 +71,12 @@ describe('request logging', () => {
const { server: innerServer, createRouter } = await server.setup(setupDeps);
const router = createRouter('/');
router.get(
{ path: '/', validate: false, options: { authRequired: true } },
{
path: '/',
security: { authz: { enabled: false, reason: '' } },
validate: false,
options: { authRequired: true },
},
(context, req, res) => {
return res.ok({ body: { req: JSON.stringify(req) } });
}
@ -98,7 +108,12 @@ describe('request logging', () => {
const { server: innerServer, createRouter } = await server.setup(setupDeps);
const router = createRouter('/');
router.get(
{ path: '/', validate: false, options: { authRequired: true } },
{
path: '/',
security: { authz: { enabled: false, reason: '' } },
validate: false,
options: { authRequired: true },
},
(context, req, res) => {
return res.ok({ body: { req: inspect(req) } });
}
@ -125,7 +140,7 @@ describe('request logging', () => {
deprecated: undefined,
access: 'internal',
tags: [],
security: undefined,
security: [Object],
timeout: [Object],
body: undefined
}
@ -142,7 +157,12 @@ describe('request logging', () => {
const { server: innerServer, createRouter } = await server.setup(setupDeps);
const router = createRouter('/');
router.get(
{ path: '/', validate: false, options: { authRequired: true } },
{
path: '/',
security: { authz: { enabled: false, reason: '' } },
validate: false,
options: { authRequired: true },
},
(context, req, res) => {
const rawRequest = ensureRawRequest(req);
return res.ok({ body: { req: String(rawRequest) } });
@ -160,7 +180,12 @@ describe('request logging', () => {
const { server: innerServer, createRouter } = await server.setup(setupDeps);
const router = createRouter('/');
router.get(
{ path: '/', validate: false, options: { authRequired: true } },
{
path: '/',
security: { authz: { enabled: false, reason: '' } },
validate: false,
options: { authRequired: true },
},
(context, req, res) => {
const rawRequest = ensureRawRequest(req);
return res.ok({ body: { req: JSON.stringify(rawRequest) } });
@ -179,7 +204,12 @@ describe('request logging', () => {
const { server: innerServer, createRouter } = await server.setup(setupDeps);
const router = createRouter('/');
router.get(
{ path: '/', validate: false, options: { authRequired: true } },
{
path: '/',
security: { authz: { enabled: false, reason: '' } },
validate: false,
options: { authRequired: true },
},
(context, req, res) => {
const rawRequest = ensureRawRequest(req);
return res.ok({ body: { req: inspect(rawRequest) } });
@ -199,7 +229,12 @@ describe('request logging', () => {
const { server: innerServer, createRouter } = await server.setup(setupDeps);
const router = createRouter('/');
router.get(
{ path: '/', validate: false, options: { authRequired: true } },
{
path: '/',
security: { authz: { enabled: false, reason: '' } },
validate: false,
options: { authRequired: true },
},
(context, req, res) => {
const rawRawRequest = ensureRawRequest(req).raw.req;
return res.ok({ body: { req: String(rawRawRequest) } });
@ -217,7 +252,12 @@ describe('request logging', () => {
const { server: innerServer, createRouter } = await server.setup(setupDeps);
const router = createRouter('/');
router.get(
{ path: '/', validate: false, options: { authRequired: true } },
{
path: '/',
security: { authz: { enabled: false, reason: '' } },
validate: false,
options: { authRequired: true },
},
(context, req, res) => {
const rawRawRequest = ensureRawRequest(req).raw.req;
return res.ok({ body: { req: JSON.stringify(rawRawRequest) } });
@ -238,7 +278,12 @@ describe('request logging', () => {
const { server: innerServer, createRouter } = await server.setup(setupDeps);
const router = createRouter('/');
router.get(
{ path: '/', validate: false, options: { authRequired: true } },
{
path: '/',
security: { authz: { enabled: false, reason: '' } },
validate: false,
options: { authRequired: true },
},
(context, req, res) => {
const rawRawRequest = ensureRawRequest(req).raw.req;
return res.ok({ body: { req: inspect(rawRawRequest) } });

912
src/core/server/integration_tests/http/router.test.ts
View file

File diff suppressed because it is too large Load diff

1
src/core/server/integration_tests/http/tls_config_reload.test.ts
View file

@ -84,6 +84,7 @@ describe('HttpServer - TLS config', () => {
{
path: '/',
validate: false,
security: { authz: { enabled: false, reason: '' } },
},
async (ctx, req, res) => {
return res.ok({

135
src/core/server/integration_tests/http/versioned_router.test.ts
View file

@ -72,7 +72,11 @@ describe('Routing versioned requests', () => {
it('routes requests to the expected handlers', async () => {
router.versioned
.get({ path: '/my-path', access: 'internal' })
.get({
path: '/my-path',
security: { authz: { enabled: false, reason: '' } },
access: 'internal',
})
.addVersion({ validate: false, version: '1' }, async (ctx, req, res) => {
return res.ok({ body: { v: '1' } });
})
@ -102,7 +106,11 @@ describe('Routing versioned requests', () => {
it('handles missing version header (defaults to oldest)', async () => {
await setupServer({ dev: false });
router.versioned
.get({ path: '/my-path', access: 'public' })
.get({
path: '/my-path',
security: { authz: { enabled: false, reason: '' } },
access: 'public',
})
.addVersion({ validate: false, version: '2020-02-02' }, async (ctx, req, res) => {
return res.ok({ body: { v: '1' } });
})
@ -122,7 +130,11 @@ describe('Routing versioned requests', () => {
it('returns the expected output for badly formatted versions', async () => {
router.versioned
.get({ path: '/my-path', access: 'internal' })
.get({
path: '/my-path',
security: { authz: { enabled: false, reason: '' } },
access: 'internal',
})
.addVersion({ validate: false, version: '1' }, async (ctx, req, res) => {
return res.ok({ body: { v: '1' } });
});
@ -142,7 +154,11 @@ describe('Routing versioned requests', () => {
it('returns the expected responses for failed validation', async () => {
router.versioned
.post({ path: '/my-path', access: 'internal' })
.post({
path: '/my-path',
security: { authz: { enabled: false, reason: '' } },
access: 'internal',
})
// Bad request validation
.addVersion(
{
@ -172,7 +188,11 @@ describe('Routing versioned requests', () => {
it('returns the version in response headers', async () => {
router.versioned
.get({ path: '/my-path', access: 'public' })
.get({
path: '/my-path',
security: { authz: { enabled: false, reason: '' } },
access: 'public',
})
.addVersion({ validate: false, version: '2023-10-31' }, async (ctx, req, res) => {
return res.ok({ body: { foo: 'bar' } });
});
@ -190,7 +210,12 @@ describe('Routing versioned requests', () => {
it('returns the version in response headers, even for HTTP resources', async () => {
router.versioned
.get({ path: '/my-path', access: 'public', options: { httpResource: true } })
.get({
path: '/my-path',
security: { authz: { enabled: false, reason: '' } },
access: 'public',
options: { httpResource: true },
})
.addVersion({ validate: false, version: '2023-10-31' }, async (ctx, req, res) => {
return res.ok({ body: { foo: 'bar' } });
});
@ -208,7 +233,11 @@ describe('Routing versioned requests', () => {
it('runs response validation when in dev', async () => {
router.versioned
.get({ path: '/my-path', access: 'internal' })
.get({
path: '/my-path',
security: { authz: { enabled: false, reason: '' } },
access: 'internal',
})
.addVersion(
{ validate: { response: { 200: { body: () => schema.number() } } }, version: '1' },
async (ctx, req, res) => {
@ -278,7 +307,11 @@ describe('Routing versioned requests', () => {
await setupServer({ dev: false });
router.versioned
.get({ path: '/my-path', access: 'internal' })
.get({
path: '/my-path',
security: { authz: { enabled: false, reason: '' } },
access: 'internal',
})
.addVersion(
{ validate: { response: { 200: { body: () => schema.number() } } }, version: '1' },
async (ctx, req, res) => {
@ -301,7 +334,11 @@ describe('Routing versioned requests', () => {
await setupServer({ dev: false });
router.versioned
.get({ path: '/my-internal-path', access: 'internal' })
.get({
path: '/my-internal-path',
security: { authz: { enabled: false, reason: '' } },
access: 'internal',
})
.addVersion(
{ version: '1', validate: { response: { 200: { body: () => schema.number() } } } },
async (ctx, req, res) => res.ok({ body: 'v1' })
@ -326,6 +363,7 @@ describe('Routing versioned requests', () => {
router.versioned
.get({
path: '/my-path',
security: { authz: { enabled: false, reason: '' } },
access: 'public',
})
.addVersion({ version: '2023-10-31', validate: false }, async (ctx, req, res) => res.ok());
@ -333,6 +371,7 @@ describe('Routing versioned requests', () => {
router.versioned
.get({
path: '/my-internal-path',
security: { authz: { enabled: false, reason: '' } },
access: 'internal',
})
.addVersion({ version: '1', validate: false }, async (ctx, req, res) => res.ok());
@ -361,7 +400,11 @@ describe('Routing versioned requests', () => {
});
it('errors when no handler could be found', async () => {
router.versioned.get({ path: '/my-path', access: 'public' });
router.versioned.get({
path: '/my-path',
security: { authz: { enabled: false, reason: '' } },
access: 'public',
});
await server.start();
@ -379,7 +422,11 @@ describe('Routing versioned requests', () => {
await setupServer({ serverless: true, dev: false });
router.versioned
.get({ path: '/my-path', access: 'public' })
.get({
path: '/my-path',
security: { authz: { enabled: false, reason: '' } },
access: 'public',
})
.addVersion({ validate: false, version: '2023-04-04' }, async (ctx, req, res) => {
return res.ok({ body: { v: 'oldest' } });
})
@ -401,7 +448,11 @@ describe('Routing versioned requests', () => {
await setupServer({ serverless: false, dev: false });
router.versioned
.get({ path: '/my-path', access: 'public' })
.get({
path: '/my-path',
security: { authz: { enabled: false, reason: '' } },
access: 'public',
})
.addVersion({ validate: false, version: '2023-04-04' }, async (ctx, req, res) => {
return res.ok({ body: { v: 'oldest' } });
})
@ -423,7 +474,11 @@ describe('Routing versioned requests', () => {
const error = new Error(`some error`);
router.versioned
.get({ path: '/my-path', access: 'internal' })
.get({
path: '/my-path',
security: { authz: { enabled: false, reason: '' } },
access: 'internal',
})
.addVersion({ validate: false, version: '1' }, async (ctx, req, res) => {
throw error;
});
@ -438,19 +493,25 @@ describe('Routing versioned requests', () => {
it('reserves the query parameter "apiVersion" for version negotiation', async () => {
await setupServer({ serverless: false, dev: false });
router.versioned.get({ path: '/my-path', access: 'public' }).addVersion(
{
validate: {
request: {
query: schema.object({ [ELASTIC_HTTP_VERSION_QUERY_PARAM]: schema.string() }),
router.versioned
.get({
path: '/my-path',
security: { authz: { enabled: false, reason: '' } },
access: 'public',
})
.addVersion(
{
validate: {
request: {
query: schema.object({ [ELASTIC_HTTP_VERSION_QUERY_PARAM]: schema.string() }),
},
},
version: '2023-04-04',
},
version: '2023-04-04',
},
async (ctx, req, res) => {
return res.ok({ body: 'ok' });
}
);
async (ctx, req, res) => {
return res.ok({ body: 'ok' });
}
);
await server.start();
@ -476,7 +537,12 @@ describe('Routing versioned requests', () => {
return res.ok({ body: 'ok' });
});
router.versioned
.get({ path: '/my-public', access: 'public', enableQueryVersion: true })
.get({
path: '/my-public',
security: { authz: { enabled: false, reason: '' } },
access: 'public',
enableQueryVersion: true,
})
.addVersion(
{
validate: { request: { query: schema.object({ a: schema.number() }) } },
@ -486,7 +552,12 @@ describe('Routing versioned requests', () => {
);
router.versioned
.get({ path: '/my-internal', access: 'internal', enableQueryVersion: true })
.get({
path: '/my-internal',
security: { authz: { enabled: false, reason: '' } },
access: 'internal',
enableQueryVersion: true,
})
.addVersion(
{
validate: { request: { query: schema.object({ a: schema.number() }) } },
@ -540,12 +611,20 @@ describe('Routing versioned requests', () => {
);
router.versioned
.get({ path: '/my_path_to_bypass/{id?}', access: 'internal' })
.get({
path: '/my_path_to_bypass/{id?}',
security: { authz: { enabled: false, reason: '' } },
access: 'internal',
})
.addVersion({ validate: false, version: '1' }, async (ctx, req, res) => {
return res.ok({ body: { ok: true } });
});
router.versioned
.get({ path: '/my_other_path', access: 'internal' })
.get({
path: '/my_other_path',
security: { authz: { enabled: false, reason: '' } },
access: 'internal',
})
.addVersion({ validate: false, version: '1' }, async (ctx, req, res) => {
return res.ok({ body: { ok: true } });
});

107
src/core/server/integration_tests/http_resources/http_resources_service.test.ts
View file

