package org.elasticsearch.xpack.core.security.authz.store;

import java.util.Map;
import java.util.Set;
import org.elasticsearch.action.admin.indices.delete.TransportDeleteIndexAction;
import org.elasticsearch.action.admin.indices.mapping.put.TransportPutMappingAction;
import org.elasticsearch.action.admin.indices.settings.put.TransportUpdateSettingsAction;
import org.elasticsearch.xpack.core.inference.results.RankedDocsResults;
import org.elasticsearch.xpack.core.monitoring.action.MonitoringBulkAction;
import org.elasticsearch.xpack.core.security.action.apikey.InvalidateApiKeyAction;
import org.elasticsearch.xpack.core.security.action.privilege.GetBuiltinPrivilegesAction;
import org.elasticsearch.xpack.core.security.action.profile.ActivateProfileAction;
import org.elasticsearch.xpack.core.security.action.profile.GetProfilesAction;
import org.elasticsearch.xpack.core.security.action.profile.SuggestProfilesAction;
import org.elasticsearch.xpack.core.security.action.user.ProfileHasPrivilegesAction;
import org.elasticsearch.xpack.core.security.authc.support.mapper.expressiondsl.AllExpression;
import org.elasticsearch.xpack.core.security.authz.RoleDescriptor;
import org.elasticsearch.xpack.core.security.authz.privilege.ConfigurableClusterPrivilege;
import org.elasticsearch.xpack.core.security.authz.privilege.ConfigurableClusterPrivileges;
import org.elasticsearch.xpack.core.security.support.MetadataUtils;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.class */
public class KibanaOwnedReservedRoleDescriptors {
    KibanaOwnedReservedRoleDescriptors() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static RoleDescriptor kibanaAdminUser(String str, Map<String, Object> map) {
        return new RoleDescriptor(str, null, null, new RoleDescriptor.ApplicationResourcePrivileges[]{RoleDescriptor.ApplicationResourcePrivileges.builder().application("kibana-.kibana").resources("*").privileges(AllExpression.NAME).build()}, null, null, map, null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static RoleDescriptor kibanaSystem(String str) {
        return new RoleDescriptor(str, new String[]{"monitor", "manage_index_templates", MonitoringBulkAction.NAME, "manage_saml", "manage_token", "manage_oidc", "manage_enrich", "manage_pipeline", "manage_ilm", "manage_transform", InvalidateApiKeyAction.NAME, "grant_api_key", "manage_own_api_key", GetBuiltinPrivilegesAction.NAME, "delegate_pki", GetProfilesAction.NAME, ActivateProfileAction.NAME, SuggestProfilesAction.NAME, ProfileHasPrivilegesAction.NAME, "write_fleet_secrets", "manage_ml", "cluster:admin/analyze", "monitor_text_structure", "cancel_task"}, new RoleDescriptor.IndicesPrivileges[]{RoleDescriptor.IndicesPrivileges.builder().indices(".kibana*", ".reporting-*").privileges(AllExpression.NAME).allowRestrictedIndices(true).build(), RoleDescriptor.IndicesPrivileges.builder().indices(".monitoring-*").privileges("read", "read_cross_cluster").build(), RoleDescriptor.IndicesPrivileges.builder().indices(".management-beats").privileges("create_index", "read", "write").build(), RoleDescriptor.IndicesPrivileges.builder().indices(".ml-anomalies*", ".ml-stats-*").privileges("read").build(), RoleDescriptor.IndicesPrivileges.builder().indices(".ml-annotations*", ".ml-notifications*").privileges("read", "write").build(), RoleDescriptor.IndicesPrivileges.builder().indices(".apm-agent-configuration").privileges(AllExpression.NAME).allowRestrictedIndices(true).build(), RoleDescriptor.IndicesPrivileges.builder().indices(".apm-custom-link").privileges(AllExpression.NAME).allowRestrictedIndices(true).build(), RoleDescriptor.IndicesPrivileges.builder().indices(".apm-source-map").privileges(AllExpression.NAME).allowRestrictedIndices(true).build(), RoleDescriptor.IndicesPrivileges.builder().indices("apm-*").privileges("read", "read_cross_cluster").build(), RoleDescriptor.IndicesPrivileges.builder().indices("logs-apm.*").privileges("read", "read_cross_cluster").build(), RoleDescriptor.IndicesPrivileges.builder().indices("metrics-apm.*").privileges("read", "read_cross_cluster").build(), RoleDescriptor.IndicesPrivileges.builder().indices("traces-apm.