elastic · Kerry350 · Aug 16, 2021 · Aug 13, 2021 · Aug 13, 2021 · Aug 13, 2021
diff --git a/packages/kbn-rule-data-utils/src/alerts_as_data_rbac.ts b/packages/kbn-rule-data-utils/src/alerts_as_data_rbac.ts
@@ -13,9 +13,6 @@ import type { EsQueryConfig } from '@kbn/es-query';
  * registering a new instance of the rule data client
  * in a new plugin will require updating the below data structure
  * to include the index name where the alerts as data will be written to.
- *
- * This doesn't work in combination with the `xpack.ruleRegistry.index`
- * setting, with which the user can change the index prefix.
  */
 
 export const AlertConsumers = {

diff --git a/x-pack/plugins/rule_registry/server/config.ts b/x-pack/plugins/rule_registry/server/config.ts
@@ -13,8 +13,14 @@ export const config = {
     write: schema.object({
       enabled: schema.boolean({ defaultValue: false }),
     }),
-    index: schema.string({ defaultValue: '.alerts' }),
+    unsafe: schema.object({
+      legacyMultiTenancy: schema.object({
+        enabled: schema.boolean({ defaultValue: false }),
+      }),
+    }),
   }),
 };
 
 export type RuleRegistryPluginConfig = TypeOf<typeof config.schema>;
+
+export const INDEX_PREFIX = '.alerts' as const;
diff --git a/x-pack/plugins/rule_registry/server/plugin.ts b/x-pack/plugins/rule_registry/server/plugin.ts
@@ -12,6 +12,7 @@ import {
   KibanaRequest,
   CoreStart,
   IContextProvider,
+  SharedGlobalConfig,
 } from 'src/core/server';
 import { SecurityPluginSetup } from '../../security/server';
 import { AlertsClientFactory } from './alert_data_client/alerts_client_factory';
@@ -20,7 +21,7 @@ import { RacApiRequestHandlerContext, RacRequestHandlerContext } from './types';
 import { defineRoutes } from './routes';
 import { SpacesPluginStart } from '../../spaces/server';
 
-import { RuleRegistryPluginConfig } from './config';
+import { INDEX_PREFIX, RuleRegistryPluginConfig } from './config';
 import { RuleDataPluginService } from './rule_data_plugin_service';
 import { EventLogService, IEventLogService } from './event_log';
 import { AlertsClient } from './alert_data_client/alerts_client';
@@ -53,6 +54,7 @@ export class RuleRegistryPlugin
       RuleRegistryPluginStartDependencies
     > {
   private readonly config: RuleRegistryPluginConfig;
+  private readonly legacyConfig: SharedGlobalConfig;
   private readonly logger: Logger;
   private eventLogService: EventLogService | null;
   private readonly alertsClientFactory: AlertsClientFactory;
@@ -61,6 +63,8 @@ export class RuleRegistryPlugin
 
   constructor(initContext: PluginInitializerContext) {
     this.config = initContext.config.get<RuleRegistryPluginConfig>();
+    // TODO: Can be removed in 8.0.0. Exists to work around multi-tenancy users.
+    this.legacyConfig = initContext.config.legacy.get();
     this.logger = initContext.logger.get();
     this.eventLogService = null;
     this.ruleDataService = null;
@@ -82,10 +86,25 @@ export class RuleRegistryPlugin
 
     this.security = plugins.security;
 
+    const isWriteEnabled = (config: RuleRegistryPluginConfig, legacyConfig: SharedGlobalConfig) => {
+      const hasEnabledWrite = config.write.enabled;
+      const hasSetCustomKibanaIndex = legacyConfig.kibana.index !== '.kibana';
+      const hasSetUnsafeAccess = config.unsafe.legacyMultiTenancy.enabled;
+
+      if (!hasEnabledWrite) return false;
+
+      // Not using legacy multi-tenancy
+      if (!hasSetCustomKibanaIndex) {
+        return hasEnabledWrite;
+      } else {
+        return hasSetUnsafeAccess;
+      }
+    };
+
     const service = new RuleDataPluginService({
       logger: this.logger,
-      isWriteEnabled: this.config.write.enabled,
-      index: this.config.index,
+      isWriteEnabled: isWriteEnabled(this.config, this.legacyConfig),
+      index: INDEX_PREFIX,
       getClusterClient: async () => {
         const deps = await startDependencies;
         return deps.core.elasticsearch.client.asInternalUser;
@@ -112,8 +131,8 @@ export class RuleRegistryPlugin
 
     const eventLogService = new EventLogService({
       config: {
-        indexPrefix: this.config.index,
-        isWriteEnabled: this.config.write.enabled,
+        indexPrefix: INDEX_PREFIX,
+        isWriteEnabled: isWriteEnabled(this.config, this.legacyConfig),
       },
       dependencies: {
         clusterClient: startDependencies.then((deps) => deps.core.elasticsearch.client),

diff --git a/x-pack/test/apm_api_integration/configs/index.ts b/x-pack/test/apm_api_integration/configs/index.ts
@@ -27,7 +27,6 @@ const apmFtrConfigs = {
     license: 'trial' as const,
     kibanaConfig: {
       'migrations.enableV2': 'false',
-      'xpack.ruleRegistry.index': '.kibana-alerts',
       'xpack.ruleRegistry.write.enabled': 'true',
     },
   },

diff --git a/x-pack/test/apm_api_integration/tests/alerts/rule_registry.ts b/x-pack/test/apm_api_integration/tests/alerts/rule_registry.ts
@@ -42,7 +42,7 @@ export default function ApiTest({ getService }: FtrProviderContext) {
   const BULK_INDEX_DELAY = 1000;
   const INDEXING_DELAY = 5000;
 
-  const ALERTS_INDEX_TARGET = '.kibana-alerts-*-apm*';
+  const ALERTS_INDEX_TARGET = '.alerts-*-apm*';
   const APM_TRANSACTION_INDEX_NAME = 'apm-8.0.0-transaction';
 
   const createTransactionEvent = (override: Record<string, any>) => {