diff --git a/examples/files_example/common/index.ts b/examples/files_example/common/index.ts
index fe0c07ef2c76c..0460775caa616 100644
--- a/examples/files_example/common/index.ts
+++ b/examples/files_example/common/index.ts
@@ -14,7 +14,7 @@ export const PLUGIN_ID = 'filesExample';
export const PLUGIN_NAME = 'Files example';
const httpTags = {
- tags: [`access:${PLUGIN_ID}`],
+ requiredPrivileges: [PLUGIN_ID],
};
export const exampleFileKind: FileKind = {
diff --git a/packages/content-management/content_insights/README.mdx b/packages/content-management/content_insights/README.mdx
index a2a3894775a29..37122080e72ac 100644
--- a/packages/content-management/content_insights/README.mdx
+++ b/packages/content-management/content_insights/README.mdx
@@ -40,7 +40,7 @@ if (plugins.usageCollection) {
{
domainId: 'dashboard',
// makes sure that only users with read/all access to dashboard app can access the routes
- routeTags: ['access:dashboardUsageStats'],
+ routePrivileges: ['dashboardUsageStats'],
}
);
}
diff --git a/src/platform/packages/shared/content-management/content_insights/content_insights_server/src/register.ts b/src/platform/packages/shared/content-management/content_insights/content_insights_server/src/register.ts
index b93735dd1bdf4..b6a58a06959b0 100644
--- a/src/platform/packages/shared/content-management/content_insights/content_insights_server/src/register.ts
+++ b/src/platform/packages/shared/content-management/content_insights/content_insights_server/src/register.ts
@@ -26,9 +26,9 @@ export interface ContentInsightsConfig {
domainId: string;
/**
- * Can control created routes access via access tags
+ * Can control created routes access via security access control
*/
- routeTags?: string[];
+ routePrivileges?: string[];
/**
* Retention period in days for usage counter data
@@ -89,9 +89,15 @@ export const registerContentInsights = (
{
path: `/internal/content_management/insights/${config.domainId}/{id}/{eventType}`,
validate,
- options: {
- tags: config.routeTags,
- },
+ ...(config.routePrivileges
+ ? {
+ security: {
+ authz: {
+ requiredPrivileges: config.routePrivileges,
+ },
+ },
+ }
+ : {}),
},
async (context, req, res) => {
const { id, eventType } = req.params;
@@ -108,9 +114,15 @@ export const registerContentInsights = (
{
path: `/internal/content_management/insights/${config.domainId}/{id}/{eventType}/stats`,
validate,
- options: {
- tags: config.routeTags,
- },
+ ...(config.routePrivileges
+ ? {
+ security: {
+ authz: {
+ requiredPrivileges: config.routePrivileges,
+ },
+ },
+ }
+ : {}),
},
async (context, req, res) => {
const { id, eventType } = req.params;
diff --git a/src/platform/plugins/shared/dashboard/server/plugin.ts b/src/platform/plugins/shared/dashboard/server/plugin.ts
index 6ca274635f6d4..a102fb39eaf34 100644
--- a/src/platform/plugins/shared/dashboard/server/plugin.ts
+++ b/src/platform/plugins/shared/dashboard/server/plugin.ts
@@ -103,7 +103,7 @@ export class DashboardPlugin
{
domainId: 'dashboard',
// makes sure that only users with read/all access to dashboard app can access the routes
- routeTags: ['access:dashboardUsageStats'],
+ routePrivileges: ['dashboardUsageStats'],
}
);
}
diff --git a/src/platform/plugins/shared/files/common/default_image_file_kind.ts b/src/platform/plugins/shared/files/common/default_image_file_kind.ts
index c5cdfd2d979bf..21216a474e7aa 100644
--- a/src/platform/plugins/shared/files/common/default_image_file_kind.ts
+++ b/src/platform/plugins/shared/files/common/default_image_file_kind.ts
@@ -12,6 +12,7 @@ import { FileKindBase } from '@kbn/shared-ux-file-types';
export const id = 'defaultImage' as const;
export const tag = 'files:defaultImage' as const;
export const tags = [`access:${tag}`];
+export const requiredPrivileges = [tag];
export const maxSize = 1024 * 1024 * 10;
export const kind: FileKindBase = {
diff --git a/src/platform/plugins/shared/files/common/types.ts b/src/platform/plugins/shared/files/common/types.ts
index 06c97c1753b3e..71311e3629850 100644
--- a/src/platform/plugins/shared/files/common/types.ts
+++ b/src/platform/plugins/shared/files/common/types.ts
@@ -111,10 +111,10 @@ interface HttpEndpointDefinition {
*
* @example
* // This will enable access control to this endpoint for users that can access "myApp" only.
