diff --git a/x-pack/plugins/observability_solution/apm/server/assistant_functions/index.ts b/x-pack/plugins/observability_solution/apm/server/assistant_functions/index.ts index 6a65e6126ff22..1dff57cef6602 100644 --- a/x-pack/plugins/observability_solution/apm/server/assistant_functions/index.ts +++ b/x-pack/plugins/observability_solution/apm/server/assistant_functions/index.ts @@ -72,10 +72,7 @@ export function registerAssistantFunctions({ ruleDataClient, plugins, getApmIndices: async () => { - const coreContext = await resources.context.core; - const apmIndices = await plugins.apmDataAccess.setup.getApmIndices( - coreContext.savedObjects.client - ); + const apmIndices = await plugins.apmDataAccess.setup.getApmIndices(); return apmIndices; }, }; diff --git a/x-pack/plugins/observability_solution/apm/server/plugin.ts b/x-pack/plugins/observability_solution/apm/server/plugin.ts index 1142a5c69a51f..de49ebcebf8b0 100644 --- a/x-pack/plugins/observability_solution/apm/server/plugin.ts +++ b/x-pack/plugins/observability_solution/apm/server/plugin.ts @@ -16,7 +16,6 @@ import { registerAssistantFunctions } from './assistant_functions'; import { registerDeprecations } from './deprecations'; import { APM_FEATURE, registerFeaturesUsage } from './feature'; import { createApmTelemetry } from './lib/apm_telemetry'; -import { getInternalSavedObjectsClient } from './lib/helpers/get_internal_saved_objects_client'; import { APM_RULE_TYPE_ALERT_CONTEXT, apmRuleTypeAlertFieldMap, @@ -115,13 +114,6 @@ export class APMPlugin }; }) as APMRouteHandlerResources['plugins']; - const apmIndicesPromise = (async () => { - const coreStart = await getCoreStart(); - const soClient = await getInternalSavedObjectsClient(coreStart); - const { getApmIndices } = plugins.apmDataAccess; - return getApmIndices(soClient); - })(); - // This if else block will go away in favour of removing Home Tutorial Integration // Ideally we will directly register a custom integration and pass the configs // for cloud, onPrem and Serverless so that the actual component can take @@ -129,7 +121,8 @@ export class APMPlugin if (currentConfig.serverlessOnboarding && plugins.customIntegrations) { plugins.customIntegrations?.registerCustomIntegration(apmTutorialCustomIntegration); } else { - apmIndicesPromise + plugins.apmDataAccess + .getApmIndices() .then((apmIndices) => { plugins.home?.tutorials.registerTutorial( tutorialProvider({ diff --git a/x-pack/plugins/observability_solution/apm/server/routes/apm_routes/register_apm_server_routes.ts b/x-pack/plugins/observability_solution/apm/server/routes/apm_routes/register_apm_server_routes.ts index 5a2af3e7dc066..4792223610bb6 100644 --- a/x-pack/plugins/observability_solution/apm/server/routes/apm_routes/register_apm_server_routes.ts +++ b/x-pack/plugins/observability_solution/apm/server/routes/apm_routes/register_apm_server_routes.ts @@ -109,10 +109,7 @@ export function registerRoutes({ ); const getApmIndices = async () => { - const coreContext = await context.core; - const apmIndices = await plugins.apmDataAccess.setup.getApmIndices( - coreContext.savedObjects.client - ); + const apmIndices = await plugins.apmDataAccess.setup.getApmIndices(); return apmIndices; }; diff --git a/x-pack/plugins/observability_solution/apm/server/routes/assistant_functions/get_observability_alert_details_context/index.ts b/x-pack/plugins/observability_solution/apm/server/routes/assistant_functions/get_observability_alert_details_context/index.ts index 84e51675233c9..f28e3f9df8570 100644 --- a/x-pack/plugins/observability_solution/apm/server/routes/assistant_functions/get_observability_alert_details_context/index.ts +++ b/x-pack/plugins/observability_solution/apm/server/routes/assistant_functions/get_observability_alert_details_context/index.ts @@ -38,8 +38,7 @@ export const getAlertDetailsContextHandler = ( return async (requestContext, query) => { const resources = { getApmIndices: async () => { - const coreContext = await requestContext.core; - return resourcePlugins.apmDataAccess.setup.getApmIndices(coreContext.savedObjects.client); + return resourcePlugins.apmDataAccess.setup.getApmIndices(); }, request: requestContext.request, params: { query: { _inspect: false } }, diff --git a/x-pack/plugins/observability_solution/apm/server/routes/fleet/register_fleet_policy_callbacks.ts b/x-pack/plugins/observability_solution/apm/server/routes/fleet/register_fleet_policy_callbacks.ts index 2237548f2d325..9d00c50b4ab48 100644 --- a/x-pack/plugins/observability_solution/apm/server/routes/fleet/register_fleet_policy_callbacks.ts +++ b/x-pack/plugins/observability_solution/apm/server/routes/fleet/register_fleet_policy_callbacks.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { Logger, CoreStart, SavedObjectsClientContract } from '@kbn/core/server'; +import { Logger, CoreStart } from '@kbn/core/server'; import { FleetStartContract, PostPackagePolicyCreateCallback, @@ -22,7 +22,6 @@ import { SOURCE_MAP_API_KEY_PATH, } from './get_package_policy_decorators'; import { createInternalESClient } from '../../lib/helpers/create_es_client/create_internal_es_client'; -import { getInternalSavedObjectsClient } from '../../lib/helpers/get_internal_saved_objects_client'; import { APMRouteHandlerResources } from '../apm_routes/register_apm_server_routes'; export async function registerFleetPolicyCallbacks({ @@ -149,7 +148,7 @@ function onPackagePolicyCreateOrUpdate({ coreStart, }: { fleetPluginStart: FleetStartContract; - getApmIndices: (soClient: SavedObjectsClientContract) => Promise; + getApmIndices: () => Promise; coreStart: CoreStart; }): PutPackagePolicyUpdateCallback & PostPackagePolicyCreateCallback { return async (packagePolicy) => { @@ -158,8 +157,7 @@ function onPackagePolicyCreateOrUpdate({ } const { asInternalUser } = coreStart.elasticsearch.client; - const savedObjectsClient = await getInternalSavedObjectsClient(coreStart); - const apmIndices = await getApmIndices(savedObjectsClient); + const apmIndices = await getApmIndices(); const internalESClient = await createInternalESClient({ debug: false, diff --git a/x-pack/plugins/observability_solution/apm_data_access/kibana.jsonc b/x-pack/plugins/observability_solution/apm_data_access/kibana.jsonc index 51968be90cb7d..9d80dcd71ce93 100644 --- a/x-pack/plugins/observability_solution/apm_data_access/kibana.jsonc +++ b/x-pack/plugins/observability_solution/apm_data_access/kibana.jsonc @@ -18,9 +18,7 @@ "requiredPlugins": [ "data" ], - "optionalPlugins": [ - "security" - ], + "optionalPlugins": [], "requiredBundles": [] } } \ No newline at end of file diff --git a/x-pack/plugins/observability_solution/apm_data_access/server/index.ts b/x-pack/plugins/observability_solution/apm_data_access/server/index.ts index 6b6385ded4ce4..7afaa656591c4 100644 --- a/x-pack/plugins/observability_solution/apm_data_access/server/index.ts +++ b/x-pack/plugins/observability_solution/apm_data_access/server/index.ts @@ -91,7 +91,6 @@ export type { APMEventESSearchRequest, APMLogEventESSearchRequest, DocumentSourcesRequest, - ApmDataAccessPrivilegesCheck, HostNamesRequest, GetDocumentTypeParams, } from './types'; diff --git a/x-pack/plugins/observability_solution/apm_data_access/server/lib/check_privileges.ts b/x-pack/plugins/observability_solution/apm_data_access/server/lib/check_privileges.ts deleted file mode 100644 index 6b8e734a10b4e..0000000000000 --- a/x-pack/plugins/observability_solution/apm_data_access/server/lib/check_privileges.ts +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { KibanaRequest } from '@kbn/core-http-server'; -import { SecurityPluginStart } from '@kbn/security-plugin-types-server'; -import { mapValues } from 'lodash'; -import { APMIndices } from '..'; - -export interface ApmDataAccessPrivilegesCheck { - request: KibanaRequest; - security?: SecurityPluginStart; - getApmIndices: () => Promise; -} - -export async function checkPrivileges({ - request, - getApmIndices, - security, -}: ApmDataAccessPrivilegesCheck) { - const authorization = security?.authz; - if (!authorization) { - return true; - } - - const [apmIndices, checkPrivilegesFn] = await Promise.all([ - getApmIndices(), - authorization.checkPrivilegesDynamicallyWithRequest(request), - ]); - - const { hasAllRequested } = await checkPrivilegesFn({ - elasticsearch: { - cluster: [], - index: mapValues(apmIndices, () => ['read']), - }, - }); - - return hasAllRequested; -} diff --git a/x-pack/plugins/observability_solution/apm_data_access/server/plugin.ts b/x-pack/plugins/observability_solution/apm_data_access/server/plugin.ts index 680079d080c82..6bf684985583a 100644 --- a/x-pack/plugins/observability_solution/apm_data_access/server/plugin.ts +++ b/x-pack/plugins/observability_solution/apm_data_access/server/plugin.ts @@ -5,32 +5,19 @@ * 2.0. */ -import { - PluginInitializerContext, - CoreSetup, - CoreStart, - Plugin, - SavedObjectsClientContract, - Logger, -} from '@kbn/core/server'; +import { PluginInitializerContext, CoreSetup, CoreStart, Plugin, Logger } from '@kbn/core/server'; import { APMDataAccessConfig } from '.'; -import { - ApmDataAccessPluginSetup, - ApmDataAccessPluginStart, - ApmDataAccessServerDependencies, -} from './types'; +import { ApmDataAccessPluginSetup, ApmDataAccessPluginStart } from './types'; import { migrateLegacyAPMIndicesToSpaceAware } from './saved_objects/migrations/migrate_legacy_apm_indices_to_space_aware'; import { apmIndicesSavedObjectDefinition, getApmIndicesSavedObject, } from './saved_objects/apm_indices'; import { getServices } from './services/get_services'; -import { ApmDataAccessPrivilegesCheck, checkPrivileges } from './lib/check_privileges'; export class ApmDataAccessPlugin implements Plugin { - public server?: ApmDataAccessServerDependencies; public config: APMDataAccessConfig; public logger: Logger; @@ -39,45 +26,34 @@ export class ApmDataAccessPlugin this.logger = initContext.logger.get(); } - getApmIndices = async (savedObjectsClient: SavedObjectsClientContract) => { - const apmIndicesFromSavedObject = await getApmIndicesSavedObject(savedObjectsClient); - return { ...this.config.indices, ...apmIndicesFromSavedObject }; - }; - public setup(core: CoreSetup): ApmDataAccessPluginSetup { // register saved object core.savedObjects.registerType(apmIndicesSavedObjectDefinition); + const getApmIndices = async () => { + const [coreStart] = await core.getStartServices(); + const soClient = await coreStart.savedObjects.createInternalRepository(); + + const apmIndicesFromSavedObject = await getApmIndicesSavedObject(soClient); + return { ...this.config.indices, ...apmIndicesFromSavedObject }; + }; + // expose return { apmIndicesFromConfigFile: this.config.indices, - getApmIndices: this.getApmIndices, + getApmIndices, getServices, }; } - public start(core: CoreStart, plugins: ApmDataAccessServerDependencies) { + public start(core: CoreStart) { // TODO: remove in 9.0 migrateLegacyAPMIndicesToSpaceAware({ coreStart: core, logger: this.logger }).catch((e) => { this.logger.error('Failed to run migration making APM indices space aware'); this.logger.error(e); }); - const getApmIndicesWithInternalUserFn = async () => { - const soClient = core.savedObjects.createInternalRepository(); - return this.getApmIndices(soClient); - }; - - const startServices = { - hasPrivileges: ({ request }: Pick) => - checkPrivileges({ - request, - getApmIndices: getApmIndicesWithInternalUserFn, - security: plugins.security, - }), - }; - - return { ...startServices }; + return {}; } public stop() {} diff --git a/x-pack/plugins/observability_solution/apm_data_access/server/types.ts b/x-pack/plugins/observability_solution/apm_data_access/server/types.ts index f10c23c1fd994..968590e780ee8 100644 --- a/x-pack/plugins/observability_solution/apm_data_access/server/types.ts +++ b/x-pack/plugins/observability_solution/apm_data_access/server/types.ts @@ -5,28 +5,17 @@ * 2.0. */ -import { SavedObjectsClientContract } from '@kbn/core-saved-objects-api-server'; -import type { SecurityPluginStart } from '@kbn/security-plugin-types-server'; import type { APMIndices } from '.'; import { getServices } from './services/get_services'; -import type { ApmDataAccessPrivilegesCheck } from './lib/check_privileges'; export interface ApmDataAccessPluginSetup { apmIndicesFromConfigFile: APMIndices; - getApmIndices: (soClient: SavedObjectsClientContract) => Promise; + getApmIndices: () => Promise; getServices: typeof getServices; } -export interface ApmDataAccessServerDependencies { - security?: SecurityPluginStart; -} - -export interface ApmDataAccessPluginStart { - hasPrivileges: (params: Pick) => Promise; -} -export interface ApmDataAccessServerDependencies { - security?: SecurityPluginStart; -} +// eslint-disable-next-line @typescript-eslint/no-empty-interface +export interface ApmDataAccessPluginStart {} export type ApmDataAccessServices = ReturnType; export type { ApmDataAccessServicesParams } from './services/get_services'; @@ -38,4 +27,3 @@ export type { APMEventESSearchRequest, APMLogEventESSearchRequest, } from './lib/helpers'; -export type { ApmDataAccessPrivilegesCheck }; diff --git a/x-pack/plugins/observability_solution/apm_data_access/tsconfig.json b/x-pack/plugins/observability_solution/apm_data_access/tsconfig.json index d4c38fddf967e..f7ac83af0922e 100644 --- a/x-pack/plugins/observability_solution/apm_data_access/tsconfig.json +++ b/x-pack/plugins/observability_solution/apm_data_access/tsconfig.json @@ -9,7 +9,6 @@ "@kbn/config-schema", "@kbn/core", "@kbn/i18n", - "@kbn/core-saved-objects-api-server", "@kbn/data-plugin", "@kbn/inspector-plugin", "@kbn/observability-plugin", @@ -18,8 +17,6 @@ "@kbn/apm-types", "@kbn/core-http-server-mocks", "@kbn/apm-utils", - "@kbn/core-http-server", - "@kbn/security-plugin-types-server", "@kbn/utility-types", "@kbn/elastic-agent-utils", "@kbn/observability-utils-common" diff --git a/x-pack/plugins/observability_solution/infra/server/lib/helpers/get_apm_data_access_client.ts b/x-pack/plugins/observability_solution/infra/server/lib/helpers/get_apm_data_access_client.ts index e99d57eb4d6c8..dcf63e01b7e93 100644 --- a/x-pack/plugins/observability_solution/infra/server/lib/helpers/get_apm_data_access_client.ts +++ b/x-pack/plugins/observability_solution/infra/server/lib/helpers/get_apm_data_access_client.ts @@ -27,23 +27,17 @@ export const getApmDataAccessClient = ({ context: InfraPluginRequestHandlerContext; request: KibanaRequest; }) => { - const hasPrivileges = async () => { - const apmDataAccessStart = await libs.plugins.apmDataAccess.start(); - return apmDataAccessStart.hasPrivileges({ request }); - }; - const getServices = async () => { const apmDataAccess = libs.plugins.apmDataAccess.setup; const coreContext = await context.core; - const { savedObjects, uiSettings, elasticsearch } = coreContext; - const savedObjectsClient = savedObjects.client; + const { uiSettings, elasticsearch } = coreContext; const esClient = elasticsearch.client.asCurrentUser; const uiSettingsClient = uiSettings.client; const [apmIndices, includeFrozen] = await Promise.all([ - apmDataAccess.getApmIndices(savedObjectsClient), + apmDataAccess.getApmIndices(), uiSettingsClient.get(UI_SETTINGS.SEARCH_INCLUDE_FROZEN), ]); @@ -86,5 +80,5 @@ export const getApmDataAccessClient = ({ }; }; - return { hasPrivileges, getServices }; + return { getServices }; }; diff --git a/x-pack/plugins/observability_solution/infra/server/routes/infra/index.ts b/x-pack/plugins/observability_solution/infra/server/routes/infra/index.ts index 1b720eeb31869..3f91a034c8103 100644 --- a/x-pack/plugins/observability_solution/infra/server/routes/infra/index.ts +++ b/x-pack/plugins/observability_solution/infra/server/routes/infra/index.ts @@ -41,12 +41,11 @@ export const initInfraAssetRoutes = (libs: InfraBackendLibs) => { try { const apmDataAccessClient = getApmDataAccessClient({ request, libs, context }); - const hasApmPrivileges = await apmDataAccessClient.hasPrivileges(); const [infraMetricsClient, alertsClient, apmDataAccessServices] = await Promise.all([ getInfraMetricsClient({ request, libs, context }), getInfraAlertsClient({ libs, request }), - hasApmPrivileges ? apmDataAccessClient.getServices() : undefined, + apmDataAccessClient.getServices(), ]); const hosts = await getHosts({ @@ -97,11 +96,10 @@ export const initInfraAssetRoutes = (libs: InfraBackendLibs) => { try { const apmDataAccessClient = getApmDataAccessClient({ request, libs, context }); - const hasApmPrivileges = await apmDataAccessClient.hasPrivileges(); const [infraMetricsClient, apmDataAccessServices] = await Promise.all([ getInfraMetricsClient({ request, libs, context }), - hasApmPrivileges ? apmDataAccessClient.getServices() : undefined, + apmDataAccessClient.getServices(), ]); const count = await getHostsCount({ diff --git a/x-pack/plugins/observability_solution/infra/server/routes/infra/lib/helpers/query.ts b/x-pack/plugins/observability_solution/infra/server/routes/infra/lib/helpers/query.ts index 570c1499f3b74..52da69cd7c008 100644 --- a/x-pack/plugins/observability_solution/infra/server/routes/infra/lib/helpers/query.ts +++ b/x-pack/plugins/observability_solution/infra/server/routes/infra/lib/helpers/query.ts @@ -9,6 +9,7 @@ import { findInventoryModel } from '@kbn/metrics-data-access-plugin/common'; import { termQuery } from '@kbn/observability-plugin/server'; import { ApmDocumentType, type TimeRangeMetadata } from '@kbn/apm-data-access-plugin/common'; import { estypes } from '@elastic/elasticsearch'; +import { castArray } from 'lodash'; import type { ApmDataAccessServicesWrapper } from '../../../../lib/helpers/get_apm_data_access_client'; import { EVENT_MODULE, @@ -17,12 +18,16 @@ import { } from '../../../../../common/constants'; import type { InfraAssetMetricType } from '../../../../../common/http_api/infra'; -export const getFilterByIntegration = (integration: typeof SYSTEM_INTEGRATION) => { +export const getFilterByIntegration = ( + integration: typeof SYSTEM_INTEGRATION, + extraFilter: estypes.QueryDslQueryContainer[] = [] +) => { return { bool: { should: [ ...termQuery(EVENT_MODULE, integration), ...termQuery(METRICSET_MODULE, integration), + ...extraFilter, ], minimum_should_match: 1, }, @@ -63,7 +68,6 @@ export const getDocumentsFilter = async ({ from: number; to: number; }) => { - const filters: estypes.QueryDslQueryContainer[] = [getFilterByIntegration('system')]; const apmDocumentsFilter = apmDataAccessServices && apmDocumentSources ? await getApmDocumentsFilter({ @@ -74,9 +78,9 @@ export const getDocumentsFilter = async ({ }) : undefined; - if (apmDocumentsFilter) { - filters.push(apmDocumentsFilter); - } + const filters: estypes.QueryDslQueryContainer[] = [ + getFilterByIntegration('system', apmDocumentsFilter && castArray(apmDocumentsFilter)), + ]; return filters; }; diff --git a/x-pack/plugins/observability_solution/infra/server/routes/infra/lib/host/get_hosts.ts