[Fleet] Knowledge base integration support (elastic#230107)

## Summary

Closes elastic/ingest-dev#5678

- Adds support for writing the knowledge_base docs in a package to a
system index `.integration_knowledge` with per-document indexing.
- Also checks that the license is appropriate (`enterprise`), otherwise
skips this step as usage of inference models is needed due to the
`semantic_text` field.
- Automatically removes knowledge base files from the index when the
package is removed
- Updates the docs when the package updates
- Also adds an internal endpoint for getting indexed knowledge base docs
for a specific package `GET
/internal/fleet/epm/packages/{pkgName}/knowledge_base`
- In order to improve UX, we also added a generic doc during fleet setup
with some basic fleet knowledge that will be indexed asynchronously (if
the user has the correct license of `enterprise`) so that later on when
the docs need indexed, we dont need to wait for inference model
deployment. See [this
comment](elastic#230107 (comment))
for more context.

_**As part of these changes, I also realized there was an issue with the
custom integrations upload feature where it would error due to a missing
integration name as it relied on the pipeline, so I added a step to use
the name from the `_meta` field (with fallback to the pipeline) in order
to stop issues during manual testing. Can remove before finalized if
needed cc: @elastic/security-scalability. If kept, will close
elastic#231712 .




https://github.com/user-attachments/assets/0a7559af-b312-4356-bdb1-e05531721f89

**NOTE**: In the video, the indexing fails the first time. Turns out, it
was due to a timeout as the index was being created by ES and the
indexing would fail as creation took too long. It is now wrapped in a
retry so this has been resolved.

## Testing instructions

Cloud Deployment for testing without pulling everything down to local:
https://supplementing-pr-230107-knowledge-base-integration-support.kbndev.co/

Manual Testing: 

1. If elastic/elasticsearch#132506 has been
merged, run `yarn es snapshot` in Kibana, otherwise, checkout that
branch in your local ES and then in kibana run `yarn es source` in order
to use that version of ES which contains the index management, mappings,
etc.
2. Install a package with any number of knowledge base docs in the
`docs/knowledge_base` folder. You can use [this sample
package](https://github.com/user-attachments/files/21867395/masonstestpackage-0.0.1.zip),
or create your own following the guide below:


- Using `elastic-package`, create a new package using `elastic-package
create integration`
- Once created add `knowledge_base` as a folder inside of the generated
`docs` folder of the integration
- Add an arbitrary amount of `.md` files to the knowledge_base folder
      - Run `elastic-package build` to build the package
- There are a lot of different options for installing the package in a
local kibana instance. I prefer to just take the generated .zip folder
from `/build` in `elastic-package` and upload it to kibana using the
custom integrations feature. You can also expose the package registry,
or whatever you see fit.

3. Watch the Kibana logs for errors/debug messages etc
4. Use the new endpoint or just directly check the index using `GET
/.integration_knowledge/_search` to verify that the documents are
ingested into the system index of `.integration_knowledge`
5. Update the package and verify that the KB documents are updated by
checking the response again, they should have the updated pkgVersion on
the associated docs.
6. Remove the package and then verify (using the endpoint) that the docs
are removed from the index

### Checklist

Check the PR satisfies following conditions. 

Reviewers should verify this PR satisfies this list as well.

- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [ ] This was checked for breaking HTTP API changes, and any breaking
changes have been approved by the breaking-change committee. The
`release_note:breaking` label should be applied in these situations.
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
- [ ] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
- [ ] Review the [backport
guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)
and apply applicable `backport:*` labels.

### Identify risks

Does this PR introduce any risks? For example, consider risks like hard
to test bugs, performance regression, potential of data loss.

Describe the risk, its severity, and mitigation for each identified
risk. Invite stakeholders and evaluate how to proceed before merging.

- [ ] [See some risk
examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)
- [ ] ...

# Release Note

Adds support for indexing package knowledge base docs into the
.integration_knowledge system index, with per-document updates and
automatic removal when a package is deleted. To be utilized by package
developers allowing the AI assistants to have greater context relevant
to particular packages.

