changed to let index management be the responsibility of ES

Author: Supplementing

x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java

@@ -936,32 +936,6 @@ public void testKibanaSystemRole() {
             ".fleet-fileds"
         ).forEach(index -> assertAllIndicesAccessAllowed(kibanaRole, index));
 
-        // Knowledge base. Fleet creates, manages, and uses this index to store knowledge base documents to be consumed by AI assistants.
-        Arrays.asList(".integration_knowledge" + randomAlphaOfLength(randomIntBetween(0, 13))).forEach((index) -> {
-            final IndexAbstraction indexAbstraction = mockIndexAbstraction(index, IndexAbstraction.Type.CONCRETE_INDEX);
-            assertThat(kibanaRole.indices().allowedIndicesMatcher("indices:foo").test(indexAbstraction), is(false));
-            assertThat(kibanaRole.indices().allowedIndicesMatcher("indices:bar").test(indexAbstraction), is(false));
-            assertThat(
-                kibanaRole.indices().allowedIndicesMatcher(TransportDeleteIndexAction.TYPE.name()).test(indexAbstraction),
-                is(false)
-            );
-            assertThat(kibanaRole.indices().allowedIndicesMatcher(GetIndexAction.NAME).test(indexAbstraction), is(true));
-            assertThat(kibanaRole.indices().allowedIndicesMatcher(TransportCreateIndexAction.TYPE.name()).test(indexAbstraction), is(true));
-            assertThat(kibanaRole.indices().allowedIndicesMatcher(TransportIndexAction.NAME).test(indexAbstraction), is(true));
-            assertThat(kibanaRole.indices().allowedIndicesMatcher(TransportDeleteAction.NAME).test(indexAbstraction), is(true));
-            assertThat(kibanaRole.indices().allowedIndicesMatcher(TransportSearchAction.TYPE.name()).test(indexAbstraction), is(true));
-            assertThat(kibanaRole.indices().allowedIndicesMatcher(TransportMultiSearchAction.TYPE.name()).test(indexAbstraction), is(true));
-            assertThat(kibanaRole.indices().allowedIndicesMatcher(TransportGetAction.TYPE.name()).test(indexAbstraction), is(true));
-            assertThat(kibanaRole.indices().allowedIndicesMatcher(READ_CROSS_CLUSTER_NAME).test(indexAbstraction), is(false));
-            assertThat(
-                kibanaRole.indices().allowedIndicesMatcher(TransportUpdateSettingsAction.TYPE.name()).test(indexAbstraction),
-                is(false)
-            );
-            // In the future, this PutMappingAction check will be false but the BWC check is giving the privilege for all indices with 'write' access
-            assertThat(kibanaRole.indices().allowedIndicesMatcher(TransportPutMappingAction.TYPE.name()).test(indexAbstraction), is(true));
-            assertThat(kibanaRole.indices().allowedIndicesMatcher(RolloverAction.NAME).test(indexAbstraction), is(false));
-        });
-
         final IndexAbstraction dotFleetSecretsIndex = mockIndexAbstraction(".fleet-secrets");
         assertThat(kibanaRole.indices().allowedIndicesMatcher("indices:foo").test(dotFleetSecretsIndex), is(false));
         assertThat(kibanaRole.indices().allowedIndicesMatcher("indices:bar").test(dotFleetSecretsIndex), is(false));

x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/test/TestRestrictedIndices.java

@@ -103,7 +103,8 @@ public class TestRestrictedIndices {
                     SystemIndexDescriptorUtils.createUnmanaged(".fleet-policies-[0-9]+*", "fleet policies"),
                     SystemIndexDescriptorUtils.createUnmanaged(".fleet-policies-leader*", "fleet policies leader"),
                     SystemIndexDescriptorUtils.createUnmanaged(".fleet-servers*", "fleet servers"),
-                    SystemIndexDescriptorUtils.createUnmanaged(".fleet-artifacts*", "fleet artifacts")
+                    SystemIndexDescriptorUtils.createUnmanaged(".fleet-artifacts*", "fleet artifacts"),
+                    SystemIndexDescriptorUtils.createUnmanaged(".integration_knowledge*", "integration knowledge")
                 ),
                 List.of(
                     new SystemDataStreamDescriptor(

x-pack/plugin/core/template-resources/src/main/resources/fleet-integration-knowledge.json

@@ -0,0 +1,34 @@
+{
+  "settings": {
+    "auto_expand_replicas": "0-1",
+    "index.hidden": true
+  },
+  "mappings": {
+    "_doc": {
+      "dynamic": false,
+      "_meta": {
+        "version": "${fleet.version}",
+        "managed_index_mappings_version": "${fleet.managed.index.version}",
+        "description": "Integration package knowledge base content storage",
+        "managed": true
+      },
+      "properties": {
+        "filename": {
+          "type": "keyword"
+        },
+        "content": {
+          "type": "semantic_text"
+        },
+        "version": {
+          "type": "version"
+        },
+        "package_name": {
+          "type": "keyword"
+        },
+        "installed_at": {
+          "type": "date"
+        }
+      }
+    }
+  }
+}

x-pack/plugin/fleet/src/javaRestTest/java/org/elasticsearch/xpack/fleet/FleetSystemIndicesIT.java

