diff --git a/x-pack/plugins/alerting/server/routes/backfill/apis/delete/delete_backfill_route.ts b/x-pack/plugins/alerting/server/routes/backfill/apis/delete/delete_backfill_route.ts index 66d90671ac1bd..0f9b62db62d79 100644 --- a/x-pack/plugins/alerting/server/routes/backfill/apis/delete/delete_backfill_route.ts +++ b/x-pack/plugins/alerting/server/routes/backfill/apis/delete/delete_backfill_route.ts @@ -12,6 +12,7 @@ import { import { ILicenseState } from '../../../../lib'; import { verifyAccessAndContext } from '../../../lib'; import { AlertingRequestHandlerContext, INTERNAL_BASE_ALERTING_API_PATH } from '../../../../types'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../../../constants'; export const deleteBackfillRoute = ( router: IRouter, @@ -20,6 +21,7 @@ export const deleteBackfillRoute = ( router.delete( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/rules/backfill/{id}`, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'internal', }, diff --git a/x-pack/plugins/alerting/server/routes/backfill/apis/find/find_backfill_route.ts b/x-pack/plugins/alerting/server/routes/backfill/apis/find/find_backfill_route.ts index be1ff25ef5932..bc092b8bf9cc6 100644 --- a/x-pack/plugins/alerting/server/routes/backfill/apis/find/find_backfill_route.ts +++ b/x-pack/plugins/alerting/server/routes/backfill/apis/find/find_backfill_route.ts @@ -17,6 +17,7 @@ import { INTERNAL_ALERTING_BACKFILL_FIND_API_PATH, } from '../../../../types'; import { transformRequestV1, transformResponseV1 } from './transforms'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../../../constants'; export const findBackfillRoute = ( router: IRouter, @@ -25,6 +26,7 @@ export const findBackfillRoute = ( router.post( { path: `${INTERNAL_ALERTING_BACKFILL_FIND_API_PATH}`, + security: DEFAULT_ALERTING_ROUTE_SECURITY, validate: { query: findQuerySchemaV1, }, diff --git a/x-pack/plugins/alerting/server/routes/backfill/apis/get/get_backfill_route.ts b/x-pack/plugins/alerting/server/routes/backfill/apis/get/get_backfill_route.ts index 5758bb6ba805f..8bd306931b867 100644 --- a/x-pack/plugins/alerting/server/routes/backfill/apis/get/get_backfill_route.ts +++ b/x-pack/plugins/alerting/server/routes/backfill/apis/get/get_backfill_route.ts @@ -14,6 +14,7 @@ import { ILicenseState } from '../../../../lib'; import { verifyAccessAndContext } from '../../../lib'; import { AlertingRequestHandlerContext, INTERNAL_BASE_ALERTING_API_PATH } from '../../../../types'; import { transformBackfillToBackfillResponseV1 } from '../../transforms'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../../../constants'; export const getBackfillRoute = ( router: IRouter, @@ -22,6 +23,7 @@ export const getBackfillRoute = ( router.get( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/rules/backfill/{id}`, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'internal', }, diff --git a/x-pack/plugins/alerting/server/routes/backfill/apis/schedule/schedule_backfill_route.ts b/x-pack/plugins/alerting/server/routes/backfill/apis/schedule/schedule_backfill_route.ts index 77eb5c9355cfb..e73e0dd83ec8d 100644 --- a/x-pack/plugins/alerting/server/routes/backfill/apis/schedule/schedule_backfill_route.ts +++ b/x-pack/plugins/alerting/server/routes/backfill/apis/schedule/schedule_backfill_route.ts @@ -14,6 +14,7 @@ import { ILicenseState } from '../../../../lib'; import { verifyAccessAndContext } from '../../../lib'; import { AlertingRequestHandlerContext, INTERNAL_BASE_ALERTING_API_PATH } from '../../../../types'; import { transformRequestV1, transformResponseV1 } from './transforms'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../../../constants'; export const scheduleBackfillRoute = ( router: IRouter, @@ -22,6 +23,7 @@ export const scheduleBackfillRoute = ( router.post( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/rules/backfill/_schedule`, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'internal' }, validate: { body: scheduleBodySchemaV1, diff --git a/x-pack/plugins/alerting/server/routes/constants.ts b/x-pack/plugins/alerting/server/routes/constants.ts new file mode 100644 index 0000000000000..4c119f6c1c288 --- /dev/null +++ b/x-pack/plugins/alerting/server/routes/constants.ts @@ -0,0 +1,20 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { RouteSecurity } from '@kbn/core-http-server'; + +/** + * This constant is used as the default value for the security object in routes + * where a reason for opting out needs to be provided. + */ +export const DEFAULT_ALERTING_ROUTE_SECURITY: RouteSecurity = { + authz: { + enabled: false, + reason: + "This route is opted out from authorization because alerting uses it's own authorization model inside the alerts client.", + }, +}; diff --git a/x-pack/plugins/alerting/server/routes/framework/apis/health/health.ts b/x-pack/plugins/alerting/server/routes/framework/apis/health/health.ts index 4daf510b6a64f..df926820e2af8 100644 --- a/x-pack/plugins/alerting/server/routes/framework/apis/health/health.ts +++ b/x-pack/plugins/alerting/server/routes/framework/apis/health/health.ts @@ -17,6 +17,7 @@ import { } from '../../../../types'; import { getSecurityHealth } from '../../../../lib/get_security_health'; import { transformHealthBodyResponse } from './transforms/transform_health_response/v1'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../../../constants'; export const healthRoute = ( router: IRouter, @@ -26,6 +27,7 @@ export const healthRoute = ( router.get( { path: `${BASE_ALERTING_API_PATH}/_health`, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'public', summary: `Get the alerting framework health`, diff --git a/x-pack/plugins/alerting/server/routes/get_action_error_log.ts b/x-pack/plugins/alerting/server/routes/get_action_error_log.ts index 7406d07c3fa24..39d10ccab4a63 100644 --- a/x-pack/plugins/alerting/server/routes/get_action_error_log.ts +++ b/x-pack/plugins/alerting/server/routes/get_action_error_log.ts @@ -11,6 +11,7 @@ import { ILicenseState } from '../lib'; import { GetActionErrorLogByIdParams } from '../rules_client'; import { RewriteRequestCase, verifyAccessAndContext } from './lib'; import { AlertingRequestHandlerContext, INTERNAL_BASE_ALERTING_API_PATH } from '../types'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from './constants'; const paramSchema = schema.object({ id: schema.string(), @@ -59,6 +60,7 @@ export const getActionErrorLogRoute = ( router.get( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/rule/{id}/_action_error_log`, + security: DEFAULT_ALERTING_ROUTE_SECURITY, validate: { params: paramSchema, query: querySchema, diff --git a/x-pack/plugins/alerting/server/routes/get_global_execution_kpi.ts b/x-pack/plugins/alerting/server/routes/get_global_execution_kpi.ts index 48ea073369d2b..2a0c61617f8eb 100644 --- a/x-pack/plugins/alerting/server/routes/get_global_execution_kpi.ts +++ b/x-pack/plugins/alerting/server/routes/get_global_execution_kpi.ts @@ -10,6 +10,7 @@ import { AlertingRequestHandlerContext, INTERNAL_BASE_ALERTING_API_PATH } from ' import { RewriteRequestCase, verifyAccessAndContext, rewriteNamespaces } from './lib'; import { GetGlobalExecutionKPIParams } from '../rules_client'; import { ILicenseState } from '../lib'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from './constants'; const querySchema = schema.object({ date_start: schema.string(), @@ -37,6 +38,7 @@ export const getGlobalExecutionKPIRoute = ( router.get( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/_global_execution_kpi`, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'internal', }, diff --git a/x-pack/plugins/alerting/server/routes/get_global_execution_logs.ts