add flags to give permissions to write to any dataset and namespace

[gsantoro]

Summary

Add flags to give permissions to reroute events from an input package to other datastreams with the same type but different dataset and namespace.

elasticsearch.dynamic_dataset: true
elasticsearch.dynamic_namespace: true,

Closes: #elastic/integrations#5989

Checklist

Delete any items that are not applicable to this PR.

• Documentation was added for features that require explanation or tutorials
• Unit or functional tests were updated or added to match the most common scenarios

[elasticmachine]

Pinging @elastic/fleet (Team:Fleet)

[ghost]

🤖 GitHub comments

Expand to view the GitHub comments

Just comment with:

• /oblt-deploy : Deploy a Kibana instance using the Observability test environments.
• run elasticsearch-ci/docs : Re-trigger the docs validation. (use unformatted text in the comment!)

[gsantoro]

I have tested the behaviour with the custom logs integration (as an example of an input package) and with some sample nginx access logs being redirected to the logs-test-test datastream.

I created the following custom pipeline logs-generic@custom that is already referenced by the custom-logs default pipeline

curl --location --request PUT 'https://localhost:9200/_ingest/pipeline/logs-generic@custom' \
--header 'Content-Type: application/json' \
--header 'Authorization: Basic ZWxhc3RpYzpjaGFuZ2VtZQ==' \
--data '{
    "description": "My optional pipeline description",
    "processors": [
        {
            "set": {
                "description": "My optional processor description",
                "field": "my-long-field",
                "value": 10
            }
        },
        {
            "reroute": {
                "dataset": "test",
                "namespace": "test"
            }
        }
    ]
}'

[gsantoro]

Closes: #elastic/integrations#5989

[felixbarny]

Needs some tests, otherwise LGTM

[kibana-ci]

💛 Build succeeded, but was flaky

• Buildkite Build
• Commit: 10e399b

Failed CI Steps

• Defend Workflows Cypress Tests

Metrics [docs]

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
fleet	129.4KB	129.5KB	+117.0B

Unknown metric groups

ESLint disabled line counts

id	before	after	diff
enterpriseSearch	19	21	+2
securitySolution	400	404	+4
total			+6

Total ESLint disabled count

id	before	after	diff
enterpriseSearch	20	22	+2
securitySolution	480	484	+4
total			+6

History

• 💔 Build #128926 failed 5eb8bb6
• 💔 Build #128298 failed e3a26ed

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @gsantoro

[juliaElastic]

LGTM

[felixbarny]

@juliaElastic are the API keys expected to be automatically updated and propagated to the agent or do users need to re-install the integration?

[juliaElastic]

@felixbarny Do you mean if we introduce these changes in a package upgrade? I'm not sure, can we test it?

[joshdover]

I would expect that it should be applied automatically to agents when the integration policy is upgraded, after some delay as the change rolls out.

[felixbarny]

I guess there are two cases:

1. When we add the elasticsearch.dynamic_dataset/elasticsearch.dynamic_namespace flag to an integration and publish a new version of the integration
2. This change implicitly adds the flags to all input-type integrations so there won't be a new version for these integrations. For users that have already installed an input-type integration, will the change be effective once users are upgrading Kibana to 8.9.0 or do they need to update Kibana and also re-install the integration or wait for the next update of the integration?