# Backport
This will backport the following commits from `main` to `8.x`:
- [[Security Solution][Endpoint] changes to Endpoint metadata API in
support of space awareness
(#193490)](https://github.com/elastic/kibana/pull/193490)
<!--- Backport version: 8.9.8 -->
### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)
<!--BACKPORT [{"author":{"name":"Paul
Tavares","email":"56442535+paul-tavares@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-09-27T14:38:17Z","message":"[Security
Solution][Endpoint] changes to Endpoint metadata API in support of space
awareness (#193490)\n\n## Summary\r\n\r\n### Fleet Plugin\r\n\r\n- Added
some mocks and updates others\r\n\r\n\r\n### Security
Solution\r\n\r\nThe following refactoring changes were done in
preparation for\r\nforthcoming work for supporting kibana
spaces:\r\n\r\n- A new saved objects client factory service was
introduced for use in\r\n`EndpointAppContextServices`\r\n- Deleted older
saved objects client utilities\r\n- Simplified the list of options
passed to\r\n`EndpointAppContextService#start()` method\r\n- Updated
`EndpiontFleetServicesFactory` with:\r\n - simpler list of constructor
arguments\r\n - changed members of object return by
`asInternalUser()`\r\n- Refactored the `EndpintMetadataService` to:\r\n
- take in simplified constructor arguments\r\n- Simplified most methods
of the class with removal all ES Client, SO\r\nClient or Fleet services
arguments from class method calling signatures.\r\nThese are not
provided to the service class upon initialization and can\r\nbe accessed
internally by the methods\r\n- Updates to Mocks and tests to reflect the
above
changes","sha":"0b1e9f475440d60260203ce2a85c8b57c4363130","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:Fleet","v9.0.0","Team:Defend
Workflows","backport:prev-minor","ci:project-deploy-observability","Team:obs-ux-infra_services","apm:review","v8.16.0"],"number":193490,"url":"https://github.com/elastic/kibana/pull/193490","mergeCommit":{"message":"[Security
Solution][Endpoint] changes to Endpoint metadata API in support of space
awareness (#193490)\n\n## Summary\r\n\r\n### Fleet Plugin\r\n\r\n- Added
some mocks and updates others\r\n\r\n\r\n### Security
Solution\r\n\r\nThe following refactoring changes were done in
preparation for\r\nforthcoming work for supporting kibana
spaces:\r\n\r\n- A new saved objects client factory service was
introduced for use in\r\n`EndpointAppContextServices`\r\n- Deleted older
saved objects client utilities\r\n- Simplified the list of options
passed to\r\n`EndpointAppContextService#start()` method\r\n- Updated
`EndpiontFleetServicesFactory` with:\r\n - simpler list of constructor
arguments\r\n - changed members of object return by
`asInternalUser()`\r\n- Refactored the `EndpintMetadataService` to:\r\n
- take in simplified constructor arguments\r\n- Simplified most methods
of the class with removal all ES Client, SO\r\nClient or Fleet services
arguments from class method calling signatures.\r\nThese are not
provided to the service class upon initialization and can\r\nbe accessed
internally by the methods\r\n- Updates to Mocks and tests to reflect the
above
changes","sha":"0b1e9f475440d60260203ce2a85c8b57c4363130"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/193490","number":193490,"mergeCommit":{"message":"[Security
Solution][Endpoint] changes to Endpoint metadata API in support of space
awareness (#193490)\n\n## Summary\r\n\r\n### Fleet Plugin\r\n\r\n- Added
some mocks and updates others\r\n\r\n\r\n### Security
Solution\r\n\r\nThe following refactoring changes were done in
preparation for\r\nforthcoming work for supporting kibana
spaces:\r\n\r\n- A new saved objects client factory service was
introduced for use in\r\n`EndpointAppContextServices`\r\n- Deleted older
saved objects client utilities\r\n- Simplified the list of options
passed to\r\n`EndpointAppContextService#start()` method\r\n- Updated