@ -43,8 +43,13 @@ function applyTestsWithDisableUnsafeEvalSetTo(disableUnsafeEval: boolean) {
const router = http.createRouter('');
const resources = httpResources.createRegistrar(router);
resources.register({ path: '/render-core', validate: false }, (context, req, res) =>
res.renderAnonymousCoreApp()
resources.register(
{
path: '/render-core',
validate: false,
security: { authz: { requiredPrivileges: ['foo'] } },
},
(context, req, res) => res.renderAnonymousCoreApp()
);
await root.start();
@ -58,8 +63,13 @@ function applyTestsWithDisableUnsafeEvalSetTo(disableUnsafeEval: boolean) {
const router = http.createRouter('');
const resources = httpResources.createRegistrar(router);
resources.register({ path: '/render-core', validate: false }, (context, req, res) =>
res.renderAnonymousCoreApp()
resources.register(
{
path: '/render-core',
validate: false,
security: { authz: { requiredPrivileges: ['foo'] } },
},
(context, req, res) => res.renderAnonymousCoreApp()
);
await root.start();
@ -73,13 +83,19 @@ function applyTestsWithDisableUnsafeEvalSetTo(disableUnsafeEval: boolean) {
const router = http.createRouter('');
const resources = httpResources.createRegistrar(router);
resources.register({ path: '/render-core', validate: false }, (context, req, res) =>
res.renderAnonymousCoreApp({
headers: {
'content-security-policy': "script-src 'unsafe-eval'",
'x-kibana': '42',
},
})
resources.register(
{
path: '/render-core',
validate: false,
security: { authz: { requiredPrivileges: ['foo'] } },
},
(context, req, res) =>
res.renderAnonymousCoreApp({
headers: {
'content-security-policy': "script-src 'unsafe-eval'",
'x-kibana': '42',
},
})
);
await root.start();
@ -104,8 +120,13 @@ function applyTestsWithDisableUnsafeEvalSetTo(disableUnsafeEval: boolean) {
</body>
</html>
`;
resources.register({ path: '/render-html', validate: false }, (context, req, res) =>
res.renderHtml({ body: htmlBody })
resources.register(
{
path: '/render-html',
validate: false,
security: { authz: { requiredPrivileges: ['foo'] } },
},
(context, req, res) => res.renderHtml({ body: htmlBody })
);
await root.start();
@ -121,8 +142,13 @@ function applyTestsWithDisableUnsafeEvalSetTo(disableUnsafeEval: boolean) {
const router = http.createRouter('');
const resources = httpResources.createRegistrar(router);
const jsBody = 'window.alert("from js body");';
resources.register({ path: '/render-js', validate: false }, (context, req, res) =>
res.renderJs({ body: jsBody })
resources.register(
{
path: '/render-js',
validate: false,
security: { authz: { requiredPrivileges: ['foo'] } },
},
(context, req, res) => res.renderJs({ body: jsBody })
);
await root.start();
@ -145,8 +171,13 @@ function applyTestsWithDisableUnsafeEvalSetTo(disableUnsafeEval: boolean) {
</body>
</html>
`;
resources.register({ path: '/render-html', validate: false }, (context, req, res) =>
res.renderHtml({ body: htmlBody })
resources.register(
{
path: '/render-html',
validate: false,
security: { authz: { requiredPrivileges: ['foo'] } },
},
(context, req, res) => res.renderHtml({ body: htmlBody })
);
await root.start();
@ -160,15 +191,21 @@ function applyTestsWithDisableUnsafeEvalSetTo(disableUnsafeEval: boolean) {
const router = http.createRouter('');
const resources = httpResources.createRegistrar(router);
resources.register({ path: '/render-core', validate: false }, (context, req, res) =>
res.renderHtml({
body: '<html><p>Hi</p></html>',
headers: {
'content-security-policy': "script-src 'unsafe-eval'",
'content-type': 'text/html',
'x-kibana': '42',
},
})
resources.register(
{
path: '/render-core',
validate: false,
security: { authz: { requiredPrivileges: ['foo'] } },
},
(context, req, res) =>
res.renderHtml({
body: '<html><p>Hi</p></html>',
headers: {
'content-security-policy': "script-src 'unsafe-eval'",
'content-type': 'text/html',
'x-kibana': '42',
},
})
);
await root.start();
@ -189,8 +226,13 @@ function applyTestsWithDisableUnsafeEvalSetTo(disableUnsafeEval: boolean) {
}),
};
resources.register({ path: '/render-js-with-param/{id}', validate }, (context, req, res) =>
res.renderJs({ body: `window.alert(${req.params.id});` })
resources.register(
{
path: '/render-js-with-param/{id}',
validate,
security: { authz: { requiredPrivileges: ['foo'] } },
},
(context, req, res) => res.renderJs({ body: `window.alert(${req.params.id});` })
);
await root.start();
@ -206,8 +248,13 @@ function applyTestsWithDisableUnsafeEvalSetTo(disableUnsafeEval: boolean) {
const router = http.createRouter('');
const resources = httpResources.createRegistrar(router);
const htmlBody = `<p>HtMlr00lz</p>`;
resources.register({ path: '/render-html', validate: false }, (context, req, res) =>
res.renderHtml({ body: htmlBody })
resources.register(
{
path: '/render-html',
validate: false,
security: { authz: { requiredPrivileges: ['foo'] } },
},
(context, req, res) => res.renderHtml({ body: htmlBody })
);
await root.start();

118
src/core/server/integration_tests/metrics/server_collector.test.ts
View file

@ -46,9 +46,12 @@ describe('ServerMetricsCollector', () => {
});
it('collect requests infos', async () => {
router.get({ path: '/', validate: false }, async (ctx, req, res) => {
return res.ok({ body: '' });
});
router.get(
{ path: '/', validate: false, security: { authz: { requiredPrivileges: ['foo'] } } },
async (ctx, req, res) => {
return res.ok({ body: '' });
}
);
await server.start();
@ -81,17 +84,27 @@ describe('ServerMetricsCollector', () => {
const disconnectRequested$ = new Subject<void>(); // Controls the number of requests in the /disconnect endpoint
const disconnectAborted$ = new Subject<void>(); // Controls the abort event in the /disconnect endpoint
router.get({ path: '/', validate: false }, async (ctx, req, res) => {
return res.ok({ body: '' });
});
router.get({ path: '/disconnect', validate: false }, async (ctx, req, res) => {
disconnectRequested$.next();
req.events.aborted$.subscribe(() => {
disconnectAborted$.next();
});
await never; // Never resolve the request
return res.ok({ body: '' });
});
router.get(
{ path: '/', validate: false, security: { authz: { requiredPrivileges: ['foo'] } } },
async (ctx, req, res) => {
return res.ok({ body: '' });
}
);
router.get(
{
path: '/disconnect',
validate: false,
security: { authz: { requiredPrivileges: ['foo'] } },
},
async (ctx, req, res) => {
disconnectRequested$.next();
req.events.aborted$.subscribe(() => {
disconnectAborted$.next();
});
await never; // Never resolve the request
return res.ok({ body: '' });
}
);
await server.start();
await sendGet('/');
@ -148,17 +161,26 @@ describe('ServerMetricsCollector', () => {
});
it('collect response times', async () => {
router.get({ path: '/no-delay', validate: false }, async (ctx, req, res) => {
return res.ok({ body: '' });
});
router.get({ path: '/500-ms', validate: false }, async (ctx, req, res) => {
await delay(500);
return res.ok({ body: '' });
});
router.get({ path: '/250-ms', validate: false }, async (ctx, req, res) => {
await delay(250);
return res.ok({ body: '' });
});
router.get(
{ path: '/no-delay', validate: false, security: { authz: { requiredPrivileges: ['foo'] } } },
async (ctx, req, res) => {
return res.ok({ body: '' });
}
);
router.get(
{ path: '/500-ms', validate: false, security: { authz: { requiredPrivileges: ['foo'] } } },
async (ctx, req, res) => {
await delay(500);
return res.ok({ body: '' });
}
);
router.get(
{ path: '/250-ms', validate: false, security: { authz: { requiredPrivileges: ['foo'] } } },
async (ctx, req, res) => {
await delay(250);
return res.ok({ body: '' });
}
);
await server.start();
await Promise.all([sendGet('/no-delay'), sendGet('/250-ms')]);
@ -178,11 +200,14 @@ describe('ServerMetricsCollector', () => {
const waitSubject = new Subject();
const hitSubject = new BehaviorSubject(0);
router.get({ path: '/', validate: false }, async (ctx, req, res) => {
hitSubject.next(hitSubject.value + 1);
await waitSubject.pipe(take(1)).toPromise();
return res.ok({ body: '' });
});
router.get(
{ path: '/', validate: false, security: { authz: { requiredPrivileges: ['foo'] } } },
async (ctx, req, res) => {
hitSubject.next(hitSubject.value + 1);
await waitSubject.pipe(take(1)).toPromise();
return res.ok({ body: '' });
}
);
await server.start();
const waitForHits = (hits: number) =>
@ -221,9 +246,12 @@ describe('ServerMetricsCollector', () => {
describe('#reset', () => {
it('reset the requests state', async () => {
router.get({ path: '/', validate: false }, async (ctx, req, res) => {
return res.ok({ body: '' });
});
router.get(
{ path: '/', validate: false, security: { authz: { requiredPrivileges: ['foo'] } } },
async (ctx, req, res) => {
return res.ok({ body: '' });
}
);
await server.start();
await sendGet('/');
@ -266,13 +294,23 @@ describe('ServerMetricsCollector', () => {
});
it('resets the response times', async () => {
router.get({ path: '/no-delay', validate: false }, async (ctx, req, res) => {
return res.ok({ body: '' });
});
router.get({ path: '/500-ms', validate: false }, async (ctx, req, res) => {
await delay(500);
return res.ok({ body: '' });
});
router.get(
{
path: '/no-delay',
validate: false,
security: { authz: { requiredPrivileges: ['foo'] } },
},
async (ctx, req, res) => {
return res.ok({ body: '' });
}
);
router.get(
{ path: '/500-ms', validate: false, security: { authz: { requiredPrivileges: ['foo'] } } },
async (ctx, req, res) => {
await delay(500);
return res.ok({ body: '' });
}
);
await server.start();

12
src/platform/packages/shared/content-management/content_insights/content_insights_server/src/register.ts
View file

@ -97,7 +97,11 @@ export const registerContentInsights = (
},
},
}
: {}),
: {
security: {
authz: { enabled: false, reason: 'Route delegates authorization to the SO Client' },
},
}),
},
async (context, req, res) => {
const { id, eventType } = req.params;
@ -122,7 +126,11 @@ export const registerContentInsights = (
},
},
}
: {}),
: {
security: {
authz: { enabled: false, reason: 'Route delegates authorization to the SO Client' },
},
}),
},
async (context, req, res) => {
const { id, eventType } = req.params;

3
src/platform/packages/shared/kbn-router-to-openapispec/src/__snapshots__/generate_oas.test.ts.snap generated
View file

@ -126,6 +126,7 @@ Object {
"/bar": Object {
"get": Object {
"deprecated": true,
"description": "[Required authorization] Route required privileges: ALL of [foo].",
"operationId": "get-bar",
"parameters": Array [],
"requestBody": Object {
@ -490,6 +491,7 @@ Object {
"/no-xsrf/{id}/{path}": Object {
"post": Object {
"deprecated": true,
"description": "[Required authorization] Route required privileges: ALL of [foo].",
"operationId": "post-no-xsrf-id-path",
"parameters": Array [],
"requestBody": Object {
@ -702,6 +704,7 @@ Object {
},
"/test": Object {
"get": Object {
"description": "[Required authorization] Route required privileges: ALL of [foo].",
"operationId": "get-test",
"parameters": Array [],
"requestBody": Object {

1
src/platform/packages/shared/kbn-router-to-openapispec/src/generate_oas.test.fixture.ts
View file

@ -36,6 +36,7 @@ export const sharedOas = {
deprecated: true,
'x-discontinued': 'route discontinued version or date',
operationId: 'get-bar',
description: '[Required authorization] Route required privileges: ALL of [foo].',
parameters: [],
requestBody: {
content: {

84
src/platform/packages/shared/kbn-router-to-openapispec/src/generate_oas.test.ts
View file

@ -74,7 +74,15 @@ describe('generateOpenApiDocument', () => {
{
method: 'post',
path: '/no-xsrf/{id}/{path*}',
options: { access: 'public', options: { xsrfRequired: false } },
options: {
access: 'public',
options: { xsrfRequired: false },
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
},
],
},
@ -247,7 +255,14 @@ describe('generateOpenApiDocument', () => {
method: 'get',
path: '/test',
isVersioned: true,
options: { access: 'public' },
options: {
access: 'public',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
handlers: [
{
fn: jest.fn(),
@ -298,19 +313,46 @@ describe('generateOpenApiDocument', () => {
versionedRouters: {
testVersionedRouter1: {
routes: [
{ path: '/v1-1', options: { access: 'public', options: { tags: ['oas-tag:v1'] } } },
{
path: '/v1-1',
options: {
access: 'public',
options: { tags: ['oas-tag:v1'] },
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
},
{
path: '/v1-2',
options: {
access: 'public',
options: { tags: ['foo', 'bar', 'oas-tag:v2', 'oas-tag:v3'] },
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
},
],
},
testVersionedRouter2: {
routes: [
{ path: '/v2-1', options: { access: 'public', options: { tags: undefined } } },
{
path: '/v2-1',
options: {
access: 'public',
options: { tags: undefined },
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
},
],
},
},
@ -369,6 +411,11 @@ describe('generateOpenApiDocument', () => {
options: {
access: 'public',
options: { availability: { stability: 'experimental' } },
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
},
{
@ -376,6 +423,11 @@ describe('generateOpenApiDocument', () => {
options: {
access: 'public',
options: { availability: { stability: 'beta' } },
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
},
{
@ -383,12 +435,29 @@ describe('generateOpenApiDocument', () => {
options: {
access: 'public',
options: { availability: { stability: 'stable' } },
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
},
],
},
testVersionedRouter2: {
routes: [{ path: '/v2-1', options: { access: 'public' } }],
routes: [
{
path: '/v2-1',
options: {
access: 'public',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
},
],
},
},
});
@ -471,6 +540,11 @@ describe('generateOpenApiDocument', () => {
{
options: {
access: 'public',
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
},
],

5
src/platform/packages/shared/kbn-router-to-openapispec/src/generate_oas.test.util.ts
View file

@ -69,6 +69,11 @@ export const getVersionedRouterDefaults = (bodySchema?: RuntimeSchema): Versione
options: {
tags: ['ignore-me', 'oas-tag:versioned'],
},
security: {
authz: {
requiredPrivileges: ['foo'],
},
},
},
isVersioned: true,
handlers: [

14
src/platform/packages/shared/kbn-server-route-repository/src/register_routes.ts
View file

@ -192,7 +192,12 @@ export function registerRoutes<TDependencies extends Record<string, any>>({
...options,
access,
},
security,
security: security ?? {
authz: {
enabled: false,
reason: 'Delegates authorization to the es client',
},
},
validate: validationObject,
},
wrappedHandler
@ -204,7 +209,12 @@ export function registerRoutes<TDependencies extends Record<string, any>>({
summary: options.summary,
description: options.description,
options: omit(options, 'access', 'description', 'summary', 'deprecated', 'discontinued'),
security,
security: security ?? {
authz: {
enabled: false,
reason: 'Delegates authorization to the es client',
},
},
}).addVersion(
{
version,

14
src/platform/plugins/shared/controls/server/options_list/options_list_cluster_settings_route.ts
View file

@ -16,17 +16,17 @@ export const setupOptionsListClusterSettingsRoute = ({ http }: CoreSetup) => {
.get({
access: 'internal',
path: '/internal/controls/getExpensiveQueriesSetting',
security: {
authz: {
enabled: false,
reason:
'This route is opted out from authorization because it does not take a query, params, or a body, so there is no chance of leaking info.',
},
},
})
.addVersion(
{
version: '1',
security: {
authz: {
enabled: false,
reason:
'This route is opted out from authorization because it does not take a query, params, or a body, so there is no chance of leaking info.',
},
},
validate: false,
},
async (context, _, response) => {

