diff --git a/x-pack/plugins/ingest_manager/server/plugin.ts b/x-pack/plugins/ingest_manager/server/plugin.ts index bd1efce8fe118c..c162ea5fadabe8 100644 --- a/x-pack/plugins/ingest_manager/server/plugin.ts +++ b/x-pack/plugins/ingest_manager/server/plugin.ts @@ -53,6 +53,16 @@ export interface IngestManagerAppContext { savedObjects: SavedObjectsServiceStart; } +const allSavedObjectTypes = [ + OUTPUT_SAVED_OBJECT_TYPE, + AGENT_CONFIG_SAVED_OBJECT_TYPE, + DATASOURCE_SAVED_OBJECT_TYPE, + PACKAGES_SAVED_OBJECT_TYPE, + AGENT_SAVED_OBJECT_TYPE, + AGENT_EVENT_SAVED_OBJECT_TYPE, + ENROLLMENT_API_KEYS_SAVED_OBJECT_TYPE, +]; + export class IngestManagerPlugin implements Plugin { private config$: Observable; private security: SecurityPluginSetup | undefined; @@ -77,34 +87,18 @@ export class IngestManagerPlugin implements Plugin { app: [PLUGIN_ID, 'kibana'], privileges: { all: { - api: [PLUGIN_ID], + api: [`${PLUGIN_ID}-read`, `${PLUGIN_ID}-all`], savedObject: { - all: [ - OUTPUT_SAVED_OBJECT_TYPE, - AGENT_CONFIG_SAVED_OBJECT_TYPE, - DATASOURCE_SAVED_OBJECT_TYPE, - PACKAGES_SAVED_OBJECT_TYPE, - AGENT_SAVED_OBJECT_TYPE, - AGENT_EVENT_SAVED_OBJECT_TYPE, - ENROLLMENT_API_KEYS_SAVED_OBJECT_TYPE, - ], + all: allSavedObjectTypes, read: [], }, ui: ['show', 'read', 'write'], }, read: { - api: [PLUGIN_ID], + api: [`${PLUGIN_ID}-read`], savedObject: { all: [], - read: [ - OUTPUT_SAVED_OBJECT_TYPE, - AGENT_CONFIG_SAVED_OBJECT_TYPE, - DATASOURCE_SAVED_OBJECT_TYPE, - PACKAGES_SAVED_OBJECT_TYPE, - AGENT_SAVED_OBJECT_TYPE, - AGENT_EVENT_SAVED_OBJECT_TYPE, - ENROLLMENT_API_KEYS_SAVED_OBJECT_TYPE, - ], + read: allSavedObjectTypes, }, ui: ['show', 'read'], }, diff --git a/x-pack/plugins/ingest_manager/server/routes/agent/index.ts b/x-pack/plugins/ingest_manager/server/routes/agent/index.ts index a23a9fa62adbe6..8a65fa9c50e8b3 100644 --- a/x-pack/plugins/ingest_manager/server/routes/agent/index.ts +++ b/x-pack/plugins/ingest_manager/server/routes/agent/index.ts @@ -42,7 +42,7 @@ export const registerRoutes = (router: IRouter) => { { path: AGENT_API_ROUTES.INFO_PATTERN, validate: GetOneAgentRequestSchema, - options: { tags: [`access:${PLUGIN_ID}`] }, + options: { tags: [`access:${PLUGIN_ID}-read`] }, }, getAgentHandler ); @@ -51,7 +51,7 @@ export const registerRoutes = (router: IRouter) => { { path: AGENT_API_ROUTES.UPDATE_PATTERN, validate: UpdateAgentRequestSchema, - options: { tags: [`access:${PLUGIN_ID}`] }, + options: { tags: [`access:${PLUGIN_ID}-all`] }, }, updateAgentHandler ); @@ -60,7 +60,7 @@ export const registerRoutes = (router: IRouter) => { { path: AGENT_API_ROUTES.DELETE_PATTERN, validate: DeleteAgentRequestSchema, - options: { tags: [`access:${PLUGIN_ID}`] }, + options: { tags: [`access:${PLUGIN_ID}-all`] }, }, deleteAgentHandler ); @@ -69,7 +69,7 @@ export const registerRoutes = (router: IRouter) => { { path: AGENT_API_ROUTES.LIST_PATTERN, validate: GetAgentsRequestSchema, - options: { tags: [`access:${PLUGIN_ID}`] }, + options: { tags: [`access:${PLUGIN_ID}-read`] }, }, getAgentsHandler ); @@ -108,7 +108,7 @@ export const registerRoutes = (router: IRouter) => { { path: AGENT_API_ROUTES.UNENROLL_PATTERN, validate: PostAgentUnenrollRequestSchema, - options: { tags: [`access:${PLUGIN_ID}`] }, + options: { tags: [`access:${PLUGIN_ID}-all`] }, }, postAgentsUnenrollHandler ); @@ -118,7 +118,7 @@ export const registerRoutes = (router: IRouter) => { { path: AGENT_API_ROUTES.EVENTS_PATTERN, validate: GetOneAgentEventsRequestSchema, - options: { tags: [`access:${PLUGIN_ID}`] }, + options: { tags: [`access:${PLUGIN_ID}-read`] }, }, getAgentEventsHandler ); @@ -128,7 +128,7 @@ export const registerRoutes = (router: IRouter) => { { path: AGENT_API_ROUTES.STATUS_PATTERN, validate: GetAgentStatusRequestSchema, - options: { tags: [`access:${PLUGIN_ID}`] }, + options: { tags: [`access:${PLUGIN_ID}-read`] }, }, getAgentStatusForConfigHandler ); diff --git a/x-pack/plugins/ingest_manager/server/routes/agent_config/index.ts b/x-pack/plugins/ingest_manager/server/routes/agent_config/index.ts index 9481adbbac1953..c3b3c00a9574cd 100644 --- a/x-pack/plugins/ingest_manager/server/routes/agent_config/index.ts +++ b/x-pack/plugins/ingest_manager/server/routes/agent_config/index.ts @@ -28,7 +28,7 @@ export const registerRoutes = (router: IRouter) => { { path: AGENT_CONFIG_API_ROUTES.LIST_PATTERN, validate: GetAgentConfigsRequestSchema, - options: { tags: [`access:${PLUGIN_ID}`] }, + options: { tags: [`access:${PLUGIN_ID}-read`] }, }, getAgentConfigsHandler ); @@ -38,7 +38,7 @@ export const registerRoutes = (router: IRouter) => { { path: AGENT_CONFIG_API_ROUTES.INFO_PATTERN, validate: GetOneAgentConfigRequestSchema, - options: { tags: [`access:${PLUGIN_ID}`] }, + options: { tags: [`access:${PLUGIN_ID}-read`] }, }, getOneAgentConfigHandler ); @@ -48,7 +48,7 @@ export const registerRoutes = (router: IRouter) => { { path: AGENT_CONFIG_API_ROUTES.CREATE_PATTERN, validate: CreateAgentConfigRequestSchema, - options: { tags: [`access:${PLUGIN_ID}`] }, + options: { tags: [`access:${PLUGIN_ID}-all`] }, }, createAgentConfigHandler ); @@ -58,7 +58,7 @@ export const registerRoutes = (router: IRouter) => { { path: AGENT_CONFIG_API_ROUTES.UPDATE_PATTERN, validate: UpdateAgentConfigRequestSchema, - options: { tags: [`access:${PLUGIN_ID}`] }, + options: { tags: [`access:${PLUGIN_ID}-all`] }, }, updateAgentConfigHandler ); @@ -68,7 +68,7 @@ export const registerRoutes = (router: IRouter) => { { path: AGENT_CONFIG_API_ROUTES.DELETE_PATTERN, validate: DeleteAgentConfigsRequestSchema, - options: { tags: [`access:${PLUGIN_ID}`] }, + options: { tags: [`access:${PLUGIN_ID}-all`] }, }, deleteAgentConfigsHandler ); @@ -78,7 +78,7 @@ export const registerRoutes = (router: IRouter) => { { path: AGENT_CONFIG_API_ROUTES.FULL_INFO_PATTERN, validate: GetFullAgentConfigRequestSchema, - options: { tags: [`access:${PLUGIN_ID}`] }, + options: { tags: [`access:${PLUGIN_ID}-read`] }, }, getFullAgentConfig ); diff --git a/x-pack/plugins/ingest_manager/server/routes/datasource/index.ts