From 2f637926aa7a0f0f99231f4678fb100d922b8ce2 Mon Sep 17 00:00:00 2001 From: adcoelho Date: Mon, 16 Mar 2026 12:44:23 +0100 Subject: [PATCH 1/2] Update privileges for Alerting V2 indexes and views. --- .../KibanaOwnedReservedRoleDescriptors.java | 8 ++++++-- .../authz/store/ReservedRolesStore.java | 6 ++++-- .../authz/store/ReservedRolesStoreTests.java | 17 +++++++++-------- 3 files changed, 19 insertions(+), 12 deletions(-) diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java index e4635ae182fcb..fb4750ab42fb6 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java @@ -278,7 +278,10 @@ static RoleDescriptor kibanaSystem(String name) { .build(), // "Alerting V2" views prefix RoleDescriptor.IndicesPrivileges.builder() - .indices(ReservedRolesStore.ALERTING_V2_VIEWS) + .indices( + ReservedRolesStore.ALERTING_V2_ALERT_VIEWS, + ReservedRolesStore.ALERTING_V2_RULE_VIEWS + ) .privileges("indices:admin/esql/view/put") // TODO: use named index privilege when available in serverless .build(), // "Alerts as data" public index aliases used in Security Solution, @@ -289,7 +292,8 @@ static RoleDescriptor kibanaSystem(String name) { RoleDescriptor.IndicesPrivileges.builder().indices(ReservedRolesStore.CASES_ANALYTICS_INDEXES).privileges("all").build(), RoleDescriptor.IndicesPrivileges.builder().indices(ReservedRolesStore.CASES_ANALYTICS_ALIASES).privileges("all").build(), // "Alerting V2" indexes - RoleDescriptor.IndicesPrivileges.builder().indices(ReservedRolesStore.ALERTING_V2_INDEX_ALIAS).privileges("all").build(), + RoleDescriptor.IndicesPrivileges.builder().indices(ReservedRolesStore.ALERTING_V2_ALERT_INDEX_ALIAS).privileges("all").build(), + RoleDescriptor.IndicesPrivileges.builder().indices(ReservedRolesStore.ALERTING_V2_RULE_INDEX_ALIAS).privileges("all").build(), // "Alerts as data" public index alias used in Security Solution // Kibana system user uses them to read / write alerts. RoleDescriptor.IndicesPrivileges.builder() diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java index 4235bed5677e2..fdbe62d3b29fa 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java @@ -53,8 +53,10 @@ public class ReservedRolesStore implements BiConsumer, ActionListene public static final String ALERTS_INDEX_ALIAS = ".alerts*"; /** Alerting V2 - alert events and action indexes used by multiple solutions */ - public static final String ALERTING_V2_INDEX_ALIAS = ".alerting*"; - public static final String ALERTING_V2_VIEWS = "$.alerting*"; + public static final String ALERTING_V2_ALERT_INDEX_ALIAS = ".alert*"; + public static final String ALERTING_V2_RULE_INDEX_ALIAS = ".rule*"; + public static final String ALERTING_V2_ALERT_VIEWS = "$.alert*"; + public static final String ALERTING_V2_RULE_VIEWS = "$.rule*"; /** Cases analytics indexes and aliases */ public static final String CASES_ANALYTICS_INDEXES = ".internal.cases*"; diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java index 3614657cf932f..740f8e4f87fab 100644 --- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java @@ -628,7 +628,8 @@ public void testKibanaSystemRole() { ReservedRolesStore.ALERTS_BACKING_INDEX + randomAlphaOfLength(randomIntBetween(0, 13)), ReservedRolesStore.ALERTS_BACKING_INDEX_REINDEXED + randomAlphaOfLength(randomIntBetween(0, 13)), ReservedRolesStore.ALERTS_INDEX_ALIAS + randomAlphaOfLength(randomIntBetween(0, 13)), - ReservedRolesStore.ALERTING_V2_INDEX_ALIAS + randomAlphaOfLength(randomIntBetween(0, 13)), + ReservedRolesStore.ALERTING_V2_ALERT_INDEX_ALIAS + randomAlphaOfLength(randomIntBetween(0, 13)), + ReservedRolesStore.ALERTING_V2_RULE_INDEX_ALIAS + randomAlphaOfLength(randomIntBetween(0, 13)), ReservedRolesStore.PREVIEW_ALERTS_INDEX_ALIAS + randomAlphaOfLength(randomIntBetween(0, 13)), ReservedRolesStore.PREVIEW_ALERTS_BACKING_INDEX + randomAlphaOfLength(randomIntBetween(0, 13)), ReservedRolesStore.PREVIEW_ALERTS_BACKING_INDEX_REINDEXED + randomAlphaOfLength(randomIntBetween(0, 13)), @@ -640,13 +641,13 @@ public void