[7.x] [Endpoint] Remove dependency on ingest for the index patterns (#…

…69058) (#69194)

* [Endpoint] Remove dependency on ingest for the index patterns (#69058)

* Remove dependency on ingest for the index patterns

* Fixing the tests

* Fixing test

* Use variable instead of class

* Using correct index patterns (#69208)

Co-authored-by: Elastic Machine <[email protected]>

x-pack/plugins/security_solution/common/endpoint/constants.ts

@@ -0,0 +1,10 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+export const eventsIndexPattern = 'events-endpoint-*';
+export const metadataIndexPattern = 'metrics-endpoint.metadata-*';
+export const policyIndexPattern = 'metrics-endpoint.policy-*';
+export const telemetryIndexPattern = 'metrics-endpoint.telemetry-*';

x-pack/plugins/security_solution/common/endpoint_alerts/alert_constants.ts

@@ -9,14 +9,6 @@ export class AlertConstants {
    * The prefix for all Alert APIs
    */
   static BASE_API_URL = '/api/endpoint';
-  /**
-   * The path for the Alert's Index Pattern API.
-   */
-  static INDEX_PATTERN_ROUTE = `${AlertConstants.BASE_API_URL}/index_pattern`;
-  /**
-   * A paramter passed to Alert's Index Pattern.
-   */
-  static EVENT_DATASET = 'events';
   /**
    * Alert's Search API default page size
    */

x-pack/plugins/security_solution/public/endpoint_alerts/store/middleware.ts

@@ -4,13 +4,13 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
+import { eventsIndexPattern } from '../../../common/endpoint/constants';
 import { IIndexPattern } from '../../../../../../src/plugins/data/public';
 import {
   AlertResultList,
   AlertDetails,
   AlertListState,
 } from '../../../common/endpoint_alerts/types';
-import { AlertConstants } from '../../../common/endpoint_alerts/alert_constants';
 import { ImmutableMiddlewareFactory } from '../../common/store';
 import { cloneHttpFetchQuery } from '../../common/utils/clone_http_fetch_query';
 import {
@@ -27,14 +27,11 @@ export const alertMiddlewareFactory: ImmutableMiddlewareFactory<AlertListState>
 ) => {
   async function fetchIndexPatterns(): Promise<IIndexPattern[]> {
     const { indexPatterns } = depsStart.data;
-    const eventsPattern: { indexPattern: string } = await coreStart.http.get(
-      `${AlertConstants.INDEX_PATTERN_ROUTE}/${AlertConstants.EVENT_DATASET}`
-    );
     const fields = await indexPatterns.getFieldsForWildcard({
-      pattern: eventsPattern.indexPattern,
+      pattern: eventsIndexPattern,
     });
     const indexPattern: IIndexPattern = {
-      title: eventsPattern.indexPattern,
+      title: eventsIndexPattern,
       fields,
     };
 

x-pack/plugins/security_solution/server/endpoint/alerts/handlers/alerts.test.ts

@@ -11,7 +11,7 @@ import {
 } from '../../../../../../../src/core/server/mocks';
 import { registerAlertRoutes } from '../routes';
 import { alertingIndexGetQuerySchema } from '../../../../common/endpoint_alerts/schema/alert_index';
-import { createMockAgentService, createMockIndexPatternRetriever } from '../../mocks';
+import { createMockAgentService } from '../../mocks';
 import { EndpointAppContextService } from '../../endpoint_app_context_services';
 import { createMockConfig } from '../../../lib/detection_engine/routes/__mocks__';
 
@@ -29,7 +29,6 @@ describe('test alerts route', () => {
 
     endpointAppContextService = new EndpointAppContextService();
     endpointAppContextService.start({
-      indexPatternRetriever: createMockIndexPatternRetriever('events-endpoint-*'),
       agentService: createMockAgentService(),
     });
 

x-pack/plugins/security_solution/server/endpoint/alerts/handlers/details/index.ts

@@ -5,6 +5,7 @@
  */
 import { GetResponse } from 'elasticsearch';
 import { KibanaRequest, RequestHandler } from 'kibana/server';
+import { eventsIndexPattern } from '../../../../../common/endpoint/constants';
 import { AlertEvent } from '../../../../../common/endpoint/types';
 import { EndpointAppContext } from '../../../types';
 import { AlertDetailsRequestParams } from '../../../../../common/endpoint_alerts/types';
@@ -27,17 +28,13 @@ export const alertDetailsHandlerWrapper = function (
         id: alertId.id,
       })) as GetResponse<AlertEvent>;
 
