From f149dd03edb75a41edbf87c62a5613e70ff47bd0 Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Wed, 30 Oct 2024 13:08:21 +0000 Subject: [PATCH] [Authz] Migrated unauthorized routes owned by fleet --- .../server/routes/define_routes.ts | 12 ++ .../fleet/server/routes/agent/index.ts | 156 ++++++++++++++++++ .../fleet/server/routes/agent_policy/index.ts | 78 +++++++++ .../plugins/fleet/server/routes/app/index.ts | 30 ++++ .../fleet/server/routes/data_streams/index.ts | 6 + .../fleet/server/routes/debug/index.ts | 18 ++ .../server/routes/download_source/index.ts | 30 ++++ .../server/routes/enrollment_api_key/index.ts | 48 ++++++ .../plugins/fleet/server/routes/epm/index.ts | 144 ++++++++++++++++ .../server/routes/fleet_proxies/index.ts | 30 ++++ .../server/routes/fleet_server_hosts/index.ts | 30 ++++ .../fleet/server/routes/health_check/index.ts | 6 + .../routes/message_signing_service/index.ts | 6 + .../fleet/server/routes/output/index.ts | 42 +++++ .../server/routes/package_policy/index.ts | 60 +++++++ .../server/routes/preconfiguration/index.ts | 12 ++ .../fleet/server/routes/settings/index.ts | 30 ++++ .../fleet/server/routes/setup/index.ts | 18 ++ .../routes/standalone_agent_api_key/index.ts | 6 + .../server/routes/uninstall_token/index.ts | 12 ++ .../fleet_server_host.test.ts | 4 +- .../services/security/fleet_router.test.ts | 16 +- .../plugins/fleet/server/telemetry/sender.ts | 4 +- 23 files changed, 791 insertions(+), 7 deletions(-) diff --git a/src/plugins/custom_integrations/server/routes/define_routes.ts b/src/plugins/custom_integrations/server/routes/define_routes.ts index d59d9f98ff4c1..962e9140665a8 100644 --- a/src/plugins/custom_integrations/server/routes/define_routes.ts +++ b/src/plugins/custom_integrations/server/routes/define_routes.ts @@ -21,6 +21,12 @@ export function defineRoutes( router.get( { path: ROUTES_APPEND_CUSTOM_INTEGRATIONS, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: false, }, async (context, request, response) => { @@ -34,6 +40,12 @@ export function defineRoutes( router.get( { path: ROUTES_REPLACEMENT_CUSTOM_INTEGRATIONS, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: false, }, async (context, request, response) => { diff --git a/x-pack/plugins/fleet/server/routes/agent/index.ts b/x-pack/plugins/fleet/server/routes/agent/index.ts index fc45869dc1219..e11ecec463158 100644 --- a/x-pack/plugins/fleet/server/routes/agent/index.ts +++ b/x-pack/plugins/fleet/server/routes/agent/index.ts @@ -107,6 +107,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetOneAgentRequestSchema, response: { @@ -137,6 +143,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: UpdateAgentRequestSchema, response: { @@ -167,6 +179,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: PostBulkUpdateAgentTagsRequestSchema, response: { @@ -197,6 +215,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: DeleteAgentRequestSchema, response: { @@ -228,6 +252,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetAgentsRequestSchema, response: { @@ -258,6 +288,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetTagsRequestSchema, response: { @@ -288,6 +324,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: PostNewAgentActionRequestSchema, response: { @@ -322,6 +364,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: PostCancelActionRequestSchema, response: { @@ -357,6 +405,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: PostRetrieveAgentsByActionsRequestSchema, response: { @@ -386,6 +440,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: PostAgentUnenrollRequestSchema, response: {} }, }, postAgentUnenrollHandler @@ -403,6 +463,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: PutAgentReassignRequestSchemaDeprecated }, }, putAgentsReassignHandlerDeprecated @@ -422,6 +488,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: PostAgentReassignRequestSchema, response: { @@ -451,6 +523,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: PostRequestDiagnosticsActionRequestSchema, response: { @@ -480,6 +558,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: PostBulkRequestDiagnosticsActionRequestSchema, response: { @@ -509,6 +593,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: ListAgentUploadsRequestSchema, response: { @@ -538,6 +628,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetAgentUploadFileRequestSchema, response: { @@ -567,6 +663,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: DeleteAgentUploadFileRequestSchema, response: { @@ -599,6 +701,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetAgentStatusRequestSchema, response: { @@ -625,6 +733,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetAgentStatusRequestSchema }, }, getAgentStatusForAgentPolicyHandler @@ -644,6 +758,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetAgentDataRequestSchema, response: { @@ -674,6 +794,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: PostAgentUpgradeRequestSchema, response: { @@ -703,6 +829,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: PostBulkAgentUpgradeRequestSchema, response: { @@ -733,6 +865,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetActionStatusRequestSchema, response: { @@ -763,6 +901,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: PostBulkAgentReassignRequestSchema, response: { @@ -793,6 +937,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: PostBulkAgentUnenrollRequestSchema, response: { @@ -823,6 +973,12 @@ export const registerAPIRoutes = (router: FleetAuthzRouter, config: FleetConfigT .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: {}, response: { diff --git a/x-pack/plugins/fleet/server/routes/agent_policy/index.ts b/x-pack/plugins/fleet/server/routes/agent_policy/index.ts index 9311f0ae2acca..8b5ef821205b5 100644 --- a/x-pack/plugins/fleet/server/routes/agent_policy/index.ts +++ b/x-pack/plugins/fleet/server/routes/agent_policy/index.ts @@ -72,6 +72,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetAgentPoliciesRequestSchema, response: { @@ -103,6 +109,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: BulkGetAgentPoliciesRequestSchema, response: { @@ -134,6 +146,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetOneAgentPolicyRequestSchema, response: { @@ -164,6 +182,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: CreateAgentPolicyRequestSchema, response: { @@ -194,6 +218,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: UpdateAgentPolicyRequestSchema, response: { @@ -224,6 +254,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: CopyAgentPolicyRequestSchema, response: { @@ -254,6 +290,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: DeleteAgentPolicyRequestSchema, response: { @@ -284,6 +326,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetFullAgentPolicyRequestSchema, response: { @@ -315,6 +363,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetFullAgentPolicyRequestSchema, response: { @@ -348,6 +402,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetK8sManifestRequestSchema, response: { @@ -379,6 +439,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetK8sManifestRequestSchema, response: { @@ -411,6 +477,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetListAgentPolicyOutputsRequestSchema, response: { @@ -440,6 +512,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetAgentPolicyOutputsRequestSchema, response: { diff --git a/x-pack/plugins/fleet/server/routes/app/index.ts b/x-pack/plugins/fleet/server/routes/app/index.ts index c0b7dbcfa1743..5bb36e196ee6a 100644 --- a/x-pack/plugins/fleet/server/routes/app/index.ts +++ b/x-pack/plugins/fleet/server/routes/app/index.ts @@ -210,6 +210,12 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType .addVersion( { version: API_VERSIONS.internal.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: {}, }, postEnableSpaceAwarenessHandler @@ -226,6 +232,12 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: CheckPermissionsRequestSchema, response: { @@ -252,6 +264,12 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType .addVersion( { version: API_VERSIONS.internal.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: {}, }, getAgentPoliciesSpacesHandler @@ -271,6 +289,12 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GenerateServiceTokenRequestSchema, response: { @@ -299,6 +323,12 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: {}, }, generateServiceTokenHandler diff --git a/x-pack/plugins/fleet/server/routes/data_streams/index.ts b/x-pack/plugins/fleet/server/routes/data_streams/index.ts index a20b893717fdc..8db5007858f7f 100644 --- a/x-pack/plugins/fleet/server/routes/data_streams/index.ts +++ b/x-pack/plugins/fleet/server/routes/data_streams/index.ts @@ -60,6 +60,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: {}, response: { diff --git a/x-pack/plugins/fleet/server/routes/debug/index.ts b/x-pack/plugins/fleet/server/routes/debug/index.ts index bfe2bfd0f0e20..eab2f17e751e5 100644 --- a/x-pack/plugins/fleet/server/routes/debug/index.ts +++ b/x-pack/plugins/fleet/server/routes/debug/index.ts @@ -34,6 +34,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.internal.