elastic · jeramysoucy · Jul 24, 2023 · Jul 24, 2023 · Jul 24, 2023 · Jul 24, 2023
@@ -43,7 +43,10 @@ describe('Key rotation routes', () => {
     });
 
     it('correctly defines route.', () => {
-      expect(routeConfig.options).toEqual({ tags: ['access:rotateEncryptionKey'] });
+      expect(routeConfig.options).toEqual({
+        access: 'public',
+        tags: ['access:rotateEncryptionKey'],
+      });
       expect(routeConfig.validate).toEqual({
         body: undefined,
         query: expect.any(Type),

@@ -40,6 +40,7 @@ export function defineKeyRotationRoutes({
       },
       options: {
         tags: ['access:rotateEncryptionKey'],
+        access: 'public',
       },
     },
     async (context, request, response) => {

@@ -66,6 +66,7 @@ describe('Common authentication routes', () => {
 
     it('correctly defines route.', async () => {
       expect(routeConfig.options).toEqual({
+        access: 'public',
         authRequired: false,
         tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW],
       });

@@ -41,7 +41,11 @@ export function defineCommonRoutes({
         // Allow unknown query parameters as this endpoint can be hit by the 3rd-party with any
         // set of query string parameters (e.g. SAML/OIDC logout request/response parameters).
         validate: { query: schema.object({}, { unknowns: 'allow' }) },
-        options: { authRequired: false, tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW] },
+        options: {
+          authRequired: false,
+          tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW],
+          access: 'public',
+        },
       },
       async (context, request, response) => {
         const serverBasePath = basePath.serverBasePath;

@@ -37,7 +37,7 @@ export function defineOIDCRoutes({
       {
         path,
         validate: false,
-        options: { authRequired: false },
+        options: { authRequired: false, access: 'public' },
       },
       (context, request, response) => {
         const serverBasePath = basePath.serverBasePath;
@@ -106,7 +106,11 @@ export function defineOIDCRoutes({
             { unknowns: 'allow' }
           ),
         },
-        options: { authRequired: false, tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW] },
+        options: {
+          authRequired: false,
+          tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW],
+          access: 'public',
+        },
       },
       createLicensedRouteHandler(async (context, request, response) => {
         const serverBasePath = basePath.serverBasePath;
@@ -187,6 +191,7 @@ export function defineOIDCRoutes({
           authRequired: false,
           xsrfRequired: false,
           tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW],
+          access: 'public',
         },
       },
       createLicensedRouteHandler(async (context, request, response) => {
@@ -229,6 +234,7 @@ export function defineOIDCRoutes({
       options: {
         authRequired: false,
         tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW],
+        access: 'public',
       },
     },
     createLicensedRouteHandler(async (context, request, response) => {

@@ -54,6 +54,7 @@ describe('SAML authentication routes', () => {
 
     it('correctly defines route.', () => {
       expect(routeConfig.options).toEqual({
+        access: 'public',
         authRequired: false,
         xsrfRequired: false,
         tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW],

@@ -35,6 +35,7 @@ export function defineSAMLRoutes({
           authRequired: false,
           xsrfRequired: false,
           tags: [ROUTE_TAG_CAN_REDIRECT, ROUTE_TAG_AUTH_FLOW],
+          access: 'public',
         },
       },
       async (context, request, response) => {

@@ -26,6 +26,7 @@ export function defineGetPrivilegesRoutes({ router, authz }: RouteDefinitionPara
           ),
         }),
       },
+      options: { access: 'public' },
     },
     createLicensedRouteHandler((context, request, response) => {
       const respectLicenseLevel = request.query.respectLicenseLevel !== 'false'; // if undefined resolve to true by default

@@ -18,6 +18,7 @@ export function defineDeleteRolesRoutes({ router }: RouteDefinitionParams) {
       validate: {
         params: schema.object({ name: schema.string({ minLength: 1 }) }),
       },
+      options: { access: 'public' },
     },
     createLicensedRouteHandler(async (context, request, response) => {
       try {