14
src/platform/plugins/shared/controls/server/options_list/options_list_suggestions_route.ts
View file

@ -29,17 +29,17 @@ export const setupOptionsListSuggestionsRoute = (
.post({
access: 'internal',
path: '/internal/controls/optionsList/{index}',
security: {
authz: {
enabled: false,
reason:
'This route is opted out from authorization because permissions will be checked by elasticsearch.',
},
},
})
.addVersion(
{
version: '1',
security: {
authz: {
enabled: false,
reason:
'This route is opted out from authorization because permissions will be checked by elasticsearch.',
},
},
validate: {
request: {
params: schema.object(

12
src/platform/plugins/shared/data/server/kql_telemetry/route.ts
View file

@ -20,16 +20,16 @@ export function registerKqlTelemetryRoute(
.post({
path: '/internal/kql_opt_in_stats',
access: 'internal',
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
})
.addVersion(
{
version: KQL_TELEMETRY_ROUTE_LATEST_VERSION,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: {
request: {
body: schema.object({

361
src/platform/plugins/shared/data/server/query/routes.ts
View file

@ -40,236 +40,271 @@ const version = '1';
export function registerSavedQueryRoutes({ http }: CoreSetup): void {
const router = http.createRouter<SavedQueryRouteHandlerContext>();
router.versioned.post({ path: `${SAVED_QUERY_BASE_URL}/_is_duplicate_title`, access }).addVersion(
{
version,
router.versioned
.post({
path: `${SAVED_QUERY_BASE_URL}/_is_duplicate_title`,
access,
security: {
authz: {
requiredPrivileges: ['savedQuery:read'],
},
},
validate: {
request: {
body: schema.object({
title: schema.string(),
id: schema.maybe(schema.string()),
}),
},
response: {
200: {
body: () =>
schema.object({
isDuplicate: schema.boolean(),
}),
})
.addVersion(
{
version,
validate: {
request: {
body: schema.object({
title: schema.string(),
id: schema.maybe(schema.string()),
}),
},
response: {
200: {
body: () =>
schema.object({
isDuplicate: schema.boolean(),
}),
},
},
},
},
},
async (context, request, response) => {
try {
const savedQuery = await context.savedQuery;
const isDuplicate = await savedQuery.isDuplicateTitle(request.body);
return response.ok({ body: { isDuplicate } });
} catch (e) {
const err = e.output?.payload ?? e;
return reportServerError(response, err);
async (context, request, response) => {
try {
const savedQuery = await context.savedQuery;
const isDuplicate = await savedQuery.isDuplicateTitle(request.body);
return response.ok({ body: { isDuplicate } });
} catch (e) {
const err = e.output?.payload ?? e;
return reportServerError(response, err);
}
}
}
);
);
router.versioned.post({ path: `${SAVED_QUERY_BASE_URL}/_create`, access }).addVersion(
{
version,
router.versioned
.post({
path: `${SAVED_QUERY_BASE_URL}/_create`,
access,
security: {
authz: {
requiredPrivileges: ['savedQuery:manage'],
},
},
validate: {
request: {
body: SAVED_QUERY_ATTRS_CONFIG,
},
response: {
200: {
body: savedQueryResponseSchema,
})
.addVersion(
{
version,
validate: {
request: {
body: SAVED_QUERY_ATTRS_CONFIG,
},
response: {
200: {
body: savedQueryResponseSchema,
},
},
},
},
},
async (context, request, response) => {
try {
const savedQuery = await context.savedQuery;
const body = await savedQuery.create(request.body);
return response.ok({ body });
} catch (e) {
const err = e.output?.payload ?? e;
return reportServerError(response, err);
async (context, request, response) => {
try {
const savedQuery = await context.savedQuery;
const body = await savedQuery.create(request.body);
return response.ok({ body });
} catch (e) {
const err = e.output?.payload ?? e;
return reportServerError(response, err);
}
}
}
);
);
router.versioned.put({ path: `${SAVED_QUERY_BASE_URL}/{id}`, access }).addVersion(
{
version,
router.versioned
.put({
path: `${SAVED_QUERY_BASE_URL}/{id}`,
access,
security: {
authz: {
requiredPrivileges: ['savedQuery:manage'],
},
},
validate: {
request: {
params: SAVED_QUERY_ID_CONFIG,
body: SAVED_QUERY_ATTRS_CONFIG,
},
response: {
200: {
body: savedQueryResponseSchema,
})
.addVersion(
{
version,
validate: {
request: {
params: SAVED_QUERY_ID_CONFIG,
body: SAVED_QUERY_ATTRS_CONFIG,
},
response: {
200: {
body: savedQueryResponseSchema,
},
},
},
},
},
async (context, request, response) => {
const { id } = request.params;
try {
const savedQuery = await context.savedQuery;
const body = await savedQuery.update(id, request.body);
return response.ok({ body });
} catch (e) {
const err = e.output?.payload ?? e;
return reportServerError(response, err);
async (context, request, response) => {
const { id } = request.params;
try {
const savedQuery = await context.savedQuery;
const body = await savedQuery.update(id, request.body);
return response.ok({ body });
} catch (e) {
const err = e.output?.payload ?? e;
return reportServerError(response, err);
}
}
}
);
);
router.versioned.get({ path: `${SAVED_QUERY_BASE_URL}/{id}`, access }).addVersion(
{
version,
router.versioned
.get({
path: `${SAVED_QUERY_BASE_URL}/{id}`,
access,
security: {
authz: {
requiredPrivileges: ['savedQuery:read'],
},
},
validate: {
request: {
params: SAVED_QUERY_ID_CONFIG,
},
response: {
200: {
body: savedQueryResponseSchema,
})
.addVersion(
{
version,
validate: {
request: {
params: SAVED_QUERY_ID_CONFIG,
},
response: {
200: {
body: savedQueryResponseSchema,
},
},
},
},
},
async (context, request, response) => {
const { id } = request.params;
try {
const savedQuery = await context.savedQuery;
const body = await savedQuery.get(id);
return response.ok({ body });
} catch (e) {
const err = e.output?.payload ?? e;
return reportServerError(response, err);
async (context, request, response) => {
const { id } = request.params;
try {
const savedQuery = await context.savedQuery;
const body = await savedQuery.get(id);
return response.ok({ body });
} catch (e) {
const err = e.output?.payload ?? e;
return reportServerError(response, err);
}
}
}
);
);
router.versioned.get({ path: `${SAVED_QUERY_BASE_URL}/_count`, access }).addVersion(
{
version,
router.versioned
.get({
path: `${SAVED_QUERY_BASE_URL}/_count`,
access,
security: {
authz: {
requiredPrivileges: ['savedQuery:read'],
},
},
validate: {
request: {},
response: {
200: {
body: () => schema.number(),
})
.addVersion(
{
version,
validate: {
request: {},
response: {
200: {
body: () => schema.number(),
},
},
},
},
},
async (context, request, response) => {
try {
const savedQuery = await context.savedQuery;
const count: number = await savedQuery.count();
return response.ok({ body: `${count}` });
} catch (e) {
const err = e.output?.payload ?? e;
return reportServerError(response, err);
async (context, request, response) => {
try {
const savedQuery = await context.savedQuery;
const count: number = await savedQuery.count();
return response.ok({ body: `${count}` });
} catch (e) {
const err = e.output?.payload ?? e;
return reportServerError(response, err);
}
}
}
);
);
router.versioned.post({ path: `${SAVED_QUERY_BASE_URL}/_find`, access }).addVersion(
{
version,
router.versioned
.post({
path: `${SAVED_QUERY_BASE_URL}/_find`,
access,
security: {
authz: {
requiredPrivileges: ['savedQuery:read'],
},
},
validate: {
request: {
body: schema.object({
search: schema.string({ defaultValue: '' }),
perPage: schema.number({ defaultValue: 50 }),
page: schema.number({ defaultValue: 1 }),
}),
},
response: {
200: {
body: () =>
schema.object({
total: schema.number(),
savedQueries: schema.arrayOf(savedQueryResponseSchema()),
}),
})
.addVersion(
{
version,
validate: {
request: {
body: schema.object({
search: schema.string({ defaultValue: '' }),
perPage: schema.number({ defaultValue: 50 }),
page: schema.number({ defaultValue: 1 }),
}),
},
response: {
200: {
body: () =>
schema.object({
total: schema.number(),
savedQueries: schema.arrayOf(savedQueryResponseSchema()),
}),
},
},
},
},
},
async (context, request, response) => {
try {
const savedQuery = await context.savedQuery;
const body = await savedQuery.find(request.body);
return response.ok({ body });
} catch (e) {
const err = e.output?.payload ?? e;
return reportServerError(response, err);
async (context, request, response) => {
try {
const savedQuery = await context.savedQuery;
const body = await savedQuery.find(request.body);
return response.ok({ body });
} catch (e) {
const err = e.output?.payload ?? e;
return reportServerError(response, err);
}
}
}
);
);
router.versioned.delete({ path: `${SAVED_QUERY_BASE_URL}/{id}`, access }).addVersion(
{
version,
router.versioned
.delete({
path: `${SAVED_QUERY_BASE_URL}/{id}`,
access,
security: {
authz: {
requiredPrivileges: ['savedQuery:manage'],
},
},
validate: {
request: {
params: SAVED_QUERY_ID_CONFIG,
},
response: {
200: {
body: () => schema.never(),
})
.addVersion(
{
version,
validate: {
request: {
params: SAVED_QUERY_ID_CONFIG,
},
response: {
200: {
body: () => schema.never(),
},
},
},
},
},
async (context, request, response) => {
const { id } = request.params;
try {
const savedQuery = await context.savedQuery;
await savedQuery.delete(id);
return response.ok();
} catch (e) {
const err = e.output?.payload ?? e;
return reportServerError(response, err);
async (context, request, response) => {
const { id } = request.params;
try {
const savedQuery = await context.savedQuery;
await savedQuery.delete(id);
return response.ok();
} catch (e) {
const err = e.output?.payload ?? e;
return reportServerError(response, err);
}
}
}
);
);
}

12
src/platform/plugins/shared/data/server/scripts/route.ts
View file

@ -16,16 +16,16 @@ export function registerScriptsRoute(router: IRouter) {
.get({
path: '/internal/scripts/languages',
access: 'internal',
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
})
.addVersion(
{
version: SCRIPT_LANGUAGES_ROUTE_LATEST_VERSION,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: {
response: {
'200': {

24
src/platform/plugins/shared/data/server/search/routes/search.ts
View file

@ -30,16 +30,16 @@ export function registerSearchRoute(
.post({
path: `${SEARCH_API_BASE_URL}/{strategy}/{id?}`,
access: 'internal',
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
})
.addVersion(
{
version: '1',
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: {
request: {
params: schema.object({
@ -128,16 +128,16 @@ export function registerSearchRoute(
.delete({
path: '/internal/search/{strategy}/{id}',
access: 'internal',
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
})
.addVersion(
{
version: '1',
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: {
request: {
params: schema.object({