`EndpiontFleetServicesFactory` with:\r\n - simpler list of constructor
arguments\r\n - changed members of object return by
`asInternalUser()`\r\n- Refactored the `EndpintMetadataService` to:\r\n
- take in simplified constructor arguments\r\n- Simplified most methods
of the class with removal all ES Client, SO\r\nClient or Fleet services
arguments from class method calling signatures.\r\nThese are not
provided to the service class upon initialization and can\r\nbe accessed
internally by the methods\r\n- Updates to Mocks and tests to reflect the
above
changes","sha":"0b1e9f475440d60260203ce2a85c8b57c4363130"}},{"branch":"8.x","label":"v8.16.0","labelRegex":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->
## Summary
Upgrades `@testing-library/user-event` to `^14.5.2`. See the release
notes for `v14` for breaking changes:
https://github.com/testing-library/user-event/releases/tag/v14.0.0
I was facing an
[issue](https://github.com/testing-library/user-event/issues/662) with
`v13.5.0` with `userEvent.click()` in a PR
(https://github.com/elastic/kibana/pull/189729) and was able to verify
that `v14.4.3` onwards fixes it so I decided to update that package.
What a rabbit hole 😅 !
- In `user-event` `v14` events return a promise, so this PR updates
usage of the likes of `userEvent.click` with `await userEvent.click`.
Regex to search for `userEvent` calls that miss `await` except `.setup`:
`(?<!await\s)userEvent\.(?!setup\b)`
- The way to handle pointer events needed changing from `, undefined, {
skipPointerEventsCheck: true });` to `, { pointerEventsCheck: 0 });`.
- I tried a bit to do the refactor with codemods, but there were quite
some edge cases so it ended up being done manually.
- I looked into all failing tests and tried my best to update them, but
for some of them I lacked the context to make them work again. If you're
a code owner and find a skipped test in this PR please give it a try to
fix and push in this PR or let me know if it's fine for you to fix in
follow ups.
List of files where I had to skip tests (`git diff main...HEAD
-G'\.skip' --name-only`):
### `packages/kbn-dom-drag-drop`
- `packages/kbn-dom-drag-drop/src/droppable.test.tsx`
### `x-pack/plugins/cases`
- `x-pack/plugins/cases/public/components/templates/form.test.tsx`
-
`x-pack/plugins/cases/public/components/user_actions/user_actions_list.test.tsx`
### `x-pack/plugins/cloud_security_posture`
-
`x-pack/plugins/cloud_security_posture/public/components/fleet_extensions/policy_template_form.test.tsx`
### `x-pack/plugins/lens`
-
`x-pack/plugins/lens/public/datasources/form_based/dimension_panel/format_selector.test.tsx`
### `x-pack/plugins/observability_solution`
-
`x-pack/plugins/observability_solution/synthetics/public/apps/synthetics/components/monitor_add_edit/fields/request_body_field.test.tsx`
### `x-pack/plugins/security_solution`
-
`x-pack/plugins/security_solution/public/management/components/console/components/command_input/integration_tests/command_input.test.tsx`
-
`x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/kill_process_action.test.tsx`
-
`x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/release_action.test.tsx`
-
`x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/status_action.test.tsx`
-
`x-pack/plugins/security_solution/public/management/components/endpoint_responder/command_render_components/integration_tests/upload_action.test.tsx`
-
`x-pack/plugins/security_solution/public/management/components/endpoint_response_actions_list/integration_tests/response_actions_log.test.tsx`
-
`x-pack/plugins/security_solution/public/management/pages/event_filters/view/components/event_filters_flyout.test.tsx`
-
`x-pack/plugins/security_solution/public/management/pages/response_actions/view/response_actions_list_page.test.tsx`
----
I plan to do a talk on Kibana Demo Days to walk through some of the
breaking changes and learnings.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
- [x] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
