Skip to content

[axonius] - Fix Cannot execute ILM policy delete step in other datastreams#140046

Merged
ShourieG merged 2 commits intoelastic:mainfrom
muskan-agarwal26:axonius-add_ilm_delete_index_feature
Dec 30, 2025
Merged

[axonius] - Fix Cannot execute ILM policy delete step in other datastreams#140046
ShourieG merged 2 commits intoelastic:mainfrom
muskan-agarwal26:axonius-add_ilm_delete_index_feature

Conversation

@muskan-agarwal26
Copy link
Contributor

@muskan-agarwal26 muskan-agarwal26 commented Dec 30, 2025

PR Description:

This PR focuses on the short term solution which add the logs-axonius.alert_and_incident-*,logs-axonius.storage-*,logs-axonius.ticket-*,logs-axonius.application-*,logs-axonius.network-*,logs-axonius.identity-*,logs-axonius.exposure-*,logs-axonius.compute-*,logs-axonius.gateway-*,logs-axonius.user-* indices under the kibana_system role with deletion privileges to prevent a failed deletion error when the index enters the deletion phase for the ILM lifecycle, in upcoming PR. As it ships transform pipeline too hence read, write permissions are also required.

Current behavior:

It shows permission issue while deleting the index.

Related Issues:

Note: All the data streams listed above are as discussed with the team.
@muskan-agarwal26 muskan-agarwal26 requested a review from a team as a code owner December 30, 2025 06:50
@elasticsearchmachine elasticsearchmachine added v9.4.0 needs:triage Requires assignment of a team area label external-contributor Pull request authored by a developer outside the Elasticsearch team labels Dec 30, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Dec 30, 2025

ℹ️ Important: Docs version tagging

👋 Thanks for updating the docs! Just a friendly reminder that our docs are now cumulative. This means all 9.x versions are documented on the same page and published off of the main branch, instead of creating separate pages for each minor version.

We use applies_to tags to mark version-specific features and changes.

Expand for a quick overview

When to use applies_to tags:

✅ At the page level to indicate which products/deployments the content applies to (mandatory)
✅ When features change state (e.g. preview, ga) in a specific version
✅ When availability differs across deployments and environments

What NOT to do:

❌ Don't remove or replace information that applies to an older version
❌ Don't add new information that applies to a specific version without an applies_to tag
❌ Don't forget that applies_to tags can be used at the page, section, and inline level

🤔 Need help?
@ShourieG ShourieG added >non-issue :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) Team:Security Meta label for security team auto-backport Automatically create backport pull requests when merged Team:Cloud Security Meta label for Cloud Security team v9.1.10 v8.19.10 v9.2.4 labels Dec 30, 2025
@elasticsearchmachine elasticsearchmachine removed the needs:triage Requires assignment of a team area label label Dec 30, 2025
@elasticsearchmachine
Copy link
Collaborator

elasticsearchmachine commented Dec 30, 2025

Pinging @elastic/es-security (Team:Security)
@ShourieG
Copy link
Contributor

ShourieG commented Dec 30, 2025

buildkite test this please
ShourieG
ShourieG approved these changes Dec 30, 2025
View reviewed changes
Copy link
Contributor

@ShourieG ShourieG left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM
ShourieG
ShourieG approved these changes Dec 30, 2025
View reviewed changes
Copy link
Contributor

@ShourieG ShourieG left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM
@ShourieG ShourieG merged commit cba13bc into elastic:main Dec 30, 2025
43 checks passed
@muskan-agarwal26 muskan-agarwal26 mentioned this pull request Dec 30, 2025
Merged
muskan-agarwal26 added a commit to muskan-agarwal26/elasticsearch that referenced this pull request Dec 30, 2025
@muskan-agarwal26 @muskan-crest
[axonius] - Fix Cannot execute ILM policy delete step in other datast…
0ea1139 
…reams (elastic#140046)

This PR focuses on the short term solution which add the logs-axonius.alert_and_incident-*,logs-axonius.storage-*,logs-axonius.ticket-*,logs-axonius.application-*,logs-axonius.network-*,logs-axonius.identity-*,logs-axonius.exposure-*,logs-axonius.compute-*,logs-axonius.gateway-*,logs-axonius.user-* indices under the kibana_system role with deletion privileges to prevent a failed deletion error when the index enters the deletion phase for the ILM lifecycle, in upcoming PR. As it ships transform pipeline too hence read, write permissions are also required.

