Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[upgrade assistant] Add authz info to REST api endpoints #205071

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions x-pack/plugins/upgrade_assistant/server/routes/app.ts
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,12 @@ export function registerAppRoutes({
router.get(
{
path: `${API_BASE_PATH}/privileges`,
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: false,
},
versionCheckHandlerWrapper(async ({ core }, request, response) => {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,16 @@ export function registerCloudBackupStatusRoutes({
}: RouteDependencies) {
// GET most recent Cloud snapshot
router.get(
{ path: `${API_BASE_PATH}/cloud_backup_status`, validate: false },
{
path: `${API_BASE_PATH}/cloud_backup_status`,
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: false,
},
versionCheckHandlerWrapper(async (context, request, response) => {
const { client: clusterClient } = (await context.core).elasticsearch;

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,12 @@ export function registerClusterSettingsRoute({
router.post(
{
path: `${API_BASE_PATH}/cluster_settings`,
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
body: schema.object({
settings: schema.arrayOf(schema.string()),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,16 @@ import { RouteDependencies } from '../types';

export function registerClusterUpgradeStatusRoutes({ router }: RouteDependencies) {
router.get(
{ path: `${API_BASE_PATH}/cluster_upgrade_status`, validate: false },
{
path: `${API_BASE_PATH}/cluster_upgrade_status`,
security: {
authz: {
enabled: false,
reason: 'Lightweight endpoint',
},
},
validate: false,
},
// We're just depending on the version check to return a 426.
// Otherwise we just return a 200.
versionCheckHandlerWrapper(async (context, request, response) => {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,12 @@ export function registerDeprecationLoggingRoutes({
router.get(
{
path: `${API_BASE_PATH}/deprecation_logging`,
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: false,
},
versionCheckHandlerWrapper(async ({ core }, request, response) => {
Expand All @@ -46,6 +52,12 @@ export function registerDeprecationLoggingRoutes({
router.put(
{
path: `${API_BASE_PATH}/deprecation_logging`,
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
body: schema.object({
isEnabled: schema.boolean(),
Expand All @@ -70,6 +82,12 @@ export function registerDeprecationLoggingRoutes({
router.get(
{
path: `${API_BASE_PATH}/deprecation_logging/count`,
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
query: schema.object({
from: schema.string(),
Expand Down Expand Up @@ -124,6 +142,12 @@ export function registerDeprecationLoggingRoutes({
router.delete(
{
path: `${API_BASE_PATH}/deprecation_logging/cache`,
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: false,
},
versionCheckHandlerWrapper(async ({ core }, request, response) => {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,12 @@ export function registerESDeprecationRoutes({
router.get(
{
path: `${API_BASE_PATH}/es_deprecations`,
security: {
authz: {
enabled: false,
reason: 'Relies on es and saved object clients for authorization',
},
},
validate: false,
},
versionCheckHandlerWrapper(async ({ core }, request, response) => {
Expand Down
12 changes: 12 additions & 0 deletions x-pack/plugins/upgrade_assistant/server/routes/ml_snapshots.ts
Original file line number Diff line number Diff line change
Expand Up @@ -145,6 +145,12 @@ export function registerMlSnapshotRoutes({
router.post(
{
path: `${API_BASE_PATH}/ml_snapshots`,
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
body: schema.object({
snapshotId: schema.string(),
Expand Down Expand Up @@ -195,6 +201,12 @@ export function registerMlSnapshotRoutes({
router.get(
{
path: `${API_BASE_PATH}/ml_snapshots/{jobId}/{snapshotId}`,
security: {
authz: {
enabled: false,
reason: 'Relies on es and saved object clients for authorization',
},
},
validate: {
params: schema.object({
snapshotId: schema.string(),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,12 @@ export function registerNodeDiskSpaceRoute({ router, lib: { handleEsError } }: R
router.get(
{
path: `${API_BASE_PATH}/node_disk_space`,
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: false,
},
versionCheckHandlerWrapper(async ({ core }, request, response) => {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,12 @@ export function registerBatchReindexIndicesRoutes(
router.get(
{
path: `${BASE_PATH}/batch/queue`,
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
options: {
access: 'public',
summary: `Get the batch reindex queue`,
Expand Down Expand Up @@ -75,6 +81,12 @@ export function registerBatchReindexIndicesRoutes(
router.post(
{
path: `${BASE_PATH}/batch`,
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
options: {
access: 'public',
summary: `Batch start or resume reindex`,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,12 @@ export function registerReindexIndicesRoutes(
router.post(
{
path: `${BASE_PATH}/{indexName}`,
security: {
authz: {
enabled: false,
reason: 'Relies on es and saved object clients for authorization',
},
},
options: {
access: 'public',
summary: `Start or resume reindex`,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,12 @@ export function registerRemoteClustersRoute({ router, lib: { handleEsError } }:
router.get(
{
path: `${API_BASE_PATH}/remote_clusters`,
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: false,
},
versionCheckHandlerWrapper(async ({ core }, request, response) => {
Expand Down
6 changes: 6 additions & 0 deletions x-pack/plugins/upgrade_assistant/server/routes/status.ts
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,12 @@ export function registerUpgradeStatusRoute({
router.get(
{
path: `${API_BASE_PATH}/status`,
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
options: {
access: 'public',
summary: `Get upgrade readiness status`,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,16 @@ export function registerSystemIndicesMigrationRoutes({
}: RouteDependencies) {
// GET status of the system indices migration
router.get(
{ path: `${API_BASE_PATH}/system_indices_migration`, validate: false },
{
path: `${API_BASE_PATH}/system_indices_migration`,
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: false,
},
versionCheckHandlerWrapper(async ({ core }, request, response) => {
try {
const {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,12 @@ export function registerUpdateSettingsRoute({ router }: RouteDependencies) {
router.post(
{
path: `${API_BASE_PATH}/{indexName}/index_settings`,
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
params: schema.object({
indexName: schema.string(),
Expand Down