diff --git a/x-pack/solutions/security/plugins/security_solution/common/entity_analytics/risk_engine/constants.ts b/x-pack/solutions/security/plugins/security_solution/common/entity_analytics/risk_engine/constants.ts index 9d71e984021f8..775a4e072c5e9 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/entity_analytics/risk_engine/constants.ts +++ b/x-pack/solutions/security/plugins/security_solution/common/entity_analytics/risk_engine/constants.ts @@ -20,11 +20,14 @@ export const RISK_ENGINE_CLEANUP_URL = `${PUBLIC_RISK_ENGINE_URL}/dangerously_de export const RISK_ENGINE_CONFIGURE_SO_URL = `${PUBLIC_RISK_ENGINE_URL}/saved_object/configure` as const; -type ClusterPrivilege = 'manage_index_templates' | 'manage_transform'; +type ClusterPrivilege = 'manage_index_templates' | 'manage_transform' | 'manage_ingest_pipelines'; +// These are the required privileges to install the risk engine - enabling and running require less privileges +// However, we check the full set for simplicity, since the UI does not distinguish between installing and enabling export const RISK_ENGINE_REQUIRED_ES_CLUSTER_PRIVILEGES = [ 'manage_index_templates', 'manage_transform', -] as ClusterPrivilege[]; + 'manage_ingest_pipelines', +] satisfies ClusterPrivilege[]; export const RISK_SCORE_INDEX_PATTERN = 'risk-score.risk-score-*'; diff --git a/x-pack/solutions/security/plugins/security_solution/common/entity_analytics/risk_engine/privileges.test.ts b/x-pack/solutions/security/plugins/security_solution/common/entity_analytics/risk_engine/privileges.test.ts index caf7b640582a6..34048149a7c58 100644 --- a/x-pack/solutions/security/plugins/security_solution/common/entity_analytics/risk_engine/privileges.test.ts +++ b/x-pack/solutions/security/plugins/security_solution/common/entity_analytics/risk_engine/privileges.test.ts @@ -15,6 +15,7 @@ describe('getMissingRiskEnginePrivileges', () => { cluster: { manage_index_templates: false, manage_transform: false, + manage_ingest_pipelines: false, }, index: { 'risk-score.risk-score-*': { @@ -28,7 +29,7 @@ describe('getMissingRiskEnginePrivileges', () => { const missingPrivileges = getMissingRiskEnginePrivileges(noClusterPrivileges); expect(missingPrivileges).toEqual({ - clusterPrivileges: ['manage_index_templates', 'manage_transform'], + clusterPrivileges: ['manage_index_templates', 'manage_transform', 'manage_ingest_pipelines'], indexPrivileges: [], }); }); @@ -39,6 +40,7 @@ describe('getMissingRiskEnginePrivileges', () => { cluster: { manage_index_templates: true, manage_transform: true, + manage_ingest_pipelines: true, }, index: { 'risk-score.risk-score-*': { diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/risk_engine/risk_engine_privileges.test.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/risk_engine/risk_engine_privileges.test.ts index e689bcf9f3ca5..d8cc305a29b77 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/risk_engine/risk_engine_privileges.test.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/risk_engine/risk_engine_privileges.test.ts @@ -16,6 +16,7 @@ describe('_getMissingPrivilegesMessage', () => { cluster: { manage_index_templates: false, manage_transform: false, + manage_ingest_pipelines: false, }, index: { 'risk-score.risk-score-*': { @@ -31,7 +32,7 @@ describe('_getMissingPrivilegesMessage', () => { const result = _getMissingPrivilegesMessage(noClusterPrivileges); expect(result).toMatchInlineSnapshot( - `"User is missing risk engine privileges. Missing cluster privileges: manage_index_templates, manage_transform."` + `"User is missing risk engine privileges. Missing cluster privileges: manage_index_templates, manage_transform, manage_ingest_pipelines."` ); }); @@ -42,6 +43,7 @@ describe('_getMissingPrivilegesMessage', () => { cluster: { manage_index_templates: true, manage_transform: true, + manage_ingest_pipelines: true, }, index: { 'risk-score.risk-score-*': { @@ -68,6 +70,7 @@ describe('_getMissingPrivilegesMessage', () => { cluster: { manage_index_templates: false, manage_transform: false, + manage_ingest_pipelines: false, }, index: { 'risk-score.risk-score-*': { @@ -83,7 +86,7 @@ describe('_getMissingPrivilegesMessage', () => { const result = _getMissingPrivilegesMessage(noClusterOrIndexPrivileges); expect(result).toMatchInlineSnapshot( - `"User is missing risk engine privileges. Missing index privileges for index \\"risk-score.risk-score-*\\": read, write. Missing cluster privileges: manage_index_templates, manage_transform."` + `"User is missing risk engine privileges. Missing index privileges for index \\"risk-score.risk-score-*\\": read, write. Missing cluster privileges: manage_index_templates, manage_transform, manage_ingest_pipelines."` ); }); }); diff --git a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/delete.test.ts b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/delete.test.ts index 5c66b70c75c13..29e43de5d8fb7 100644 --- a/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/delete.test.ts +++ b/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/delete.test.ts @@ -178,7 +178,7 @@ describe('risk engine cleanup route', () => { expect(response.status).toBe(403); expect(response.body).toEqual({ message: - 'User is missing risk engine privileges. Missing cluster privileges: manage_index_templates, manage_transform.', + 'User is missing risk engine privileges. Missing cluster privileges: manage_index_templates, manage_transform, manage_ingest_pipelines.', status_code: 403, }); }); diff --git a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/risk_engine_privileges.ts b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/risk_engine_privileges.ts index 93b9573d3e3aa..bb02dec475989 100644 --- a/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/risk_engine_privileges.ts +++ b/x-pack/test/security_solution_api_integration/test_suites/entity_analytics/risk_engine/trial_license_complete_tier/risk_engine_privileges.ts @@ -39,6 +39,14 @@ const ROLES = [ }, }, }, + { + name: 'manage_ingest_pipelines', + privileges: { + elasticsearch: { + cluster: ['manage_ingest_pipelines'], + }, + }, + }, { name: 'risk_score_index_read', privileges: { @@ -113,6 +121,7 @@ export default ({ getService }: FtrProviderContext) => { cluster: { manage_index_templates: true, manage_transform: true, + manage_ingest_pipelines: true, }, index: { 'risk-score.risk-score-*': { @@ -132,6 +141,7 @@ export default ({ getService }: FtrProviderContext) => { cluster: { manage_index_templates: true, manage_transform: true, + manage_ingest_pipelines: true, }, index: { 'risk-score.risk-score-*': { @@ -151,6 +161,7 @@ export default ({ getService }: FtrProviderContext) => { cluster: { manage_index_templates: true, manage_transform: true, + manage_ingest_pipelines: true, }, index: { 'risk-score.risk-score-*': { @@ -170,6 +181,7 @@ export default ({ getService }: FtrProviderContext) => { cluster: { manage_index_templates: true, manage_transform: false, + manage_ingest_pipelines: true, }, index: { 'risk-score.risk-score-*': { @@ -189,6 +201,7 @@ export default ({ getService }: FtrProviderContext) => { cluster: { manage_index_templates: false, manage_transform: true, + manage_ingest_pipelines: true, }, index: { 'risk-score.risk-score-*': {