b/x-pack/plugins/alerting/server/routes/get_global_execution_logs.ts index 13ea133e21a82..a6457185c4bd8 100644 --- a/x-pack/plugins/alerting/server/routes/get_global_execution_logs.ts +++ b/x-pack/plugins/alerting/server/routes/get_global_execution_logs.ts @@ -11,6 +11,7 @@ import { ILicenseState } from '../lib'; import { GetGlobalExecutionLogParams } from '../rules_client'; import { RewriteRequestCase, verifyAccessAndContext, rewriteNamespaces } from './lib'; import { AlertingRequestHandlerContext, INTERNAL_BASE_ALERTING_API_PATH } from '../types'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from './constants'; const sortOrderSchema = schema.oneOf([schema.literal('asc'), schema.literal('desc')]); @@ -62,6 +63,7 @@ export const getGlobalExecutionLogRoute = ( router.get( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/_global_execution_logs`, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'internal', }, diff --git a/x-pack/plugins/alerting/server/routes/get_rule_alert_summary.ts b/x-pack/plugins/alerting/server/routes/get_rule_alert_summary.ts index 937db706199e2..fa6222ed80cbc 100644 --- a/x-pack/plugins/alerting/server/routes/get_rule_alert_summary.ts +++ b/x-pack/plugins/alerting/server/routes/get_rule_alert_summary.ts @@ -15,6 +15,7 @@ import { INTERNAL_BASE_ALERTING_API_PATH, AlertSummary, } from '../types'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from './constants'; const paramSchema = schema.object({ id: schema.string(), @@ -65,6 +66,7 @@ export const getRuleAlertSummaryRoute = ( router.get( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/rule/{id}/_alert_summary`, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'internal', }, diff --git a/x-pack/plugins/alerting/server/routes/get_rule_execution_kpi.ts b/x-pack/plugins/alerting/server/routes/get_rule_execution_kpi.ts index 302ac0293a444..9ade33c563e92 100644 --- a/x-pack/plugins/alerting/server/routes/get_rule_execution_kpi.ts +++ b/x-pack/plugins/alerting/server/routes/get_rule_execution_kpi.ts @@ -10,6 +10,7 @@ import { AlertingRequestHandlerContext, INTERNAL_BASE_ALERTING_API_PATH } from ' import { RewriteRequestCase, verifyAccessAndContext } from './lib'; import { GetRuleExecutionKPIParams } from '../rules_client'; import { ILicenseState } from '../lib'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from './constants'; const paramSchema = schema.object({ id: schema.string(), @@ -38,6 +39,7 @@ export const getRuleExecutionKPIRoute = ( router.get( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/rule/{id}/_execution_kpi`, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'internal', }, diff --git a/x-pack/plugins/alerting/server/routes/get_rule_execution_log.ts b/x-pack/plugins/alerting/server/routes/get_rule_execution_log.ts index 4eccefd171f0e..a81d68f7f4e3d 100644 --- a/x-pack/plugins/alerting/server/routes/get_rule_execution_log.ts +++ b/x-pack/plugins/alerting/server/routes/get_rule_execution_log.ts @@ -11,6 +11,7 @@ import { ILicenseState } from '../lib'; import { GetExecutionLogByIdParams } from '../rules_client'; import { RewriteRequestCase, verifyAccessAndContext } from './lib'; import { AlertingRequestHandlerContext, INTERNAL_BASE_ALERTING_API_PATH } from '../types'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from './constants'; const paramSchema = schema.object({ id: schema.string(), @@ -63,6 +64,7 @@ export const getRuleExecutionLogRoute = ( router.get( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/rule/{id}/_execution_log`, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'internal', }, diff --git a/x-pack/plugins/alerting/server/routes/get_rule_state.ts b/x-pack/plugins/alerting/server/routes/get_rule_state.ts index 1a2b17b8f6747..347b21faf8934 100644 --- a/x-pack/plugins/alerting/server/routes/get_rule_state.ts +++ b/x-pack/plugins/alerting/server/routes/get_rule_state.ts @@ -14,6 +14,7 @@ import { INTERNAL_BASE_ALERTING_API_PATH, RuleTaskState, } from '../types'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from './constants'; const paramSchema = schema.object({ id: schema.string(), @@ -38,6 +39,7 @@ export const getRuleStateRoute = ( router.get( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/rule/{id}/state`, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'internal', }, diff --git a/x-pack/plugins/alerting/server/routes/index.ts b/x-pack/plugins/alerting/server/routes/index.ts index d1fc9989be5e7..d9692dec9c0f8 100644 --- a/x-pack/plugins/alerting/server/routes/index.ts +++ b/x-pack/plugins/alerting/server/routes/index.ts @@ -94,7 +94,10 @@ export function defineRoutes(opts: RouteOptions) { getAlertIndicesAlias, } = opts; + // Legacy APIs defineLegacyRoutes(opts); + + // Rule APIs createRuleRoute(opts); getRuleRoute(router, licenseState); getInternalRuleRoute(router, licenseState); @@ -108,17 +111,11 @@ export function defineRoutes(opts: RouteOptions) { findInternalRulesRoute(router, licenseState, usageCounter); getRuleAlertSummaryRoute(router, licenseState); getRuleExecutionLogRoute(router, licenseState); - getGlobalExecutionLogRoute(router, licenseState); - getActionErrorLogRoute(router, licenseState); getRuleExecutionKPIRoute(router, licenseState); - getGlobalExecutionKPIRoute(router, licenseState); getRuleStateRoute(router, licenseState); - healthRoute(router, licenseState, encryptedSavedObjects); ruleTypesRoute(router, licenseState); muteAllRuleRoute(router, licenseState, usageCounter); - muteAlertRoute(router, licenseState); unmuteAllRuleRoute(router, licenseState); - unmuteAlertRoute(router, licenseState); updateRuleApiKeyRoute(router, licenseState); bulkEditInternalRulesRoute(router, licenseState); bulkDeleteRulesRoute({ router, licenseState }); @@ -126,11 +123,18 @@ export function defineRoutes(opts: RouteOptions) { bulkDisableRulesRoute({ router, licenseState }); snoozeRuleRoute(router, licenseState); unsnoozeRuleRoute(router, licenseState); - runSoonRoute(router, licenseState); cloneRuleRoute(router, licenseState); - getFlappingSettingsRoute(router, licenseState); - updateFlappingSettingsRoute(router, licenseState); getRuleTagsRoute(router, licenseState); + registerRulesValueSuggestionsRoute(router, licenseState, config$!); + + // Alert APIs + registerAlertsValueSuggestionsRoute(router, licenseState, config$!, getAlertIndicesAlias); + bulkUntrackAlertsRoute(router, licenseState); + bulkUntrackAlertsByQueryRoute(router, licenseState); + muteAlertRoute(router, licenseState); + unmuteAlertRoute(router, licenseState); + + // Maintenance Window APIs createMaintenanceWindowRoute(router, licenseState); getMaintenanceWindowRoute(router, licenseState); updateMaintenanceWindowRoute(router, licenseState); @@ -139,19 +143,24 @@ export function defineRoutes(opts: RouteOptions) { archiveMaintenanceWindowRoute(router, licenseState); finishMaintenanceWindowRoute(router, licenseState); getActiveMaintenanceWindowsRoute(router, licenseState); - registerAlertsValueSuggestionsRoute(router, licenseState, config$!, getAlertIndicesAlias); - registerRulesValueSuggestionsRoute(router, licenseState, config$!); - registerFieldsRoute(router, licenseState); bulkGetMaintenanceWindowRoute(router, licenseState); - getScheduleFrequencyRoute(router, licenseState); - bulkUntrackAlertsRoute(router, licenseState); - bulkUntrackAlertsByQueryRoute(router, licenseState); - getQueryDelaySettingsRoute(router, licenseState); - updateQueryDelaySettingsRoute(router, licenseState); // backfill APIs scheduleBackfillRoute(router, licenseState); getBackfillRoute(router, licenseState); findBackfillRoute(router, licenseState); deleteBackfillRoute(router, licenseState); + + // Other APIs + registerFieldsRoute(router, licenseState); + getScheduleFrequencyRoute(router, licenseState); + getQueryDelaySettingsRoute(router, licenseState); + updateQueryDelaySettingsRoute(router, licenseState); + getGlobalExecutionLogRoute(router, licenseState); + getActionErrorLogRoute(router, licenseState); + getFlappingSettingsRoute(router, licenseState); + updateFlappingSettingsRoute(router, licenseState); + runSoonRoute(router, licenseState); + healthRoute(router, licenseState, encryptedSavedObjects); + getGlobalExecutionKPIRoute(router, licenseState); } diff --git a/x-pack/plugins/alerting/server/routes/legacy/create.ts b/x-pack/plugins/alerting/server/routes/legacy/create.ts index 8346ec37edf9c..7e18897554431 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/create.