Support reindexing the .kibana_security_session_1 index to the 8.x format.

[azasypkin]

Summary

Users can only upgrade successfully to Elasticsearch 9.x if all indices in their system were created in 8.x. This means any index created in a 7.x version or older must be reindexed into an 8.x format for the upgrade to succeed.

For instance, we need to reindex the .kibana_security_session_1 index if it was created in a 7.x format (server-side sessions have been available since 7.10).

Currently, we have a .kibana_security_session alias pointing to the .kibana_security_session_1 index. We create this index manually to maintain control over its settings. Additionally, if the index exists but has outdated mappings, we need to update them, which can be done using alias. When system index reindexing is triggered from the Upgrade Assistant, Elasticsearch will need to:

1. Create a new index with a different name (e.g., .kibana_security_session_1_reindexed)
2. Reindex all documents from .kibana_security_session_1 into it
3. Update the .kibana_security_session alias to point to the new index, and
4. Drop the old .kibana_security_session_1 index

Given this process, we need to update our code in session_index.ts to:

1. Detect whether .kibana_security_session_1 or the reindexed index exists (maybe just check if search against alias returns non-404 result?)
2. Attempt to create .kibana_security_session_1 only if neither exists, and
3. Update mappings using .kibana_security_session alias if needed.

[elasticmachine]

Pinging @elastic/kibana-security (Team:Security)

[jloleysens]

@azasypkin , I recall we had a conversation about this a while ago. I can't quite tell from that context, but is the system migration OK for .kibana_security_session_1? We should be able to test this out by starting Kibana with:

xpack.upgrade_assistant.featureSet:
  mlSnapshots: true
  migrateSystemIndices: true # specifically this one
  migrateDataStreams: true
  reindexCorrectiveActions: true

Starting Kibana + ES (with a security session index created in 7.x) and seeing (1) is it detected by ES and (2) what happens when we press "Migrate indices"

[azasypkin]

@jloleysens, thanks for the ping and for sharing the steps to test this. I believe we’ll need to make a few adjustments in our code to make it work. We’re planning to pick this up soon and will report back with the results.