568
src/platform/plugins/shared/data/server/search/routes/session.ts
View file

@ -34,321 +34,365 @@ const idAndAttrsOnly = (so?: SearchSessionRestResponse) =>
so && { id: so.id, attributes: so.attributes };
export function registerSessionRoutes(router: DataPluginRouter, logger: Logger): void {
router.versioned.post({ path: pathPrefix, access }).addVersion(
{
version,
router.versioned
.post({
path: pathPrefix,
access,
security: {
authz: { requiredPrivileges },
},
validate: {
request: {
body: schema.object({
sessionId: schema.string(),
name: schema.string(),
appId: schema.string(),
expires: schema.maybe(schema.string()),
locatorId: schema.string(),
initialState: schema.maybe(schema.object({}, { unknowns: 'allow' })),
restoreState: schema.maybe(schema.object({}, { unknowns: 'allow' })),
}),
},
response: {
200: {
body: () => schema.maybe(searchSessionSchema()),
})
.addVersion(
{
version,
validate: {
request: {
body: schema.object({
sessionId: schema.string(),
name: schema.string(),
appId: schema.string(),
expires: schema.maybe(schema.string()),
locatorId: schema.string(),
initialState: schema.maybe(schema.object({}, { unknowns: 'allow' })),
restoreState: schema.maybe(schema.object({}, { unknowns: 'allow' })),
}),
},
response: {
200: {
body: () => schema.maybe(searchSessionSchema()),
},
},
},
},
},
async (context, request, res) => {
const { sessionId, name, expires, initialState, restoreState, appId, locatorId } =
request.body;
async (context, request, res) => {
const { sessionId, name, expires, initialState, restoreState, appId, locatorId } =
request.body;
try {
const searchContext = await context.search;
try {
const searchContext = await context.search;
const response = await searchContext.saveSession(sessionId, {
name,
appId,
expires,
locatorId,
initialState,
restoreState,
});
const response = await searchContext.saveSession(sessionId, {
name,
appId,
expires,
locatorId,
initialState,
restoreState,
});
const body: SearchSessionRestResponse | undefined = idAndAttrsOnly(response);
const body: SearchSessionRestResponse | undefined = idAndAttrsOnly(response);
return res.ok({ body });
} catch (err) {
logger.error(err);
return reportServerError(res, err);
return res.ok({ body });
} catch (err) {
logger.error(err);
return reportServerError(res, err);
}
}
}
);
);
router.versioned.get({ path: `${pathPrefix}/{id}`, access }).addVersion(
{
version,
router.versioned
.get({
path: `${pathPrefix}/{id}`,
access,
security: {
authz: { requiredPrivileges },
},
validate: {
request: {
params: schema.object({
id: schema.string(),
}),
},
response: {
200: {
body: searchSessionSchema,
})
.addVersion(
{
version,
validate: {
request: {
params: schema.object({
id: schema.string(),
}),
},
response: {
200: {
body: searchSessionSchema,
},
},
},
},
},
async (context, request, res) => {
const { id } = request.params;
try {
const searchContext = await context.search;
const response: SearchSessionRestResponse = await searchContext!.getSession(id);
const body = idAndAttrsOnly(response);
async (context, request, res) => {
const { id } = request.params;
try {
const searchContext = await context.search;
const response: SearchSessionRestResponse = await searchContext!.getSession(id);
const body = idAndAttrsOnly(response);
return res.ok({ body });
} catch (e) {
const err = e.output?.payload || e;
logger.error(err);
return reportServerError(res, err);
return res.ok({ body });
} catch (e) {
const err = e.output?.payload || e;
logger.error(err);
return reportServerError(res, err);
}
}
}
);
);
router.versioned.get({ path: `${pathPrefix}/{id}/status`, access }).addVersion(
{
version,
router.versioned
.get({
path: `${pathPrefix}/{id}/status`,
access,
security: {
authz: { requiredPrivileges },
},
validate: {
request: {
params: schema.object({
id: schema.string(),
}),
},
response: {
200: {
body: searchSessionStatusSchema,
})
.addVersion(
{
version,
validate: {
request: {
params: schema.object({
id: schema.string(),
}),
},
response: {
200: {
body: searchSessionStatusSchema,
},
},
},
},
},
async (context, request, res) => {
const { id } = request.params;
try {
const searchContext = await context.search;
const response: SearchSessionStatusRestResponse = await searchContext!.getSessionStatus(id);
async (context, request, res) => {
const { id } = request.params;
try {
const searchContext = await context.search;
const response: SearchSessionStatusRestResponse = await searchContext!.getSessionStatus(
id
);
return res.ok({
body: response,
});
} catch (e) {
const err = e.output?.payload || e;
logger.error(err);
return reportServerError(res, err);
return res.ok({
body: response,
});
} catch (e) {
const err = e.output?.payload || e;
logger.error(err);
return reportServerError(res, err);
}
}
}
);
);
router.versioned.post({ path: `${pathPrefix}/_find`, access }).addVersion(
{
version,
router.versioned
.post({
path: `${pathPrefix}/_find`,
access,
security: {
authz: { requiredPrivileges },
},
validate: {
request: {
body: schema.object({
page: schema.maybe(schema.number()),
perPage: schema.maybe(schema.number()),
sortField: schema.maybe(schema.string()),
sortOrder: schema.maybe(schema.oneOf([schema.literal('desc'), schema.literal('asc')])),
filter: schema.maybe(schema.string()),
searchFields: schema.maybe(schema.arrayOf(schema.string())),
search: schema.maybe(schema.string()),
}),
},
response: {
200: {
body: searchSessionsFindSchema,
})
.addVersion(
{
version,
validate: {
request: {
body: schema.object({
page: schema.maybe(schema.number()),
perPage: schema.maybe(schema.number()),
sortField: schema.maybe(schema.string()),
sortOrder: schema.maybe(
schema.oneOf([schema.literal('desc'), schema.literal('asc')])
),
filter: schema.maybe(schema.string()),
searchFields: schema.maybe(schema.arrayOf(schema.string())),
search: schema.maybe(schema.string()),
}),
},
response: {
200: {
body: searchSessionsFindSchema,
},
},
},
},
},
async (context, request, res) => {
const { page, perPage, sortField, sortOrder, filter, searchFields, search } = request.body;
try {
const searchContext = await context.search;
const response: SearchSessionsFindRestResponse = await searchContext!.findSessions({
page,
perPage,
sortField,
sortOrder,
filter,
searchFields,
search,
});
async (context, request, res) => {
const { page, perPage, sortField, sortOrder, filter, searchFields, search } = request.body;
try {
const searchContext = await context.search;
const response: SearchSessionsFindRestResponse = await searchContext!.findSessions({
page,
perPage,
sortField,
sortOrder,
filter,
searchFields,
search,
});
const body = {
total: response.total,
saved_objects: response.saved_objects.map(idAndAttrsOnly),
statuses: response.statuses,
};
const body = {
total: response.total,
saved_objects: response.saved_objects.map(idAndAttrsOnly),
statuses: response.statuses,
};
return res.ok({ body });
} catch (err) {
logger.error(err);
return reportServerError(res, err);
return res.ok({ body });
} catch (err) {
logger.error(err);
return reportServerError(res, err);
}
}
}
);
);
router.versioned.delete({ path: `${pathPrefix}/{id}`, access }).addVersion(
{
version,
router.versioned
.delete({
path: `${pathPrefix}/{id}`,
access,
security: {
authz: { requiredPrivileges },
},
validate: {
request: {
params: schema.object({
id: schema.string(),
}),
},
},
},
async (context, request, res) => {
const { id } = request.params;
try {
const searchContext = await context.search;
await searchContext.deleteSession(id);
return res.ok();
} catch (e) {
const err = e.output?.payload || e;
logger.error(err);
return reportServerError(res, err);
}
}
);
router.versioned.post({ path: `${pathPrefix}/{id}/cancel`, access }).addVersion(
{
version,
security: {
authz: { requiredPrivileges },
},
validate: {
request: {
params: schema.object({
id: schema.string(),
}),
},
},
},
async (context, request, res) => {
const { id } = request.params;
try {
const searchContext = await context.search;
await searchContext.cancelSession(id);
return res.ok();
} catch (e) {
const err = e.output?.payload || e;
logger.error(err);
return reportServerError(res, err);
}
}
);
router.versioned.put({ path: `${pathPrefix}/{id}`, access }).addVersion(
{
version,
security: {
authz: { requiredPrivileges },
},
validate: {
request: {
params: schema.object({
id: schema.string(),
}),
body: schema.object({
name: schema.maybe(schema.string()),
expires: schema.maybe(schema.string()),
}),
},
response: {
200: {
body: searchSessionsUpdateSchema,
})
.addVersion(
{
version,
validate: {
request: {
params: schema.object({
id: schema.string(),
}),
},
},
},
},
async (context, request, res) => {
const { id } = request.params;
const { name, expires } = request.body;
try {
const searchContext = await context.search;
const response: SearchSessionsUpdateRestResponse = await searchContext.updateSession(id, {
name,
expires,
});
return res.ok({
body: response,
});
} catch (err) {
logger.error(err);
return reportServerError(res, err);
}
}
);
async (context, request, res) => {
const { id } = request.params;
try {
const searchContext = await context.search;
await searchContext.deleteSession(id);
router.versioned.post({ path: `${pathPrefix}/{id}/_extend`, access }).addVersion(
{
version,
return res.ok();
} catch (e) {
const err = e.output?.payload || e;
logger.error(err);
return reportServerError(res, err);
}
}
);
router.versioned
.post({
path: `${pathPrefix}/{id}/cancel`,
access,
security: {
authz: { requiredPrivileges },
},
validate: {
request: {
params: schema.object({
id: schema.string(),
}),
body: schema.object({
expires: schema.string(),
}),
},
response: {
200: {
body: searchSessionsUpdateSchema,
})
.addVersion(
{
version,
validate: {
request: {
params: schema.object({
id: schema.string(),
}),
},
},
},
},
async (context, request, res) => {
const { id } = request.params;
const { expires } = request.body;
try {
const searchContext = await context.search;
const response: SearchSessionsUpdateRestResponse = await searchContext.extendSession(
id,
new Date(expires)
);
async (context, request, res) => {
const { id } = request.params;
try {
const searchContext = await context.search;
await searchContext.cancelSession(id);
return res.ok({
body: response,
});
} catch (e) {
const err = e.output?.payload || e;
logger.error(err);
return reportServerError(res, err);
return res.ok();
} catch (e) {
const err = e.output?.payload || e;
logger.error(err);
return reportServerError(res, err);
}
}
}
);
);
router.versioned
.put({
path: `${pathPrefix}/{id}`,
access,
security: {
authz: { requiredPrivileges },
},
})
.addVersion(
{
version,
validate: {
request: {
params: schema.object({
id: schema.string(),
}),
body: schema.object({
name: schema.maybe(schema.string()),
expires: schema.maybe(schema.string()),
}),
},
response: {
200: {
body: searchSessionsUpdateSchema,
},
},
},
},
async (context, request, res) => {
const { id } = request.params;
const { name, expires } = request.body;
try {
const searchContext = await context.search;
const response: SearchSessionsUpdateRestResponse = await searchContext.updateSession(id, {
name,
expires,
});
return res.ok({
body: response,
});
} catch (err) {
logger.error(err);
return reportServerError(res, err);
}
}
);
router.versioned
.post({
path: `${pathPrefix}/{id}/_extend`,
access,
security: {
authz: { requiredPrivileges },
},
})
.addVersion(
{
version,
validate: {
request: {
params: schema.object({
id: schema.string(),
}),
body: schema.object({
expires: schema.string(),
}),
},
response: {
200: {
body: searchSessionsUpdateSchema,
},
},
},
},
async (context, request, res) => {
const { id } = request.params;
const { expires } = request.body;
try {
const searchContext = await context.search;
const response: SearchSessionsUpdateRestResponse = await searchContext.extendSession(
id,
new Date(expires)
);
return res.ok({
body: response,
});
} catch (e) {
const err = e.output?.payload || e;
logger.error(err);
return reportServerError(res, err);
}
}
);
}

81
src/platform/plugins/shared/data_view_field_editor/server/routes/field_preview.ts
View file

@ -48,55 +48,60 @@ const responseSchema = () => {
};
export const registerFieldPreviewRoute = ({ router }: RouteDependencies): void => {
router.versioned.post({ path, access: 'internal' }).addVersion(
{
version: '1',
router.versioned
.post({
path,
access: 'internal',
security: {
authz: {
enabled: false,
reason: 'Authorization provided by Elasticsearch',
},
},
validate: {
request: {
body: bodySchema,
},
response: {
200: {
body: responseSchema,
})
.addVersion(
{
version: '1',
validate: {
request: {
body: bodySchema,
},
response: {
200: {
body: responseSchema,
},
},
},
},
},
async (ctx, req, res) => {
const { client } = (await ctx.core).elasticsearch;
async (ctx, req, res) => {
const { client } = (await ctx.core).elasticsearch;
const body = {
script: req.body.script,
context: req.body.context,
context_setup: {
document: req.body.document,
index: req.body.index,
},
};
try {
// client types need to be updated to support this request format
// when it does, supply response types
const { result } = await client.asCurrentUser.scriptsPainlessExecute(body);
return res.ok({ body: { values: result } });
} catch (error) {
// Assume invalid painless script was submitted
// Return 200 with error object
const handleCustomError = () => {
return res.ok({
body: { values: [], error: error.body?.error, status: error.statusCode },
});
const body = {
script: req.body.script,
context: req.body.context,
context_setup: {
document: req.body.document,
index: req.body.index,
},
};
return handleEsError({ error, response: res, handleCustomError });
try {
// client types need to be updated to support this request format
// when it does, supply response types
const { result } = await client.asCurrentUser.scriptsPainlessExecute(body);
return res.ok({ body: { values: result } });
} catch (error) {
// Assume invalid painless script was submitted
// Return 200 with error object
const handleCustomError = () => {
return res.ok({
body: { values: [], error: error.body?.error, status: error.statusCode },
});
};
return handleEsError({ error, response: res, handleCustomError });
}
}
}
);
);
};

12
src/platform/plugins/shared/data_views/server/rest_api_routes/internal/existing_indices.ts
View file

@ -56,16 +56,16 @@ export const registerExistingIndicesPath = (router: IRouter): void => {
.get({
path: EXISTING_INDICES_PATH,
access: 'internal',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the scoped ES client',
},
},
})
.addVersion(
{
version,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: {
request: {
query: schema.object({

20
src/platform/plugins/shared/data_views/server/rest_api_routes/internal/fields.ts
View file

@ -146,17 +146,23 @@ export const registerFields = (
>,
isRollupsEnabled: () => boolean
) => {
router.versioned.get({ path, access: 'internal', enableQueryVersion: true }).addVersion(
{
version: '1',
router.versioned
.get({
path,
access: 'internal',
enableQueryVersion: true,
security: {
authz: {
enabled: false,
reason: 'Authorization provided by Elasticsearch',
},
},
validate: { request: { query: querySchema }, response: validate.response },
},
handler(isRollupsEnabled)
);
})
.addVersion(
{
version: '1',
validate: { request: { query: querySchema }, response: validate.response },
},
handler(isRollupsEnabled)
);
};

9
src/platform/plugins/shared/data_views/server/rest_api_routes/internal/fields_for.ts
View file

@ -250,26 +250,23 @@ export const registerFieldForWildcard = (
const authz: RouteAuthz = { enabled: false, reason: 'Authorization provided by Elasticsearch' };
// handler
router.versioned.put({ path, access }).addVersion(
router.versioned.put({ path, access, security: { authz } }).addVersion(
{
version,
security: { authz },
validate,
},
configuredHandler
);
router.versioned.post({ path, access }).addVersion(
router.versioned.post({ path, access, security: { authz } }).addVersion(
{
version,
security: { authz },
validate,
},
configuredHandler
);
router.versioned.get({ path, access }).addVersion(
router.versioned.get({ path, access, security: { authz } }).addVersion(
{
version,
security: { authz },
validate: { request: { query: querySchema }, response: validate.response },
},
configuredHandler

12
src/platform/plugins/shared/data_views/server/rest_api_routes/internal/has_data_views.ts
View file

@ -41,16 +41,16 @@ export const registerHasDataViewsRoute = (router: IRouter): void => {
.get({
path: '/internal/data_views/has_data_views',
access: 'internal',
security: {
authz: {
enabled: false,
reason: 'Authorization provided by saved objects client',
},
},
})
.addVersion(
{
version: '1',
security: {
authz: {
enabled: false,
reason: 'Authorization provided by saved objects client',
},
},
validate: {
response: {
200: {

12
src/platform/plugins/shared/data_views/server/rest_api_routes/internal/has_es_data.ts
View file

@ -129,16 +129,16 @@ export const registerHasEsDataRoute = (
.get({
path: '/internal/data_views/has_es_data',
access: 'internal',
security: {
authz: {
enabled: false,
reason: 'Authorization provided by Elasticsearch',
},
},
})
.addVersion(
{
version: '1',
security: {
authz: {
enabled: false,
reason: 'Authorization provided by Elasticsearch',
},
},
validate: {
response: {
200: {

122
src/platform/plugins/shared/data_views/server/rest_api_routes/public/create_data_view.ts
View file

