Skip to content

Commit

Permalink
[Authz] Migrated unauthorized routes owned by fleet
Browse files Browse the repository at this point in the history
  • Loading branch information
@kibanamachine
kibanamachine committed Oct 30, 2024
1 parent fd615c7 commit f149dd0
Show file tree
Hide file tree
Showing 23 changed files with 791 additions and 7 deletions.
12 changes: 12 additions & 0 deletions src/plugins/custom_integrations/server/routes/define_routes.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,12 @@ export function defineRoutes(
router.get(
{
path: ROUTES_APPEND_CUSTOM_INTEGRATIONS,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: false,
},
async (context, request, response) => {
Expand All @@ -34,6 +40,12 @@ export function defineRoutes(
router.get(
{
path: ROUTES_REPLACEMENT_CUSTOM_INTEGRATIONS,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: false,
},
async (context, request, response) => {
Expand Down
156 changes: 156 additions & 0 deletions x-pack/plugins/fleet/server/routes/agent/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
.addVersion(
{
version: API_VERSIONS.public.v1,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: {
request: GetOneAgentRequestSchema,
response: {
Expand Down Expand Up @@ -137,6 +143,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
.addVersion(
{
version: API_VERSIONS.public.v1,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: {
request: UpdateAgentRequestSchema,
response: {
Expand Down Expand Up @@ -167,6 +179,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
.addVersion(
{
version: API_VERSIONS.public.v1,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: {
request: PostBulkUpdateAgentTagsRequestSchema,
response: {
Expand Down Expand Up @@ -197,6 +215,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
.addVersion(
{
version: API_VERSIONS.public.v1,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: {
request: DeleteAgentRequestSchema,
response: {
Expand Down Expand Up @@ -228,6 +252,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
.addVersion(
{
version: API_VERSIONS.public.v1,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: {
request: GetAgentsRequestSchema,
response: {
Expand Down Expand Up @@ -258,6 +288,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
.addVersion(
{
version: API_VERSIONS.public.v1,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: {
request: GetTagsRequestSchema,
response: {
Expand Down Expand Up @@ -288,6 +324,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
.addVersion(
{
version: API_VERSIONS.public.v1,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: {
request: PostNewAgentActionRequestSchema,
response: {
Expand Down Expand Up @@ -322,6 +364,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
.addVersion(
{
version: API_VERSIONS.public.v1,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: {
request: PostCancelActionRequestSchema,
response: {
Expand Down Expand Up @@ -357,6 +405,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
.addVersion(
{
version: API_VERSIONS.public.v1,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: {
request: PostRetrieveAgentsByActionsRequestSchema,
response: {
Expand Down Expand Up @@ -386,6 +440,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
.addVersion(
{
version: API_VERSIONS.public.v1,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: { request: PostAgentUnenrollRequestSchema, response: {} },
},
postAgentUnenrollHandler
Expand All @@ -403,6 +463,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
.addVersion(
{
version: API_VERSIONS.public.v1,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: { request: PutAgentReassignRequestSchemaDeprecated },
},
putAgentsReassignHandlerDeprecated
Expand All @@ -422,6 +488,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
.addVersion(
{
version: API_VERSIONS.public.v1,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: {
request: PostAgentReassignRequestSchema,
response: {
Expand Down Expand Up @@ -451,6 +523,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
.addVersion(
{
version: API_VERSIONS.public.v1,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: {
request: PostRequestDiagnosticsActionRequestSchema,
response: {
Expand Down Expand Up @@ -480,6 +558,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
.addVersion(
{
version: API_VERSIONS.public.v1,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: {
request: PostBulkRequestDiagnosticsActionRequestSchema,
response: {
Expand Down Expand Up @@ -509,6 +593,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
.addVersion(
{
version: API_VERSIONS.public.v1,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: {
request: ListAgentUploadsRequestSchema,
response: {
Expand Down Expand Up @@ -538,6 +628,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
.addVersion(
{
version: API_VERSIONS.public.v1,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: {
request: GetAgentUploadFileRequestSchema,
response: {
Expand Down Expand Up @@ -567,6 +663,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
.addVersion(
{
version: API_VERSIONS.public.v1,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: {
request: DeleteAgentUploadFileRequestSchema,
response: {
Expand Down Expand Up @@ -599,6 +701,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
.addVersion(
{
version: API_VERSIONS.public.v1,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: {
request: GetAgentStatusRequestSchema,
response: {
Expand All @@ -625,6 +733,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
.addVersion(
{
version: API_VERSIONS.public.v1,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: { request: GetAgentStatusRequestSchema },
},
getAgentStatusForAgentPolicyHandler
Expand All @@ -644,6 +758,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
.addVersion(
{
version: API_VERSIONS.public.v1,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: {
request: GetAgentDataRequestSchema,
response: {
Expand Down Expand Up @@ -674,6 +794,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
.addVersion(
{
version: API_VERSIONS.public.v1,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: {
request: PostAgentUpgradeRequestSchema,
response: {
Expand Down Expand Up @@ -703,6 +829,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
.addVersion(
{
version: API_VERSIONS.public.v1,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: {
request: PostBulkAgentUpgradeRequestSchema,
response: {
Expand Down Expand Up @@ -733,6 +865,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
.addVersion(
{
version: API_VERSIONS.public.v1,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: {
request: GetActionStatusRequestSchema,
response: {
Expand Down Expand Up @@ -763,6 +901,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
.addVersion(
{
version: API_VERSIONS.public.v1,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: {
request: PostBulkAgentReassignRequestSchema,
response: {
Expand Down Expand Up @@ -793,6 +937,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
.addVersion(
{
version: API_VERSIONS.public.v1,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: {
request: PostBulkAgentUnenrollRequestSchema,
response: {
Expand Down Expand Up @@ -823,6 +973,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT
.addVersion(
{
version: API_VERSIONS.public.v1,
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization',
},
},
validate: {
request: {},
response: {
Expand Down
Loading

0 comments on commit f149dd0

Please sign in to comment.