Correct system index names in Kibana module (#64011)

This commit updates the list of system index names to be complete and
correct for Kibana and APM. The pattern `.kibana*` is too inclusive for
system indices and actually includes the
`.kibana-event-log-${version}-${int}` pattern for the Kibana event log,
which should only be hidden and not a system index. Additionally, the
`.apm-custom-link` index was not included in the list of system
indices. Finally, the reporting pattern has been updated to match that
of the permissions given to the kibana_system role.

Backport of #63950
This commit is contained in:
Jay Modi 2020-10-21 12:11:10 -06:00 committed by GitHub
parent 25be69ceaf
commit 0fab675e95
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 19 additions and 9 deletions

View File

@ -47,9 +47,10 @@ public class KibanaSystemIndexIT extends ESRestTestCase {
public static Iterable<Object[]> data() { public static Iterable<Object[]> data() {
return Arrays.asList( return Arrays.asList(
new Object[] { ".kibana" }, new Object[] { ".kibana" },
new Object[] { ".kibana-1" }, new Object[] { ".kibana_1" },
new Object[] { ".reporting" }, new Object[] { ".reporting-1" },
new Object[] { ".apm-agent-configuration" } new Object[] { ".apm-agent-configuration" },
new Object[] { ".apm-custom-link" }
); );
} }

View File

@ -60,18 +60,20 @@ import java.util.function.Function;
import java.util.function.Supplier; import java.util.function.Supplier;
import java.util.stream.Collectors; import java.util.stream.Collectors;
import static java.util.Collections.unmodifiableList;
public class KibanaPlugin extends Plugin implements SystemIndexPlugin { public class KibanaPlugin extends Plugin implements SystemIndexPlugin {
public static final Setting<List<String>> KIBANA_INDEX_NAMES_SETTING = Setting.listSetting( public static final Setting<List<String>> KIBANA_INDEX_NAMES_SETTING = Setting.listSetting(
"kibana.system_indices", "kibana.system_indices",
Collections.unmodifiableList(Arrays.asList(".kibana*", ".reporting", ".apm-agent-configuration")), unmodifiableList(Arrays.asList(".kibana", ".kibana_*", ".reporting-*", ".apm-agent-configuration", ".apm-custom-link")),
Function.identity(), Function.identity(),
Property.NodeScope Property.NodeScope
); );
@Override @Override
public Collection<SystemIndexDescriptor> getSystemIndexDescriptors(Settings settings) { public Collection<SystemIndexDescriptor> getSystemIndexDescriptors(Settings settings) {
return Collections.unmodifiableList( return unmodifiableList(
KIBANA_INDEX_NAMES_SETTING.get(settings) KIBANA_INDEX_NAMES_SETTING.get(settings)
.stream() .stream()
.map(pattern -> new SystemIndexDescriptor(pattern, "System index used by kibana")) .map(pattern -> new SystemIndexDescriptor(pattern, "System index used by kibana"))
@ -90,7 +92,7 @@ public class KibanaPlugin extends Plugin implements SystemIndexPlugin {
Supplier<DiscoveryNodes> nodesInCluster Supplier<DiscoveryNodes> nodesInCluster
) { ) {
// TODO need to figure out what subset of system indices Kibana should have access to via these APIs // TODO need to figure out what subset of system indices Kibana should have access to via these APIs
return Collections.unmodifiableList( return unmodifiableList(
Arrays.asList( Arrays.asList(
// Based on https://github.com/elastic/kibana/issues/49764 // Based on https://github.com/elastic/kibana/issues/49764
// apis needed to perform migrations... ideally these will go away // apis needed to perform migrations... ideally these will go away
@ -146,7 +148,7 @@ public class KibanaPlugin extends Plugin implements SystemIndexPlugin {
@Override @Override
public List<Route> routes() { public List<Route> routes() {
return Collections.unmodifiableList( return unmodifiableList(
super.routes().stream() super.routes().stream()
.map(route -> new Route(route.getMethod(), "/_kibana" + route.getPath())) .map(route -> new Route(route.getMethod(), "/_kibana" + route.getPath()))
.collect(Collectors.toList()) .collect(Collectors.toList())

View File

@ -40,12 +40,19 @@ public class KibanaPluginTests extends ESTestCase {
.stream() .stream()
.map(SystemIndexDescriptor::getIndexPattern) .map(SystemIndexDescriptor::getIndexPattern)
.collect(Collectors.toList()), .collect(Collectors.toList()),
contains(".kibana*", ".reporting", ".apm-agent-configuration") contains(".kibana", ".kibana_*", ".reporting-*", ".apm-agent-configuration", ".apm-custom-link")
); );
final List<String> names = Collections.unmodifiableList(Arrays.asList("." + randomAlphaOfLength(4), "." + randomAlphaOfLength(6))); final List<String> names = Collections.unmodifiableList(Arrays.asList("." + randomAlphaOfLength(4), "." + randomAlphaOfLength(5)));
final List<String> namesFromDescriptors = new KibanaPlugin().getSystemIndexDescriptors( final List<String> namesFromDescriptors = new KibanaPlugin().getSystemIndexDescriptors(
Settings.builder().putList(KibanaPlugin.KIBANA_INDEX_NAMES_SETTING.getKey(), names).build() Settings.builder().putList(KibanaPlugin.KIBANA_INDEX_NAMES_SETTING.getKey(), names).build()
).stream().map(SystemIndexDescriptor::getIndexPattern).collect(Collectors.toList()); ).stream().map(SystemIndexDescriptor::getIndexPattern).collect(Collectors.toList());
assertThat(namesFromDescriptors, is(names)); assertThat(namesFromDescriptors, is(names));
assertThat(
new KibanaPlugin().getSystemIndexDescriptors(Settings.EMPTY)
.stream()
.anyMatch(systemIndexDescriptor -> systemIndexDescriptor.matchesIndexPattern(".kibana-event-log-7-1")),
is(false)
);
} }
} }