[Endpoint] Remove dependency on ingest for the index patterns (#69058)

* Remove dependency on ingest for the index patterns

* Fixing the tests

* Fixing test

* Use variable instead of class

x-pack/plugins/security_solution/common/endpoint/constants.ts

@@ -0,0 +1,10 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+export const eventsIndexPattern = 'events-endpoint-*';
+export const metadataIndexPattern = 'metrics-endpoint.metadata-*';
+export const policyIndexPattern = 'metrics-endpoint.policy-*';
+export const telemetryIndexPattern = 'metrics-endpoint.telemetry-*';

x-pack/plugins/security_solution/common/endpoint_alerts/alert_constants.ts

@@ -9,14 +9,6 @@ export class AlertConstants {
    * The prefix for all Alert APIs
    */
   static BASE_API_URL = '/api/endpoint';
-  /**
-   * The path for the Alert's Index Pattern API.
-   */
-  static INDEX_PATTERN_ROUTE = `${AlertConstants.BASE_API_URL}/index_pattern`;
-  /**
-   * A paramter passed to Alert's Index Pattern.
-   */
-  static EVENT_DATASET = 'events';
   /**
    * Alert's Search API default page size
    */

x-pack/plugins/security_solution/public/endpoint_alerts/store/middleware.ts

@@ -4,13 +4,13 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
+import { eventsIndexPattern } from '../../../common/endpoint/constants';
 import { IIndexPattern } from '../../../../../../src/plugins/data/public';
 import {
   AlertResultList,
   AlertDetails,
   AlertListState,
 } from '../../../common/endpoint_alerts/types';
-import { AlertConstants } from '../../../common/endpoint_alerts/alert_constants';
 import { ImmutableMiddlewareFactory } from '../../common/store';
 import { cloneHttpFetchQuery } from '../../common/utils/clone_http_fetch_query';
 import {
@@ -27,14 +27,11 @@ export const alertMiddlewareFactory: ImmutableMiddlewareFactory<AlertListState>
 ) => {
   async function fetchIndexPatterns(): Promise<IIndexPattern[]> {
     const { indexPatterns } = depsStart.data;
-    const eventsPattern: { indexPattern: string } = await coreStart.http.get(
-      `${AlertConstants.INDEX_PATTERN_ROUTE}/${AlertConstants.EVENT_DATASET}`
-    );
     const fields = await indexPatterns.getFieldsForWildcard({
-      pattern: eventsPattern.indexPattern,
+      pattern: eventsIndexPattern,
     });
     const indexPattern: IIndexPattern = {
-      title: eventsPattern.indexPattern,
+      title: eventsIndexPattern,
       fields,
     };
 

x-pack/plugins/security_solution/server/endpoint/alerts/handlers/alerts.test.ts

@@ -11,7 +11,7 @@ import {
 } from '../../../../../../../src/core/server/mocks';
 import { registerAlertRoutes } from '../routes';
 import { alertingIndexGetQuerySchema } from '../../../../common/endpoint_alerts/schema/alert_index';
-import { createMockAgentService, createMockIndexPatternRetriever } from '../../mocks';
+import { createMockAgentService } from '../../mocks';
 import { EndpointAppContextService } from '../../endpoint_app_context_services';
 import { createMockConfig } from '../../../lib/detection_engine/routes/__mocks__';
 
@@ -29,7 +29,6 @@ describe('test alerts route', () => {
 
     endpointAppContextService = new EndpointAppContextService();
     endpointAppContextService.start({
-      indexPatternRetriever: createMockIndexPatternRetriever('events-endpoint-*'),
       agentService: createMockAgentService(),
     });
 

x-pack/plugins/security_solution/server/endpoint/alerts/handlers/details/index.ts

@@ -5,6 +5,7 @@
  */
 import { GetResponse } from 'elasticsearch';
 import { KibanaRequest, RequestHandler } from 'kibana/server';
+import { eventsIndexPattern } from '../../../../../common/endpoint/constants';
 import { AlertEvent } from '../../../../../common/endpoint/types';
 import { EndpointAppContext } from '../../../types';
 import { AlertDetailsRequestParams } from '../../../../../common/endpoint_alerts/types';
@@ -27,17 +28,13 @@ export const alertDetailsHandlerWrapper = function (
         id: alertId.id,
       })) as GetResponse<AlertEvent>;
 