*").privileges("read", "read_cross_cluster").build(), RoleDescriptor.IndicesPrivileges.builder().indices("traces-apm-*").privileges("read", "read_cross_cluster").build(), RoleDescriptor.IndicesPrivileges.builder().indices("*").privileges("view_index_metadata", "monitor").build(), RoleDescriptor.IndicesPrivileges.builder().indices(".logs-endpoint.diagnostic.collection-*").privileges("read").build(), RoleDescriptor.IndicesPrivileges.builder().indices(".fleet-secrets*").privileges("write", "delete", "create_index").allowRestrictedIndices(true).build(), RoleDescriptor.IndicesPrivileges.builder().indices(".fleet-actions*").privileges(AllExpression.NAME).allowRestrictedIndices(true).build(), RoleDescriptor.IndicesPrivileges.builder().indices(".fleet-agents*").privileges(AllExpression.NAME).allowRestrictedIndices(true).build(), RoleDescriptor.IndicesPrivileges.builder().indices(".fleet-artifacts*").privileges(AllExpression.NAME).allowRestrictedIndices(true).build(), RoleDescriptor.IndicesPrivileges.builder().indices(".fleet-enrollment-api-keys*").privileges(AllExpression.NAME).allowRestrictedIndices(true).build(), RoleDescriptor.IndicesPrivileges.builder().indices(".fleet-policies*").privileges(AllExpression.NAME).allowRestrictedIndices(true).build(), RoleDescriptor.IndicesPrivileges.builder().indices(".fleet-policies-leader*").privileges(AllExpression.NAME).allowRestrictedIndices(true).build(), RoleDescriptor.IndicesPrivileges.builder().indices(".fleet-servers*").privileges(AllExpression.NAME).allowRestrictedIndices(true).build(), RoleDescriptor.IndicesPrivileges.builder().indices(".fleet-fileds*").privileges(AllExpression.NAME).allowRestrictedIndices(true).build(), RoleDescriptor.IndicesPrivileges.builder().indices(".fleet-file-data-*").privileges(AllExpression.NAME).allowRestrictedIndices(true).build(), RoleDescriptor.IndicesPrivileges.builder().indices(".fleet-files-*").privileges(AllExpression.NAME).allowRestrictedIndices(true).build(), RoleDescriptor.IndicesPrivileges.builder().indices(".fleet-filedelivery-data-*").privileges(AllExpression.NAME).allowRestrictedIndices(true).build(), RoleDescriptor.IndicesPrivileges.builder().indices(".fleet-filedelivery-meta-*").privileges(AllExpression.NAME).allowRestrictedIndices(true).build(), RoleDescriptor.IndicesPrivileges.builder().indices("logs-elastic_agent*").privileges("read").build(), RoleDescriptor.IndicesPrivileges.builder().indices("metrics-fleet_server*").privileges(AllExpression.NAME).build(), RoleDescriptor.IndicesPrivileges.builder().indices("logs-fleet_server*").privileges("read", "delete_index").build(), RoleDescriptor.IndicesPrivileges.builder().indices(ReservedRolesStore.ALERTS_LEGACY_INDEX).privileges(AllExpression.NAME).build(), RoleDescriptor.IndicesPrivileges.builder().indices(ReservedRolesStore.LISTS_INDEX, ReservedRolesStore.LISTS_ITEMS_INDEX).privileges(AllExpression.NAME).build(), RoleDescriptor.IndicesPrivileges.builder().indices(ReservedRolesStore.ALERTS_BACKING_INDEX).privileges(AllExpression.NAME).build(), RoleDescriptor.IndicesPrivileges.builder().indices(ReservedRolesStore.ALERTS_INDEX_ALIAS).privileges(AllExpression.NAME).build(), RoleDescriptor.IndicesPrivileges.builder().indices(ReservedRolesStore.PREVIEW_ALERTS_INDEX_ALIAS).privileges(AllExpression.NAME).build(), RoleDescriptor.IndicesPrivileges.builder().indices(ReservedRolesStore.PREVIEW_ALERTS_BACKING_INDEX_ALIAS).privileges(AllExpression.NAME).build(), RoleDescriptor.IndicesPrivileges.builder().indices("metrics-endpoint.policy-*").privileges("read").build(), RoleDescriptor.IndicesPrivileges.builder().indices("metrics-endpoint.metrics-*").privileges("read").build(), RoleDescriptor.IndicesPrivileges.builder().indices("logs-endpoint.events.*").privileges("read").build(), RoleDescriptor.IndicesPrivileges.builder().indices("logs-*", "synthetics-*", "traces-*", "/metrics-.*&~(metrics-endpoint\\.metadata_current_default.