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/create.ts @@ -20,6 +20,7 @@ import { RuleTypeDisabledError } from '../../lib/errors/rule_type_disabled'; import { RouteOptions } from '..'; import { countUsageOfPredefinedIds } from '../lib'; import { trackLegacyRouteUsage } from '../../lib/track_legacy_route_usage'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../constants'; export const bodySchema = schema.object({ name: schema.string(), @@ -62,6 +63,7 @@ export const createAlertRoute = ({ ), body: bodySchema, }, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: isServerless ? 'internal' : 'public', summary: 'Create an alert', diff --git a/x-pack/plugins/alerting/server/routes/legacy/delete.ts b/x-pack/plugins/alerting/server/routes/legacy/delete.ts index 738633c61f745..6afa7474d81e6 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/delete.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/delete.ts @@ -13,6 +13,7 @@ import { ILicenseState } from '../../lib/license_state'; import { verifyApiAccess } from '../../lib/license_api_access'; import { LEGACY_BASE_ALERT_API_PATH } from '../../../common'; import { trackLegacyRouteUsage } from '../../lib/track_legacy_route_usage'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../constants'; const paramSchema = schema.object({ id: schema.string(), @@ -31,6 +32,7 @@ export const deleteAlertRoute = ( validate: { params: paramSchema, }, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: isServerless ? 'internal' : 'public', summary: 'Delete an alert', diff --git a/x-pack/plugins/alerting/server/routes/legacy/disable.ts b/x-pack/plugins/alerting/server/routes/legacy/disable.ts index e69a176776e0c..77fe548d06dac 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/disable.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/disable.ts @@ -14,6 +14,7 @@ import { verifyApiAccess } from '../../lib/license_api_access'; import { LEGACY_BASE_ALERT_API_PATH } from '../../../common'; import { RuleTypeDisabledError } from '../../lib/errors/rule_type_disabled'; import { trackLegacyRouteUsage } from '../../lib/track_legacy_route_usage'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../constants'; const paramSchema = schema.object({ id: schema.string(), @@ -32,6 +33,7 @@ export const disableAlertRoute = ( validate: { params: paramSchema, }, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: isServerless ? 'internal' : 'public', summary: 'Disable an alert', diff --git a/x-pack/plugins/alerting/server/routes/legacy/enable.ts b/x-pack/plugins/alerting/server/routes/legacy/enable.ts index 289b4050e059b..954c8bc727174 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/enable.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/enable.ts @@ -15,6 +15,7 @@ import { LEGACY_BASE_ALERT_API_PATH } from '../../../common'; import { handleDisabledApiKeysError } from '../lib/error_handler'; import { RuleTypeDisabledError } from '../../lib/errors/rule_type_disabled'; import { trackLegacyRouteUsage } from '../../lib/track_legacy_route_usage'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../constants'; const paramSchema = schema.object({ id: schema.string(), @@ -33,6 +34,7 @@ export const enableAlertRoute = ( validate: { params: paramSchema, }, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: isServerless ? 'internal' : 'public', summary: 'Enable an alert', diff --git a/x-pack/plugins/alerting/server/routes/legacy/find.ts b/x-pack/plugins/alerting/server/routes/legacy/find.ts index de1e5f8c226a1..ece93d082f785 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/find.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/find.ts @@ -19,6 +19,7 @@ import { renameKeys } from '../lib/rename_keys'; import { IndexType } from '../../rules_client'; import { trackLegacyRouteUsage } from '../../lib/track_legacy_route_usage'; import { trackLegacyTerminology } from '../lib/track_legacy_terminology'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../constants'; export interface FindOptions extends IndexType { perPage?: number; @@ -75,6 +76,7 @@ export const findAlertRoute = ( validate: { query: querySchema, }, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: isServerless ? 'internal' : 'public', summary: 'Find alerts', diff --git a/x-pack/plugins/alerting/server/routes/legacy/get.ts b/x-pack/plugins/alerting/server/routes/legacy/get.ts index 19fc0f7ff49e6..f1f83a5084c44 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/get.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/get.ts @@ -13,6 +13,7 @@ import { verifyApiAccess } from '../../lib/license_api_access'; import { LEGACY_BASE_ALERT_API_PATH } from '../../../common'; import type { AlertingRouter } from '../../types'; import { trackLegacyRouteUsage } from '../../lib/track_legacy_route_usage'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../constants'; const paramSchema = schema.object({ id: schema.string(), @@ -31,6 +32,7 @@ export const getAlertRoute = ( validate: { params: paramSchema, }, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: isServerless ? 'internal' : 'public', summary: 'Get an alert', diff --git a/x-pack/plugins/alerting/server/routes/legacy/get_alert_instance_summary.ts b/x-pack/plugins/alerting/server/routes/legacy/get_alert_instance_summary.ts index 0e50601a1fd4d..918cdabc25a34 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/get_alert_instance_summary.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/get_alert_instance_summary.ts @@ -13,6 +13,7 @@ import { ILicenseState } from '../../lib/license_state'; import { verifyApiAccess } from '../../lib/license_api_access'; import { AlertSummary, LEGACY_BASE_ALERT_API_PATH } from '../../../common'; import { trackLegacyRouteUsage } from '../../lib/track_legacy_route_usage'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../constants'; const paramSchema = schema.object({ id: schema.string(), @@ -42,6 +43,7 @@ export const getAlertInstanceSummaryRoute = ( params: paramSchema, query: querySchema, }, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: isServerless ? 'internal' : 'public', summary: 'Get an alert summary', diff --git a/x-pack/plugins/alerting/server/routes/legacy/get_alert_state.ts b/x-pack/plugins/alerting/server/routes/legacy/get_alert_state.ts index f9db44c1e9a0c..fbc82e560a45e 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/get_alert_state.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/get_alert_state.ts @@ -13,6 +13,7 @@ import { ILicenseState } from '../../lib/license_state'; import { verifyApiAccess } from '../../lib/license_api_access'; import { LEGACY_BASE_ALERT_API_PATH } from '../../../common'; import { trackLegacyRouteUsage } from '../../lib/track_legacy_route_usage'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../constants'; const paramSchema = schema.object({ id: schema.string(), @@ -31,6 +32,7 @@ export const getAlertStateRoute = ( validate: { params: paramSchema, }, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: isServerless ? 