Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[8.x] [ResponseOps][Actions] Manual migration of action routes without access tags (#204030) #204215

Merged
merged 1 commit into from
Dec 13, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ import {
createConnectorRequestBodySchemaV1,
} from '../../../../common/routes/connector/apis/create';
import { transformCreateConnectorBodyV1 } from './transforms';
import { DEFAULT_ACTION_ROUTE_SECURITY } from '../../constants';

export const createConnectorRoute = (
router: IRouter<ActionsRequestHandlerContext>,
Expand All @@ -25,6 +26,7 @@ export const createConnectorRoute = (
router.post(
{
path: `${BASE_ACTION_API_PATH}/connector/{id?}`,
security: DEFAULT_ACTION_ROUTE_SECURITY,
options: {
access: 'public',
summary: 'Create a connector',
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import {
deleteConnectorRequestParamsSchemaV1,
DeleteConnectorRequestParamsV1,
} from '../../../../common/routes/connector/apis/delete';
import { DEFAULT_ACTION_ROUTE_SECURITY } from '../../constants';

export const deleteConnectorRoute = (
router: IRouter<ActionsRequestHandlerContext>,
Expand All @@ -22,6 +23,7 @@ export const deleteConnectorRoute = (
router.delete(
{
path: `${BASE_ACTION_API_PATH}/connector/{id}`,
security: DEFAULT_ACTION_ROUTE_SECURITY,
options: {
access: 'public',
summary: `Delete a connector`,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ import {
ExecuteConnectorRequestParamsV1,
} from '../../../../common/routes/connector/apis/execute';
import { transformExecuteConnectorResponseV1 } from './transforms';
import { DEFAULT_ACTION_ROUTE_SECURITY } from '../../constants';

export const executeConnectorRoute = (
router: IRouter<ActionsRequestHandlerContext>,
Expand All @@ -28,6 +29,7 @@ export const executeConnectorRoute = (
router.post(
{
path: `${BASE_ACTION_API_PATH}/connector/{id}/_execute`,
security: DEFAULT_ACTION_ROUTE_SECURITY,
options: {
access: 'public',
summary: `Run a connector`,
Expand Down
2 changes: 2 additions & 0 deletions x-pack/plugins/actions/server/routes/connector/get/get.ts
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ import { ILicenseState } from '../../../lib';
import { BASE_ACTION_API_PATH } from '../../../../common';
import { ActionsRequestHandlerContext } from '../../../types';
import { verifyAccessAndContext } from '../../verify_access_and_context';
import { DEFAULT_ACTION_ROUTE_SECURITY } from '../../constants';

export const getConnectorRoute = (
router: IRouter<ActionsRequestHandlerContext>,
Expand All @@ -24,6 +25,7 @@ export const getConnectorRoute = (
router.get(
{
path: `${BASE_ACTION_API_PATH}/connector/{id}`,
security: DEFAULT_ACTION_ROUTE_SECURITY,
options: {
access: 'public',
summary: `Get connector information`,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import { ActionsRequestHandlerContext } from '../../../types';
import { BASE_ACTION_API_PATH } from '../../../../common';
import { ILicenseState } from '../../../lib';
import { verifyAccessAndContext } from '../../verify_access_and_context';
import { DEFAULT_ACTION_ROUTE_SECURITY } from '../../constants';

export const getAllConnectorsRoute = (
router: IRouter<ActionsRequestHandlerContext>,
Expand All @@ -20,6 +21,7 @@ export const getAllConnectorsRoute = (
router.get(
{
path: `${BASE_ACTION_API_PATH}/connectors`,
security: DEFAULT_ACTION_ROUTE_SECURITY,
options: {
access: 'public',
summary: `Get all connectors`,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import { INTERNAL_BASE_ACTION_API_PATH } from '../../../../common';
import { ILicenseState } from '../../../lib';
import { verifyAccessAndContext } from '../../verify_access_and_context';
import { transformGetAllConnectorsResponseV1 } from '../get_all/transforms';
import { DEFAULT_ACTION_ROUTE_SECURITY } from '../../constants';

