From 32f0396b277f255ca3465de4f1a8fcf11bbddfb3 Mon Sep 17 00:00:00 2001 From: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Date: Fri, 8 Nov 2024 19:39:05 +1100 Subject: [PATCH] Authorized route migration for routes owned by @elastic/security-detection-engine (#198195) ### Authz API migration for authorized routes This PR migrates `access:` tags used in route definitions to new security configuration. Please refer to the documentation for more information: [Authorization API](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization) ### **Before migration:** Access control tags were defined in the `options` object of the route: ```ts router.get({ path: '/api/path', options: { tags: ['access:', 'access:'], }, ... }, handler); ``` ### **After migration:** Tags have been replaced with the more robust `security.authz.requiredPrivileges` field under `security`: ```ts router.get({ path: '/api/path', security: { authz: { requiredPrivileges: ['', ''], }, }, ... }, handler); ``` ### What to do next? 1. Review the changes in this PR. 2. You might need to update your tests to reflect the new security configuration: - If you have tests that rely on checking `access` tags. - If you have snapshot tests that include the route definition. - If you have FTR tests that rely on checking unauthorized error message. The error message changed to also include missing privileges. ## Any questions? If you have any questions or need help with API authorization, please reach out to the `@elastic/kibana-security` team. --------- Co-authored-by: Elastic Machine Co-authored-by: Nikita Khristinin --- .../server/routes/create_endpoint_list_item_route.ts | 8 +++++--- .../lists/server/routes/create_endpoint_list_route.ts | 8 +++++--- .../server/routes/create_exception_list_item_route.ts | 8 +++++--- .../server/routes/create_exception_list_route.ts | 8 +++++--- .../server/routes/delete_endpoint_list_item_route.ts | 8 +++++--- .../server/routes/delete_exception_list_item_route.ts | 8 +++++--- .../server/routes/delete_exception_list_route.ts | 8 +++++--- .../server/routes/duplicate_exception_list_route.ts | 8 +++++--- .../server/routes/export_exception_list_route.ts | 8 +++++--- .../server/routes/find_endpoint_list_item_route.ts | 8 +++++--- .../server/routes/find_exception_list_item_route.ts | 8 +++++--- .../lists/server/routes/find_exception_list_route.ts | 8 +++++--- .../lists/server/routes/import_exceptions_route.ts | 6 +++++- .../routes/internal/create_exception_filter_route.ts | 8 +++++--- .../routes/internal/create_exceptions_list_route.ts | 11 +++++------ .../routes/internal/find_lists_by_size_route.ts | 8 +++++--- .../lists/server/routes/list/create_list_route.ts | 8 +++++--- .../lists/server/routes/list/delete_list_route.ts | 8 +++++--- .../server/routes/list/import_list_item_route.ts | 6 +++++- .../lists/server/routes/list/patch_list_route.ts | 8 +++++--- .../lists/server/routes/list/read_list_route.ts | 8 +++++--- .../lists/server/routes/list/update_list_route.ts | 8 +++++--- .../routes/list_index/create_list_index_route.ts | 8 +++++--- .../routes/list_index/delete_list_index_route.ts | 8 +++++--- .../routes/list_index/export_list_item_route.ts | 8 +++++--- .../lists/server/routes/list_index/find_list_route.ts | 8 +++++--- .../server/routes/list_index/read_list_index_route.ts | 8 +++++--- .../server/routes/list_item/create_list_item_route.ts | 8 +++++--- .../server/routes/list_item/delete_list_item_route.ts | 8 +++++--- .../server/routes/list_item/find_list_item_route.ts | 8 +++++--- .../server/routes/list_item/patch_list_item_route.ts | 8 +++++--- .../server/routes/list_item/read_list_item_route.ts | 8 +++++--- .../server/routes/list_item/update_list_item_route.ts | 8 +++++--- .../list_privileges/read_list_privileges_route.ts | 8 +++++--- .../server/routes/read_endpoint_list_item_route.ts | 8 +++++--- .../server/routes/read_exception_list_item_route.ts | 8 +++++--- .../lists/server/routes/read_exception_list_route.ts | 8 +++++--- .../server/routes/summary_exception_list_route.ts | 8 +++++--- .../server/routes/update_endpoint_list_item_route.ts | 8 +++++--- .../server/routes/update_exception_list_item_route.ts | 