## Summary
Prep work for React@18 bump
https://github.com/elastic/kibana/issues/138222
In React@18 `useCallback` types has changed that introduced breaking
changes:
https://github.com/DefinitelyTyped/DefinitelyTyped/issues/46691
Fixed using:
https://github.com/eps1lon/types-react-codemod?tab=readme-ov-file#usecallback-implicit-any
**Tried to do my best with fixing the types, but if you disagree or have
a better idea how it should be solved feel free to suggest changes or
commit directly to the branch 🙏**
---------
Co-authored-by: Sergi Massaneda <sergi.massaneda@elastic.co>
Co-authored-by: Sébastien Loix <sabee77@gmail.com>
Co-authored-by: Nick Peihl <nick.peihl@elastic.co>
Co-authored-by: Stratoula Kalafateli <efstratia.kalafateli@elastic.co>
Co-authored-by: Felix Stürmer <felix.stuermer@elastic.co>
Co-authored-by: nickofthyme <nicholas.partridge@elastic.co>
Co-authored-by: Davis McPhee <davis.mcphee@elastic.co>
Co-authored-by: Vitalii Dmyterko <92328789+vitaliidm@users.noreply.github.com>
Co-authored-by: Maxim Palenov <maxim.palenov@elastic.co>
Co-authored-by: Christos Nasikas <christos.nasikas@elastic.co>
Co-authored-by: Anton Dosov <anton.dosov@elastic.co>
## Summary
Updates usage of `js-yaml` `load` and `dump` to `safeLoad` and
`safeDump`, in preparation for a major version update of dependency,
where the default behavior will be that of the safe function variants.
## Note to reviewers
`safeDump` will throw if it encounters invalid types (e.g. `undefined`),
whereas the `dump` function will still write the file including the
invalid types. This may have an affect within your use cases - if
throwing is not acceptable or is unhandled. To avoid this the
`skipInvalid` option can be used (see
https://github.com/nodeca/js-yaml#dump-object---options-) - this will
write the file, stripping out any invalid types from the input.
Please consider this when reviewing the changes to your code. If the
`skipInvalid` option is needed, please add it, or let us know to make
the change.
---------
Co-authored-by: Sid <siddharthmantri1@gmail.com>
Co-authored-by: “jeramysoucy” <jeramy.soucy@elastic.co>
Co-authored-by: Elena Shostak <elena.shostak@elastic.co>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Maxim Palenov <maxim.palenov@elastic.co>
## Summary
This PR has breadth, but not depth. This adds 3 new `eslint` rules. The
first two protect against the use of code generated from strings (`eval`
and friends), which will not work client-side due to our CSP, and is not
something we wish to support server-side. The last rule aims to prevent
a subtle class of bugs, and to defend against a subset of prototype
pollution exploits:
- `no-new-func` to be compliant with our CSP, and to prevent code
execution from strings server-side:
https://eslint.org/docs/latest/rules/no-new-func
- `no-implied-eval` to be compliant with our CSP, and to prevent code
execution from strings server-side:
https://eslint.org/docs/latest/rules/no-implied-eval. Note that this
function implies that it prevents no-new-func, but I don't see [test
cases](https://github.com/eslint/eslint/blob/main/tests/lib/rules/no-implied-eval.js)
covering this behavior, so I think we should play it safe and enable
both rules.
- `no-prototype-builtins` to prevent accessing shadowed properties:
https://eslint.org/docs/latest/rules/no-prototype-builtins
In order to be compliant with `no-prototype-builtins`, I've migrated all
usages and variants of `Object.hasOwnProperty` to use the newer
[`Object.hasOwn`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/hasOwn).
Part of https://github.com/elastic/kibana/issues/186574
## Summary
This PR migrates the Cloud Defend Plugin's route handler that consumes
`authc.getCurrentUser` to use `coreContext.security`.
Background: This PR serves as an example of a plugin migrating away from
depending on the Security plugin, which is a high priority effort for
the last release before 9.0.
