Merge branch 'main' into #110417_CommunityId_intValidation

x-pack/plugins/observability_solution/apm/server/routes/agent_keys/route.ts

@@ -91,7 +91,10 @@ const invalidateAgentKeyRoute = createApmServerRoute({
 
 const createAgentKeyRoute = createApmServerRoute({
   endpoint: 'POST /api/apm/agent_keys 2023-10-31',
-  options: { tags: ['access:apm', 'access:apm_settings_write', 'oas-tag:APM agent keys'] },
+  options: {
+    tags: ['access:apm', 'access:apm_settings_write', 'oas-tag:APM agent keys'],
+    access: 'public',
+  },
   params: t.type({
     body: t.type({
       name: t.string,

x-pack/plugins/observability_solution/apm/server/routes/fleet/route.ts

@@ -65,7 +65,7 @@ const fleetAgentsRoute = createApmServerRoute({
 
 const saveApmServerSchemaRoute = createApmServerRoute({
   endpoint: 'POST /api/apm/fleet/apm_server_schema 2023-10-31',
-  options: { tags: ['access:apm', 'access:apm_write'] },
+  options: { tags: ['access:apm', 'access:apm_write'], access: 'public' },
   params: t.type({
     body: t.type({
       schema: t.record(t.string, t.unknown),

x-pack/plugins/observability_solution/apm/server/routes/services/route.ts

@@ -395,7 +395,7 @@ const serviceAnnotationsRoute = createApmServerRoute({
     }),
     query: t.intersection([environmentRt, rangeRt]),
   }),
-  options: { tags: ['access:apm', 'oas-tag:APM annotations'] },
+  options: { tags: ['access:apm', 'oas-tag:APM annotations'], access: 'public' },
   handler: async (resources): Promise<ServiceAnnotationResponse> => {
     const apmEventClient = await getApmEventClient(resources);
     const { params, plugins, context, request, logger, config } = resources;
@@ -440,6 +440,7 @@ const serviceAnnotationsCreateRoute = createApmServerRoute({
   endpoint: 'POST /api/apm/services/{serviceName}/annotation 2023-10-31',
   options: {
     tags: ['access:apm', 'access:apm_write', 'oas-tag:APM annotations'],
+    access: 'public',
   },
   params: t.type({
     path: t.type({

x-pack/plugins/observability_solution/apm/server/routes/settings/agent_configuration/route.ts

@@ -39,7 +39,7 @@ function throwNotFoundIfAgentConfigNotAvailable(featureFlags: ApmFeatureFlags):
 // get list of configurations
 const agentConfigurationRoute = createApmServerRoute({
   endpoint: 'GET /api/apm/settings/agent-configuration 2023-10-31',
-  options: { tags: ['access:apm'] },
+  options: { tags: ['access:apm'], access: 'public' },
   handler: async (
     resources
   ): Promise<{
@@ -68,7 +68,7 @@ const getSingleAgentConfigurationRoute = createApmServerRoute({
   params: t.partial({
     query: serviceRt,
   }),
-  options: { tags: ['access:apm'] },
+  options: { tags: ['access:apm'], access: 'public' },
   handler: async (resources): Promise<AgentConfiguration> => {
     throwNotFoundIfAgentConfigNotAvailable(resources.featureFlags);
 
@@ -100,6 +100,7 @@ const deleteAgentConfigurationRoute = createApmServerRoute({
   endpoint: 'DELETE /api/apm/settings/agent-configuration 2023-10-31',
   options: {
     tags: ['access:apm', 'access:apm_settings_write'],
+    access: 'public',
   },
   params: t.type({
     body: t.type({
@@ -156,6 +157,7 @@ const createOrUpdateAgentConfigurationRoute = createApmServerRoute({
   endpoint: 'PUT /api/apm/settings/agent-configuration 2023-10-31',
   options: {
     tags: ['access:apm', 'access:apm_settings_write'],
+    access: 'public',
   },
   params: t.intersection([
     t.partial({ query: t.partial({ overwrite: toBooleanRt }) }),
@@ -224,7 +226,7 @@ const agentConfigurationSearchRoute = createApmServerRoute({
   params: t.type({
     body: searchParamsRt,
   }),
-  options: { tags: ['access:apm'], disableTelemetry: true },
+  options: { tags: ['access:apm'], disableTelemetry: true, access: 'public' },
   handler: async (
     resources
   ): Promise<SearchHit<AgentConfiguration, undefined, undefined> | null> => {
@@ -286,7 +288,7 @@ const listAgentConfigurationEnvironmentsRoute = createApmServerRoute({
   params: t.partial({
     query: t.partial({ serviceName: t.string }),
   }),
-  options: { tags: ['access:apm'] },
+  options: { tags: ['access:apm'], access: 'public' },
   handler: async (
     resources
   ): Promise<{
@@ -327,7 +329,7 @@ const agentConfigurationAgentNameRoute = createApmServerRoute({
   params: t.type({
     query: t.type({ serviceName: t.string }),
   }),
-  options: { tags: ['access:apm'] },
+  options: { tags: ['access:apm'], access: 'public' },
   handler: async (resources): Promise<{ agentName: string | undefined }> => {
     throwNotFoundIfAgentConfigNotAvailable(resources.featureFlags);
 

