Update CODEOWNERS for Security Solution

[oatkiller]

Summary

This PR assigns CODEOWNERS to unowned files that should be owned by Elastic Security.
It also assigns new more specific CODEOWNERS for files that should be owned by a specific team in Elastic Security.

These changes should allow anyone to easily identify the accountable team for any Elastic Security automated tests that are identified as being flaky.

The audit was done using the npm package github-codeowners.

Checklist

• Assign unowned files to Elastic Security teams
• Assign files owned by @elastic/security-solution to more specific teams
• Each team in Elastic Security that contributes to Kibana needs to review the changed CODEOWNERS and the list of files whose ownership has changed
• Review ownership of this directory: https://github.com/elastic/kibana/tree/main/x-pack/test/api_integration/apis/security_solution

For maintainers

• This was checked for breaking API changes and was labeled appropriately

[kibana-ci]

💔 Build Failed

• Buildkite Build
• Commit: 40ccab7
• Interpreting CI Failures

Failed CI Steps

• Jest Integration Tests #3
• FTR Configs #1
• FTR Configs #2
• FTR Configs #3
• FTR Configs #7
• FTR Configs #7
• FTR Configs #8
• FTR Configs #8
• FTR Configs #10
• FTR Configs #11
• FTR Configs #12
• FTR Configs #13
• FTR Configs #14
• FTR Configs #15
• FTR Configs #16
• FTR Configs #16
• FTR Configs #17
• FTR Configs #17
• FTR Configs #18
• FTR Configs #18
• FTR Configs #19
• FTR Configs #19
• FTR Configs #21
• FTR Configs #21
• FTR Configs #22
• FTR Configs #23
• FTR Configs #24
• FTR Configs #24
• FTR Configs #25
• FTR Configs #26
• FTR Configs #27
• FTR Configs #28
• FTR Configs #29
• FTR Configs #29
• FTR Configs #31
• FTR Configs #31
• FTR Configs #32
• FTR Configs #33
• FTR Configs #34
• FTR Configs #37
• FTR Configs #37
• FTR Configs #38
• FTR Configs #39
• FTR Configs #41
• FTR Configs #42
• FTR Configs #42
• FTR Configs #43
• FTR Configs #44
• FTR Configs #44
• FTR Configs #45
• FTR Configs #45
• FTR Configs #49
• FTR Configs #50
• FTR Configs #51
• FTR Configs #51
• FTR Configs #52
• FTR Configs #53
• FTR Configs #56
• FTR Configs #56
• FTR Configs #57
• FTR Configs #58
• FTR Configs #58
• FTR Configs #59
• FTR Configs #60
• FTR Configs #61
• FTR Configs #62

