diff --git a/docs/reference/rest-api/security/get-service-accounts.asciidoc b/docs/reference/rest-api/security/get-service-accounts.asciidoc index e392b3100d989..b80136365d879 100644 --- a/docs/reference/rest-api/security/get-service-accounts.asciidoc +++ b/docs/reference/rest-api/security/get-service-accounts.asciidoc @@ -276,6 +276,21 @@ GET /_security/service/elastic/fleet-server "view_index_metadata" ], "allow_restricted_indices": false + }, + { + "names": [ + "agentless-*", + ], + "privileges": [ + "read", + "write", + "monitor", + "create_index", + "auto_configure", + "maintenance", + "view_index_metadata" + ], + "allow_restricted_indices": false } ], "applications": [ diff --git a/test/framework/src/main/java/org/elasticsearch/test/rest/ESRestTestCase.java b/test/framework/src/main/java/org/elasticsearch/test/rest/ESRestTestCase.java index cd092da193860..b23ad1e9c548f 100644 --- a/test/framework/src/main/java/org/elasticsearch/test/rest/ESRestTestCase.java +++ b/test/framework/src/main/java/org/elasticsearch/test/rest/ESRestTestCase.java @@ -781,6 +781,7 @@ protected Set preserveILMPolicyIds() { "profiling-60-days", "profiling-60-days@lifecycle", "synthetics", + "agentless", "synthetics@lifecycle", "traces@lifecycle", "7-days-default", @@ -2215,6 +2216,7 @@ protected static boolean isXPackTemplate(String name) { case "metrics-tsdb-settings": case "metrics-mappings": case "synthetics": + case "agentless": case "synthetics-settings": case "synthetics-mappings": case ".snapshot-blob-cache": diff --git a/x-pack/plugin/core/template-resources/src/main/resources/agentless@mappings.json b/x-pack/plugin/core/template-resources/src/main/resources/agentless@mappings.json new file mode 100644 index 0000000000000..5afb66de923db --- /dev/null +++ b/x-pack/plugin/core/template-resources/src/main/resources/agentless@mappings.json @@ -0,0 +1,22 @@ +{ + "template": { + "mappings": { + "properties": { + "v": { + "type": "object", + "enabled": false + }, + "updated_at": { + "type": "date", + "format": "strict_date_optional_time||epoch_millis" + } + } + } + }, + "_meta": { + "description": "default mappings for the agentless index template installed by x-pack", + "managed": true + }, + "version": ${xpack.stack.template.version}, + "deprecated": ${xpack.stack.template.deprecated} +} diff --git a/x-pack/plugin/core/template-resources/src/main/resources/agentless@settings.json b/x-pack/plugin/core/template-resources/src/main/resources/agentless@settings.json new file mode 100644 index 0000000000000..23f7c1ef88296 --- /dev/null +++ b/x-pack/plugin/core/template-resources/src/main/resources/agentless@settings.json @@ -0,0 +1,15 @@ +{ + "template": { + "settings": { + "index": { + "hidden": true + } + } + }, + "_meta": { + "description": "default settings for the agentless index template installed by x-pack", + "managed": true + }, + "version": ${xpack.stack.template.version}, + "deprecated": ${xpack.stack.template.deprecated} +} diff --git a/x-pack/plugin/core/template-resources/src/main/resources/agentless@template.json b/x-pack/plugin/core/template-resources/src/main/resources/agentless@template.json new file mode 100644 index 0000000000000..35c5f5581b1e8 --- /dev/null +++ b/x-pack/plugin/core/template-resources/src/main/resources/agentless@template.json @@ -0,0 +1,15 @@ +{ + "index_patterns": ["agentless-*-*"], + "priority": 