---------

Co-authored-by: kibanamachine <[email protected]>
Co-authored-by: Elastic Machine <[email protected]>

Author: 3 people

oas_docs/bundle.json

@@ -21262,7 +21262,8 @@
                                   "ilm_policy",
                                   "data_stream_ilm_policy",
                                   "transform",
-                                  "ml_model"
+                                  "ml_model",
+                                  "knowledge_base"
                                 ],
                                 "type": "string"
                               },
@@ -21828,7 +21829,8 @@
                                         "ilm_policy",
                                         "data_stream_ilm_policy",
                                         "transform",
-                                        "ml_model"
+                                        "ml_model",
+                                        "knowledge_base"
                                       ],
                                       "type": "string"
                                     },
@@ -22276,7 +22278,8 @@
                                   "ilm_policy",
                                   "data_stream_ilm_policy",
                                   "transform",
-                                  "ml_model"
+                                  "ml_model",
+                                  "knowledge_base"
                                 ],
                                 "type": "string"
                               },
@@ -22494,7 +22497,8 @@
                                                 "ilm_policy",
                                                 "data_stream_ilm_policy",
                                                 "transform",
-                                                "ml_model"
+                                                "ml_model",
+                                                "knowledge_base"
                                               ],
                                               "type": "string"
                                             },
@@ -23562,7 +23566,8 @@
                                   "ilm_policy",
                                   "data_stream_ilm_policy",
                                   "transform",
-                                  "ml_model"
+                                  "ml_model",
+                                  "knowledge_base"
                                 ],
                                 "type": "string"
                               },
@@ -23981,7 +23986,8 @@
                                       "ilm_policy",
                                       "data_stream_ilm_policy",
                                       "transform",
-                                      "ml_model"
+                                      "ml_model",
+                                      "knowledge_base"
                                     ],
                                     "type": "string"
                                   },
@@ -24513,7 +24519,8 @@
                                   "ilm_policy",
                                   "data_stream_ilm_policy",
                                   "transform",
-                                  "ml_model"
+                                  "ml_model",
+                                  "knowledge_base"
                                 ],
                                 "type": "string"
                               },
@@ -24929,7 +24936,8 @@
                                       "ilm_policy",
                                       "data_stream_ilm_policy",
                                       "transform",
-                                      "ml_model"
+                                      "ml_model",
+                                      "knowledge_base"
                                     ],
                                     "type": "string"
                                   },

oas_docs/bundle.serverless.json

@@ -21262,7 +21262,8 @@
                                   "ilm_policy",
                                   "data_stream_ilm_policy",
                                   "transform",
-                                  "ml_model"
+                                  "ml_model",
+                                  "knowledge_base"
                                 ],
                                 "type": "string"
                               },
@@ -21828,7 +21829,8 @@
                                         "ilm_policy",
                                         "data_stream_ilm_policy",
                                         "transform",
-                                        "ml_model"
+                                        "ml_model",
+                                        "knowledge_base"
                                       ],
                                       "type": "string"
                                     },
@@ -22276,7 +22278,8 @@
                                   "ilm_policy",
                                   "data_stream_ilm_policy",
                                   "transform",
-                                  "ml_model"
+                                  "ml_model",
+                                  "knowledge_base"
                                 ],
                                 "type": "string"
                               },
@@ -22494,7 +22497,8 @@
                                                 "ilm_policy",
                                                 "data_stream_ilm_policy",
                                                 "transform",
-                                                "ml_model"
+                                                "ml_model",
+                                                "knowledge_base"
                                               ],
                                               "type": "string"
                                             },
@@ -23562,7 +23566,8 @@
                                   "ilm_policy",
                                   "data_stream_ilm_policy",
                                   "transform",
-                                  "ml_model"
+                                  "ml_model",
+                                  "knowledge_base"
                                 ],
                                 "type": "string"
                               },
@@ -23981,7 +23986,8 @@
                                       "ilm_policy",
                                       "data_stream_ilm_policy",
                                       "transform",
-                                      "ml_model"
+                                      "ml_model",
+                                      "knowledge_base"
                                     ],
                                     "type": "string"
                                   },
@@ -24513,7 +24519,8 @@
                                   "ilm_policy",
                                   "data_stream_ilm_policy",
                                   "transform",
-                                  "ml_model"
+                                  "ml_model",
+                                  "knowledge_base"
                                 ],
                                 "type": "string"
                               },
@@ -24929,7 +24936,8 @@
                                       "ilm_policy",
                                       "data_stream_ilm_policy",
                                       "transform",
-                                      "ml_model"
+                                      "ml_model",
+                                      "knowledge_base"
                                     ],
                                     "type": "string"
                                   },