### Checklist
Delete any items that are not applicable to this PR.
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Closes https://github.com/elastic/ingest-dev/issues/3262
Required for reusable integration policies work.
Added support to package policy SO and API to link to multiple agent
policies.
Added as a non-breaking change to be able to create/update a package
policy with multiple `policy_ids`.
It is backwards compatible with the existing code to use a single
`policy_id`.
Openapi spec updated:
8917b3e301/x-pack/plugins/fleet/common/openapi/bundled.json#/Package%20policies/create-package-policy
API change:
```
POST kbn:/api/fleet/package_policies
{
"policy_ids": ["ac7ac2af-d325-4239-8637-9368a7d1ac04"],
"name": "apache_tomcat-5",
"package": {
"name": "apache_tomcat",
"version": "1.5.1"
},
"inputs": []
}
```
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Ash <1849116+ashokaditya@users.noreply.github.com>
## Summary
Prep work for React@18 bump
tl;dr In React@18 `React.FC` doesn't contain `children` anymore, so in
order to make the bump easier I have decided to split the effort in
multiple faces and hopefully this will make it easier for everyone
This PR focuses only on adding explicit `children` declaration either by
using `React.PropsWithChildren` type or by adding `children:
React.ReactNode` to the existing props types
https://github.com/DefinitelyTyped/DefinitelyTyped/issues/46691
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Sergi Massaneda <sergi.massaneda@gmail.com>
Co-authored-by: Marco Vettorello <marco.vettorello@elastic.co>
Co-authored-by: James Gowdy <jgowdy@elastic.co>
Closes: https://github.com/elastic/security-team/issues/8708
## Description
The Vulnerabilities tab on the Findings landing (empty prompt view) has
a decorative image that needs an empty alt-text attribute. Screenshot
attached.
### Steps to recreate
1. Open the [Findings Vulnerability
tab](https://kibana.siem.estc.dev/app/security/cloud_security_posture/findings/vulnerabilities)
2. Inspect the decorative image shown using the DevTools
3. Verify the non-empty alt text that should be updated
### What was done?
`alt` attribute was set to "" and `role="presentation"`
### Screen
<img width="1405" alt="image"
src="39d765a9-635d-4b41-b4c1-1fa786cee4b5">
## Summary
This PR adds the ResizeObserver polyfill in Jest Tests reusing a
polyfill already used in Kibana.
The PR also removes all the mocks for the ResizeObserver used in tests.
The polyfill is no longer needed in code running on a browser as the
[ResizeObserver API is already
available](https://developer.mozilla.org/en-US/docs/Web/API/ResizeObserver#browser_compatibility)
in every Kibana-supported browser.
There is still one last polyfill to remove `@juggle/resize-observer` but
this is used internally by the `use-resize-observer` hook. A following
PR could probably replace that hook with a different hook that doesn't
require that polyfill to cleanup a bit our dependencies
## Summary
This PR started out as an attempt to resolve
https://github.com/elastic/kibana/issues/166559; which it does, the
appropriate colours for the message prompt displayed when an edit
attempt on read only content is made in the code editor for both dark
and light mode are now set;
### Light mode
<img width="412" alt="Screenshot 2023-11-22 at 11 30 17"
src="8675dd9f-b413-4098-a903-7ac63dc367fb">
### Dark mode
<img width="843" alt="Screenshot 2023-11-22 at 11 29 31"
src="64fd39e0-d5dd-4556-b6ca-75ba8fc55c94">
#### Noteworthy**
- See https://code.visualstudio.com/api/references/theme-color for more
clarification on the style definitions added to this PR
- There's also been accommodation made for consumers of the code editor
to provide their own custom message through the prop `readOnlyMessage`.
- That been said it's worth pointing out that this PR updates
react-monaco-editor and monaco-editor packages to their latest version,
primarily because the functionality that provides support to provide
customization for the providing a color scheme that would support in our
use case for setting colors for dark mode and light mode appropriately,
shipped in version 0.40.0 of monaco editor, also for react-monaco-editor
prior to it's current latest the pinned version of monaco editor was
0.38.0.