-      const indexPattern = await endpointAppContext.service
-        .getIndexPatternRetriever()
-        .getEventIndexPattern(ctx);
-
       const config = await endpointAppContext.config();
       const pagination: AlertDetailsPagination = new AlertDetailsPagination(
         config,
         ctx,
         req.params,
         response,
-        indexPattern
+        eventsIndexPattern
       );
 
       const currentHostInfo = await getHostData(

x-pack/plugins/security_solution/server/endpoint/alerts/handlers/index_pattern.ts

@@ -1,28 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License;
- * you may not use this file except in compliance with the Elastic License.
- */
-
-import { Logger, RequestHandler } from 'kibana/server';
-import { EndpointAppContext } from '../../types';
-import { IndexPatternGetParamsResult } from '../../../../common/endpoint_alerts/types';
-
-export function handleIndexPattern(
-  log: Logger,
-  endpointAppContext: EndpointAppContext
-): RequestHandler<IndexPatternGetParamsResult> {
-  return async (context, req, res) => {
-    try {
-      const indexRetriever = endpointAppContext.service.getIndexPatternRetriever();
-      return res.ok({
-        body: {
-          indexPattern: await indexRetriever.getIndexPattern(context, req.params.datasetPath),
-        },
-      });
-    } catch (error) {
-      log.warn(error);
-      return res.notFound({ body: error });
-    }
-  };
-}

x-pack/plugins/security_solution/server/endpoint/alerts/handlers/list/index.ts

@@ -4,6 +4,7 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 import { RequestHandler } from 'kibana/server';
+import { eventsIndexPattern } from '../../../../../common/endpoint/constants';
 import { EndpointAppContext } from '../../../types';
 import { searchESForAlerts } from '../lib';
 import { getRequestData, mapToAlertResultList } from './lib';
@@ -18,14 +19,11 @@ export const alertListHandlerWrapper = function (
     res
   ) => {
     try {
-      const indexPattern = await endpointAppContext.service
-        .getIndexPatternRetriever()
-        .getEventIndexPattern(ctx);
       const reqData = await getRequestData(req, endpointAppContext);
       const response = await searchESForAlerts(
         ctx.core.elasticsearch.legacy.client,
         reqData,
-        indexPattern
+        eventsIndexPattern
       );
       const mappedBody = await mapToAlertResultList(ctx, endpointAppContext, reqData, response);
       return res.ok({ body: mappedBody });