@@ -24,6 +24,7 @@ export function defineGetRolesRoutes({
       validate: {
         params: schema.object({ name: schema.string({ minLength: 1 }) }),
       },
+      options: { access: 'public' },
     },
     createLicensedRouteHandler(async (context, request, response) => {
       try {

@@ -17,7 +17,7 @@ export function defineGetAllRolesRoutes({
   logger,
 }: RouteDefinitionParams) {
   router.get(
-    { path: '/api/security/role', validate: false },
+    { path: '/api/security/role', validate: false, options: { access: 'public' } },
     createLicensedRouteHandler(async (context, request, response) => {
       try {
         const esClient = (await context.core).elasticsearch.client;

@@ -56,6 +56,7 @@ export function definePutRolesRoutes({
           };
         }),
       },
+      options: { access: 'public' },
     },
     createLicensedRouteHandler(async (context, request, response) => {
       const { name } = request.params;

@@ -43,7 +43,7 @@ describe('Invalidate sessions routes', () => {
     });
 
     it('correctly defines route.', () => {
-      expect(routeConfig.options).toEqual({ tags: ['access:sessionManagement'] });
+      expect(routeConfig.options).toEqual({ access: 'public', tags: ['access:sessionManagement'] });
 
       const bodySchema = (routeConfig.validate as any).body as ObjectType;
       expect(() => bodySchema.validate({})).toThrowErrorMatchingInlineSnapshot(

@@ -33,7 +33,7 @@ export function defineInvalidateSessionsRoutes({ router, getSession }: RouteDefi
           ),
         }),
       },
-      options: { tags: ['access:sessionManagement'] },
+      options: { tags: ['access:sessionManagement'], access: 'public' },
     },
     async (_context, request, response) => {
       return response.ok({

@@ -68,7 +68,7 @@ describe('Access agreement view routes', () => {
     });
 
     it('correctly defines route.', () => {
-      expect(routeConfig.options).toBeUndefined();
+      expect(routeConfig.options).toEqual({ access: 'public' });
       expect(routeConfig.validate).toBe(false);
     });
 
@@ -109,7 +109,7 @@ describe('Access agreement view routes', () => {
     });
 
     it('correctly defines route.', () => {
-      expect(routeConfig.options).toBeUndefined();
+      expect(routeConfig.options).toEqual({ access: 'public' });
       expect(routeConfig.validate).toBe(false);
     });
 

@@ -24,7 +24,7 @@ export function defineAccessAgreementRoutes({
   const canHandleRequest = () => license.getFeatures().allowAccessAgreement;
 
   httpResources.register(
-    { path: '/security/access_agreement', validate: false },
+    { path: '/security/access_agreement', validate: false, options: { access: 'public' } },
     createLicensedRouteHandler(async (context, request, response) =>
       canHandleRequest()
         ? response.renderCoreApp()
@@ -35,7 +35,11 @@ export function defineAccessAgreementRoutes({
   );
 
   router.get(
-    { path: '/internal/security/access_agreement/state', validate: false },
+    {
+      path: '/internal/security/access_agreement/state',
+      validate: false,
+      options: { access: 'public' },
+    },
     createLicensedRouteHandler(async (context, request, response) => {
       if (!canHandleRequest()) {
         return response.forbidden({

@@ -11,7 +11,8 @@ import type { RouteDefinitionParams } from '..';
  * Defines routes required for the Account Management view.
  */
 export function defineAccountManagementRoutes({ httpResources }: RouteDefinitionParams) {
-  httpResources.register({ path: '/security/account', validate: false }, (context, req, res) =>
-    res.renderCoreApp()
+  httpResources.register(
+    { path: '/security/account', validate: false, options: { access: 'public' } },
+    (context, req, res) => res.renderCoreApp()
   );
 }
@@ -34,7 +34,7 @@ describe('Capture URL view routes', () => {
   });
 
   it('correctly defines route.', () => {
-    expect(routeConfig.options).toEqual({ authRequired: false });
+    expect(routeConfig.options).toEqual({ access: 'public', authRequired: false });
 
     expect(routeConfig.validate).toEqual({
       body: undefined,

@@ -19,7 +19,10 @@ export function defineCaptureURLRoutes({ httpResources }: RouteDefinitionParams)
       validate: {
         query: schema.object({ next: schema.maybe(schema.string()) }, { unknowns: 'ignore' }),
       },
-      options: { authRequired: false },
+      options: {
+        authRequired: false,
+        access: 'public',
+      },
     },
     (context, request, response) => response.renderAnonymousCoreApp()
   );