@ -58,78 +58,84 @@ const registerCreateDataViewRouteFactory =
>,
usageCollection?: UsageCounter
) => {
router.versioned.post({ path, access: 'public', description }).addVersion(
{
version: INITIAL_REST_VERSION,
router.versioned
.post({
path,
access: 'public',
description,
security: {
authz: {
requiredPrivileges: ['indexPatterns:manage'],
},
},
validate: {
request: {
body: schema.object({
override: schema.maybe(schema.boolean({ defaultValue: false })),
refresh_fields: schema.maybe(schema.boolean({ defaultValue: false })),
data_view: serviceKey === SERVICE_KEY ? dataViewSpecSchema : schema.never(),
index_pattern:
serviceKey === SERVICE_KEY_LEGACY ? dataViewSpecSchema : schema.never(),
}),
},
response: {
200: {
body: () =>
schema.object({
[serviceKey]: dataViewSpecSchema,
}),
})
.addVersion(
{
version: INITIAL_REST_VERSION,
validate: {
request: {
body: schema.object({
override: schema.maybe(schema.boolean({ defaultValue: false })),
refresh_fields: schema.maybe(schema.boolean({ defaultValue: false })),
data_view: serviceKey === SERVICE_KEY ? dataViewSpecSchema : schema.never(),
index_pattern:
serviceKey === SERVICE_KEY_LEGACY ? dataViewSpecSchema : schema.never(),
}),
},
response: {
200: {
body: () =>
schema.object({
[serviceKey]: dataViewSpecSchema,
}),
},
},
},
},
},
router.handleLegacyErrors(
handleErrors(async (ctx, req, res) => {
const core = await ctx.core;
const savedObjectsClient = core.savedObjects.client;
const elasticsearchClient = core.elasticsearch.client.asCurrentUser;
const [, , { dataViewsServiceFactory }] = await getStartServices();
router.handleLegacyErrors(
handleErrors(async (ctx, req, res) => {
const core = await ctx.core;
const savedObjectsClient = core.savedObjects.client;
const elasticsearchClient = core.elasticsearch.client.asCurrentUser;
const [, , { dataViewsServiceFactory }] = await getStartServices();
const dataViewsService = await dataViewsServiceFactory(
savedObjectsClient,
elasticsearchClient,
req
);
const body = req.body;
const dataViewsService = await dataViewsServiceFactory(
savedObjectsClient,
elasticsearchClient,
req
);
const body = req.body;
const spec = serviceKey === SERVICE_KEY ? body.data_view : body.index_pattern;
const spec = serviceKey === SERVICE_KEY ? body.data_view : body.index_pattern;
const dataView = await createDataView({
dataViewsService,
usageCollection,
spec: { ...spec, name: spec.name || spec.title } as DataViewSpec,
override: body.override,
refreshFields: body.refresh_fields,
counterName: `${req.route.method} ${path}`,
});
const dataView = await createDataView({
dataViewsService,
usageCollection,
spec: { ...spec, name: spec.name || spec.title } as DataViewSpec,
override: body.override,
refreshFields: body.refresh_fields,
counterName: `${req.route.method} ${path}`,
});
const toSpecParams =
body.refresh_fields === false ? {} : { fieldParams: { fieldName: ['*'] } };
const toSpecParams =
body.refresh_fields === false ? {} : { fieldParams: { fieldName: ['*'] } };
const responseBody: Record<string, DataViewSpecRestResponse> = {
[serviceKey]: {
...(await dataView.toSpec(toSpecParams)),
namespaces: dataView.namespaces,
},
};
const responseBody: Record<string, DataViewSpecRestResponse> = {
[serviceKey]: {
...(await dataView.toSpec(toSpecParams)),
namespaces: dataView.namespaces,
},
};
return res.ok({
headers: {
'content-type': 'application/json',
},
body: responseBody,
});
})
)
);
return res.ok({
headers: {
'content-type': 'application/json',
},
body: responseBody,
});
})
)
);
};
export const registerCreateDataViewRoute = registerCreateDataViewRouteFactory(

164
src/platform/plugins/shared/data_views/server/rest_api_routes/public/default_data_view.ts
View file

@ -70,105 +70,117 @@ const manageDefaultIndexPatternRoutesFactory =
>,
usageCollection?: UsageCounter
) => {
router.versioned.get({ path, access: 'public', description: getDescription }).addVersion(
{
version: INITIAL_REST_VERSION,
router.versioned
.get({
path,
access: 'public',
description: getDescription,
security: {
authz: {
enabled: false,
reason: 'Authorization provided by saved objects client',
},
},
validate: {
request: {},
response: {
200: {
body: () => schema.object({ [`${serviceKey}_id`]: schema.string() }),
})
.addVersion(
{
version: INITIAL_REST_VERSION,
validate: {
request: {},
response: {
200: {
body: () => schema.object({ [`${serviceKey}_id`]: schema.string() }),
},
},
},
},
},
handleErrors(async (ctx, req, res) => {
const core = await ctx.core;
const savedObjectsClient = core.savedObjects.client;
const elasticsearchClient = core.elasticsearch.client.asCurrentUser;
const [, , { dataViewsServiceFactory }] = await getStartServices();
const dataViewsService = await dataViewsServiceFactory(
savedObjectsClient,
elasticsearchClient,
req
);
handleErrors(async (ctx, req, res) => {
const core = await ctx.core;
const savedObjectsClient = core.savedObjects.client;
const elasticsearchClient = core.elasticsearch.client.asCurrentUser;
const [, , { dataViewsServiceFactory }] = await getStartServices();
const dataViewsService = await dataViewsServiceFactory(
savedObjectsClient,
elasticsearchClient,
req
);
const id = await getDefault({
dataViewsService,
usageCollection,
counterName: `${req.route.method} ${path}`,
});
const id = await getDefault({
dataViewsService,
usageCollection,
counterName: `${req.route.method} ${path}`,
});
return res.ok({
body: {
[`${serviceKey}_id`]: id,
},
});
})
);
return res.ok({
body: {
[`${serviceKey}_id`]: id,
},
});
})
);
router.versioned.post({ path, access: 'public', description: postDescription }).addVersion(
{
version: INITIAL_REST_VERSION,
router.versioned
.post({
path,
access: 'public',
description: postDescription,
security: {
authz: {
requiredPrivileges: ['indexPatterns:manage'],
},
},
validate: {
request: {
body: schema.object({
[`${serviceKey}_id`]: schema.nullable(
schema.string({
minLength: 1,
maxLength: 1_000,
})
),
force: schema.boolean({ defaultValue: false }),
}),
},
response: {
200: {
body: () => schema.object({ acknowledged: schema.boolean() }),
})
.addVersion(
{
version: INITIAL_REST_VERSION,
validate: {
request: {
body: schema.object({
[`${serviceKey}_id`]: schema.nullable(
schema.string({
minLength: 1,
maxLength: 1_000,
})
),
force: schema.boolean({ defaultValue: false }),
}),
},
response: {
200: {
body: () => schema.object({ acknowledged: schema.boolean() }),
},
},
},
},
},
handleErrors(async (ctx, req, res) => {
const core = await ctx.core;
const savedObjectsClient = core.savedObjects.client;
const elasticsearchClient = core.elasticsearch.client.asCurrentUser;
const [, , { dataViewsServiceFactory }] = await getStartServices();
const dataViewsService = await dataViewsServiceFactory(
savedObjectsClient,
elasticsearchClient,
req
);
handleErrors(async (ctx, req, res) => {
const core = await ctx.core;
const savedObjectsClient = core.savedObjects.client;
const elasticsearchClient = core.elasticsearch.client.asCurrentUser;
const [, , { dataViewsServiceFactory }] = await getStartServices();
const dataViewsService = await dataViewsServiceFactory(
savedObjectsClient,
elasticsearchClient,
req
);
const newDefaultId = req.body[`${serviceKey}_id`] as string;
const force = req.body.force as boolean;
const newDefaultId = req.body[`${serviceKey}_id`] as string;
const force = req.body.force as boolean;
await setDefault({
dataViewsService,
usageCollection,
counterName: `${req.route.method} ${path}`,
newDefaultId,
force,
});
await setDefault({
dataViewsService,
usageCollection,
counterName: `${req.route.method} ${path}`,
newDefaultId,
force,
});
return res.ok({
body: {
acknowledged: true,
},
});
})
);
return res.ok({
body: {
acknowledged: true,
},
});
})
);
};
export const registerManageDefaultDataViewRoute = manageDefaultIndexPatternRoutesFactory(

80
src/platform/plugins/shared/data_views/server/rest_api_routes/public/delete_data_view.ts
View file

@ -50,52 +50,58 @@ const deleteIndexPatternRouteFactory =
>,
usageCollection?: UsageCounter
) => {
router.versioned.delete({ path, access: 'public', description }).addVersion(
{
version: INITIAL_REST_VERSION,
router.versioned
.delete({
path,
access: 'public',
description,
security: {
authz: {
requiredPrivileges: ['indexPatterns:manage'],
},
},
validate: {
request: {
params: schema.object(
{
id: schema.string({
minLength: 1,
maxLength: 1_000,
}),
},
{ unknowns: 'allow' }
),
})
.addVersion(
{
version: INITIAL_REST_VERSION,
validate: {
request: {
params: schema.object(
{
id: schema.string({
minLength: 1,
maxLength: 1_000,
}),
},
{ unknowns: 'allow' }
),
},
},
},
},
router.handleLegacyErrors(
handleErrors(async (ctx, req, res) => {
const core = await ctx.core;
const savedObjectsClient = core.savedObjects.client;
const elasticsearchClient = core.elasticsearch.client.asCurrentUser;
const [, , { dataViewsServiceFactory }] = await getStartServices();
const dataViewsService = await dataViewsServiceFactory(
savedObjectsClient,
elasticsearchClient,
req
);
const id = req.params.id;
router.handleLegacyErrors(
handleErrors(async (ctx, req, res) => {
const core = await ctx.core;
const savedObjectsClient = core.savedObjects.client;
const elasticsearchClient = core.elasticsearch.client.asCurrentUser;
const [, , { dataViewsServiceFactory }] = await getStartServices();
const dataViewsService = await dataViewsServiceFactory(
savedObjectsClient,
elasticsearchClient,
req
);
const id = req.params.id;
await deleteDataView({
dataViewsService,
usageCollection,
counterName: `${req.route.method} ${path}`,
id,
});
await deleteDataView({
dataViewsService,
usageCollection,
counterName: `${req.route.method} ${path}`,
id,
});
return res.ok();
})
)
);
return res.ok();
})
)
);
};
export const registerDeleteDataViewRoute = deleteIndexPatternRouteFactory(

130
src/platform/plugins/shared/data_views/server/rest_api_routes/public/fields/update_fields.ts
View file

@ -128,80 +128,86 @@ const updateFieldsActionRouteFactory = (path: string, serviceKey: string, descri
>,
usageCollection?: UsageCounter
) => {
router.versioned.post({ path, access: 'public', description }).addVersion(
{
version: INITIAL_REST_VERSION,
router.versioned
.post({
path,
access: 'public',
description,
security: {
authz: {
requiredPrivileges: ['indexPatterns:manage'],
},
},
validate: {
request: {
params: schema.object(
{
id: schema.string({
minLength: 1,
maxLength: 1_000,
}),
},
{ unknowns: 'allow' }
),
body: schema.object({
fields: schema.recordOf(
schema.string({
minLength: 1,
maxLength: 1_000,
}),
fieldUpdateSchema
})
.addVersion(
{
version: INITIAL_REST_VERSION,
validate: {
request: {
params: schema.object(
{
id: schema.string({
minLength: 1,
maxLength: 1_000,
}),
},
{ unknowns: 'allow' }
),
}),
},
response: {
200: {
body: () =>
schema.object({
[serviceKey]: dataViewSpecSchema,
}),
body: schema.object({
fields: schema.recordOf(
schema.string({
minLength: 1,
maxLength: 1_000,
}),
fieldUpdateSchema
),
}),
},
response: {
200: {
body: () =>
schema.object({
[serviceKey]: dataViewSpecSchema,
}),
},
},
},
},
},
router.handleLegacyErrors(
handleErrors(async (ctx, req, res) => {
const core = await ctx.core;
const savedObjectsClient = core.savedObjects.client;
const elasticsearchClient = core.elasticsearch.client.asCurrentUser;
const [, , { dataViewsServiceFactory }] = await getStartServices();
const dataViewsService = await dataViewsServiceFactory(
savedObjectsClient,
elasticsearchClient,
req
);
const id = req.params.id;
const { fields } = req.body;
router.handleLegacyErrors(
handleErrors(async (ctx, req, res) => {
const core = await ctx.core;
const savedObjectsClient = core.savedObjects.client;
const elasticsearchClient = core.elasticsearch.client.asCurrentUser;
const [, , { dataViewsServiceFactory }] = await getStartServices();
const dataViewsService = await dataViewsServiceFactory(
savedObjectsClient,
elasticsearchClient,
req
);
const id = req.params.id;
const { fields } = req.body;
const dataView = await updateFields({
dataViewsService,
usageCollection,
id,
fields,
counterName: `${req.route.method} ${path}`,
});
const dataView = await updateFields({
dataViewsService,
usageCollection,
id,
fields,
counterName: `${req.route.method} ${path}`,
});
const body: Record<string, DataViewSpecRestResponse> = {
[serviceKey]: await dataView.toSpec({ fieldParams: { fieldName: ['*'] } }),
};
const body: Record<string, DataViewSpecRestResponse> = {
[serviceKey]: await dataView.toSpec({ fieldParams: { fieldName: ['*'] } }),
};
return res.ok({
headers: {
'content-type': 'application/json',
},
body,
});
})
)
);
return res.ok({
headers: {
'content-type': 'application/json',
},
body,
});
})
)
);
};
};

114
src/platform/plugins/shared/data_views/server/rest_api_routes/public/get_data_view.ts
View file