8 +++++--- .../server/routes/update_exception_list_route.ts | 8 +++++--- .../alert_status/alert_status.ts | 2 +- .../migrations/finalize_alerts_migrations.ts | 2 +- .../indicator_match_alert_suppression.ts | 2 +- 44 files changed, 208 insertions(+), 125 deletions(-) diff --git a/x-pack/plugins/lists/server/routes/create_endpoint_list_item_route.ts b/x-pack/plugins/lists/server/routes/create_endpoint_list_item_route.ts index 29f7c14c863c6..1ee178e9bc646 100644 --- a/x-pack/plugins/lists/server/routes/create_endpoint_list_item_route.ts +++ b/x-pack/plugins/lists/server/routes/create_endpoint_list_item_route.ts @@ -23,10 +23,12 @@ export const createEndpointListItemRoute = (router: ListsPluginRouter): void => router.versioned .post({ access: 'public', - options: { - tags: ['access:lists-all'], - }, path: ENDPOINT_LIST_ITEM_URL, + security: { + authz: { + requiredPrivileges: ['lists-all'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/create_endpoint_list_route.ts b/x-pack/plugins/lists/server/routes/create_endpoint_list_route.ts index b15658a40d7fb..54887adba7df4 100644 --- a/x-pack/plugins/lists/server/routes/create_endpoint_list_route.ts +++ b/x-pack/plugins/lists/server/routes/create_endpoint_list_route.ts @@ -27,10 +27,12 @@ export const createEndpointListRoute = (router: ListsPluginRouter): void => { router.versioned .post({ access: 'public', - options: { - tags: ['access:lists-all'], - }, path: ENDPOINT_LIST_URL, + security: { + authz: { + requiredPrivileges: ['lists-all'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/create_exception_list_item_route.ts b/x-pack/plugins/lists/server/routes/create_exception_list_item_route.ts index 7071ec6412a27..e5c6bfd09dfc5 100644 --- a/x-pack/plugins/lists/server/routes/create_exception_list_item_route.ts +++ b/x-pack/plugins/lists/server/routes/create_exception_list_item_route.ts @@ -25,10 +25,12 @@ export const createExceptionListItemRoute = (router: ListsPluginRouter): void => router.versioned .post({ access: 'public', - options: { - tags: ['access:lists-all'], - }, path: EXCEPTION_LIST_ITEM_URL, + security: { + authz: { + requiredPrivileges: ['lists-all'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/create_exception_list_route.ts b/x-pack/plugins/lists/server/routes/create_exception_list_route.ts index a0c0568c31b8d..c7e0a952743c3 100644 --- a/x-pack/plugins/lists/server/routes/create_exception_list_route.ts +++ b/x-pack/plugins/lists/server/routes/create_exception_list_route.ts @@ -22,10 +22,12 @@ export const createExceptionListRoute = (router: ListsPluginRouter): void => { router.versioned .post({ access: 'public', - options: { - tags: ['access:lists-all'], - }, path: EXCEPTION_LIST_URL, + security: { + authz: { + requiredPrivileges: ['lists-all'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/delete_endpoint_list_item_route.ts b/x-pack/plugins/lists/server/routes/delete_endpoint_list_item_route.ts index 0262b747744ec..ee7093bcc1c50 100644 --- a/x-pack/plugins/lists/server/routes/delete_endpoint_list_item_route.ts +++ b/x-pack/plugins/lists/server/routes/delete_endpoint_list_item_route.ts @@ -25,10 +25,12 @@ export const deleteEndpointListItemRoute = (router: ListsPluginRouter): void => router.versioned .delete({ access: 'public', - options: { - tags: ['access:lists-all'], - }, path: ENDPOINT_LIST_ITEM_URL, + security: { + authz: { + requiredPrivileges: ['lists-all'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/delete_exception_list_item_route.ts b/x-pack/plugins/lists/server/routes/delete_exception_list_item_route.ts index d460610cd02b7..d8eb32e9eeaf3 100644 --- a/x-pack/plugins/lists/server/routes/delete_exception_list_item_route.ts +++ b/x-pack/plugins/lists/server/routes/delete_exception_list_item_route.ts @@ -25,10 +25,12 @@ export const deleteExceptionListItemRoute = (router: ListsPluginRouter): void => router.versioned .delete({ access: 'public', - options: { - tags: ['access:lists-all'], - }, path: EXCEPTION_LIST_ITEM_URL, + security: { + authz: { + requiredPrivileges: ['lists-all'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/delete_exception_list_route.ts b/x-pack/plugins/lists/server/routes/delete_exception_list_route.ts