b/x-pack/plugins/observability_solution/infra/server/routes/infra/lib/host/get_hosts.ts index bb5bd51cfe1f9..63fef5d438b00 100644 --- a/x-pack/plugins/observability_solution/infra/server/routes/infra/lib/host/get_hosts.ts +++ b/x-pack/plugins/observability_solution/infra/server/routes/infra/lib/host/get_hosts.ts @@ -49,6 +49,7 @@ export const getHosts = async ({ const [hostMetricsResponse, alertsCountResponse] = await Promise.all([ getAllHosts({ infraMetricsClient, + apmDataAccessServices, apmDocumentSources, from, to, diff --git a/x-pack/plugins/observability_solution/infra/server/routes/infra/lib/host/get_hosts_count.ts b/x-pack/plugins/observability_solution/infra/server/routes/infra/lib/host/get_hosts_count.ts index 154fd8796520d..e36811ea5b87a 100644 --- a/x-pack/plugins/observability_solution/infra/server/routes/infra/lib/host/get_hosts_count.ts +++ b/x-pack/plugins/observability_solution/infra/server/routes/infra/lib/host/get_hosts_count.ts @@ -25,8 +25,14 @@ export async function getHostsCount({ }) { assertQueryStructure(query); + const apmDocumentSources = await apmDataAccessServices?.getDocumentSources({ + start: from, + end: to, + }); + const documentsFilter = await getDocumentsFilter({ apmDataAccessServices, + apmDocumentSources, from, to, }); @@ -39,7 +45,7 @@ export async function getHostsCount({ query: { bool: { filter: [query, ...rangeQuery(from, to)], - should: [...documentsFilter], + must: [...documentsFilter], }, }, aggs: { diff --git a/x-pack/plugins/observability_solution/infra/server/routes/infra/lib/types.ts b/x-pack/plugins/observability_solution/infra/server/routes/infra/lib/types.ts index 87679f24271d6..8f50d9eb89f13 100644 --- a/x-pack/plugins/observability_solution/infra/server/routes/infra/lib/types.ts +++ b/x-pack/plugins/observability_solution/infra/server/routes/infra/lib/types.ts @@ -13,5 +13,5 @@ import { InfraMetricsClient } from '../../../lib/helpers/get_infra_metrics_clien export interface GetHostParameters extends GetInfraMetricsRequestBodyPayload { infraMetricsClient: InfraMetricsClient; alertsClient: InfraAlertsClient; - apmDataAccessServices?: ApmDataAccessServicesWrapper; + apmDataAccessServices: ApmDataAccessServicesWrapper; } diff --git a/x-pack/plugins/observability_solution/infra/server/routes/services/index.ts b/x-pack/plugins/observability_solution/infra/server/routes/services/index.ts index 9673b31788487..bc6ce91e830ad 100644 --- a/x-pack/plugins/observability_solution/infra/server/routes/services/index.ts +++ b/x-pack/plugins/observability_solution/infra/server/routes/services/index.ts @@ -36,16 +36,6 @@ export const initServicesRoute = (libs: InfraBackendLibs) => { const { from, to, size = 10, validatedFilters } = request.query; const apmDataAccessClient = getApmDataAccessClient({ request, libs, context }); - const hasApmPrivileges = await apmDataAccessClient.hasPrivileges(); - - if (!hasApmPrivileges) { - return response.customError({ - statusCode: 403, - body: { - message: 'APM data access service is not available', - }, - }); - } const apmDataAccessServices = await apmDataAccessClient.getServices(); diff --git a/x-pack/plugins/observability_solution/profiling/server/routes/apm.ts b/x-pack/plugins/observability_solution/profiling/server/routes/apm.ts index 7ad001831c0e4..4d5a7cca0ff7f 100644 --- a/x-pack/plugins/observability_solution/profiling/server/routes/apm.ts +++ b/x-pack/plugins/observability_solution/profiling/server/routes/apm.ts @@ -52,9 +52,7 @@ export function registerTopNFunctionsAPMTransactionsRoute({ }); } const core = await context.core; - const { transaction: transactionIndices } = await apmDataAccess.getApmIndices( - core.savedObjects.client - ); + const { transaction: transactionIndices } = await apmDataAccess.getApmIndices(); const esClient = await getClient(context);