*)/", ".logs-endpoint.action.responses-*", ".logs-endpoint.diagnostic.collection-*", ".logs-endpoint.actions-*", ".logs-endpoint.heartbeat-*", ".logs-osquery_manager.actions-*", ".logs-osquery_manager.action.responses-*", ReservedRolesStore.UNIVERSAL_PROFILING_ALIASES).privileges(TransportUpdateSettingsAction.TYPE.name(), TransportPutMappingAction.TYPE.name(), "indices:admin/rollover", "indices:admin/data_stream/lifecycle/put").build(), RoleDescriptor.IndicesPrivileges.builder().indices(".logs-endpoint.action.responses-*").privileges("auto_configure", "read", "write").build(), RoleDescriptor.IndicesPrivileges.builder().indices(".logs-endpoint.actions-*").privileges("auto_configure", "read", "write").build(), RoleDescriptor.IndicesPrivileges.builder().indices(".logs-osquery_manager.action.responses-*").privileges("auto_configure", "create_index", "read", RankedDocsResults.RankedDoc.INDEX, "delete").build(), RoleDescriptor.IndicesPrivileges.builder().indices(".logs-osquery_manager.actions-*").privileges("auto_configure", "create_index", "read", RankedDocsResults.RankedDoc.INDEX, "write", "delete").build(), RoleDescriptor.IndicesPrivileges.builder().indices("logs-sentinel_one.*", "logs-crowdstrike.*").privileges("read").build(), RoleDescriptor.IndicesPrivileges.builder().indices(".logs-endpoint.diagnostic.collection-*", "logs-apm-*", "logs-apm.*-*", "metrics-apm-*", "metrics-apm.*-*", "traces-apm-*", "traces-apm.*-*", "synthetics-http-*", "synthetics-icmp-*", "synthetics-tcp-*", "synthetics-browser-*", "synthetics-browser.network-*", "synthetics-browser.screenshot-*").privileges(TransportDeleteIndexAction.TYPE.name()).build(), RoleDescriptor.IndicesPrivileges.builder().indices("metrics-endpoint.metadata*").privileges("read", "view_index_metadata").build(), RoleDescriptor.IndicesPrivileges.builder().indices("metrics-endpoint.metadata_current_default*", ".metrics-endpoint.metadata_current_default*", ".metrics-endpoint.metadata_united_default*").privileges("create_index", "delete_index", "read", RankedDocsResults.RankedDoc.INDEX, "indices:admin/aliases", TransportUpdateSettingsAction.TYPE.name()).build(), RoleDescriptor.IndicesPrivileges.builder().indices("logs-ti_*_latest.*").privileges("create_index", "delete_index", "read", RankedDocsResults.RankedDoc.INDEX, "delete", "manage", "indices:admin/aliases", TransportUpdateSettingsAction.TYPE.name()).build(), RoleDescriptor.IndicesPrivileges.builder().indices("logs-ti_*.*-*").privileges(TransportDeleteIndexAction.TYPE.name(), "read", "view_index_metadata").build(), RoleDescriptor.IndicesPrivileges.builder().indices("kibana_sample_data_*").privileges("create_index", "delete_index", "read", RankedDocsResults.RankedDoc.INDEX, "view_index_metadata", "indices:admin/aliases", TransportUpdateSettingsAction.TYPE.name()).build(), RoleDescriptor.IndicesPrivileges.builder().indices("logs-cloud_security_posture.findings-*", "logs-cloud_security_posture.vulnerabilities-*").privileges("read", "view_index_metadata").build(), RoleDescriptor.IndicesPrivileges.builder().indices("logs-cloud_security_posture.findings_latest-default*", "logs-cloud_security_posture.scores-default*", "logs-cloud_security_posture.vulnerabilities_latest-default*").privileges("create_index", "read", RankedDocsResults.RankedDoc.INDEX, "delete", "indices:admin/aliases", TransportUpdateSettingsAction.TYPE.name()).build(), RoleDescriptor.IndicesPrivileges.builder().indices("risk-score.risk-*").privileges(AllExpression.NAME).build(), RoleDescriptor.IndicesPrivileges.builder().indices(".asset-criticality.asset-criticality-*").privileges("create_index", "manage", "read").build(), RoleDescriptor.IndicesPrivileges.builder().indices("logs-cloud_defend.*", "metrics-cloud_defend.*").privileges("read", "view_index_metadata").build(), RoleDescriptor.IndicesPrivileges.builder().indices(".slo-observability.*").privileges(AllExpression.NAME).build(), RoleDescriptor.IndicesPrivileges.builder().indices(".logs-endpoint.heartbeat-*").privileges("read").build(), RoleDescriptor.IndicesPrivileges.builder().indices(".elastic-connectors*").privileges("read").build()}, null, new ConfigurableClusterPrivilege[]{new ConfigurableClusterPrivileges.ManageApplicationPrivileges(Set.of("kibana-*")), new ConfigurableClusterPrivileges.WriteProfileDataPrivileges(Set.of("kibana*"))}, null, MetadataUtils.DEFAULT_RESERVED_METADATA, null, new RoleDescriptor.RemoteIndicesPrivileges[]{ReservedRolesStore.getRemoteIndicesReadPrivileges(".monitoring-*"), ReservedRolesStore.getRemoteIndicesReadPrivileges("apm-*"), ReservedRolesStore.getRemoteIndicesReadPrivileges("logs-apm.*"), ReservedRolesStore.getRemoteIndicesReadPrivileges("metrics-apm.*"), ReservedRolesStore.getRemoteIndicesReadPrivileges("traces-apm.*"), ReservedRolesStore.getRemoteIndicesReadPrivileges("traces-apm-*")}, null);
    }
}
