elasticmachine
commented
4 months ago Pinging @elastic/kibana-core (Team:Core)
Closed TinaHeiligers closed 4 weeks ago
elasticmachine
commented
4 months ago Pinging @elastic/kibana-core (Team:Core)
TinaHeiligers
commented
4 months ago Asked offline:
[edited] ...do you also expect to change the name prefix so the naming convention is also aligned ("to the
accessflag")?
Answer:
It depends(™) on whether you want the APIs to be public or internal. Ideally, both the access flag and the prefix should correspond but that would mean a new model version for the API and deprecating the “old” API path.
All public routes should have been documented as public with an OpenApi Spec.
The intention is to have parity between how we handle the APIs in Serverless and everywhere else
TL;DR: Core won’t automatically change the prefix, nor will the access flag be changed to match the route path prefix. They don’t have to correspond.
TinaHeiligers
commented
3 months ago @davismcphee This issue is Core's Meta issue to make sure teams are aware. It is not intended to be "shared" between all the teams.
As such, could you please track your teams' progress in your own issue? The meta task assignee on Core's side has @mattkime . It should be me.
CC @kertal
davismcphee
commented
3 months ago @TinaHeiligers Sure, thanks for the heads up!
michaelolo24
commented
3 months ago Thanks for this heads up @TinaHeiligers ! The Resolver api's are owned by the threat hunting team, so I'm going to move them there to track this work. Thanks!
TinaHeiligers
commented
2 months ago Restricting internal apis by default has been accepted and will be enforced as of v9.0.0
@elastic/response-ops @elastic/kibana-security @elastic/fleet @elastic/obs-ux-management-team please make sure to finish your audits for the public routes prefixed with /internal/ as soon as possible!
TTL: September 15th for the audit.
paulb-elastic
commented
2 months ago In the main description, I've updated the owner of the /api/synthetics APIs from @elastic/obs-ux-infra_services-team to @elastic/obs-ux-management-team as we recently moved responsibility between teams
jasonrhodes
commented
1 month ago I've updated all references in the issue description to any routes owned by our team (obs-ux-management) and replaced them with links to the corresponding issues. Please let me know if you have any questions.
cnasikas
commented
1 month ago Inspired by @jasonrhodes (thank you!) I created a similar issue https://github.com/elastic/kibana/issues/192897 that audits all the routes owned by the @elastic/response-ops team. We will take action to explicitly set the access to all routes (https://github.com/elastic/kibana/issues/192956). About:
TinaHeiligers
commented
4 weeks ago @elastic/logstash please confirm if /api/logstash/cluster is supposed to be internal. It wasn't covered in https://github.com/elastic/kibana/pull/192579
@elastic/kibana-security a gentle reminder that the restriction is now enforced as of v9. I'll check your teams' list as done since https://github.com/elastic/kibana/issues/192153 is closed. Please LMK if you need more time.
TinaHeiligers
commented
4 weeks ago @jloleysens We should be able to close this as done after hearing back from the logstash team about /api/logstash/cluster as internal.
It wasn't called out in https://github.com/elastic/kibana/pull/192579
azasypkin
commented
4 weeks ago @elastic/kibana-security "access [public] [GET] for path [/internal/security/reset_session_page.js]", "access [public] [GET] for path [/internal/security/capture-url]",
Thanks for the ping and sorry for the delayed reply, @TinaHeiligers. It somehow slipped under my radar. Both of these routes are registered with the httpResources service, and if I understand correctly, any "access" restrictions don’t apply to them since they are essentially resources like CSS and JS, with the only exception being that they are generated dynamically. Is my understanding correct?
jloleysens
commented
4 weeks ago @azasypkin
Is my understanding correct?
Yeah, this is correct. They are treated regsitered as unversioned, public routes and excluded from OAS docs (since this PR)
jloleysens
commented
4 weeks ago
Access to
internalAPIs is restricted in Serverless. With v9, we have an opportunity to make the breaking change in ESS and on-prem and restrict internal APIs by default.What this means to users & stack components: Access to internal APIs is blocked by default. Access to public APIs remains.