@@ -293,4 +293,20 @@ public void verifyFileDeliveryDataILMPolicyExists() throws Exception {
             assertThat(policyMap.size(), equalTo(2));
         });
     }
+
+    public void testCreationOfIntegrationKnowledge() throws Exception {
+        Request request = new Request("PUT", ".integration-knowledge");
+        Response response = client().performRequest(request);
+        assertEquals(200, response.getStatusLine().getStatusCode());
+
+        request = new Request("GET", ".integration-knowledge/_mapping");
+        response = client().performRequest(request);
+        String responseBody = EntityUtils.toString(response.getEntity());
+        assertThat(responseBody, containsString("knowledge_content"));
+
+        request = new Request("GET", ".integration-knowledge-7/_mapping");
+        response = client().performRequest(request);
+        responseBody = EntityUtils.toString(response.getEntity());
+        assertThat(responseBody, containsString("knowledge_content"));
+    }
 }

x-pack/plugin/fleet/src/main/java/org/elasticsearch/xpack/fleet/Fleet.java

@@ -87,6 +87,7 @@ public class Fleet extends Plugin implements SystemIndexPlugin {
     private static final int FLEET_SERVERS_MAPPINGS_VERSION = 1;
     private static final int FLEET_ARTIFACTS_MAPPINGS_VERSION = 1;
     private static final int FLEET_ACTIONS_RESULTS_MAPPINGS_VERSION = 1;
+    private static final int FLEET_INTEGRATION_KNOWLEDGE_MAPPINGS_VERSION = 1;
 
     @Override
     public Collection<?> createComponents(PluginServices services) {
@@ -111,7 +112,8 @@ public Collection<SystemIndexDescriptor> getSystemIndexDescriptors(Settings sett
             fleetPoliciesSystemIndexDescriptor(),
             fleetPoliciesLeaderSystemIndexDescriptor(),
             fleetServersSystemIndexDescriptors(),
-            fleetArtifactsSystemIndexDescriptors()
+            fleetArtifactsSystemIndexDescriptors(),
+            fleetIntegrationKnowledgeSystemIndexDescriptor()
         );
     }
 
@@ -267,6 +269,22 @@ private static SystemIndexDescriptor fleetArtifactsSystemIndexDescriptors() {
             .build();
     }
 
+    private static SystemIndexDescriptor fleetIntegrationKnowledgeSystemIndexDescriptor() {
+        PutIndexTemplateRequest request = new PutIndexTemplateRequest();
+        request.source(loadTemplateSource("/fleet-integration-knowledge.json", FLEET_INTEGRATION_KNOWLEDGE_MAPPINGS_VERSION), XContentType.JSON);
+
+        return SystemIndexDescriptor.builder()
+            .setType(Type.INTERNAL_MANAGED)
+            .setOrigin(FLEET_ORIGIN)
+            .setMappings(request.mappings())
+            .setSettings(request.settings())
+            .setPrimaryIndex(".integration_knowledge-" + CURRENT_INDEX_VERSION)
+            .setIndexPattern(".integration_knowledge*")
+            .setAliasName(".integration_knowledge")
+            .setDescription("Integration package knowledge base content storage")
+            .build();
+    }
+
     private static SystemDataStreamDescriptor fleetActionsResultsDescriptor() {
         final String source = loadTemplateSource("/fleet-actions-results.json", FLEET_ACTIONS_RESULTS_MAPPINGS_VERSION);
         try (XContentParser parser = XContentType.JSON.xContent().createParser(XContentParserConfiguration.EMPTY, source)) {

x-pack/plugin/fleet/src/test/java/org/elasticsearch/xpack/fleet/FleetTests.java

@@ -45,7 +45,8 @@ public void testFleetIndexNames() {
                 ".fleet-policies-leader*",
                 ".fleet-enrollment-api-keys*",
                 ".fleet-artifacts*",
-                ".fleet-secrets*"
+                ".fleet-secrets*",
+                ".integration_knowledge*"
             )
         );
 
@@ -60,6 +61,8 @@ public void testFleetIndexNames() {
         assertFalse(fleetDescriptors.stream().anyMatch(d -> d.matchesIndexPattern(".fleet-actions-results")));
 
         assertTrue(fleetDescriptors.stream().anyMatch(d -> d.matchesIndexPattern(".fleet-secrets")));
+        
+        assertTrue(fleetDescriptors.stream().anyMatch(d -> d.matchesIndexPattern(".integration_knowledge")));
     }
 
     public void testFleetFeature() {