## Summary
- [x] Fixes a bug where the user would not be able to clear out the
Field combo box in the Event Filters form
- [x] Adds a clear out button to the field combo box
Testing steps:
- Navigate to Security > Manage > Event Filters > Add event filter
- Fill out the Field and Value section and select out of the builder
- Try to clear out field either by backspacing the selection or with the
`x` button
- Successfully clear out the field
# Screenshots
---------
Co-authored-by: Tomasz Ciecierski <tomasz.ciecierski@elastic.co>
Co-authored-by: Ashokaditya <ashokaditya@elastic.co>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## Summary
- [x] Adds a warning message under the value, a callout and a
confirmation warning modal to endpoint exceptions if an entry contains
the "IS" operator with a wildcard value
- [x] Unit Tests
# Screenshots
---------
Co-authored-by: Vitalii Dmyterko <92328789+vitaliidm@users.noreply.github.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Prep work for React@18 bump
tl;dr In React@18 `React.FC` doesn't contain `children` anymore, so in
order to make the bump easier I have decided to split the effort in
multiple faces and hopefully this will make it easier for everyone
This PR focuses only on adding explicit `children` declaration either by
using `React.PropsWithChildren` type or by adding `children:
React.ReactNode` to the existing props types
https://github.com/DefinitelyTyped/DefinitelyTyped/issues/46691
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Sergi Massaneda <sergi.massaneda@gmail.com>
Co-authored-by: Marco Vettorello <marco.vettorello@elastic.co>
Co-authored-by: James Gowdy <jgowdy@elastic.co>
## Summary
- [x] Adds updated warning messaging for trusted apps entries that use
wildcards `*?` with the "IS" operator
- [x] Three different warnings: callout, individual entry item warnings
and a final confirmation modal when the user tries to add an event
filter with ineffective IS / wildcard combination entry.
- [x] Unit tests
- [x] Fixes bug in endpoint exceptions where there is a missing tooltip
icon for the wildcard performance warning
# Screenshots
Bug Fix
## Value List Items Modal Window
Experimental flag: **valueListItemsModal**
it's temporarily true and will be set to false, before merge
2aafe007-734f-4c0e-b542-5eca229e310d
Added a new modal window that lets users interact with value lists
directly. This modal supports viewing, searching, adding, deleting,
updating, and uploading items.
Where to find the modal window:
- Value list popup
- Exception editing and viewing on both the rule page and shared
exceptions management page
Permissions:
Add, edit, delete, and upload buttons are hidden for read-only users.
The modal link is not shown to users without read permissions.
### Changes to API
I added optional **refresh** flag for list items API, because we want to
see the changes in UI, when editing list items
### How to review
All new components is here -
`x-pack/plugins/security_solution/public/value_list/`
New hooks - `packages/kbn-securitysolution-list-hooks/`
API calls - `packages/kbn-securitysolution-list-api`
Actual API - `x-pack/plugins/lists/server/routes`
There also some props drilling into exceptions package, which is not
ideal, please let me know if you have better ideas
[test plan](https://github.com/elastic/security-team/pull/9128)
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
- while working on https://github.com/elastic/security-team/issues/8589,
discovered list index requests fired when navigating between pages, even
though state of list index is unlikely to change
- fixes case when admin user opens Security for the first time, goes to
multiple pages and can see 409 error of multiple index create requests
- to avoid multiple index requests when user navigates to different
pages, I introduced react-query hooks with `Infinity` mins stale time,
which means, query result would be cached for entire user's session
before page reload or user logout/login.
Downside of this approach, if user does delete list index through API,
they would need to refresh browser page to update index status. But
delete index API is not event documented and its usage would affect
different aspect of the app.
Alternative, might be, to refresh index status when user opens lists
flyout. But given unlike scenario of user using undocumented delete
index API, I think we can skip this refresh call on every flyout open
### Before
#### Multiple lists/index requests
8c82a270-4578-4a98-9be9-1ca3d7b00d17
#### Multiple create index requests and 409 error
a7a1718c-5bb2-4427-9819-f72e98b55a9c
### After
#### Single lists/index request
d5060a31-469c-4fc3-bc40-b6e4d3e65a48
#### No multiple create index requests
3c5cb04f-8b26-47c0-ab79-2fe1c41671dd
---------
Co-authored-by: Ryland Herrick <ryalnd@gmail.com>
`v90.0.0`⏩`v91.0.0-backport.0`
⚠️ While this upgrade pings many teams and has a large code diff, **the
majority of the changes are snapshots or tests-related** and do not
touch source code, so should theoretically only need a code review and
not dedicated QA.