@ -54,73 +54,79 @@ const getDataViewRouteFactory =
>,
usageCollection?: UsageCounter
) => {
router.versioned.get({ path, access: 'public', description }).addVersion(
{
version: INITIAL_REST_VERSION,
router.versioned
.get({
path,
access: 'public',
description,
security: {
authz: {
enabled: false,
reason: 'Authorization provided by saved objects client',
},
},
validate: {
request: {
params: schema.object(
{
id: schema.string({
minLength: 1,
maxLength: 1_000,
}),
})
.addVersion(
{
version: INITIAL_REST_VERSION,
validate: {
request: {
params: schema.object(
{
id: schema.string({
minLength: 1,
maxLength: 1_000,
}),
},
{ unknowns: 'allow' }
),
},
response: {
200: {
body: () =>
schema.object({
[serviceKey]: dataViewSpecSchema,
}),
},
{ unknowns: 'allow' }
),
},
response: {
200: {
body: () =>
schema.object({
[serviceKey]: dataViewSpecSchema,
}),
},
},
},
},
router.handleLegacyErrors(
handleErrors(async (ctx, req, res) => {
const core = await ctx.core;
const savedObjectsClient = core.savedObjects.client;
const elasticsearchClient = core.elasticsearch.client.asCurrentUser;
const [, , { dataViewsServiceFactory }] = await getStartServices();
const dataViewsService = await dataViewsServiceFactory(
savedObjectsClient,
elasticsearchClient,
req
);
const id = req.params.id;
router.handleLegacyErrors(
handleErrors(async (ctx, req, res) => {
const core = await ctx.core;
const savedObjectsClient = core.savedObjects.client;
const elasticsearchClient = core.elasticsearch.client.asCurrentUser;
const [, , { dataViewsServiceFactory }] = await getStartServices();
const dataViewsService = await dataViewsServiceFactory(
savedObjectsClient,
elasticsearchClient,
req
);
const id = req.params.id;
const dataView = await getDataView({
dataViewsService,
usageCollection,
counterName: `${req.route.method} ${path}`,
id,
});
const dataView = await getDataView({
dataViewsService,
usageCollection,
counterName: `${req.route.method} ${path}`,
id,
});
const responseBody: Record<string, DataViewSpecRestResponse> = {
[serviceKey]: {
...(await dataView.toSpec({ fieldParams: { fieldName: ['*'] } })),
namespaces: dataView.namespaces,
},
};
const responseBody: Record<string, DataViewSpecRestResponse> = {
[serviceKey]: {
...(await dataView.toSpec({ fieldParams: { fieldName: ['*'] } })),
namespaces: dataView.namespaces,
},
};
return res.ok({
headers: {
'content-type': 'application/json',
},
body: responseBody,
});
})
)
);
return res.ok({
headers: {
'content-type': 'application/json',
},
body: responseBody,
});
})
)
);
};
export const registerGetDataViewRoute = getDataViewRouteFactory(

76
src/platform/plugins/shared/data_views/server/rest_api_routes/public/get_data_views.ts
View file

@ -63,51 +63,57 @@ const getDataViewsRouteFactory =
return schema.object({ [serviceKey]: dataViewListSchema });
};
router.versioned.get({ path, access: 'public', description }).addVersion(
{
version: INITIAL_REST_VERSION,
router.versioned
.get({
path,
access: 'public',
description,
security: {
authz: {
enabled: false,
reason: 'Authorization provided by saved objects client',
},
},
validate: {
request: {},
response: { 200: { body: responseValidation } },
})
.addVersion(
{
version: INITIAL_REST_VERSION,
validate: {
request: {},
response: { 200: { body: responseValidation } },
},
},
},
router.handleLegacyErrors(
handleErrors(async (ctx, req, res) => {
const core = await ctx.core;
const savedObjectsClient = core.savedObjects.client;
const elasticsearchClient = core.elasticsearch.client.asCurrentUser;
const [, , { dataViewsServiceFactory }] = await getStartServices();
const dataViewsService = await dataViewsServiceFactory(
savedObjectsClient,
elasticsearchClient,
req
);
router.handleLegacyErrors(
handleErrors(async (ctx, req, res) => {
const core = await ctx.core;
const savedObjectsClient = core.savedObjects.client;
const elasticsearchClient = core.elasticsearch.client.asCurrentUser;
const [, , { dataViewsServiceFactory }] = await getStartServices();
const dataViewsService = await dataViewsServiceFactory(
savedObjectsClient,
elasticsearchClient,
req
);
const dataViews = await getDataViews({
dataViewsService,
usageCollection,
counterName: `${req.route.method} ${path}`,
});
const dataViews = await getDataViews({
dataViewsService,
usageCollection,
counterName: `${req.route.method} ${path}`,
});
const body: Record<string, DataViewListItemRestResponse[]> = {
[serviceKey]: dataViews,
};
const body: Record<string, DataViewListItemRestResponse[]> = {
[serviceKey]: dataViews,
};
return res.ok({
headers: {
'content-type': 'application/json',
},
body,
});
})
)
);
return res.ok({
headers: {
'content-type': 'application/json',
},
body,
});
})
)
);
};
export const registerGetDataViewsRoute = getDataViewsRouteFactory(

75
src/platform/plugins/shared/data_views/server/rest_api_routes/public/has_user_data_view.ts
View file

@ -43,54 +43,59 @@ const hasUserDataViewRouteFactory =
>,
usageCollection?: UsageCounter
) => {
router.versioned.get({ path, access: 'internal' }).addVersion(
{
version: '1',
router.versioned
.get({
path,
access: 'internal',
security: {
authz: {
enabled: false,
reason: 'Authorization provided by saved objects client',
},
},
validate: {
request: {},
response: {
200: {
body: () =>
schema.object({
result: schema.boolean(),
}),
})
.addVersion(
{
version: '1',
validate: {
request: {},
response: {
200: {
body: () =>
schema.object({
result: schema.boolean(),
}),
},
},
},
},
},
router.handleLegacyErrors(
handleErrors(async (ctx, req, res) => {
const core = await ctx.core;
const savedObjectsClient = core.savedObjects.client;
const elasticsearchClient = core.elasticsearch.client.asCurrentUser;
const [, , { dataViewsServiceFactory }] = await getStartServices();
router.handleLegacyErrors(
handleErrors(async (ctx, req, res) => {
const core = await ctx.core;
const savedObjectsClient = core.savedObjects.client;
const elasticsearchClient = core.elasticsearch.client.asCurrentUser;
const [, , { dataViewsServiceFactory }] = await getStartServices();
const dataViewsService = await dataViewsServiceFactory(
savedObjectsClient,
elasticsearchClient,
req
);
const dataViewsService = await dataViewsServiceFactory(
savedObjectsClient,
elasticsearchClient,
req
);
const result = await hasUserDataView({
dataViewsService,
usageCollection,
counterName: `${req.route.method} ${path}`,
});
const result = await hasUserDataView({
dataViewsService,
usageCollection,
counterName: `${req.route.method} ${path}`,
});
const body: { result: boolean } = { result };
const body: { result: boolean } = { result };
return res.ok({
body,
});
})
)
);
return res.ok({
body,
});
})
)
);
};
export const registerHasUserDataViewRoute = hasUserDataViewRouteFactory(

104
src/platform/plugins/shared/data_views/server/rest_api_routes/public/runtime_fields/create_runtime_field.ts
View file

@ -79,68 +79,74 @@ const runtimeCreateFieldRouteFactory =
>,
usageCollection?: UsageCounter
) => {
router.versioned.post({ path, access: 'public', description }).addVersion(
{
version: INITIAL_REST_VERSION,
router.versioned
.post({
path,
access: 'public',
description,
security: {
authz: {
requiredPrivileges: ['indexPatterns:manage'],
},
},
validate: {
request: {
params: schema.object({
id: schema.string({
minLength: 1,
maxLength: 1_000,
})
.addVersion(
{
version: INITIAL_REST_VERSION,
validate: {
request: {
params: schema.object({
id: schema.string({
minLength: 1,
maxLength: 1_000,
}),
}),
}),
body: schema.object({
name: schema.string({
minLength: 1,
maxLength: 1_000,
body: schema.object({
name: schema.string({
minLength: 1,
maxLength: 1_000,
}),
runtimeField: runtimeFieldSchema,
}),
runtimeField: runtimeFieldSchema,
}),
},
response: {
200: {
body: runtimeResponseSchema,
},
response: {
200: {
body: runtimeResponseSchema,
},
},
},
},
},
handleErrors(async (ctx, req, res) => {
const core = await ctx.core;
const savedObjectsClient = core.savedObjects.client;
const elasticsearchClient = core.elasticsearch.client.asCurrentUser;
const [, , { dataViewsServiceFactory }] = await getStartServices();
const dataViewsService = await dataViewsServiceFactory(
savedObjectsClient,
elasticsearchClient,
req
);
const id = req.params.id;
const { name, runtimeField } = req.body;
handleErrors(async (ctx, req, res) => {
const core = await ctx.core;
const savedObjectsClient = core.savedObjects.client;
const elasticsearchClient = core.elasticsearch.client.asCurrentUser;
const [, , { dataViewsServiceFactory }] = await getStartServices();
const dataViewsService = await dataViewsServiceFactory(
savedObjectsClient,
elasticsearchClient,
req
);
const id = req.params.id;
const { name, runtimeField } = req.body;
const { dataView, fields } = await createRuntimeField({
dataViewsService,
usageCollection,
counterName: `${req.route.method} ${path}`,
id,
name,
runtimeField: runtimeField as RuntimeField,
});
const { dataView, fields } = await createRuntimeField({
dataViewsService,
usageCollection,
counterName: `${req.route.method} ${path}`,
id,
name,
runtimeField: runtimeField as RuntimeField,
});
const response: RuntimeResponseType = await responseFormatter({
serviceKey,
dataView,
fields,
});
const response: RuntimeResponseType = await responseFormatter({
serviceKey,
dataView,
fields,
});
return res.ok(response);
})
);
return res.ok(response);
})
);
};
export const registerCreateRuntimeFieldRoute = runtimeCreateFieldRouteFactory(

88
src/platform/plugins/shared/data_views/server/rest_api_routes/public/runtime_fields/delete_runtime_field.ts
View file

@ -62,58 +62,64 @@ const deleteRuntimeFieldRouteFactory =
>,
usageCollection?: UsageCounter
) => {
router.versioned.delete({ path, access: 'public', description }).addVersion(
{
version: INITIAL_REST_VERSION,
router.versioned
.delete({
path,
access: 'public',
description,
security: {
authz: {
requiredPrivileges: ['indexPatterns:manage'],
},
},
validate: {
request: {
params: schema.object({
id: schema.string({
minLength: 1,
maxLength: 1_000,
})
.addVersion(
{
version: INITIAL_REST_VERSION,
validate: {
request: {
params: schema.object({
id: schema.string({
minLength: 1,
maxLength: 1_000,
}),
name: schema.string({
minLength: 1,
maxLength: 1_000,
}),
}),
name: schema.string({
minLength: 1,
maxLength: 1_000,
}),
}),
},
response: {
200: {
body: () => schema.never(),
},
response: {
200: {
body: () => schema.never(),
},
},
},
},
},
handleErrors(async (ctx, req, res) => {
const core = await ctx.core;
const savedObjectsClient = core.savedObjects.client;
const elasticsearchClient = core.elasticsearch.client.asCurrentUser;
const [, , { dataViewsServiceFactory }] = await getStartServices();
const dataViewsService = await dataViewsServiceFactory(
savedObjectsClient,
elasticsearchClient,
req
);
const id = req.params.id;
const name = req.params.name;
handleErrors(async (ctx, req, res) => {
const core = await ctx.core;
const savedObjectsClient = core.savedObjects.client;
const elasticsearchClient = core.elasticsearch.client.asCurrentUser;
const [, , { dataViewsServiceFactory }] = await getStartServices();
const dataViewsService = await dataViewsServiceFactory(
savedObjectsClient,
elasticsearchClient,
req
);
const id = req.params.id;
const name = req.params.name;
await deleteRuntimeField({
dataViewsService,
usageCollection,
id,
name,
counterName: `${req.route.method} ${path}`,
});
await deleteRuntimeField({
dataViewsService,
usageCollection,
id,
name,
counterName: `${req.route.method} ${path}`,
});
return res.ok();
})
);
return res.ok();
})
);
};
export const registerDeleteRuntimeFieldRoute = deleteRuntimeFieldRouteFactory(

98
src/platform/plugins/shared/data_views/server/rest_api_routes/public/runtime_fields/get_runtime_field.ts
View file

@ -70,65 +70,71 @@ const getRuntimeFieldRouteFactory =
>,
usageCollection?: UsageCounter
) => {
router.versioned.get({ path, access: 'public', description }).addVersion(
{
version: INITIAL_REST_VERSION,
router.versioned
.get({
path,
access: 'public',
description,
security: {
authz: {
enabled: false,
reason: 'Authorization provided by saved objects client',
},
},
validate: {
request: {
params: schema.object({
id: schema.string({
minLength: 1,
maxLength: 1_000,
})
.addVersion(
{
version: INITIAL_REST_VERSION,
validate: {
request: {
params: schema.object({
id: schema.string({
minLength: 1,
maxLength: 1_000,
}),
name: schema.string({
minLength: 1,
maxLength: 1_000,
}),
}),
name: schema.string({
minLength: 1,
maxLength: 1_000,
}),
}),
},
response: {
200: {
body: runtimeResponseSchema,
},
response: {
200: {
body: runtimeResponseSchema,
},
},
},
},
},
handleErrors(async (ctx, req, res) => {
const core = await ctx.core;
const savedObjectsClient = core.savedObjects.client;
const elasticsearchClient = core.elasticsearch.client.asCurrentUser;
const [, , { dataViewsServiceFactory }] = await getStartServices();
const dataViewsService = await dataViewsServiceFactory(
savedObjectsClient,
elasticsearchClient,
req
);
const id = req.params.id;
const name = req.params.name;
handleErrors(async (ctx, req, res) => {
const core = await ctx.core;
const savedObjectsClient = core.savedObjects.client;
const elasticsearchClient = core.elasticsearch.client.asCurrentUser;
const [, , { dataViewsServiceFactory }] = await getStartServices();
const dataViewsService = await dataViewsServiceFactory(
savedObjectsClient,
elasticsearchClient,
req
);
const id = req.params.id;
const name = req.params.name;
const { dataView, fields } = await getRuntimeField({
dataViewsService,
usageCollection,
counterName: `${req.route.method} ${path}`,
id,
name,
});
const { dataView, fields } = await getRuntimeField({
dataViewsService,
usageCollection,
counterName: `${req.route.method} ${path}`,
id,
name,
});
const response: RuntimeResponseType = await responseFormatter({
serviceKey,
dataView,
fields: fields || [],
});
const response: RuntimeResponseType = await responseFormatter({
serviceKey,
dataView,
fields: fields || [],
});
return res.ok(response);
})
);
return res.ok(response);
})
);
};
export const registerGetRuntimeFieldRoute = getRuntimeFieldRouteFactory(

110
src/platform/plugins/shared/data_views/server/rest_api_routes/public/runtime_fields/put_runtime_field.ts
View file