Test Failures

• [job] [logs] FTR Configs #56 / Actions and Triggers app Home page Loads the app Alerts tab navigates to an alert details page
• [job] [logs] FTR Configs #56 / Actions and Triggers app Home page Loads the app Alerts tab navigates to an alert details page
• [job] [logs] FTR Configs #56 / Actions create should handle create connector request appropriately
• [job] [logs] FTR Configs #56 / Actions create should handle create connector request appropriately
• [job] [logs] FTR Configs #29 / Alerting aggregate post should aggregate alert status totals
• [job] [logs] FTR Configs #29 / Alerting aggregate post should aggregate alert status totals
• [job] [logs] FTR Configs #43 / alerting api integration basic license Alerts create gold noop rule should return 403 when creating an gold rule
• [job] [logs] FTR Configs #51 / alerting api integration security and spaces enabled Alerts - Group 1 alerts create no_kibana_privileges at space1 should handle create alert request appropriately
• [job] [logs] FTR Configs #51 / alerting api integration security and spaces enabled Alerts - Group 1 alerts create no_kibana_privileges at space1 should handle create alert request appropriately
• [job] [logs] FTR Configs #7 / alerting api integration security and spaces enabled - Group 2 Connectors get oauth access token should return 200 when requesting a JWT access token with OAuth credentials
• [job] [logs] FTR Configs #8 / alerting api integration security and spaces enabled - Group 2 Connectors get oauth access token should return 200 when requesting a JWT access token with OAuth credentials
• [job] [logs] FTR Configs #8 / alerting api integration security and spaces enabled - Group 2 Connectors get oauth access token should return 200 when requesting a JWT access token with OAuth credentials
• [job] [logs] FTR Configs #7 / alerting api integration security and spaces enabled - Group 2 Connectors get oauth access token should return 200 when requesting a JWT access token with OAuth credentials
• [job] [logs] FTR Configs #44 / alerting api integration security and spaces enabled - Group 3 Alerts - Group 3 alerts bulkEdit no_kibana_privileges at space1 should handle bulk edit of rules appropriately
• [job] [logs] FTR Configs #44 / alerting api integration security and spaces enabled - Group 3 Alerts - Group 3 alerts bulkEdit no_kibana_privileges at space1 should handle bulk edit of rules appropriately
• [job] [logs] FTR Configs #51 / Alerting builtin alertTypes index_threshold rule runs and gracefully handles ES errors
• [job] [logs] FTR Configs #51 / Alerting builtin alertTypes index_threshold rule runs and gracefully handles ES errors
• [job] [logs] FTR Configs #42 / Alerting builtin alertTypes long_running_rule long running rule writes event log document for timeout for each rule execution that ends in timeout - every execution times out
• [job] [logs] FTR Configs #42 / Alerting builtin alertTypes long_running_rule long running rule writes event log document for timeout for each rule execution that ends in timeout - every execution times out
• [job] [logs] FTR Configs #32 / Alerting executionStatus should be "pending" for newly created alert
• [job] [logs] FTR Configs #52 / analytics analytics service analytics service: public side should see both events enqueued and sent to the shipper
• [job] [logs] FTR Configs #1 / Application Usage keys in the schema match the registered application IDs
• [job] [logs] FTR Configs #58 / Cases Attachment framework External reference attachments "before all" hook for "renders an external reference attachment type correctly"
• [job] [logs] FTR Configs #18 / cases security and spaces enabled: basic assignees find_case should get 403 when trying to filter cases by assignees
• [job] [logs] FTR Configs #18 / cases security and spaces enabled: basic assignees find_case should get 403 when trying to filter cases by assignees
• [job] [logs] FTR Configs #17 / cases security and spaces enabled: no_public_base_url push_case incident recorder server should push correctly without a publicBaseUrl
• [job] [logs] FTR Configs #17 / cases security and spaces enabled: no_public_base_url push_case incident recorder server should push correctly without a publicBaseUrl
• [job] [logs] FTR Configs #45 / cases security and spaces enabled: trial push_case incident recorder server should push a with a description using the updated profile full name
• [job] [logs] FTR Configs #45 / cases security and spaces enabled: trial push_case incident recorder server should push a with a description using the updated profile full name
• [job] [logs] FTR Configs #59 / cases spaces only enabled: trial Common get_cases using alertID should return all cases with the same alert ID attached to them in space1
• [job] [logs] FTR Configs #49 / Cloud Integrations Cloud Links integration "before each" hook for ""Manage this deployment" is appended to the nav list"
• [job] [logs] FTR Configs #19 / copy to space with security copy to spaces user with no access from the default space single-namespace types "before each" hook for "should return 403 when copying to space without conflicts or references"
• [job] [logs] FTR Configs #31 / copy to space with security copy to spaces user with no access from the default space single-namespace types "before each" hook for "should return 403 when copying to space without conflicts or references"
• [job] [logs] FTR Configs #19 / copy to space with security copy to spaces user with no access from the default space single-namespace types "before each" hook for "should return 403 when copying to space without conflicts or references"