@@ -35,7 +35,7 @@ describe('LoggedOut view routes', () => {
   });
 
   it('correctly defines route.', () => {
-    expect(routeConfig.options).toEqual({ authRequired: false });
+    expect(routeConfig.options).toEqual({ access: 'public', authRequired: false });
     expect(routeConfig.validate).toBe(false);
   });
 

@@ -20,7 +20,7 @@ export function defineLoggedOutRoutes({
     {
       path: '/security/logged_out',
       validate: false,
-      options: { authRequired: false },
+      options: { authRequired: false, access: 'public' },
     },
     async (context, request, response) => {
       // Authentication flow isn't triggered automatically for this route, so we should explicitly

@@ -52,7 +52,7 @@ describe('Login view routes', () => {
     });
 
     it('correctly defines route.', () => {
-      expect(routeConfig.options).toEqual({ authRequired: 'optional' });
+      expect(routeConfig.options).toEqual({ access: 'public', authRequired: 'optional' });
 
       expect(routeConfig.validate).toEqual({
         body: undefined,
@@ -155,7 +155,7 @@ describe('Login view routes', () => {
     });
 
     it('correctly defines route.', () => {
-      expect(routeConfig.options).toEqual({ authRequired: false });
+      expect(routeConfig.options).toEqual({ access: 'public', authRequired: false });
       expect(routeConfig.validate).toBe(false);
     });
 

@@ -39,7 +39,7 @@ export function defineLoginRoutes({
           { unknowns: 'allow' }
         ),
       },
-      options: { authRequired: 'optional' },
+      options: { authRequired: 'optional', access: 'public' },
     },
     async (context, request, response) => {
       // Default to true if license isn't available or it can't be resolved for some reason.
@@ -57,7 +57,11 @@ export function defineLoginRoutes({
   );
 
   router.get(
-    { path: '/internal/security/login_state', validate: false, options: { authRequired: false } },
+    {
+      path: '/internal/security/login_state',
+      validate: false,
+      options: { authRequired: false, access: 'public' },
+    },
     async (context, request, response) => {
       const { allowLogin, layout = 'form' } = license.getFeatures();
       const { sortedProviders, selector } = config.authc;

@@ -12,7 +12,7 @@ import type { RouteDefinitionParams } from '..';
  */
 export function defineLogoutRoutes({ httpResources }: RouteDefinitionParams) {
   httpResources.register(
-    { path: '/logout', validate: false, options: { authRequired: false } },
+    { path: '/logout', validate: false, options: { authRequired: false, access: 'public' } },
     (context, request, response) => response.renderAnonymousCoreApp()
   );
 }
@@ -12,7 +12,7 @@ import type { RouteDefinitionParams } from '..';
  */
 export function defineOverwrittenSessionRoutes({ httpResources }: RouteDefinitionParams) {
   httpResources.register(
-    { path: '/security/overwritten_session', validate: false },
+    { path: '/security/overwritten_session', validate: false, options: { access: 'public' } },
     (context, req, res) => res.renderCoreApp()
   );
 }
@@ -32,6 +32,7 @@ export function initCopyToSpacesApi(deps: ExternalRouteDeps) {
       path: '/api/spaces/_copy_saved_objects',
       options: {
         tags: ['access:copySavedObjectsToSpaces'],
+        access: 'public',
       },
       validate: {
         body: schema.object(
@@ -142,6 +143,7 @@ export function initCopyToSpacesApi(deps: ExternalRouteDeps) {
       path: '/api/spaces/_resolve_copy_saved_objects_errors',
       options: {
         tags: ['access:copySavedObjectsToSpaces'],
+        access: 'public',
       },
       validate: {
         body: schema.object(