@ -78,71 +78,77 @@ const putRuntimeFieldRouteFactory =
>,
usageCollection?: UsageCounter
) => {
router.versioned.put({ path, access: 'public', description }).addVersion(
{
version: INITIAL_REST_VERSION,
router.versioned
.put({
path,
access: 'public',
description,
security: {
authz: {
requiredPrivileges: ['indexPatterns:manage'],
},
},
validate: {
request: {
params: schema.object({
id: schema.string({
minLength: 1,
maxLength: 1_000,
})
.addVersion(
{
version: INITIAL_REST_VERSION,
validate: {
request: {
params: schema.object({
id: schema.string({
minLength: 1,
maxLength: 1_000,
}),
}),
}),
body: schema.object({
name: schema.string({
minLength: 1,
maxLength: 1_000,
body: schema.object({
name: schema.string({
minLength: 1,
maxLength: 1_000,
}),
runtimeField: runtimeFieldSchema,
}),
runtimeField: runtimeFieldSchema,
}),
},
response: {
200: {
body: runtimeResponseSchema,
},
response: {
200: {
body: runtimeResponseSchema,
},
},
},
},
},
handleErrors(async (ctx, req, res) => {
const core = await ctx.core;
const savedObjectsClient = core.savedObjects.client;
const elasticsearchClient = core.elasticsearch.client.asCurrentUser;
const [, , { dataViewsServiceFactory }] = await getStartServices();
const dataViewsService = await dataViewsServiceFactory(
savedObjectsClient,
elasticsearchClient,
req
);
const id = req.params.id;
const { name, runtimeField } = req.body as {
name: string;
runtimeField: RuntimeField;
};
handleErrors(async (ctx, req, res) => {
const core = await ctx.core;
const savedObjectsClient = core.savedObjects.client;
const elasticsearchClient = core.elasticsearch.client.asCurrentUser;
const [, , { dataViewsServiceFactory }] = await getStartServices();
const dataViewsService = await dataViewsServiceFactory(
savedObjectsClient,
elasticsearchClient,
req
);
const id = req.params.id;
const { name, runtimeField } = req.body as {
name: string;
runtimeField: RuntimeField;
};
const { dataView, fields } = await putRuntimeField({
dataViewsService,
id,
name,
runtimeField,
usageCollection,
counterName: `${req.route.method} ${path}`,
});
const { dataView, fields } = await putRuntimeField({
dataViewsService,
id,
name,
runtimeField,
usageCollection,
counterName: `${req.route.method} ${path}`,
});
const response: RuntimeResponseType = await responseFormatter({
serviceKey,
dataView,
fields,
});
const response: RuntimeResponseType = await responseFormatter({
serviceKey,
dataView,
fields,
});
return res.ok(response);
})
);
return res.ok(response);
})
);
};
export const registerPutRuntimeFieldRoute = putRuntimeFieldRouteFactory(

108
src/platform/plugins/shared/data_views/server/rest_api_routes/public/runtime_fields/update_runtime_field.ts
View file

@ -78,70 +78,76 @@ const updateRuntimeFieldRouteFactory =
>,
usageCollection?: UsageCounter
) => {
router.versioned.post({ path, access: 'public', description }).addVersion(
{
version: INITIAL_REST_VERSION,
router.versioned
.post({
path,
access: 'public',
description,
security: {
authz: {
requiredPrivileges: ['indexPatterns:manage'],
},
},
validate: {
request: {
params: schema.object({
id: schema.string({
minLength: 1,
maxLength: 1_000,
})
.addVersion(
{
version: INITIAL_REST_VERSION,
validate: {
request: {
params: schema.object({
id: schema.string({
minLength: 1,
maxLength: 1_000,
}),
name: schema.string({
minLength: 1,
maxLength: 1_000,
}),
}),
name: schema.string({
minLength: 1,
maxLength: 1_000,
body: schema.object({
name: schema.never(),
runtimeField: runtimeFieldSchemaUpdate,
}),
}),
body: schema.object({
name: schema.never(),
runtimeField: runtimeFieldSchemaUpdate,
}),
},
response: {
200: {
body: runtimeResponseSchema,
},
response: {
200: {
body: runtimeResponseSchema,
},
},
},
},
},
handleErrors(async (ctx, req, res) => {
const core = await ctx.core;
const savedObjectsClient = core.savedObjects.client;
const elasticsearchClient = core.elasticsearch.client.asCurrentUser;
const [, , { dataViewsServiceFactory }] = await getStartServices();
const dataViewsService = await dataViewsServiceFactory(
savedObjectsClient,
elasticsearchClient,
req
);
const id = req.params.id;
const name = req.params.name;
const runtimeField = req.body.runtimeField as Partial<RuntimeField>;
handleErrors(async (ctx, req, res) => {
const core = await ctx.core;
const savedObjectsClient = core.savedObjects.client;
const elasticsearchClient = core.elasticsearch.client.asCurrentUser;
const [, , { dataViewsServiceFactory }] = await getStartServices();
const dataViewsService = await dataViewsServiceFactory(
savedObjectsClient,
elasticsearchClient,
req
);
const id = req.params.id;
const name = req.params.name;
const runtimeField = req.body.runtimeField as Partial<RuntimeField>;
const { dataView, fields } = await updateRuntimeField({
dataViewsService,
usageCollection,
counterName: `${req.route.method} ${path}`,
id,
name,
runtimeField,
});
const { dataView, fields } = await updateRuntimeField({
dataViewsService,
usageCollection,
counterName: `${req.route.method} ${path}`,
id,
name,
runtimeField,
});
const response: RuntimeResponseType = await responseFormatter({
serviceKey,
dataView,
fields,
});
const response: RuntimeResponseType = await responseFormatter({
serviceKey,
dataView,
fields,
});
return res.ok(response);
})
);
return res.ok(response);
})
);
};
export const registerUpdateRuntimeFieldRoute = updateRuntimeFieldRouteFactory(

15
src/platform/plugins/shared/data_views/server/rest_api_routes/public/scripted_fields/create_scripted_field.ts
View file

@ -27,15 +27,18 @@ export const registerCreateScriptedFieldRoute = (
>
) => {
router.versioned
.post({ path: '/api/index_patterns/index_pattern/{id}/scripted_field', access: 'public' })
.post({
path: '/api/index_patterns/index_pattern/{id}/scripted_field',
access: 'public',
security: {
authz: {
requiredPrivileges: ['indexPatterns:manage'],
},
},
})
.addVersion(
{
version: INITIAL_REST_VERSION,
security: {
authz: {
requiredPrivileges: ['indexPatterns:manage'],
},
},
validate: {
request: {
params: schema.object(

10
src/platform/plugins/shared/data_views/server/rest_api_routes/public/scripted_fields/delete_scripted_field.ts
View file

@ -28,15 +28,15 @@ export const registerDeleteScriptedFieldRoute = (
.delete({
path: '/api/index_patterns/index_pattern/{id}/scripted_field/{name}',
access: 'public',
security: {
authz: {
requiredPrivileges: ['indexPatterns:manage'],
},
},
})
.addVersion(
{
version: INITIAL_REST_VERSION,
security: {
authz: {
requiredPrivileges: ['indexPatterns:manage'],
},
},
validate: {
request: {
params: schema.object(

17
src/platform/plugins/shared/data_views/server/rest_api_routes/public/scripted_fields/get_scripted_field.ts
View file

@ -27,16 +27,19 @@ export const registerGetScriptedFieldRoute = (
>
) => {
router.versioned
.get({ path: '/api/index_patterns/index_pattern/{id}/scripted_field/{name}', access: 'public' })
.get({
path: '/api/index_patterns/index_pattern/{id}/scripted_field/{name}',
access: 'public',
security: {
authz: {
enabled: false,
reason: 'Authorization provided by saved objects client',
},
},
})
.addVersion(
{
version: INITIAL_REST_VERSION,
security: {
authz: {
enabled: false,
reason: 'Authorization provided by saved objects client',
},
},
validate: {
request: {
params: schema.object(

15
src/platform/plugins/shared/data_views/server/rest_api_routes/public/scripted_fields/put_scripted_field.ts
View file

@ -27,15 +27,18 @@ export const registerPutScriptedFieldRoute = (
>
) => {
router.versioned
.put({ path: '/api/index_patterns/index_pattern/{id}/scripted_field', access: 'public' })
.put({
path: '/api/index_patterns/index_pattern/{id}/scripted_field',
access: 'public',
security: {
authz: {
requiredPrivileges: ['indexPatterns:manage'],
},
},
})
.addVersion(
{
version: INITIAL_REST_VERSION,
security: {
authz: {
requiredPrivileges: ['indexPatterns:manage'],
},
},
validate: {
request: {
params: schema.object(

10
src/platform/plugins/shared/data_views/server/rest_api_routes/public/scripted_fields/update_scripted_field.ts
View file

@ -32,15 +32,15 @@ export const registerUpdateScriptedFieldRoute = (
.post({
path: '/api/index_patterns/index_pattern/{id}/scripted_field/{name}',
access: 'public',
security: {
authz: {
requiredPrivileges: ['indexPatterns:manage'],
},
},
})
.addVersion(
{
version: INITIAL_REST_VERSION,
security: {
authz: {
requiredPrivileges: ['indexPatterns:manage'],
},
},
validate: {
request: {
params: schema.object(

232
src/platform/plugins/shared/data_views/server/rest_api_routes/public/swap_references.ts
View file

@ -67,9 +67,11 @@ export const swapReferencesRoute =
const description = previewRoute
? PREVIEW_SWAP_REFERENCES_DESCRIPTION
: SWAP_REFERENCES_DESCRIPTION;
router.versioned.post({ path, access: 'public', description }).addVersion(
{
version: INITIAL_REST_VERSION,
router.versioned
.post({
path,
access: 'public',
description,
security: {
authz: {
enabled: false,
@ -78,132 +80,136 @@ export const swapReferencesRoute =
reason: 'Authorization provided by saved objects client',
},
},
validate: {
request: {
body: schema.object({
fromId: idSchema,
fromType: schema.maybe(schema.string()),
toId: idSchema,
forId: schema.maybe(schema.oneOf([idSchema, schema.arrayOf(idSchema)])),
forType: schema.maybe(schema.string()),
delete: schema.maybe(schema.boolean()),
}),
},
response: {
200: {
body: () =>
schema.object({
result: schema.arrayOf(schema.object({ id: idSchema, type: schema.string() })),
deleteStatus: schema.maybe(
schema.object({
remainingRefs: schema.number(),
deletePerformed: schema.boolean(),
})
),
}),
})
.addVersion(
{
version: INITIAL_REST_VERSION,
validate: {
request: {
body: schema.object({
fromId: idSchema,
fromType: schema.maybe(schema.string()),
toId: idSchema,
forId: schema.maybe(schema.oneOf([idSchema, schema.arrayOf(idSchema)])),
forType: schema.maybe(schema.string()),
delete: schema.maybe(schema.boolean()),
}),
},
response: {
200: {
body: () =>
schema.object({
result: schema.arrayOf(schema.object({ id: idSchema, type: schema.string() })),
deleteStatus: schema.maybe(
schema.object({
remainingRefs: schema.number(),
deletePerformed: schema.boolean(),
})
),
}),
},
},
},
},
},
router.handleLegacyErrors(
handleErrors(async (ctx, req, res) => {
const savedObjectsClient = (await ctx.core).savedObjects.client;
const [core] = await getStartServices();
const types = core.savedObjects.getTypeRegistry().getAllTypes();
const type = req.body.fromType || DATA_VIEW_SAVED_OBJECT_TYPE;
const searchId =
!Array.isArray(req.body.forId) && req.body.forId !== undefined
? [req.body.forId]
: req.body.forId;
router.handleLegacyErrors(
handleErrors(async (ctx, req, res) => {
const savedObjectsClient = (await ctx.core).savedObjects.client;
const [core] = await getStartServices();
const types = core.savedObjects.getTypeRegistry().getAllTypes();
const type = req.body.fromType || DATA_VIEW_SAVED_OBJECT_TYPE;
const searchId =
!Array.isArray(req.body.forId) && req.body.forId !== undefined
? [req.body.forId]
: req.body.forId;
usageCollection?.incrementCounter({ counterName: 'swap_references' });
usageCollection?.incrementCounter({ counterName: 'swap_references' });
// verify 'to' object actually exists
try {
await savedObjectsClient.get(type, req.body.toId);
} catch (e) {
throw new Error(`Could not find object with type ${type} and id ${req.body.toId}`);
}
// verify 'to' object actually exists
try {
await savedObjectsClient.get(type, req.body.toId);
} catch (e) {
throw new Error(`Could not find object with type ${type} and id ${req.body.toId}`);
}
// assemble search params
const findParams: SavedObjectsFindOptions = {
type: types.map((t) => t.name),
hasReference: { type, id: req.body.fromId },
};
// assemble search params
const findParams: SavedObjectsFindOptions = {
type: types.map((t) => t.name),
hasReference: { type, id: req.body.fromId },
};
if (req.body.forType) {
findParams.type = [req.body.forType];
}
if (req.body.forType) {
findParams.type = [req.body.forType];
}
const { saved_objects: savedObjects } = await savedObjectsClient.find(findParams);
const { saved_objects: savedObjects } = await savedObjectsClient.find(findParams);
const filteredSavedObjects = searchId
? savedObjects.filter((so) => searchId?.includes(so.id))
: savedObjects;
const filteredSavedObjects = searchId
? savedObjects.filter((so) => searchId?.includes(so.id))
: savedObjects;
// create summary of affected objects
const resultSummary = filteredSavedObjects.map((savedObject) => ({
id: savedObject.id,
type: savedObject.type,
}));
// create summary of affected objects
const resultSummary = filteredSavedObjects.map((savedObject) => ({
id: savedObject.id,
type: savedObject.type,
}));
const body: SwapRefResponse = {
result: resultSummary,
};
const body: SwapRefResponse = {
result: resultSummary,
};
// bail if preview
if (previewRoute) {
return res.ok({
headers: {
'content-type': 'application/json',
},
body,
});
}
// iterate over list and update references
for (const savedObject of filteredSavedObjects) {
const updatedRefs = savedObject.references.map((ref) => {
if (ref.type === type && ref.id === req.body.fromId) {
return { ...ref, id: req.body.toId };
} else {
return ref;
}
});
await savedObjectsClient.update(
savedObject.type,
savedObject.id,
{},
{
references: updatedRefs,
}
);
}
if (req.body.delete) {
const verifyNoMoreRefs = await savedObjectsClient.find(findParams);
if (verifyNoMoreRefs.total > 0) {
body.deleteStatus = {
remainingRefs: verifyNoMoreRefs.total,
deletePerformed: false,
};
} else {
await savedObjectsClient.delete(type, req.body.fromId, { refresh: 'wait_for' });
body.deleteStatus = {
remainingRefs: verifyNoMoreRefs.total,
deletePerformed: true,
};
}
}
// bail if preview
if (previewRoute) {
return res.ok({
headers: {
'content-type': 'application/json',
},
body,
});
}
// iterate over list and update references
for (const savedObject of filteredSavedObjects) {
const updatedRefs = savedObject.references.map((ref) => {
if (ref.type === type && ref.id === req.body.fromId) {
return { ...ref, id: req.body.toId };
} else {
return ref;
}
});
await savedObjectsClient.update(
savedObject.type,
savedObject.id,
{},
{
references: updatedRefs,
}
);
}
if (req.body.delete) {
const verifyNoMoreRefs = await savedObjectsClient.find(findParams);
if (verifyNoMoreRefs.total > 0) {
body.deleteStatus = {
remainingRefs: verifyNoMoreRefs.total,
deletePerformed: false,
};
} else {
await savedObjectsClient.delete(type, req.body.fromId, { refresh: 'wait_for' });
body.deleteStatus = {
remainingRefs: verifyNoMoreRefs.total,
deletePerformed: true,
};
}
}
return res.ok({
headers: {
'content-type': 'application/json',
},
body,
});
})
)
);
})
)
);
};