'internal' : 'public', summary: 'Get the state of an alert', diff --git a/x-pack/plugins/alerting/server/routes/legacy/health.ts b/x-pack/plugins/alerting/server/routes/legacy/health.ts index b463298837f4e..8b8a64df14cd1 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/health.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/health.ts @@ -14,6 +14,7 @@ import { verifyApiAccess } from '../../lib/license_api_access'; import { AlertingFrameworkHealth } from '../../types'; import { trackLegacyRouteUsage } from '../../lib/track_legacy_route_usage'; import { getSecurityHealth } from '../../lib/get_security_health'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../constants'; export function healthRoute( router: AlertingRouter, @@ -27,6 +28,7 @@ export function healthRoute( { path: '/api/alerts/_health', validate: false, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: isServerless ? 'internal' : 'public', summary: 'Get the alerting framework health', diff --git a/x-pack/plugins/alerting/server/routes/legacy/list_alert_types.ts b/x-pack/plugins/alerting/server/routes/legacy/list_alert_types.ts index f4f2bc7936b3d..6e6b4e3499f72 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/list_alert_types.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/list_alert_types.ts @@ -11,6 +11,7 @@ import { ILicenseState } from '../../lib/license_state'; import { verifyApiAccess } from '../../lib/license_api_access'; import { LEGACY_BASE_ALERT_API_PATH } from '../../../common'; import { trackLegacyRouteUsage } from '../../lib/track_legacy_route_usage'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../constants'; export const listAlertTypesRoute = ( router: AlertingRouter, @@ -23,6 +24,7 @@ export const listAlertTypesRoute = ( { path: `${LEGACY_BASE_ALERT_API_PATH}/list_alert_types`, validate: {}, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: isServerless ? 'internal' : 'public', summary: 'Get the alert types', diff --git a/x-pack/plugins/alerting/server/routes/legacy/mute_all.ts b/x-pack/plugins/alerting/server/routes/legacy/mute_all.ts index 75c860167f21c..b978cc223b88b 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/mute_all.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/mute_all.ts @@ -14,6 +14,7 @@ import { verifyApiAccess } from '../../lib/license_api_access'; import { LEGACY_BASE_ALERT_API_PATH } from '../../../common'; import { RuleTypeDisabledError } from '../../lib/errors/rule_type_disabled'; import { trackLegacyRouteUsage } from '../../lib/track_legacy_route_usage'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../constants'; const paramSchema = schema.object({ id: schema.string(), @@ -32,6 +33,7 @@ export const muteAllAlertRoute = ( validate: { params: paramSchema, }, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: isServerless ? 'internal' : 'public', summary: 'Mute all alert instances', diff --git a/x-pack/plugins/alerting/server/routes/legacy/mute_instance.ts b/x-pack/plugins/alerting/server/routes/legacy/mute_instance.ts index 23225c387ccaa..155086ebc247d 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/mute_instance.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/mute_instance.ts @@ -16,6 +16,7 @@ import { renameKeys } from '../lib/rename_keys'; import { MuteOptions } from '../../rules_client'; import { RuleTypeDisabledError } from '../../lib/errors/rule_type_disabled'; import { trackLegacyRouteUsage } from '../../lib/track_legacy_route_usage'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../constants'; const paramSchema = schema.object({ alert_id: schema.string(), @@ -35,6 +36,7 @@ export const muteAlertInstanceRoute = ( validate: { params: paramSchema, }, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: isServerless ? 'internal' : 'public', summary: 'Mute an alert', diff --git a/x-pack/plugins/alerting/server/routes/legacy/unmute_all.ts b/x-pack/plugins/alerting/server/routes/legacy/unmute_all.ts index 2684ea60d7336..5ae7dedcc8666 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/unmute_all.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/unmute_all.ts @@ -14,6 +14,7 @@ import { verifyApiAccess } from '../../lib/license_api_access'; import { LEGACY_BASE_ALERT_API_PATH } from '../../../common'; import { RuleTypeDisabledError } from '../../lib/errors/rule_type_disabled'; import { trackLegacyRouteUsage } from '../../lib/track_legacy_route_usage'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../constants'; const paramSchema = schema.object({ id: schema.string(), @@ -32,6 +33,7 @@ export const unmuteAllAlertRoute = ( validate: { params: paramSchema, }, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: isServerless ? 'internal' : 'public', summary: 'Unmute all alert instances', diff --git a/x-pack/plugins/alerting/server/routes/legacy/unmute_instance.ts b/x-pack/plugins/alerting/server/routes/legacy/unmute_instance.ts index e6122a92509b0..85cf06df83387 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/unmute_instance.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/unmute_instance.ts @@ -14,6 +14,7 @@ import { verifyApiAccess } from '../../lib/license_api_access'; import { LEGACY_BASE_ALERT_API_PATH } from '../../../common'; import { RuleTypeDisabledError } from '../../lib/errors/rule_type_disabled'; import { trackLegacyRouteUsage } from '../../lib/track_legacy_route_usage'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../constants'; const paramSchema = schema.object({ alertId: schema.string(), @@ -33,6 +34,7 @@ export const unmuteAlertInstanceRoute = ( validate: { params: paramSchema, }, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: isServerless ? 'internal' : 'public', summary: 'Unmute an alert', diff --git a/x-pack/plugins/alerting/server/routes/legacy/update.ts b/x-pack/plugins/alerting/server/routes/legacy/update.ts index 3e3d3b5a480f0..95bb1bd651761 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/update.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/update.ts @@ -20,6 +20,7 @@ import { LEGACY_BASE_ALERT_API_PATH, validateNotifyWhenType, } from '../../../common'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../constants'; const paramSchema = schema.object({ id: schema.string(), @@ -59,6 +60,7 @@ export const updateAlertRoute = ( body: bodySchema, params: paramSchema, }, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: isServerless ? 'internal' : 'public', summary: 'Update an alert', diff --git a/x-pack/plugins/alerting/server/routes/legacy/update_api_key.ts b/x-pack/plugins/alerting/server/routes/legacy/update_api_key.ts index 603a321768573..45a3d35e7e5d3 100644 --- a/x-pack/plugins/alerting/server/routes/legacy/update_api_key.ts +++ b/x-pack/plugins/alerting/server/routes/legacy/update_api_key.ts @@ -15,6 +15,7 @@ import { LEGACY_BASE_ALERT_API_PATH } from '../../../common'; import { handleDisabledApiKeysError } from '../lib/error_handler'; import { RuleTypeDisabledError } from '../../lib/errors/rule_type_disabled'; import { trackLegacyRouteUsage } from '../../lib/track_legacy_route_usage'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../constants'; const paramSchema = schema.object({ id: schema.string(), @@ -33,6 +34,7 @@ export const updateApiKeyRoute = ( validate: { params: paramSchema, }, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: isServerless ? 