Skip to content

Commit

Permalink
[Kibana Management] Add missing API endpoint authz info (#209758)
Browse files Browse the repository at this point in the history
  • Loading branch information
sabarasaba authored and lgestc committed Feb 7, 2025
1 parent 6295392 commit 4d66d9e
Show file tree
Hide file tree
Showing 7 changed files with 82 additions and 14 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,11 @@ export const registerConvertRequestRoute = ({
router.post(
{
path: '/api/console/convert_request_to_language',
security: {
authz: {
requiredPrivileges: ['console'],
},
},
validate: routeValidationConfig,
},
handler
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -345,6 +345,12 @@ export function registerMlSnapshotRoutes({
router.get(
{
path: `${API_BASE_PATH}/ml_upgrade_mode`,
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: false,
},
versionCheckHandlerWrapper(async ({ core }, request, response) => {
Expand Down Expand Up @@ -387,6 +393,12 @@ export function registerMlSnapshotRoutes({
router.delete(
{
path: `${API_BASE_PATH}/ml_snapshots/{jobId}/{snapshotId}`,
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
params: schema.object({
snapshotId: schema.string(),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,12 @@ export function registerReindexDataStreamRoutes({
access: 'public',
summary: `Get data stream status`,
},
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
params: schema.object({
dataStreamName: schema.string(),
Expand Down Expand Up @@ -144,6 +150,12 @@ export function registerReindexDataStreamRoutes({
access: 'public',
summary: `Get data stream reindexing metadata`,
},
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
params: schema.object({
dataStreamName: schema.string(),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,12 @@ export function registerReindexIndicesRoutes(
access: 'public',
summary: `Get reindex status`,
},
security: {
authz: {
enabled: false,
reason: 'Relies on es and saved object clients for authorization',
},
},
validate: {
params: schema.object({
indexName: schema.string(),
Expand Down Expand Up @@ -152,6 +158,12 @@ export function registerReindexIndicesRoutes(
access: 'public',
summary: `Cancel reindex`,
},
security: {
authz: {
enabled: false,
reason: 'Relies on es and saved object clients for authorization',
},
},
validate: {
params: schema.object({
indexName: schema.string(),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,16 @@ export function registerSystemIndicesMigrationRoutes({

// POST starts the system indices migration
router.post(
{ path: `${API_BASE_PATH}/system_indices_migration`, validate: false },
{
path: `${API_BASE_PATH}/system_indices_migration`,
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: false,
},
versionCheckHandlerWrapper(async ({ core }, request, response) => {
try {
const {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,12 @@ export function registerAcknowledgeRoute({
router.put(
{
path: '/api/watcher/watch/{watchId}/action/{actionId}/acknowledge',
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: {
params: paramsSchema,
},
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,23 +17,35 @@ const paramsSchema = schema.object({

export const registerGetRoutes = ({ router, lib: { handleEsError } }: RouteDependencies): void => {
// Get all pipelines
router.get({ path: API_BASE_PATH, validate: false }, async (ctx, req, res) => {
const { client: clusterClient } = (await ctx.core).elasticsearch;
router.get(
{
path: API_BASE_PATH,
security: {
authz: {
enabled: false,
reason: 'Relies on es client for authorization',
},
},
validate: false,
},
async (ctx, req, res) => {
const { client: clusterClient } = (await ctx.core).elasticsearch;

try {
const pipelines = await clusterClient.asCurrentUser.ingest.getPipeline();
try {
const pipelines = await clusterClient.asCurrentUser.ingest.getPipeline();

return res.ok({ body: deserializePipelines(pipelines) });
} catch (error) {
const esErrorResponse = handleEsError({ error, response: res });
if (esErrorResponse.status === 404) {
// ES returns 404 when there are no pipelines
// Instead, we return an empty array and 200 status back to the client
return res.ok({ body: [] });
return res.ok({ body: deserializePipelines(pipelines) });
} catch (error) {
const esErrorResponse = handleEsError({ error, response: res });
if (esErrorResponse.status === 404) {
// ES returns 404 when there are no pipelines
// Instead, we return an empty array and 200 status back to the client
return res.ok({ body: [] });
}
return esErrorResponse;
}
return esErrorResponse;
}
});
);

// Get single pipeline
router.get(
Expand Down

0 comments on commit 4d66d9e

Please sign in to comment.