From 4435006217f2851d0665bed82aeebf47fa6d3751 Mon Sep 17 00:00:00 2001
From: "Devin W. Hurley" <devin.hurley@elastic.co>
Date: Wed, 20 Jan 2021 00:58:11 -0500
Subject: [PATCH] don't do a full failure because cross cluster search could be
 giving us a false negative, also update the text to better reflect this
 (#88763)

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
---
 .../signals/signal_rule_alert_type.test.ts                | 8 ++++----
 .../server/lib/detection_engine/signals/utils.ts          | 6 +++---
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.test.ts
index 45bc97116ab8..f00900255a96 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.test.ts
@@ -226,7 +226,7 @@ describe('rules_notification_alert_type', () => {
       await alert.executor(payload);
       expect(ruleStatusService.partialFailure).toHaveBeenCalled();
       expect(ruleStatusService.partialFailure.mock.calls[0][0]).toContain(
-        'Missing required read permissions on indexes: ["some*"]'
+        'Missing required read privileges on the following indices: ["some*"]'
       );
     });
 
@@ -247,9 +247,9 @@ describe('rules_notification_alert_type', () => {
       });
       payload.params.index = ['some*', 'myfa*'];
       await alert.executor(payload);
-      expect(ruleStatusService.error).toHaveBeenCalled();
-      expect(ruleStatusService.error.mock.calls[0][0]).toContain(
-        'The rule does not have read privileges to any of the following indices: ["myfa*","some*"]'
+      expect(ruleStatusService.partialFailure).toHaveBeenCalled();
+      expect(ruleStatusService.partialFailure.mock.calls[0][0]).toContain(
+        'This rule may not have the required read privileges to the following indices: ["myfa*","some*"]'
       );
     });
 
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts
index aff682f08a5d..23c5e6499c8a 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts
@@ -78,7 +78,7 @@ export const hasReadIndexPrivileges = async (
   if (indexesWithReadPrivileges.length > 0 && indexesWithNoReadPrivileges.length > 0) {
     // some indices have read privileges others do not.
     // set a partial failure status
-    const errorString = `Missing required read permissions on indexes: ${JSON.stringify(
+    const errorString = `Missing required read privileges on the following indices: ${JSON.stringify(
       indexesWithNoReadPrivileges
     )}`;
     logger.error(buildRuleMessage(errorString));
@@ -90,11 +90,11 @@ export const hasReadIndexPrivileges = async (
   ) {
     // none of the indices had read privileges so set the status to failed
     // since we can't search on any indices we do not have read privileges on
-    const errorString = `The rule does not have read privileges to any of the following indices: ${JSON.stringify(
+    const errorString = `This rule may not have the required read privileges to the following indices: ${JSON.stringify(
       indexesWithNoReadPrivileges
     )}`;
     logger.error(buildRuleMessage(errorString));
-    await ruleStatusService.error(errorString);
+    await ruleStatusService.partialFailure(errorString);
     return true;
   }
   return false;