'internal' : 'public', summary: 'Update the API key for an alert', diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/aggregate/aggregate_rules_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/aggregate/aggregate_rules_route.ts index 05c5fc2167e11..13cc8fb7d816c 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/aggregate/aggregate_rules_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/aggregate/aggregate_rules_route.ts @@ -21,6 +21,7 @@ import { import { formatDefaultAggregationResult } from './transforms'; import { transformAggregateQueryRequestV1, transformAggregateBodyResponseV1 } from './transforms'; import { DefaultRuleAggregationResult } from './types'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../../../constants'; export const aggregateRulesRoute = ( router: IRouter, @@ -30,6 +31,7 @@ export const aggregateRulesRoute = ( router.post( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/rules/_aggregate`, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'internal' }, validate: { body: aggregateRulesRequestBodySchemaV1, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/bulk_delete/bulk_delete_rules_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/bulk_delete/bulk_delete_rules_route.ts index 8548464d44812..8dc14d5d7cba0 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/bulk_delete/bulk_delete_rules_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/bulk_delete/bulk_delete_rules_route.ts @@ -17,6 +17,7 @@ import { import type { RuleParamsV1 } from '../../../../../common/routes/rule/response'; import { transformRuleToRuleResponseV1 } from '../../transforms'; import { Rule } from '../../../../application/rule/types'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../../../constants'; export const bulkDeleteRulesRoute = ({ router, @@ -28,6 +29,7 @@ export const bulkDeleteRulesRoute = ({ router.patch( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/rules/_bulk_delete`, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'internal' }, validate: { body: bulkDeleteRulesRequestBodySchemaV1, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/bulk_disable/bulk_disable_rules_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/bulk_disable/bulk_disable_rules_route.ts index 315904efa40a7..4a047a120b06b 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/bulk_disable/bulk_disable_rules_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/bulk_disable/bulk_disable_rules_route.ts @@ -18,6 +18,7 @@ import { import type { RuleParamsV1 } from '../../../../../common/routes/rule/response'; import { Rule } from '../../../../application/rule/types'; import { transformRuleToRuleResponseV1 } from '../../transforms'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../../../constants'; export const bulkDisableRulesRoute = ({ router, @@ -29,6 +30,7 @@ export const bulkDisableRulesRoute = ({ router.patch( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/rules/_bulk_disable`, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'internal' }, validate: { body: bulkDisableRulesRequestBodySchemaV1, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/bulk_edit/bulk_edit_rules_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/bulk_edit/bulk_edit_rules_route.ts index f516b63031aad..27c1730ed695e 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/bulk_edit/bulk_edit_rules_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/bulk_edit/bulk_edit_rules_route.ts @@ -22,6 +22,7 @@ import { Rule } from '../../../../application/rule/types'; import { transformRuleToRuleResponseV1 } from '../../transforms'; import { validateRequiredGroupInDefaultActionsV1 } from '../../validation'; import { transformOperationsV1 } from './transforms'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../../../constants'; interface BuildBulkEditRulesRouteParams { licenseState: ILicenseState; @@ -33,6 +34,7 @@ const buildBulkEditRulesRoute = ({ licenseState, path, router }: BuildBulkEditRu router.post( { path, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'internal' }, validate: { body: bulkEditRulesRequestBodySchemaV1, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/bulk_enable/bulk_enable_rules_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/bulk_enable/bulk_enable_rules_route.ts index 71932cb6d78bb..fe91eafe82b59 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/bulk_enable/bulk_enable_rules_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/bulk_enable/bulk_enable_rules_route.ts @@ -16,6 +16,7 @@ import { } from '../../../../../common/routes/rule/apis/bulk_enable'; import { RuleParamsV1 } from '../../../../../common/routes/rule/response'; import { transformBulkEnableResponseV1 } from './transforms'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../../../constants'; export const bulkEnableRulesRoute = ({ router, @@ -27,6 +28,7 @@ export const bulkEnableRulesRoute = ({ router.patch( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/rules/_bulk_enable`, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'internal' }, validate: { body: bulkEnableBodySchemaV1, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/bulk_untrack/bulk_untrack_alerts_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/bulk_untrack/bulk_untrack_alerts_route.ts index a43cc48d95631..48619a040ebc4 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/bulk_untrack/bulk_untrack_alerts_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/bulk_untrack/bulk_untrack_alerts_route.ts @@ -13,6 +13,7 @@ import { transformBulkUntrackAlertsBodyV1 } from './transforms'; import { ILicenseState, RuleTypeDisabledError } from '../../../../lib'; import { verifyAccessAndContext } from '../../../lib'; import { AlertingRequestHandlerContext, INTERNAL_BASE_ALERTING_API_PATH } from '../../../../types'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../../../constants'; export const bulkUntrackAlertsRoute = ( router: IRouter, @@ -21,6 +22,7 @@ export const bulkUntrackAlertsRoute = ( router.post( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/alerts/_bulk_untrack`, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'internal' }, validate: { body: bulkUntrackBodySchemaV1, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/bulk_untrack_by_query/bulk_untrack_alerts_by_query_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/bulk_untrack_by_query/bulk_untrack_alerts_by_query_route.ts index 735cd75b7f4a9..9f3bdfe959e38 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/bulk_untrack_by_query/bulk_untrack_alerts_by_query_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/bulk_untrack_by_query/bulk_untrack_alerts_by_query_route.ts @@ -14,6 +14,7 @@ import { ILicenseState, RuleTypeDisabledError } from '../../../../lib'; import { verifyAccessAndContext } from '../../../lib'; import { AlertingRequestHandlerContext, INTERNAL_BASE_ALERTING_API_PATH } from '../../../../types'; import { transformBulkUntrackAlertsByQueryBodyV1 } from './transforms'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../../../constants'; export const bulkUntrackAlertsByQueryRoute = ( router: IRouter, @@ -22,6 +23,7 @@ export const bulkUntrackAlertsByQueryRoute = ( router.post( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/alerts/_bulk_untrack_by_query`, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'internal' }, validate: { body: bulkUntrackByQueryBodySchemaV1, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/clone/clone_rule_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/clone/clone_rule_route.ts index 0aa23886a9b4a..cf483de6a62c5 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/clone/clone_rule_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/clone/clone_rule_route.ts @@ -17,6 +17,7 @@ import { import type { RuleParamsV1 } from '../../../../../common/routes/rule/response'; import { Rule } from '../../../../application/rule/types'; import { transformRuleToRuleResponseV1 } from '../../transforms'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../../../constants'; export const cloneRuleRoute = ( router: IRouter, @@ -25,6 +26,7 @@ export const cloneRuleRoute = ( router.post( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/rule/{id}/_clone/{newId?