[Security Solution] update endpoint serverless metering (#197291)

## Summary serverless endpoint metering now checks for heartbeats from all namespaces. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### For maintainers - [x] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)
elastic · Oct 24, 2024 · 8f36175 · 8f36175
1 parent 1267bd7
commit 8f36175
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 9 deletions.
diff --git a/x-pack/plugins/security_solution/common/endpoint/constants.ts b/x-pack/plugins/security_solution/common/endpoint/constants.ts
@@ -53,6 +53,7 @@ export const policyIndexPattern = 'metrics-endpoint.policy-*';
 export const telemetryIndexPattern = 'metrics-endpoint.telemetry-*';
 
 export const ENDPOINT_HEARTBEAT_INDEX = '.logs-endpoint.heartbeat-default';
+export const ENDPOINT_HEARTBEAT_INDEX_PATTERN = '.logs-endpoint.heartbeat-*';
 
 // File storage indexes supporting endpoint Upload/download
 export const FILE_STORAGE_METADATA_INDEX = getFileMetadataIndexName('endpoint');

diff --git a/x-pack/plugins/security_solution/common/endpoint/data_loaders/index_endpoint_hearbeats.ts b/x-pack/plugins/security_solution/common/endpoint/data_loaders/index_endpoint_hearbeats.ts
@@ -7,7 +7,7 @@
 
 import type { Client, estypes } from '@elastic/elasticsearch';
 import type { ToolingLog } from '@kbn/tooling-log';
-import { ENDPOINT_HEARTBEAT_INDEX } from '../constants';
+
 import { createToolingLogger } from './utils';
 
 export interface IndexedEndpointHeartbeats {
@@ -79,7 +79,8 @@ export const indexEndpointHeartbeats = async (
   const operations = docs.concat(unbilledDocs).flatMap((doc) => [
     {
       index: {
-        _index: ENDPOINT_HEARTBEAT_INDEX,
+        // simulating different namespaces
+        _index: `.logs-endpoint.heartbeat-${doc.agent.id.slice(-1)}`,
         op_type: 'create',
       },
     },

diff --git a/...ck/plugins/security_solution_serverless/server/endpoint/services/metering_service.test.ts b/...ck/plugins/security_solution_serverless/server/endpoint/services/metering_service.test.ts
@@ -5,16 +5,18 @@
  * 2.0.
  */
 
-import { loggingSystemMock } from '@kbn/core-logging-server-mocks';
-import { type ElasticsearchClientMock, elasticsearchServiceMock } from '@kbn/core/server/mocks';
+import type { ElasticsearchClientMock } from '@kbn/core/server/mocks';
 import type { AggregationsAggregate, SearchResponse } from '@elastic/elasticsearch/lib/api/types';
 import type { CloudSetup } from '@kbn/cloud-plugin/server';
 import type { EndpointHeartbeat } from '@kbn/security-solution-plugin/common/endpoint/types';
-import { ENDPOINT_HEARTBEAT_INDEX } from '@kbn/security-solution-plugin/common/endpoint/constants';
 
-import { ProductLine, ProductTier } from '../../../common/product';
+import { elasticsearchServiceMock } from '@kbn/core/server/mocks';
+import { ENDPOINT_HEARTBEAT_INDEX_PATTERN } from '@kbn/security-solution-plugin/common/endpoint/constants';
+import { loggingSystemMock } from '@kbn/core-logging-server-mocks';
 
 import type { ServerlessSecurityConfig } from '../../config';
+
+import { ProductLine, ProductTier } from '../../../common/product';
 import { METERING_TASK } from '../constants/metering';
 
 import { EndpointMeteringService } from './metering_service';
@@ -59,7 +61,7 @@ describe('EndpointMeteringService', () => {
       hits: {
         hits: [
           {
-            _index: ENDPOINT_HEARTBEAT_INDEX,
+            _index: ENDPOINT_HEARTBEAT_INDEX_PATTERN,
             _id: 'test-heartbeat-doc-id',
             _source: {
               agent: {

diff --git a/x-pack/plugins/security_solution_serverless/server/endpoint/services/metering_service.ts b/x-pack/plugins/security_solution_serverless/server/endpoint/services/metering_service.ts
@@ -7,9 +7,10 @@
 
 import type { AggregationsAggregate, SearchResponse } from '@elastic/elasticsearch/lib/api/types';
 import type { ElasticsearchClient } from '@kbn/core/server';
-import { ENDPOINT_HEARTBEAT_INDEX } from '@kbn/security-solution-plugin/common/endpoint/constants';
 import type { EndpointHeartbeat } from '@kbn/security-solution-plugin/common/endpoint/types';
 
+import { ENDPOINT_HEARTBEAT_INDEX_PATTERN } from '@kbn/security-solution-plugin/common/endpoint/constants';
+
 import { METERING_SERVICE_BATCH_SIZE } from '../../constants';
 import { ProductLine, ProductTier } from '../../../common/product';
 
@@ -83,7 +84,7 @@ export class EndpointMeteringService {
   ): Promise<SearchResponse<EndpointHeartbeat, Record<string, AggregationsAggregate>>> {
     return esClient.search<EndpointHeartbeat>(
       {
-        index: ENDPOINT_HEARTBEAT_INDEX,
+        index: ENDPOINT_HEARTBEAT_INDEX_PATTERN,
         sort: 'event.ingested',
         size: METERING_SERVICE_BATCH_SIZE,
         query: {