index 938fc9b9bcc2d..db6bb460cbd37 100644 --- a/x-pack/plugins/lists/server/routes/delete_exception_list_route.ts +++ b/x-pack/plugins/lists/server/routes/delete_exception_list_route.ts @@ -21,10 +21,12 @@ export const deleteExceptionListRoute = (router: ListsPluginRouter): void => { router.versioned .delete({ access: 'public', - options: { - tags: ['access:lists-all'], - }, path: EXCEPTION_LIST_URL, + security: { + authz: { + requiredPrivileges: ['lists-all'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/duplicate_exception_list_route.ts b/x-pack/plugins/lists/server/routes/duplicate_exception_list_route.ts index 38a51f12a7ed5..308a2e4cd3a4c 100644 --- a/x-pack/plugins/lists/server/routes/duplicate_exception_list_route.ts +++ b/x-pack/plugins/lists/server/routes/duplicate_exception_list_route.ts @@ -21,10 +21,12 @@ export const duplicateExceptionsRoute = (router: ListsPluginRouter): void => { router.versioned .post({ access: 'public', - options: { - tags: ['access:lists-all'], - }, path: `${EXCEPTION_LIST_URL}/_duplicate`, + security: { + authz: { + requiredPrivileges: ['lists-all'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/export_exception_list_route.ts b/x-pack/plugins/lists/server/routes/export_exception_list_route.ts index 72ac564604337..8fdd7dbc5e392 100644 --- a/x-pack/plugins/lists/server/routes/export_exception_list_route.ts +++ b/x-pack/plugins/lists/server/routes/export_exception_list_route.ts @@ -18,10 +18,12 @@ export const exportExceptionsRoute = (router: ListsPluginRouter): void => { router.versioned .post({ access: 'public', - options: { - tags: ['access:lists-read'], - }, path: `${EXCEPTION_LIST_URL}/_export`, + security: { + authz: { + requiredPrivileges: ['lists-read'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/find_endpoint_list_item_route.ts b/x-pack/plugins/lists/server/routes/find_endpoint_list_item_route.ts index 01539424b8d69..d54560fb6c929 100644 --- a/x-pack/plugins/lists/server/routes/find_endpoint_list_item_route.ts +++ b/x-pack/plugins/lists/server/routes/find_endpoint_list_item_route.ts @@ -21,10 +21,12 @@ export const findEndpointListItemRoute = (router: ListsPluginRouter): void => { router.versioned .get({ access: 'public', - options: { - tags: ['access:lists-read'], - }, path: `${ENDPOINT_LIST_ITEM_URL}/_find`, + security: { + authz: { + requiredPrivileges: ['lists-read'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/find_exception_list_item_route.ts b/x-pack/plugins/lists/server/routes/find_exception_list_item_route.ts index f0e4b5546df4f..964a13296c804 100644 --- a/x-pack/plugins/lists/server/routes/find_exception_list_item_route.ts +++ b/x-pack/plugins/lists/server/routes/find_exception_list_item_route.ts @@ -21,10 +21,12 @@ export const findExceptionListItemRoute = (router: ListsPluginRouter): void => { router.versioned .get({ access: 'public', - options: { - tags: ['access:lists-read'], - }, path: `${EXCEPTION_LIST_ITEM_URL}/_find`, + security: { + authz: { + requiredPrivileges: ['lists-read'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/find_exception_list_route.ts b/x-pack/plugins/lists/server/routes/find_exception_list_route.ts index 93206b178e2d1..43a890780013b 100644 --- a/x-pack/plugins/lists/server/routes/find_exception_list_route.ts +++ b/x-pack/plugins/lists/server/routes/find_exception_list_route.ts @@ -21,10 +21,12 @@ export const findExceptionListRoute = (router: ListsPluginRouter): void => { router.versioned .get({ access: 'public', - options: { - tags: ['access:lists-read'], - }, path: `${EXCEPTION_LIST_URL}/_find`, + security: { + authz: { + requiredPrivileges: ['lists-read'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/import_exceptions_route.ts b/x-pack/plugins/lists/server/routes/import_exceptions_route.ts index af6a88254915c..946f1a02ac855 100644 --- a/x-pack/plugins/lists/server/routes/import_exceptions_route.ts +++ b/x-pack/plugins/lists/server/routes/import_exceptions_route.ts @@ -35,9 +35,13 @@ export const importExceptionsRoute = (router: ListsPluginRouter, config: ConfigT maxBytes: config.maxImportPayloadBytes, output: 'stream', }, - tags: ['access:lists-all'], }, path: `${EXCEPTION_LIST_URL}/_import`, + security: { + authz: { + requiredPrivileges: ['lists-all'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/internal/create_exception_filter_route.ts b/x-pack/plugins/lists/server/routes/internal/create_exception_filter_route.ts index 41c4e982a5b81..032951d7f750a 100644 --- a/x-pack/plugins/lists/server/routes/internal/create_exception_filter_route.ts +++ b/x-pack/plugins/lists/server/routes/internal/create_exception_filter_route.ts @@ -22,10 +22,12 @@ export const getExceptionFilterRoute = (router: ListsPluginRouter): void => { router.versioned .post({ access: 'internal', - options: { - tags: ['access:securitySolution'], - }, path: INTERNAL_EXCEPTION_FILTER, + security: { + authz: { + requiredPrivileges: ['securitySolution'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/internal/create_exceptions_list_route.ts b/x-pack/plugins/lists/server/routes/internal/create_exceptions_list_route.ts index 2ca2333333c7e..325c545777628 100644 --- a/x-pack/plugins/lists/server/routes/internal/create_exceptions_list_route.ts +++ b/x-pack/plugins/lists/server/routes/internal/create_exceptions_list_route.ts @@ -20,13 +20,12 @@ export const internalCreateExceptionListRoute = (router: ListsPluginRouter): voi router.versioned .post({ access: 'internal', - options: { - // Access control is set to `read` on purpose, as this route is internal and meant to - // ensure we have lists created (if not already) for Endpoint artifacts in order to support - // the UI. The Schema ensures that only endpoint artifact list IDs are allowed. - tags: ['access:lists-read'], - }, path: INTERNAL_EXCEPTIONS_LIST_ENSURE_CREATED_URL, + security: { + authz: { + requiredPrivileges: ['lists-read'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/internal/find_lists_by_size_route.ts b/x-pack/plugins/lists/server/routes/internal/find_lists_by_size_route.ts index 3b0bc716cade6..f8e5fc23e2e15 100644 --- a/x-pack/plugins/lists/server/routes/internal/find_lists_by_size_route.ts +++ b/x-pack/plugins/lists/server/routes/internal/find_lists_by_size_route.ts @@ -23,10 +23,12 @@ export const findListsBySizeRoute = (router: ListsPluginRouter): void => { router.versioned .get({ access: 'internal', - options: { - tags: ['access:lists-read'], - }, path: INTERNAL_FIND_LISTS_BY_SIZE, + security: { + authz: { + requiredPrivileges: ['lists-read'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/list/create_list_route.ts b/x-pack/plugins/lists/server/routes/list/create_list_route.ts index 9b4714e14720c..23934bdfc792f 100644 --- a/x-pack/plugins/lists/server/routes/list/create_list_route.ts +++ b/x-pack/plugins/lists/server/routes/list/create_list_route.ts @@ -18,10 +18,12 @@ export const createListRoute = (router: ListsPluginRouter): void => { router.versioned .post({ access: 'public', - options: { - tags: ['access:lists-all'], - }, path: LIST_URL, + security: { + authz: { + requiredPrivileges: ['lists-all'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/list/delete_list_route.ts b/x-pack/plugins/lists/server/routes/list/delete_list_route.ts index 66c8cb2ee4509..51877b511aca8 100644 --- a/x-pack/plugins/lists/server/routes/list/delete_list_route.ts +++ b/x-pack/plugins/lists/server/routes/list/delete_list_route.ts @@ -30,10 +30,12 @@ export const deleteListRoute = (router: ListsPluginRouter): void => { router.versioned .delete({ access: 'public', - options: { - tags: ['access:lists-all'], - }, path: LIST_URL, + security: { + authz: { + requiredPrivileges: ['lists-all'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/list/import_list_item_route.ts b/x-pack/plugins/lists/server/routes/list/import_list_item_route.ts index f3f52828f7872..cbe0816c2366f 100644 --- a/x-pack/plugins/lists/server/routes/list/import_list_item_route.ts +++ b/x-pack/plugins/lists/server/routes/list/import_list_item_route.ts @@ -34,12 +34,16 @@ export const importListItemRoute = (router: ListsPluginRouter, config: ConfigTyp maxBytes: config.maxImportPayloadBytes, parse: false, }, - tags: ['access:lists-all'], timeout: { payload: config.importTimeout.asMilliseconds(), }, }, path: `${LIST_ITEM_URL}/_import`, + security: { + authz: { + requiredPrivileges: ['lists-all'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/list/patch_list_route.ts b/x-pack/plugins/lists/server/routes/list/patch_list_route.ts index 90855ed96885a..369084cc21a2d 100644 --- a/x-pack/plugins/lists/server/routes/list/patch_list_route.ts +++ b/x-pack/plugins/lists/server/routes/list/patch_list_route.ts @@ -18,10 +18,12 @@ export const patchListRoute = (router: ListsPluginRouter): void => { router.versioned .patch({ access: 'public', - options: { - tags: ['access:lists-all'], - }, path: LIST_URL, + security: { + authz: { + requiredPrivileges: ['lists-all'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/list/read_list_route.ts b/x-pack/plugins/lists/server/routes/list/read_list_route.ts index fff8ef9e60971..7fa6d20867bec 100644 --- a/x-pack/plugins/lists/server/routes/list/read_list_route.ts +++ b/x-pack/plugins/lists/server/routes/list/read_list_route.ts @@ -18,10 +18,12 @@ export const readListRoute = (router: ListsPluginRouter): void => { router.versioned .get({ access: 'public', - options: { - tags: ['access:lists-read'], - }, path: LIST_URL, + security: { + authz: { + requiredPrivileges: ['lists-read'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/list/update_list_route.ts b/x-pack/plugins/lists/server/routes/list/update_list_route.ts index cf8e0dc4de83f..a09c91b869372 100644 --- a/x-pack/plugins/lists/server/routes/list/update_list_route.ts +++ b/x-pack/plugins/lists/server/routes/list/update_list_route.ts @@ -18,10 +18,12 @@ export const updateListRoute = (router: ListsPluginRouter): void => { router.versioned .put({ access: 'public', - options: { - tags: ['access:lists-all'], - }, path: LIST_URL, + security: { + authz: { + requiredPrivileges: ['lists-all'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/list_index/create_list_index_route.ts b/x-pack/plugins/lists/server/routes/list_index/create_list_index_route.ts index 5842d7032a8bc..1881e51c5888b 100644 --- a/x-pack/plugins/lists/server/routes/list_index/create_list_index_route.ts +++ b/x-pack/plugins/lists/server/routes/list_index/create_list_index_route.ts @@ -17,10 +17,12 @@ export const createListIndexRoute = (router: ListsPluginRouter): void => { router.versioned .post({ access: 'public', - options: { - tags: ['access:lists-all'], - }, path: LIST_INDEX, + security: { + authz: { + requiredPrivileges: ['lists-all'], + }, + }, }) .addVersion({ validate: false, version: '2023-10-31' }, async (context, _, response) => { const siemResponse = buildSiemResponse(response); diff --git a/x-pack/plugins/lists/server/routes/list_index/delete_list_index_route.ts b/x-pack/plugins/lists/server/routes/list_index/delete_list_index_route.ts index 0814739ab11e7..bb1801c29eb3f 100644 --- a/x-pack/plugins/lists/server/routes/list_index/delete_list_index_route.ts +++ b/x-pack/plugins/lists/server/routes/list_index/delete_list_index_route.ts @@ -34,10 +34,12 @@ export const deleteListIndexRoute = (router: ListsPluginRouter): void => { router.versioned .delete({ access: 'public', - options: { - tags: ['access:lists-all'], - }, path: LIST_INDEX, + security: { + authz: { + requiredPrivileges: ['lists-all'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/list_index/export_list_item_route.ts b/x-pack/plugins/lists/server/routes/list_index/export_list_item_route.ts index 94cacc2f89c40..0c66787b80739 100644 --- a/x-pack/plugins/lists/server/routes/list_index/export_list_item_route.ts +++ b/x-pack/plugins/lists/server/routes/list_index/export_list_item_route.ts @@ -20,10 +20,12 @@ export const exportListItemRoute = (router: ListsPluginRouter): void => { router.versioned .post({ access: 'public', - options: { - tags: ['access:lists-read'], - }, path: `${LIST_ITEM_URL}/_export`, + security: { + authz: { + requiredPrivileges: ['lists-read'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/list_index/find_list_route.ts b/x-pack/plugins/lists/server/routes/list_index/find_list_route.ts index 2bdbcc5239363..13dd137a3d84f 100644 --- a/x-pack/plugins/lists/server/routes/list_index/find_list_route.ts +++ b/x-pack/plugins/lists/server/routes/list_index/find_list_route.ts @@ -18,10 +18,12 @@ export const findListRoute = (router: ListsPluginRouter): void => { router.versioned .get({ access: 'public', - options: { - tags: ['access:lists-read'], - }, path: `${LIST_URL}/_find`, + security: { + authz: { + requiredPrivileges: ['lists-read'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/list_index/read_list_index_route.ts b/x-pack/plugins/lists/server/routes/list_index/read_list_index_route.ts index 79c82e739ebe8..2cbe90aa3c81e 100644 --- a/x-pack/plugins/lists/server/routes/list_index/read_list_index_route.ts +++ b/x-pack/plugins/lists/server/routes/list_index/read_list_index_route.ts @@ -17,10 +17,12 @@ export const readListIndexRoute = (router: ListsPluginRouter): void => { router.versioned .get({ access: 'public', - options: { - tags: ['access:lists-read'], - }, path: LIST_INDEX, + security: { + authz: { + requiredPrivileges: ['lists-read'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/list_item/create_list_item_route.ts b/x-pack/plugins/lists/server/routes/list_item/create_list_item_route.ts index e5b1b15ef10d4..b43b5e258d42a 100644 --- a/x-pack/plugins/lists/server/routes/list_item/create_list_item_route.ts +++ b/x-pack/plugins/lists/server/routes/list_item/create_list_item_route.ts @@ -21,10 +21,12 @@ export const createListItemRoute = (router: ListsPluginRouter): void => { router.versioned .post({ access: 'public', - options: { - tags: ['access:lists-all'], - }, path: LIST_ITEM_URL, + security: { + authz: { + requiredPrivileges: ['lists-all'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/list_item/delete_list_item_route.ts b/x-pack/plugins/lists/server/routes/list_item/delete_list_item_route.ts index 4cf9dd4d96911..94c6b17f28d4d 100644 --- a/x-pack/plugins/lists/server/routes/list_item/delete_list_item_route.ts +++ b/x-pack/plugins/lists/server/routes/list_item/delete_list_item_route.ts @@ -21,10 +21,12 @@ export const deleteListItemRoute = (router: ListsPluginRouter): void => { router.versioned .delete({ access: 'public', - options: { - tags: ['access:lists-all'], - }, path: LIST_ITEM_URL, + security: { + authz: { + requiredPrivileges: ['lists-all'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/list_item/find_list_item_route.ts b/x-pack/plugins/lists/server/routes/list_item/find_list_item_route.ts index 6bfd673f8fbc0..5ed305de7ec8a 100644 --- a/x-pack/plugins/lists/server/routes/list_item/find_list_item_route.ts +++ b/x-pack/plugins/lists/server/routes/list_item/find_list_item_route.ts @@ -21,10 +21,12 @@ export const findListItemRoute = (router: ListsPluginRouter): void => { router.versioned .get({ access: 'public', - options: { - tags: ['access:lists-read'], - }, path: `${LIST_ITEM_URL}/_find`, + security: { + authz: { + requiredPrivileges: ['lists-read'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/list_item/patch_list_item_route.ts b/x-pack/plugins/lists/server/routes/list_item/patch_list_item_route.ts index 3545516e17f3c..ef9290bc2ef32 100644 --- a/x-pack/plugins/lists/server/routes/list_item/patch_list_item_route.ts +++ b/x-pack/plugins/lists/server/routes/list_item/patch_list_item_route.ts @@ -21,10 +21,12 @@ export const patchListItemRoute = (router: ListsPluginRouter): void => { router.versioned .patch({ access: 'public', - options: { - tags: ['access:lists-all'], - }, path: LIST_ITEM_URL, + security: { + authz: { + requiredPrivileges: ['lists-all'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/list_item/read_list_item_route.ts b/x-pack/plugins/lists/server/routes/list_item/read_list_item_route.ts index 29513aa23f74f..421108552b7bd 100644 --- a/x-pack/plugins/lists/server/routes/list_item/read_list_item_route.ts +++ b/x-pack/plugins/lists/server/routes/list_item/read_list_item_route.ts @@ -21,10 +21,12 @@ export const readListItemRoute = (router: ListsPluginRouter): void => { router.versioned .get({ access: 'public', - options: { - tags: ['access:lists-read'], - }, path: LIST_ITEM_URL, + security: { + authz: { + requiredPrivileges: ['lists-read'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/list_item/update_list_item_route.ts b/x-pack/plugins/lists/server/routes/list_item/update_list_item_route.ts index 408391ca63f11..14c992870e921 100644 --- a/x-pack/plugins/lists/server/routes/list_item/update_list_item_route.ts +++ b/x-pack/plugins/lists/server/routes/list_item/update_list_item_route.ts @@ -21,10 +21,12 @@ export const updateListItemRoute = (router: ListsPluginRouter): void => { router.versioned .put({ access: 'public', - options: { - tags: ['access:lists-all'], - }, path: LIST_ITEM_URL, + security: { + authz: { + requiredPrivileges: ['lists-all'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/list_privileges/read_list_privileges_route.ts b/x-pack/plugins/lists/server/routes/list_privileges/read_list_privileges_route.ts index 94c171a2ec79c..bf322d10cfc85 100644 --- a/x-pack/plugins/lists/server/routes/list_privileges/read_list_privileges_route.ts +++ b/x-pack/plugins/lists/server/routes/list_privileges/read_list_privileges_route.ts @@ -16,10 +16,12 @@ export const readPrivilegesRoute = (router: ListsPluginRouter): void => { router.versioned .get({ access: 'public', - options: { - tags: ['access:lists-read'], - }, path: LIST_PRIVILEGES_URL, + security: { + authz: { + requiredPrivileges: ['lists-read'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/read_endpoint_list_item_route.ts b/x-pack/plugins/lists/server/routes/read_endpoint_list_item_route.ts index d7e057a70d5de..2f607d4c4c334 100644 --- a/x-pack/plugins/lists/server/routes/read_endpoint_list_item_route.ts +++ b/x-pack/plugins/lists/server/routes/read_endpoint_list_item_route.ts @@ -25,10 +25,12 @@ export const readEndpointListItemRoute = (router: ListsPluginRouter): void => { router.versioned .get({ access: 'public', - options: { - tags: ['access:lists-read'], - }, path: ENDPOINT_LIST_ITEM_URL, + security: { + authz: { + requiredPrivileges: ['lists-read'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/read_exception_list_item_route.ts b/x-pack/plugins/lists/server/routes/read_exception_list_item_route.ts index 9f35da7fa6fe8..ceb0195c390ab 100644 --- a/x-pack/plugins/lists/server/routes/read_exception_list_item_route.ts +++ b/x-pack/plugins/lists/server/routes/read_exception_list_item_route.ts @@ -25,10 +25,12 @@ export const readExceptionListItemRoute = (router: ListsPluginRouter): void => { router.versioned .get({ access: 'public', - options: { - tags: ['access:lists-read'], - }, path: EXCEPTION_LIST_ITEM_URL, + security: { + authz: { + requiredPrivileges: ['lists-read'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/read_exception_list_route.ts b/x-pack/plugins/lists/server/routes/read_exception_list_route.ts index b98b7dfe86ee8..2ff46ffba56f4 100644 --- a/x-pack/plugins/lists/server/routes/read_exception_list_route.ts +++ b/x-pack/plugins/lists/server/routes/read_exception_list_route.ts @@ -21,10 +21,12 @@ export const readExceptionListRoute = (router: ListsPluginRouter): void => { router.versioned .get({ access: 'public', - options: { - tags: ['access:lists-read'], - }, path: EXCEPTION_LIST_URL, + security: { + authz: { + requiredPrivileges: ['lists-read'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/summary_exception_list_route.ts b/x-pack/plugins/lists/server/routes/summary_exception_list_route.ts index 28810283770be..bf5fe000a7fb6 100644 --- a/x-pack/plugins/lists/server/routes/summary_exception_list_route.ts +++ b/x-pack/plugins/lists/server/routes/summary_exception_list_route.ts @@ -21,10 +21,12 @@ export const summaryExceptionListRoute = (router: ListsPluginRouter): void => { router.versioned .get({ access: 'public', - options: { - tags: ['access:lists-summary'], - }, path: `${EXCEPTION_LIST_URL}/summary`, + security: { + authz: { + requiredPrivileges: ['lists-summary'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/update_endpoint_list_item_route.ts b/x-pack/plugins/lists/server/routes/update_endpoint_list_item_route.ts index 048816c519a0f..a6c633ab57c3a 100644 --- a/x-pack/plugins/lists/server/routes/update_endpoint_list_item_route.ts +++ b/x-pack/plugins/lists/server/routes/update_endpoint_list_item_route.ts @@ -23,10 +23,12 @@ export const updateEndpointListItemRoute = (router: ListsPluginRouter): void => router.versioned .put({ access: 'public', - options: { - tags: ['access:lists-all'], - }, path: ENDPOINT_LIST_ITEM_URL, + security: { + authz: { + requiredPrivileges: ['lists-all'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/update_exception_list_item_route.ts b/x-pack/plugins/lists/server/routes/update_exception_list_item_route.ts index f3f925317afb0..da1541bb86178 100644 --- a/x-pack/plugins/lists/server/routes/update_exception_list_item_route.ts +++ b/x-pack/plugins/lists/server/routes/update_exception_list_item_route.ts @@ -24,10 +24,12 @@ export const updateExceptionListItemRoute = (router: ListsPluginRouter): void => router.versioned .put({ access: 'public', - options: { - tags: ['access:lists-all'], - }, path: EXCEPTION_LIST_ITEM_URL, + security: { + authz: { + requiredPrivileges: ['lists-all'], + }, + }, }) .addVersion( { diff --git a/x-pack/plugins/lists/server/routes/update_exception_list_route.ts b/x-pack/plugins/lists/server/routes/update_exception_list_route.ts index 6998b612c78a2..36d65d9b1ac5e 100644 --- a/x-pack/plugins/lists/server/routes/update_exception_list_route.ts +++ b/x-pack/plugins/lists/server/routes/update_exception_list_route.ts @@ -21,10 +21,12 @@ export const updateExceptionListRoute = (router: ListsPluginRouter): void => { router.versioned .put({ access: 'public', - options: { - tags: ['access:lists-all'], - }, path: EXCEPTION_LIST_URL, + security: { + authz: { + requiredPrivileges: ['lists-all'], + }, + }, }) .addVersion( { diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/alert_status/alert_status.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/alert_status/alert_status.ts index 1a26ae97e3817..bf2e5831c10f7 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/alert_status/alert_status.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/alert_status/alert_status.ts @@ -45,7 +45,7 @@ export default ({ getService }: FtrProviderContext) => { describe('@ess @serverless change alert status endpoints', () => { // Flakey: See https://github.com/elastic/kibana/issues/179704 - describe.skip('validation checks', () => { + describe('validation checks', () => { describe('update by ids', () => { it('should not give errors when querying and the alerts index does not exist yet', async () => { const { body } = await supertest diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/ess_specific_index_logic/migrations/finalize_alerts_migrations.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/ess_specific_index_logic/migrations/finalize_alerts_migrations.ts index 02d681fe29712..00195bc813c97 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/ess_specific_index_logic/migrations/finalize_alerts_migrations.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/alerts/basic_license_essentials_tier/ess_specific_index_logic/migrations/finalize_alerts_migrations.ts @@ -192,7 +192,7 @@ export default ({ getService }: FtrProviderContext): void => { // it's been skipped since it was originally introduced in // https://github.com/elastic/kibana/pull/85690. Created ticket to track skip. // https://github.com/elastic/kibana/issues/179593 - it.skip('deletes the underlying migration task', async () => { + it('deletes the underlying migration task', async () => { await waitFor( async () => { const { diff --git a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/indicator_match/trial_license_complete_tier/indicator_match_alert_suppression.ts b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/indicator_match/trial_license_complete_tier/indicator_match_alert_suppression.ts index 9bbfe6179f397..1acb416808081 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/indicator_match/trial_license_complete_tier/indicator_match_alert_suppression.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/indicator_match/trial_license_complete_tier/indicator_match_alert_suppression.ts @@ -168,7 +168,7 @@ export default ({ getService }: FtrProviderContext) => { cases.forEach(({ eventsCount, threatsCount, title }) => { // FLAKY: https://github.com/elastic/kibana/issues/197765 - describe.skip(`Code execution path: ${title}`, () => { + describe(`Code execution path: ${title}`, () => { it('should suppress an alert on real rule executions', async () => { const id = uuidv4(); const firstTimestamp = new Date().toISOString();