Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authorized route migration for routes owned by security-defend-workflows #198381

Merged
merged 4 commits into from
Nov 11, 2024
Merged

Authorized route migration for routes owned by security-defend-workflows #198381

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
fb2739e
[Authz] Migrated authorized routes owned by security-defend-workflows
kibanamachine Oct 30, 2024
68ec3eb
Merge remote-tracking branch 'upstream/main' into authz-migration/aut…
szwarckonrad Oct 31, 2024
ac0576d
align unit tests
szwarckonrad Oct 31, 2024
6ed4627
Merge branch 'main' into authz-migration/authorized-routes-security-d…
paul-tavares Nov 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion x-pack/plugins/security_solution/server/endpoint/routes/actions/audit_log.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,12 @@ export function registerActionAuditLogRoutes(
.get({
access: 'public',
path: ENDPOINT_ACTION_LOG_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand Down
7 changes: 6 additions & 1 deletion x-pack/plugins/security_solution/server/endpoint/routes/actions/details.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,12 @@ export const registerActionDetailsRoutes = (
.get({
access: 'public',
path: ACTION_DETAILS_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand Down
7 changes: 6 additions & 1 deletion x-pack/plugins/security_solution/server/endpoint/routes/actions/file_download_handler.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,12 @@ export const registerActionFileDownloadRoutes = (
// we need to enable setting the version number via query params
enableQueryVersion: true,
path: ACTION_AGENT_FILE_DOWNLOAD_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand Down
7 changes: 6 additions & 1 deletion x-pack/plugins/security_solution/server/endpoint/routes/actions/file_info_handler.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,12 @@ export const registerActionFileInfoRoute = (
.get({
access: 'public',
path: ACTION_AGENT_FILE_INFO_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand Down
7 changes: 6 additions & 1 deletion x-pack/plugins/security_solution/server/endpoint/routes/actions/list.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,12 @@ export function registerActionListRoutes(
.get({
access: 'public',
path: BASE_ENDPOINT_ACTION_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand Down
77 changes: 66 additions & 11 deletions x-pack/plugins/security_solution/server/endpoint/routes/actions/response_actions.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,12 @@ export function registerResponseActionRoutes(
.post({
access: 'public',
path: ISOLATE_HOST_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand All @@ -99,7 +104,12 @@ export function registerResponseActionRoutes(
.post({
access: 'public',
path: UNISOLATE_HOST_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand All @@ -119,7 +129,12 @@ export function registerResponseActionRoutes(
.post({
access: 'public',
path: ISOLATE_HOST_ROUTE_V2,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand All @@ -139,7 +154,12 @@ export function registerResponseActionRoutes(
.post({
access: 'public',
path: UNISOLATE_HOST_ROUTE_V2,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand All @@ -159,7 +179,12 @@ export function registerResponseActionRoutes(
.post({
access: 'public',
path: KILL_PROCESS_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand All @@ -182,7 +207,12 @@ export function registerResponseActionRoutes(
.post({
access: 'public',
path: SUSPEND_PROCESS_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand All @@ -205,7 +235,12 @@ export function registerResponseActionRoutes(
.post({
access: 'public',
path: GET_PROCESSES_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand All @@ -225,7 +260,12 @@ export function registerResponseActionRoutes(
.post({
access: 'public',
path: GET_FILE_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand All @@ -245,7 +285,12 @@ export function registerResponseActionRoutes(
.post({
access: 'public',
path: EXECUTE_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand All @@ -265,9 +310,14 @@ export function registerResponseActionRoutes(
.post({
access: 'public',
path: UPLOAD_ROUTE,
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: {
authRequired: true,
tags: ['access:securitySolution'],

