[8.x] Use internal user to create list (#196341) (#196427)

# Backport

This will backport the following commits from `main` to `8.x`:
- [Use internal user to create list
(#196341)](https://github.com/elastic/kibana/pull/196341)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Khristinin
Nikita","email":"nikita.khristinin@elastic.co"},"sourceCommit":{"committedDate":"2024-10-15T18:59:48Z","message":"Use
internal user to create list (#196341)\n\nRecently there was changes
which restrict creation of dot notation\r\nindices for not operator user
in serverless.\r\n\r\nWe created `.list-${space}` from the current user,
by making API request\r\nfrom UI which is failing right
now\r\n\r\n\r\nThis is quick fix, which use internal user to create
lists.\r\n\r\n\r\nCurrently this check available only on serverless QA,
but there is a\r\nplan to ship it to prod. Which will block the
serverless release, as all\r\ntests failed.\r\n\r\nWe checked on QA env,
that with main branch we can't create those\r\nindices, but with this PR
deployed, it fix
it.","sha":"ceea2ce6a52b1283b31c9342468570844d286f06","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","backport:prev-minor"],"title":"Use
internal user to create list
","number":196341,"url":"https://github.com/elastic/kibana/pull/196341","mergeCommit":{"message":"Use
internal user to create list (#196341)\n\nRecently there was changes
which restrict creation of dot notation\r\nindices for not operator user
in serverless.\r\n\r\nWe created `.list-${space}` from the current user,
by making API request\r\nfrom UI which is failing right
now\r\n\r\n\r\nThis is quick fix, which use internal user to create
lists.\r\n\r\n\r\nCurrently this check available only on serverless QA,
but there is a\r\nplan to ship it to prod. Which will block the
serverless release, as all\r\ntests failed.\r\n\r\nWe checked on QA env,
that with main branch we can't create those\r\nindices, but with this PR
deployed, it fix
it.","sha":"ceea2ce6a52b1283b31c9342468570844d286f06"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/196341","number":196341,"mergeCommit":{"message":"Use
internal user to create list (#196341)\n\nRecently there was changes
which restrict creation of dot notation\r\nindices for not operator user
in serverless.\r\n\r\nWe created `.list-${space}` from the current user,
by making API request\r\nfrom UI which is failing right
now\r\n\r\n\r\nThis is quick fix, which use internal user to create
lists.\r\n\r\n\r\nCurrently this check available only on serverless QA,
but there is a\r\nplan to ship it to prod. Which will block the
serverless release, as all\r\ntests failed.\r\n\r\nWe checked on QA env,
that with main branch we can't create those\r\nindices, but with this PR
deployed, it fix
it.","sha":"ceea2ce6a52b1283b31c9342468570844d286f06"}}]}] BACKPORT-->

Co-authored-by: Khristinin Nikita <nikita.khristinin@elastic.co>

x-pack/plugins/lists/server/plugin.ts

@@ -103,7 +103,7 @@ export class ListPlugin implements Plugin<ListPluginSetup, ListsPluginStart, {},
         security,
         savedObjects: { client: savedObjectsClient },
         elasticsearch: {
-          client: { asCurrentUser: esClient },
+          client: { asCurrentUser: esClient, asInternalUser: internalEsClient },
         },
       } = await context.core;
       if (config == null) {
@@ -121,6 +121,13 @@ export class ListPlugin implements Plugin<ListPluginSetup, ListsPluginStart, {},
             }),
           getExtensionPointClient: (): ExtensionPointStorageClientInterface =>
             extensionPoints.getClient(),
+          getInternalListClient: (): ListClient =>
+            new ListClient({
+              config,
+              esClient: internalEsClient,
+              spaceId,
+              user,
+            }),
           getListClient: (): ListClient =>
             new ListClient({
               config,

x-pack/plugins/lists/server/routes/list_index/create_list_index_route.ts

@@ -11,7 +11,7 @@ import { CreateListIndexResponse } from '@kbn/securitysolution-lists-common/api'
 
 import type { ListsPluginRouter } from '../../types';
 import { buildSiemResponse } from '../utils';
-import { getListClient } from '..';
+import { getInternalListClient } from '..';
 
 export const createListIndexRoute = (router: ListsPluginRouter): void => {
   router.versioned
@@ -26,7 +26,7 @@ export const createListIndexRoute = (router: ListsPluginRouter): void => {
       const siemResponse = buildSiemResponse(response);
 
       try {
-        const lists = await getListClient(context);
+        const lists = await getInternalListClient(context);
 
         const listDataStreamExists = await lists.getListDataStreamExists();
         const listItemDataStreamExists = await lists.getListItemDataStreamExists();

x-pack/plugins/lists/server/routes/utils/get_internal_list_client.ts

@@ -0,0 +1,21 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { ListClient } from '../../services/lists/list_client';
+import { ErrorWithStatusCode } from '../../error_with_status_code';
+import type { ListsRequestHandlerContext } from '../../types';
+
+export const getInternalListClient = async (
+  context: ListsRequestHandlerContext
+): Promise<ListClient> => {
+  const lists = (await context.lists)?.getInternalListClient();
+  if (lists == null) {
+    throw new ErrorWithStatusCode('Lists is not found as a plugin', 404);
+  } else {
+    return lists;
+  }
+};

x-pack/plugins/lists/server/routes/utils/index.ts

@@ -8,6 +8,7 @@
 export * from './get_error_message_exception_list_item';
 export * from './get_error_message_exception_list';
 export * from './get_list_client';
+export * from './get_internal_list_client';
 export * from './get_exception_list_client';
 export * from './route_validation';
 export * from './build_siem_response';

x-pack/plugins/lists/server/types.ts

@@ -53,6 +53,7 @@ export interface ListPluginSetup {
  * @public
  */
 export interface ListsApiRequestHandlerContext {
+  getInternalListClient: () => ListClient;
   getListClient: () => ListClient;
   getExceptionListClient: () => ExceptionListClient;
   getExtensionPointClient: () => ExtensionPointStorageClientInterface;

x-pack/plugins/security_solution/server/lib/detection_engine/routes/__mocks__/request_context.ts

@@ -107,6 +107,7 @@ const createRequestContextMock = (
       getListClient: jest.fn(() => clients.lists.listClient),
       getExceptionListClient: jest.fn(() => clients.lists.exceptionListClient),
       getExtensionPointClient: jest.fn(),
+      getInternalListClient: jest.fn(),
     },
   };
 };