Skip to content

Commit

Permalink
Revert "[Fleet] use @kbn/config-schema in Fleet API (Part 1) (elastic…
Browse files Browse the repository at this point in the history 
…#192447)" (elastic#192840)

This reverts commit 1116ac6.

Related to elastic#184685

There were a few issues reported by the security team (like
elastic#192832)
It seems we have gaps in the test coverage, and adding the response
schemas to the code is impacting the API as it adds validation on the
response objects.
I'll reopen the pr with adding more test coverage to prevent other
errors.
  • Loading branch information
@juliaElastic @markov00
juliaElastic authored and markov00 committed Sep 18, 2024
1 parent af34886 commit 2d74ed5
Show file tree
Hide file tree
Showing 10 changed files with 95 additions and 849 deletions.
278 changes: 9 additions & 269 deletions x-pack/plugins/fleet/server/routes/package_policy/index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { schema } from '@kbn/config-schema';

import { getRouteRequiredAuthz } from '../../services/security';

Expand All @@ -23,15 +22,9 @@ import {
DryRunPackagePoliciesRequestSchema,
DeleteOnePackagePolicyRequestSchema,
BulkGetPackagePoliciesRequestSchema,
PackagePolicyPackageSchema,
PackagePolicyResponseSchema,
PackagePolicyStatusResponseSchema,
DryRunPackagePolicySchema,
} from '../../types';
import { calculateRouteAuthz } from '../../services/security/security';

import { genericErrorResponse, notFoundResponse } from '../schema/errors';

import {
getPackagePoliciesHandler,
getOnePackagePolicyHandler,
Expand All @@ -55,31 +48,11 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
fleetAuthz,
getRouteRequiredAuthz('get', PACKAGE_POLICY_API_ROUTES.LIST_PATTERN)
).granted,
description: 'List package policies',
options: {
tags: ['oas-tag:Fleet package policies'],
},
})
.addVersion(
{
version: API_VERSIONS.public.v1,
validate: {
request: GetPackagePoliciesRequestSchema,
response: {
200: {
body: () =>
schema.object({
items: schema.arrayOf(PackagePolicyResponseSchema),
total: schema.number(),
page: schema.number(),
perPage: schema.number(),
}),
},
400: {
body: genericErrorResponse,
},
},
},
validate: { request: GetPackagePoliciesRequestSchema },
},
getPackagePoliciesHandler
);
Expand All @@ -93,31 +66,11 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
fleetAuthz,
getRouteRequiredAuthz('post', PACKAGE_POLICY_API_ROUTES.BULK_GET_PATTERN)
).granted,
description: 'Bulk get package policies',
options: {
tags: ['oas-tag:Fleet package policies'],
},
})
.addVersion(
{
version: API_VERSIONS.public.v1,
validate: {
request: BulkGetPackagePoliciesRequestSchema,
response: {
200: {
body: () =>
schema.object({
items: schema.arrayOf(PackagePolicyResponseSchema),
}),
},
400: {
body: genericErrorResponse,
},
404: {
body: notFoundResponse,
},
},
},
validate: { request: BulkGetPackagePoliciesRequestSchema },
},
bulkGetPackagePoliciesHandler
);
Expand All @@ -131,31 +84,11 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
fleetAuthz,
getRouteRequiredAuthz('get', PACKAGE_POLICY_API_ROUTES.INFO_PATTERN)
).granted,
description: 'Get package policy by ID',
options: {
tags: ['oas-tag:Fleet package policies'],
},
})
.addVersion(
{
version: API_VERSIONS.public.v1,
validate: {
request: GetOnePackagePolicyRequestSchema,
response: {
200: {
body: () =>
schema.object({
item: PackagePolicyResponseSchema,
}),
},
400: {
body: genericErrorResponse,
},
404: {
body: notFoundResponse,
},
},
},
validate: { request: GetOnePackagePolicyRequestSchema },
},
getOnePackagePolicyHandler
);
Expand All @@ -176,35 +109,14 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
);

// Create
// Authz check moved to service here: https://github.com/elastic/kibana/pull/140458
router.versioned
.post({
path: PACKAGE_POLICY_API_ROUTES.CREATE_PATTERN,
description: 'Create package policy',
options: {
tags: ['oas-tag:Fleet package policies'],
},
})
.addVersion(
{
version: API_VERSIONS.public.v1,
validate: {
request: CreatePackagePolicyRequestSchema,
response: {
200: {
body: () =>
schema.object({
item: PackagePolicyResponseSchema,
}),
},
400: {
body: genericErrorResponse,
},
409: {
body: genericErrorResponse,
},
},
},
validate: { request: CreatePackagePolicyRequestSchema },
},
createPackagePolicyHandler
);
Expand All @@ -218,32 +130,11 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
fleetAuthz,
getRouteRequiredAuthz('put', PACKAGE_POLICY_API_ROUTES.UPDATE_PATTERN)
).granted,
description: 'Update package policy by ID',
options: {
tags: ['oas-tag:Fleet package policies'],
},
})
.addVersion(
{
version: API_VERSIONS.public.v1,
validate: {
request: UpdatePackagePolicyRequestSchema,
response: {
200: {
body: () =>
schema.object({
item: PackagePolicyResponseSchema,
success: schema.boolean(),
}),
},
400: {
body: genericErrorResponse,
},
403: {
body: genericErrorResponse,
},
},
},
validate: { request: UpdatePackagePolicyRequestSchema },
},