The changes in EUI that required a large swathe of these updates are:
- **EuiPopover** removed an extra unnecessary `<div>` wrapper on its
anchors, which affected many snapshots and a few CSS overrides, which
should have been updated
- **EuiButtonGroup** now renders `<button>` elements instead of `<input
type="radio">` elements for single selection, which affected both
snapshots and E2E tests
- **EuiSuperDatePicker**'s absolute date input now requires an `Enter`
keypress when parsing dates (affected E2E tests)
- **EuiComboBox**, when rendered with `singleSelection={{ plainText:
'true' }}`, no longer renders a pill (i.e. text). This combobox type now
behaves more like an `EuiFieldText`, where the selection is rendered via
input `value` instead. This affected a high amount of E2E tests (both
FTR and Cypress), both in terms of updating assertions and changing
selections, but should **not** significantly affect user experience -
see https://github.com/elastic/eui/pull/7332 for more.
---
##
[`v91.0.0-backport.0`](https://github.com/elastic/eui/tree/v91.0.0-backport.0)
**This is a backport release only intended for use by Kibana.**
- Added `esqlVis`, `pipeBreaks`, and `pipeNoBreaks` icon glyphs.
- `EuiSelectable` now allows configurable text truncation via
`listProps.truncationProps`
([#7388](https://github.com/elastic/eui/pull/7388))
- `EuiTextTruncate` now supports a new `calculationDelayMs` prop for
working around font loading or layout shifting scenarios
([#7388](https://github.com/elastic/eui/pull/7388))
**Bug fixes**
- Fixed a bug with `EuiSelectable`s with custom `truncationProps`, where
scrollbar widths were not being accounted for
([#7392](https://github.com/elastic/eui/pull/7392))
## [`91.0.0`](https://github.com/elastic/eui/tree/v91.0.0)
- Updated the background color of `EuiPopover`s in dark mode to increase
visibility & contrast against other page/panel backgrounds
([#7310](https://github.com/elastic/eui/pull/7310))
- Memoized `EuiDataGrid` to prevent unneeded re-renders
([#7324](https://github.com/elastic/eui/pull/7324))
- Added a configurable `role` prop to `EuiAccordion`
([#7326](https://github.com/elastic/eui/pull/7326))
- Added a configurable `role` prop to `EuiGlobalToastList`
([#7328](https://github.com/elastic/eui/pull/7328))
- For greater flexibility, `EuiSuperDatePicker` now allows users to
paste ISO 8601, RFC 2822, and Unix timestamps in the `Absolute` tab
input, in addition to timestamps in the `dateFormat` prop
([#7331](https://github.com/elastic/eui/pull/7331))
- Plain text `EuiComboBox`es now behave more like a normal text
field/input. Backspacing will no longer delete the entire value, and
selected values can now be double clicked and copied.
([#7332](https://github.com/elastic/eui/pull/7332))
- `EuiDataGrid`'s display settings popover now allows users to clear the
"Lines per row" input before typing in a new number
([#7338](https://github.com/elastic/eui/pull/7338))
- Improved the UX of `EuiSuperDatePicker`'s Absolute tab for users
manually typing in timestamps
([#7341](https://github.com/elastic/eui/pull/7341))
- Updated `EuiI18n`s with multiple `tokens` to accept dynamic `values`
([#7341](https://github.com/elastic/eui/pull/7341))
**Bug fixes**
- Fixed `EuiComboBox`'s `onSearchChange` callback to pass the correct
`hasMatchingOptions` value
([#7334](https://github.com/elastic/eui/pull/7334))
- Fixed an `EuiSelectableTemplateSitewide` bug where the `popoverButton`
behavior would break if passed a non-DOM React wrapper
([#7339](https://github.com/elastic/eui/pull/7339))
**Deprecations**
- `EuiPopover`: deprecated `anchorClassName`. Use `className` instead
([#7311](https://github.com/elastic/eui/pull/7311))
- `EuiPopover`: deprecated `buttonRef`. Use `popoverRef` instead
([#7311](https://github.com/elastic/eui/pull/7311))
- `EuiPopover`: removed extra `.euiPopover__anchor` div wrapper. Target
`.euiPopover` instead if necessary
([#7311](https://github.com/elastic/eui/pull/7311))
- Deprecated `EuiButtonGroup`'s `name` prop. This can safely be removed.