• [job] [logs] FTR Configs #31 / copy to space with security copy to spaces user with no access from the default space single-namespace types "before each" hook for "should return 403 when copying to space without conflicts or references"
• [job] [logs] FTR Configs #24 / core plugins - initializer context - node roles - all initializer context passes node roles to server PluginInitializerContext
• [job] [logs] FTR Configs #24 / core plugins - initializer context - node roles - all initializer context passes node roles to server PluginInitializerContext
• [job] [logs] FTR Configs #41 / core plugins - initializer context - node roles - backgroundTasks initializer context passes node roles to server PluginInitializerContext
• [job] [logs] FTR Configs #26 / core plugins - initializer context - node roles - ui initializer context passes node roles to server PluginInitializerContext
• [job] [logs] FTR Configs #42 / encryptedSavedObjects encrypted saved objects API within a default space with single namespace saved object "before each" hook for "#create encrypts attributes and strips them from response"
• [job] [logs] FTR Configs #42 / encryptedSavedObjects encrypted saved objects API within a default space with single namespace saved object "before each" hook for "#create encrypts attributes and strips them from response"
• [job] [logs] FTR Configs #49 / Execution context Server-side apps propagates context for Task and Alerts
• [job] [logs] FTR Configs #3 / GlobalSearch API GlobalSearch providers SavedObject provider can search for data views
• [job] [logs] FTR Configs #57 / health gateway returns 200 on healthy hosts
• [job] [logs] FTR Configs #22 / Hello world renders hello world text
• [job] [logs] FTR Configs #58 / Ingest Pipelines Accessibility Create Pipeline Wizard
• [job] [logs] FTR Configs #58 / Ingest Pipelines Accessibility Create Pipeline Wizard
• [job] [logs] FTR Configs #16 / Ingest pipelines app Ingest Pipelines Loads the app
• [job] [logs] FTR Configs #16 / Ingest pipelines app Ingest Pipelines Loads the app
• [job] [logs] FTR Configs #11 / Interactive setup APIs - Enrollment flow fails to enroll with invalid CA fingerprint
• [job] [logs] FTR Configs #27 / Interactive setup APIs - Manual configuration flow fails to configure with invalid CA certificate
• [job] [logs] FTR Configs #31 / Interactive setup APIs - Manual configuration flow without TLS fails to configure with invalid credentials
• [job] [logs] FTR Configs #31 / Interactive setup APIs - Manual configuration flow without TLS fails to configure with invalid credentials
• [job] [logs] FTR Configs #15 / Interactive Setup Functional Tests (Enrollment token) should configure Kibana successfully
• [job] [logs] FTR Configs #53 / Interactive Setup Functional Tests (Manual configuration without Security) should configure Kibana successfully
• [job] [logs] FTR Configs #12 / Licensing plugin public client feature_usage API allows to register features to the server
• [job] [logs] FTR Configs #62 / Monitoring Collection Prometheus endpoint returns prometheus scraped metrics
• [job] [logs] FTR Configs #27 / platform elasticsearch client scopes the elasticsearch client provided via request context to user credentials
• [job] [logs] FTR Configs #34 / rule registry spaces only: trial Rule Registry API with write permissions when creating a rule writes alerts data to the alert indices
• [job] [logs] FTR Configs #23 / runPipeline "before all" hook in "runPipeline"
• [job] [logs] FTR Configs #21 / saved objects security and spaces enabled _bulk_create user with no access within the default space "before all" hook for "should return 403 forbidden [isolatedtype/defaultspace-isolatedtype-id]"
• [job] [logs] FTR Configs #24 / saved objects security and spaces enabled _bulk_create user with no access within the default space "before all" hook for "should return 403 forbidden [isolatedtype/defaultspace-isolatedtype-id]"
• [job] [logs] FTR Configs #24 / saved objects security and spaces enabled _bulk_create user with no access within the default space "before all" hook for "should return 403 forbidden [isolatedtype/defaultspace-isolatedtype-id]"
• [job] [logs] FTR Configs #21 / saved objects security and spaces enabled _bulk_create user with no access within the default space "before all" hook for "should return 403 forbidden [isolatedtype/defaultspace-isolatedtype-id]"
• [job] [logs] FTR Configs #10 / saved objects spaces only enabled _bulk_create within the default space "before all" hook for "should return 200 success [isolatedtype/space1-isolatedtype-id,isolatedtype/space2-isolatedtype-id,dashboard/new-dashboard-id,sharedtype/new-sharedtype-id,globaltype/new-globaltype-id,isolatedtype/new-other-space-id,sharecapabletype/new-other-space-id,sharedtype/new-each-space-id,sharedtype/new-all-spaces-id] and bad request [hiddentype/any,isolatedtype/new-other-space-id,sharecapabletype/new-other-space-id] and conflict [isolatedtype/defaultspace-isolatedtype-id,sharedtype/all_spaces,sharedtype/default_and_space_1,sharedtype/only_space_1,sharedtype/only_space_2,sharecapabletype/only_default_space,sharecapabletype/only_space_1,globaltype/globaltype-id,resolvetype/alias-match,resolvetype/alias-match]"
• [job] [logs] FTR Configs #13 / search examples Search session example "before all" hook for "should start search, save session, restore session using "restore" button"
• [job] [logs] FTR Configs #34 / security APIs - Audit Log Audit Log logs audit events when reading and writing saved objects
