github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 01:38:56 -04:00
Code Issues Projects Releases Packages Wiki Activity
83050 commits 432 branches 496 tags 23 GiB
Commit graph

95 commits

Author SHA1 Message Date
Kibana Machine
691dde541a
[8.18] Disable allowAbsoluteUrls for axios (#215138) (#215828) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [Disable `allowAbsoluteUrls` for axios
(#215138)](https://github.com/elastic/kibana/pull/215138)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Alex
Szabo","email":"alex.szabo@elastic.co"},"sourceCommit":{"committedDate":"2025-03-25T08:52:36Z","message":"Disable
`allowAbsoluteUrls` for axios (#215138)\n\n## Summary\nAfter
https://github.com/elastic/kibana/pull/214843, `axios` client\nusages
need to set a flag to prevent the vulnerable behavior.\n\nTo reviewers:
if you think it's a mistake, and you created a client to\nrequest for
absolute URLs, consider unsetting the `baseURL` to\ncommunicate
intent.","sha":"e40b17aa22ec1a2fbc56ae8651e12f658099ec14","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Operations","Team:QA","Team:Security","release_note:skip","backport:all-open","Team:obs-ux-logs","Team:obs-ux-infra_services","v9.1.0"],"title":"Disable
`allowAbsoluteUrls` for
axios","number":215138,"url":"https://github.com/elastic/kibana/pull/215138","mergeCommit":{"message":"Disable
`allowAbsoluteUrls` for axios (#215138)\n\n## Summary\nAfter
https://github.com/elastic/kibana/pull/214843, `axios` client\nusages
need to set a flag to prevent the vulnerable behavior.\n\nTo reviewers:
if you think it's a mistake, and you created a client to\nrequest for
absolute URLs, consider unsetting the `baseURL` to\ncommunicate
intent.","sha":"e40b17aa22ec1a2fbc56ae8651e12f658099ec14"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/215138","number":215138,"mergeCommit":{"message":"Disable
`allowAbsoluteUrls` for axios (#215138)\n\n## Summary\nAfter
https://github.com/elastic/kibana/pull/214843, `axios` client\nusages
need to set a flag to prevent the vulnerable behavior.\n\nTo reviewers:
if you think it's a mistake, and you created a client to\nrequest for
absolute URLs, consider unsetting the `baseURL` to\ncommunicate
intent.","sha":"e40b17aa22ec1a2fbc56ae8651e12f658099ec14"}}]}]
BACKPORT-->

---------

Co-authored-by: Alex Szabo <alex.szabo@elastic.co>
 2025-03-26 02:52:05 +02:00
Kibana Machine
56e8ebcac6
[8.18] [Search] Add read version of enterprise search privilege (#211810) (#212231) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Search] Add read version of enterprise search privilege
(#211810)](https://github.com/elastic/kibana/pull/211810)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Sander
Philipse","email":"94373878+sphilipse@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-02-24T12:14:43Z","message":"[Search]
Add read version of enterprise search privilege (#211810)\n\n##
Summary\n\nThis adds a read version of the default Search privilege.
This will make\nsure that viewer users don't land on a 403 error when
logging into a\nSearch solution.\n\nOptimizing the experience for the
viewer role will be a separate
task.","sha":"2b621eef9b420f93483f3dedd1ad1f1c2a2d7eba","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Search","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Search]
Add read version of enterprise search
privilege","number":211810,"url":"https://github.com/elastic/kibana/pull/211810","mergeCommit":{"message":"[Search]
Add read version of enterprise search privilege (#211810)\n\n##
Summary\n\nThis adds a read version of the default Search privilege.
This will make\nsure that viewer users don't land on a 403 error when
logging into a\nSearch solution.\n\nOptimizing the experience for the
viewer role will be a separate
task.","sha":"2b621eef9b420f93483f3dedd1ad1f1c2a2d7eba"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/211810","number":211810,"mergeCommit":{"message":"[Search]
Add read version of enterprise search privilege (#211810)\n\n##
Summary\n\nThis adds a read version of the default Search privilege.
This will make\nsure that viewer users don't land on a 403 error when
logging into a\nSearch solution.\n\nOptimizing the experience for the
viewer role will be a separate
task.","sha":"2b621eef9b420f93483f3dedd1ad1f1c2a2d7eba"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

---------

Co-authored-by: Sander Philipse <94373878+sphilipse@users.noreply.github.com>
 2025-02-27 18:52:39 +00:00
Kibana Machine
d5a7ef37e6
[8.18] [Fix]Removes synonyms read-only permission. (#211471) (#211557) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Fix]Removes synonyms read-only permission.
(#211471)](https://github.com/elastic/kibana/pull/211471)