x-pack/plugins/security_solution/server/endpoint/alerts/index_pattern.ts

@@ -1,83 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License;
- * you may not use this file except in compliance with the Elastic License.
- */
-import { Logger, LoggerFactory, RequestHandlerContext } from 'kibana/server';
-import { AlertConstants } from '../../../common/endpoint_alerts/alert_constants';
-import { ESIndexPatternService } from '../../../../ingest_manager/server';
-
-export interface IndexPatternRetriever {
-  getIndexPattern(ctx: RequestHandlerContext, datasetPath: string): Promise<string>;
-  getEventIndexPattern(ctx: RequestHandlerContext): Promise<string>;
-  getMetadataIndexPattern(ctx: RequestHandlerContext): Promise<string>;
-  getPolicyResponseIndexPattern(ctx: RequestHandlerContext): Promise<string>;
-}
-
-/**
- * This class is used to retrieve an index pattern. It should be used in the server side code whenever
- * an index pattern is needed to query data within ES. The index pattern is constructed by the Ingest Manager
- * based on the contents of the Endpoint Package in the Package Registry.
- */
-export class IngestIndexPatternRetriever implements IndexPatternRetriever {
-  private static endpointPackageName = 'endpoint';
-  private static metadataDataset = 'metadata';
-  private static policyDataset = 'policy';
-  private readonly log: Logger;
-  constructor(private readonly service: ESIndexPatternService, loggerFactory: LoggerFactory) {
-    this.log = loggerFactory.get('index-pattern-retriever');
-  }
-
-  /**
-   * Retrieves the index pattern for querying events within elasticsearch.
-   *
-   * @param ctx a RequestHandlerContext from a route handler
-   * @returns a string representing the index pattern (e.g. `events-endpoint-*`)
-   */
-  async getEventIndexPattern(ctx: RequestHandlerContext) {
-    return this.getIndexPattern(ctx, AlertConstants.EVENT_DATASET);
-  }
-
-  /**
-   * Retrieves the index pattern for querying endpoint metadata within elasticsearch.
-   *
-   * @param ctx a RequestHandlerContext from a route handler
-   * @returns a string representing the index pattern (e.g. `metrics-endpoint-*`)
-   */
-  async getMetadataIndexPattern(ctx: RequestHandlerContext) {
-    return this.getIndexPattern(ctx, IngestIndexPatternRetriever.metadataDataset);
-  }
-
-  /**
-   * Retrieves the index pattern for a specific dataset for querying endpoint data.
-   *
-   * @param ctx a RequestHandlerContext from a route handler
-   * @param datasetPath a string of the path being used for a dataset within the Endpoint Package
-   * (e.g. `events`, `metadata`)
-   * @returns a string representing the index pattern (e.g. `metrics-endpoint-*`)
-   */
-  async getIndexPattern(ctx: RequestHandlerContext, datasetPath: string) {
-    try {
-      const pattern = await this.service.getESIndexPattern(
-        ctx.core.savedObjects.client,
-        IngestIndexPatternRetriever.endpointPackageName,
-        datasetPath
-      );
-
-      if (!pattern) {
-        const msg = `Unable to retrieve the index pattern for dataset: ${datasetPath}`;
-        this.log.warn(msg);
-        throw new Error(msg);
-      }
-      return pattern;
-    } catch (error) {
-      const errMsg = `Error occurred while retrieving pattern for: ${datasetPath} error: ${error}`;
-      this.log.warn(errMsg);
-      throw new Error(errMsg);
-    }
-  }
-
-  async getPolicyResponseIndexPattern(ctx: RequestHandlerContext): Promise<string> {
-    return this.getIndexPattern(ctx, IngestIndexPatternRetriever.policyDataset);
-  }
-}

x-pack/plugins/security_solution/server/endpoint/alerts/routes.ts

@@ -10,8 +10,6 @@ import { alertListHandlerWrapper } from './handlers/list';
 import { alertDetailsHandlerWrapper } from './handlers/details';
 import { alertDetailsReqSchema } from './handlers/details/schemas';
 import { alertingIndexGetQuerySchema } from '../../../common/endpoint_alerts/schema/alert_index';
-import { indexPatternGetParamsSchema } from '../../../common/endpoint_alerts/schema/index_pattern';
-import { handleIndexPattern } from './handlers/index_pattern';
 
 export const BASE_ALERTS_ROUTE = `${AlertConstants.BASE_API_URL}/alerts`;
 
@@ -37,15 +35,4 @@ export function registerAlertRoutes(router: IRouter, endpointAppContext: Endpoin
     },
     alertDetailsHandlerWrapper(endpointAppContext)
   );
-
-  const log = endpointAppContext.logFactory.get('index_pattern');
-
-  router.get(
-    {
-      path: `${AlertConstants.INDEX_PATTERN_ROUTE}/{datasetPath}`,
-      validate: { params: indexPatternGetParamsSchema },
-      options: { authRequired: true },
-    },
-    handleIndexPattern(log, endpointAppContext)
-  );
 }

x-pack/plugins/security_solution/server/endpoint/endpoint_app_context_services.test.ts

@@ -8,7 +8,6 @@ import { EndpointAppContextService } from './endpoint_app_context_services';
 describe('test endpoint app context services', () => {
   it('should throw error if start is not called', async () => {
     const endpointAppContextService = new EndpointAppContextService();
-    expect(() => endpointAppContextService.getIndexPatternRetriever()).toThrow(Error);
     expect(() => endpointAppContextService.getAgentService()).toThrow(Error);
   });
 });

x-pack/plugins/security_solution/server/endpoint/endpoint_app_context_services.ts

@@ -3,7 +3,6 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-import { IndexPatternRetriever } from './alerts/index_pattern';
 import { AgentService } from '../../../ingest_manager/server';
 
 /**
@@ -11,14 +10,9 @@ import { AgentService } from '../../../ingest_manager/server';
  * of the plugin lifecycle. And stop during the stop phase, if needed.
  */
 export class EndpointAppContextService {
-  private indexPatternRetriever: IndexPatternRetriever | undefined;
   private agentService: AgentService | undefined;
 