- Monaco-yaml is also updated in the PR, matching the change in
expectation of the underlying monaco-editor api.
~- Updates to the packages referenced above, in turn caused the
installed version of prettier to be updated to the latest minor version
2.8.8. This change caused some lint changes to the project files where
parentheses were added to types with Index Access on another type
created using the typeof operator (more context
[here](https://github.com/prettier/prettier/issues/14990)), for this
reason I've opted to lockdown prettier version, so that this PR only
contains the changes required for updating the code editor. A subsequent
PR will be created to revert the package lockdown so that PR contains
only the lint changes that will occur.~
### Checklist
<!--
Delete any items that are not applicable to this PR. -->
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
<!-- - [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios -->
- [x] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
<!-- - [ ] Any UI touched in this PR does not create any new axe
failures (run axe in browser:
[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),
[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
- [ ] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [ ] This renders correctly on smaller devices using a responsive
layout. (You can test this [in your
browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
- [ ] This was checked for [cross-browser
compatibility](https://www.elastic.co/support/matrix#matrix_browsers)
### Risk Matrix
Delete this section if it is not applicable to this PR.
Before closing this PR, invite QA, stakeholders, and other developers to
identify risks that should be tested prior to the change/feature
release.
When forming the risk matrix, consider some of the following examples
and how they may potentially impact the change:
| Risk | Probability | Severity | Mitigation/Notes |
|---------------------------|-------------|----------|-------------------------|
| Multiple Spaces—unexpected behavior in non-default Kibana Space.
| Low | High | Integration tests will verify that all features are still
supported in non-default Kibana Space and when user switches between
spaces. |
| Multiple nodes—Elasticsearch polling might have race conditions
when multiple Kibana nodes are polling for the same tasks. | High | Low
| Tasks are idempotent, so executing them multiple times will not result
in logical error, but will degrade performance. To test for this case we
add plenty of unit tests around this logic and document manual testing
procedure. |
| Code should gracefully handle cases when feature X or plugin Y are
disabled. | Medium | High | Unit tests will verify that any feature flag
or plugin combination still results in our service operational. |
| [See more potential risk
examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) |
### For maintainers
- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
-->
---------
Co-authored-by: Aleh Zasypkin <aleh.zasypkin@elastic.co>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
This PR removes the legacy kibana react code-editor, alongside replacing
all import declarations of this legacy component to the one offered by
shared-ux, i.e import declaration source of `'@kbn/kibana-react/public'`
is switched to `@kbn/code-editor`.
Also in this PR an helper for writing jest tests has been included
through the package `@kbn/code-editor-mock`, this would facilitate
mocking the editor, especially given that the code editor leverages
couple of APIs that are aren't included by default in jsdom, among them,
`matchMedia`, `ResizeObserver`. The provided mock is sufficient for most
use cases and can be setup in any package within kibana as a
[`node_module`
mock](https://jestjs.io/docs/manual-mocks#mocking-node-modules) without
having to repeatedly manually mock the editor within individual test
files. An example for how this might be done can be found here
ec5ba25368
### Checklist
<!-- Delete any items that are not applicable to this PR.
- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
-->
- [x]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
<!--
- [ ] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
- [ ] Any UI touched in this PR does not create any new axe failures
(run axe in browser:
[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),
[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
- [ ] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [ ] This renders correctly on smaller devices using a responsive
layout. (You can test this [in your
browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
- [ ] This was checked for [cross-browser
compatibility](https://www.elastic.co/support/matrix#matrix_browsers)
### Risk Matrix
Delete this section if it is not applicable to this PR.
Before closing this PR, invite QA, stakeholders, and other developers to
identify risks that should be tested prior to the change/feature
release.
