From 07f311ea6ec54bfa9b50caf8526bb8e27e185dc9 Mon Sep 17 00:00:00 2001
From: Dzmitry Lemechko <dzmitry.lemechko@elastic.co>
Date: Wed, 20 Nov 2024 10:07:52 +0100
Subject: [PATCH] [kbn-es] porting changes for security svl roles from
 controller (#200695)

## Summary

In Kibana CI we try to replicate MKI env as much as possible and keeping
roles privileges in sync is important. It often leads to test passing on
KIbana PRs / on-merge pipelines and later failing against real
serverless projects on MKI.

Currently the process is manual, this PR updates predefined security
serverless roles based on
https://github.com/elastic/elasticsearch-controller/pull/771
---
 .../src/serverless_resources/project_roles/security/roles.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/packages/kbn-es/src/serverless_resources/project_roles/security/roles.yml b/packages/kbn-es/src/serverless_resources/project_roles/security/roles.yml
index 07016d0f9fd8d..d8fae0858208d 100644
--- a/packages/kbn-es/src/serverless_resources/project_roles/security/roles.yml
+++ b/packages/kbn-es/src/serverless_resources/project_roles/security/roles.yml
@@ -150,6 +150,8 @@ t1_analyst:
         - write
         - maintenance
     - names:
+        - .lists*
+        - .items*
         - apm-*-transaction*
         - traces-apm*
         - auditbeat-*
@@ -273,6 +275,7 @@ t3_analyst:
       privileges:
         - read
         - write
+        - view_index_metadata
     - names:
         - metrics-endpoint.metadata_current_*
         - .fleet-agents*
@@ -474,6 +477,7 @@ soc_manager:
       privileges:
         - read
         - write
+        - view_index_metadata
     - names:
         - metrics-endpoint.metadata_current_*
         - .fleet-agents*