[8.18] [Cloud Security] CDR Data View versioning and migration logic (#238547)

x-pack/platform/packages/shared/kbn-cloud-security-posture/common/constants.ts

@@ -25,8 +25,21 @@ export const STATUS_API_CURRENT_VERSION = '1';
 /** The base path for all cloud security posture pages. */
 export const CLOUD_SECURITY_POSTURE_BASE_PATH = '/cloud_security_posture';
 
+// Array of legacy data view IDs for migration purposes
+export const CDR_MISCONFIGURATIONS_DATA_VIEW_ID_PREFIX_LEGACY_VERSIONS = [
+  'cloud_security_posture-303eea10-c475-11ec-af18-c5b9b437dbbe', // legacy version 8.x version (logs-cloud_security_posture.findings_latest-*)
+  'cloud_security_posture-9129a080-7f48-11ec-8249-431333f83c5f', // legacy version 8.x version (logs-cloud_security_posture.findings-*)
+];
+// Array of old data view IDs for migration purposes
+// Add new deprecated versions here when updating to a new version
+export const CDR_MISCONFIGURATIONS_DATA_VIEW_ID_PREFIX_OLD_VERSIONS = [
+  'security_solution_cdr_latest_misconfigurations', // v1
+];
+
+// Current data view ID - increment version when making breaking changes
 export const CDR_MISCONFIGURATIONS_DATA_VIEW_ID_PREFIX =
-  'security_solution_cdr_latest_misconfigurations';
+  'security_solution_cdr_latest_misconfigurations_v2';
+
 export const SECURITY_DEFAULT_DATA_VIEW_ID = 'security-solution-default';
 
 export const CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN =
@@ -36,6 +49,25 @@ export const CDR_LATEST_THIRD_PARTY_VULNERABILITIES_INDEX_PATTERN =
 export const CDR_VULNERABILITIES_INDEX_PATTERN = `${CDR_LATEST_THIRD_PARTY_VULNERABILITIES_INDEX_PATTERN},${CDR_LATEST_NATIVE_VULNERABILITIES_INDEX_PATTERN}`;
 export const LATEST_VULNERABILITIES_RETENTION_POLICY = '3d';
 
+export const CDR_VULNERABILITIES_DATA_VIEW_NAME = 'Latest Cloud Security Vulnerabilities';
+
+// Array of legacy vulnerabilities data view IDs for migration purposes
+export const CDR_VULNERABILITIES_DATA_VIEW_ID_PREFIX_LEGACY_VERSIONS = [
+  'cloud_security_posture-c406d945-a359-4c04-9a6a-65d66de8706b', // legacy 8.x version (logs-cloud_security_posture.vulnerabilities-*)
+  'cloud_security_posture-07a5e6d6-982d-4c7c-a845-5f2be43279c9', // legacy 8.x version (logs-cloud_security_posture.vulnerabilities_latest-*)
+];
+// Array of old vulnerabilities data view IDs for migration purposes
+// Add new deprecated versions here when updating to a new version
+export const CDR_VULNERABILITIES_DATA_VIEW_ID_PREFIX_OLD_VERSIONS = [
+  'security_solution_cdr_latest_vulnerabilities', // v1
+];
+
+// Current vulnerabilities data view ID - increment version when making breaking changes
+export const CDR_VULNERABILITIES_DATA_VIEW_ID_PREFIX =
+  'security_solution_cdr_latest_vulnerabilities_v2';
+
+// meant as a temp workaround to get good enough posture view for 3rd party integrations, see https://github.com/elastic/security-team/issues/10683 and https://github.com/elastic/security-team/issues/10801
+export const CDR_EXTENDED_VULN_RETENTION_POLICY = '90d';
 // TODO: remove once https://github.com/elastic/security-team/issues/10801 is done
 // meant as a temp workaround to get good enough posture view for 3rd party integrations, see https://github.com/elastic/security-team/issues/10683
 export const CDR_3RD_PARTY_RETENTION_POLICY = '90d';

x-pack/solutions/security/plugins/cloud_security_posture/README.md

@@ -8,6 +8,67 @@ Cloud Posture automates the identification and remediation of risks across cloud
 