When forming the risk matrix, consider some of the following examples
and how they may potentially impact the change:
| Risk | Probability | Severity | Mitigation/Notes |
|---------------------------|-------------|----------|-------------------------|
| Multiple Spaces—unexpected behavior in non-default Kibana Space.
| Low | High | Integration tests will verify that all features are still
supported in non-default Kibana Space and when user switches between
spaces. |
| Multiple nodes—Elasticsearch polling might have race conditions
when multiple Kibana nodes are polling for the same tasks. | High | Low
| Tasks are idempotent, so executing them multiple times will not result
in logical error, but will degrade performance. To test for this case we
add plenty of unit tests around this logic and document manual testing
procedure. |
| Code should gracefully handle cases when feature X or plugin Y are
disabled. | Medium | High | Unit tests will verify that any feature flag
or plugin combination still results in our service operational. |
| [See more potential risk
examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) |
### For maintainers
- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
-->
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
This fixes some missed spots when I changed CODEOWNERS in this PR:
https://github.com/elastic/kibana/pull/164122
Forgot to update all the kibana.jsonc files, so CI overwrote my changes
in CODEOWNERS :)
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
- Removes the Beta badges from the k8s dashboard and TTY output feature.
- Fixes a null pointer exception when using yaml editor and removing all
actions.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
## Summary
Why?
To simplify the process of migration to react-router@6.
https://github.com/remix-run/react-router/discussions/8753
What problems exactly it solves?
- In my previous PR I added `CompatRouter`
https://github.com/elastic/kibana/pull/159173, which caused changes in
~50 files and pinged 15 Teams. And this is just meant to be a temporary
change, so when we're done with the migration I would have to revert
these changes and engage everyone to review the PR again. And it is just
a single step in the migration strategy. So to make our lives easier I
think it would be better to have a common place where we do import our
router components because it will allow us to surface some extra logic
in single place instead of going through the whole source code again.
- `react-router@6` doesn't support a custom `Route` component, so that
means our custom `Route` component that we're using almost everywhere
today, will need to be replaced by a different solution. I have decided
to add `Routes` component, which will be responsible for rendering the
proper component (`react-router@6` renamed `Switch` to `Routes`, so I
have named this component to align with the dictionary of the new
router) and also is going to add the logic that today is done in `Route`
(moving logic to `Routes` will be done in the follow-up PR, here I just
wanted to focus on using the common router components to make the review
process easier)
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
### Issues:
- https://github.com/elastic/kibana/issues/158688
### Fixes
- API routes now versioned
- types put under a latest/v1 export paradigm
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
part of: https://github.com/elastic/kibana/issues/157847
closes: https://github.com/elastic/kibana/issues/145718
### Background
The new navigation became the default navigation for Security on 8.4. To
have a smooth transition we added an advanced setting to use the old
navigation.
Since then the legacy navigation has become outdated, there are links in
Security that are not accessible through it, such as the landing pages
for the sub-sections:
- `/security/dashboards`
- `/security/explore`
- `/security/manage`
With the introduction of the new Security AI design, more of those
landing pages that are not compatible with the legacy navigation design
will be added (e.g. Rules). And it was starting to become overcrowded
since there was no possibility to collapse groups.
Also, over time it has become harder and harder to maintain both
versions at the same time, all the new pages added to security were
having to duplicate the navigation configurations for both versions and
also test everything twice.
On top of that, the legacy navigation won't be supported on the Security
Serverless projects, everything will work with the new one exclusively.
## Docs
The Security documentation assumes the new navigation is used
everywhere, there's no mention of the old navigation, only one small
section about the advanced setting (which is actually outdated):
https://www.elastic.co/guide/en/security/8.7/advanced-settings.html#_enable_grouped_navigation
Which will need to be removed for 8.9.
## Summary
Cleans the old navigation and the advanced setting
(`securitySolution:enableGroupedNav`) to turn it on. Removes the
telemetry (which shows almost no usage of it) and external dependencies
as well.
Only the new navigation will be available.