([#7325](https://github.com/elastic/eui/pull/7325))
**Breaking changes**
- Removed deprecated `euiPaletteComplimentary` - use
`euiPaletteComplementary` Instead
([#7333](https://github.com/elastic/eui/pull/7333))
**Accessibility**
- Updated `type="single"` `EuiButtonGroup`s to render standard buttons
instead of radio buttons under the hood, per recent a11y recommendations
([#7325](https://github.com/elastic/eui/pull/7325))
- `EuiAccordion` now defaults to a less screenreader-noisy `group` role
instead of `region`. If your accordion contains significant enough
content to be a document landmark role, you may re-configure it back to
`region`. ([#7326](https://github.com/elastic/eui/pull/7326))
- Reduced screen reader noisiness when sorting `EuiDataGrid` columns via
toolbar ([#7327](https://github.com/elastic/eui/pull/7327))
- `EuiGlobalToastList` now defaults to a `log` role. If your toasts will
always require immediate user action, consider (with caution) using the
`alert` role instead.
([#7328](https://github.com/elastic/eui/pull/7328))
**CSS-in-JS conversions**
- Updated `$euiFontFamily` and `$euiCodeFontFamily` to match Emotion
fonts ([#7332](https://github.com/elastic/eui/pull/7332))
---------
Co-authored-by: Cee Chen <constance.chen@elastic.co>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Cee Chen <549407+cee-chen@users.noreply.github.com>
Co-authored-by: Stratoula Kalafateli <efstratia.kalafateli@elastic.co>
## Summary
Removes `testing-library/dom` from dependencies. As all the utilities
from`dom` are available already in `testing-library/react`, there's no
need to have both `dom` and `react` libraries available in our
package.json.
Following the [@testing-library/react
documentation:](https://testing-library.com/docs/react-testing-library/intro)
> [React Testing
Library](https://github.com/testing-library/react-testing-library)
builds on top of DOM Testing Library by adding APIs for working with
React components.
Let's just import everything from `testing-library/react`, this way we
won't need to worry about inconsistencies between `testing-library/dom`
we have in our `package.json` and the one that is
`testing-library/react` dependency.
## Summary
- Adds version to http calls for endpoint exceptions at Lists API.
- Fixes unit test.
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
This PR removes the predefined sets of Exceptions for Endpoint
Exceptions and Event Filters. This comes after user feedback that we are
too restrictive in which fields we allow users to write Exceptions or
Event Filters for. This will give users much more freedom in creating
Exceptions and Event Filters.
The `filterIndexPatterns()` function is entirely removed as Endpoint
Exceptions and Event Filters were the only features using it. Following
that, the props for many downstream components was updated to remove
reference to this filtering function.
Further, in working the the Endpoint and Protections teams, there are no
concerns with removing these filters from an Endpoint perspective and
the added flexibility for users is welcome.
User now has access to all the fields that we pull back from the index
mappings.
<img width="1728" alt="image"
src="8ccb6b33-e7e7-42d6-a9a9-68e65c3be57d">
<img width="1728" alt="image"
src="35f26431-07b2-4995-932c-6c5023ced7fd">
### Checklist
Delete any items that are not applicable to this PR.
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Bumps node.js to 18.17.0 (replacement for PR #144012 which was later
reverted)
As a result, these categorical additions were needed:
- `node` evocations will need the `--openssl-legacy-provider` flag,
wherever it would use certain crypto functionalities
- tests required updating of the expected HTTPS Agent call arguments,
`noDelay` seems to be a default
- `window.[NAME]` fields cannot be written directly
- some stricter typechecks
This is using our in-house built node.js 18 versions through the URLs
the proxy-cache. (built with
https://github.com/elastic/kibana-custom-nodejs-builds/pull/4)
These urls are served from a bucket, where the RHEL7/Centos7 compatible
node distributables are. (see:
https://github.com/elastic/kibana-ci-proxy-cache/pull/7)
Further todos:
- [x] check docs wording and consistency
- [ ] update the dependency report
- [x] explain custom builds in documentation
- [x] node_sass prebuilts
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Tiago Costa <tiago.costa@elastic.co>
Co-authored-by: Thomas Watson <w@tson.dk>
## Summary
Original ticket:
[#158751](https://github.com/elastic/kibana/issues/158751)
These changes improve the rule's exceptions flyout opening experience.
