From 73066e8cc30c756ed6953948d9d65bb0175af99f Mon Sep 17 00:00:00 2001
From: Irene Blanco <irene.blanco@elastic.co>
Date: Mon, 16 Dec 2024 11:02:04 +0100
Subject: [PATCH] [Infra] Update deprecated access tags to the new security
 configuration in routes (#204214)

## Summary

Closes https://github.com/elastic/kibana/issues/203793

This PR replaces the deprecated `access` tags with the new `security`
configuration.

All instances of `options: {tags: ['access:infra']}` are now updated to
`security: {authz: {requiredPrivileges: ['infra']}}`.
---
 .../framework/kibana_framework_adapter.ts       | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/x-pack/plugins/observability_solution/infra/server/lib/adapters/framework/kibana_framework_adapter.ts b/x-pack/plugins/observability_solution/infra/server/lib/adapters/framework/kibana_framework_adapter.ts
index f245214cfa37a..ad6a6bbcbcc27 100644
--- a/x-pack/plugins/observability_solution/infra/server/lib/adapters/framework/kibana_framework_adapter.ts
+++ b/x-pack/plugins/observability_solution/infra/server/lib/adapters/framework/kibana_framework_adapter.ts
@@ -52,9 +52,8 @@ export class KibanaFramework {
     config: InfraRouteConfig<Params, Query, Body, Method>,
     handler: RequestHandler<Params, Query, Body, InfraPluginRequestHandlerContext>
   ) {
-    const defaultOptions = {
-      tags: ['access:infra'],
-    };
+    const defaultSecurity = { authz: { requiredPrivileges: ['infra'] } };
+
     const routeConfig = {
       path: config.path,
       validate: config.validate,
@@ -65,7 +64,8 @@ export class KibanaFramework {
        * using `as ...` below to ensure the route config has
        * the correct options type.
        */
-      options: { ...config.options, ...defaultOptions },
+      options: { ...config.options },
+      security: defaultSecurity,
     };
     switch (config.method) {
       case 'get':
@@ -89,15 +89,12 @@ export class KibanaFramework {
   public registerVersionedRoute<Method extends RouteMethod = any>(
     config: InfraVersionedRouteConfig<Method>
   ) {
-    const defaultOptions = {
-      tags: ['access:infra'],
-    };
+    const defaultSecurity = { authz: { requiredPrivileges: ['infra'] } };
+
     const routeConfig = {
       access: config.access,
       path: config.path,
-      // Currently we have no use of custom options beyond tags, this can be extended
-      // beyond defaultOptions if it's needed.
-      options: defaultOptions,
+      security: defaultSecurity,
     };
     switch (config.method) {
       case 'get':