Call to Action:
What this means to Kibana and solution devs:
accessroute configuration option explicitly set to"public".internalKibana APIs must migrate to public counterparts.Confirm correct access: Historically, Kibana only used a naming convention to distinguish between internal (/internal) and public (/api) routes. This distinction no longer applies.
Teams should confirm that their APIs have the intended access configuration, especially in cases where:
path: "/api/foo...",access: internalpath: "/internal/bar..."andaccess: publicLogging config:
Public routes prefixed with
/internal/by team:@elastic/response-ops
@elastic/kibana-security
@elastic/fleet
@elastic/obs-ux-management-team
All other API routes maintained by our team have been accounted for in this issue
Internal routes prefixed by
/api/by team:@elastic/kibana-core
- [x] confirm all - "access [internal] [GET] for path [/api/deprecations/]", - "access [internal] [POST] for path [/api/core/capabilities]", - "access [public] [POST] for path [/api/kibana/dashboards/import]", - "access [public] [GET] for path [/api/kibana/dashboards/export]", - "access [internal] [GET] for path [/api/licensing/info]", - "access [internal] [GET] for path [/api/licensing/feature_usage]", - "access [internal] [POST] for path [/api/ui_counters/_report]", - "access [internal] [POST] for path [/api/home/hits_status]", - "access [internal] [GET] for path [/api/kibana/management/saved_objects/_find]", - "access [internal] [POST] for path [/api/kibana/management/saved_objects/_bulk_get]", - "access [internal] [POST] for path [/api/kibana/management/saved_objects/scroll/counts]", - "access [internal] [GET] for path [/api/kibana/management/saved_objects/relationships/{type}/{id}]", - "access [internal] [GET] for path [/api/kibana/management/saved_objects/_allowed_types]","@elastic/appex-sharedux"
- [x] confirm all - (@jloleysens - I did sanity check and it appears current access is in line with documentation) - "access [internal] [GET] for path [/api/kibana/settings]", - "access [internal] [GET] for path [/api/kibana/global_settings]", - "access [internal] [DELETE] for path [/api/kibana/settings/{key}]", - "access [internal] [DELETE] for path [/api/kibana/global_settings/{key}]", - "access [internal] [POST] for path [/api/kibana/settings/{key}]", - "access [internal] [POST] for path [/api/kibana/global_settings/{key}]", - "access [internal] [POST] for path [/api/kibana/settings]", - "access [internal] [POST] for path [/api/kibana/global_settings]", - "access [internal] [GET] for path [/api/banners/info]", - "access [internal] [POST] for path [/api/content_management/rpc/{name}]", - "access [internal] [GET] for path [/api/kibana/home/tutorials]", - "access [internal] [GET] for path [/api/sample_data]", - "access [internal] [POST] for path [/api/sample_data/{id}]", - "access [internal] [DELETE] for path [/api/sample_data/{id}]", - "access [internal] [POST] for path [/api/files/find]", - "access [internal] [GET] for path [/api/files/metrics]", - "access [internal] [DELETE] for path [/api/files/blobs]", - "access [internal] [POST] for path [/api/files/files/defaultImage]", - "access [internal] [PUT] for path [/api/files/files/defaultImage/{id}/blob]", - "access [internal] [PATCH] for path [/api/files/files/defaultImage/{id}]", - "access [internal] [DELETE] for path [/api/files/files/defaultImage/{id}]", - "access [internal] [POST] for path [/api/files/files/defaultImage/list]", - "access [internal] [GET] for path [/api/files/files/defaultImage/{id}]", - "access [internal] [POST] for path [/api/files/shares/defaultImage/{fileId}]", - "access [internal] [DELETE] for path [/api/files/shares/defaultImage/{id}]", - "access [internal] [GET] for path [/api/files/shares/defaultImage/{id}]", - "access [internal] [GET] for path [/api/files/shares/defaultImage]", - "access [internal] [POST] for path [/api/files/files/casesFilesCases]", - "access [internal] [PUT] for path [/api/files/files/casesFilesCases/{id}/blob]", - "access [internal] [POST] for path [/api/files/files/casesFilesCases/list]", - "access [internal] [GET] for path [/api/files/files/casesFilesCases/{id}]", - "access [internal] [POST] for path [/api/files/files/observabilityFilesCases]", - "access [internal] [PUT] for path [/api/files/files/observabilityFilesCases/{id}/blob]", - "access [internal] [POST] for path [/api/files/files/observabilityFilesCases/list]", - "access [internal] [GET] for path [/api/files/files/observabilityFilesCases/{id}]", - "access [internal] [POST] for path [/api/files/files/securitySolutionFilesCases]", - "access [internal] [PUT] for path [/api/files/files/securitySolutionFilesCases/{id}/blob]", - "access [internal] [POST] for path [/api/files/files/securitySolutionFilesCases/list]", - "access [internal] [GET] for path [/api/files/files/securitySolutionFilesCases/{id}]", - "access [internal] [POST] for path [/api/saved_objects_tagging/tags/create]", - "access [internal] [POST] for path [/api/saved_objects_tagging/tags/{id}]", - "access [internal] [DELETE] for path [/api/saved_objects_tagging/tags/{id}]", - "access [internal] [GET] for path [/api/saved_objects_tagging/tags]", - "access [internal] [GET] for path [/api/saved_objects_tagging/tags/{id}]", - "access [internal] [POST] for path [/api/saved_objects_tagging/assignments/update_by_tags]","@elastic/kibana-data-discovery
- [x] confirm all - "access [internal] [GET] for path [/api/data_views/has_user_data_view]", - "access [internal] [GET] for path [/api/index_patterns/has_user_index_pattern]",@elastic/kibana-management
- [x] confirm all - "access [internal] [POST] for path [/api/searchprofiler/profile]", - "access [internal] [POST] for path [/api/painless_lab/execute]", - "access [internal] [POST] for path [/api/grokdebugger/simulate]", - "access [internal] [GET] for path [/api/snapshot_restore/privileges]", - "access [internal] [GET] for path [/api/snapshot_restore/repositories]", - "access [internal] [GET] for path [/api/snapshot_restore/repositories/{name}]", - "access [internal] [GET] for path [/api/snapshot_restore/repository_types]", - "access [internal] [GET] for path [/api/snapshot_restore/repositories/{name}/verify]", - "access [internal] [POST] for path [/api/snapshot_restore/repositories/{name}/cleanup]", - "access [internal] [PUT] for path [/api/snapshot_restore/repositories]", - "access [internal] [PUT] for path [/api/snapshot_restore/repositories/{name}]", - "access [internal] [DELETE] for path [/api/snapshot_restore/repositories/{name}]", - "access [internal] [GET] for path [/api/snapshot_restore/snapshots]", - "access [internal] [GET] for path [/api/snapshot_restore/snapshots/{repository}/{snapshot}]", - "access [internal] [POST] for path [/api/snapshot_restore/snapshots/bulk_delete]", - "access [internal] [GET] for path [/api/snapshot_restore/restores]", - "access [internal] [POST] for path [/api/snapshot_restore/restore/{repository}/{snapshot}]", - "access [internal] [GET] for path [/api/snapshot_restore/policies]", - "access [internal] [GET] for path [/api/snapshot_restore/policy/{name}]", - "access [internal] [POST] for path [/api/snapshot_restore/policies]", - "access [internal] [PUT] for path [/api/snapshot_restore/policies/{name}]", - "access [internal] [DELETE] for path [/api/snapshot_restore/policies/{name}]", - "access [internal] [POST] for path [/api/snapshot_restore/policy/{name}/run]", - "access [internal] [GET] for path [/api/snapshot_restore/policies/indices]", - "access [internal] [GET] for path [/api/snapshot_restore/policies/features]", - "access [internal] [GET] for path [/api/snapshot_restore/policies/retention_settings]", - "access [internal] [PUT] for path [/api/snapshot_restore/policies/retention_settings]", - "access [internal] [POST] for path [/api/snapshot_restore/policies/retention]", - "access [internal] [PUT] for path [/api/license]", - "access [internal] [GET] for path [/api/license/start_trial]", - "access [internal] [POST] for path [/api/license/start_trial]", - "access [internal] [POST] for path [/api/license/start_basic]", - "access [internal] [POST] for path [/api/license/permissions]", - "access [internal] [GET] for path [/api/console/es_config]", - "access [internal] [POST] for path [/api/console/proxy]", - "access [internal] [GET] for path [/api/console/api_server]", - "access [internal] [GET] for path [/api/console/autocomplete_entities]", - "access [internal] [GET] for path [/api/ingest_pipelines]", - "access [internal] [GET] for path [/api/ingest_pipelines/{name}]", - "access [internal] [POST] for path [/api/ingest_pipelines]", - "access [internal] [PUT] for path [/api/ingest_pipelines/{name}]", - "access [internal] [GET] for path [/api/ingest_pipelines/privileges]", - "access [internal] [DELETE] for path [/api/ingest_pipelines/{names}]", - "access [internal] [POST] for path [/api/ingest_pipelines/simulate]", - "access [internal] [GET] for path [/api/ingest_pipelines/documents/{index}/{id}]", - "access [internal] [POST] for path [/api/ingest_pipelines/parse_csv]", - "access [internal] [POST] for path [/api/watcher/fields]", - "access [internal] [GET] for path [/api/watcher/history/{id}]", - "access [internal] [POST] for path [/api/watcher/indices]", - "access [internal] [GET] for path [/api/watcher/indices/index_patterns]", - "access [internal] [GET] for path [/api/watcher/license/refresh]", - "access [internal] [GET] for path [/api/watcher/settings]", - "access [internal] [GET] for path [/api/watcher/watches]", - "access [internal] [POST] for path [/api/watcher/watches/delete]", - "access [internal] [DELETE] for path [/api/watcher/watch/{watchId}]", - "access [internal] [PUT] for path [/api/watcher/watch/execute]", - "access [internal] [GET] for path [/api/watcher/watch/{id}]", - "access [internal] [PUT] for path [/api/watcher/watch/{id}]", - "access [internal] [GET] for path [/api/watcher/watch/{watchId}/history]", - "access [internal] [PUT] for path [/api/watcher/watch/{watchId}/activate]", - "access [internal] [PUT] for path [/api/watcher/watch/{watchId}/deactivate]", - "access [internal] [PUT] for path [/api/watcher/watch/{watchId}/action/{actionId}/acknowledge]", - "access [internal] [POST] for path [/api/watcher/watch/visualize]", - "access [internal] [GET] for path [/api/upgrade_assistant/privileges]", - "access [internal] [GET] for path [/api/upgrade_assistant/cloud_backup_status]", - "access [internal] [GET] for path [/api/upgrade_assistant/cluster_upgrade_status]", - "access [internal] [GET] for path [/api/upgrade_assistant/system_indices_migration]", - "access [internal] [POST] for path [/api/upgrade_assistant/system_indices_migration]", - "access [internal] [GET] for path [/api/upgrade_assistant/es_deprecations]", - "access [internal] [GET] for path [/api/upgrade_assistant/deprecation_logging]", - "access [internal] [PUT] for path [/api/upgrade_assistant/deprecation_logging]", - "access [internal] [GET] for path [/api/upgrade_assistant/deprecation_logging/count]", - "access [internal] [DELETE] for path [/api/upgrade_assistant/deprecation_logging/cache]", - "access [internal] [POST] for path [/api/upgrade_assistant/{indexName}/index_settings]", - "access [internal] [POST] for path [/api/upgrade_assistant/ml_snapshots]", - "access [internal] [GET] for path [/api/upgrade_assistant/ml_snapshots/{jobId}/{snapshotId}]", - "access [internal] [GET] for path [/api/upgrade_assistant/ml_upgrade_mode]", - "access [internal] [DELETE] for path [/api/upgrade_assistant/ml_snapshots/{jobId}/{snapshotId}]", - "access [internal] [GET] for path [/api/upgrade_assistant/remote_clusters]", - "access [internal] [GET] for path [/api/upgrade_assistant/node_disk_space]", - "access [internal] [POST] for path [/api/upgrade_assistant/cluster_settings]", - "access [internal] [GET] for path [/api/index_management/data_streams/{name}]", - "access [internal] [POST] for path [/api/index_management/data_streams/{name}/mappings_from_template]", - "access [internal] [POST] for path [/api/index_management/data_streams/{name}/rollover]", - "access [internal] [GET] for path [/api/index_management/data_streams]", - "access [internal] [POST] for path [/api/index_management/delete_data_streams]", - "access [internal] [PUT] for path [/api/index_management/data_streams/{name}/data_retention]", - "access [internal] [POST] for path [/api/index_management/indices/clear_cache]", - "access [internal] [POST] for path [/api/index_management/indices/close]", - "access [internal] [POST] for path [/api/index_management/indices/flush]", - "access [internal] [POST] for path [/api/index_management/indices/forcemerge]", - "access [internal] [GET] for path [/api/index_management/indices]", - "access [internal] [POST] for path [/api/index_management/indices/open]", - "access [internal] [POST] for path [/api/index_management/indices/refresh]", - "access [internal] [POST] for path [/api/index_management/indices/reload]", - "access [internal] [POST] for path [/api/index_management/indices/delete]", - "access [internal] [POST] for path [/api/index_management/indices/unfreeze]", - "access [internal] [GET] for path [/api/index_management/index_templates]", - "access [internal] [GET] for path [/api/index_management/index_templates/{name}]", - "access [internal] [POST] for path [/api/index_management/delete_index_templates]", - "access [internal] [POST] for path [/api/index_management/index_templates]", - "access [internal] [PUT] for path [/api/index_management/index_templates/{name}]", - "access [internal] [POST] for path [/api/index_management/index_templates/simulate]", - "access [internal] [GET] for path [/api/index_management/settings/{indexName}]", - "access [internal] [PUT] for path [/api/index_management/settings/{indexName}]", - "access [internal] [GET] for path [/api/index_management/mapping/{indexName}]", - "access [internal] [PUT] for path [/api/index_management/mapping/{indexName}]", - "access [internal] [GET] for path [/api/index_management/component_templates]", - "access [internal] [GET] for path [/api/index_management/component_templates/{name}]", - "access [internal] [POST] for path [/api/index_management/component_templates]", - "access [internal] [PUT] for path [/api/index_management/component_templates/{name}]", - "access [internal] [GET] for path [/api/index_management/component_templates/{name}/datastreams]", - "access [internal] [DELETE] for path [/api/index_management/component_templates/{names}]", - "access [internal] [GET] for path [/api/index_management/component_templates/privileges]", - "access [internal] [GET] for path [/api/index_management/inference/all]", - "access [internal] [GET] for path [/api/index_management/nodes/plugins]", - "access [internal] [GET] for path [/api/index_management/stats/{indexName}]", - "access [internal] [GET] for path [/api/remote_clusters]", - "access [internal] [POST] for path [/api/remote_clusters]", - "access [internal] [PUT] for path [/api/remote_clusters/{name}]", - "access [internal] [DELETE] for path [/api/remote_clusters/{nameOrNames}]", - "access [internal] [POST] for path [/api/cross_cluster_replication/auto_follow_patterns]", - "access [internal] [DELETE] for path [/api/cross_cluster_replication/auto_follow_patterns/{id}]", - "access [internal] [GET] for path [/api/cross_cluster_replication/auto_follow_patterns]", - "access [internal] [GET] for path [/api/cross_cluster_replication/auto_follow_patterns/{id}]", - "access [internal] [POST] for path [/api/cross_cluster_replication/auto_follow_patterns/{id}/pause]", - "access [internal] [POST] for path [/api/cross_cluster_replication/auto_follow_patterns/{id}/resume]", - "access [internal] [PUT] for path [/api/cross_cluster_replication/auto_follow_patterns/{id}]", - "access [internal] [POST] for path [/api/cross_cluster_replication/follower_indices]", - "access [internal] [GET] for path [/api/cross_cluster_replication/follower_indices]", - "access [internal] [GET] for path [/api/cross_cluster_replication/follower_indices/{id}]", - "access [internal] [PUT] for path [/api/cross_cluster_replication/follower_indices/{id}/pause]", - "access [internal] [PUT] for path [/api/cross_cluster_replication/follower_indices/{id}/resume]", - "access [internal] [PUT] for path [/api/cross_cluster_replication/follower_indices/{id}/unfollow]", - "access [internal] [PUT] for path [/api/cross_cluster_replication/follower_indices/{id}]", - "access [internal] [GET] for path [/api/cross_cluster_replication/permissions]", - "access [internal] [GET] for path [/api/cross_cluster_replication/stats/auto_follow]", - "access [internal] [POST] for path [/api/index_lifecycle_management/index/retry]", - "access [internal] [POST] for path [/api/index_lifecycle_management/index/remove]", - "access [internal] [POST] for path [/api/index_lifecycle_management/index/add]", - "access [internal] [GET] for path [/api/index_lifecycle_management/nodes/list]", - "access [internal] [GET] for path [/api/index_lifecycle_management/nodes/{nodeAttrs}/details]", - "access [internal] [GET] for path [/api/index_lifecycle_management/policies]", - "access [internal] [POST] for path [/api/index_lifecycle_management/policies]", - "access [internal] [DELETE] for path [/api/index_lifecycle_management/policies/{policyNames}]", - "access [internal] [GET] for path [/api/index_lifecycle_management/templates]", - "access [internal] [POST] for path [/api/index_lifecycle_management/template]", - "access [internal] [GET] for path [/api/index_lifecycle_management/snapshot_policies]", - "access [internal] [GET] for path [/api/index_lifecycle_management/snapshot_repositories]", - "access [internal] [GET] for path [/api/rollup/indices]", - "access [internal] [GET] for path [/api/rollup/index_pattern_validity/{indexPattern}]", - "access [internal] [PUT] for path [/api/rollup/create]", - "access [internal] [POST] for path [/api/rollup/delete]", - "access [internal] [GET] for path [/api/rollup/jobs]", - "access [internal] [POST] for path [/api/rollup/start]", - "access [internal] [POST] for path [/api/rollup/stop]", - "access [internal] [POST] for path [/api/rollup/search]",@elastic/kibana-security
- [x] confirm all (https://github.com/elastic/kibana/pull/192554) - "access [internal] [GET] for path [/api/spaces/space/{id}]", - "access [internal] [GET] for path [/api/spaces/space]", - "access [internal] [PUT] for path [/api/spaces/space/{id}]", - "access [internal] [DELETE] for path [/api/spaces/space/{id}]", - "access [internal] [POST] for path [/api/spaces/space]", - "access [internal] [POST] for path [/api/spaces/_copy_saved_objects]", - "access [internal] [POST] for path [/api/spaces/_resolve_copy_saved_objects_errors]", - "access [internal] [POST] for path [/api/spaces/_update_objects_spaces]", - "access [internal] [POST] for path [/api/spaces/_get_shareable_references]", - "access [internal] [POST] for path [/api/spaces/_disable_legacy_url_aliases]", - "access [internal] [GET] for path [/api/security/v1/me]", - "access [internal] [GET] for path [/api/security/privileges]", - "access [internal] [GET] for path [/api/security/role/{name}]", - "access [internal] [GET] for path [/api/security/role]", - "access [internal] [DELETE] for path [/api/security/role/{name}]", - "access [internal] [PUT] for path [/api/security/role/{name}]", - "access [internal] [POST] for path [/api/security/session/_invalidate]", - "access [internal] [POST] for path [/api/encrypted_saved_objects/_rotate_key]",@elastic/response-ops
- [x] confirm all - (@jloleysens - I did sanity check and it appears current access is in line with documentation) - "access [internal] [POST] for path [/api/alerts/alert/{id?}]", - "access [internal] [DELETE] for path [/api/alerts/alert/{id}]", - "access [internal] [GET] for path [/api/alerts/_find]", - "access [internal] [GET] for path [/api/alerts/alert/{id}]", - "access [internal] [GET] for path [/api/alerts/alert/{id}/state]", - "access [internal] [GET] for path [/api/alerts/alert/{id}/_instance_summary]", - "access [internal] [GET] for path [/api/alerts/list_alert_types]", - "access [internal] [PUT] for path [/api/alerts/alert/{id}]", - "access [internal] [POST] for path [/api/alerts/alert/{id}/_enable]", - "access [internal] [POST] for path [/api/alerts/alert/{id}/_disable]", - "access [internal] [POST] for path [/api/alerts/alert/{id}/_update_api_key]", - "access [internal] [POST] for path [/api/alerts/alert/{id}/_mute_all]", - "access [internal] [POST] for path [/api/alerts/alert/{id}/_unmute_all]", - "access [internal] [POST] for path [/api/alerts/alert/{alert_id}/alert_instance/{alert_instance_id}/_mute]", - "access [internal] [POST] for path [/api/alerts/alert/{alertId}/alert_instance/{alertInstanceId}/_unmute]", - "access [internal] [GET] for path [/api/alerts/_health]", - "access [internal] [GET] for path [/api/cases/{case_id}/resolve]",@elastic/obs-ux-infra_services-team