x-pack/plugins/observability_solution/apm/server/routes/source_maps/route.ts

@@ -49,7 +49,7 @@ function throwNotImplementedIfSourceMapNotAvailable(featureFlags: ApmFeatureFlag
 
 const listSourceMapRoute = createApmServerRoute({
   endpoint: 'GET /api/apm/sourcemaps 2023-10-31',
-  options: { tags: ['access:apm'] },
+  options: { tags: ['access:apm'], access: 'public' },
   params: t.partial({
     query: t.partial({
       page: toNumberRt,
@@ -87,6 +87,7 @@ const uploadSourceMapRoute = createApmServerRoute({
   options: {
     tags: ['access:apm', 'access:apm_write'],
     body: { accepts: ['multipart/form-data'] },
+    access: 'public',
   },
   params: t.type({
     body: t.type({
@@ -159,7 +160,7 @@ const uploadSourceMapRoute = createApmServerRoute({
 
 const deleteSourceMapRoute = createApmServerRoute({
   endpoint: 'DELETE /api/apm/sourcemaps/{id} 2023-10-31',
-  options: { tags: ['access:apm', 'access:apm_write'] },
+  options: { tags: ['access:apm', 'access:apm_write'], access: 'public' },
   params: t.type({
     path: t.type({
       id: t.string,

x-pack/test_serverless/api_integration/test_suites/common/reporting/csv_v2_esql.ts

@@ -9,20 +9,20 @@ import expect from '@kbn/expect';
 import request from 'supertest';
 
 import { DISCOVER_APP_LOCATOR } from '@kbn/discover-plugin/common';
-import { InternalRequestHeader, RoleCredentials } from '@kbn/ftr-common-functional-services';
+import { CookieCredentials, InternalRequestHeader } from '@kbn/ftr-common-functional-services';
 import type { ReportApiJSON } from '@kbn/reporting-common/types';
 import type { JobParamsCsvFromSavedObject } from '@kbn/reporting-export-types-csv-common';
 import { FtrProviderContext } from '../../../ftr_provider_context';
 
 export default ({ getService }: FtrProviderContext) => {
   const es = getService('es');
-  const supertest = getService('supertest');
+  const supertestWithoutAuth = getService('supertestWithoutAuth');
   const esArchiver = getService('esArchiver');
   const log = getService('log');
   const reportingAPI = getService('svlReportingApi');
   const svlCommonApi = getService('svlCommonApi');
-  const svlUserManager = getService('svlUserManager');
-  let roleAuthc: RoleCredentials;
+  const samlAuth = getService('samlAuth');
+  let cookieCredentials: CookieCredentials;
   let internalReqHeader: InternalRequestHeader;
 
   // Helper function
@@ -38,7 +38,12 @@ export default ({ getService }: FtrProviderContext) => {
     };
     log.info(`sending request for query: ${JSON.stringify(job.locatorParams[0].params.query)}`);
 
-    return await reportingAPI.createReportJobInternal('csv_v2', job, roleAuthc, internalReqHeader);
+    return await reportingAPI.createReportJobInternal(
+      'csv_v2',
+      job,
+      cookieCredentials,
+      internalReqHeader
+    );
   };
 
   describe('CSV Generation from ES|QL', () => {
@@ -84,7 +89,7 @@ export default ({ getService }: FtrProviderContext) => {
       };
       before(async () => {
         await loadTimelessData();
-        roleAuthc = await svlUserManager.createM2mApiKeyWithRoleScope('admin');
+        cookieCredentials = await samlAuth.getM2MApiCookieCredentialsWithRoleScope('admin');
         internalReqHeader = svlCommonApi.getInternalRequestHeader();
       });
 