- * { tags: ['access:myApp'] }
+ * { requiredPrivileges: ['myApp'] }
*
*/
- tags: string[];
+ requiredPrivileges: string[];
}
/**
diff --git a/src/platform/plugins/shared/files/docs/tutorial.mdx b/src/platform/plugins/shared/files/docs/tutorial.mdx
index 66857db2473cb..80b29154da67a 100644
--- a/src/platform/plugins/shared/files/docs/tutorial.mdx
+++ b/src/platform/plugins/shared/files/docs/tutorial.mdx
@@ -74,7 +74,7 @@ import { FileKind } from '@kbn/files-plugin/common';
export const PLUGIN_ID = 'filesExample';
const httpTags = {
- tags: [`access:${PLUGIN_ID}`], // ensure that only users with access to this plugin can files of this kind
+ requiredPrivileges: [PLUGIN_ID], // ensure that only users with the specified privilege can perform operations on files of this kind
};
export const exampleFileKind: FileKind = {
diff --git a/src/platform/plugins/shared/files/server/plugin.ts b/src/platform/plugins/shared/files/server/plugin.ts
index 2b53a10bf0972..98011a4515cdd 100755
--- a/src/platform/plugins/shared/files/server/plugin.ts
+++ b/src/platform/plugins/shared/files/server/plugin.ts
@@ -140,13 +140,13 @@ export class FilesPlugin
...DefaultImageKind.kind,
maxSizeBytes: DefaultImageKind.maxSize,
http: {
- create: { tags: DefaultImageKind.tags },
- delete: { tags: DefaultImageKind.tags },
- download: { tags: DefaultImageKind.tags },
- getById: { tags: DefaultImageKind.tags },
- list: { tags: DefaultImageKind.tags },
- share: { tags: DefaultImageKind.tags },
- update: { tags: DefaultImageKind.tags },
+ create: { requiredPrivileges: DefaultImageKind.requiredPrivileges },
+ delete: { requiredPrivileges: DefaultImageKind.requiredPrivileges },
+ download: { requiredPrivileges: DefaultImageKind.requiredPrivileges },
+ getById: { requiredPrivileges: DefaultImageKind.requiredPrivileges },
+ list: { requiredPrivileges: DefaultImageKind.requiredPrivileges },
+ share: { requiredPrivileges: DefaultImageKind.requiredPrivileges },
+ update: { requiredPrivileges: DefaultImageKind.requiredPrivileges },
},
hashes: ['sha256'],
});
diff --git a/src/platform/plugins/shared/files/server/routes/bulk_delete.ts b/src/platform/plugins/shared/files/server/routes/bulk_delete.ts
index 76f87ba7add3f..c51577667430a 100644
--- a/src/platform/plugins/shared/files/server/routes/bulk_delete.ts
+++ b/src/platform/plugins/shared/files/server/routes/bulk_delete.ts
@@ -68,8 +68,10 @@ export function register(router: FilesRouter) {
{
path: FILES_API_ROUTES.bulkDelete,
validate: { ...rt },
- options: {
- tags: [`access:${FILES_MANAGE_PRIVILEGE}`],
+ security: {
+ authz: {
+ requiredPrivileges: [FILES_MANAGE_PRIVILEGE],
+ },
},
},
handler
diff --git a/src/platform/plugins/shared/files/server/routes/file_kind/create.ts b/src/platform/plugins/shared/files/server/routes/file_kind/create.ts
index fa042a2be301f..14a7551b0149c 100644
--- a/src/platform/plugins/shared/files/server/routes/file_kind/create.ts
+++ b/src/platform/plugins/shared/files/server/routes/file_kind/create.ts
@@ -60,8 +60,10 @@ export function register(fileKindRouter: FileKindRouter, fileKind: FileKind) {
validate: {
...rt,
},
- options: {
- tags: fileKind.http.create.tags,
+ security: {
+ authz: {
+ requiredPrivileges: fileKind.http.create.requiredPrivileges,
+ },
},
},
handler
diff --git a/src/platform/plugins/shared/files/server/routes/file_kind/delete.ts b/src/platform/plugins/shared/files/server/routes/file_kind/delete.ts
index e50957f42ebe2..aca90eded5029 100644
--- a/src/platform/plugins/shared/files/server/routes/file_kind/delete.ts
+++ b/src/platform/plugins/shared/files/server/routes/file_kind/delete.ts
@@ -56,8 +56,10 @@ export function register(fileKindRouter: FileKindRouter, fileKind: FileKind) {
{
path: FILES_API_ROUTES.fileKind.getDeleteRoute(fileKind.id),
validate: { ...rt },
- options: {
