Commit 6c4126f
# Backport
This will backport the following commits from `main` to `9.0`:
- [[SecuritySolution] Update API key permissions on refreshing data view
API (#215738)](#215738)
<!--- Backport version: 9.6.6 -->
### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)
<!--BACKPORT [{"author":{"name":"Pablo
Machado","email":"pablo.nevesmachado@elastic.co"},"sourceCommit":{"committedDate":"2025-03-26T10:03:45Z","message":"[SecuritySolution]
Update API key permissions on refreshing data view API
(#215738)\n\nUpdate the API key when entity store
`apply_dataview_indices` is called.\n\n## Summary\nThis change allows
the user to update the privileges the entity store\ndata view refresh
task uses. This will enable them to fix problems when\nthe user that
enabled the entity store doesn't have all data view\nindices
privileges.\n\nThis PR also improves some error messages that were hard
to read.\n\n### Context\n* `apply_dataview_indices`is an API that
updates the entity store\ntransform with the indices defined in the
security solution data view.\n* There is a background task that calls
`apply_dataview_indices` from\ntime to time\n* The background task uses
the API key to access the security solution\ndata view indices.\n\n\n###
How to test it\n* Create a kibana instance with security data\n* Create
a user that only has access the necessary access to the entity\nstore
indices\n* Enable the entity store with a the created user\n* Login with
a superuser \n* Add a new index to the security solution data view,
which the created\nuser cannot access.\n* The task will fail because it
uses the API key from the unprivileged\nuser.\n* Call
`apply_dataview_indices` with the superuser
(`POST\nkbn:api/entity_store/engines/apply_dataview_indices`)\n* The
request should succeed because it is using the superuser\ncredentials\n*
Add a new index to the security solution data view, which the
created\nuser cannot access.\n* The task should succeed because it is
using the superuser API key\n\n### Checklist\n\nCheck the PR satisfies
following conditions. \n\nReviewers should verify this PR satisfies this
list as well.\n\n- [ ] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [x] The PR
description includes the appropriate Release Notes section,\nand the
correct `release_note:*` label is applied per
the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"e201b947be53e4e903ab1126592c3853f66108df","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:enhancement","Team:
SecuritySolution","Team:Entity
Analytics","backport:version","v9.1.0","v8.19.0","v8.18.1","v9.0.1"],"title":"[SecuritySolution]
Update API key permissions on refreshing data view
API","number":215738,"url":"https://github.com/elastic/kibana/pull/215738","mergeCommit":{"message":"[SecuritySolution]
Update API key permissions on refreshing data view API
(#215738)\n\nUpdate the API key when entity store
`apply_dataview_indices` is called.\n\n## Summary\nThis change allows
the user to update the privileges the entity store\ndata view refresh
task uses. This will enable them to fix problems when\nthe user that
enabled the entity store doesn't have all data view\nindices
privileges.\n\nThis PR also improves some error messages that were hard
to read.\n\n### Context\n* `apply_dataview_indices`is an API that
updates the entity store\ntransform with the indices defined in the
security solution data view.\n* There is a background task that calls
`apply_dataview_indices` from\ntime to time\n* The background task uses
the API key to access the security solution\ndata view indices.\n\n\n###
How to test it\n* Create a kibana instance with security data\n* Create
a user that only has access the necessary access to the entity\nstore
indices\n* Enable the entity store with a the created user\n* Login with
a superuser \n* Add a new index to the security solution data view,
which the created\nuser cannot access.\n* The task will fail because it
uses the API key from the unprivileged\nuser.\n* Call
`apply_dataview_indices` with the superuser
(`POST\nkbn:api/entity_store/engines/apply_dataview_indices`)\n* The
request should succeed because it is using the superuser\ncredentials\n*
Add a new index to the security solution data view, which the
created\nuser cannot access.\n* The task should succeed because it is
using the superuser API key\n\n### Checklist\n\nCheck the PR satisfies
following conditions. \n\nReviewers should verify this PR satisfies this
list as well.\n\n- [ ] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [x] The PR
description includes the appropriate Release Notes section,\nand the