-  public start(dependencies: {
-    indexPatternRetriever: IndexPatternRetriever;
-    agentService: AgentService;
-  }) {
-    this.indexPatternRetriever = dependencies.indexPatternRetriever;
+  public start(dependencies: { agentService: AgentService }) {
     this.agentService = dependencies.agentService;
   }
 
@@ -30,11 +24,4 @@ export class EndpointAppContextService {
     }
     return this.agentService;
   }
-
-  public getIndexPatternRetriever(): IndexPatternRetriever {
-    if (!this.indexPatternRetriever) {
-      throw new Error(`must call start on ${EndpointAppContextService.name} to call getter`);
-    }
-    return this.indexPatternRetriever;
-  }
 }

x-pack/plugins/security_solution/server/endpoint/mocks.ts

@@ -7,32 +7,6 @@
 import { IScopedClusterClient, SavedObjectsClientContract } from 'kibana/server';
 import { xpackMocks } from '../../../../mocks';
 import { AgentService, IngestManagerStartContract } from '../../../ingest_manager/server';
-import { IndexPatternRetriever } from './alerts/index_pattern';
-
-/**
- * Creates a mock IndexPatternRetriever for use in tests.
- *
- * @param indexPattern a string index pattern to return when any of the mock's public methods are called.
- * @returns the same string passed in via `indexPattern`
- */
-export const createMockIndexPatternRetriever = (indexPattern: string): IndexPatternRetriever => {
-  const mockGetFunc = jest.fn().mockResolvedValue(indexPattern);
-  return {
-    getIndexPattern: mockGetFunc,
-    getEventIndexPattern: mockGetFunc,
-    getMetadataIndexPattern: mockGetFunc,
-    getPolicyResponseIndexPattern: mockGetFunc,
-  };
-};
-
-export const MetadataIndexPattern = 'metrics-endpoint-*';
-
-/**
- * Creates a mock IndexPatternRetriever for use in tests that returns `metrics-endpoint-*`
- */
-export const createMockMetadataIndexPatternRetriever = () => {
-  return createMockIndexPatternRetriever(MetadataIndexPattern);
-};
 
 /**
  * Creates a mock AgentService

x-pack/plugins/security_solution/server/endpoint/routes/metadata/index.ts

@@ -8,6 +8,7 @@ import { IRouter, Logger, RequestHandlerContext } from 'kibana/server';
 import { SearchResponse } from 'elasticsearch';
 import { schema } from '@kbn/config-schema';
 
+import { metadataIndexPattern } from '../../../../common/endpoint/constants';
 import { getESQueryHostMetadataByID, kibanaRequestToMetadataListESQuery } from './query_builders';
 import {
   HostInfo,
@@ -67,13 +68,10 @@ export function registerEndpointRoutes(router: IRouter, endpointAppContext: Endp
     },
     async (context, req, res) => {
       try {
-        const index = await endpointAppContext.service
-          .getIndexPatternRetriever()
-          .getMetadataIndexPattern(context);
         const queryParams = await kibanaRequestToMetadataListESQuery(
           req,
           endpointAppContext,
-          index
+          metadataIndexPattern
         );
         const response = (await context.core.elasticsearch.legacy.client.callAsCurrentUser(
           'search',
@@ -125,10 +123,7 @@ export async function getHostData(
   metadataRequestContext: MetadataRequestContext,
   id: string
 ): Promise<HostInfo | undefined> {
-  const index = await metadataRequestContext.endpointAppContext.service
-    .getIndexPatternRetriever()
-    .getMetadataIndexPattern(metadataRequestContext.requestHandlerContext);
-  const query = getESQueryHostMetadataByID(id, index);
+  const query = getESQueryHostMetadataByID(id, metadataIndexPattern);
   const response = (await metadataRequestContext.requestHandlerContext.core.elasticsearch.legacy.client.callAsCurrentUser(
     'search',
     query

x-pack/plugins/security_solution/server/endpoint/routes/metadata/metadata.test.ts