}`, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'internal' }, validate: { params: cloneRuleRequestParamsSchemaV1, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/create/create_rule_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/create/create_rule_route.ts index 26775ad0f98d4..72b4a4c897f1f 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/create/create_rule_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/create/create_rule_route.ts @@ -19,6 +19,7 @@ import { RuleParamsV1, ruleResponseSchemaV1 } from '../../../../../common/routes import { Rule } from '../../../../application/rule/types'; import { RuleTypeDisabledError } from '../../../../lib'; import { BASE_ALERTING_API_PATH } from '../../../../types'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../../../constants'; import { countUsageOfPredefinedIds, handleDisabledApiKeysError, @@ -32,6 +33,7 @@ export const createRuleRoute = ({ router, licenseState, usageCounter }: RouteOpt router.post( { path: `${BASE_ALERTING_API_PATH}/rule/{id?}`, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'public', summary: `Create a rule`, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/delete/delete_rule_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/delete/delete_rule_route.ts index e1e09403b309a..9fb4fd05bfb08 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/delete/delete_rule_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/delete/delete_rule_route.ts @@ -13,6 +13,7 @@ import { DeleteRuleRequestParamsV1, } from '../../../../../common/routes/rule/apis/delete'; import { AlertingRequestHandlerContext, BASE_ALERTING_API_PATH } from '../../../../types'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../../../constants'; export const deleteRuleRoute = ( router: IRouter, @@ -21,6 +22,7 @@ export const deleteRuleRoute = ( router.delete( { path: `${BASE_ALERTING_API_PATH}/rule/{id}`, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'public', summary: `Delete a rule`, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/disable/disable_rule_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/disable/disable_rule_route.ts index e364bc130121d..38451802d660f 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/disable/disable_rule_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/disable/disable_rule_route.ts @@ -15,6 +15,7 @@ import { import { ILicenseState, RuleTypeDisabledError } from '../../../../lib'; import { AlertingRequestHandlerContext, BASE_ALERTING_API_PATH } from '../../../../types'; import { verifyAccessAndContext } from '../../../lib'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../../../constants'; export const disableRuleRoute = ( router: IRouter, @@ -23,6 +24,7 @@ export const disableRuleRoute = ( router.post( { path: `${BASE_ALERTING_API_PATH}/rule/{id}/_disable`, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'public', summary: 'Disable a rule', diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/enable/enable_rule_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/enable/enable_rule_route.ts index e5f0983bf844b..1d68c5b922f22 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/enable/enable_rule_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/enable/enable_rule_route.ts @@ -14,6 +14,7 @@ import { EnableRuleRequestParamsV1, enableRuleRequestParamsSchemaV1, } from '../../../../../common/routes/rule/apis/enable'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../../../constants'; export const enableRuleRoute = ( router: IRouter, licenseState: ILicenseState @@ -21,6 +22,7 @@ export const enableRuleRoute = ( router.post( { path: `${BASE_ALERTING_API_PATH}/rule/{id}/_enable`, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'public', summary: 'Enable a rule', diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/find/find_internal_rules_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/find/find_internal_rules_route.ts index 0117d86468f2a..573c6eba399b0 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/find/find_internal_rules_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/find/find_internal_rules_route.ts @@ -21,6 +21,7 @@ import { import { verifyAccessAndContext } from '../../../lib'; import { trackLegacyTerminology } from '../../../lib/track_legacy_terminology'; import { transformFindRulesInternalBodyV1, transformFindRulesResponseV1 } from './transforms'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../../../constants'; export const findInternalRulesRoute = ( router: IRouter, @@ -30,6 +31,7 @@ export const findInternalRulesRoute = ( router.post( { path: INTERNAL_ALERTING_API_FIND_RULES_PATH, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'internal' }, validate: { body: findRulesInternalRequestBodySchemaV1, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/find/find_rules_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/find/find_rules_route.ts index 37ea13c7983e6..e24e58a63aa7d 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/find/find_rules_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/find/find_rules_route.ts @@ -18,6 +18,7 @@ import { AlertingRequestHandlerContext, BASE_ALERTING_API_PATH } from '../../../ import { verifyAccessAndContext } from '../../../lib'; import { trackLegacyTerminology } from '../../../lib/track_legacy_terminology'; import { transformFindRulesBodyV1, transformFindRulesResponseV1 } from './transforms'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../../../constants'; export const findRulesRoute = ( router: IRouter, @@ -27,6 +28,7 @@ export const findRulesRoute = ( router.get( { path: `${BASE_ALERTING_API_PATH}/rules/_find`, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'public', summary: 'Get information about rules', diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/get/get_rule_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/get/get_rule_route.ts index 46ccc00e33626..9119eae249db1 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/get/get_rule_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/get/get_rule_route.ts @@ -22,6 +22,7 @@ import type { GetRuleResponseV1, } from '../../../../../common/routes/rule/apis/get'; import { getRuleRequestParamsSchemaV1 } from '../../../../../common/routes/rule/apis/get'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../../../constants'; interface BuildGetRulesRouteParams { licenseState: ILicenseState; @@ -41,6 +42,7 @@ const buildGetRuleRoute = ({ { path, options, + security: DEFAULT_ALERTING_ROUTE_SECURITY, validate: { request: { params: getRuleRequestParamsSchemaV1, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/get_schedule_frequency/get_schedule_frequency_route.test.ts b/x-pack/plugins/alerting/server/routes/rule/apis/get_schedule_frequency/get_schedule_frequency_route.test.ts index a91a2b2728580..87eb61d320930 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/get_schedule_frequency/get_schedule_frequency_route.test.