- tags: fileKind.http.delete.tags,
+ security: {
+ authz: {
+ requiredPrivileges: fileKind.http.delete.requiredPrivileges,
+ },
},
},
handler
diff --git a/src/platform/plugins/shared/files/server/routes/file_kind/download.ts b/src/platform/plugins/shared/files/server/routes/file_kind/download.ts
index 337bc14c146b6..f10808a20834d 100644
--- a/src/platform/plugins/shared/files/server/routes/file_kind/download.ts
+++ b/src/platform/plugins/shared/files/server/routes/file_kind/download.ts
@@ -59,9 +59,13 @@ export function register(fileKindRouter: FileKindRouter, fileKind: FileKind) {
{
path: FILES_API_ROUTES.fileKind.getDownloadRoute(fileKind.id),
validate: { ...rt },
+ security: {
+ authz: {
+ requiredPrivileges: fileKind.http.download.requiredPrivileges,
+ },
+ },
options: {
- tags: fileKind.http.download.tags,
- access: 'public', // the endpoint is used by ![]()
and should work without any special headers
+ access: 'public', // The endpoint is used by ![]()
and should work without any special headers,
},
},
handler
diff --git a/src/platform/plugins/shared/files/server/routes/file_kind/get_by_id.ts b/src/platform/plugins/shared/files/server/routes/file_kind/get_by_id.ts
index db1499e029041..7cca3506057ff 100644
--- a/src/platform/plugins/shared/files/server/routes/file_kind/get_by_id.ts
+++ b/src/platform/plugins/shared/files/server/routes/file_kind/get_by_id.ts
@@ -47,8 +47,10 @@ export function register(fileKindRouter: FileKindRouter, fileKind: FileKind) {
{
path: FILES_API_ROUTES.fileKind.getByIdRoute(fileKind.id),
validate: { ...rt },
- options: {
- tags: fileKind.http.getById.tags,
+ security: {
+ authz: {
+ requiredPrivileges: fileKind.http.getById.requiredPrivileges,
+ },
},
},
handler
diff --git a/src/platform/plugins/shared/files/server/routes/file_kind/list.ts b/src/platform/plugins/shared/files/server/routes/file_kind/list.ts
index a7670a9c731a9..3bad15928dc96 100644
--- a/src/platform/plugins/shared/files/server/routes/file_kind/list.ts
+++ b/src/platform/plugins/shared/files/server/routes/file_kind/list.ts
@@ -67,8 +67,10 @@ export function register(fileKindRouter: FileKindRouter, fileKind: FileKind) {
{
path: FILES_API_ROUTES.fileKind.getListRoute(fileKind.id),
validate: { ...rt },
- options: {
- tags: fileKind.http.list.tags,
+ security: {
+ authz: {
+ requiredPrivileges: fileKind.http.list.requiredPrivileges,
+ },
},
},
handler
diff --git a/src/platform/plugins/shared/files/server/routes/file_kind/share/get.ts b/src/platform/plugins/shared/files/server/routes/file_kind/share/get.ts
index 8d5f13c08c712..d0964f07198f6 100644
--- a/src/platform/plugins/shared/files/server/routes/file_kind/share/get.ts
+++ b/src/platform/plugins/shared/files/server/routes/file_kind/share/get.ts
@@ -57,8 +57,10 @@ export function register(fileKindRouter: FileKindRouter, fileKind: FileKind) {
{
path: FILES_API_ROUTES.fileKind.getGetShareRoute(fileKind.id),
validate: { ...rt },
- options: {
- tags: fileKind.http.share.tags,
+ security: {
+ authz: {
+ requiredPrivileges: fileKind.http.share.requiredPrivileges,
+ },
},
},
handler
diff --git a/src/platform/plugins/shared/files/server/routes/file_kind/share/list.ts b/src/platform/plugins/shared/files/server/routes/file_kind/share/list.ts
index 2f2b5975a57f2..4f05d0b47ffc4 100644
--- a/src/platform/plugins/shared/files/server/routes/file_kind/share/list.ts
+++ b/src/platform/plugins/shared/files/server/routes/file_kind/share/list.ts
@@ -53,8 +53,10 @@ export function register(fileKindRouter: FileKindRouter, fileKind: FileKind) {
{
path: FILES_API_ROUTES.fileKind.getListShareRoute(fileKind.id),
validate: { ...rt },
- options: {
- tags: fileKind.http.share.tags,
+ security: {
+ authz: {
+ requiredPrivileges: fileKind.http.share.requiredPrivileges,
+ },
},
},
handler
