Kibana API key generation for synthetic service

[shahzad31]

We need to pass an API key generated by kibana to the synthetic service, that will be used by heartbeat to communicate with elasticsearch.

We will generate an API key and save it as an encrypted saved object and will reuse it every-time we need to pass monitors configurations to the synthetics service.

Docs for encrypted saved objects https://github.com/elastic/kibana/blob/main/x-pack/plugins/encrypted_saved_objects/README.md

We will have to generate/reuse API keys everytime our schedule task will run or user performs CRUD operation from the UI, Point being everytime when we need to push configurations to the synthetics service

First we will need to check if API keys are enabled

await security?.authc.apiKeys?.areAPIKeysEnabled()

And then we will generate an API key using a method

    const apiKey = await security?.authc.apiKeys?.grantAsInternalUser(request, {
      name: 'synthetics-api-key',
      role_descriptors: {},
    });

API key permission

We will limit role_descriptors to allow it only to write hearbeat indices

      role_descriptors: {
        synthetics_writer: {
          cluster: ['monitor', 'read_ilm', 'read_pipeline'],
          index: [
            {
              names: ['synthetics-*', 'heartbeat-*'],
              privileges: ['view_index_metadata', 'create_doc'],
            },
          ],
        },
      },

Follow further docs
https://www.elastic.co/guide/en/kibana/master/api-keys.html