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/get_schedule_frequency/get_schedule_frequency_route.test.ts @@ -38,6 +38,12 @@ describe('getScheduleFrequencyRoute', () => { "access": "internal", }, "path": "/internal/alerting/rules/_schedule_frequency", + "security": Object { + "authz": Object { + "enabled": false, + "reason": "This route is opted out from authorization because alerting uses it's own authorization model inside the alerts client.", + }, + }, "validate": Object {}, } `); diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/get_schedule_frequency/get_schedule_frequency_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/get_schedule_frequency/get_schedule_frequency_route.ts index b91c0841df911..b0831aeee3790 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/get_schedule_frequency/get_schedule_frequency_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/get_schedule_frequency/get_schedule_frequency_route.ts @@ -11,6 +11,7 @@ import { verifyAccessAndContext } from '../../../lib'; import { AlertingRequestHandlerContext, INTERNAL_BASE_ALERTING_API_PATH } from '../../../../types'; import { GetScheduleFrequencyResponseV1 } from '../../../../../common/routes/rule/apis/get_schedule_frequency'; import { transformGetScheduleFrequencyResultV1 } from './transforms'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../../../constants'; export const getScheduleFrequencyRoute = ( router: IRouter, @@ -19,6 +20,7 @@ export const getScheduleFrequencyRoute = ( router.get( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/rules/_schedule_frequency`, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'internal' }, validate: {}, }, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/list_types/rule_types.ts b/x-pack/plugins/alerting/server/routes/rule/apis/list_types/rule_types.ts index a49820704d74a..ddc3bf25467ff 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/list_types/rule_types.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/list_types/rule_types.ts @@ -14,6 +14,7 @@ import { ILicenseState } from '../../../../lib'; import { verifyAccessAndContext } from '../../../lib'; import { AlertingRequestHandlerContext, BASE_ALERTING_API_PATH } from '../../../../types'; import { transformRuleTypesResponseV1 } from './transforms'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../../../constants'; export const ruleTypesRoute = ( router: IRouter, @@ -22,6 +23,7 @@ export const ruleTypesRoute = ( router.get( { path: `${BASE_ALERTING_API_PATH}/rule_types`, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'public', summary: `Get the rule types`, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/mute_alert/mute_alert.ts b/x-pack/plugins/alerting/server/routes/rule/apis/mute_alert/mute_alert.ts index f9b7fa8bfbf0e..8df34e052ae4a 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/mute_alert/mute_alert.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/mute_alert/mute_alert.ts @@ -13,6 +13,7 @@ import { muteAlertParamsSchemaV1, MuteAlertRequestParamsV1, } from '../../../../../common/routes/rule/apis/mute_alert'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../../../constants'; export const muteAlertRoute = ( router: IRouter, @@ -21,6 +22,7 @@ export const muteAlertRoute = ( router.post( { path: `${BASE_ALERTING_API_PATH}/rule/{rule_id}/alert/{alert_id}/_mute`, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'public', summary: `Mute an alert`, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/mute_all/mute_all_rule.ts b/x-pack/plugins/alerting/server/routes/rule/apis/mute_all/mute_all_rule.ts index 46f108cb3a94e..d34e589188bb2 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/mute_all/mute_all_rule.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/mute_all/mute_all_rule.ts @@ -15,6 +15,7 @@ import { muteAllRuleRequestParamsSchemaV1, MuteAllRuleRequestParamsV1, } from '../../../../../common/routes/rule/apis/mute_all'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../../../constants'; export const muteAllRuleRoute = ( router: IRouter, @@ -24,6 +25,7 @@ export const muteAllRuleRoute = ( router.post( { path: `${BASE_ALERTING_API_PATH}/rule/{id}/_mute_all`, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'public', summary: `Mute all alerts`, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/resolve/resolve_rule_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/resolve/resolve_rule_route.ts index ad0e846d452e5..bf5eef6add064 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/resolve/resolve_rule_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/resolve/resolve_rule_route.ts @@ -17,6 +17,7 @@ import { ILicenseState } from '../../../../lib'; import { verifyAccessAndContext } from '../../../lib'; import { AlertingRequestHandlerContext, INTERNAL_BASE_ALERTING_API_PATH } from '../../../../types'; import { transformResolveResponseV1 } from './transforms'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../../../constants'; export type ResolveRuleRequestParamsV1 = TypeOf; @@ -27,6 +28,7 @@ export const resolveRuleRoute = ( router.get( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/rule/{id}/_resolve`, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'internal' }, validate: { params: resolveParamsSchemaV1, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/snooze/snooze_rule_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/snooze/snooze_rule_route.ts index 3e0e22070d672..d7c93e76b7e3e 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/snooze/snooze_rule_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/snooze/snooze_rule_route.ts @@ -15,6 +15,7 @@ import { ILicenseState, RuleMutedError } from '../../../../lib'; import { verifyAccessAndContext } from '../../../lib'; import { AlertingRequestHandlerContext, INTERNAL_ALERTING_SNOOZE_RULE } from '../../../../types'; import { transformSnoozeBodyV1 } from './transforms'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../../../constants'; export type SnoozeRuleRequestParamsV1 = TypeOf; @@ -25,6 +26,7 @@ export const snoozeRuleRoute = ( router.post( { path: INTERNAL_ALERTING_SNOOZE_RULE, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'internal' }, validate: { params: snoozeParamsSchema, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/tags/get_rule_tags.ts b/x-pack/plugins/alerting/server/routes/rule/apis/tags/get_rule_tags.ts index 05e4433f5e53d..5cebefb96b9fd 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/tags/get_rule_tags.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/tags/get_rule_tags.ts @@ -14,6 +14,7 @@ import { import { AlertingRequestHandlerContext, INTERNAL_BASE_ALERTING_API_PATH } from '../../../../types'; import { ILicenseState } from '../../../../lib'; import { verifyAccessAndContext } from '../../../lib'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../../../constants'; export const getRuleTagsRoute = ( router: IRouter, @@ -22,6 +23,7 @@ export const getRuleTagsRoute = ( router.get( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/rules/_tags`, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'internal' }, validate: { query: ruleTagsRequestQuerySchemaV1, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/unmute_alert/unmute_alert_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/unmute_alert/unmute_alert_route.ts index 34108b937cc43..0dbd6089e54e4 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/unmute_alert/unmute_alert_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/unmute_alert/unmute_alert_route.ts @@ -14,6 +14,7 @@ import { ILicenseState, RuleTypeDisabledError } from '../../../../lib'; import { AlertingRequestHandlerContext, BASE_ALERTING_API_PATH } from '../../../../types'; import { verifyAccessAndContext } from '../../../lib'; import { transformRequestParamsToApplicationV1 } from './transforms'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../../../constants'; export const unmuteAlertRoute = ( router: IRouter, @@ -22,6 +23,7 @@ export const unmuteAlertRoute = ( router.post( { path: `${BASE_ALERTING_API_PATH}/rule/{rule_id}/alert/{alert_id}/_unmute`, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'public', summary: `Unmute an alert`, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/unmute_all/unmute_all_rule.ts b/x-pack/plugins/alerting/server/routes/rule/apis/unmute_all/unmute_all_rule.ts index bf9d1660d0def..28bb319009946 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/unmute_all/unmute_all_rule.