-      const indexPattern = await endpointAppContext.service
-        .getIndexPatternRetriever()
-        .getEventIndexPattern(ctx);
-
       const config = await endpointAppContext.config();
       const pagination: AlertDetailsPagination = new AlertDetailsPagination(
         config,
         ctx,
         req.params,
         response,
-        indexPattern
+        eventsIndexPattern
       );
 
       const currentHostInfo = await getHostData(

x-pack/plugins/security_solution/server/endpoint/alerts/handlers/list/index.ts

@@ -4,6 +4,7 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 import { RequestHandler } from 'kibana/server';
+import { eventsIndexPattern } from '../../../../../common/endpoint/constants';
 import { EndpointAppContext } from '../../../types';
 import { searchESForAlerts } from '../lib';
 import { getRequestData, mapToAlertResultList } from './lib';
@@ -18,14 +19,11 @@ export const alertListHandlerWrapper = function (
     res
   ) => {
     try {
-      const indexPattern = await endpointAppContext.service
-        .getIndexPatternRetriever()
-        .getEventIndexPattern(ctx);
       const reqData = await getRequestData(req, endpointAppContext);
       const response = await searchESForAlerts(
         ctx.core.elasticsearch.legacy.client,
         reqData,
-        indexPattern
+        eventsIndexPattern
       );
       const mappedBody = await mapToAlertResultList(ctx, endpointAppContext, reqData, response);
       return res.ok({ body: mappedBody });

x-pack/plugins/security_solution/server/endpoint/alerts/routes.ts

@@ -10,8 +10,6 @@ import { alertListHandlerWrapper } from './handlers/list';
 import { alertDetailsHandlerWrapper } from './handlers/details';
 import { alertDetailsReqSchema } from './handlers/details/schemas';
 import { alertingIndexGetQuerySchema } from '../../../common/endpoint_alerts/schema/alert_index';
-import { indexPatternGetParamsSchema } from '../../../common/endpoint_alerts/schema/index_pattern';
-import { handleIndexPattern } from './handlers/index_pattern';
 
 export const BASE_ALERTS_ROUTE = `${AlertConstants.BASE_API_URL}/alerts`;
 
@@ -37,15 +35,4 @@ export function registerAlertRoutes(router: IRouter, endpointAppContext: Endpoin
     },
     alertDetailsHandlerWrapper(endpointAppContext)
   );
-
-  const log = endpointAppContext.logFactory.get('index_pattern');
-
-  router.get(
-    {
-      path: `${AlertConstants.INDEX_PATTERN_ROUTE}/{datasetPath}`,
-      validate: { params: indexPatternGetParamsSchema },
-      options: { authRequired: true },
-    },
-    handleIndexPattern(log, endpointAppContext)
-  );
 }

x-pack/plugins/security_solution/server/endpoint/endpoint_app_context_services.test.ts

@@ -8,7 +8,6 @@ import { EndpointAppContextService } from './endpoint_app_context_services';
 describe('test endpoint app context services', () => {
   it('should throw error if start is not called', async () => {
     const endpointAppContextService = new EndpointAppContextService();
-    expect(() => endpointAppContextService.getIndexPatternRetriever()).toThrow(Error);
     expect(() => endpointAppContextService.getAgentService()).toThrow(Error);
   });
 });

x-pack/plugins/security_solution/server/endpoint/endpoint_app_context_services.ts

@@ -3,22 +3,16 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-import { IndexPatternRetriever } from './alerts/index_pattern';
 import { AgentService } from '../../../ingest_manager/server';
 
 /**
  * A singleton that holds shared services that are initialized during the start up phase
  * of the plugin lifecycle. And stop during the stop phase, if needed.
  */
 export class EndpointAppContextService {
-  private indexPatternRetriever: IndexPatternRetriever | undefined;
   private agentService: AgentService | undefined;
 
-  public start(dependencies: {
-    indexPatternRetriever: IndexPatternRetriever;
-    agentService: AgentService;
-  }) {
-    this.indexPatternRetriever = dependencies.indexPatternRetriever;
+  public start(dependencies: { agentService: AgentService }) {
     this.agentService = dependencies.agentService;
   }
 
