From c35f6b96e08037b4ab7db5c78be6a36285e4d0f9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gerg=C5=91=20=C3=81brah=C3=A1m?= <gergo.abraham@elastic.co>
Date: Mon, 28 Oct 2024 11:52:22 +0100
Subject: [PATCH] [8.x] [Security Solution] update endpoint serverless metering
 (#197291) (#197948)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[Security Solution] update endpoint serverless metering
(#197291)](https://github.com/elastic/kibana/pull/197291)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Joey F.
Poon","email":"joey.poon@elastic.co"},"sourceCommit":{"committedDate":"2024-10-24T13:51:04Z","message":"[Security
Solution] update endpoint serverless metering (#197291)\n\n##
Summary\r\n\r\nserverless endpoint metering now checks for heartbeats
from all namespaces.\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n\r\n\r\n### For
maintainers\r\n\r\n- [x] This was checked for breaking API changes and
was
[labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)","sha":"8f36175adcf49c0fe57b9e8f11bc1089a7a7b45b","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","backport:skip","v9.0.0","Team:Defend
Workflows","ci:project-deploy-security"],"number":197291,"url":"https://github.com/elastic/kibana/pull/197291","mergeCommit":{"message":"[Security
Solution] update endpoint serverless metering (#197291)\n\n##
Summary\r\n\r\nserverless endpoint metering now checks for heartbeats
from all namespaces.\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n\r\n\r\n### For
maintainers\r\n\r\n- [x] This was checked for breaking API changes and
was
[labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)","sha":"8f36175adcf49c0fe57b9e8f11bc1089a7a7b45b"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/197291","number":197291,"mergeCommit":{"message":"[Security
Solution] update endpoint serverless metering (#197291)\n\n##
Summary\r\n\r\nserverless endpoint metering now checks for heartbeats
from all namespaces.\r\n\r\n\r\n### Checklist\r\n\r\n- [x] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n\r\n\r\n### For
maintainers\r\n\r\n- [x] This was checked for breaking API changes and
was
[labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)","sha":"8f36175adcf49c0fe57b9e8f11bc1089a7a7b45b"}}]}]
BACKPORT-->

Co-authored-by: Joey F. Poon <joey.poon@elastic.co>
---
 .../security_solution/common/endpoint/constants.ts   |  1 +
 .../data_loaders/index_endpoint_hearbeats.ts         |  5 +++--
 .../endpoint/services/metering_service.test.ts       | 12 +++++++-----
 .../server/endpoint/services/metering_service.ts     |  5 +++--
 4 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/x-pack/plugins/security_solution/common/endpoint/constants.ts b/x-pack/plugins/security_solution/common/endpoint/constants.ts
index 2a11d047dd865..534d7e5c2b8a4 100644
--- a/x-pack/plugins/security_solution/common/endpoint/constants.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/constants.ts
@@ -53,6 +53,7 @@ export const policyIndexPattern = 'metrics-endpoint.policy-*';
 export const telemetryIndexPattern = 'metrics-endpoint.telemetry-*';
 
 export const ENDPOINT_HEARTBEAT_INDEX = '.logs-endpoint.heartbeat-default';
+export const ENDPOINT_HEARTBEAT_INDEX_PATTERN = '.logs-endpoint.heartbeat-*';
 
 // File storage indexes supporting endpoint Upload/download
 export const FILE_STORAGE_METADATA_INDEX = getFileMetadataIndexName('endpoint');
diff --git a/x-pack/plugins/security_solution/common/endpoint/data_loaders/index_endpoint_hearbeats.ts b/x-pack/plugins/security_solution/common/endpoint/data_loaders/index_endpoint_hearbeats.ts
index ff6381cb9d3df..85a6242162086 100644
--- a/x-pack/plugins/security_solution/common/endpoint/data_loaders/index_endpoint_hearbeats.ts
+++ b/x-pack/plugins/security_solution/common/endpoint/data_loaders/index_endpoint_hearbeats.ts
@@ -7,7 +7,7 @@
 
 import type { Client, estypes } from '@elastic/elasticsearch';
 import type { ToolingLog } from '@kbn/tooling-log';
-import { ENDPOINT_HEARTBEAT_INDEX } from '../constants';
+
 import { createToolingLogger } from './utils';
 
