[Stack Monitoring] Verify remote cluster client role when CCS is enabled

[miltonhultgren]

Fixes #129546

Summary

When visiting the Stack Monitoring app, the overview page first tries to load the clusters but if any permissions are missing you get a 403 on that request which causes the app to redirect you to the access denied page.

On this page we now display a helper text stating that you might be missing the remote_cluster_client role in your "local" cluster.

The access denied page also tries to check with the API what might be missing and if it's been resolved every 5 seconds.
Before this PR, that API check said everything was fine so it would try to return to the overview page again only to bounce back to the access denied page.

In this PR I made the API report a 403 if the remote cluster client role is missing so there is a bit less network traffic until it's resolved.

I've also made this a specific error in the Kibana error log to make it easier to catch.

How to test

Get the changes: git fetch git@github.com:miltonhultgren/kibana.git 129546-sm-ccs-roles:129546-sm-ccs-roles && git switch 129546-sm-ccs-roles

1. Locally setup two clusters to configure for CCR, following the steps in here
2. Edit the elasticsearch.yml of the cluster which the "local" and add this line: node.roles: [master, data, data_content, data_hot, data_warm, data_cold, data_frozen, ingest, ml, transform] (note that the role remote_cluster_client is missing from this list)
3. Ingest some Stack Monitoring data into the "remote" cluster
4. Visit the stack monitoring app and verify the above changes

[matschaffer]

@elasticmachine merge upstream

[matschaffer]

Small comment, but overall an improvement. The test failure looked unrelated so I kicked off a main merge to see if that helps.

[matschaffer]

My first thought here is "wouldn't kibana already know if monitoring.ui.ccs.enabled is true?"

[miltonhultgren]

Yes, I just got a little lazy 😊 I'll pull in the config on that page and only show this if it's true!

[kibana-ci]

💛 Build succeeded, but was flaky

• Buildkite Build
• Commit: 353ecb8

Failed CI Steps

• FTR Configs #16
• FTR Configs #29

Test Failures

• [job] [logs] FTR Configs #16 / Cases cases deletion sub privilege create two cases logging in with user cases_all_user single case view User cases_all_user can delete a case while on a specific case page
• [job] [logs] FTR Configs #29 / dashboard app - group 1 dashboard embeddable rendering data rendered correctly when dashboard is hard refreshed

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
monitoring	478.8KB	479.2KB	+358.0B

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
monitoring	23.8KB	23.8KB	+34.0B

History

• 💚 Build #72526 succeeded 77dd26f
• 💔 Build #72252 failed fb414f5

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

[kibanamachine]

💔 Some backports could not be created

Status	Branch	Result
❌	7.17	Backport failed because of merge conflicts
✅	8.4

Note: Successful backport PRs will be merged automatically after passing CI.

Manual backport

To create the backport manually run:

node scripts/backport --pr 140738

Questions ?

Please refer to the Backport tool documentation

[tylersmalley]

This PR missed the 8.4.2 release, so I have updated the labels to reflect this.