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: FetchIndexRequestSchema }, }, fetchIndexHandler @@ -50,6 +56,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.internal.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: FetchSavedObjectsRequestSchema }, }, fetchSavedObjectsHandler @@ -66,6 +78,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.internal.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: FetchSavedObjectNamesRequestSchema }, }, fetchSavedObjectNamesHandler diff --git a/x-pack/plugins/fleet/server/routes/download_source/index.ts b/x-pack/plugins/fleet/server/routes/download_source/index.ts index 83059593730db..7fbd1da700f20 100644 --- a/x-pack/plugins/fleet/server/routes/download_source/index.ts +++ b/x-pack/plugins/fleet/server/routes/download_source/index.ts @@ -47,6 +47,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: getDownloadSourcesRequestSchema, response: { @@ -76,6 +82,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetOneDownloadSourcesRequestSchema, response: { @@ -105,6 +117,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: PutDownloadSourcesRequestSchema, response: { @@ -134,6 +152,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: PostDownloadSourcesRequestSchema, response: { @@ -163,6 +187,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: DeleteDownloadSourcesRequestSchema, response: { diff --git a/x-pack/plugins/fleet/server/routes/enrollment_api_key/index.ts b/x-pack/plugins/fleet/server/routes/enrollment_api_key/index.ts index bcf4448420919..423b7395b282b 100644 --- a/x-pack/plugins/fleet/server/routes/enrollment_api_key/index.ts +++ b/x-pack/plugins/fleet/server/routes/enrollment_api_key/index.ts @@ -47,6 +47,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetOneEnrollmentAPIKeyRequestSchema, response: { @@ -76,6 +82,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: DeleteEnrollmentAPIKeyRequestSchema, response: { @@ -105,6 +117,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetEnrollmentAPIKeysRequestSchema, response: { @@ -137,6 +155,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: PostEnrollmentAPIKeyRequestSchema, response: { @@ -167,6 +191,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetOneEnrollmentAPIKeyRequestSchema }, }, getOneEnrollmentApiKeyHandler @@ -184,6 +214,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: DeleteEnrollmentAPIKeyRequestSchema }, }, deleteEnrollmentApiKeyHandler @@ -201,6 +237,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetEnrollmentAPIKeysRequestSchema }, }, getEnrollmentApiKeysHandler @@ -218,6 +260,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: PostEnrollmentAPIKeyRequestSchema }, }, postEnrollmentApiKeyHandler diff --git a/x-pack/plugins/fleet/server/routes/epm/index.ts b/x-pack/plugins/fleet/server/routes/epm/index.ts index 0e3c5e76eb825..c765d22851dee 100644 --- a/x-pack/plugins/fleet/server/routes/epm/index.ts +++ b/x-pack/plugins/fleet/server/routes/epm/index.ts @@ -124,6 +124,12 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetCategoriesRequestSchema, response: { @@ -151,6 +157,12 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetPackagesRequestSchema, response: { @@ -178,6 +190,12 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetInstalledPackagesRequestSchema, response: { @@ -205,6 +223,12 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: {}, response: { @@ -232,6 +256,12 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetStatsRequestSchema, response: { @@ -259,6 +289,12 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetInputsRequestSchema, response: { @@ -286,6 +322,12 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetFileRequestSchema, response: { @@ -315,6 +357,12 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetInfoRequestSchema, response: { @@ -344,6 +392,12 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: UpdatePackageRequestSchema, response: { @@ -371,6 +425,12 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: InstallPackageFromRegistryRequestSchema, response: { @@ -401,6 +461,12 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: InstallKibanaAssetsRequestSchema, response: { @@ -430,6 +496,12 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: DeleteKibanaAssetsRequestSchema, response: { @@ -460,6 +532,12 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: BulkInstallPackagesFromRegistryRequestSchema, response: { @@ -495,6 +573,12 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: InstallPackageByUploadRequestSchema, response: { @@ -522,6 +606,12 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: CreateCustomIntegrationRequestSchema, response: { @@ -551,6 +641,12 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: DeletePackageRequestSchema, response: { @@ -579,6 +675,12 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: {}, response: { @@ -606,6 +708,12 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetDataStreamsRequestSchema, response: { @@ -633,6 +741,12 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetBulkAssetsRequestSchema, response: { @@ -665,6 +779,12 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetInfoRequestSchemaDeprecated }, }, async (context, request, response) => { @@ -694,6 +814,12 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: UpdatePackageRequestSchemaDeprecated }, }, async (context, request, response) => { @@ -721,6 +847,12 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: InstallPackageFromRegistryRequestSchemaDeprecated }, }, async (context, request, response) => { @@ -750,6 +882,12 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: DeletePackageRequestSchemaDeprecated }, }, async (context, request, response) => { @@ -791,6 +929,12 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: ReauthorizeTransformRequestSchema, response: { diff --git a/x-pack/plugins/fleet/server/routes/fleet_proxies/index.ts b/x-pack/plugins/fleet/server/routes/fleet_proxies/index.ts index 54eba070dd8e1..08c53ed5f4817 100644 --- a/x-pack/plugins/fleet/server/routes/fleet_proxies/index.ts +++ b/x-pack/plugins/fleet/server/routes/fleet_proxies/index.ts @@ -45,6 +45,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: {}, response: { @@ -74,6 +80,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: PostFleetProxyRequestSchema, response: { @@ -103,6 +115,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: PutFleetProxyRequestSchema, response: { @@ -132,6 +150,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetOneFleetProxyRequestSchema, response: { @@ -161,6 +185,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetOneFleetProxyRequestSchema, response: { diff --git a/x-pack/plugins/fleet/server/routes/fleet_server_hosts/index.ts b/x-pack/plugins/fleet/server/routes/fleet_server_hosts/index.ts index 0a79e9ae11649..5cb00c8feedf9 100644 --- a/x-pack/plugins/fleet/server/routes/fleet_server_hosts/index.ts +++ b/x-pack/plugins/fleet/server/routes/fleet_server_hosts/index.ts @@ -47,6 +47,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetAllFleetServerHostRequestSchema, response: { @@ -75,6 +81,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: PostFleetServerHostRequestSchema, response: { @@ -103,6 +115,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetOneFleetServerHostRequestSchema, response: { @@ -131,6 +149,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetOneFleetServerHostRequestSchema, response: { @@ -162,6 +186,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: PutFleetServerHostRequestSchema, response: { diff --git a/x-pack/plugins/fleet/server/routes/health_check/index.ts b/x-pack/plugins/fleet/server/routes/health_check/index.ts index 3b06526b62d14..d9575a20c4ed9 100644 --- a/x-pack/plugins/fleet/server/routes/health_check/index.ts +++ b/x-pack/plugins/fleet/server/routes/health_check/index.ts @@ -30,6 +30,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: PostHealthCheckRequestSchema, response: { diff --git a/x-pack/plugins/fleet/server/routes/message_signing_service/index.ts b/x-pack/plugins/fleet/server/routes/message_signing_service/index.ts index 4e78b3228df5a..12412a84de134 100644 --- a/x-pack/plugins/fleet/server/routes/message_signing_service/index.ts +++ b/x-pack/plugins/fleet/server/routes/message_signing_service/index.ts @@ -31,6 +31,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: RotateKeyPairSchema, response: { diff --git a/x-pack/plugins/fleet/server/routes/output/index.ts b/x-pack/plugins/fleet/server/routes/output/index.ts index c9d5b6acdd7d3..1fe1004fabc3c 100644 --- a/x-pack/plugins/fleet/server/routes/output/index.ts +++ b/x-pack/plugins/fleet/server/routes/output/index.ts @@ -51,6 +51,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetOutputsRequestSchema, response: { @@ -79,6 +85,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetOneOutputRequestSchema, response: { @@ -107,6 +119,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: PutOutputRequestSchema, response: { @@ -136,6 +154,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: PostOutputRequestSchema, response: { @@ -165,6 +189,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: DeleteOutputRequestSchema, response: { @@ -197,6 +227,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: {}, response: { @@ -226,6 +262,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetLatestOutputHealthRequestSchema, response: { diff --git a/x-pack/plugins/fleet/server/routes/package_policy/index.ts b/x-pack/plugins/fleet/server/routes/package_policy/index.ts index 86ac38e658ee3..fbef5b14fea7e 100644 --- a/x-pack/plugins/fleet/server/routes/package_policy/index.ts +++ b/x-pack/plugins/fleet/server/routes/package_policy/index.ts @@ -69,6 +69,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetPackagePoliciesRequestSchema, response: { @@ -101,6 +107,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: BulkGetPackagePoliciesRequestSchema, response: { @@ -136,6 +148,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetOnePackagePolicyRequestSchema, response: { @@ -167,6 +185,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: {}, response: { @@ -195,6 +219,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: CreatePackagePolicyRequestSchema, response: { @@ -230,6 +260,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: UpdatePackagePolicyRequestSchema, response: { @@ -267,6 +303,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: DeletePackagePoliciesRequestSchema, response: { @@ -296,6 +338,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: DeleteOnePackagePolicyRequestSchema, response: { @@ -326,6 +374,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: UpgradePackagePoliciesRequestSchema, response: { @@ -356,6 +410,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: DryRunPackagePoliciesRequestSchema, response: { diff --git a/x-pack/plugins/fleet/server/routes/preconfiguration/index.ts b/x-pack/plugins/fleet/server/routes/preconfiguration/index.ts index e78396005d4c2..cd12b0121e99c 100644 --- a/x-pack/plugins/fleet/server/routes/preconfiguration/index.ts +++ b/x-pack/plugins/fleet/server/routes/preconfiguration/index.ts @@ -26,6 +26,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.internal.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: false, }, @@ -42,6 +48,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.internal.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: PostResetOnePreconfiguredAgentPoliciesSchema }, }, resetOnePreconfigurationHandler diff --git a/x-pack/plugins/fleet/server/routes/settings/index.ts b/x-pack/plugins/fleet/server/routes/settings/index.ts index b101937e45c27..59cc8744e2502 100644 --- a/x-pack/plugins/fleet/server/routes/settings/index.ts +++ b/x-pack/plugins/fleet/server/routes/settings/index.ts @@ -50,6 +50,12 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetSpaceSettingsRequestSchema, response: { @@ -73,6 +79,12 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: PutSpaceSettingsRequestSchema, response: { @@ -100,6 +112,12 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetSettingsRequestSchema, response: { @@ -131,6 +149,12 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: PutSettingsRequestSchema, response: { @@ -162,6 +186,12 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetEnrollmentSettingsRequestSchema, response: { diff --git a/x-pack/plugins/fleet/server/routes/setup/index.ts b/x-pack/plugins/fleet/server/routes/setup/index.ts index 4b6fd2316832d..27d34c9198c90 100644 --- a/x-pack/plugins/fleet/server/routes/setup/index.ts +++ b/x-pack/plugins/fleet/server/routes/setup/index.ts @@ -50,6 +50,12 @@ export const registerFleetSetupRoute = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: {}, response: { @@ -112,6 +118,12 @@ export const registerCreateFleetSetupRoute = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: {}, response: { @@ -143,6 +155,12 @@ export const registerGetFleetStatusRoute = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: {}, response: { diff --git a/x-pack/plugins/fleet/server/routes/standalone_agent_api_key/index.ts b/x-pack/plugins/fleet/server/routes/standalone_agent_api_key/index.ts index f0103c23e65dd..be078a7ce2a65 100644 --- a/x-pack/plugins/fleet/server/routes/standalone_agent_api_key/index.ts +++ b/x-pack/plugins/fleet/server/routes/standalone_agent_api_key/index.ts @@ -27,6 +27,12 @@ export const registerRoutes = (router: FleetAuthzRouter) => { .addVersion( { version: API_VERSIONS.internal.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: PostStandaloneAgentAPIKeyRequestSchema, }, diff --git a/x-pack/plugins/fleet/server/routes/uninstall_token/index.ts b/x-pack/plugins/fleet/server/routes/uninstall_token/index.ts index a90dd678e99dd..1e6049c6cc82f 100644 --- a/x-pack/plugins/fleet/server/routes/uninstall_token/index.ts +++ b/x-pack/plugins/fleet/server/routes/uninstall_token/index.ts @@ -39,6 +39,12 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetUninstallTokensMetadataRequestSchema, response: { @@ -68,6 +74,12 @@ export const registerRoutes = (router: FleetAuthzRouter, config: FleetConfigType .addVersion( { version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, validate: { request: GetUninstallTokenRequestSchema, response: { diff --git a/x-pack/plugins/fleet/server/services/preconfiguration/fleet_server_host.test.ts b/x-pack/plugins/fleet/server/services/preconfiguration/fleet_server_host.test.ts index de7578129a09b..c382b1f13f40e 100644 --- a/x-pack/plugins/fleet/server/services/preconfiguration/fleet_server_host.test.ts +++ b/x-pack/plugins/fleet/server/services/preconfiguration/fleet_server_host.test.ts @@ -15,6 +15,8 @@ import { updateFleetServerHost, } from '../fleet_server_host'; +import type { FleetServerHost } from '../../../common/types'; + import { createCloudFleetServerHostIfNeeded, getCloudFleetServersHosts, @@ -22,8 +24,6 @@ import { createOrUpdatePreconfiguredFleetServerHosts, } from './fleet_server_host'; -import type { FleetServerHost } from '../../../common/types'; - jest.mock('../fleet_server_host'); jest.mock('../app_context'); jest.mock('../agent_policy'); diff --git a/x-pack/plugins/fleet/server/services/security/fleet_router.test.ts b/x-pack/plugins/fleet/server/services/security/fleet_router.test.ts index 2d7d898246796..eb8da74fb81a1 100644 --- a/x-pack/plugins/fleet/server/services/security/fleet_router.test.ts +++ b/x-pack/plugins/fleet/server/services/security/fleet_router.test.ts @@ -102,9 +102,19 @@ describe('FleetAuthzRouter', () => { appContextService.start(mockContext); const fleetAuthzRouter = makeRouterWithFleetAuthz(fakeRouter as any, mockLogger); - fleetAuthzRouter.versioned - .get({ ...routeConfig }) - .addVersion({ version: API_VERSIONS.public.v1, validate: false }, fakeHandler); + fleetAuthzRouter.versioned.get({ ...routeConfig }).addVersion( + { + version: API_VERSIONS.public.v1, + security: { + authz: { + enabled: false, + reason: 'This route is opted out from authorization', + }, + }, + validate: false, + }, + fakeHandler + ); // @ts-ignore const wrappedRouteConfig = fakeRouter.versioned.get.mock.calls[0][0]; const wrappedHandler = diff --git a/x-pack/plugins/fleet/server/telemetry/sender.ts b/x-pack/plugins/fleet/server/telemetry/sender.ts index 8fb71683b2c9c..bdecd6cc8d0bf 100644 --- a/x-pack/plugins/fleet/server/telemetry/sender.ts +++ b/x-pack/plugins/fleet/server/telemetry/sender.ts @@ -14,10 +14,10 @@ import axios from 'axios'; import type { InfoResponse, LicenseGetResponse } from '@elastic/elasticsearch/lib/api/types'; -import { appContextService } from '../services'; - import { exhaustMap, Subject, takeUntil, timer } from 'rxjs'; +import { appContextService } from '../services'; + import { TelemetryQueue } from './queue'; import type { FleetTelemetryChannel, FleetTelemetryChannelEvents } from './types';