[Cloud Security] Adding Auth check on API (#186937)

## Summary This PR addresses the issue where currently only some of our API does Auth check. All of our API should be doing this. Furthermore we are adding new API FTR to cover this scenario as well Notes: Currently Benchmark related API FTR is blocked by https://github.com/elastic/kibana/issues/188059
2025-04-24 17:59:23 -04:00 · 2024-07-12 14:39:59 -07:00 · 2024-07-12 14:39:59 -07:00 · f5fda2ce79
commit f5fda2ce79
parent 1a920d1301
17 changed files with 653 additions and 13 deletions
--- a/x-pack/plugins/cloud_security_posture/common/constants.ts
+++ b/x-pack/plugins/cloud_security_posture/common/constants.ts
@ -75,6 +75,8 @@ export const DATA_VIEW_INDEX_PATTERN = 'logs-*';

 export const SECURITY_DEFAULT_DATA_VIEW_ID = 'security-solution-default';

+export const ALERTS_INDEX_PATTERN = '.alerts-security.alerts-*';
+
 export const CSP_INGEST_TIMESTAMP_PIPELINE = 'cloud_security_posture_add_ingest_timestamp_pipeline';
 export const CSP_LATEST_FINDINGS_INGEST_TIMESTAMP_PIPELINE =
  'cloud_security_posture_latest_index_add_ingest_timestamp_pipeline';
--- a/x-pack/plugins/cloud_security_posture/server/routes/benchmark_rules/bulk_action/bulk_action.ts
+++ b/x-pack/plugins/cloud_security_posture/server/routes/benchmark_rules/bulk_action/bulk_action.ts
@ -44,6 +44,9 @@ export const defineBulkActionCspBenchmarkRulesRoute = (router: CspRouter) =>
    .post({
      access: 'internal',
      path: CSP_BENCHMARK_RULES_BULK_ACTION_ROUTE_PATH,
+      options: {
+        tags: ['access:cloud-security-posture-read'],
+      },
    })
    .addVersion(
      {
--- a/x-pack/plugins/cloud_security_posture/server/routes/benchmark_rules/find/find.ts
+++ b/x-pack/plugins/cloud_security_posture/server/routes/benchmark_rules/find/find.ts
@ -29,6 +29,9 @@ export const defineFindCspBenchmarkRuleRoute = (router: CspRouter) =>
    .get({
      access: 'internal',
      path: FIND_CSP_BENCHMARK_RULE_ROUTE_PATH,
+      options: {
+        tags: ['access:cloud-security-posture-read'],
+      },
    })
    .addVersion(
      {
--- a/x-pack/plugins/cloud_security_posture/server/routes/benchmark_rules/get_states/get_states.ts
+++ b/x-pack/plugins/cloud_security_posture/server/routes/benchmark_rules/get_states/get_states.ts
@ -16,6 +16,9 @@ export const defineGetCspBenchmarkRulesStatesRoute = (router: CspRouter) =>
    .get({
      access: 'internal',
      path: CSP_GET_BENCHMARK_RULES_STATE_ROUTE_PATH,
+      options: {
+        tags: ['access:cloud-security-posture-read'],
+      },
    })
    .addVersion(
      {
--- a/x-pack/plugins/cloud_security_posture/server/routes/compliance_dashboard/compliance_dashboard.ts
+++ b/x-pack/plugins/cloud_security_posture/server/routes/compliance_dashboard/compliance_dashboard.ts
@ -65,6 +65,9 @@ export const defineGetComplianceDashboardRoute = (router: CspRouter) =>
    .get({
      access: 'internal',
      path: STATS_ROUTE_PATH,
+      options: {
+        tags: ['access:cloud-security-posture-read'],
+      },
    })
    .addVersion(
      {
--- a/x-pack/plugins/cloud_security_posture/server/routes/detection_engine/get_detection_engine_alerts_count_by_rule_tags.ts
+++ b/x-pack/plugins/cloud_security_posture/server/routes/detection_engine/get_detection_engine_alerts_count_by_rule_tags.ts
@ -57,6 +57,9 @@ export const defineGetDetectionEngineAlertsStatus = (router: CspRouter) =>
    .get({
      access: 'internal',
      path: GET_DETECTION_RULE_ALERTS_STATUS_PATH,
+      options: {
+        tags: ['access:cloud-security-posture-read'],
+      },
    })
    .addVersion(
      {