We had a few complaints that it is very slow to open it and sometimes it
throws an exception about the limited response size.
To fix this, we decided to load extended field's data (conflicts and
unmapped info) only when user selects some field instead of fetching
this data for all fields on flyout opening.
## NOTES:
After these changes we gonna do next steps related to fields loading
when user creates/edits rule exceptions:
1. We will call `_fields_for_wildcard` **WITHOUT**
`include_unmapped=true` parameter to fetch all fields specs on exception
flyout loading
2. We will call `_fields_for_wildcard` **WITH** `include_unmapped=true`
for only one field when user selects it from the dropdown menu
With these changes we will improve slow exception flyout opening when
user has lots of fields which are unmapped in different indices. If for
some reason user has a lot of (thousands) conflicting fields around
indices then the loading is still might be slow as the
`_fields_for_wildcard` call will return conflicts information even
without `include_unmapped=true` parameter.
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Adds the following:
- Add the option to duplicate from the shared exception list management
actions dropdowns
- User can select to include exception items with expired TTL
- User can select to not include exception items with expired TTL
- Cypress tests added for both options
👋 Hi all - the biggest breaking change of this PR is around two icon
type changes/renames.
1. ⚠️ **The `alert` icon is now named `warning`**
- <img width="103" alt=""
src="https://user-images.githubusercontent.com/549407/223561599-8913e88c-676f-47cd-aaed-81b64783bd81.png"
align="middle">
- This change should have been automatically converted on your behalf by
the EUI team, **but if for some reason** we missed making this
conversion in this PR and your icon(s) are now broken, please ping us or
let us know in this PR (or fix yourself after this PR merges).
- In some cases, teams were using this icon for error messages,
alongside the `danger` color. In those cases, we opinionatedly changed
those icon usages to the new `error` icon instead of using the old
alert/warning icon.
2. 🛑 **The `crossInACircleFilled` icon has been removed, and a new
`error` icon added**
- <img width="84" alt=""
src="https://user-images.githubusercontent.com/549407/223561892-4406bdf6-1a55-49ac-85ad-3a11eb7c090d.png"
align="middle">
- The conversion for this breaking change was not straightforward. This
was the path we used to determine what to change `crossInACircleFilled`
usages to:
- If the icon was associated with errors or error messages, we changed
it to the new `error` icon.
- If a "delete" action was associated with this icon, we changed it to
the `trash` icon instead.
- If a "clear" action was associated with this icon, we changed it to
just the `cross` icon, or in some cases `minusInCircleFilled` (if used
alongside `plusInCircleFilled`).
- Again, if we made a mistake during this conversion or missed your
plugin, please feel free to ping us.
## Summary
`eui@75.1.2` ⏩ `eui@76.0.2`
## [`76.0.2`](https://github.com/elastic/eui/tree/v76.0.2)
**Bug fixes**
- Added a legacy `alert` alias for the `warning` `EuiIcon` type
([#6640](https://github.com/elastic/eui/pull/6640))
## [`76.0.1`](https://github.com/elastic/eui/tree/v76.0.1)
**Bug fixes**
- Fixed broken icons on all `isInvalid` form controls
([#6629](https://github.com/elastic/eui/pull/6629))
## [`76.0.0`](https://github.com/elastic/eui/tree/v76.0.0)
- Added `pivot` glyph to `EuiIcon`
([#6605](https://github.com/elastic/eui/pull/6605))
- Added the `displayHeaderCellProps` API to `EuiDataGrid`'s columns,
which allows passing custom props directly to column header cells
([#6609](https://github.com/elastic/eui/pull/6609))
- Added the new `headerCellProps`/`footerCellProps` APIs to
`EuiDataGrid`'s control columns, which allows passing custom props
directly to control column header or footer cells
([#6609](https://github.com/elastic/eui/pull/6609))
- Added a new `footerCellRender` API to `EuiDataGrid`'s control columns,
which allows completely customizing control column rendering (previously
rendered an empty cell)
([#6609](https://github.com/elastic/eui/pull/6609))
- Updated the styling of nested ordered lists in `EuiText` to align with
GitHub's list style, which is a popular format used in Markdown or MDX
formatting ([#6615](https://github.com/elastic/eui/pull/6615))
- Added a margin-bottom property exclusively to the direct child `ul`
and `ol` elements of the `EuiText` component
([#6615](https://github.com/elastic/eui/pull/6615))
- Fix issue with badges appearing within an `EuiBadgeGroup`, where the
CSS rule to override the `margin-inline-start` was not being applied
correctly due to the order of appearance in the CSS rules
([#6618](https://github.com/elastic/eui/pull/6618))
**Bug fixes**
- Fixed `EuiDataGrid` footer control columns rendering with cell
expansion popovers when they should not have been
([#6609](https://github.com/elastic/eui/pull/6609))
- Fixed an `EuiSkipLink` bug where main content loading in
progressively/dynamically after the skip link rendered was not being
correctly focused ([#6613](https://github.com/elastic/eui/pull/6613))
**Breaking changes**
- Renamed `EuiIcon`'s `alert` to `warning`
([#6608](https://github.com/elastic/eui/pull/6608))
- Removed `EuiIcon`'s `crossInACircleFilled` in favor of `error`
([#6608](https://github.com/elastic/eui/pull/6608))
---------
Co-authored-by: Davey Holler <daveyholler@hey.com>
Co-authored-by: Constance Chen <constance.chen@elastic.co>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Jon <jon@elastic.co>