diff --git a/src/platform/plugins/shared/files/server/routes/file_kind/share/share.ts b/src/platform/plugins/shared/files/server/routes/file_kind/share/share.ts
index 59c583a8b8204..3f06f0c12dbbb 100644
--- a/src/platform/plugins/shared/files/server/routes/file_kind/share/share.ts
+++ b/src/platform/plugins/shared/files/server/routes/file_kind/share/share.ts
@@ -81,8 +81,10 @@ export function register(fileKindRouter: FileKindRouter, fileKind: FileKind) {
{
path: FILES_API_ROUTES.fileKind.getShareRoute(fileKind.id),
validate: { ...rt },
- options: {
- tags: fileKind.http.share.tags,
+ security: {
+ authz: {
+ requiredPrivileges: fileKind.http.share.requiredPrivileges,
+ },
},
},
handler
diff --git a/src/platform/plugins/shared/files/server/routes/file_kind/share/unshare.ts b/src/platform/plugins/shared/files/server/routes/file_kind/share/unshare.ts
index 006ce1e50f6a2..52475c2dff2da 100644
--- a/src/platform/plugins/shared/files/server/routes/file_kind/share/unshare.ts
+++ b/src/platform/plugins/shared/files/server/routes/file_kind/share/unshare.ts
@@ -54,8 +54,10 @@ export function register(fileKindRouter: FileKindRouter, fileKind: FileKind) {
{
path: FILES_API_ROUTES.fileKind.getUnshareRoute(fileKind.id),
validate: { ...rt },
- options: {
- tags: fileKind.http.share.tags,
+ security: {
+ authz: {
+ requiredPrivileges: fileKind.http.share.requiredPrivileges,
+ },
},
},
handler
diff --git a/src/platform/plugins/shared/files/server/routes/file_kind/update.ts b/src/platform/plugins/shared/files/server/routes/file_kind/update.ts
index 76d2cdac33b55..4b8ff1b047500 100644
--- a/src/platform/plugins/shared/files/server/routes/file_kind/update.ts
+++ b/src/platform/plugins/shared/files/server/routes/file_kind/update.ts
@@ -56,8 +56,10 @@ export function register(fileKindRouter: FileKindRouter, fileKind: FileKind) {
{
path: FILES_API_ROUTES.fileKind.getUpdateRoute(fileKind.id),
validate: { ...rt },
- options: {
- tags: fileKind.http.update.tags,
+ security: {
+ authz: {
+ requiredPrivileges: fileKind.http.update.requiredPrivileges,
+ },
},
},
handler
diff --git a/src/platform/plugins/shared/files/server/routes/file_kind/upload.ts b/src/platform/plugins/shared/files/server/routes/file_kind/upload.ts
index 683449da011e5..50a3f251eafa5 100644
--- a/src/platform/plugins/shared/files/server/routes/file_kind/upload.ts
+++ b/src/platform/plugins/shared/files/server/routes/file_kind/upload.ts
@@ -98,7 +98,6 @@ export function register(fileKindRouter: FileKindRouter, fileKind: FileKind) {
...rt,
},
options: {
- tags: fileKind.http.create.tags,
body: {
output: 'stream',
parse: false,
@@ -111,6 +110,11 @@ export function register(fileKindRouter: FileKindRouter, fileKind: FileKind) {
maxBytes: 10 * 1024 * 1024 * 1024,
},
},
+ security: {
+ authz: {
+ requiredPrivileges: fileKind.http.create.requiredPrivileges,
+ },
+ },
},
handler
);
diff --git a/src/platform/plugins/shared/files/server/routes/find.ts b/src/platform/plugins/shared/files/server/routes/find.ts
index 564a5537996b9..3ae8eee49ee31 100644
--- a/src/platform/plugins/shared/files/server/routes/find.ts
+++ b/src/platform/plugins/shared/files/server/routes/find.ts
@@ -82,8 +82,10 @@ export function register(router: FilesRouter) {
{
path: FILES_API_ROUTES.find,
validate: { ...rt },
- options: {
- tags: [`access:${FILES_MANAGE_PRIVILEGE}`],
+ security: {
+ authz: {
+ requiredPrivileges: [FILES_MANAGE_PRIVILEGE],
+ },
},
},
handler
diff --git a/src/platform/plugins/shared/files/server/routes/metrics.ts b/src/platform/plugins/shared/files/server/routes/metrics.ts
index fdbbee11561fa..c7be62b51fb52 100644
--- a/src/platform/plugins/shared/files/server/routes/metrics.ts
+++ b/src/platform/plugins/shared/files/server/routes/metrics.ts
@@ -31,8 +31,10 @@ export function register(router: FilesRouter) {
{
path: FILES_API_ROUTES.metrics,
validate: {},
- options: {
