add priviliges required for cdr misconfiguration features to work (elastic#112456)

Author: maxcold

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java

@@ -394,12 +394,14 @@ static RoleDescriptor kibanaSystem(String name) {
                         TransportUpdateSettingsAction.TYPE.name()
                     )
                     .build(),
-                // For src/dest indices of the Cloud Security Posture packages that ships a
+                // For source indices of the Cloud Security Posture packages that ships a
                 // transform
                 RoleDescriptor.IndicesPrivileges.builder()
                     .indices("logs-cloud_security_posture.findings-*", "logs-cloud_security_posture.vulnerabilities-*")
                     .privileges("read", "view_index_metadata")
                     .build(),
+                // For destination indices of the Cloud Security Posture packages that ships a
+                // transform
                 RoleDescriptor.IndicesPrivileges.builder()
                     .indices(
                         "logs-cloud_security_posture.findings_latest-default*",
@@ -415,17 +417,23 @@ static RoleDescriptor kibanaSystem(String name) {
                         TransportUpdateSettingsAction.TYPE.name()
                     )
                     .build(),
+                // For source indices of the Cloud Detection & Response (CDR) packages that ships a
+                // transform
                 RoleDescriptor.IndicesPrivileges.builder()
-                    .indices("logs-wiz.vulnerability-*")
+                    .indices("logs-wiz.vulnerability-*", "logs-wiz.cloud_configuration_finding-*")
                     .privileges("read", "view_index_metadata")
                     .build(),
+                // For alias indices of the Cloud Detection & Response (CDR) packages that ships a
+                // transform
                 RoleDescriptor.IndicesPrivileges.builder()
                     // manage privilege required by the index alias
-                    .indices("security_solution-*.vulnerability_latest")
+                    .indices("security_solution-*.vulnerability_latest", "security_solution-*.misconfiguration_latest")
                     .privileges("manage", TransportIndicesAliasesAction.NAME, TransportUpdateSettingsAction.TYPE.name())
                     .build(),
+                // For destination indices of the Cloud Detection & Response (CDR) packages that ships a
+                // transform
                 RoleDescriptor.IndicesPrivileges.builder()
-                    .indices("security_solution-*.vulnerability_latest-*")
+                    .indices("security_solution-*.vulnerability_latest-*", "security_solution-*.misconfiguration_latest-*")
                     .privileges(
                         "create_index",
                         "index",

x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java

@@ -1609,8 +1609,11 @@ public void testKibanaSystemRole() {
             assertThat(kibanaRole.indices().allowedIndicesMatcher(RolloverAction.NAME).test(indexAbstraction), is(true));
         });
 
-        Arrays.asList("logs-wiz.vulnerability-" + randomAlphaOfLength(randomIntBetween(0, 13))).forEach((cspIndex) -> {
-            final IndexAbstraction indexAbstraction = mockIndexAbstraction(cspIndex);
+        Arrays.asList(
+            "logs-wiz.vulnerability-" + randomAlphaOfLength(randomIntBetween(0, 13)),
+            "logs-wiz.cloud_configuration_finding-" + randomAlphaOfLength(randomIntBetween(0, 13))
+        ).forEach(indexName -> {
+            final IndexAbstraction indexAbstraction = mockIndexAbstraction(indexName);
             assertThat(kibanaRole.indices().allowedIndicesMatcher("indices:foo").test(indexAbstraction), is(false));
             assertThat(kibanaRole.indices().allowedIndicesMatcher("indices:bar").test(indexAbstraction), is(false));
             assertThat(
@@ -1643,7 +1646,8 @@ public void testKibanaSystemRole() {
             "logs-cloud_security_posture.findings_latest-default-" + Version.CURRENT,
             "logs-cloud_security_posture.scores-default-" + Version.CURRENT,
             "logs-cloud_security_posture.vulnerabilities_latest-default" + Version.CURRENT,
-            "security_solution-*.vulnerability_latest-" + Version.CURRENT
+            "security_solution-*.vulnerability_latest-" + Version.CURRENT,
+            "security_solution-*.misconfiguration_latest-" + Version.CURRENT
         ).forEach(indexName -> {
             logger.info("index name [{}]", indexName);
             final IndexAbstraction indexAbstraction = mockIndexAbstraction(indexName);