All links should work only with the `app_links` architecture from now
on.
Old Nav ❌
New nav ✅
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Ties the k8s dashboard as an asset of cloud_defend integration.
Also fixes a css layout regression due to some test refactors.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Fixes the path regex to allow /* and /** values, also fixed a null
pointer in yaml editor.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
## Summary
Fixes an onboarding issue related to using the old "create" and "edit"
fleet extensions. Agent flyout would not automatically open after adding
the integration.
Using the 'package-policy-replace-define-step' hook fixes the problem.
New hook does not implement integration **name** and **description**
fields, so those were added in as well.
### Checklist
Delete any items that are not applicable to this PR.
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
## Summary
This PR adds logs-cloud_defend.process as a source to load process
events in SessionView. _(note: I have plans to optimize sessionview so
it only pulls from the index that the session leader came from)._
The cloud-defend service (WIP) implements a technique to reduce process
event volume by squishing the 3 lifecycle **event.action** s (fork,
exec, end) into a single event. SessionView has been updated to handle
these new merged events.
Much of the information across a fork, exec and end event does not
change, so given a short window, the cloud-defend service buffers the
events, and merges the values from event.action and event.type into an
array of the values from each event.
In most cases an SSH session leader process (e.g bash) will have two
events. One event containing event.action: ['fork', 'exec'] (2
merged events), and one final event with event.action: 'end' when the
user exits the session.
The nice thing about the above is that in the majority of situations
processes are short lived, and so most events should contain all three
actions [fork, exec, end]. In our tests, this has provided roughly a 50%
savings in process event volume. It should also be noted that any rules
using event.action or event.type should be unaffected by this change, as
the query languages don't care if it's comparing a single value, or an
array of values.
A minor change has also been made in the process analyzer feature to
handle the merging of event.type
e.g event.type = ['start', 'end']
cc @kqualters-elastic if you know of any other places I need to update.
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
👋 Hi all - the biggest breaking change of this PR is around two icon
type changes/renames.
1. ⚠️ **The `alert` icon is now named `warning`**
- <img width="103" alt=""
src="https://user-images.githubusercontent.com/549407/223561599-8913e88c-676f-47cd-aaed-81b64783bd81.png"
align="middle">
- This change should have been automatically converted on your behalf by
the EUI team, **but if for some reason** we missed making this
conversion in this PR and your icon(s) are now broken, please ping us or
let us know in this PR (or fix yourself after this PR merges).
- In some cases, teams were using this icon for error messages,
alongside the `danger` color. In those cases, we opinionatedly changed
those icon usages to the new `error` icon instead of using the old
alert/warning icon.
2. 🛑 **The `crossInACircleFilled` icon has been removed, and a new
`error` icon added**
- <img width="84" alt=""
src="https://user-images.githubusercontent.com/549407/223561892-4406bdf6-1a55-49ac-85ad-3a11eb7c090d.png"
align="middle">
- The conversion for this breaking change was not straightforward. This
was the path we used to determine what to change `crossInACircleFilled`
usages to:
- If the icon was associated with errors or error messages, we changed
it to the new `error` icon.
- If a "delete" action was associated with this icon, we changed it to
the `trash` icon instead.
- If a "clear" action was associated with this icon, we changed it to
just the `cross` icon, or in some cases `minusInCircleFilled` (if used
alongside `plusInCircleFilled`).
- Again, if we made a mistake during this conversion or missed your
plugin, please feel free to ping us.