correct `release_note:*` label is applied per
the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"e201b947be53e4e903ab1126592c3853f66108df"}},"sourceBranch":"main","suggestedTargetBranches":["8.x","8.18","9.0"],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/215738","number":215738,"mergeCommit":{"message":"[SecuritySolution]
Update API key permissions on refreshing data view API
(#215738)\n\nUpdate the API key when entity store
`apply_dataview_indices` is called.\n\n## Summary\nThis change allows
the user to update the privileges the entity store\ndata view refresh
task uses. This will enable them to fix problems when\nthe user that
enabled the entity store doesn't have all data view\nindices
privileges.\n\nThis PR also improves some error messages that were hard
to read.\n\n### Context\n* `apply_dataview_indices`is an API that
updates the entity store\ntransform with the indices defined in the
security solution data view.\n* There is a background task that calls
`apply_dataview_indices` from\ntime to time\n* The background task uses
the API key to access the security solution\ndata view indices.\n\n\n###
How to test it\n* Create a kibana instance with security data\n* Create
a user that only has access the necessary access to the entity\nstore
indices\n* Enable the entity store with a the created user\n* Login with
a superuser \n* Add a new index to the security solution data view,
which the created\nuser cannot access.\n* The task will fail because it
uses the API key from the unprivileged\nuser.\n* Call
`apply_dataview_indices` with the superuser
(`POST\nkbn:api/entity_store/engines/apply_dataview_indices`)\n* The
request should succeed because it is using the superuser\ncredentials\n*
Add a new index to the security solution data view, which the
created\nuser cannot access.\n* The task should succeed because it is
using the superuser API key\n\n### Checklist\n\nCheck the PR satisfies
following conditions. \n\nReviewers should verify this PR satisfies this
list as well.\n\n- [ ] [Unit or
functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere
updated or added to match the most common scenarios\n- [x] The PR
description includes the appropriate Release Notes section,\nand the
correct `release_note:*` label is applied per
the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"e201b947be53e4e903ab1126592c3853f66108df"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"9.0","label":"v9.0.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->
Co-authored-by: Pablo Machado <pablo.nevesmachado@elastic.co>
1 parent abb4f2a commit 6c4126f
5 files changed
Lines changed: 27 additions & 10 deletions
File tree
- x-pack/solutions/security/plugins/security_solution/server
- lib
- detection_engine/routes/__mocks__
- entity_analytics/entity_store
- routes
- tasks/data_view_refresh
Lines changed: 1 addition & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
168 | 168 | | |
169 | 169 | | |
170 | 170 | | |
| 171 | + | |
171 | 172 | | |
172 | 173 | | |
173 | 174 | | |
| |||
Lines changed: 4 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
58 | 58 | | |
59 | 59 | | |
60 | 60 | | |
| 61 | + | |
| 62 | + | |
| 63 | + | |
61 | 64 | | |
62 | 65 | | |
63 | 66 | | |
| |||
75 | 78 | | |
76 | 79 | | |
77 | 80 | | |
78 | | - | |
| 81 | + | |
79 | 82 | | |
80 | 83 | | |
81 | 84 | | |
| |||
Lines changed: 7 additions & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
110 | 110 | | |
111 | 111 | | |
112 | 112 | | |
113 | | - | |
| 113 | + | |
| 114 | + | |
| 115 | + | |
| 116 | + | |
| 117 | + | |
| 118 | + | |
| 119 | + | |
114 | 120 | | |
115 | 121 | | |
116 | 122 | | |
| |||
Lines changed: 13 additions & 8 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
109 | 109 | | |
110 | 110 | | |
111 | 111 | | |
| 112 | + | |
| 113 | + | |
| 114 | + | |
| 115 | + | |
| 116 | + | |
| 117 | + | |
| 118 | + | |
| 119 | + | |
| 120 | + | |
| 121 | + | |
112 | 122 | | |
113 | 123 | | |
114 | 124 | | |
| |||
145 | 155 | | |
146 | 156 | | |
147 | 157 | | |
| 158 | + | |
| 159 | + | |
148 | 160 | | |
149 | 161 | | |
150 | 162 | | |
| |||
258 | 270 | | |
259 | 271 | | |
260 | 272 | | |
261 | | - | |
262 | | - | |
263 | | - | |
264 | | - | |
265 | | - | |
266 | | - | |
267 | | - | |
268 | | - | |
| 273 | + | |
269 | 274 | | |
270 | 275 | | |
271 | 276 | | |
| |||
Lines changed: 2 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
39 | 39 | | |
40 | 40 | | |
41 | 41 | | |
| 42 | + | |
42 | 43 | | |
43 | 44 | | |
44 | 45 | | |
| |||
56 | 57 | | |
57 | 58 | | |
58 | 59 | | |
| 60 | + | |
59 | 61 | | |
60 | 62 | | |
61 | 63 | | |
| |||
0 commit comments