@@ -27,11 +27,7 @@ import {
 } from '../../../../common/endpoint/types';
 import { SearchResponse } from 'elasticsearch';
 import { registerEndpointRoutes } from './index';
-import {
-  createMockAgentService,
-  createMockMetadataIndexPatternRetriever,
-  createRouteHandlerContext,
-} from '../../mocks';
+import { createMockAgentService, createRouteHandlerContext } from '../../mocks';
 import { AgentService } from '../../../../../ingest_manager/server';
 import Boom from 'boom';
 import { EndpointAppContextService } from '../../endpoint_app_context_services';
@@ -63,7 +59,6 @@ describe('test endpoint route', () => {
     mockAgentService = createMockAgentService();
     endpointAppContextService = new EndpointAppContextService();
     endpointAppContextService.start({
-      indexPatternRetriever: createMockMetadataIndexPatternRetriever(),
       agentService: mockAgentService,
     });
 

x-pack/plugins/security_solution/server/endpoint/routes/metadata/query_builders.test.ts

@@ -5,9 +5,9 @@
  */
 import { httpServerMock, loggingServiceMock } from '../../../../../../../src/core/server/mocks';
 import { kibanaRequestToMetadataListESQuery, getESQueryHostMetadataByID } from './query_builders';
-import { MetadataIndexPattern } from '../../mocks';
 import { EndpointAppContextService } from '../../endpoint_app_context_services';
 import { createMockConfig } from '../../../lib/detection_engine/routes/__mocks__';
+import { metadataIndexPattern } from '../../../../common/endpoint/constants';
 
 describe('query builder', () => {
   describe('MetadataListESQuery', () => {
@@ -22,7 +22,7 @@ describe('query builder', () => {
           service: new EndpointAppContextService(),
           config: () => Promise.resolve(createMockConfig()),
         },
-        MetadataIndexPattern
+        metadataIndexPattern
       );
       expect(query).toEqual({
         body: {
@@ -54,7 +54,7 @@ describe('query builder', () => {
         },
         from: 0,
         size: 10,
-        index: MetadataIndexPattern,
+        index: metadataIndexPattern,
         // eslint-disable-next-line @typescript-eslint/no-explicit-any
       } as Record<string, any>);
     });
@@ -74,7 +74,7 @@ describe('query builder', () => {
           service: new EndpointAppContextService(),
           config: () => Promise.resolve(createMockConfig()),
         },
-        MetadataIndexPattern
+        metadataIndexPattern
       );
       expect(query).toEqual({
         body: {
@@ -119,7 +119,7 @@ describe('query builder', () => {
         },
         from: 0,
         size: 10,
-        index: MetadataIndexPattern,
+        index: metadataIndexPattern,
         // eslint-disable-next-line @typescript-eslint/no-explicit-any
       } as Record<string, any>);
     });
@@ -128,7 +128,7 @@ describe('query builder', () => {
   describe('MetadataGetQuery', () => {
     it('searches for the correct ID', () => {
       const mockID = 'AABBCCDD-0011-2233-AA44-DEADBEEF8899';
-      const query = getESQueryHostMetadataByID(mockID, MetadataIndexPattern);
+      const query = getESQueryHostMetadataByID(mockID, metadataIndexPattern);
 
       expect(query).toEqual({
         body: {
@@ -136,7 +136,7 @@ describe('query builder', () => {
           sort: [{ 'event.created': { order: 'desc' } }],
           size: 1,
         },
-        index: MetadataIndexPattern,
+        index: metadataIndexPattern,
       });
     });
   });

x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.test.ts

@@ -4,11 +4,7 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 import { EndpointAppContextService } from '../../endpoint_app_context_services';
-import {
-  createMockAgentService,
-  createMockIndexPatternRetriever,
-  createRouteHandlerContext,
-} from '../../mocks';
+import { createMockAgentService, createRouteHandlerContext } from '../../mocks';
 import { getHostPolicyResponseHandler } from './handlers';
 import {
   IScopedClusterClient,
@@ -41,7 +37,6 @@ describe('test policy response handler', () => {
     endpointAppContextService = new EndpointAppContextService();
     mockAgentService = createMockAgentService();
     endpointAppContextService.start({
-      indexPatternRetriever: createMockIndexPatternRetriever('metrics-endpoint-policy-*'),
       agentService: mockAgentService,
     });
   });