updatePackagePolicyHandler
Expand All @@ -256,42 +147,11 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
fleetAuthz: {
integrations: { writeIntegrationPolicies: true },
},
description: 'Bulk delete package policies',
options: {
tags: ['oas-tag:Fleet package policies'],
},
})
.addVersion(
{
version: API_VERSIONS.public.v1,
validate: {
request: DeletePackagePoliciesRequestSchema,
response: {
200: {
body: () =>
schema.arrayOf(
PackagePolicyStatusResponseSchema.extends({
policy_id: schema.nullable(
schema.maybe(
schema.string({
meta: {
description: 'Use `policy_ids` instead',
deprecated: true,
},
})
)
),
policy_ids: schema.arrayOf(schema.string()),
output_id: schema.nullable(schema.maybe(schema.string())),
package: PackagePolicyPackageSchema,
})
),
},
400: {
body: genericErrorResponse,
},
},
},
validate: { request: DeletePackagePoliciesRequestSchema },
},
deletePackagePolicyHandler
);
Expand All @@ -302,28 +162,11 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
fleetAuthz: {
integrations: { writeIntegrationPolicies: true },
},
description: 'Delete package policy by ID',
options: {
tags: ['oas-tag:Fleet package policies'],
},
})
.addVersion(
{
version: API_VERSIONS.public.v1,
validate: {
request: DeleteOnePackagePolicyRequestSchema,
response: {
200: {
body: () =>
schema.object({
id: schema.string(),
}),
},
400: {
body: genericErrorResponse,
},
},
},
validate: { request: DeleteOnePackagePolicyRequestSchema },
},
deleteOnePackagePolicyHandler
);
Expand All @@ -335,25 +178,11 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
fleetAuthz: {
integrations: { writeIntegrationPolicies: true },
},
description: 'Upgrade package policy to a newer package version',
options: {
tags: ['oas-tag:Fleet package policies'],
},
})
.addVersion(
{
version: API_VERSIONS.public.v1,
validate: {
request: UpgradePackagePoliciesRequestSchema,
response: {
200: {
body: () => PackagePolicyStatusResponseSchema,
},
400: {
body: genericErrorResponse,
},
},
},
validate: { request: UpgradePackagePoliciesRequestSchema },
},
upgradePackagePolicyHandler
);
Expand All @@ -365,100 +194,11 @@ export const registerRoutes = (router: FleetAuthzRouter) => {
fleetAuthz: {
integrations: { readIntegrationPolicies: true },
},
description: 'Dry run package policy upgrade',
options: {
tags: ['oas-tag:Fleet package policies'],
},
})
.addVersion(
{
version: API_VERSIONS.public.v1,
validate: {
request: DryRunPackagePoliciesRequestSchema,
response: {
200: {
body: () =>
schema.arrayOf(
schema.object({
name: schema.maybe(schema.string()),
statusCode: schema.maybe(schema.number()),
body: schema.maybe(schema.object({ message: schema.string() })),
hasErrors: schema.boolean(),
diff: schema.maybe(
schema.arrayOf(
schema.oneOf([PackagePolicyResponseSchema, DryRunPackagePolicySchema])
)
),
agent_diff: schema.maybe(
schema.arrayOf(
schema.arrayOf(
schema
.object({
id: schema.string(),
name: schema.string(),
revision: schema.number(),
type: schema.string(),
data_stream: schema.object({
namespace: schema.string(),
}),
use_output: schema.string(),
package_policy_id: schema.string(),
meta: schema.maybe(
schema.object({
package: schema
.object({
name: schema.string(),
version: schema.string(),
})
.extendsDeep({
// equivalent of allowing extra keys like `[key: string]: any;`
unknowns: 'allow',
}),
})
),
streams: schema.maybe(
schema.arrayOf(
schema
.object({
id: schema.string(),
data_stream: schema.object({
dataset: schema.string(),
type: schema.string(),
}),
})
.extendsDeep({
unknowns: 'allow',
})
)
),
processors: schema.maybe(
schema.arrayOf(
schema.object({
add_fields: schema.object({
target: schema.string(),
fields: schema.recordOf(
schema.string(),
schema.oneOf([schema.string(), schema.number()])
),
}),
})
)
),
})
.extendsDeep({
unknowns: 'allow',
})
)
)
),
})
),
},
400: {
body: genericErrorResponse,
},
},
},
validate: { request: DryRunPackagePoliciesRequestSchema },
},
dryRunUpgradePackagePolicyHandler
);
Expand Down
Loading

0 comments on commit 2d74ed5

Please sign in to comment.