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/unmute_all/unmute_all_rule.ts @@ -13,6 +13,7 @@ import { unmuteAllRuleRequestParamsSchemaV1, UnmuteAllRuleRequestParamsV1, } from '../../../../../common/routes/rule/apis/unmute_all'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../../../constants'; export const unmuteAllRuleRoute = ( router: IRouter, @@ -21,6 +22,7 @@ export const unmuteAllRuleRoute = ( router.post( { path: `${BASE_ALERTING_API_PATH}/rule/{id}/_unmute_all`, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'public', summary: `Unmute all alerts`, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/unsnooze/unsnooze_rule_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/unsnooze/unsnooze_rule_route.ts index e5f476cbb2038..e0ac5df1d8dc8 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/unsnooze/unsnooze_rule_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/unsnooze/unsnooze_rule_route.ts @@ -15,6 +15,7 @@ import { ILicenseState, RuleMutedError } from '../../../../lib'; import { verifyAccessAndContext } from '../../../lib'; import { AlertingRequestHandlerContext, INTERNAL_BASE_ALERTING_API_PATH } from '../../../../types'; import { transformUnsnoozeBodyV1 } from './transforms'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../../../constants'; export type UnsnoozeRuleRequestParamsV1 = TypeOf; @@ -25,6 +26,7 @@ export const unsnoozeRuleRoute = ( router.post( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/rule/{id}/_unsnooze`, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'internal' }, validate: { params: unsnoozeParamsSchema, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/update/update_rule_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/update/update_rule_route.ts index 8fee470cb3bd7..b8181ac9aff3d 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/update/update_rule_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/update/update_rule_route.ts @@ -23,6 +23,7 @@ import { handleDisabledApiKeysError, verifyAccessAndContext } from '../../../lib import { transformRuleToRuleResponseV1 } from '../../transforms'; import { validateRequiredGroupInDefaultActionsV1 } from '../../validation'; import { transformUpdateBodyV1 } from './transforms'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../../../constants'; export const updateRuleRoute = ( router: IRouter, @@ -31,6 +32,7 @@ export const updateRuleRoute = ( router.put( { path: `${BASE_ALERTING_API_PATH}/rule/{id}`, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'public', summary: `Update a rule`, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/update_api_key/update_rule_api_key_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/update_api_key/update_rule_api_key_route.ts index 4f16d873dfaa8..f306242ebb9ec 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/update_api_key/update_rule_api_key_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/update_api_key/update_rule_api_key_route.ts @@ -13,6 +13,7 @@ import { import { ILicenseState, RuleTypeDisabledError } from '../../../../lib'; import { AlertingRequestHandlerContext, BASE_ALERTING_API_PATH } from '../../../../types'; import { verifyAccessAndContext } from '../../../lib'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../../../constants'; export const updateRuleApiKeyRoute = ( router: IRouter, @@ -21,6 +22,7 @@ export const updateRuleApiKeyRoute = ( router.post( { path: `${BASE_ALERTING_API_PATH}/rule/{id}/_update_api_key`, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'public', summary: 'Update the API key for a rule', diff --git a/x-pack/plugins/alerting/server/routes/run_soon.ts b/x-pack/plugins/alerting/server/routes/run_soon.ts index 1b7fa271c9587..9d0024f090cb6 100644 --- a/x-pack/plugins/alerting/server/routes/run_soon.ts +++ b/x-pack/plugins/alerting/server/routes/run_soon.ts @@ -10,6 +10,7 @@ import { schema } from '@kbn/config-schema'; import { ILicenseState } from '../lib'; import { verifyAccessAndContext } from './lib'; import { AlertingRequestHandlerContext, INTERNAL_BASE_ALERTING_API_PATH } from '../types'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from './constants'; const paramSchema = schema.object({ id: schema.string(), @@ -22,6 +23,7 @@ export const runSoonRoute = ( router.post( { path: `${INTERNAL_BASE_ALERTING_API_PATH}/rule/{id}/_run_soon`, + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'internal', }, diff --git a/x-pack/plugins/alerting/server/routes/suggestions/fields_rules.ts b/x-pack/plugins/alerting/server/routes/suggestions/fields_rules.ts index f3201d961e684..4b8ffa8e67e66 100644 --- a/x-pack/plugins/alerting/server/routes/suggestions/fields_rules.ts +++ b/x-pack/plugins/alerting/server/routes/suggestions/fields_rules.ts @@ -21,6 +21,7 @@ import { IndexPatternsFetcher } from '@kbn/data-plugin/server'; import { verifyAccessAndContext } from '../lib'; import { ILicenseState } from '../../lib'; import { AlertingRequestHandlerContext } from '../../types'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../constants'; export function registerFieldsRoute( router: IRouter, @@ -30,6 +31,7 @@ export function registerFieldsRoute( router.post( { path: '/internal/rules/saved_objects/fields', + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'internal' }, validate: { body: schema.nullable( diff --git a/x-pack/plugins/alerting/server/routes/suggestions/values_suggestion_alerts.ts b/x-pack/plugins/alerting/server/routes/suggestions/values_suggestion_alerts.ts index 25dc8add03abf..5ad7e7a8ac437 100644 --- a/x-pack/plugins/alerting/server/routes/suggestions/values_suggestion_alerts.ts +++ b/x-pack/plugins/alerting/server/routes/suggestions/values_suggestion_alerts.ts @@ -25,6 +25,7 @@ import { } from '../../authorization'; import { AlertingRequestHandlerContext } from '../../types'; import { GetAlertIndicesAlias, ILicenseState } from '../../lib'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../constants'; const alertingAuthorizationFilterOpts: AlertingAuthorizationFilterOpts = { type: AlertingAuthorizationFilterType.ESDSL, @@ -49,6 +50,7 @@ export function registerAlertsValueSuggestionsRoute( router.post( { path: '/internal/alerts/suggestions/values', + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'internal' }, validate: AlertsSuggestionsSchema, }, diff --git a/x-pack/plugins/alerting/server/routes/suggestions/values_suggestion_rules.ts b/x-pack/plugins/alerting/server/routes/suggestions/values_suggestion_rules.ts index 420d6473988fa..1f33cba025396 100644 --- a/x-pack/plugins/alerting/server/routes/suggestions/values_suggestion_rules.ts +++ b/x-pack/plugins/alerting/server/routes/suggestions/values_suggestion_rules.ts @@ -25,6 +25,7 @@ import { AlertingAuthorizationFilterType, } from '../../authorization'; import { RuleAuditAction, ruleAuditEvent } from '../../rules_client/common/audit_events'; +import { DEFAULT_ALERTING_ROUTE_SECURITY } from '../constants'; const alertingAuthorizationFilterOpts: AlertingAuthorizationFilterOpts = { type: AlertingAuthorizationFilterType.ESDSL, @@ -49,6 +50,7 @@ export function registerRulesValueSuggestionsRoute( router.post( { path: '/internal/rules/suggestions/values', + security: DEFAULT_ALERTING_ROUTE_SECURITY, options: { access: 'internal' }, validate: RulesSuggestionsSchema, },