- [x] confirm all - (@jloleysens - I did sanity check and it appears current access is in line with documentation) - "access [internal] [POST] for path [/api/infra/metrics_explorer]", - "access [internal] [POST] for path [/api/infra/ip_to_host]", - "access [internal] [POST] for path [/api/infra/infra_ml/results/metrics_k8s_anomalies]", - "access [internal] [POST] for path [/api/infra/infra_ml/results/metrics_hosts_anomalies]", - "access [internal] [POST] for path [/api/infra/metrics_explorer_views]", - "access [internal] [DELETE] for path [/api/infra/metrics_explorer_views/{metricsExplorerViewId}]", - "access [internal] [GET] for path [/api/infra/metrics_explorer_views]", - "access [internal] [GET] for path [/api/infra/metrics_explorer_views/{metricsExplorerViewId}]", - "access [internal] [PUT] for path [/api/infra/metrics_explorer_views/{metricsExplorerViewId}]", - "access [internal] [POST] for path [/api/infra/metrics_api]", - "access [internal] [POST] for path [/api/infra/metadata]", - "access [internal] [POST] for path [/api/infra/inventory/meta]", - "access [internal] [POST] for path [/api/infra/inventory_views]", - "access [internal] [DELETE] for path [/api/infra/inventory_views/{inventoryViewId}]", - "access [internal] [GET] for path [/api/infra/inventory_views]", - "access [internal] [GET] for path [/api/infra/inventory_views/{inventoryViewId}]", - "access [internal] [PUT] for path [/api/infra/inventory_views/{inventoryViewId}]", - "access [internal] [GET] for path [/api/infra/services]", - "access [internal] [GET] for path [/api/infra/{assetType}/custom-dashboards]", - "access [internal] [POST] for path [/api/infra/{assetType}/custom-dashboards]", - "access [internal] [DELETE] for path [/api/infra/{assetType}/custom-dashboards/{id}]", - "access [internal] [PUT] for path [/api/infra/{assetType}/custom-dashboards/{id}]", - "access [internal] [GET] for path [/api/metrics/indices]", - "access [internal] [POST] for path [/api/metrics/snapshot]", - "access [internal] [POST] for path [/api/metrics/node_details]", - "access [internal] [GET] for path [/api/metrics/source/{sourceId}]", - "access [internal] [PATCH] for path [/api/metrics/source/{sourceId}]", - "access [internal] [GET] for path [/api/metrics/source/{sourceId}/hasData]", - "access [internal] [POST] for path [/api/metrics/process_list]", - "access [internal] [POST] for path [/api/metrics/process_list/chart]", - "access [internal] [POST] for path [/api/metrics/overview/top]", - "access [internal] [POST] for path [/api/metrics/infra]",@elastic/obs-ux-logs-team
- [x] confirm all - "access [internal] [POST] for path [/api/log_entries/highlights]", - "access [internal] [POST] for path [/api/log_entries/summary]", - "access [internal] [POST] for path [/api/log_entries/summary_highlights]", - "access [internal] [GET] for path [/api/infra/log_views/{logViewId}]", - "access [internal] [PUT] for path [/api/infra/log_views/{logViewId}]", - "access [internal] [POST] for path [/api/infra/log_analysis/results/log_entry_categories]", - "access [internal] [POST] for path [/api/infra/log_analysis/results/log_entry_category_datasets]", - "access [internal] [POST] for path [/api/infra/log_analysis/results/latest_log_entry_category_datasets_stats]", - "access [internal] [POST] for path [/api/infra/log_analysis/results/log_entry_category_examples]", - "access [internal] [POST] for path [/api/infra/log_analysis/results/log_entry_anomalies]", - "access [internal] [POST] for path [/api/infra/log_analysis/results/log_entry_anomalies_datasets]", - "access [internal] [POST] for path [/api/infra/log_analysis/id_formats]", - "access [internal] [POST] for path [/api/infra/log_analysis/validation/log_entry_datasets]", - "access [internal] [POST] for path [/api/infra/log_analysis/validation/log_entry_rate_indices]", - "access [internal] [POST] for path [/api/infra/log_analysis/results/log_entry_examples]", - "access [internal] [POST] for path [/api/infra/log_alerts/chart_preview_data]"@elastic/obs-ux-management-team
All of the routes for this team have been checked and referenced above in this description, and are tracked in [this meta issue](https://github.com/elastic/kibana/issues/192177).@elastic/stack-monitoring