---------

Co-authored-by: muskan-crest <muskan.agarwal@crestdata.ai>
(cherry picked from commit cba13bc)
@muskan-agarwal26
Copy link
Contributor Author

muskan-agarwal26 commented Dec 30, 2025

💔 Some backports could not be created

Status Branch Result
9.3
9.2 Conflict resolution was aborted by the user
9.1 Conflict resolution was aborted by the user
8.19 Conflict resolution was aborted by the user

Manual backport

To create the backport manually run:

backport --pr 140046

Questions ?

Please refer to the Backport tool documentation
@SiddharthMantri
Copy link
Contributor

SiddharthMantri commented Dec 30, 2025

@ShourieG @muskan-agarwal26 - Can we please wait for approval from @elastic/kibana-security for merging changes related to Kibana system user permissions?
This was referenced Dec 30, 2025
Merged
Merged
muskan-agarwal26 added a commit to muskan-agarwal26/elasticsearch that referenced this pull request Dec 30, 2025
@muskan-agarwal26
[axonius] - Fix Cannot execute ILM policy delete step in other datast…
0a9ae6d 
…reams (elastic#140046)

This PR focuses on the short term solution which add the logs-axonius.alert_and_incident-*,logs-axonius.storage-*,logs-axonius.ticket-*,logs-axonius.application-*,logs-axonius.network-*,logs-axonius.identity-*,logs-axonius.exposure-*,logs-axonius.compute-*,logs-axonius.gateway-*,logs-axonius.user-* indices under the kibana_system role with deletion privileges to prevent a failed deletion error when the index enters the deletion phase for the ILM lifecycle, in upcoming PR. As it ships transform pipeline too hence read, write permissions are also required.

---------

Co-authored-by: muskan-crest <muskan.agarwal@crestdata.ai>
(cherry picked from commit cba13bc)

# Conflicts:
#	x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java
#	x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java
muskan-agarwal26 added a commit to muskan-agarwal26/elasticsearch that referenced this pull request Dec 30, 2025
@muskan-agarwal26
[axonius] - Fix Cannot execute ILM policy delete step in other datast…
5067d1c 
…reams (elastic#140046)

This PR focuses on the short term solution which add the logs-axonius.alert_and_incident-*,logs-axonius.storage-*,logs-axonius.ticket-*,logs-axonius.application-*,logs-axonius.network-*,logs-axonius.identity-*,logs-axonius.exposure-*,logs-axonius.compute-*,logs-axonius.gateway-*,logs-axonius.user-* indices under the kibana_system role with deletion privileges to prevent a failed deletion error when the index enters the deletion phase for the ILM lifecycle, in upcoming PR. As it ships transform pipeline too hence read, write permissions are also required.

---------

Co-authored-by: muskan-crest <muskan.agarwal@crestdata.ai>
(cherry picked from commit cba13bc)

# Conflicts:
#	x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java
#	x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java
@muskan-agarwal26 muskan-agarwal26 mentioned this pull request Dec 30, 2025
Merged
@muskan-agarwal26
Copy link
Contributor Author

muskan-agarwal26 commented Dec 30, 2025

💚 All backports created successfully

Status Branch Result
9.2
9.1
8.19

Questions ?

Please refer to the Backport tool documentation
muskan-agarwal26 added a commit to muskan-agarwal26/elasticsearch that referenced this pull request Dec 30, 2025
@muskan-agarwal26
[axonius] - Fix Cannot execute ILM policy delete step in other datast…
f4a3aa7 
…reams (elastic#140046)

This PR focuses on the short term solution which add the logs-axonius.alert_and_incident-*,logs-axonius.storage-*,logs-axonius.ticket-*,logs-axonius.application-*,logs-axonius.network-*,logs-axonius.identity-*,logs-axonius.exposure-*,logs-axonius.compute-*,logs-axonius.gateway-*,logs-axonius.user-* indices under the kibana_system role with deletion privileges to prevent a failed deletion error when the index enters the deletion phase for the ILM lifecycle, in upcoming PR. As it ships transform pipeline too hence read, write permissions are also required.

---------

Co-authored-by: muskan-crest <muskan.agarwal@crestdata.ai>
(cherry picked from commit cba13bc)

# Conflicts:
#	x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java
#	x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java
@ShourieG
Copy link
Contributor

ShourieG commented Dec 31, 2025

@ShourieG @muskan-agarwal26 - Can we please wait for approval from @elastic/kibana-security for merging changes related to Kibana system user permissions?