## Summary
`eui@75.1.2` ⏩ `eui@76.0.2`
## [`76.0.2`](https://github.com/elastic/eui/tree/v76.0.2)
**Bug fixes**
- Added a legacy `alert` alias for the `warning` `EuiIcon` type
([#6640](https://github.com/elastic/eui/pull/6640))
## [`76.0.1`](https://github.com/elastic/eui/tree/v76.0.1)
**Bug fixes**
- Fixed broken icons on all `isInvalid` form controls
([#6629](https://github.com/elastic/eui/pull/6629))
## [`76.0.0`](https://github.com/elastic/eui/tree/v76.0.0)
- Added `pivot` glyph to `EuiIcon`
([#6605](https://github.com/elastic/eui/pull/6605))
- Added the `displayHeaderCellProps` API to `EuiDataGrid`'s columns,
which allows passing custom props directly to column header cells
([#6609](https://github.com/elastic/eui/pull/6609))
- Added the new `headerCellProps`/`footerCellProps` APIs to
`EuiDataGrid`'s control columns, which allows passing custom props
directly to control column header or footer cells
([#6609](https://github.com/elastic/eui/pull/6609))
- Added a new `footerCellRender` API to `EuiDataGrid`'s control columns,
which allows completely customizing control column rendering (previously
rendered an empty cell)
([#6609](https://github.com/elastic/eui/pull/6609))
- Updated the styling of nested ordered lists in `EuiText` to align with
GitHub's list style, which is a popular format used in Markdown or MDX
formatting ([#6615](https://github.com/elastic/eui/pull/6615))
- Added a margin-bottom property exclusively to the direct child `ul`
and `ol` elements of the `EuiText` component
([#6615](https://github.com/elastic/eui/pull/6615))
- Fix issue with badges appearing within an `EuiBadgeGroup`, where the
CSS rule to override the `margin-inline-start` was not being applied
correctly due to the order of appearance in the CSS rules
([#6618](https://github.com/elastic/eui/pull/6618))
**Bug fixes**
- Fixed `EuiDataGrid` footer control columns rendering with cell
expansion popovers when they should not have been
([#6609](https://github.com/elastic/eui/pull/6609))
- Fixed an `EuiSkipLink` bug where main content loading in
progressively/dynamically after the skip link rendered was not being
correctly focused ([#6613](https://github.com/elastic/eui/pull/6613))
**Breaking changes**
- Renamed `EuiIcon`'s `alert` to `warning`
([#6608](https://github.com/elastic/eui/pull/6608))
- Removed `EuiIcon`'s `crossInACircleFilled` in favor of `error`
([#6608](https://github.com/elastic/eui/pull/6608))
---------
Co-authored-by: Davey Holler <daveyholler@hey.com>
Co-authored-by: Constance Chen <constance.chen@elastic.co>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Jon <jon@elastic.co>
## Summary
This PR refactors alot of the interface/type definitions around
"cloud_defend/control" selectors and responses. A lot of refactoring
went into ensuring the interfaces and types that represent file and
process selector/responses in the UI is as type safe as possible. It
should take fewer changes to add new conditions, and compile time checks
should ensure most code paths are updated correctly.
Updates to policy_schema.json (json-schema) made to support the
following yaml schema format:
```
file:
selectors:
- name: nginxBinMods
operation:
- createExecutable
- modifyExecutable
targetFilePath:
- /usr/bin/**
containerImageName:
- nginx
- name: excludeTestServers
containerImageTag:
- staging
- preprod
responses:
- match:
- nginxBinMods
exclude:
- excludeTestServers
actions:
- alert
process:
selectors:
- name: allProcesses
operation:
- fork
- exec
responses:
- match:
- allProcesses
actions:
- log
```
Both selectors and responses now ask for a "type" to be selected when
adding. This locks it into either a process or file selector/response
type. Certain conditions are available to specfiic types.
### TODOS
- more unit tests to cover new UX features
- cloud_defend integration package needs to be updated with new defaults
for configuration
- i18n copy could use PM/Techwriter review
### Screenshot
### Checklist
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
- [x] Any UI touched in this PR does not create any new axe failures
(run axe in browser:
[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),
[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
- [x] This renders correctly on smaller devices using a responsive
layout. (You can test this [in your
browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
- [x] This was checked for [cross-browser
compatibility](https://www.elastic.co/support/matrix#matrix_browsers)