@@ -30,11 +24,4 @@ export class EndpointAppContextService {
     }
     return this.agentService;
   }
-
-  public getIndexPatternRetriever(): IndexPatternRetriever {
-    if (!this.indexPatternRetriever) {
-      throw new Error(`must call start on ${EndpointAppContextService.name} to call getter`);
-    }
-    return this.indexPatternRetriever;
-  }
 }

x-pack/plugins/security_solution/server/endpoint/mocks.ts

@@ -7,32 +7,6 @@
 import { IScopedClusterClient, SavedObjectsClientContract } from 'kibana/server';
 import { xpackMocks } from '../../../../mocks';
 import { AgentService, IngestManagerStartContract } from '../../../ingest_manager/server';
-import { IndexPatternRetriever } from './alerts/index_pattern';
-
-/**
- * Creates a mock IndexPatternRetriever for use in tests.
- *
- * @param indexPattern a string index pattern to return when any of the mock's public methods are called.
- * @returns the same string passed in via `indexPattern`
- */
-export const createMockIndexPatternRetriever = (indexPattern: string): IndexPatternRetriever => {
-  const mockGetFunc = jest.fn().mockResolvedValue(indexPattern);
-  return {
-    getIndexPattern: mockGetFunc,
-    getEventIndexPattern: mockGetFunc,
-    getMetadataIndexPattern: mockGetFunc,
-    getPolicyResponseIndexPattern: mockGetFunc,
-  };
-};
-
-export const MetadataIndexPattern = 'metrics-endpoint-*';
-
-/**
- * Creates a mock IndexPatternRetriever for use in tests that returns `metrics-endpoint-*`
- */
-export const createMockMetadataIndexPatternRetriever = () => {
-  return createMockIndexPatternRetriever(MetadataIndexPattern);
-};
 
 /**
  * Creates a mock AgentService

x-pack/plugins/security_solution/server/endpoint/routes/metadata/index.ts

@@ -8,6 +8,7 @@ import { IRouter, Logger, RequestHandlerContext } from 'kibana/server';
 import { SearchResponse } from 'elasticsearch';
 import { schema } from '@kbn/config-schema';
 
+import { metadataIndexPattern } from '../../../../common/endpoint/constants';
 import { getESQueryHostMetadataByID, kibanaRequestToMetadataListESQuery } from './query_builders';
 import {
   HostInfo,
@@ -67,13 +68,10 @@ export function registerEndpointRoutes(router: IRouter, endpointAppContext: Endp
     },
     async (context, req, res) => {
       try {
-        const index = await endpointAppContext.service
-          .getIndexPatternRetriever()
-          .getMetadataIndexPattern(context);
         const queryParams = await kibanaRequestToMetadataListESQuery(
           req,
           endpointAppContext,
-          index
+          metadataIndexPattern
         );
         const response = (await context.core.elasticsearch.legacy.client.callAsCurrentUser(
           'search',
@@ -125,10 +123,7 @@ export async function getHostData(
   metadataRequestContext: MetadataRequestContext,
   id: string
 ): Promise<HostInfo | undefined> {
-  const index = await metadataRequestContext.endpointAppContext.service
-    .getIndexPatternRetriever()
-    .getMetadataIndexPattern(metadataRequestContext.requestHandlerContext);
-  const query = getESQueryHostMetadataByID(id, index);
+  const query = getESQueryHostMetadataByID(id, metadataIndexPattern);
   const response = (await metadataRequestContext.requestHandlerContext.core.elasticsearch.legacy.client.callAsCurrentUser(
     'search',
     query

x-pack/plugins/security_solution/server/endpoint/routes/metadata/metadata.test.ts

@@ -27,11 +27,7 @@ import {
 } from '../../../../common/endpoint/types';
 import { SearchResponse } from 'elasticsearch';
 import { registerEndpointRoutes } from './index';
-import {
-  createMockAgentService,
-  createMockMetadataIndexPatternRetriever,
-  createRouteHandlerContext,
-} from '../../mocks';
+import { createMockAgentService, createRouteHandlerContext } from '../../mocks';
 import { AgentService } from '../../../../../ingest_manager/server';
 import Boom from 'boom';
 import { EndpointAppContextService } from '../../endpoint_app_context_services';
@@ -63,7 +59,6 @@ describe('test endpoint route', () => {
     mockAgentService = createMockAgentService();
     endpointAppContextService = new EndpointAppContextService();
     endpointAppContextService.start({
-      indexPatternRetriever: createMockMetadataIndexPatternRetriever(),
       agentService: mockAgentService,
     });