[8.x] Authorized route migration for routes owned by @elastic/kibana-presentation (#198193) (#199979)

# Backport

This will backport the following commits from `main` to `8.x`:
- [Authorized route migration for routes owned by
@elastic/kibana-presentation
(#198193)](https://github.com/elastic/kibana/pull/198193)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Kibana
Machine","email":"42973632+kibanamachine@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-11-13T11:11:07Z","message":"Authorized
route migration for routes owned by @elastic/kibana-presentation
(#198193)\n\n### Authz API migration for authorized routes\r\n\r\nThis
PR migrates `access:<privilege>` tags used in route definitions
to\r\nnew security configuration.\r\nPlease refer to the documentation
for more information:
[Authorization\r\nAPI](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization)\r\n\r\n###
**Before migration:**\r\nAccess control tags were defined in the
`options` object of the route:\r\n\r\n```ts\r\nrouter.get({\r\n path:
'/api/path',\r\n options: {\r\n tags: ['access:<privilege_1>',
'access:<privilege_2>'],\r\n },\r\n ...\r\n},
handler);\r\n```\r\n\r\n### **After migration:**\r\nTags have been
replaced with the more robust\r\n`security.authz.requiredPrivileges`
field under `security`:\r\n\r\n```ts\r\nrouter.get({\r\n path:
'/api/path',\r\n security: {\r\n authz: {\r\n requiredPrivileges:
['<privilege_1>', '<privilege_2>'],\r\n },\r\n },\r\n ...\r\n},
handler);\r\n```\r\n\r\n### What to do next?\r\n1. Review the changes in
this PR.\r\n2. You might need to update your tests to reflect the new
security\r\nconfiguration:\r\n - If you have tests that rely on checking
`access` tags.\r\n - If you have snapshot tests that include the route
definition.\r\n- If you have FTR tests that rely on checking
unauthorized error\r\nmessage. The error message changed to also include
missing privileges.\r\n\r\n## Any questions?\r\nIf you have any
questions or need help with API authorization, please\r\nreach out to
the `@elastic/kibana-security` team.\r\n\r\nCo-authored-by: James Gowdy
<jgowdy@elastic.co>","sha":"05a9b26d3c8c9932aa344e53182296996e707dd3","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["enhancement","Team:Presentation","release_note:skip","Feature:Security/Authorization","v9.0.0","backport:prev-minor","Authz:
API migration"],"title":"Authorized route migration for routes owned by
@elastic/kibana-presentation","number":198193,"url":"https://github.com/elastic/kibana/pull/198193","mergeCommit":{"message":"Authorized
route migration for routes owned by @elastic/kibana-presentation
(#198193)\n\n### Authz API migration for authorized routes\r\n\r\nThis
PR migrates `access:<privilege>` tags used in route definitions
to\r\nnew security configuration.\r\nPlease refer to the documentation
for more information:
[Authorization\r\nAPI](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization)\r\n\r\n###
**Before migration:**\r\nAccess control tags were defined in the
`options` object of the route:\r\n\r\n```ts\r\nrouter.get({\r\n path:
'/api/path',\r\n options: {\r\n tags: ['access:<privilege_1>',
'access:<privilege_2>'],\r\n },\r\n ...\r\n},
handler);\r\n```\r\n\r\n### **After migration:**\r\nTags have been
replaced with the more robust\r\n`security.authz.requiredPrivileges`
field under `security`:\r\n\r\n```ts\r\nrouter.get({\r\n path:
'/api/path',\r\n security: {\r\n authz: {\r\n requiredPrivileges:
['<privilege_1>', '<privilege_2>'],\r\n },\r\n },\r\n ...\r\n},
handler);\r\n```\r\n\r\n### What to do next?\r\n1. Review the changes in
this PR.\r\n2. You might need to update your tests to reflect the new
security\r\nconfiguration:\r\n - If you have tests that rely on checking
`access` tags.\r\n - If you have snapshot tests that include the route
definition.\r\n- If you have FTR tests that rely on checking
unauthorized error\r\nmessage. The error message changed to also include
missing privileges.\r\n\r\n## Any questions?\r\nIf you have any
questions or need help with API authorization, please\r\nreach out to
the `@elastic/kibana-security` team.\r\n\r\nCo-authored-by: James Gowdy
<jgowdy@elastic.co>","sha":"05a9b26d3c8c9932aa344e53182296996e707dd3"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/198193","number":198193,"mergeCommit":{"message":"Authorized
route migration for routes owned by @elastic/kibana-presentation
(#198193)\n\n### Authz API migration for authorized routes\r\n\r\nThis
PR migrates `access:<privilege>` tags used in route definitions
to\r\nnew security configuration.\r\nPlease refer to the documentation
for more information:
[Authorization\r\nAPI](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization)\r\n\r\n###
**Before migration:**\r\nAccess control tags were defined in the
`options` object of the route:\r\n\r\n```ts\r\nrouter.get({\r\n path:
'/api/path',\r\n options: {\r\n tags: ['access:<privilege_1>',
'access:<privilege_2>'],\r\n },\r\n ...\r\n},
handler);\r\n```\r\n\r\n### **After migration:**\r\nTags have been
replaced with the more robust\r\n`security.authz.requiredPrivileges`
field under `security`:\r\n\r\n```ts\r\nrouter.get({\r\n path:
'/api/path',\r\n security: {\r\n authz: {\r\n requiredPrivileges:
['<privilege_1>', '<privilege_2>'],\r\n },\r\n },\r\n ...\r\n},
handler);\r\n```\r\n\r\n### What to do next?\r\n1. Review the changes in
this PR.\r\n2. You might need to update your tests to reflect the new
security\r\nconfiguration:\r\n - If you have tests that rely on checking
`access` tags.\r\n - If you have snapshot tests that include the route
definition.\r\n- If you have FTR tests that rely on checking
unauthorized error\r\nmessage. The error message changed to also include
missing privileges.\r\n\r\n## Any questions?\r\nIf you have any
questions or need help with API authorization, please\r\nreach out to
the `@elastic/kibana-security` team.\r\n\r\nCo-authored-by: James Gowdy
<jgowdy@elastic.co>","sha":"05a9b26d3c8c9932aa344e53182296996e707dd3"}}]}]
BACKPORT-->

