[APM] Update non auth endpoints with authz info (elastic#206289)

## Summary Closes elastic#206252 As part of the Authz migration, we updated the endpoints that didn’t have any authorization restrictions to match the [documentation](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization#opting-out-of-authorization-for-specific-routes) requirements.
e40pud · Jan 13, 2025 · b328fe8 · b328fe8
1 parent f77dc3d
commit b328fe8
Showing 1 changed file with 21 additions and 3 deletions.
diff --git a/x-pack/solutions/observability/plugins/apm/server/routes/fleet/route.ts b/x-pack/solutions/observability/plugins/apm/server/routes/fleet/route.ts
@@ -36,7 +36,13 @@ function throwNotFoundIfFleetMigrationNotAvailable(featureFlags: ApmFeatureFlags
 
 const hasFleetDataRoute = createApmServerRoute({
   endpoint: 'GET /internal/apm/fleet/has_apm_policies',
-  options: { tags: [] },
+  security: {
+    authz: {
+      enabled: false,
+      reason:
+        "It's being used in the tutorial page, so it needs to be available for users even if they don't have APM permissions.",
+    },
+  },
   handler: async ({ core, plugins }): Promise<{ hasApmPolicies: boolean }> => {
     const fleetPluginStart = await plugins.fleet?.start();
     if (!fleetPluginStart) {
@@ -53,7 +59,13 @@ const hasFleetDataRoute = createApmServerRoute({
 
 const fleetAgentsRoute = createApmServerRoute({
   endpoint: 'GET /internal/apm/fleet/agents',
-  options: { tags: [] },
+  security: {
+    authz: {
+      enabled: false,
+      reason:
+        "It's being used in the tutorial page, so it needs to be available for users even if they don't have APM permissions.",
+    },
+  },
   handler: async ({ core, plugins }): Promise<FleetAgentResponse> => {
     return getFleetAgents({
       coreStart: await core.start(),
@@ -182,7 +194,13 @@ const createCloudApmPackagePolicyRoute = createApmServerRoute({
 
 const javaAgentVersions = createApmServerRoute({
   endpoint: 'GET /internal/apm/fleet/java_agent_versions',
-  options: { tags: [] },
+  security: {
+    authz: {
+      enabled: false,
+      reason:
+        'It returns static information stored in a public file in https://repo1.maven.org/maven2/co/elastic/apm/elastic-apm-agent/maven-metadata.xml',
+    },
+  },
   handler: async (): Promise<{ versions: string[] | undefined }> => {
     const versions = await getJavaAgentVersionsFromRegistry();
     return {