diff --git a/x-pack/plugins/observability_solution/apm/server/assistant_functions/index.ts b/x-pack/plugins/observability_solution/apm/server/assistant_functions/index.ts index 6a65e6126ff22..1dff57cef6602 100644 --- a/x-pack/plugins/observability_solution/apm/server/assistant_functions/index.ts +++ b/x-pack/plugins/observability_solution/apm/server/assistant_functions/index.ts @@ -72,10 +72,7 @@ export function registerAssistantFunctions({ ruleDataClient, plugins, getApmIndices: async () => { - const coreContext = await resources.context.core; - const apmIndices = await plugins.apmDataAccess.setup.getApmIndices( - coreContext.savedObjects.client - ); + const apmIndices = await plugins.apmDataAccess.setup.getApmIndices(); return apmIndices; }, }; diff --git a/x-pack/plugins/observability_solution/apm/server/plugin.ts b/x-pack/plugins/observability_solution/apm/server/plugin.ts index 7e93a5f3c3324..0b7dc2811dc09 100644 --- a/x-pack/plugins/observability_solution/apm/server/plugin.ts +++ b/x-pack/plugins/observability_solution/apm/server/plugin.ts @@ -19,7 +19,6 @@ import { } from './routes/alerts/register_apm_rule_types'; import { registerFleetPolicyCallbacks } from './routes/fleet/register_fleet_policy_callbacks'; import { createApmTelemetry } from './lib/apm_telemetry'; -import { getInternalSavedObjectsClient } from './lib/helpers/get_internal_saved_objects_client'; import { createApmAgentConfigurationIndex } from './routes/settings/agent_configuration/create_agent_config_index'; import { createApmCustomLinkIndex } from './routes/settings/custom_link/create_custom_link_index'; import { @@ -114,13 +113,6 @@ export class APMPlugin }; }) as APMRouteHandlerResources['plugins']; - const apmIndicesPromise = (async () => { - const coreStart = await getCoreStart(); - const soClient = await getInternalSavedObjectsClient(coreStart); - const { getApmIndices } = plugins.apmDataAccess; - return getApmIndices(soClient); - })(); - // This if else block will go away in favour of removing Home Tutorial Integration // Ideally we will directly register a custom integration and pass the configs // for cloud, onPrem and Serverless so that the actual component can take @@ -128,7 +120,8 @@ export class APMPlugin if (currentConfig.serverlessOnboarding && plugins.customIntegrations) { plugins.customIntegrations?.registerCustomIntegration(apmTutorialCustomIntegration); } else { - apmIndicesPromise + plugins.apmDataAccess + .getApmIndices() .then((apmIndices) => { plugins.home?.tutorials.registerTutorial( tutorialProvider({ diff --git a/x-pack/plugins/observability_solution/apm/server/routes/apm_routes/register_apm_server_routes.ts b/x-pack/plugins/observability_solution/apm/server/routes/apm_routes/register_apm_server_routes.ts index 5a2af3e7dc066..4792223610bb6 100644 --- a/x-pack/plugins/observability_solution/apm/server/routes/apm_routes/register_apm_server_routes.ts +++ b/x-pack/plugins/observability_solution/apm/server/routes/apm_routes/register_apm_server_routes.ts @@ -109,10 +109,7 @@ export function registerRoutes({ ); const getApmIndices = async () => { - const coreContext = await context.core; - const apmIndices = await plugins.apmDataAccess.setup.getApmIndices( - coreContext.savedObjects.client - ); + const apmIndices = await plugins.apmDataAccess.setup.getApmIndices(); return apmIndices; }; diff --git a/x-pack/plugins/observability_solution/apm/server/routes/assistant_functions/get_observability_alert_details_context/index.ts