[8.x] Updates auth access model for dynamic_index_pattern endpoint (#…

…204472) (#204489)

# Backport

This will backport the following commits from `main` to `8.x`:
- [Updates auth access model for dynamic_index_pattern endpoint
(#204472)](#204472)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Jason
Rhodes","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-12-16T20:52:11Z","message":"Updates
auth access model for dynamic_index_pattern endpoint (#204472)\n\nCloses
#203326\n\n## Summary\n\nUpdating this obs alerting endpoint to use the
new `security.authz`\nparadigm. Note: this endpoint may not be in use at
all but it's been\n\"available\" now for three years so we likely can't
just remove it\nwithout somehow confirming it's not needed.\n\n##
Testing\n\n* Start this PR using config that points at the shared
\"edge\" cluster\nvia oblt-cli CCS\n* Create a user with no roles at
all\n* Use that user/password in the following REST call: `curl -X GET
-u\n\"$USERNAME:$PASSWORD\"\n\"$KIBANA_BASE_URL/api/observability/rules/alerts/dynamic_index_pattern?registrationContexts=observability.metrics&registrationContexts=observability.logs&namespace=default\"\n-H
\"elastic-api-version: 2023-10-31\"`\n* You should get results like
this:\n`[\".alerts-observability.metrics.alerts-default\",\n\".alerts-observability.logs.alerts-default\"]`\n\n---------\n\nCo-authored-by:
kibanamachine
<[email protected]>","sha":"05f2cba247e65297918b3e4ab794f95de49d9370","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","backport:prev-minor","Team:obs-ux-management"],"title":"Updates
auth access model for dynamic_index_pattern
endpoint","number":204472,"url":"https://github.com/elastic/kibana/pull/204472","mergeCommit":{"message":"Updates
auth access model for dynamic_index_pattern endpoint (#204472)\n\nCloses
#203326\n\n## Summary\n\nUpdating this obs alerting endpoint to use the
new `security.authz`\nparadigm. Note: this endpoint may not be in use at
all but it's been\n\"available\" now for three years so we likely can't
just remove it\nwithout somehow confirming it's not needed.\n\n##
Testing\n\n* Start this PR using config that points at the shared
\"edge\" cluster\nvia oblt-cli CCS\n* Create a user with no roles at
all\n* Use that user/password in the following REST call: `curl -X GET
-u\n\"$USERNAME:$PASSWORD\"\n\"$KIBANA_BASE_URL/api/observability/rules/alerts/dynamic_index_pattern?registrationContexts=observability.metrics&registrationContexts=observability.logs&namespace=default\"\n-H
\"elastic-api-version: 2023-10-31\"`\n* You should get results like
this:\n`[\".alerts-observability.metrics.alerts-default\",\n\".alerts-observability.logs.alerts-default\"]`\n\n---------\n\nCo-authored-by:
kibanamachine
<[email protected]>","sha":"05f2cba247e65297918b3e4ab794f95de49d9370"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/204472","number":204472,"mergeCommit":{"message":"Updates
auth access model for dynamic_index_pattern endpoint (#204472)\n\nCloses
#203326\n\n## Summary\n\nUpdating this obs alerting endpoint to use the
new `security.authz`\nparadigm. Note: this endpoint may not be in use at
all but it's been\n\"available\" now for three years so we likely can't
just remove it\nwithout somehow confirming it's not needed.\n\n##
Testing\n\n* Start this PR using config that points at the shared
\"edge\" cluster\nvia oblt-cli CCS\n* Create a user with no roles at
all\n* Use that user/password in the following REST call: `curl -X GET
-u\n\"$USERNAME:$PASSWORD\"\n\"$KIBANA_BASE_URL/api/observability/rules/alerts/dynamic_index_pattern?registrationContexts=observability.metrics&registrationContexts=observability.logs&namespace=default\"\n-H
\"elastic-api-version: 2023-10-31\"`\n* You should get results like
this:\n`[\".alerts-observability.metrics.alerts-default\",\n\".alerts-observability.logs.alerts-default\"]`\n\n---------\n\nCo-authored-by:
kibanamachine
<[email protected]>","sha":"05f2cba247e65297918b3e4ab794f95de49d9370"}}]}]
BACKPORT-->

Co-authored-by: Jason Rhodes <[email protected]>

x-pack/solutions/observability/plugins/observability/server/routes/rules/route.ts

@@ -11,10 +11,14 @@ import { createObservabilityServerRoute } from '../create_observability_server_r
 
 const alertsDynamicIndexPatternRoute = createObservabilityServerRoute({
   endpoint: 'GET /api/observability/rules/alerts/dynamic_index_pattern 2023-10-31',
-  options: {
-    tags: [],
-    access: 'public',
+  security: {
+    authz: {
+      enabled: false,
+      reason:
+        'This endpoint returns alert index names for a set of registration contexts and has traditionally required no specific authorization',
+    },
   },
+  options: { access: 'public' },
   params: t.type({
     query: t.type({
       registrationContexts: t.array(t.string),
@@ -24,6 +28,7 @@ const alertsDynamicIndexPatternRoute = createObservabilityServerRoute({
   handler: async ({ dependencies, params }) => {
     const { namespace, registrationContexts } = params.query;
     const { ruleDataService } = dependencies;
+
     const indexNames = registrationContexts.flatMap((registrationContext) => {
       const indexName = ruleDataService
         .findIndexByName(registrationContext, Dataset.alerts)