export const getAllConnectorsIncludingSystemRoute = (
router: IRouter<ActionsRequestHandlerContext>,
Expand All @@ -20,6 +21,7 @@ export const getAllConnectorsIncludingSystemRoute = (
router.get(
{
path: `${INTERNAL_BASE_ACTION_API_PATH}/connectors`,
security: DEFAULT_ACTION_ROUTE_SECURITY,
validate: {},
options: {
access: 'internal',
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,12 @@ export const listTypesRoute = (
router.get(
{
path: `${BASE_ACTION_API_PATH}/connector_types`,
security: {
authz: {
enabled: false,
reason: 'This API does not require any Kibana feature privileges.',
},
},
options: {
access: 'public',
summary: `Get connector types`,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,12 @@ export const listTypesWithSystemRoute = (
router.get(
{
path: `${INTERNAL_BASE_ACTION_API_PATH}/connector_types`,
security: {
authz: {
enabled: false,
reason: 'This internal API does not require any Kibana feature privileges.',
},
},
validate: {
query: connectorTypesQuerySchemaV1,
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ import {
updateConnectorParamsSchemaV1,
} from '../../../../common/routes/connector/apis/update';
import { transformUpdateConnectorResponseV1 } from './transforms';
import { DEFAULT_ACTION_ROUTE_SECURITY } from '../../constants';

export const updateConnectorRoute = (
router: IRouter<ActionsRequestHandlerContext>,
Expand All @@ -26,6 +27,7 @@ export const updateConnectorRoute = (
router.put(
{
path: `${BASE_ACTION_API_PATH}/connector/{id}`,
security: DEFAULT_ACTION_ROUTE_SECURITY,
options: {
access: 'public',
summary: `Update a connector`,
Expand Down
20 changes: 20 additions & 0 deletions x-pack/plugins/actions/server/routes/constants.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/

import type { RouteSecurity } from '@kbn/core-http-server';

/**
* This constant is used as the default value for the security object in routes
* where a reason for opting out needs to be provided.
*/
export const DEFAULT_ACTION_ROUTE_SECURITY: RouteSecurity = {
authz: {
enabled: false,
reason:
'This route is opted out from authorization because actions use their own authorization model inside the actions client.',
},
};
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ import { verifyAccessAndContext } from './verify_access_and_context';
import { ActionsRequestHandlerContext } from '../types';
import { ILicenseState } from '../lib';
import { rewriteNamespaces } from './rewrite_namespaces';
import { DEFAULT_ACTION_ROUTE_SECURITY } from './constants';

const bodySchema = schema.object({
date_start: schema.string(),
Expand Down Expand Up @@ -42,6 +43,7 @@ export const getGlobalExecutionKPIRoute = (
router.post(
{
path: `${INTERNAL_BASE_ACTION_API_PATH}/_global_connector_execution_kpi`,
security: DEFAULT_ACTION_ROUTE_SECURITY,
validate: {
body: bodySchema,
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ import {
} from '../../common';
import { verifyAccessAndContext } from './verify_access_and_context';
import { rewriteNamespaces } from './rewrite_namespaces';
import { DEFAULT_ACTION_ROUTE_SECURITY } from './constants';

const sortOrderSchema = schema.oneOf([schema.literal('asc'), schema.literal('desc')]);

Expand Down Expand Up @@ -54,6 +55,7 @@ export const getGlobalExecutionLogRoute = (
router.post(
{
path: `${INTERNAL_BASE_ACTION_API_PATH}/_global_connector_execution_logs`,
security: DEFAULT_ACTION_ROUTE_SECURITY,
validate: {
body: bodySchema,
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import { INTERNAL_BASE_ACTION_API_PATH } from '../../common';
import { ActionsRequestHandlerContext } from '../types';
import { verifyAccessAndContext } from './verify_access_and_context';
import { ActionsConfigurationUtilities } from '../actions_config';
import { DEFAULT_ACTION_ROUTE_SECURITY } from './constants';

const oauthJwtBodySchema = schema.object({
tokenUrl: schema.string(),
Expand Down Expand Up @@ -63,6 +64,7 @@ export const getOAuthAccessToken = (
router.post(
{
path: `${INTERNAL_BASE_ACTION_API_PATH}/connector/_oauth_access_token`,
security: DEFAULT_ACTION_ROUTE_SECURITY,
validate: {
body: bodySchema,
},
Expand Down
Loading