@@ -25,6 +25,7 @@ export function initDeleteSpacesApi(deps: ExternalRouteDeps) {
           id: schema.string(),
         }),
       },
+      options: { access: 'public' },
     },
     createLicensedRouteHandler(async (context, request, response) => {
       const spacesClient = getSpacesService().createSpacesClient(request);

@@ -29,6 +29,7 @@ export function initDisableLegacyUrlAliasesApi(deps: ExternalRouteDeps) {
           ),
         }),
       },
+      options: { access: 'public' },
     },
     createLicensedRouteHandler(async (_context, request, response) => {
       const spacesClient = getSpacesService().createSpacesClient(request);

@@ -23,6 +23,7 @@ export function initGetSpaceApi(deps: ExternalRouteDeps) {
           id: schema.string(),
         }),
       },
+      options: { access: 'public' }, // will be made configurable by https://github.com/elastic/kibana/pull/162087
     },
     createLicensedRouteHandler(async (context, request, response) => {
       const spaceId = request.params.id;

@@ -35,6 +35,7 @@ export function initGetAllSpacesApi(deps: ExternalRouteDeps) {
           ),
         }),
       },
+      options: { access: 'public' }, // will be made configurable by https://github.com/elastic/kibana/pull/162087
     },
     createLicensedRouteHandler(async (context, request, response) => {
       log.debug(`Inside GET /api/spaces/space`);

@@ -22,6 +22,7 @@ export function initGetShareableReferencesApi(deps: ExternalRouteDeps) {
           objects: schema.arrayOf(schema.object({ type: schema.string(), id: schema.string() })),
         }),
       },
+      options: { access: 'public' },
     },
     createLicensedRouteHandler(async (context, request, response) => {
       const [startServices] = await getStartServices();

@@ -23,6 +23,7 @@ export function initPostSpacesApi(deps: ExternalRouteDeps) {
       validate: {
         body: spaceSchema,
       },
+      options: { access: 'public' },
     },
     createLicensedRouteHandler(async (context, request, response) => {
       log.debug(`Inside POST /api/spaces/space`);

@@ -26,6 +26,7 @@ export function initPutSpacesApi(deps: ExternalRouteDeps) {
         }),
         body: spaceSchema,
       },
+      options: { access: 'public' }, // will be made configurable by https://github.com/elastic/kibana/pull/162087
     },
     createLicensedRouteHandler(async (context, request, response) => {
       const spacesClient = getSpacesService().createSpacesClient(request);

@@ -43,6 +43,7 @@ export function initUpdateObjectsSpacesApi(deps: ExternalRouteDeps) {
           spacesToRemove: spacesSchema,
         }),
       },
+      options: { access: 'public' },
     },
     createLicensedRouteHandler(async (_context, request, response) => {
       const [startServices] = await getStartServices();

@@ -18,12 +18,12 @@ export interface ViewRouteDeps {
 
 export function initSpacesViewsRoutes(deps: ViewRouteDeps) {
   deps.httpResources.register(
-    { path: '/spaces/space_selector', validate: false },
+    { path: '/spaces/space_selector', validate: false, options: { access: 'public' } },
     (context, request, response) => response.renderCoreApp()
   );
 
   deps.httpResources.register(
-    { path: ENTER_SPACE_PATH, validate: false },
+    { path: ENTER_SPACE_PATH, validate: false, options: { access: 'public' } },
     async (context, request, response) => {
       try {
         const { uiSettings } = await context.core;
-Original file line number
+Diff line change
@@ Expand Up @@
               ),
             }),
           },
+          options: { access: 'public' },
         },
         createLicensedRouteHandler((context, request, response) => {
           const respectLicenseLevel = request.query.respectLicenseLevel !== 'false'; // if undefined resolve to true by default
@@ Expand Down @@