 Read [Kibana Contributing Guide](https://github.com/elastic/kibana/blob/main/CONTRIBUTING.md) for more details
 
+### DataView Migration Logic
+
+The data view migration is split into two parts:
+
+1. Deletion of old and legacy data views during the plugin initialization (only runs once when the CSP package is installed or when Kibana is started)
+2. Creation of new data views when the user navigates to the CSP page (the check runs every time the user navigates to the CSP page to see if the data views need to be created)
+
+When making changes to CSP data views, follow these guidelines:
+
+#### When to Update Data View Version
+
+Create a new data view version when:
+
+1. **Index Pattern Changes**: Updating the underlying index pattern (e.g., from `logs-*` to `security_solution-*`)
+2. **Field Mapping Updates**: Making significant changes to field mappings that could affect existing queries
+3. **Breaking Changes**: Any change that would break existing saved searches, visualizations, or dashboards
+4. **Data Source Migration**: Moving from one data source to another (e.g., from native to CDR indices)
+
+#### How to Update Data View Version
+
+1. **Update Constants** in `packages/kbn-cloud-security-posture/common/constants.ts`:
+
+   - Add the current version to the OLD_VERSIONS array
+   - Update the main constant to the new version `_v{n+1}`
+
+   ```typescript
+   // Array of old data view IDs for migration purposes
+   export const CDR_MISCONFIGURATIONS_DATA_VIEW_ID_PREFIX_OLD_VERSIONS = [
+     'security_solution_cdr_latest_misconfigurations', // v1
+     'security_solution_cdr_latest_misconfigurations_v2', // v2 - Add current version here when moving to v3
+     // Future deprecated versions will be added here
+   ];
+
+   // Current data view ID - increment version when making breaking changes
+   export const CDR_MISCONFIGURATIONS_DATA_VIEW_ID_PREFIX =
+     'security_solution_cdr_latest_misconfigurations_v3'; // Updated to v3
+   ```
+
+2. **Update Tests** in `test/cloud_security_posture_functional/data_views/data_views.ts`:
+   - Test deletion from v1 to current version (with space suffix)
+   - Test deletion from legacy to current version (global to space-specific)
+   - Test deletion of old and legacy data views during plugin initialization
+   - Test creation of new data views when the user navigates to the CSP page
+
+#### Example: Moving from v2 to v3
+
+```typescript
+// Step 1: Update the OLD_VERSIONS array in packages/kbn-cloud-security-posture/common/constants.ts
+export const CDR_MISCONFIGURATIONS_DATA_VIEW_ID_PREFIX_OLD_VERSIONS = [
+  'security_solution_cdr_latest_misconfigurations', // v1
+  'security_solution_cdr_latest_misconfigurations_v2', // v2 - Added current version
+];
+
+// Step 2: Update the current version
+export const CDR_MISCONFIGURATIONS_DATA_VIEW_ID_PREFIX =
+  'security_solution_cdr_latest_misconfigurations_v3'; // Now v3
+
+// Note: Legacy versions (global data views) are tracked separately and rarely change
+export const CDR_MISCONFIGURATIONS_DATA_VIEW_ID_PREFIX_LEGACY_VERSIONS = [];
+```
+
 ## Testing
 
