Add create_snapshot privilege

[albertzaharovits]

A new cluster privilege type has been added to ES in elastic/elasticsearch#35820 .

[elasticmachine]

Pinging @elastic/kibana-security

[elasticmachine]

💔 Build Failed

• continuous-integration/kibana-ci/pull-request

[legrego]

We unfortunately have a bit of duplication that we haven't addressed yet. Can you also add this to shield_privileges?

CI is failing because of an outdated snapshot as a result of the new privilege.
You can update the snapshot by running node scripts/jest ./plugins/security/public -u from the x-pack directory.

[albertzaharovits]

Hey @legrego , thanks for the pointers!

I have updated the PR, can you take another look please?

Also, elastic/elasticsearch#35820 added a reserved role (snapshot_user) as well. Does kibana store those as well? I think not.

[elasticmachine]

💔 Build Failed

• continuous-integration/kibana-ci/pull-request

[kobelb]

This PR will need to have master merged into it to get CI to go green.

Also, elastic/elasticsearch#35820 added a reserved role (snapshot_user) as well. Does kibana store those as well? I think not.

It does not, we use the ES APIs to get these roles.

[elasticmachine]

💚 Build Succeeded

• continuous-integration/kibana-ci/pull-request

[kobelb]

Thanks Albert!

[albertzaharovits]

Thanks for the shepherding Larry and Brandon!
@kobelb I am backporting this to 7.x . Should I backport to 7.0 and 6.7 as well, given that the compatible code in ES exists since 6.7 ?

[kobelb]

Sure, backporting to 7.0/6.7 seems fine in this situation. If you'd like, I can do so and let CI run, sometimes the Jest snapshots between branches/versions can be finnicky.

[albertzaharovits]

I'll take your kind offer to backport! #31573 is stuck 😞 ...