- tags: [`access:${FILES_MANAGE_PRIVILEGE}`],
+ security: {
+ authz: {
+ requiredPrivileges: [FILES_MANAGE_PRIVILEGE],
+ },
},
},
handler
diff --git a/src/platform/plugins/shared/files/server/test_utils/setup_integration_environment.ts b/src/platform/plugins/shared/files/server/test_utils/setup_integration_environment.ts
index 369f39867f609..43c49d9a22d39 100644
--- a/src/platform/plugins/shared/files/server/test_utils/setup_integration_environment.ts
+++ b/src/platform/plugins/shared/files/server/test_utils/setup_integration_environment.ts
@@ -97,7 +97,7 @@ export async function setupIntegrationEnvironment() {
/**
* Register a test file type
*/
- const testHttpConfig = { tags: ['access:myapp'] };
+ const testHttpConfig = { requiredPrivileges: ['myapp'] };
const myFileKind = {
id: fileKind,
blobStoreSettings: {
diff --git a/x-pack/platform/plugins/shared/cases/common/constants/types.ts b/x-pack/platform/plugins/shared/cases/common/constants/types.ts
index 7399505dc277e..0c2767adfa63a 100644
--- a/x-pack/platform/plugins/shared/cases/common/constants/types.ts
+++ b/x-pack/platform/plugins/shared/cases/common/constants/types.ts
@@ -7,7 +7,7 @@
import type { OWNERS } from './owners';
-export enum HttpApiTagOperation {
+export enum HttpApiPrivilegeOperation {
Read = 'Read',
Create = 'Create',
Delete = 'Delete',
diff --git a/x-pack/platform/plugins/shared/cases/common/files/index.test.ts b/x-pack/platform/plugins/shared/cases/common/files/index.test.ts
index e09a5f682633a..0ba1741efc5f5 100644
--- a/x-pack/platform/plugins/shared/cases/common/files/index.test.ts
+++ b/x-pack/platform/plugins/shared/cases/common/files/index.test.ts
@@ -8,20 +8,20 @@
import {
CaseFileMetadataForDeletionRt,
constructFileKindIdByOwner,
- constructFilesHttpOperationTag,
+ constructFilesHttpOperationPrivilege,
constructOwnerFromFileKind,
} from '.';
import { APP_ID, OBSERVABILITY_OWNER, SECURITY_SOLUTION_OWNER } from '../constants';
-import { HttpApiTagOperation } from '../constants/types';
+import { HttpApiPrivilegeOperation } from '../constants/types';
describe('files index', () => {
- describe('constructFilesHttpOperationTag', () => {
+ describe('constructFilesHttpOperationPrivilege', () => {
it.each([
- [SECURITY_SOLUTION_OWNER, HttpApiTagOperation.Read, 'securitySolutionFilesCasesRead'],
- [OBSERVABILITY_OWNER, HttpApiTagOperation.Create, 'observabilityFilesCasesCreate'],
- [APP_ID, HttpApiTagOperation.Delete, 'casesFilesCasesDelete'],
+ [SECURITY_SOLUTION_OWNER, HttpApiPrivilegeOperation.Read, 'securitySolutionFilesCasesRead'],
+ [OBSERVABILITY_OWNER, HttpApiPrivilegeOperation.Create, 'observabilityFilesCasesCreate'],
+ [APP_ID, HttpApiPrivilegeOperation.Delete, 'casesFilesCasesDelete'],
])('builds the tag for owner: %p operation: %p tag: %p', (owner, operation, tag) => {
- expect(constructFilesHttpOperationTag(owner, operation)).toEqual(tag);
+ expect(constructFilesHttpOperationPrivilege(owner, operation)).toEqual(tag);
});
});
diff --git a/x-pack/platform/plugins/shared/cases/common/files/index.ts b/x-pack/platform/plugins/shared/cases/common/files/index.ts
index 4715ac2120e3e..51f38ce46bbb2 100644
--- a/x-pack/platform/plugins/shared/cases/common/files/index.ts
+++ b/x-pack/platform/plugins/shared/cases/common/files/index.ts
@@ -8,7 +8,7 @@
import * as rt from 'io-ts';
import { isEmpty } from 'lodash';
import { OWNERS } from '../constants';
-import type { HttpApiTagOperation, Owner } from '../constants/types';
+import type { HttpApiPrivilegeOperation, Owner } from '../constants/types';
/**
* This type is only used to validate for deletion, it does not check all the fields that should exist in the file
@@ -22,7 +22,10 @@ export type CaseFileMetadataForDeletion = rt.TypeOf {
+export const constructFilesHttpOperationPrivilege = (
+ owner: Owner,
+ operation: HttpApiPrivilegeOperation