 For general guidelines, read [Kibana Testing Guide](https://www.elastic.co/guide/en/kibana/current/development-tests.html) for more details
@@ -109,6 +170,13 @@ yarn test:ftr:server --config x-pack/test/cloud_security_posture_functional/conf
 yarn test:ftr:runner --config x-pack/test/cloud_security_posture_functional/config.ts
 ```
 
+run data view migration tests:
+
+```bash
+yarn test:ftr:server --config x-pack/solutions/security/test/cloud_security_posture_functional/data_views/config.ts
+yarn test:ftr:runner --config x-pack/solutions/security/test/cloud_security_posture_functional/data_views/config.ts
+```
+
 run serverless api integration tests:
 ```bash
 yarn test:ftr:server --config x-pack/test_serverless/api_integration/test_suites/security/config.ts

x-pack/solutions/security/plugins/cloud_security_posture/common/constants.ts

@@ -48,10 +48,6 @@ export const BENCHMARK_SCORE_INDEX_TEMPLATE_NAME = 'logs-cloud_security_posture.
 export const BENCHMARK_SCORE_INDEX_PATTERN = 'logs-cloud_security_posture.scores-*';
 export const BENCHMARK_SCORE_INDEX_DEFAULT_NS = 'logs-cloud_security_posture.scores-default';
 
-export const CDR_VULNERABILITIES_DATA_VIEW_NAME = 'Latest Cloud Security Vulnerabilities';
-export const CDR_VULNERABILITIES_DATA_VIEW_ID_PREFIX =
-  'security_solution_cdr_latest_vulnerabilities';
-
 export const VULNERABILITIES_INDEX_NAME = 'logs-cloud_security_posture.vulnerabilities';
 export const VULNERABILITIES_INDEX_PATTERN = 'logs-cloud_security_posture.vulnerabilities-default*';
 export const VULNERABILITIES_INDEX_DEFAULT_NS =

x-pack/solutions/security/plugins/cloud_security_posture/public/pages/vulnerabilities/vulnerabilities.tsx

@@ -10,9 +10,9 @@ import { findingsNavigation } from '@kbn/cloud-security-posture';
 import { useCspSetupStatusApi } from '@kbn/cloud-security-posture/src/hooks/use_csp_setup_status_api';
 import { useDataView } from '@kbn/cloud-security-posture/src/hooks/use_data_view';
 import { EuiSpacer } from '@elastic/eui';
+import { CDR_VULNERABILITIES_DATA_VIEW_ID_PREFIX } from '@kbn/cloud-security-posture-common';
 import { ThirdPartyIntegrationsCallout } from '../findings/third_party_integrations_callout';
 import { VULNERABILITIES_PAGE } from './test_subjects';
-import { CDR_VULNERABILITIES_DATA_VIEW_ID_PREFIX } from '../../../common/constants';
 import { NoVulnerabilitiesStates } from '../../components/no_vulnerabilities_states';
 import { CloudPosturePage } from '../../components/cloud_posture_page';
 import { LatestVulnerabilitiesContainer } from './latest_vulnerabilities_container';

x-pack/solutions/security/plugins/cloud_security_posture/server/plugin.ts

@@ -40,6 +40,7 @@ import type {
 } from './types';
 import { setupRoutes } from './routes/setup_routes';
 import { cspBenchmarkRule, cspSettings } from './saved_objects';
+import { deleteOldAndLegacyCdrDataViewsForAllSpaces } from './saved_objects/data_views';
 import { initializeCspIndices } from './create_indices/create_indices';
 import { initializeCspTransforms } from './create_transforms/create_transforms';
 import { isCspPackagePolicyInstalled } from './fleet_integration/fleet_integration';
@@ -208,9 +209,12 @@ export class CspPlugin
   async initialize(core: CoreStart, taskManager: TaskManagerStartContract): Promise<void> {
     this.logger.debug('initialize');
     const esClient = core.elasticsearch.client.asInternalUser;
+    const soClient = core.savedObjects.createInternalRepository();
     await initializeCspIndices(esClient, this.config, this.logger);
     await initializeCspTransforms(esClient, this.logger);
     await scheduleFindingsStatsTask(taskManager, this.logger);
+    // Delete old and legacy CDR data views for all spaces
+    await deleteOldAndLegacyCdrDataViewsForAllSpaces(soClient, this.logger);
     this.#isInitialized = true;
   }