x-pack/plugins/security_solution/server/endpoint/routes/policy/handlers.ts

@@ -5,6 +5,7 @@
  */
 import { RequestHandler } from 'kibana/server';
 import { TypeOf } from '@kbn/config-schema';
+import { policyIndexPattern } from '../../../../common/endpoint/constants';
 import { GetPolicyResponseSchema } from '../../../../common/endpoint/schema/policy';
 import { EndpointAppContext } from '../../types';
 import { getPolicyResponseByHostId } from './service';
@@ -14,12 +15,8 @@ export const getHostPolicyResponseHandler = function (
 ): RequestHandler<undefined, TypeOf<typeof GetPolicyResponseSchema.query>, undefined> {
   return async (context, request, response) => {
     try {
-      const index = await endpointAppContext.service
-        .getIndexPatternRetriever()
-        .getPolicyResponseIndexPattern(context);
-
       const doc = await getPolicyResponseByHostId(
-        index,
+        policyIndexPattern,
         request.query.hostId,
         context.core.elasticsearch.legacy.client
       );

x-pack/plugins/security_solution/server/endpoint/routes/resolver/ancestry.ts

@@ -6,6 +6,7 @@
 
 import { RequestHandler, Logger } from 'kibana/server';
 import { TypeOf } from '@kbn/config-schema';
+import { eventsIndexPattern } from '../../../../common/endpoint/constants';
 import { validateAncestry } from '../../../../common/endpoint/schema/resolver';
 import { Fetcher } from './utils/fetch';
 import { EndpointAppContext } from '../../types';
@@ -20,12 +21,9 @@ export function handleAncestry(
       query: { ancestors, legacyEndpointID: endpointID },
     } = req;
     try {
-      const indexRetriever = endpointAppContext.service.getIndexPatternRetriever();
-
       const client = context.core.elasticsearch.legacy.client;
-      const indexPattern = await indexRetriever.getEventIndexPattern(context);
 
-      const fetcher = new Fetcher(client, id, indexPattern, endpointID);
+      const fetcher = new Fetcher(client, id, eventsIndexPattern, endpointID);
       const ancestorInfo = await fetcher.ancestors(ancestors);
 
       return res.ok({

x-pack/plugins/security_solution/server/endpoint/routes/resolver/children.ts

@@ -6,6 +6,7 @@
 
 import { RequestHandler, Logger } from 'kibana/server';
 import { TypeOf } from '@kbn/config-schema';
+import { eventsIndexPattern } from '../../../../common/endpoint/constants';
 import { validateChildren } from '../../../../common/endpoint/schema/resolver';
 import { Fetcher } from './utils/fetch';
 import { EndpointAppContext } from '../../types';
@@ -20,11 +21,8 @@ export function handleChildren(
       query: { children, generations, afterChild, legacyEndpointID: endpointID },
     } = req;
     try {
-      const indexRetriever = endpointAppContext.service.getIndexPatternRetriever();
-      const indexPattern = await indexRetriever.getEventIndexPattern(context);
-
       const client = context.core.elasticsearch.legacy.client;
-      const fetcher = new Fetcher(client, id, indexPattern, endpointID);
+      const fetcher = new Fetcher(client, id, eventsIndexPattern, endpointID);
 
       return res.ok({
         body: await fetcher.children(children, generations, afterChild),

x-pack/plugins/security_solution/server/endpoint/routes/resolver/events.ts

@@ -6,6 +6,7 @@
 
 import { TypeOf } from '@kbn/config-schema';
 import { RequestHandler, Logger } from 'kibana/server';
+import { eventsIndexPattern } from '../../../../common/endpoint/constants';
 import { validateEvents } from '../../../../common/endpoint/schema/resolver';
 import { Fetcher } from './utils/fetch';
 import { EndpointAppContext } from '../../types';
@@ -20,11 +21,9 @@ export function handleEvents(
       query: { events, afterEvent, legacyEndpointID: endpointID },
     } = req;
     try {
-      const indexRetriever = endpointAppContext.service.getIndexPatternRetriever();
       const client = context.core.elasticsearch.legacy.client;
-      const indexPattern = await indexRetriever.getEventIndexPattern(context);
 