b/x-pack/plugins/observability_solution/apm/server/routes/assistant_functions/get_observability_alert_details_context/index.ts index 84e51675233c9..f28e3f9df8570 100644 --- a/x-pack/plugins/observability_solution/apm/server/routes/assistant_functions/get_observability_alert_details_context/index.ts +++ b/x-pack/plugins/observability_solution/apm/server/routes/assistant_functions/get_observability_alert_details_context/index.ts @@ -38,8 +38,7 @@ export const getAlertDetailsContextHandler = ( return async (requestContext, query) => { const resources = { getApmIndices: async () => { - const coreContext = await requestContext.core; - return resourcePlugins.apmDataAccess.setup.getApmIndices(coreContext.savedObjects.client); + return resourcePlugins.apmDataAccess.setup.getApmIndices(); }, request: requestContext.request, params: { query: { _inspect: false } }, diff --git a/x-pack/plugins/observability_solution/apm/server/routes/fleet/register_fleet_policy_callbacks.ts b/x-pack/plugins/observability_solution/apm/server/routes/fleet/register_fleet_policy_callbacks.ts index 2237548f2d325..9d00c50b4ab48 100644 --- a/x-pack/plugins/observability_solution/apm/server/routes/fleet/register_fleet_policy_callbacks.ts +++ b/x-pack/plugins/observability_solution/apm/server/routes/fleet/register_fleet_policy_callbacks.ts @@ -5,7 +5,7 @@ * 2.0. */ -import { Logger, CoreStart, SavedObjectsClientContract } from '@kbn/core/server'; +import { Logger, CoreStart } from '@kbn/core/server'; import { FleetStartContract, PostPackagePolicyCreateCallback, @@ -22,7 +22,6 @@ import { SOURCE_MAP_API_KEY_PATH, } from './get_package_policy_decorators'; import { createInternalESClient } from '../../lib/helpers/create_es_client/create_internal_es_client'; -import { getInternalSavedObjectsClient } from '../../lib/helpers/get_internal_saved_objects_client'; import { APMRouteHandlerResources } from '../apm_routes/register_apm_server_routes'; export async function registerFleetPolicyCallbacks({ @@ -149,7 +148,7 @@ function onPackagePolicyCreateOrUpdate({ coreStart, }: { fleetPluginStart: FleetStartContract; - getApmIndices: (soClient: SavedObjectsClientContract) => Promise; + getApmIndices: () => Promise; coreStart: CoreStart; }): PutPackagePolicyUpdateCallback & PostPackagePolicyCreateCallback { return async (packagePolicy) => { @@ -158,8 +157,7 @@ function onPackagePolicyCreateOrUpdate({ } const { asInternalUser } = coreStart.elasticsearch.client; - const savedObjectsClient = await getInternalSavedObjectsClient(coreStart); - const apmIndices = await getApmIndices(savedObjectsClient); + const apmIndices = await getApmIndices(); const internalESClient = await createInternalESClient({ debug: false, diff --git a/x-pack/plugins/observability_solution/apm_data_access/kibana.jsonc b/x-pack/plugins/observability_solution/apm_data_access/kibana.jsonc index 51968be90cb7d..9d80dcd71ce93 100644 --- a/x-pack/plugins/observability_solution/apm_data_access/kibana.jsonc +++ b/x-pack/plugins/observability_solution/apm_data_access/kibana.jsonc @@ -18,9 +18,7 @@ "requiredPlugins": [ "data" ], - "optionalPlugins": [ - "security" - ], + "optionalPlugins": [], "requiredBundles": [] } } \ No newline at end of file diff --git a/x-pack/plugins/observability_solution/apm_data_access/server/lib/check_privileges.ts b/x-pack/plugins/observability_solution/apm_data_access/server/lib/check_privileges.ts deleted file mode 100644 index 7da8a32845ad0..0000000000000 --- a/x-pack/plugins/observability_solution/apm_data_access/server/lib/check_privileges.ts +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { KibanaRequest } from '@kbn/core-http-server'; -import { SecurityPluginStart } from '@kbn/security-plugin-types-server'; -import { mapValues } from 'lodash'; -import { APMIndices } from '..'; - -export interface ApmDataAccessPrivilegesCheck { - request: KibanaRequest; - security?: SecurityPluginStart; - getApmIndices: () => Promise; -} - -export async function checkPrivileges({ - request, - getApmIndices, - security, -}: ApmDataAccessPrivilegesCheck) { - const authorization = security?.authz; - if (!authorization) { - return true; - } - - const [apmIndices, checkPrivilegesFn] = await Promise.all([ - getApmIndices(), - authorization.checkPrivilegesDynamicallyWithRequest(request), - ]); - - const { hasAllRequested } = await checkPrivilegesFn({ - kibana: [security.authz.actions.app.get('apm:read')], - elasticsearch: { - cluster: [], - index: mapValues(apmIndices, () => ['read']), - }, - }); - - return hasAllRequested; -} diff --git a/x-pack/plugins/observability_solution/apm_data_access/server/plugin.ts b/x-pack/plugins/observability_solution/apm_data_access/server/plugin.ts index 680079d080c82..114f6364978f3 100644 --- a/x-pack/plugins/observability_solution/apm_data_access/server/plugin.ts +++ b/x-pack/plugins/observability_solution/apm_data_access/server/plugin.ts @@ -25,7 +25,6 @@ import { getApmIndicesSavedObject, } from './saved_objects/apm_indices'; import { getServices } from './services/get_services'; -import { ApmDataAccessPrivilegesCheck, checkPrivileges } from './lib/check_privileges'; export class ApmDataAccessPlugin implements Plugin @@ -48,10 +47,17 @@ export class ApmDataAccessPlugin // register saved object core.savedObjects.registerType(apmIndicesSavedObjectDefinition); + const getApmIndicesWithInternalUserFn = async () => { + const soClient = await core + .getStartServices() + .then(([coreStart]) => coreStart.savedObjects.createInternalRepository()); + return this.getApmIndices(soClient); + }; + // expose return { apmIndicesFromConfigFile: this.config.indices, - getApmIndices: this.getApmIndices, + getApmIndices: getApmIndicesWithInternalUserFn, getServices, }; } @@ -63,21 +69,7 @@ export class ApmDataAccessPlugin this.logger.error(e); }); - const getApmIndicesWithInternalUserFn = async () => { - const soClient = core.savedObjects.createInternalRepository(); - return this.getApmIndices(soClient); - }; - - const startServices = { - hasPrivileges: ({ request }: Pick) => - checkPrivileges({ - request, - getApmIndices: getApmIndicesWithInternalUserFn, - security: plugins.security, - }), - }; - - return { ...startServices }; + return {}; } public stop() {} diff --git a/x-pack/plugins/observability_solution/apm_data_access/server/types.ts b/x-pack/plugins/observability_solution/apm_data_access/server/types.ts index f10c23c1fd994..d96468e70d976 100644 --- a/x-pack/plugins/observability_solution/apm_data_access/server/types.ts +++ b/x-pack/plugins/observability_solution/apm_data_access/server/types.ts @@ -5,15 +5,13 @@ * 2.0. */ -import { SavedObjectsClientContract } from '@kbn/core-saved-objects-api-server'; import type { SecurityPluginStart } from '@kbn/security-plugin-types-server'; import type { APMIndices } from '.'; import { getServices } from './services/get_services'; -import type { ApmDataAccessPrivilegesCheck } from './lib/check_privileges'; export interface ApmDataAccessPluginSetup { apmIndicesFromConfigFile: APMIndices; - getApmIndices: (soClient: SavedObjectsClientContract) => Promise; + getApmIndices: () => Promise; getServices: typeof getServices; } @@ -21,9 +19,8 @@ export interface ApmDataAccessServerDependencies { security?: SecurityPluginStart; } -export interface ApmDataAccessPluginStart { - hasPrivileges: (params: Pick) => Promise; -} +// eslint-disable-next-line @typescript-eslint/no-empty-interface +export interface ApmDataAccessPluginStart {} export interface ApmDataAccessServerDependencies { security?: SecurityPluginStart; } @@ -38,4 +35,3 @@ export type { APMEventESSearchRequest, APMLogEventESSearchRequest, } from './lib/helpers'; -export type { ApmDataAccessPrivilegesCheck }; diff --git a/x-pack/plugins/observability_solution/apm_data_access/tsconfig.json b/x-pack/plugins/observability_solution/apm_data_access/tsconfig.json index aeeb73bee2857..d403cff1e83b0 100644 --- a/x-pack/plugins/observability_solution/apm_data_access/tsconfig.json +++ b/x-pack/plugins/observability_solution/apm_data_access/tsconfig.json @@ -19,7 +19,6 @@ "@kbn/core-http-server-mocks", "@kbn/apm-utils", "@kbn/core-http-server", - "@kbn/security-plugin-types-server", "@kbn/observability-utils", "@kbn/utility-types", "@kbn/elastic-agent-utils" diff --git a/x-pack/plugins/observability_solution/infra/server/lib/helpers/get_apm_data_access_client.ts b/x-pack/plugins/observability_solution/infra/server/lib/helpers/get_apm_data_access_client.ts index e99d57eb4d6c8..dcf63e01b7e93 100644 --- a/x-pack/plugins/observability_solution/infra/server/lib/helpers/get_apm_data_access_client.ts +++ b/x-pack/plugins/observability_solution/infra/server/lib/helpers/get_apm_data_access_client.ts @@ -27,23 +27,17 @@ export const getApmDataAccessClient = ({ context: InfraPluginRequestHandlerContext; request: KibanaRequest; }) => { - const hasPrivileges = async () => { - const apmDataAccessStart = await libs.plugins.apmDataAccess.start(); - return apmDataAccessStart.hasPrivileges({ request }); - }; - const getServices = async () => { const apmDataAccess = libs.plugins.apmDataAccess.setup; const coreContext = await context.core; - const { savedObjects, uiSettings, elasticsearch } = coreContext; - const savedObjectsClient = savedObjects.client; + const { uiSettings, elasticsearch } = coreContext; const esClient = elasticsearch.client.asCurrentUser; const uiSettingsClient = uiSettings.client; const [apmIndices, includeFrozen] = await Promise.all([ - apmDataAccess.getApmIndices(savedObjectsClient), + apmDataAccess.getApmIndices(), uiSettingsClient.get(UI_SETTINGS.SEARCH_INCLUDE_FROZEN), ]); @@ -86,5 +80,5 @@ export const getApmDataAccessClient = ({ }; }; - return { hasPrivileges, getServices }; + return { getServices }; }; diff --git a/x-pack/plugins/observability_solution/infra/server/routes/infra/index.ts b/x-pack/plugins/observability_solution/infra/server/routes/infra/index.ts index 1b720eeb31869..3f91a034c8103 100644 --- a/x-pack/plugins/observability_solution/infra/server/routes/infra/index.ts +++ b/x-pack/plugins/observability_solution/infra/server/routes/infra/index.ts @@ -41,12 +41,11 @@ export const initInfraAssetRoutes = (libs: InfraBackendLibs) => { try { const apmDataAccessClient = getApmDataAccessClient({ request, libs, context }); - const hasApmPrivileges = await apmDataAccessClient.hasPrivileges(); const [infraMetricsClient, alertsClient, apmDataAccessServices] = await Promise.all([ getInfraMetricsClient({ request, libs, context }), getInfraAlertsClient({ libs, request }), - hasApmPrivileges ? apmDataAccessClient.getServices() : undefined, + apmDataAccessClient.getServices(), ]); const hosts = await getHosts({ @@ -97,11 +96,10 @@ export const initInfraAssetRoutes = (libs: InfraBackendLibs) => { try { const apmDataAccessClient = getApmDataAccessClient({ request, libs, context }); - const hasApmPrivileges = await apmDataAccessClient.hasPrivileges(); const [infraMetricsClient, apmDataAccessServices] = await Promise.all([ getInfraMetricsClient({ request, libs, context }), - hasApmPrivileges ? apmDataAccessClient.getServices() : undefined, + apmDataAccessClient.getServices(), ]); const count = await getHostsCount({ diff --git a/x-pack/plugins/observability_solution/infra/server/routes/infra/lib/host/get_all_hosts.ts b/x-pack/plugins/observability_solution/infra/server/routes/infra/lib/host/get_all_hosts.ts index 8d2e687f2a8b0..abeb51140d189 100644 --- a/x-pack/plugins/observability_solution/infra/server/routes/infra/lib/host/get_all_hosts.ts +++ b/x-pack/plugins/observability_solution/infra/server/routes/infra/lib/host/get_all_hosts.ts @@ -54,11 +54,8 @@ export const getAllHosts = async ({ track_total_hits: false, query: { bool: { - filter: [ - ...termsQuery(HOST_NAME_FIELD, ...hostNames), - ...rangeQuery(from, to), - ...documentsFilter, - ], + filter: [...termsQuery(HOST_NAME_FIELD, ...hostNames), ...rangeQuery(from, to)], + should: [...documentsFilter], }, }, aggs: { diff --git a/x-pack/plugins/observability_solution/infra/server/routes/infra/lib/host/get_hosts.ts b/x-pack/plugins/observability_solution/infra/server/routes/infra/lib/host/get_hosts.ts index bb5bd51cfe1f9..63fef5d438b00 100644 --- a/x-pack/plugins/observability_solution/infra/server/routes/infra/lib/host/get_hosts.ts +++ b/x-pack/plugins/observability_solution/infra/server/routes/infra/lib/host/get_hosts.ts @@ -49,6 +49,7 @@ export const getHosts = async ({ const [hostMetricsResponse, alertsCountResponse] = await Promise.all([ getAllHosts({ infraMetricsClient, + apmDataAccessServices, apmDocumentSources, from, to, diff --git a/x-pack/plugins/observability_solution/infra/server/routes/infra/lib/types.ts b/x-pack/plugins/observability_solution/infra/server/routes/infra/lib/types.ts index 87679f24271d6..8f50d9eb89f13 100644 --- a/x-pack/plugins/observability_solution/infra/server/routes/infra/lib/types.ts +++ b/x-pack/plugins/observability_solution/infra/server/routes/infra/lib/types.ts @@ -13,5 +13,5 @@ import { InfraMetricsClient } from '../../../lib/helpers/get_infra_metrics_clien export interface GetHostParameters extends GetInfraMetricsRequestBodyPayload { infraMetricsClient: InfraMetricsClient; alertsClient: InfraAlertsClient; - apmDataAccessServices?: ApmDataAccessServicesWrapper; + apmDataAccessServices: ApmDataAccessServicesWrapper; } diff --git a/x-pack/plugins/observability_solution/infra/server/routes/services/index.ts b/x-pack/plugins/observability_solution/infra/server/routes/services/index.ts index 9673b31788487..bc6ce91e830ad 100644 --- a/x-pack/plugins/observability_solution/infra/server/routes/services/index.ts +++ b/x-pack/plugins/observability_solution/infra/server/routes/services/index.ts @@ -36,16 +36,6 @@ export const initServicesRoute = (libs: InfraBackendLibs) => { const { from, to, size = 10, validatedFilters } = request.query; const apmDataAccessClient = getApmDataAccessClient({ request, libs, context }); - const hasApmPrivileges = await apmDataAccessClient.hasPrivileges(); - - if (!hasApmPrivileges) { - return response.customError({ - statusCode: 403, - body: { - message: 'APM data access service is not available', - }, - }); - } const apmDataAccessServices = await apmDataAccessClient.getServices();