x-pack/plugins/file_upload/server/routes.ts

@@ -109,12 +109,16 @@ export function fileUploadRoutes(coreSetup: CoreSetup<StartDeps, unknown>, logge
     .post({
       path: '/internal/file_upload/analyze_file',
       access: 'internal',
+      security: {
+        authz: {
+          requiredPrivileges: ['fileUpload:analyzeFile'],
+        },
+      },
       options: {
         body: {
           accepts: ['text/*', 'application/json'],
           maxBytes: MAX_FILE_SIZE_BYTES,
         },
-        tags: ['access:fileUpload:analyzeFile'],
       },
     })
     .addVersion(
@@ -260,8 +264,10 @@ export function fileUploadRoutes(coreSetup: CoreSetup<StartDeps, unknown>, logge
     .post({
       path: '/internal/file_upload/time_field_range',
       access: 'internal',
-      options: {
-        tags: ['access:fileUpload:analyzeFile'],
+      security: {
+        authz: {
+          requiredPrivileges: ['fileUpload:analyzeFile'],
+        },
       },
     })
     .addVersion(
@@ -313,8 +319,10 @@ export function fileUploadRoutes(coreSetup: CoreSetup<StartDeps, unknown>, logge
     .post({
       path: '/internal/file_upload/preview_index_time_range',
       access: 'internal',
-      options: {
-        tags: ['access:fileUpload:analyzeFile'],
+      security: {
+        authz: {
+          requiredPrivileges: ['fileUpload:analyzeFile'],
+        },
       },
     })
     .addVersion(
@@ -356,8 +364,12 @@ export function fileUploadRoutes(coreSetup: CoreSetup<StartDeps, unknown>, logge
     .post({
       path: '/internal/file_upload/preview_tika_contents',
       access: 'internal',
+      security: {
+        authz: {
+          requiredPrivileges: ['fileUpload:analyzeFile'],
+        },
+      },
       options: {
-        tags: ['access:fileUpload:analyzeFile'],
         body: {
           accepts: ['application/json'],
           maxBytes: MAX_TIKA_FILE_SIZE_BYTES,