oas_docs/output/kibana.serverless.yaml

@@ -24480,6 +24480,7 @@ paths:
                                 - data_stream_ilm_policy
                                 - transform
                                 - ml_model
+                                - knowledge_base
                               type: string
                             version:
                               type: string
@@ -24872,6 +24873,7 @@ paths:
                                       - data_stream_ilm_policy
                                       - transform
                                       - ml_model
+                                      - knowledge_base
                                     type: string
                                   version:
                                     type: string
@@ -25175,6 +25177,7 @@ paths:
                                 - data_stream_ilm_policy
                                 - transform
                                 - ml_model
+                                - knowledge_base
                               type: string
                             version:
                               type: string
@@ -25325,6 +25328,7 @@ paths:
                                               - data_stream_ilm_policy
                                               - transform
                                               - ml_model
+                                              - knowledge_base
                                             type: string
                                           version:
                                             type: string
@@ -25787,6 +25791,7 @@ paths:
                                 - data_stream_ilm_policy
                                 - transform
                                 - ml_model
+                                - knowledge_base
                               type: string
                             version:
                               type: string
@@ -26076,6 +26081,7 @@ paths:
                                     - data_stream_ilm_policy
                                     - transform
                                     - ml_model
+                                    - knowledge_base
                                   type: string
                                 version:
                                   type: string
@@ -26435,6 +26441,7 @@ paths:
                                 - data_stream_ilm_policy
                                 - transform
                                 - ml_model
+                                - knowledge_base
                               type: string
                             version:
                               type: string
@@ -26723,6 +26730,7 @@ paths:
                                     - data_stream_ilm_policy
                                     - transform
                                     - ml_model
+                                    - knowledge_base
                                   type: string
                                 version:
                                   type: string

oas_docs/output/kibana.yaml

@@ -28262,6 +28262,7 @@ paths:
                                 - data_stream_ilm_policy
                                 - transform
                                 - ml_model
+                                - knowledge_base
                               type: string
                             version:
                               type: string
@@ -28675,6 +28676,7 @@ paths:
                                       - data_stream_ilm_policy
                                       - transform
                                       - ml_model
+                                      - knowledge_base
                                     type: string
                                   version:
                                     type: string
@@ -28985,6 +28987,7 @@ paths:
                                 - data_stream_ilm_policy
                                 - transform
                                 - ml_model
+                                - knowledge_base
                               type: string
                             version:
                               type: string
@@ -29142,6 +29145,7 @@ paths:
                                               - data_stream_ilm_policy
                                               - transform
                                               - ml_model
+                                              - knowledge_base
                                             type: string
                                           version:
                                             type: string
@@ -29639,6 +29643,7 @@ paths:
                                 - data_stream_ilm_policy
                                 - transform
                                 - ml_model
+                                - knowledge_base
                               type: string
                             version:
                               type: string
@@ -29928,6 +29933,7 @@ paths:
                                     - data_stream_ilm_policy
                                     - transform
                                     - ml_model
+                                    - knowledge_base
                                   type: string
                                 version:
                                   type: string
@@ -30300,6 +30306,7 @@ paths:
                                 - data_stream_ilm_policy
                                 - transform
                                 - ml_model
+                                - knowledge_base
                               type: string
                             version:
                               type: string
@@ -30595,6 +30602,7 @@ paths:
                                     - data_stream_ilm_policy
                                     - transform
                                     - ml_model
+                                    - knowledge_base
                                   type: string
                                 version:
                                   type: string

x-pack/platform/plugins/shared/automatic_import/public/common/lib/api.ts

@@ -39,6 +39,10 @@ import {
 
 export interface EpmPackageResponse {
   items: [{ id: string; type: string }];
+  _meta?: {
+    install_source: string;
+    name: string;
+  };
 }
 
 const defaultHeaders = {

x-pack/platform/plugins/shared/automatic_import/public/common/lib/api_parsers.test.ts