@@ -112,8 +117,8 @@ export default ({ getService }: FtrProviderContext) => {
               },
             ],
           }));
-          await reportingAPI.waitForJobToFinish(path, roleAuthc, internalReqHeader);
-          response = await supertest.get(path);
+          await reportingAPI.waitForJobToFinish(path, cookieCredentials, internalReqHeader);
+          response = await supertestWithoutAuth.get(path).set(cookieCredentials);
           csvFile = response.text;
         });
 
@@ -184,8 +189,8 @@ export default ({ getService }: FtrProviderContext) => {
               ],
               title: 'Untitled discover search',
             }));
-            await reportingAPI.waitForJobToFinish(path, roleAuthc, internalReqHeader);
-            response = await supertest.get(path);
+            await reportingAPI.waitForJobToFinish(path, cookieCredentials, internalReqHeader);
+            response = await supertestWithoutAuth.get(path).set(cookieCredentials);
             csvFile = response.text;
           });
 

x-pack/test_serverless/api_integration/test_suites/common/reporting/datastream.ts

@@ -6,8 +6,12 @@
  */
 
 import { expect } from 'expect';
+import {
+  CookieCredentials,
+  InternalRequestHeader,
+  RoleCredentials,
+} from '@kbn/ftr-common-functional-services';
 import { FtrProviderContext } from '../../../ftr_provider_context';
-import { InternalRequestHeader, RoleCredentials } from '../../../../shared/services';
 
 export default function ({ getService }: FtrProviderContext) {
   const esArchiver = getService('esArchiver');
@@ -16,7 +20,9 @@ export default function ({ getService }: FtrProviderContext) {
   const svlCommonApi = getService('svlCommonApi');
   const supertestWithoutAuth = getService('supertestWithoutAuth');
   const svlUserManager = getService('svlUserManager');
+  const samlAuth = getService('samlAuth');
   let roleAuthc: RoleCredentials;
+  let cookieCredentials: CookieCredentials;
   let internalReqHeader: InternalRequestHeader;
 
   const archives: Record<string, { data: string; savedObjects: string }> = {
@@ -30,12 +36,13 @@ export default function ({ getService }: FtrProviderContext) {
     const generatedReports = new Set<string>();
     before(async () => {
       roleAuthc = await svlUserManager.createM2mApiKeyWithRoleScope('admin');
+      cookieCredentials = await samlAuth.getM2MApiCookieCredentialsWithRoleScope('admin');
       internalReqHeader = svlCommonApi.getInternalRequestHeader();
 
       await esArchiver.load(archives.ecommerce.data);
       await kibanaServer.importExport.load(archives.ecommerce.savedObjects);
 
-      const { job } = await reportingAPI.createReportJobInternal(
+      const { job, path } = await reportingAPI.createReportJobInternal(
         'csv_searchsource',
         {
           browserTimezone: 'UTC',
@@ -48,16 +55,17 @@ export default function ({ getService }: FtrProviderContext) {
           title: 'Ecommerce Data',
           version: '8.15.0',
         },
-        roleAuthc,
+        cookieCredentials,
         internalReqHeader
       );
+      await reportingAPI.waitForJobToFinish(path, cookieCredentials, internalReqHeader);
 
       generatedReports.add(job.id);
     });
 
     after(async () => {
       for (const reportId of generatedReports) {
-        await reportingAPI.deleteReport(reportId, roleAuthc, internalReqHeader);
+        await reportingAPI.deleteReport(reportId, cookieCredentials, internalReqHeader);
       }
 
       await esArchiver.unload(archives.ecommerce.data);
@@ -69,7 +77,7 @@ export default function ({ getService }: FtrProviderContext) {
       const { status, body } = await supertestWithoutAuth
         .get(`/api/index_management/data_streams/.kibana-reporting`)
         .set(internalReqHeader)
-        .set(roleAuthc.apiKeyHeader);
+        .set(roleAuthc.apiKeyHeader); // use API key since the datastream management API is a public endpoint
 
       svlCommonApi.assertResponseStatusCode(200, status, body);