[SIEM] Kibana crashes when trying to use the detection engine with disabled API keys

[cwurm]

By default, API keys are disabled when not using TLS.

When clicking on the Detection engine tab on a fresh install without API keys, Kibana will crash. Server log (logging.verbose: true):

server  respons [14:55:37.095] [access:siem] PUT /api/detection_engine/rules/prepackaged 200 864ms - 9.0B
server    log   [14:55:38.011] [debug][basic][plugins][security] Trying to authenticate user request to /api/siem/graphql.
server    log   [14:55:38.012] [debug][basic][plugins][security] Trying to authenticate via header.
server    log   [14:55:38.012] [debug][basic][plugins][security] Authorization header is not presented.
server    log   [14:55:38.012] [debug][basic][plugins][security] Trying to authenticate via state.
server    log   [14:55:38.014] [debug][api-key][plugins][security] Trying to create an API key
server    log   [14:55:38.017] [debug][api-key][plugins][security] Trying to create an API key
server    log   [14:55:38.026] [debug][api-key][plugins][security] Trying to create an API key
server    log   [14:55:38.076] [debug][api-key][plugins][security] Trying to create an API key
server    log   [14:55:38.078] [debug][api-key][plugins][security] Trying to create an API key
server    log   [14:55:38.084] [debug][api-key][plugins][security] Trying to create an API key
server    log   [14:55:38.098] [debug][api-key][plugins][security] Trying to create an API key
server    log   [14:55:38.181] [debug][basic][plugins][security] Request has been authenticated via state.
server    log   [14:55:38.185] [error][api-key][plugins][security] Failed to create API key: [illegal_state_exception] api keys are not enabled
internal/process/warning.js:153
        throw warning;
        ^

DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
    at emitDeprecationWarning (internal/process/promises.js:111:13)
    at emitWarning (internal/process/promises.js:104:3)
    at emitPromiseRejectionWarnings (internal/process/promises.js:143:7)
    at process._tickCallback (internal/process/next_tick.js:69:34)
 server crashed  with status code 1

Probably should display an error message to the user instead.

[elasticmachine]

Pinging @elastic/siem (Team:SIEM)

[XavierM]

This should have been fixed with this PR #55069 and simplify with this PR #55403

[cwurm]

Kibana still crashes when clicking the Load prebuilt detection rules button.

[cwurm]

#55626 seems to have fixed this one, I can no longer reproduce it.

[tsg]

No longer crashes, but it seems that it reports "success" even if loading the preset rules didn't work due to "api keys not being enabled"

[cwurm]

I get this error message when I click the button with API keys disabled:

[tsg]

Hmm, weird, for me it showed the success toast but no rules were actually loaded.

[peteyan]

Hi, any updates?