b/x-pack/plugins/ingest_manager/server/routes/datasource/index.ts index 70ab0027a6907d..412eb17c6d45a3 100644 --- a/x-pack/plugins/ingest_manager/server/routes/datasource/index.ts +++ b/x-pack/plugins/ingest_manager/server/routes/datasource/index.ts @@ -24,7 +24,7 @@ export const registerRoutes = (router: IRouter) => { { path: DATASOURCE_API_ROUTES.LIST_PATTERN, validate: GetDatasourcesRequestSchema, - options: { tags: [`access:${PLUGIN_ID}`] }, + options: { tags: [`access:${PLUGIN_ID}-read`] }, }, getDatasourcesHandler ); @@ -34,7 +34,7 @@ export const registerRoutes = (router: IRouter) => { { path: DATASOURCE_API_ROUTES.INFO_PATTERN, validate: GetOneDatasourceRequestSchema, - options: { tags: [`access:${PLUGIN_ID}`] }, + options: { tags: [`access:${PLUGIN_ID}-read`] }, }, getOneDatasourceHandler ); @@ -44,7 +44,7 @@ export const registerRoutes = (router: IRouter) => { { path: DATASOURCE_API_ROUTES.CREATE_PATTERN, validate: CreateDatasourceRequestSchema, - options: { tags: [`access:${PLUGIN_ID}`] }, + options: { tags: [`access:${PLUGIN_ID}-all`] }, }, createDatasourceHandler ); @@ -54,7 +54,7 @@ export const registerRoutes = (router: IRouter) => { { path: DATASOURCE_API_ROUTES.UPDATE_PATTERN, validate: UpdateDatasourceRequestSchema, - options: { tags: [`access:${PLUGIN_ID}`] }, + options: { tags: [`access:${PLUGIN_ID}-all`] }, }, updateDatasourceHandler ); diff --git a/x-pack/plugins/ingest_manager/server/routes/enrollment_api_key/index.ts b/x-pack/plugins/ingest_manager/server/routes/enrollment_api_key/index.ts index 8d04333b4a5425..6df5299d30bd44 100644 --- a/x-pack/plugins/ingest_manager/server/routes/enrollment_api_key/index.ts +++ b/x-pack/plugins/ingest_manager/server/routes/enrollment_api_key/index.ts @@ -23,7 +23,7 @@ export const registerRoutes = (router: IRouter) => { { path: ENROLLMENT_API_KEY_ROUTES.INFO_PATTERN, validate: GetOneEnrollmentAPIKeyRequestSchema, - options: { tags: [`access:${PLUGIN_ID}`] }, + options: { tags: [`access:${PLUGIN_ID}-read`] }, }, getOneEnrollmentApiKeyHandler ); @@ -32,7 +32,7 @@ export const registerRoutes = (router: IRouter) => { { path: ENROLLMENT_API_KEY_ROUTES.DELETE_PATTERN, validate: DeleteEnrollmentAPIKeyRequestSchema, - options: { tags: [`access:${PLUGIN_ID}`] }, + options: { tags: [`access:${PLUGIN_ID}-all`] }, }, deleteEnrollmentApiKeyHandler ); @@ -41,7 +41,7 @@ export const registerRoutes = (router: IRouter) => { { path: ENROLLMENT_API_KEY_ROUTES.LIST_PATTERN, validate: GetEnrollmentAPIKeysRequestSchema, - options: { tags: [`access:${PLUGIN_ID}`] }, + options: { tags: [`access:${PLUGIN_ID}-read`] }, }, getEnrollmentApiKeysHandler ); @@ -50,7 +50,7 @@ export const registerRoutes = (router: IRouter) => { { path: ENROLLMENT_API_KEY_ROUTES.CREATE_PATTERN, validate: PostEnrollmentAPIKeyRequestSchema, - options: { tags: [`access:${PLUGIN_ID}`] }, + options: { tags: [`access:${PLUGIN_ID}-all`] }, }, postEnrollmentApiKeyHandler ); diff --git a/x-pack/plugins/ingest_manager/server/routes/epm/index.ts b/x-pack/plugins/ingest_manager/server/routes/epm/index.ts