[SECURITY SOLUTION] Allow the application to create its own data view without using user privilege (#121109)

* backend update to use unsecure so * wip on UI * fix UI to work with one dataview at the time * by pass capabilities in data view factory * fix sourcerer in timeline * fix types * fix unit test * fix index field to work with security data view * cypress + detection roles tests * add unit test * review I * review II * review III * clean up after talking to Larry * fix latets code * working to be green * by pass capabilities from data view API only use saved object kibana privilege * fix lint * add commnet per review Co-authored-by: Steph Milovic <stephanie.milovic@elastic.co>
2025-04-24 17:59:23 -04:00 · 2021-12-21 13:09:30 -05:00 · 2021-12-21 13:09:30 -05:00 · c07a9dc939
commit c07a9dc939
parent dae791bda5
27 changed files with 466 additions and 230 deletions
--- a/x-pack/plugins/timelines/server/search_strategy/index_fields/index.test.ts
+++ b/x-pack/plugins/timelines/server/search_strategy/index_fields/index.test.ts
@ -817,7 +817,7 @@ describe('Fields Provider', () => {
      {
        data: {
          indexPatterns: {
-            indexPatternsServiceFactory: () => ({
+            dataViewsServiceFactory: () => ({
              get: jest.fn().mockReturnValue(mockPattern),
            }),
          },
--- a/x-pack/plugins/timelines/server/search_strategy/index_fields/index.ts
+++ b/x-pack/plugins/timelines/server/search_strategy/index_fields/index.ts
@ -72,7 +72,7 @@ export const findExistingIndices = async (

 export const requestIndexFieldSearch = async (
  request: IndexFieldsStrategyRequest<'indices' | 'dataView'>,
-  { savedObjectsClient, esClient }: SearchStrategyDependencies,
+  { savedObjectsClient, esClient, request: kRequest }: SearchStrategyDependencies,
  beatFields: BeatFields,
  getStartServices: StartServicesAccessor<StartPlugins>
 ): Promise<IndexFieldsStrategyResponse> => {
@ -87,9 +87,12 @@ export const requestIndexFieldSearch = async (
      data: { indexPatterns },
    },
  ] = await getStartServices();
-  const dataViewService = await indexPatterns.indexPatternsServiceFactory(
+
+  const dataViewService = await indexPatterns.dataViewsServiceFactory(
    savedObjectsClient,
-    esClient.asCurrentUser
+    esClient.asCurrentUser,
+    kRequest,
+    true
  );

  let indicesExist: string[] = [];
@ -119,6 +122,7 @@ export const requestIndexFieldSearch = async (
      (acc: string[], doesIndexExist, i) => (doesIndexExist ? [...acc, patternList[i]] : acc),
      []
    );
+
    if (!request.onlyCheckIfIndicesExist) {
      const dataViewSpec = dataView.toSpec();
      const fieldDescriptor = [Object.values(dataViewSpec.fields ?? {})];