• [job] [logs] FTR Configs #39 / security APIs - Kerberos Kerberos authentication API access with expired access token. post-authentication stage expired access token should be automatically refreshed by the start-contract client
• [job] [logs] FTR Configs #51 / security APIs - Kerberos Kerberos authentication API access with expired access token. post-authentication stage expired access token should be automatically refreshed by the start-contract client
• [job] [logs] FTR Configs #51 / security APIs - Kerberos Kerberos authentication API access with expired access token. post-authentication stage expired access token should be automatically refreshed by the start-contract client
• [job] [logs] FTR Configs #44 / security APIs - Login Selector Login Selector OpenID Connect should be able to log in via IdP initiated login
• [job] [logs] FTR Configs #44 / security APIs - Login Selector Login Selector OpenID Connect should be able to log in via IdP initiated login
• [job] [logs] FTR Configs #50 / security APIs - OIDC (Authorization Code Flow) OpenID Connect authentication finishing handshake "before each" hook for "should fail if OpenID Connect response is not complemented with handshake cookie"
• [job] [logs] FTR Configs #38 / security APIs - OIDC (Implicit Flow) OpenID Connect Implicit Flow authentication finishing handshake should succeed if both the OpenID Connect response and the cookie are provided
• [job] [logs] FTR Configs #14 / security APIs - PKI PKI authentication API access with expired access token. post-authentication stage expired access token should be automatically refreshed by the start-contract client
• [job] [logs] FTR Configs #60 / security APIs - SAML SAML authentication API access with expired access token. post-authentication stage expired access token should be automatically refreshed by the start-contract client
• [job] [logs] FTR Configs #28 / security APIs - Session Concurrent Limit Session Concurrent Limit cleanup should properly clean up sessions that exceeded concurrent session limit
• [job] [logs] FTR Configs #25 / security APIs - Session Idle Session Idle cleanup should properly clean up session expired because of idle timeout
• [job] [logs] FTR Configs #37 / security APIs - Token session API access with expired access token. post-authentication stage expired access token should be automatically refreshed by the start-contract client
• [job] [logs] FTR Configs #37 / security APIs - Token session API access with expired access token. post-authentication stage expired access token should be automatically refreshed by the start-contract client
• [job] [logs] FTR Configs #52 / security APIs - User Profiles User profiles suggestions can get suggestions in a default space
• [job] [logs] FTR Configs #33 / security app - expired session Basic functionality should handle returned kbn-session-error-reason header when the server response is 401
• [job] [logs] FTR Configs #34 / security app - login selector Basic functionality can login with SSO preserving original URL
• [job] [logs] FTR Configs #2 / security app - OIDC interactions URL capture can login preserving original URL
• [job] [logs] FTR Configs #56 / security app - SAML interactions URL capture can login preserving original URL
• [job] [logs] FTR Configs #56 / security app - SAML interactions URL capture can login preserving original URL
• [job] [logs] FTR Configs #61 / security app - user profiles User Profiles client side APIs can retrieve own user profile and user profiles for other users
• [job] [logs] FTR Configs #17 / spaces api with security resolve copy to spaces conflicts user with no access from the default space single-namespace types "before each" hook for "should return 403 when not overwriting, with references"
• [job] [logs] FTR Configs #42 / spaces api with security resolve copy to spaces conflicts user with no access from the default space single-namespace types "before each" hook for "should return 403 when not overwriting, with references"
• [job] [logs] FTR Configs #42 / spaces api with security resolve copy to spaces conflicts user with no access from the default space single-namespace types "before each" hook for "should return 403 when not overwriting, with references"
• [job] [logs] FTR Configs #17 / spaces api with security resolve copy to spaces conflicts user with no access from the default space single-namespace types "before each" hook for "should return 403 when not overwriting, with references"
• [job] [logs] FTR Configs #1 / spaces api without security copy to spaces from the default space single-namespace types "before each" hook for "should return 200 when copying to space without conflicts or references"
• [job] [logs] Jest Integration Tests #3 / split .kibana index into multiple system indices when multiple Kibana migrators run in parallel correctly migrates 7.7.2_xpack_100k_obj.zip archive
• [job] [logs] FTR Configs #32 / ui capabilities foo everything_space
• [job] [logs] FTR Configs #8 / ui capabilities foo no_kibana_privileges at everything_space
• [job] [logs] FTR Configs #8 / ui capabilities foo no_kibana_privileges at everything_space

Metrics [docs]

Unknown metric groups

ESLint disabled line counts

id	before	after	diff
enterpriseSearch	19	21	+2
securitySolution	400	404	+4
total			+6

Total ESLint disabled count

id	before	after	diff
enterpriseSearch	20	22	+2
securitySolution	480	484	+4
total			+6

History

• 💚 Build #127505 succeeded 9daecab
• 💔 Build #127479 failed 2ee517e
• 💔 Build #127463 failed d1d2a5def6d0124b5ddbe9e166af95dbdb0611ba
• 💔 Build #127181 failed 5d9d53d50f9cbee55856162c43611d6ca303db3e

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

[oatkiller]

I'm going to try doing this in a series of PRs instead.