index 49d9242e67f722..cb9ec5cc532c49 100644 --- a/x-pack/plugins/ingest_manager/server/routes/epm/index.ts +++ b/x-pack/plugins/ingest_manager/server/routes/epm/index.ts @@ -26,7 +26,7 @@ export const registerRoutes = (router: IRouter) => { { path: EPM_API_ROUTES.CATEGORIES_PATTERN, validate: false, - options: { tags: [`access:${PLUGIN_ID}`] }, + options: { tags: [`access:${PLUGIN_ID}-read`] }, }, getCategoriesHandler ); @@ -35,7 +35,7 @@ export const registerRoutes = (router: IRouter) => { { path: EPM_API_ROUTES.LIST_PATTERN, validate: GetPackagesRequestSchema, - options: { tags: [`access:${PLUGIN_ID}`] }, + options: { tags: [`access:${PLUGIN_ID}-read`] }, }, getListHandler ); @@ -44,7 +44,7 @@ export const registerRoutes = (router: IRouter) => { { path: EPM_API_ROUTES.FILEPATH_PATTERN, validate: GetFileRequestSchema, - options: { tags: [`access:${PLUGIN_ID}`] }, + options: { tags: [`access:${PLUGIN_ID}-read`] }, }, getFileHandler ); @@ -53,7 +53,7 @@ export const registerRoutes = (router: IRouter) => { { path: EPM_API_ROUTES.INFO_PATTERN, validate: GetInfoRequestSchema, - options: { tags: [`access:${PLUGIN_ID}`] }, + options: { tags: [`access:${PLUGIN_ID}-read`] }, }, getInfoHandler ); @@ -62,7 +62,7 @@ export const registerRoutes = (router: IRouter) => { { path: EPM_API_ROUTES.INSTALL_PATTERN, validate: InstallPackageRequestSchema, - options: { tags: [`access:${PLUGIN_ID}`] }, + options: { tags: [`access:${PLUGIN_ID}-all`] }, }, installPackageHandler ); @@ -71,7 +71,7 @@ export const registerRoutes = (router: IRouter) => { { path: EPM_API_ROUTES.DELETE_PATTERN, validate: DeletePackageRequestSchema, - options: { tags: [`access:${PLUGIN_ID}`] }, + options: { tags: [`access:${PLUGIN_ID}-all`] }, }, deletePackageHandler ); diff --git a/x-pack/plugins/ingest_manager/server/routes/setup/index.ts b/x-pack/plugins/ingest_manager/server/routes/setup/index.ts index a335265c011607..7e09d8dbef1f65 100644 --- a/x-pack/plugins/ingest_manager/server/routes/setup/index.ts +++ b/x-pack/plugins/ingest_manager/server/routes/setup/index.ts @@ -18,7 +18,9 @@ export const registerRoutes = (router: IRouter) => { { path: SETUP_API_ROUTE, validate: false, - options: { tags: [`access:${PLUGIN_ID}`] }, + // if this route is set to `-all`, a read-only user get a 404 for this route + // and will see `Unable to initialize Ingest Manager` in the UI + options: { tags: [`access:${PLUGIN_ID}-read`] }, }, ingestManagerSetupHandler ); @@ -27,7 +29,7 @@ export const registerRoutes = (router: IRouter) => { { path: FLEET_SETUP_API_ROUTES.INFO_PATTERN, validate: GetFleetSetupRequestSchema, - options: { tags: [`access:${PLUGIN_ID}`] }, + options: { tags: [`access:${PLUGIN_ID}-read`] }, }, getFleetSetupHandler ); @@ -37,7 +39,7 @@ export const registerRoutes = (router: IRouter) => { { path: FLEET_SETUP_API_ROUTES.CREATE_PATTERN, validate: CreateFleetSetupRequestSchema, - options: { tags: [`access:${PLUGIN_ID}`] }, + options: { tags: [`access:${PLUGIN_ID}-all`] }, }, createFleetSetupHandler );