From a673534d76bc3d0c88452cad7f14e96537e3051a Mon Sep 17 00:00:00 2001 From: akshraj-crest <168534717+akshraj-crest@users.noreply.github.com> Date: Mon, 24 Nov 2025 14:37:36 +0530 Subject: [PATCH] [IRONSCALES] - Fix Cannot execute ILM policy delete step (#138094) * Add ILM index for delete previlege * Add changelog entry --------- Co-authored-by: Mohit Jha <138874484+mohitjha-elastic@users.noreply.github.com> (cherry picked from commit 1ff2b5dcc503841e6d6f1a40de65263b6da58981) --- docs/changelog/138094.yaml | 6 ++++++ .../authz/store/KibanaOwnedReservedRoleDescriptors.java | 5 +++-- .../core/security/authz/store/ReservedRolesStoreTests.java | 5 +++-- 3 files changed, 12 insertions(+), 4 deletions(-) create mode 100644 docs/changelog/138094.yaml diff --git a/docs/changelog/138094.yaml b/docs/changelog/138094.yaml new file mode 100644 index 0000000000000..c9592b8b84ca5 --- /dev/null +++ b/docs/changelog/138094.yaml @@ -0,0 +1,6 @@ +pr: 138094 +summary: "[IRONSCALES] Add `manage`, `create_index`, `read`, `index`, `write`, `delete`, permission for third party agent indices `kibana_system`" +area: Authorization +type: enhancement +issues: + - 138093 diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java index f688f30e016ab..cf0bcadd5af94 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java @@ -552,7 +552,7 @@ static RoleDescriptor kibanaSystem(String name) { TransportDeleteIndexAction.TYPE.name() ) .build(), - // For ExtraHop, QualysGAV, SentinelOne, Island Browser and Cyera specific actions. + // For ExtraHop, QualysGAV, SentinelOne, Island Browser, Cyera and IRONSCALES specific actions. // Kibana reads, writes and manages this index // for configured ILM policies. RoleDescriptor.IndicesPrivileges.builder() @@ -565,7 +565,8 @@ static RoleDescriptor kibanaSystem(String name) { "logs-island_browser.device-*", "logs-cyera.classification-*", "logs-cyera.issue-*", - "logs-cyera.datastore-*" + "logs-cyera.datastore-*", + "logs-ironscales.incident-*" ) .privileges( "manage", diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java index 72b1c67071064..5052bd98d9304 100644 --- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java @@ -1979,7 +1979,7 @@ public void testKibanaSystemRole() { assertThat(kibanaRole.indices().allowedIndicesMatcher(RolloverAction.NAME).test(indexAbstraction), is(true)); }); - // Tests for third-party agent indices (ExtraHop, QualysGAV, SentinelOne, Island Browser, Cyera) that `kibana_system` + // Tests for third-party agent indices (ExtraHop, QualysGAV, SentinelOne, Island Browser, Cyera, IRONSCALES) that `kibana_system` // has full management access to // This includes read, write, create, delete, and all ILM-related management actions. Arrays.asList( @@ -1991,7 +1991,8 @@ public void testKibanaSystemRole() { "logs-island_browser.device-" + randomAlphaOfLength(randomIntBetween(1, 10)), "logs-cyera.classification-" + randomAlphaOfLength(randomIntBetween(1, 10)), "logs-cyera.issue-" + randomAlphaOfLength(randomIntBetween(1, 10)), - "logs-cyera.datastore-" + randomAlphaOfLength(randomIntBetween(1, 10)) + "logs-cyera.datastore-" + randomAlphaOfLength(randomIntBetween(1, 10)), + "logs-ironscales.incident-" + randomAlphaOfLength(randomIntBetween(1, 10)) ).forEach((index_qualys_extra_hop) -> { final IndexAbstraction indexAbstraction = mockIndexAbstraction(index_qualys_extra_hop);