From 388269b8f77c832ecec7db54d0d7c78a10254021 Mon Sep 17 00:00:00 2001 From: Tal Borenstein Date: Wed, 3 Sep 2025 18:53:10 +0300 Subject: [PATCH] update kibana_system to grant it access to .workflows-* system index --- .../main/java/org/elasticsearch/kibana/KibanaPlugin.java | 9 +++++++++ .../java/org/elasticsearch/kibana/KibanaPluginTests.java | 2 +- .../authz/store/KibanaOwnedReservedRoleDescriptors.java | 2 +- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/modules/kibana/src/main/java/org/elasticsearch/kibana/KibanaPlugin.java b/modules/kibana/src/main/java/org/elasticsearch/kibana/KibanaPlugin.java index 42c92c81ff2fc..c2e967ced2a3b 100644 --- a/modules/kibana/src/main/java/org/elasticsearch/kibana/KibanaPlugin.java +++ b/modules/kibana/src/main/java/org/elasticsearch/kibana/KibanaPlugin.java @@ -60,12 +60,21 @@ public class KibanaPlugin extends Plugin implements SystemIndexPlugin { .setAllowedElasticProductOrigins(KIBANA_PRODUCT_ORIGIN) .build(); + public static final SystemIndexDescriptor WORKFLOWS_INDEX_DESCRIPTOR = SystemIndexDescriptor.builder() + .setIndexPattern(".workflows-*") + .setDescription("Workflows system index") + .setType(Type.EXTERNAL_UNMANAGED) + .setAllowedElasticProductOrigins(KIBANA_PRODUCT_ORIGIN) + .setAllowsTemplates() + .build(); + @Override public Collection getSystemIndexDescriptors(Settings settings) { return List.of( KIBANA_INDEX_DESCRIPTOR, REPORTING_INDEX_DESCRIPTOR, ONECHAT_INDEX_DESCRIPTOR, + WORKFLOWS_INDEX_DESCRIPTOR, APM_AGENT_CONFIG_INDEX_DESCRIPTOR, APM_CUSTOM_LINK_INDEX_DESCRIPTOR ); diff --git a/modules/kibana/src/test/java/org/elasticsearch/kibana/KibanaPluginTests.java b/modules/kibana/src/test/java/org/elasticsearch/kibana/KibanaPluginTests.java index 73709b2e48704..bcc95d9c8123e 100644 --- a/modules/kibana/src/test/java/org/elasticsearch/kibana/KibanaPluginTests.java +++ b/modules/kibana/src/test/java/org/elasticsearch/kibana/KibanaPluginTests.java @@ -20,7 +20,7 @@ public class KibanaPluginTests extends ESTestCase { public void testKibanaIndexNames() { assertThat( new KibanaPlugin().getSystemIndexDescriptors(Settings.EMPTY).stream().map(SystemIndexDescriptor::getIndexPattern).toList(), - contains(".kibana_*", ".reporting-*", ".chat-*", ".apm-agent-configuration*", ".apm-custom-link*") + contains(".kibana_*", ".reporting-*", ".chat-*", ".workflows-*", ".apm-agent-configuration*", ".apm-custom-link*") ); } } diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java index e65defea63e2b..86a60a8d82f45 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java @@ -109,7 +109,7 @@ static RoleDescriptor kibanaSystem(String name) { new RoleDescriptor.IndicesPrivileges[] { // System indices defined in KibanaPlugin RoleDescriptor.IndicesPrivileges.builder() - .indices(".kibana*", ".reporting-*", ".chat-*") + .indices(".kibana*", ".reporting-*", ".chat-*", ".workflows-*") .privileges("all") .allowRestrictedIndices(true) .build(),