+) => {
return `${owner}${FILE_KIND_DELIMITER}${operation}`;
};
diff --git a/x-pack/platform/plugins/shared/cases/common/utils/api_tags.ts b/x-pack/platform/plugins/shared/cases/common/utils/api_tags.ts
index e4750540c5b5e..139b3f074fac6 100644
--- a/x-pack/platform/plugins/shared/cases/common/utils/api_tags.ts
+++ b/x-pack/platform/plugins/shared/cases/common/utils/api_tags.ts
@@ -10,9 +10,9 @@ import {
GET_CONNECTORS_CONFIGURE_API_TAG,
SUGGEST_USER_PROFILES_API_TAG,
} from '../constants';
-import { HttpApiTagOperation } from '../constants/types';
+import { HttpApiPrivilegeOperation } from '../constants/types';
import type { Owner } from '../constants/types';
-import { constructFilesHttpOperationTag } from '../files';
+import { constructFilesHttpOperationPrivilege } from '../files';
export interface CasesApiTags {
all: readonly string[];
@@ -22,9 +22,9 @@ export interface CasesApiTags {
}
export const getApiTags = (owner: Owner): CasesApiTags => {
- const create = constructFilesHttpOperationTag(owner, HttpApiTagOperation.Create);
- const deleteTag = constructFilesHttpOperationTag(owner, HttpApiTagOperation.Delete);
- const read = constructFilesHttpOperationTag(owner, HttpApiTagOperation.Read);
+ const create = constructFilesHttpOperationPrivilege(owner, HttpApiPrivilegeOperation.Create);
+ const deleteTag = constructFilesHttpOperationPrivilege(owner, HttpApiPrivilegeOperation.Delete);
+ const read = constructFilesHttpOperationPrivilege(owner, HttpApiPrivilegeOperation.Read);
return {
all: [
diff --git a/x-pack/platform/plugins/shared/cases/server/files/index.test.ts b/x-pack/platform/plugins/shared/cases/server/files/index.test.ts
index 8f9fb0b35e96c..8542769517a6e 100644
--- a/x-pack/platform/plugins/shared/cases/server/files/index.test.ts
+++ b/x-pack/platform/plugins/shared/cases/server/files/index.test.ts
@@ -138,23 +138,23 @@ describe('server files', () => {
],
"http": Object {
"create": Object {
- "tags": Array [
- "access:casesFilesCasesCreate",
+ "requiredPrivileges": Array [
+ "casesFilesCasesCreate",
],
},
"download": Object {
- "tags": Array [
- "access:casesFilesCasesRead",
+ "requiredPrivileges": Array [
+ "casesFilesCasesRead",
],
},
"getById": Object {
- "tags": Array [
- "access:casesFilesCasesRead",
+ "requiredPrivileges": Array [
+ "casesFilesCasesRead",
],
},
"list": Object {
- "tags": Array [
- "access:casesFilesCasesRead",
+ "requiredPrivileges": Array [
+ "casesFilesCasesRead",
],
},
},
@@ -181,23 +181,23 @@ describe('server files', () => {
],
"http": Object {
"create": Object {
- "tags": Array [
- "access:observabilityFilesCasesCreate",
+ "requiredPrivileges": Array [
+ "observabilityFilesCasesCreate",
],
},
"download": Object {
- "tags": Array [
- "access:observabilityFilesCasesRead",
+ "requiredPrivileges": Array [
+ "observabilityFilesCasesRead",
],
},
"getById": Object {
- "tags": Array [
- "access:observabilityFilesCasesRead",
+ "requiredPrivileges": Array [
+ "observabilityFilesCasesRead",
],
},
"list": Object {
- "tags": Array [
- "access:observabilityFilesCasesRead",
+ "requiredPrivileges": Array [
+ "observabilityFilesCasesRead",
],
},
},
@@ -224,23 +224,23 @@ describe('server files', () => {
],
"http": Object {
"create": Object {
- "tags": Array [
- "access:securitySolutionFilesCasesCreate",
+ "requiredPrivileges": Array [
+ "securitySolutionFilesCasesCreate",
],
},
"download": Object {
- "tags": Array [
- "access:securitySolutionFilesCasesRead",
+ "requiredPrivileges": Array [
+ "securitySolutionFilesCasesRead",
],
},
"getById": Object {
- "tags": Array [
- "access:securitySolutionFilesCasesRead",
+ "requiredPrivileges": Array [
+ "securitySolutionFilesCasesRead",
],
},
"list": Object {
- "tags": Array [
- "access:securitySolutionFilesCasesRead",
+ "requiredPrivileges": Array [
