From 4fa7a94b2ffe14694ac65d91b9233836e19132c0 Mon Sep 17 00:00:00 2001
From: Khristinin Nikita <nikita.khristinin@elastic.co>
Date: Thu, 8 Jun 2023 11:03:22 +0200
Subject: [PATCH] Add risk_score  indexes for kibana_system_user (#96348)

* Add risk_score  indexes for kibana_system_user

* Fix typeo

* Java fix

* Change formatting
---
 .../xpack/core/security/authz/store/ReservedRolesStore.java    | 3 ++-
 .../core/security/authz/store/ReservedRolesStoreTests.java     | 3 +++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java
index d6a941a8bffd8..4204b9ea75fb5 100644
--- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java
+++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java
@@ -924,7 +924,8 @@ public static RoleDescriptor kibanaSystemRoleDescriptor(String name) {
                         "logs-cloud_security_posture.vulnerabilities_latest-default*"
                     )
                     .privileges("create_index", "read", "index", "delete", IndicesAliasesAction.NAME, UpdateSettingsAction.NAME)
-                    .build() },
+                    .build(),
+                RoleDescriptor.IndicesPrivileges.builder().indices("risk-score.risk-*").privileges("all").build() },
             null,
             new ConfigurableClusterPrivilege[] {
                 new ManageApplicationPrivileges(Set.of("kibana-*")),
diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java
index 9c51cdb8c9772..a35a8fbf47210 100644
--- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java
+++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java
@@ -1245,6 +1245,9 @@ public void testKibanaSystemRole() {
                 is(true)
             );
         });
+
+        Arrays.asList("risk-score.risk-score-" + randomAlphaOfLength(randomIntBetween(0, 13)))
+            .forEach(indexName -> assertAllIndicesAccessAllowed(kibanaRole, indexName));
     }
 
     public void testKibanaAdminRole() {