@@ -61,4 +61,37 @@ describe('getIntegrationNameFromResponse', () => {
     } as EpmPackageResponse;
     expect(getIntegrationNameFromResponse(response)).toEqual('');
   });
+
+  it('should return the integration name from _meta.name when available', () => {
+    const response = {
+      items: [{ type: 'ingest_pipeline', id: 'audit-security.data-stream-1.0.0' }],
+      _meta: {
+        install_source: 'upload',
+        name: 'my-custom-integration',
+      },
+    } as EpmPackageResponse;
+    expect(getIntegrationNameFromResponse(response)).toEqual('my-custom-integration');
+  });
+
+  it('should fall back to parsing ingest pipeline when _meta.name is not available', () => {
+    const response = {
+      items: [{ type: 'ingest_pipeline', id: 'audit-security.data-stream-1.0.0' }],
+      _meta: {
+        install_source: 'upload',
+        name: '',
+      },
+    } as EpmPackageResponse;
+    expect(getIntegrationNameFromResponse(response)).toEqual('security-1.0.0');
+  });
+
+  it('should prefer _meta.name over ingest pipeline parsing', () => {
+    const response = {
+      items: [{ type: 'ingest_pipeline', id: 'audit-old-name.data-stream-1.0.0' }],
+      _meta: {
+        install_source: 'upload',
+        name: 'new-integration-name',
+      },
+    } as EpmPackageResponse;
+    expect(getIntegrationNameFromResponse(response)).toEqual('new-integration-name');
+  });
 });

x-pack/platform/plugins/shared/automatic_import/public/common/lib/api_parsers.ts

@@ -8,11 +8,18 @@
 import type { EpmPackageResponse } from './api';
 
 /**
- * This is a hacky way to get the integration name from the response.
- * Since the integration name is not returned in the response we have to parse it from the ingest pipeline name.
+ * Gets the integration name from the response.
+ * First tries to get it from the _meta.name field, then falls back to parsing it from ingest pipeline names.
+ * Since the integration name is not always returned in the response we have to parse it from the ingest pipeline name.
  * TODO: Return the package name from the fleet API: https://github.com/elastic/kibana/issues/185932
  */
 export const getIntegrationNameFromResponse = (response: EpmPackageResponse) => {
+  // First try to get the name from the _meta field
+  if (response?._meta?.name) {
+    return response._meta.name;
+  }
+
+  // Fall back to parsing from ingest pipeline name (legacy behavior)
   return (
     response?.items
       ?.find((item) => item.type === 'ingest_pipeline')

x-pack/platform/plugins/shared/fleet/.storybook/context/fixtures/integration.nginx.ts

@@ -301,6 +301,7 @@ export const item: GetInfoResponse['item'] = {
       index_template: [],
       transform: [],
       ml_model: [],
+      knowledge_base: [],
     },
   },
   policy_templates: [

x-pack/platform/plugins/shared/fleet/.storybook/context/fixtures/integration.okta.ts

@@ -130,6 +130,7 @@ export const item: GetInfoResponse['item'] = {
       index_template: [],
       transform: [],
       ml_model: [],
+      knowledge_base: [],
     },
   },
   policy_templates: [

x-pack/platform/plugins/shared/fleet/common/constants/epm.ts

@@ -114,7 +114,9 @@ export const installationStatuses = {
 // This array also controls the order in which the asset types are displayed
 export const displayedAssetTypes: DisplayedAssetTypes = [
   ...Object.values(KibanaSavedObjectType),
-  ...Object.values(ElasticsearchAssetType),
+  ...(Object.values(ElasticsearchAssetType).filter(
+    (assetType) => assetType !== ElasticsearchAssetType.knowledgeBase
+  ) as ElasticsearchAssetType[]), // Filter out knowledgeBase assets, we dont want to expose to the user
 ];
 
 export const displayedAssetTypesLookup = new Set<string>(displayedAssetTypes);