Unauthorized route migration for routes owned by kibana-management (#214782)

elena-shostak · web-flow · commit 2160dd1d956a · 2025-03-21T17:37:07.000+01:00
### Authz API migration for unauthorized routes This PR migrates last unauthorized routes owned by your team to a new security configuration. Please refer to the documentation for more information: [Authorization API](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization) ### **Before migration:** ```ts router.get({ path: '/api/path', ... }, handler); ``` ### **After migration:** ```ts router.get({ path: '/api/path', security: { authz: { enabled: false, reason: 'This route is opted out from authorization because ...', }, }, ... }, handler); ```
diff --git a/x-pack/platform/plugins/private/grokdebugger/server/lib/kibana_framework.ts b/x-pack/platform/plugins/private/grokdebugger/server/lib/kibana_framework.ts
@@ -60,6 +60,7 @@ export class KibanaFramework {
     const routeConfig = {
       path: config.path,
       validate: config.validate,
+      security: config.security,
     };
 
     switch (config.method) {
diff --git a/x-pack/platform/plugins/shared/license_management/server/routes/api/license/register_start_trial_routes.ts b/x-pack/platform/plugins/shared/license_management/server/routes/api/license/register_start_trial_routes.ts
@@ -35,14 +35,26 @@ export function registerStartTrialRoutes({
     }
   );
 
-  router.post({ path: addBasePath('/start_trial'), validate: false }, async (ctx, req, res) => {
-    const { client } = (await ctx.core).elasticsearch;
-    try {
-      return res.ok({
-        body: await startTrial({ client, licensing }),
-      });
-    } catch (error) {
-      return handleEsError({ error, response: res });
+  router.post(
+    {
+      path: addBasePath('/start_trial'),
+      validate: false,
+      security: {
+        authz: {
+          enabled: false,
+          reason: 'Relies on es client for authorization',
+        },
+      },
+    },
+    async (ctx, req, res) => {
+      const { client } = (await ctx.core).elasticsearch;
+      try {
+        return res.ok({
+          body: await startTrial({ client, licensing }),
+        });
+      } catch (error) {
+        return handleEsError({ error, response: res });
+      }
     }
-  });
+  );
 }