testKibanaSystemRole() { ).forEach(index -> assertAllIndicesAccessAllowed(kibanaRole, index)); // Alerting V2 views prefix: Kibana system user has create_view only - final IndexAbstraction alertingV2ViewsAbstraction = mockIndexAbstraction( - ReservedRolesStore.ALERTING_V2_VIEWS + randomAlphaOfLength(randomIntBetween(0, 13)) - ); - assertThat( - kibanaRole.indices().allowedIndicesMatcher(EsqlViewActionNames.ESQL_PUT_VIEW_ACTION_NAME).test(alertingV2ViewsAbstraction), - is(true) - ); + Arrays.asList( + ReservedRolesStore.ALERTING_V2_ALERT_VIEWS, + ReservedRolesStore.ALERTING_V2_RULE_VIEWS + ).forEach(index -> { + final IndexAbstraction indexAbstraction = mockIndexAbstraction(index); + assertThat(kibanaRole.indices().allowedIndicesMatcher(EsqlViewActionNames.ESQL_PUT_VIEW_ACTION_NAME).test(indexAbstraction), is(true)); + }); Arrays.asList( ReservedRolesStore.ADHOC_ALERTS_INDEX_ALIAS + randomAlphaOfLength(randomIntBetween(0, 13)), From 09f314be19e829fc32e9230099c176c0af5ceac2 Mon Sep 17 00:00:00 2001 From: elasticsearchmachine Date: Mon, 16 Mar 2026 11:57:05 +0000 Subject: [PATCH 2/2] [CI] Auto commit changes from spotless --- .../store/KibanaOwnedReservedRoleDescriptors.java | 15 +++++++++------ .../authz/store/ReservedRolesStoreTests.java | 10 +++++----- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java index fb4750ab42fb6..16cc91efe2374 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java @@ -278,10 +278,7 @@ static RoleDescriptor kibanaSystem(String name) { .build(), // "Alerting V2" views prefix RoleDescriptor.IndicesPrivileges.builder() - .indices( - ReservedRolesStore.ALERTING_V2_ALERT_VIEWS, - ReservedRolesStore.ALERTING_V2_RULE_VIEWS - ) + .indices(ReservedRolesStore.ALERTING_V2_ALERT_VIEWS, ReservedRolesStore.ALERTING_V2_RULE_VIEWS) .privileges("indices:admin/esql/view/put") // TODO: use named index privilege when available in serverless .build(), // "Alerts as data" public index aliases used in Security Solution, @@ -292,8 +289,14 @@ static RoleDescriptor kibanaSystem(String name) { RoleDescriptor.IndicesPrivileges.builder().indices(ReservedRolesStore.CASES_ANALYTICS_INDEXES).privileges("all").build(), RoleDescriptor.IndicesPrivileges.builder().indices(ReservedRolesStore.CASES_ANALYTICS_ALIASES).privileges("all").build(), // "Alerting V2" indexes - RoleDescriptor.IndicesPrivileges.builder().indices(ReservedRolesStore.ALERTING_V2_ALERT_INDEX_ALIAS).privileges("all").build(), - RoleDescriptor.IndicesPrivileges.builder().indices(ReservedRolesStore.ALERTING_V2_RULE_INDEX_ALIAS).privileges("all").build(), + RoleDescriptor.IndicesPrivileges.builder() + .indices(ReservedRolesStore.ALERTING_V2_ALERT_INDEX_ALIAS) + .privileges("all") + .build(), + RoleDescriptor.IndicesPrivileges.builder() + .indices(ReservedRolesStore.ALERTING_V2_RULE_INDEX_ALIAS) + .privileges("all") + .build(), // "Alerts as data" public index alias used in Security Solution // Kibana system user uses them to read / write alerts. RoleDescriptor.IndicesPrivileges.builder() diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java index 740f8e4f87fab..bc8745b6a6943 100644 --- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java @@ -641,12 +641,12 @@ public void testKibanaSystemRole() { ).forEach(index -> assertAllIndicesAccessAllowed(kibanaRole, index)); // Alerting V2 views prefix: Kibana system user has create_view only - Arrays.asList( - ReservedRolesStore.ALERTING_V2_ALERT_VIEWS, - ReservedRolesStore.ALERTING_V2_RULE_VIEWS - ).forEach(index -> { + Arrays.asList(ReservedRolesStore.ALERTING_V2_ALERT_VIEWS, ReservedRolesStore.ALERTING_V2_RULE_VIEWS).forEach(index -> { final IndexAbstraction indexAbstraction = mockIndexAbstraction(index); - assertThat(kibanaRole.indices().allowedIndicesMatcher(EsqlViewActionNames.ESQL_PUT_VIEW_ACTION_NAME).test(indexAbstraction), is(true)); + assertThat( + kibanaRole.indices().allowedIndicesMatcher(EsqlViewActionNames.ESQL_PUT_VIEW_ACTION_NAME).test(indexAbstraction), + is(true) + ); }); Arrays.asList(