## Change validation logic for entry exception field.
Close:
[https://github.com/elastic/kibana/issues/143051](https://github.com/elastic/kibana/issues/143051)
Previously we didn't keep a validation state per field which caused a
reset of validation if we still had invalid fields. Or we can have an
invalid state for the form, but we removed the invalid field. You can
see the videos on the ticket above.
## Solution:
Keep validation state per field, like:
```js
{
[entry.id]: true,
}
```
This state can keep old fields, which already were removed, this is why
we use the selector to get the actual amount of errors.
https://user-images.githubusercontent.com/7609147/220337447-95c1558c-aa85-43d1-87e8-76370aeaf141.mov
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
* squashed commit of updates to add/edit flyouts for exception, added cypress tests and unit tests
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Devin W. Hurley <devin.hurley@elastic.co>
## Summary
Adds components shared between new add/edit exception flyouts. Does not yet modify the flyouts themselves. Trying to break down what would be an even larger PR into chunks.
## Summary
**API changes**
- Adds API for determining the list-rule references.
- Updates the exception items find api to include the `search` param which allows for simple search queries - used with the EUI search bar
**UI updates**
- Moved the exception components into new `rule_exceptions` folder per suggested folder structure updates listed [here](https://github.com/elastic/kibana/issues/138600)
- Updates the rule details tabs to split endpoint and rule exceptions into their own tabs
- Updates the viewer utilities header now that these different exception types are split
- Updates exception item UI to match new designs
- Updates the UI for when there are no items
- Removes `use_exception_list_items` hook as it is no longer in use
- Flyouts (add/edit) remain untouched
* Implement wildcard exceptions for detection rules
* Fix index pattern retrieval on edit exceptions flyout
* Fix API integration test logic
* Fix entry_renderer linting
* Remove bad fix idea
* Add 'does not match' operator to UI
* Fix test
* Add unit tests
* Add wildcard exceptions to list of DE exception operators
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Addresses #86258
The variable tracking state needed to be cleared on operator change. If you didn't change operators, then invalidating and then validating an entry worked as expected, but if you switched operators, the error state was not being cleared causing the builder to read that there was an error state.
* Update warning text for event filter matches operator when file path has wildcards
fixes elastic/security-team/issues/3199
* update text
review changes
* Don't show a default value '-' for emoty descriptions on artifacts list. Also removes empty spaces
* Update copy to say 'event filters' instead of 'exceptions'
* Decrease spacing between avatar and comments textbox
* Adds extra spacing between last exception builder field and the buttons group
* Reduces effect scope togle width to by dynamic depending on translations
* Makes effected policy button group persistent across different artifact forms
* Removes unused import
* Center button group for small devices
## Summary
See: https://github.com/elastic/kibana/issues/110903
This removes the `export *` from:
* lists plugin
This also adds `import type` and `export type` in a few areas and fixes the `LicenseType` by changing it from `server` to using the version from `common` to remove the restricted paths. This extra addition prevents more memory leaks when we run jest.
## Summary
This removes all the areas marked as deprecated from `.../src/plugins/data/public` with their `@kbn/es-query` equivalent or it uses the directly exported version from `.../src/plugins/data/public`. Anywhere else this adds the `import type {` where it can to encourage the build system to do more type erasures.
### Checklist
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