-      const fetcher = new Fetcher(client, id, indexPattern, endpointID);
+      const fetcher = new Fetcher(client, id, eventsIndexPattern, endpointID);
 
       return res.ok({
         body: await fetcher.events(events, afterEvent),

x-pack/plugins/security_solution/server/endpoint/routes/resolver/tree.ts

@@ -6,6 +6,7 @@
 
 import { RequestHandler, Logger } from 'kibana/server';
 import { TypeOf } from '@kbn/config-schema';
+import { eventsIndexPattern } from '../../../../common/endpoint/constants';
 import { validateTree } from '../../../../common/endpoint/schema/resolver';
 import { Fetcher } from './utils/fetch';
 import { Tree } from './utils/tree';
@@ -32,10 +33,8 @@ export function handleTree(
     } = req;
     try {
       const client = context.core.elasticsearch.legacy.client;
-      const indexRetriever = endpointAppContext.service.getIndexPatternRetriever();
-      const indexPattern = await indexRetriever.getEventIndexPattern(context);
 
-      const fetcher = new Fetcher(client, id, indexPattern, endpointID);
+      const fetcher = new Fetcher(client, id, eventsIndexPattern, endpointID);
 
       const [childrenNodes, ancestry, relatedEvents, relatedAlerts] = await Promise.all([
         fetcher.children(children, generations, afterChild),

x-pack/plugins/security_solution/server/plugin.ts

@@ -43,7 +43,6 @@ import { registerAlertRoutes } from './endpoint/alerts/routes';
 import { registerPolicyRoutes } from './endpoint/routes/policy';
 import { EndpointAppContextService } from './endpoint/endpoint_app_context_services';
 import { EndpointAppContext } from './endpoint/types';
-import { IngestIndexPatternRetriever } from './endpoint/alerts/index_pattern';
 
 export interface SetupPlugins {
   alerts: AlertingSetup;
@@ -219,10 +218,6 @@ export class Plugin implements IPlugin<PluginSetup, PluginStart, SetupPlugins, S
 
   public start(core: CoreStart, plugins: StartPlugins) {
     this.endpointAppContextService.start({
-      indexPatternRetriever: new IngestIndexPatternRetriever(
-        plugins.ingestManager.esIndexPatternService,
-        this.context.logger
-      ),
       agentService: plugins.ingestManager.agentService,
     });
     return {};

x-pack/test/api_integration/apis/endpoint/alerts/index.ts

@@ -6,6 +6,7 @@
 import expect from '@kbn/expect/expect.js';
 import { FtrProviderContext } from '../../../ftr_provider_context';
 import { AlertData } from '../../../../../plugins/security_solution/common/endpoint_alerts/types';
+import { eventsIndexPattern } from '../../../../../plugins/security_solution/common/endpoint/constants';
 import { deleteEventsStream, deleteMetadataStream } from '../data_stream_helper';
 
 /**
@@ -75,7 +76,7 @@ export default function ({ getService }: FtrProviderContext) {
         await esArchiver.load('endpoint/alerts/api_feature', { useCreate: true });
         await esArchiver.load('endpoint/alerts/host_api_feature', { useCreate: true });
         const res = await es.search({
-          index: 'events-endpoint-*',
+          index: eventsIndexPattern,
           body: ES_QUERY_MISSING,
         });
         nullableEventId = res.hits.hits[0]._source.event.id;

x-pack/test/api_integration/apis/endpoint/alerts/index_pattern.ts

@@ -1,32 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License;
- * you may not use this file except in compliance with the Elastic License.
- */
-import expect from '@kbn/expect/expect.js';
-import { FtrProviderContext } from '../../../ftr_provider_context';
-
-export default function ({ getService }: FtrProviderContext) {
-  const supertest = getService('supertest');
-
-  describe('Endpoint index pattern API', () => {
-    it('should retrieve the index pattern for events', async () => {
-      const { body } = await supertest.get('/api/endpoint/index_pattern/events').expect(200);
-      expect(body.indexPattern).to.eql('events-endpoint-*');
-    });
-
-    it('should retrieve the index pattern for metadata', async () => {
-      const { body } = await supertest.get('/api/endpoint/index_pattern/metadata').expect(200);
-      expect(body.indexPattern).to.eql('metrics-endpoint.metadata-*');
-    });
-
-    it('should retrieve the index pattern for policy', async () => {
-      const { body } = await supertest.get('/api/endpoint/index_pattern/policy').expect(200);
-      expect(body.indexPattern).to.eql('metrics-endpoint.policy-*');
-    });
-
-    it('should not retrieve the index pattern for an invalid key', async () => {
-      await supertest.get('/api/endpoint/index_pattern/blah').expect(404);
-    });
-  });
-}

