remove CCS patterns and update test

elastic · May 11, 2021 · bfe416a · bfe416a
1 parent d91f39b
commit bfe416a
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 15 deletions.
diff --git a/...e/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java b/...e/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java
@@ -38,9 +38,7 @@
 
 public class ReservedRolesStore implements BiConsumer<Set<String>, ActionListener<RoleRetrievalResult>> {
     public static final String LEGACY_ALERTS_INDEX = ".siem-signals*";
-    public static final String LEGACY_ALERTS_INDEX_CCS = "*:.siem-signals*";
     public static final String ALERTS_INDEX = ".alerts*";
-    public static final String ALERTS_INDEX_CCS = "*:.alerts*";
 
     public static final RoleDescriptor SUPERUSER_ROLE_DESCRIPTOR = new RoleDescriptor("superuser",
             new String[] { "all" },
@@ -185,15 +183,7 @@ private static Map<String, RoleDescriptor> initializeReservedRoles() {
                                 // Kibana user will read / write to these indices
                                 RoleDescriptor.IndicesPrivileges.builder()
                                     .indices(ReservedRolesStore.ALERTS_INDEX)
-                                    .privileges("all").build(),
-                                // Legacy "Alerts as data" CCS
-                                RoleDescriptor.IndicesPrivileges.builder()
-                                    .indices(ReservedRolesStore.LEGACY_ALERTS_INDEX_CCS)
-                                    .privileges("all").build(),
-                                // Legacy "Alerts as data" CCS
-                                RoleDescriptor.IndicesPrivileges.builder()
-                                    .indices(ReservedRolesStore.ALERTS_INDEX_CCS)
-                                    .privileges("all").build(),
+                                    .privileges("all").build()
                         },
                         null,
                         new ConfigurableClusterPrivilege[] { new ManageApplicationPrivileges(Collections.singleton("kibana-*")) },

diff --git a/.../test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java b/.../test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java
@@ -401,10 +401,8 @@ public void testKibanaSystemRole() {
             ".reporting-" + randomAlphaOfLength(randomIntBetween(0, 13)),
             ".apm-agent-configuration",
             ".apm-custom-link",
-            ReservedRolesStore.LEGACY_ALERTS_INDEX,
-            ReservedRolesStore.ALERTS_INDEX,
-            ReservedRolesStore.LEGACY_ALERTS_INDEX_CCS,
-            ReservedRolesStore.ALERTS_INDEX_CCS
+            ReservedRolesStore.LEGACY_ALERTS_INDEX + randomAlphaOfLength(randomIntBetween(0, 13)),
+            ReservedRolesStore.ALERTS_INDEX + randomAlphaOfLength(randomIntBetween(0, 13))
         ).forEach((index) -> {
             logger.info("index name [{}]", index);
             assertThat(kibanaRole.indices().allowedIndicesMatcher("indices:foo").test(mockIndexAbstraction(index)), is(true));