+ "securitySolutionFilesCasesRead",
],
},
},
@@ -269,23 +269,23 @@ describe('server files', () => {
],
"http": Object {
"create": Object {
- "tags": Array [
- "access:casesFilesCasesCreate",
+ "requiredPrivileges": Array [
+ "casesFilesCasesCreate",
],
},
"download": Object {
- "tags": Array [
- "access:casesFilesCasesRead",
+ "requiredPrivileges": Array [
+ "casesFilesCasesRead",
],
},
"getById": Object {
- "tags": Array [
- "access:casesFilesCasesRead",
+ "requiredPrivileges": Array [
+ "casesFilesCasesRead",
],
},
"list": Object {
- "tags": Array [
- "access:casesFilesCasesRead",
+ "requiredPrivileges": Array [
+ "casesFilesCasesRead",
],
},
},
@@ -310,23 +310,23 @@ describe('server files', () => {
],
"http": Object {
"create": Object {
- "tags": Array [
- "access:observabilityFilesCasesCreate",
+ "requiredPrivileges": Array [
+ "observabilityFilesCasesCreate",
],
},
"download": Object {
- "tags": Array [
- "access:observabilityFilesCasesRead",
+ "requiredPrivileges": Array [
+ "observabilityFilesCasesRead",
],
},
"getById": Object {
- "tags": Array [
- "access:observabilityFilesCasesRead",
+ "requiredPrivileges": Array [
+ "observabilityFilesCasesRead",
],
},
"list": Object {
- "tags": Array [
- "access:observabilityFilesCasesRead",
+ "requiredPrivileges": Array [
+ "observabilityFilesCasesRead",
],
},
},
@@ -351,23 +351,23 @@ describe('server files', () => {
],
"http": Object {
"create": Object {
- "tags": Array [
- "access:securitySolutionFilesCasesCreate",
+ "requiredPrivileges": Array [
+ "securitySolutionFilesCasesCreate",
],
},
"download": Object {
- "tags": Array [
- "access:securitySolutionFilesCasesRead",
+ "requiredPrivileges": Array [
+ "securitySolutionFilesCasesRead",
],
},
"getById": Object {
- "tags": Array [
- "access:securitySolutionFilesCasesRead",
+ "requiredPrivileges": Array [
+ "securitySolutionFilesCasesRead",
],
},
"list": Object {
- "tags": Array [
- "access:securitySolutionFilesCasesRead",
+ "requiredPrivileges": Array [
+ "securitySolutionFilesCasesRead",
],
},
},
@@ -485,23 +485,23 @@ describe('server files', () => {
],
"http": Object {
"create": Object {
- "tags": Array [
- "access:casesFilesCasesCreate",
+ "requiredPrivileges": Array [
+ "casesFilesCasesCreate",
],
},
"download": Object {
- "tags": Array [
- "access:casesFilesCasesRead",
+ "requiredPrivileges": Array [
+ "casesFilesCasesRead",
],
},
"getById": Object {
- "tags": Array [
- "access:casesFilesCasesRead",
+ "requiredPrivileges": Array [
+ "casesFilesCasesRead",
],
},
"list": Object {
- "tags": Array [
- "access:casesFilesCasesRead",
+ "requiredPrivileges": Array [
+ "casesFilesCasesRead",
],
},
},
@@ -614,23 +614,23 @@ describe('server files', () => {
],
"http": Object {
"create": Object {
- "tags": Array [
- "access:observabilityFilesCasesCreate",
+ "requiredPrivileges": Array [
+ "observabilityFilesCasesCreate",
],
},
"download": Object {
- "tags": Array [
- "access:observabilityFilesCasesRead",
+ "requiredPrivileges": Array [
+ "observabilityFilesCasesRead",
],
},
"getById": Object {
- "tags": Array [
- "access:observabilityFilesCasesRead",
+ "requiredPrivileges": Array [
+ "observabilityFilesCasesRead",
],
},
"list": Object {
- "tags": Array [
- "access:observabilityFilesCasesRead",
+ "requiredPrivileges": Array [
+ "observabilityFilesCasesRead",
],
},
},
@@ -743,23 +743,23 @@ describe('server files', () => {
],
"http": Object {
"create": Object {
- "tags": Array [
- "access:securitySolutionFilesCasesCreate",
+ "requiredPrivileges": Array [
+ "securitySolutionFilesCasesCreate",
],
},
"download": Object {
- "tags": Array [
- "access:securitySolutionFilesCasesRead",
+ "requiredPrivileges": Array [
+ "securitySolutionFilesCasesRead",
],
},
"getById": Object {
- "tags": Array [
- "access:securitySolutionFilesCasesRead",
+ "requiredPrivileges": Array [