- [x] https://github.com/elastic/kibana/pull/186882 - "access [internal] [POST] for path [/api/monitoring/v1/alert/{clusterUuid}/status]", - "access [internal] [POST] for path [/api/monitoring/v1/alerts/enable]", - "access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/apm/{apmUuid}]", - "access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/apm/instances]", - "access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/apm]", - "access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/beats/beat/{beatUuid}]", - "access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/beats/beats]", - "access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/beats]", - "access [internal] [GET] for path [/api/monitoring/v1/check_access]", - "access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}]", - "access [internal] [POST] for path [/api/monitoring/v1/clusters]", - "access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/elasticsearch/indices/{id}]", - "access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/elasticsearch/indices]", - "access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/elasticsearch/nodes/{nodeUuid}]", - "access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/elasticsearch/nodes]", - "access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/elasticsearch]", - "access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/elasticsearch/ml_jobs]", - "access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/elasticsearch/ccr]", - "access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/elasticsearch/ccr/{index}/shard/{shardId}]", - "access [internal] [GET] for path [/api/monitoring/v1/elasticsearch_settings/check/cluster]", - "access [internal] [POST] for path [/api/monitoring/v1/elasticsearch_settings/check/internal_monitoring]", - "access [internal] [GET] for path [/api/monitoring/v1/elasticsearch_settings/check/nodes]", - "access [internal] [PUT] for path [/api/monitoring/v1/elasticsearch_settings/set/collection_enabled]", - "access [internal] [PUT] for path [/api/monitoring/v1/elasticsearch_settings/set/collection_interval]", - "access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/enterprise_search]", - "access [internal] [GET] for path [/api/monitoring/v1/_health]", - "access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/logstash/pipeline_ids]", - "access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/logstash/pipelines]", - "access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/logstash/node/{logstashUuid}/pipelines]", - "access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/logstash/node/{logstashUuid}]", - "access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/logstash/nodes]", - "access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/logstash]", - "access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/logstash/pipeline/{pipelineId}/{pipelineHash?}]", - "access [internal] [POST] for path [/api/monitoring/v1/setup/collection/cluster/{clusterUuid?}]", - "access [internal] [POST] for path [/api/monitoring/v1/setup/collection/{clusterUuid}/disable_internal_collection]", - "access [internal] [POST] for path [/api/monitoring/v1/setup/collection/node/{nodeUuid}]", - "access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/kibana/{kibanaUuid}]", - "access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/kibana/instances]", - "access [internal] [POST] for path [/api/monitoring/v1/clusters/{clusterUuid}/kibana]", - "access [internal] [GET] for path [/api/monitoring_collection/{type}]",@elastic/logstash
- [ ] confirm all (https://github.com/elastic/kibana/pull/192579) - "access [internal] [GET] for path [/api/logstash/cluster]", _to confirm_ - "access [internal] [GET] for path [/api/logstash/pipelines]", _confirmed_ - "access [internal] [POST] for path [/api/logstash/pipelines/delete]", _confirmed_@elastic/security-solution
- [x] #191799 - "access [internal] [POST] for path [/api/risk_scores/calculation]", - "access [internal] [POST] for path [/api/risk_scores/calculation/entity]",@elastic/security-threat-hunting-investigations
- [x] confirm all - (@jloleysens - I did sanity check and it appears current access is in line with documentation) - "access [internal] [POST] for path [/api/endpoint/resolver/tree]", - "access [internal] [POST] for path [/api/endpoint/resolver/events]", - "access [internal] [GET] for path [/api/endpoint/resolver/entity]", - "access [internal] [POST] for path [/api/timeline/_copy]",