From fa98cbe32072946672bc1df26bc61231a7c72f2c Mon Sep 17 00:00:00 2001
From: Mengwei Ding <mengwei.ding@gmail.com>
Date: Wed, 22 May 2019 20:25:45 -0700
Subject: [PATCH] Add .code_internal-* index pattern to kibana user (#42247)
 (#42387)

---
 .../xpack/core/security/authz/store/ReservedRolesStore.java    | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java
index 2c86971b529f9..49d4159f13968 100644
--- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java
+++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStore.java
@@ -118,8 +118,9 @@ private static Map<String, RoleDescriptor> initializeReservedRoles() {
                                         .indices(".monitoring-*").privileges("read", "read_cross_cluster").build(),
                                 RoleDescriptor.IndicesPrivileges.builder()
                                         .indices(".management-beats").privileges("create_index", "read", "write").build(),
+                                // .code_internal-* is for Code's internal worker queue index creation.
                                 RoleDescriptor.IndicesPrivileges.builder()
-                                        .indices(".code-*").privileges("all").build(),
+                                        .indices(".code-*", ".code_internal-*").privileges("all").build(),
                         },
                         null,
                         new ConditionalClusterPrivilege[] { new ManageApplicationPrivileges(Collections.singleton("kibana-*")) },