+ "securitySolutionFilesCasesRead",
],
},
"list": Object {
- "tags": Array [
- "access:securitySolutionFilesCasesRead",
+ "requiredPrivileges": Array [
+ "securitySolutionFilesCasesRead",
],
},
},
diff --git a/x-pack/platform/plugins/shared/cases/server/files/index.ts b/x-pack/platform/plugins/shared/cases/server/files/index.ts
index fb2e5e6372c3b..b0985e1572675 100644
--- a/x-pack/platform/plugins/shared/cases/server/files/index.ts
+++ b/x-pack/platform/plugins/shared/cases/server/files/index.ts
@@ -15,10 +15,13 @@ import {
SECURITY_SOLUTION_OWNER,
} from '../../common/constants';
import type { Owner } from '../../common/constants/types';
-import { HttpApiTagOperation } from '../../common/constants/types';
+import { HttpApiPrivilegeOperation } from '../../common/constants/types';
import { IMAGE_MIME_TYPES } from '../../common/constants/mime_types';
import type { FilesConfig } from './types';
-import { constructFileKindIdByOwner, constructFilesHttpOperationTag } from '../../common/files';
+import {
+ constructFileKindIdByOwner,
+ constructFilesHttpOperationPrivilege,
+} from '../../common/files';
const buildFileKind = (config: FilesConfig, owner: Owner, isFipsMode = false): FileKind => {
const hashes: FileKind['hashes'] = ['sha1', 'sha256'];
@@ -36,18 +39,16 @@ const buildFileKind = (config: FilesConfig, owner: Owner, isFipsMode = false): F
const fileKindHttpTags = (owner: Owner): FileKind['http'] => {
return {
- create: buildTag(owner, HttpApiTagOperation.Create),
- download: buildTag(owner, HttpApiTagOperation.Read),
- getById: buildTag(owner, HttpApiTagOperation.Read),
- list: buildTag(owner, HttpApiTagOperation.Read),
+ create: buildPrivileges(owner, HttpApiPrivilegeOperation.Create),
+ download: buildPrivileges(owner, HttpApiPrivilegeOperation.Read),
+ getById: buildPrivileges(owner, HttpApiPrivilegeOperation.Read),
+ list: buildPrivileges(owner, HttpApiPrivilegeOperation.Read),
};
};
-const access = 'access:';
-
-const buildTag = (owner: Owner, operation: HttpApiTagOperation) => {
+const buildPrivileges = (owner: Owner, operation: HttpApiPrivilegeOperation) => {
return {
- tags: [`${access}${constructFilesHttpOperationTag(owner, operation)}`],
+ requiredPrivileges: [constructFilesHttpOperationPrivilege(owner, operation)],
};
};
diff --git a/x-pack/test/cases_api_integration/common/plugins/cases/server/files/index.ts b/x-pack/test/cases_api_integration/common/plugins/cases/server/files/index.ts
index 40e3c4410c58f..9bc5fbc9e6c69 100644
--- a/x-pack/test/cases_api_integration/common/plugins/cases/server/files/index.ts
+++ b/x-pack/test/cases_api_integration/common/plugins/cases/server/files/index.ts
@@ -5,7 +5,7 @@
* 2.0.
*/
-import { HttpApiTagOperation } from '@kbn/cases-plugin/common/constants/types';
+import { HttpApiPrivilegeOperation } from '@kbn/cases-plugin/common/constants/types';
import type { FileKind } from '@kbn/files-plugin/common';
import type { FilesSetup } from '@kbn/files-plugin/server';
@@ -22,18 +22,16 @@ const buildFileKind = (): FileKind => {
const fileKindHttpTags = (): FileKind['http'] => {
return {
- create: buildTag(HttpApiTagOperation.Create),
- download: buildTag(HttpApiTagOperation.Read),
- getById: buildTag(HttpApiTagOperation.Read),
- list: buildTag(HttpApiTagOperation.Read),
+ create: buildPrivileges(HttpApiPrivilegeOperation.Create),
+ download: buildPrivileges(HttpApiPrivilegeOperation.Read),
+ getById: buildPrivileges(HttpApiPrivilegeOperation.Read),
+ list: buildPrivileges(HttpApiPrivilegeOperation.Read),
};
};
-const access = 'access:';
-
-const buildTag = (operation: HttpApiTagOperation) => {
+const buildPrivileges = (operation: HttpApiPrivilegeOperation) => {
return {
- tags: [`${access}${CASES_TEST_FIXTURE_OWNER}${operation}`],
+ requiredPrivileges: [`${CASES_TEST_FIXTURE_OWNER}${operation}`],
};
};