 export interface IndexedEndpointHeartbeats {
@@ -79,7 +79,8 @@ export const indexEndpointHeartbeats = async (
   const operations = docs.concat(unbilledDocs).flatMap((doc) => [
     {
       index: {
-        _index: ENDPOINT_HEARTBEAT_INDEX,
+        // simulating different namespaces
+        _index: `.logs-endpoint.heartbeat-${doc.agent.id.slice(-1)}`,
         op_type: 'create',
       },
     },
diff --git a/x-pack/plugins/security_solution_serverless/server/endpoint/services/metering_service.test.ts b/x-pack/plugins/security_solution_serverless/server/endpoint/services/metering_service.test.ts
index 9ef80a63f0a4a..323d85e9b9ab5 100644
--- a/x-pack/plugins/security_solution_serverless/server/endpoint/services/metering_service.test.ts
+++ b/x-pack/plugins/security_solution_serverless/server/endpoint/services/metering_service.test.ts
@@ -5,16 +5,18 @@
  * 2.0.
  */
 
-import { loggingSystemMock } from '@kbn/core-logging-server-mocks';
-import { type ElasticsearchClientMock, elasticsearchServiceMock } from '@kbn/core/server/mocks';
+import type { ElasticsearchClientMock } from '@kbn/core/server/mocks';
 import type { AggregationsAggregate, SearchResponse } from '@elastic/elasticsearch/lib/api/types';
 import type { CloudSetup } from '@kbn/cloud-plugin/server';
 import type { EndpointHeartbeat } from '@kbn/security-solution-plugin/common/endpoint/types';
-import { ENDPOINT_HEARTBEAT_INDEX } from '@kbn/security-solution-plugin/common/endpoint/constants';
 
-import { ProductLine, ProductTier } from '../../../common/product';
+import { elasticsearchServiceMock } from '@kbn/core/server/mocks';
+import { ENDPOINT_HEARTBEAT_INDEX_PATTERN } from '@kbn/security-solution-plugin/common/endpoint/constants';
+import { loggingSystemMock } from '@kbn/core-logging-server-mocks';
 
 import type { ServerlessSecurityConfig } from '../../config';
+
+import { ProductLine, ProductTier } from '../../../common/product';
 import { METERING_TASK } from '../constants/metering';
 
 import { EndpointMeteringService } from './metering_service';
@@ -59,7 +61,7 @@ describe('EndpointMeteringService', () => {
       hits: {
         hits: [
           {
-            _index: ENDPOINT_HEARTBEAT_INDEX,
+            _index: ENDPOINT_HEARTBEAT_INDEX_PATTERN,
             _id: 'test-heartbeat-doc-id',
             _source: {
               agent: {
diff --git a/x-pack/plugins/security_solution_serverless/server/endpoint/services/metering_service.ts b/x-pack/plugins/security_solution_serverless/server/endpoint/services/metering_service.ts
index 2d253633b7231..3f3ff94d0aa77 100644
--- a/x-pack/plugins/security_solution_serverless/server/endpoint/services/metering_service.ts
+++ b/x-pack/plugins/security_solution_serverless/server/endpoint/services/metering_service.ts
@@ -7,9 +7,10 @@
 
 import type { AggregationsAggregate, SearchResponse } from '@elastic/elasticsearch/lib/api/types';
 import type { ElasticsearchClient } from '@kbn/core/server';
-import { ENDPOINT_HEARTBEAT_INDEX } from '@kbn/security-solution-plugin/common/endpoint/constants';
 import type { EndpointHeartbeat } from '@kbn/security-solution-plugin/common/endpoint/types';
 
+import { ENDPOINT_HEARTBEAT_INDEX_PATTERN } from '@kbn/security-solution-plugin/common/endpoint/constants';
+
 import { METERING_SERVICE_BATCH_SIZE } from '../../constants';
 import { ProductLine, ProductTier } from '../../../common/product';
 
@@ -83,7 +84,7 @@ export class EndpointMeteringService {
   ): Promise<SearchResponse<EndpointHeartbeat, Record<string, AggregationsAggregate>>> {
     return esClient.search<EndpointHeartbeat>(
       {
-        index: ENDPOINT_HEARTBEAT_INDEX,
+        index: ENDPOINT_HEARTBEAT_INDEX_PATTERN,
         sort: 'event.ingested',
         size: METERING_SERVICE_BATCH_SIZE,
         query: {