130
src/platform/plugins/shared/data_views/server/rest_api_routes/public/update_data_view.ts
View file

@ -144,83 +144,89 @@ const updateDataViewRouteFactory =
>,
usageCollection?: UsageCounter
) => {
router.versioned.post({ path, access: 'public', description }).addVersion(
{
version: INITIAL_REST_VERSION,
router.versioned
.post({
path,
access: 'public',
description,
security: {
authz: {
requiredPrivileges: ['indexPatterns:manage'],
},
},
validate: {
request: {
params: schema.object(
{
id: schema.string({
minLength: 1,
maxLength: 1_000,
}),
})
.addVersion(
{
version: INITIAL_REST_VERSION,
validate: {
request: {
params: schema.object(
{
id: schema.string({
minLength: 1,
maxLength: 1_000,
}),
},
{ unknowns: 'allow' }
),
body: schema.object({
refresh_fields: schema.maybe(schema.boolean({ defaultValue: false })),
[serviceKey]: indexPatternUpdateSchema,
}),
},
response: {
200: {
body: () =>
schema.object({
[serviceKey]: dataViewSpecSchema,
}),
},
{ unknowns: 'allow' }
),
body: schema.object({
refresh_fields: schema.maybe(schema.boolean({ defaultValue: false })),
[serviceKey]: indexPatternUpdateSchema,
}),
},
response: {
200: {
body: () =>
schema.object({
[serviceKey]: dataViewSpecSchema,
}),
},
},
},
},
router.handleLegacyErrors(
handleErrors(async (ctx, req, res) => {
const core = await ctx.core;
const savedObjectsClient = core.savedObjects.client;
const elasticsearchClient = core.elasticsearch.client.asCurrentUser;
const [, , { dataViewsServiceFactory }] = await getStartServices();
router.handleLegacyErrors(
handleErrors(async (ctx, req, res) => {
const core = await ctx.core;
const savedObjectsClient = core.savedObjects.client;
const elasticsearchClient = core.elasticsearch.client.asCurrentUser;
const [, , { dataViewsServiceFactory }] = await getStartServices();
const dataViewsService = await dataViewsServiceFactory(
savedObjectsClient,
elasticsearchClient,
req
);
const id = req.params.id;
const dataViewsService = await dataViewsServiceFactory(
savedObjectsClient,
elasticsearchClient,
req
);
const id = req.params.id;
const {
// eslint-disable-next-line @typescript-eslint/naming-convention
refresh_fields = true,
} = req.body;
const {
// eslint-disable-next-line @typescript-eslint/naming-convention
refresh_fields = true,
} = req.body;
const spec = req.body[serviceKey] as DataViewSpec;
const spec = req.body[serviceKey] as DataViewSpec;
const dataView = await updateDataView({
dataViewsService,
usageCollection,
id,
refreshFields: refresh_fields as boolean,
spec,
counterName: `${req.route.method} ${path}`,
});
const dataView = await updateDataView({
dataViewsService,
usageCollection,
id,
refreshFields: refresh_fields as boolean,
spec,
counterName: `${req.route.method} ${path}`,
});
const body: Record<string, DataViewSpecRestResponse> = {
[serviceKey]: await dataView.toSpec({ fieldParams: { fieldName: ['*'] } }),
};
const body: Record<string, DataViewSpecRestResponse> = {
[serviceKey]: await dataView.toSpec({ fieldParams: { fieldName: ['*'] } }),
};
return res.ok({
headers: {
'content-type': 'application/json',
},
body,
});
})
)
);
return res.ok({
headers: {
'content-type': 'application/json',
},
body,
});
})
)
);
};
export const registerUpdateDataViewRoute = updateDataViewRouteFactory(

6
src/platform/plugins/shared/telemetry/server/local_shipper/initialize_local_shipper.ts
View file

@ -44,6 +44,12 @@ function registerRoute(
.versioned.post({
path: '/internal/telemetry/ebt_local_shipper',
access: 'internal',
security: {
authz: {
enabled: false,
reason: 'This route delegates authorization to the Elasticsearch client',
},
},
})
.addVersion(
{

31
src/platform/plugins/shared/telemetry/server/routes/telemetry_config.ts
View file

@ -100,17 +100,17 @@ export function registerTelemetryConfigRoutes({
access: 'internal',
path: FetchTelemetryConfigRoute,
options: { authRequired: 'optional' },
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
})
// Just because it used to be /v2/, we are creating identical v1 and v2.
.addVersion(
{
version: '1',
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: v2Validations,
},
v2Handler
@ -131,17 +131,22 @@ export function registerTelemetryConfigRoutes({
// Register the deprecated public and path-based for BWC
// as we know this one is used by other Elastic products to fetch the opt-in status.
router.versioned.get({ access: 'public', path: FetchTelemetryConfigRoutePathBasedV2 }).addVersion(
{
version: '2023-10-31',
router.versioned
.get({
access: 'public',
path: FetchTelemetryConfigRoutePathBasedV2,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: v2Validations,
},
v2Handler
);
})
.addVersion(
{
version: '2023-10-31',
validate: v2Validations,
},
v2Handler
);
}

46
src/platform/plugins/shared/telemetry/server/routes/telemetry_last_reported.ts
View file

@ -38,17 +38,20 @@ export function registerTelemetryLastReported(
};
router.versioned
.get({ access: 'internal', path: LastReportedRoute })
.get({
access: 'internal',
path: LastReportedRoute,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
})
// Just because it used to be /v2/, we are creating identical v1 and v2.
.addVersion(
{
version: '1',
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: v2GetValidations,
},
v2GetHandler
@ -56,12 +59,6 @@ export function registerTelemetryLastReported(
.addVersion(
{
version: '2',
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: v2GetValidations,
},
v2GetHandler
@ -77,17 +74,20 @@ export function registerTelemetryLastReported(
};
router.versioned
.put({ access: 'internal', path: LastReportedRoute })
.put({
access: 'internal',
path: LastReportedRoute,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
})
// Just because it used to be /v2/, we are creating identical v1 and v2.
.addVersion(
{
version: '1',
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: false,
},
v2PutHandler
@ -95,12 +95,6 @@ export function registerTelemetryLastReported(
.addVersion(
{
version: '2',
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: false,
},
v2PutHandler

17
src/platform/plugins/shared/telemetry/server/routes/telemetry_opt_in.ts
View file

@ -126,17 +126,20 @@ export function registerTelemetryOptInRoutes({
};
router.versioned
.post({ access: 'internal', path: OptInRoute })
.post({
access: 'internal',
path: OptInRoute,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
})
// Just because it used to be /v2/, we are creating identical v1 and v2.
.addVersion(
{
version: '1',
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: v2Validations,
},
v2Handler

12
src/platform/plugins/shared/telemetry/server/routes/telemetry_opt_in_stats.ts
View file

@ -68,16 +68,16 @@ export function registerTelemetryOptInStatsRoutes(
.post({
access: 'public', // It's not used across Kibana, and I didn't want to remove it in this PR just in case.
path: GetOptInStatsRoutePathBasedV2,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
})
.addVersion(
{
version: '2023-10-31',
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: {
request: {
body: schema.object({

12
src/platform/plugins/shared/telemetry/server/routes/telemetry_usage_stats.ts
View file

@ -93,6 +93,12 @@ export function registerTelemetryUsageStatsRoutes(
router.versioned
.post({
access: 'internal',
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
path: FetchSnapshotTelemetry,
enableQueryVersion: true, // Allow specifying the version through querystring so that we can use it in Dev Console
})
@ -100,12 +106,6 @@ export function registerTelemetryUsageStatsRoutes(
.addVersion(
{
version: '1',
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: v2Validations,
},
v2Handler

17
src/platform/plugins/shared/telemetry/server/routes/telemetry_user_has_seen_notice.ts
View file

@ -54,17 +54,20 @@ export function registerTelemetryUserHasSeenNotice(router: IRouter, currentKiban
};
router.versioned
.put({ access: 'internal', path: UserHasSeenNoticeRoute })
.put({
access: 'internal',
path: UserHasSeenNoticeRoute,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
})
// Just because it used to be /v2/, we are creating identical v1 and v2.
.addVersion(
{
version: '1',
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: false,
},
v2Handler

14
src/platform/plugins/shared/unified_search/server/autocomplete/value_suggestions_route.ts
View file

@ -21,17 +21,17 @@ export function registerValueSuggestionsRoute(router: IRouter, config$: Observab
.post({
path: '/internal/kibana/suggestions/values/{index}',
access: 'internal',
security: {
authz: {
enabled: false,
reason:
'This route is opted out from authorization because uses the current user authorizations.',
},
},
})
.addVersion(
{
version: '1',
security: {
authz: {
enabled: false,
reason:
'This route is opted out from authorization because uses the current user authorizations.',
},
},
validate: {
request: {
params: schema.object(

18
src/platform/test/analytics/plugins/analytics_ftr_helpers/server/plugin.ts
View file

@ -25,6 +25,12 @@ export class AnalyticsFTRHelpers implements Plugin {
router.post(
{
path: '/internal/analytics_ftr_helpers/opt_in',
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: {
query: schema.object({
consent: schema.boolean(),
@ -43,6 +49,12 @@ export class AnalyticsFTRHelpers implements Plugin {
router.get(
{
path: '/internal/analytics_ftr_helpers/events',
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: {
query: schema.object({
takeNumberOfEvents: schema.number({ min: 1 }),
@ -77,6 +89,12 @@ export class AnalyticsFTRHelpers implements Plugin {
router.get(
{
path: '/internal/analytics_ftr_helpers/count_events',
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: {
query: schema.object({
eventTypes: schema.arrayOf(schema.string()),

12
src/platform/test/analytics/plugins/analytics_plugin_a/server/plugin.ts
View file

@ -59,6 +59,12 @@ export class AnalyticsPluginAPlugin implements Plugin {
router.get(
{
path: '/internal/analytics_plugin_a/stats',
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: {
query: schema.object({
takeNumberOfCounters: schema.number({ min: 1 }),
@ -84,6 +90,12 @@ export class AnalyticsPluginAPlugin implements Plugin {
router.get(
{
path: '/internal/analytics_plugin_a/actions',
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: false,
},
async (context, req, res) => {

12
src/platform/test/common/plugins/newsfeed/server/plugin.ts
View file

@ -19,6 +19,12 @@ export class NewsFeedSimulatorPlugin implements Plugin {
router.get(
{
path: `/api/_newsfeed-FTS-external-service-simulators/kibana/v${version}.json`,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: false,
options: { authRequired: false },
},
@ -30,6 +36,12 @@ export class NewsFeedSimulatorPlugin implements Plugin {
router.get(
{
path: '/api/_newsfeed-FTS-external-service-simulators/kibana/crash.json',
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: false,
options: { authRequired: false },
},

6
src/platform/test/common/plugins/otel_metrics/server/routes/generate_otel_metrics.ts
View file

@ -14,6 +14,12 @@ export const generateOtelMetrics = (router: IRouter, metrics: Metrics) => {
router.post(
{
path: '/api/generate_otel_metrics',
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: {},
},
async function (_context, _req, res): Promise<IKibanaResponse<{}>> {

54
src/platform/test/health_gateway/plugins/status/server/plugin.ts
View file

@ -14,36 +14,64 @@ export class HealthGatewayStatusPlugin implements Plugin<void, void> {
public setup(core: CoreSetup) {
const router = core.http.createRouter();
router.get({ path: '/health/ok/api/status', validate: {} }, async (context, req, res) =>
res.ok()
);
router.get({ path: '/health/redirect/api/status', validate: {} }, async (context, req, res) =>
res.redirected({ headers: { location: '/health/ok/api/status' } })
router.get(
{
path: '/health/ok/api/status',
security: { authz: { enabled: false, reason: '' } },
validate: {},
},
async (context, req, res) => res.ok()
);
router.get(
{ path: '/health/unauthorized/api/status', validate: {} },
{
path: '/health/redirect/api/status',
security: { authz: { enabled: false, reason: '' } },
validate: {},
},
async (context, req, res) =>
res.redirected({ headers: { location: '/health/ok/api/status' } })
);
router.get(
{
path: '/health/unauthorized/api/status',
security: { authz: { enabled: false, reason: '' } },
validate: {},
},
async (context, req, res) =>
res.unauthorized({
headers: { 'www-authenticate': 'Basic' },
})
);
router.get({ path: '/health/not-found/api/status', validate: {} }, async (context, req, res) =>
res.notFound()
router.get(
{
path: '/health/not-found/api/status',
security: { authz: { enabled: false, reason: '' } },
validate: {},
},
async (context, req, res) => res.notFound()
);
router.get({ path: '/health/slow/api/status', validate: {} }, async (context, req, res) => {
await new Promise((resolve) => setTimeout(resolve, 5000));
router.get(
{
path: '/health/slow/api/status',
security: { authz: { enabled: false, reason: '' } },
validate: {},
},
async (context, req, res) => {
await new Promise((resolve) => setTimeout(resolve, 5000));
return res.ok();
});
return res.ok();
}
);
const sessions = new Set<string>();
router.get(
{
path: '/health/flaky/api/status',
security: { authz: { enabled: false, reason: '' } },
validate: {
query: schema.object({ session: schema.string() }),
},

6
src/platform/test/interactive_setup_api_integration/plugins/test_endpoints/server/index.ts
View file

@ -20,6 +20,12 @@ export const plugin: PluginInitializer<void, never> = async (
router.get(
{
path: '/test_endpoints/verification_code',
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: false,
options: { authRequired: false },
},

6
src/platform/test/interpreter_functional/plugins/kbn_tp_run_pipeline/server/plugin.ts
View file

@ -25,6 +25,12 @@ export class TestPlugin implements Plugin<TestPluginSetup, TestPluginStart, {},
router.post(
{
path: '/api/interpreter_functional/run_expression',
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: {
body: schema.object({
input: schema.maybe(schema.nullable(schema.object({}, { unknowns: 'allow' }))),

Some files were not shown because too many files have changed in this diff Show more