body: {
accepts: ['multipart/form-data'],
output: 'stream',
Expand All @@ -293,7 +343,12 @@ export function registerResponseActionRoutes(
.post({
access: 'public',
path: SCAN_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand Down
7 changes: 6 additions & 1 deletion x-pack/plugins/security_solution/server/endpoint/routes/actions/state.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,12 @@ export function registerActionStateRoutes(
.get({
access: 'public',
path: ACTION_STATE_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand Down
7 changes: 6 additions & 1 deletion x-pack/plugins/security_solution/server/endpoint/routes/actions/status.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,12 @@ export function registerActionStatusRoutes(
.get({
access: 'public',
path: ACTION_STATUS_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand Down
7 changes: 6 additions & 1 deletion x-pack/plugins/security_solution/server/endpoint/routes/agent/agent_status_handler.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,12 @@ export const registerAgentStatusRoute = (
.get({
access: 'internal',
path: AGENT_STATUS_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand Down
21 changes: 18 additions & 3 deletions x-pack/plugins/security_solution/server/endpoint/routes/metadata/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,12 @@ export function registerEndpointRoutes(
.get({
access: 'public',
path: HOST_METADATA_LIST_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand Down Expand Up @@ -94,7 +99,12 @@ export function registerEndpointRoutes(
.get({
access: 'public',
path: METADATA_TRANSFORMS_STATUS_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
// @ts-expect-error TODO(https://github.com/elastic/kibana/issues/196095): Replace {RouteDeprecationInfo}
deprecated: true,
})
Expand All @@ -114,7 +124,12 @@ export function registerEndpointRoutes(
.get({
access: 'internal',
path: METADATA_TRANSFORMS_STATUS_INTERNAL_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand Down
4 changes: 2 additions & 2 deletions x-pack/plugins/security_solution/server/endpoint/routes/metadata/metadata.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -240,8 +240,8 @@ describe('test endpoint routes', () => {
});
expect(routeConfig.options).toEqual({
authRequired: true,
tags: ['access:securitySolution'],
});
expect(routeConfig.security?.authz).toEqual({ requiredPrivileges: ['securitySolution'] });
expect(mockResponse.ok).toBeCalled();
const endpointResultList = mockResponse.ok.mock.calls[0][0]?.body as MetadataListResponse;
expect(endpointResultList.data.length).toEqual(1);
Expand Down Expand Up @@ -614,8 +614,8 @@ describe('test endpoint routes', () => {
expect(esClientMock.transform.getTransformStats).toHaveBeenCalledTimes(1);
expect(routeConfig.options).toEqual({
authRequired: true,
tags: ['access:securitySolution'],
});
expect(routeConfig.security?.authz).toEqual({ requiredPrivileges: ['securitySolution'] });
expect(mockResponse.ok).toBeCalled();
const response = mockResponse.ok.mock.calls[0][0]?.body as TransformGetTransformStatsResponse;
expect(response.count).toEqual(expectedResponse.count);
Expand Down
14 changes: 12 additions & 2 deletions x-pack/plugins/security_solution/server/endpoint/routes/protection_updates_note/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,12 @@ export function registerProtectionUpdatesNoteRoutes(
.post({
access: 'public',
path: PROTECTION_UPDATES_NOTE_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand All @@ -45,7 +50,12 @@ export function registerProtectionUpdatesNoteRoutes(
.get({
access: 'public',
path: PROTECTION_UPDATES_NOTE_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand Down
14 changes: 12 additions & 2 deletions x-pack/plugins/security_solution/server/endpoint/routes/suggestions/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,12 @@ export function registerEndpointSuggestionsRoutes(
.post({
access: 'public',
path: SUGGESTIONS_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
// @ts-expect-error TODO(https://github.com/elastic/kibana/issues/196095): Replace {RouteDeprecationInfo}
deprecated: true,
})
Expand All @@ -64,7 +69,12 @@ export function registerEndpointSuggestionsRoutes(
.post({
access: 'internal',
path: SUGGESTIONS_INTERNAL_ROUTE,
options: { authRequired: true, tags: ['access:securitySolution'] },
security: {
authz: {
requiredPrivileges: ['securitySolution'],
},
},
options: { authRequired: true },
})
.addVersion(
{
Expand Down