x-pack/test/api_integration/apis/endpoint/data_stream_helper.ts

@@ -5,6 +5,11 @@
  */
 
 import { Client } from '@elastic/elasticsearch';
+import {
+  metadataIndexPattern,
+  eventsIndexPattern,
+  policyIndexPattern,
+} from '../../../../plugins/security_solution/common/endpoint/constants';
 
 export async function deleteDataStream(getService: (serviceName: 'es') => Client, index: string) {
   const client = getService('es');
@@ -20,13 +25,13 @@ export async function deleteDataStream(getService: (serviceName: 'es') => Client
 }
 
 export async function deleteMetadataStream(getService: (serviceName: 'es') => Client) {
-  await deleteDataStream(getService, 'metrics-endpoint.metadata-*');
+  await deleteDataStream(getService, metadataIndexPattern);
 }
 
 export async function deleteEventsStream(getService: (serviceName: 'es') => Client) {
-  await deleteDataStream(getService, 'events-endpoint-*');
+  await deleteDataStream(getService, eventsIndexPattern);
 }
 
 export async function deletePolicyStream(getService: (serviceName: 'es') => Client) {
-  await deleteDataStream(getService, 'metrics-endpoint.policy-*');
+  await deleteDataStream(getService, policyIndexPattern);
 }

x-pack/test/api_integration/apis/endpoint/index.ts

@@ -3,7 +3,6 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-
 import { FtrProviderContext } from '../../ftr_provider_context';
 
 export default function endpointAPIIntegrationTests({
@@ -16,7 +15,6 @@ export default function endpointAPIIntegrationTests({
     before(async () => {
       await ingestManager.setup();
     });
-    loadTestFile(require.resolve('./alerts/index_pattern'));
     loadTestFile(require.resolve('./resolver'));
     loadTestFile(require.resolve('./metadata'));
     loadTestFile(require.resolve('./alerts'));

x-pack/test/endpoint_api_integration_no_ingest/apis/alerts/index.ts

@@ -20,7 +20,7 @@ export default function ({ getService }: FtrProviderContext) {
       await esArchiver.unload('endpoint/alerts/host_api_feature');
     });
 
-    it('should return a 500', async () => {
+    it('should not return data', async () => {
       await supertest.get('/api/endpoint/alerts').expect(500);
     });
   });

x-pack/test/endpoint_api_integration_no_ingest/apis/alerts/index_pattern.ts

@@ -1,16 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License;
- * you may not use this file except in compliance with the Elastic License.
- */
-import { FtrProviderContext } from '../../ftr_provider_context';
-
-export default function ({ getService }: FtrProviderContext) {
-  const supertest = getService('supertest');
-
-  describe('Endpoint index pattern API without ingest manager initialized', () => {
-    it('should not retrieve the index pattern for events', async () => {
-      await supertest.get('/api/endpoint/index_pattern/events').expect(404);
-    });
-  });
-}

x-pack/test/endpoint_api_integration_no_ingest/apis/index.ts

@@ -9,7 +9,6 @@ import { FtrProviderContext } from '../ftr_provider_context';
 export default function endpointAPIIntegrationTests({ loadTestFile }: FtrProviderContext) {
   describe('Endpoint plugin', function () {
     this.tags('ciGroup7');
-    loadTestFile(require.resolve('./alerts/index_pattern'));
     loadTestFile(require.resolve('./metadata'));
     loadTestFile(require.resolve('./alerts'));
   });

x-pack/test/endpoint_api_integration_no_ingest/apis/metadata.ts

@@ -11,7 +11,7 @@ export default function ({ getService }: FtrProviderContext) {
   describe('test metadata api when ingest manager is not initialized', () => {
     before(async () => await esArchiver.load('endpoint/metadata/api_feature'));
     after(async () => await esArchiver.unload('endpoint/metadata/api_feature'));
-    it('metadata api should return a 500', async () => {
+    it('metadata api should not return results', async () => {
       await supertest.post('/api/endpoint/metadata').set('kbn-xsrf', 'xxx').send().expect(500);
     });
   });