100, + "composed_of": [ + "agentless@mappings", + "agentless@settings" + ], + "allow_auto_create": true, + "_meta": { + "description": "default agentless template installed by x-pack", + "managed": true + }, + "version": ${xpack.stack.template.version}, + "deprecated": ${xpack.stack.template.deprecated} +} diff --git a/x-pack/plugin/security/qa/service-account/src/javaRestTest/java/org/elasticsearch/xpack/security/authc/service/ServiceAccountIT.java b/x-pack/plugin/security/qa/service-account/src/javaRestTest/java/org/elasticsearch/xpack/security/authc/service/ServiceAccountIT.java index b7fb8c37f4c45..77bde274f9a1c 100644 --- a/x-pack/plugin/security/qa/service-account/src/javaRestTest/java/org/elasticsearch/xpack/security/authc/service/ServiceAccountIT.java +++ b/x-pack/plugin/security/qa/service-account/src/javaRestTest/java/org/elasticsearch/xpack/security/authc/service/ServiceAccountIT.java @@ -316,6 +316,21 @@ public class ServiceAccountIT extends ESRestTestCase { "view_index_metadata" ], "allow_restricted_indices": false + }, + { + "names": [ + "agentless-*" + ], + "privileges": [ + "read", + "write", + "monitor", + "create_index", + "auto_configure", + "maintenance", + "view_index_metadata" + ], + "allow_restricted_indices": false } ], "applications": [ { diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/service/ElasticServiceAccounts.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/service/ElasticServiceAccounts.java index 67211ec6135be..dd671ebef824e 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/service/ElasticServiceAccounts.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/service/ElasticServiceAccounts.java @@ -166,6 +166,12 @@ final class ElasticServiceAccounts { RoleDescriptor.IndicesPrivileges.builder() .indices("content-*", ".search-acl-filter-*") .privileges("read", "write", "monitor", "create_index", "auto_configure", "maintenance", "view_index_metadata") + .build(), + // Custom permissions required for stateful agentless integrations + RoleDescriptor.IndicesPrivileges.builder() + .indices("agentless-*") + .privileges("read", "write", "monitor", "create_index", "auto_configure", "maintenance", "view_index_metadata") + .allowRestrictedIndices(false) .build(), }, new RoleDescriptor.ApplicationResourcePrivileges[] { RoleDescriptor.ApplicationResourcePrivileges.builder() diff --git a/x-pack/plugin/stack/src/main/java/org/elasticsearch/xpack/stack/StackTemplateRegistry.java b/x-pack/plugin/stack/src/main/java/org/elasticsearch/xpack/stack/StackTemplateRegistry.java index 9555f24447e79..55d10c38f9644 100644 --- a/x-pack/plugin/stack/src/main/java/org/elasticsearch/xpack/stack/StackTemplateRegistry.java +++ b/x-pack/plugin/stack/src/main/java/org/elasticsearch/xpack/stack/StackTemplateRegistry.java @@ -100,6 +100,13 @@ public class StackTemplateRegistry extends IndexTemplateRegistry { public static final String SYNTHETICS_ILM_POLICY_NAME = "synthetics@lifecycle"; public static final String SYNTHETICS_INDEX_TEMPLATE_NAME = "synthetics"; + ////////////////////////////////////////////////////////// + // Agentless components (for matching agentless-*-* indices) + ////////////////////////////////////////////////////////// + public static final String AGENTLESS_MAPPINGS_COMPONENT_TEMPLATE_NAME = "agentless@mappings"; + public static final String AGENTLESS_SETTINGS_COMPONENT_TEMPLATE_NAME = "agentless@settings"; + public static final String AGENTLESS_INDEX_TEMPLATE_NAME = "agentless"; + /////////////////////////////////// // Kibana reporting template /////////////////////////////////// @@ -199,6 +206,20 @@ private Map loadComponentTemplateConfigs() { TEMPLATE_VERSION_VARIABLE, ADDITIONAL_TEMPLATE_VARIABLES ), + new IndexTemplateConfig( + AGENTLESS_MAPPINGS_COMPONENT_TEMPLATE_NAME, + "/agentless@mappings.json", + REGISTRY_VERSION, + TEMPLATE_VERSION_VARIABLE, + ADDITIONAL_TEMPLATE_VARIABLES + ), + new IndexTemplateConfig( + AGENTLESS_SETTINGS_COMPONENT_TEMPLATE_NAME, + "/agentless@settings.json", + REGISTRY_VERSION, + TEMPLATE_VERSION_VARIABLE, + ADDITIONAL_TEMPLATE_VARIABLES + ), new IndexTemplateConfig( KIBANA_REPORTING_COMPONENT_TEMPLATE_NAME, "/kibana-reporting@settings.json", @@ -287,6 +308,13 @@ protected Map getComponentTemplateConfigs() { TEMPLATE_VERSION_VARIABLE, ADDITIONAL_TEMPLATE_VARIABLES ), + new IndexTemplateConfig( + AGENTLESS_INDEX_TEMPLATE_NAME, + "/agentless@template.json", + REGISTRY_VERSION, + TEMPLATE_VERSION_VARIABLE, + ADDITIONAL_TEMPLATE_VARIABLES + ), new IndexTemplateConfig( KIBANA_REPORTING_INDEX_TEMPLATE_NAME, "/kibana-reporting@template.json", diff --git a/x-pack/plugin/stack/src/test/java/org/elasticsearch/xpack/stack/StackTemplateRegistryTests.java b/x-pack/plugin/stack/src/test/java/org/elasticsearch/xpack/stack/StackTemplateRegistryTests.java index 35882992f46b5..600c1ccba8ca4 100644 --- a/x-pack/plugin/stack/src/test/java/org/elasticsearch/xpack/stack/StackTemplateRegistryTests.java +++ b/x-pack/plugin/stack/src/test/java/org/elasticsearch/xpack/stack/StackTemplateRegistryTests.java @@ -414,6 +414,8 @@ public void testSameOrHigherVersionTemplateNotUpgraded() { versions.put(StackTemplateRegistry.METRICS_MAPPINGS_COMPONENT_TEMPLATE_NAME, StackTemplateRegistry.REGISTRY_VERSION); versions.put(StackTemplateRegistry.SYNTHETICS_SETTINGS_COMPONENT_TEMPLATE_NAME, StackTemplateRegistry.REGISTRY_VERSION); versions.put(StackTemplateRegistry.SYNTHETICS_MAPPINGS_COMPONENT_TEMPLATE_NAME, StackTemplateRegistry.REGISTRY_VERSION); + versions.put(StackTemplateRegistry.AGENTLESS_SETTINGS_COMPONENT_TEMPLATE_NAME, StackTemplateRegistry.REGISTRY_VERSION); + versions.put(StackTemplateRegistry.AGENTLESS_MAPPINGS_COMPONENT_TEMPLATE_NAME, StackTemplateRegistry.REGISTRY_VERSION); versions.put(StackTemplateRegistry.KIBANA_REPORTING_COMPONENT_TEMPLATE_NAME, StackTemplateRegistry.REGISTRY_VERSION); versions.put(StackTemplateRegistry.TRACES_MAPPINGS_COMPONENT_TEMPLATE_NAME, StackTemplateRegistry.REGISTRY_VERSION); versions.put(StackTemplateRegistry.TRACES_SETTINGS_COMPONENT_TEMPLATE_NAME, StackTemplateRegistry.REGISTRY_VERSION); @@ -472,6 +474,14 @@ public void testSameOrHigherVersionTemplateNotUpgraded() { StackTemplateRegistry.SYNTHETICS_MAPPINGS_COMPONENT_TEMPLATE_NAME, StackTemplateRegistry.REGISTRY_VERSION + randomIntBetween(1, 1000) ); + versions.put( + StackTemplateRegistry.AGENTLESS_SETTINGS_COMPONENT_TEMPLATE_NAME, + StackTemplateRegistry.REGISTRY_VERSION + randomIntBetween(1, 1000) + ); + versions.put( + StackTemplateRegistry.AGENTLESS_MAPPINGS_COMPONENT_TEMPLATE_NAME, + StackTemplateRegistry.REGISTRY_VERSION + randomIntBetween(1, 1000) + ); versions.put( StackTemplateRegistry.KIBANA_REPORTING_COMPONENT_TEMPLATE_NAME, StackTemplateRegistry.REGISTRY_VERSION + randomIntBetween(1, 1000)