@SiddharthMantri, sure. I only fast tracked it here since the original PR was already approved and this is an exact replica of that.
@SiddharthMantri
Copy link
Contributor

SiddharthMantri commented Dec 31, 2025

@ShourieG Aah understood. Having a link to the PR in the description would have helped - i was a bit concerned with the added index privileges for the user. Thanks!
mohitjha-elastic pushed a commit that referenced this pull request Dec 31, 2025
@muskan-agarwal26 @muskan-crest
[axonius] - Fix Cannot execute ILM policy delete step in other datast…
d7fb577 
…reams (#140046) (#140050)

This PR focuses on the short term solution which add the logs-axonius.alert_and_incident-*,logs-axonius.storage-*,logs-axonius.ticket-*,logs-axonius.application-*,logs-axonius.network-*,logs-axonius.identity-*,logs-axonius.exposure-*,logs-axonius.compute-*,logs-axonius.gateway-*,logs-axonius.user-* indices under the kibana_system role with deletion privileges to prevent a failed deletion error when the index enters the deletion phase for the ILM lifecycle, in upcoming PR. As it ships transform pipeline too hence read, write permissions are also required.

---------


(cherry picked from commit cba13bc)

Co-authored-by: muskan-crest <muskan.agarwal@crestdata.ai>
mohitjha-elastic pushed a commit that referenced this pull request Dec 31, 2025
@muskan-agarwal26
[axonius] - Fix Cannot execute ILM policy delete step in other datast…
e82a107 
…reams (#140046) (#140054)

This PR focuses on the short term solution which add the logs-axonius.alert_and_incident-*,logs-axonius.storage-*,logs-axonius.ticket-*,logs-axonius.application-*,logs-axonius.network-*,logs-axonius.identity-*,logs-axonius.exposure-*,logs-axonius.compute-*,logs-axonius.gateway-*,logs-axonius.user-* indices under the kibana_system role with deletion privileges to prevent a failed deletion error when the index enters the deletion phase for the ILM lifecycle, in upcoming PR. As it ships transform pipeline too hence read, write permissions are also required.

---------

Co-authored-by: muskan-crest <muskan.agarwal@crestdata.ai>
(cherry picked from commit cba13bc)

# Conflicts:
#	x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java
#	x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java
mohitjha-elastic pushed a commit that referenced this pull request Dec 31, 2025
@muskan-agarwal26
[axonius] - Fix Cannot execute ILM policy delete step in other datast…
49a5780 
…reams (#140046) (#140055)

This PR focuses on the short term solution which add the logs-axonius.alert_and_incident-*,logs-axonius.storage-*,logs-axonius.ticket-*,logs-axonius.application-*,logs-axonius.network-*,logs-axonius.identity-*,logs-axonius.exposure-*,logs-axonius.compute-*,logs-axonius.gateway-*,logs-axonius.user-* indices under the kibana_system role with deletion privileges to prevent a failed deletion error when the index enters the deletion phase for the ILM lifecycle, in upcoming PR. As it ships transform pipeline too hence read, write permissions are also required.

---------

Co-authored-by: muskan-crest <muskan.agarwal@crestdata.ai>
(cherry picked from commit cba13bc)

# Conflicts:
#	x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java
#	x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java
mohitjha-elastic pushed a commit that referenced this pull request Jan 1, 2026
@muskan-agarwal26
[axonius] - Fix Cannot execute ILM policy delete step in other datast…
b1c8670 
…reams (#140046) (#140056)

This PR focuses on the short term solution which add the logs-axonius.alert_and_incident-*,logs-axonius.storage-*,logs-axonius.ticket-*,logs-axonius.application-*,logs-axonius.network-*,logs-axonius.identity-*,logs-axonius.exposure-*,logs-axonius.compute-*,logs-axonius.gateway-*,logs-axonius.user-* indices under the kibana_system role with deletion privileges to prevent a failed deletion error when the index enters the deletion phase for the ILM lifecycle, in upcoming PR. As it ships transform pipeline too hence read, write permissions are also required.

---------

Co-authored-by: muskan-crest <muskan.agarwal@crestdata.ai>
(cherry picked from commit cba13bc)

# Conflicts:
#	x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java
#	x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/store/ReservedRolesStoreTests.java
@kcreddy kcreddy mentioned this pull request Jan 2, 2026
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

auto-backport Automatically create backport pull requests when merged external-contributor Pull request authored by a developer outside the Elasticsearch team >non-issue :Security/Authentication Logging in, Usernames/passwords, Realms (Native/LDAP/AD/SAML/PKI/etc) Team:Cloud Security Meta label for Cloud Security team Team:Security Meta label for security team v8.19.10 v9.1.10 v9.2.4 v9.3.1 v9.4.0

5 participants

@muskan-agarwal26 @elasticsearchmachine @ShourieG @SiddharthMantri @muskan-crest