<!--- Backport version: 9.6.6 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Efe Gürkan
YALAMAN","email":"efeguerkan.yalaman@elastic.co"},"sourceCommit":{"committedDate":"2025-02-18T11:59:27Z","message":"[Fix]Removes
synonyms read-only permission. (#211471)\n\n## Summary\r\n\r\nKibana
permission for read-only is removed. This is not a breaking\r\nchange
while the feature is not yet released.\r\nCluster requirements make it
obsolete.\r\nAlso fixed warnings on permission names.\r\n\r\n\r\n###
Checklist\r\n\r\nCheck the PR satisfies following conditions.
\r\n\r\nReviewers should verify this PR satisfies this list as
well.\r\n\r\n- [x] This was checked for breaking HTTP API changes, and
any breaking\r\nchanges have been approved by the breaking-change
committee. The\r\n`release_note:breaking` label should be applied in
these situations.\r\n- [x] The PR description includes the appropriate
Release Notes section,\r\nand the correct `release_note:*` label is
applied per
the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"148d47ced142456d68322fe6097287e84255ca7d","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","v9.0.0","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Fix]Removes
synonyms read-only
permission.","number":211471,"url":"https://github.com/elastic/kibana/pull/211471","mergeCommit":{"message":"[Fix]Removes
synonyms read-only permission. (#211471)\n\n## Summary\r\n\r\nKibana
permission for read-only is removed. This is not a breaking\r\nchange
while the feature is not yet released.\r\nCluster requirements make it
obsolete.\r\nAlso fixed warnings on permission names.\r\n\r\n\r\n###
Checklist\r\n\r\nCheck the PR satisfies following conditions.
\r\n\r\nReviewers should verify this PR satisfies this list as
well.\r\n\r\n- [x] This was checked for breaking HTTP API changes, and
any breaking\r\nchanges have been approved by the breaking-change
committee. The\r\n`release_note:breaking` label should be applied in
these situations.\r\n- [x] The PR description includes the appropriate
Release Notes section,\r\nand the correct `release_note:*` label is
applied per
the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"148d47ced142456d68322fe6097287e84255ca7d"}},"sourceBranch":"main","suggestedTargetBranches":["9.0","8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/211471","number":211471,"mergeCommit":{"message":"[Fix]Removes
synonyms read-only permission. (#211471)\n\n## Summary\r\n\r\nKibana
permission for read-only is removed. This is not a breaking\r\nchange
while the feature is not yet released.\r\nCluster requirements make it
obsolete.\r\nAlso fixed warnings on permission names.\r\n\r\n\r\n###
Checklist\r\n\r\nCheck the PR satisfies following conditions.
\r\n\r\nReviewers should verify this PR satisfies this list as
well.\r\n\r\n- [x] This was checked for breaking HTTP API changes, and
any breaking\r\nchanges have been approved by the breaking-change
committee. The\r\n`release_note:breaking` label should be applied in
these situations.\r\n- [x] The PR description includes the appropriate
Release Notes section,\r\nand the correct `release_note:*` label is
applied per
the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"148d47ced142456d68322fe6097287e84255ca7d"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Efe Gürkan YALAMAN <efeguerkan.yalaman@elastic.co>
 2025-02-18 15:38:58 +01:00
Sergi Massaneda
a8f9e6e492
[8.18] [Security Solution] SIEM Migrations RBAC (#207087) (#210152) 
# Backport

This will backport the following commits from `main` to `8.18`:
- [[Security Solution] SIEM Migrations RBAC
(#207087)](https://github.com/elastic/kibana/pull/207087)

<!--- Backport version: 9.6.4 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Sergi
Massaneda","email":"sergi.massaneda@elastic.co"},"sourceCommit":{"committedDate":"2025-02-06T17:41:21Z","message":"[Security
Solution] SIEM Migrations RBAC (#207087)\n\n## Summary\r\n\r\nImplements
the access controls for SIEM rule migrations.\r\n\r\n## API
changes\r\n\r\n- All API routes have been secured with \"SIEM
Migration\" feature checks\r\n- Start migration API route now checks if
the user has privileges to use\r\nthe connector ID received\r\n \r\n##
UI changes\r\n\r\n### Onboarding SIEM migrations\r\n\r\n- AI Connector
selection\r\n- Actions & Connectors: Read -> This privilege allows
reading and\r\nselecting a connector\r\n\r\nOtherwise, we show a callout
with the missing privileges:\r\n![connector
read\r\nmissing](https://github.com/user-attachments/assets/2eb474df-78f0-488c-803b-7c874123b62a)\r\n\r\n-
Create a migration\r\n - Security All -> Main Security read & write
access\r\n - Siem Migrations All -> new feature under the Security
catalog\r\n- Actions & Connectors: Read -> This privilege allows
connector\r\nexecution for LLM calls\r\n\r\nOtherwise, we show a callout
with the missing privileges:\r\n![onboarding start
card\r\ncallout](https://github.com/user-attachments/assets/19975efd-d684-47d8-b4c0-0352b7c319b4)\r\n\r\n###
Rule Translations page\r\n\r\n- Minimum privileges to make the page
accessible (read access):\r\n - Security Read -> Main Security read
access\r\n - Siem Migrations All -> new feature under the Security
catalog\r\n \r\nOtherwise, we hide the link in the navigation and
display the generic\r\nempty state if accessed:\r\n![rules minimum
privileges\r\nmissing](https://github.com/user-attachments/assets/9dd88c72-e669-4fde-8397-e76d3d5069f9)\r\n\r\n-
To successfully install rules the following privileges are
also\r\nrequired (write access):\r\n - Security All -> Main Security
read & write access\r\n- Index privileges for `.alerts*` pattern: _read,
write,\r\nview_index_metadata, manage_\r\n - Index privileges for
`lookup_*` pattern: _read_\r\n\r\nOtherwise, we show a callout at the
top of the page, this callout is\r\nconsistent with the one displayed on
the Detection Rules page\r\n(`/app/security/rules`)\r\n![alerts
privileges\r\nmissing](https://github.com/user-attachments/assets/105e53d7-9591-457f-983a-7fe4f9f33068)\r\n\r\n-
To retry rule translations (upload missing macros/lookups or
retry\r\nerrors)\r\n- Actions & Connectors: Read -> This privilege
allows connector\r\nexecution for LLM calls\r\n\r\nOtherwise, when
attempted, we show a toast with the missing privilege.
\r\n\r\n![](https://github.com/user-attachments/assets/f6090bb5-e6f8-4be7-bb9b-c4192155bdf8)\r\n\r\n##
Other changes\r\n\r\n- Technical preview
label\r\n\r\n![technical\r\npreview](https://github.com/user-attachments/assets/244724e2-9756-4c6d-805f-3459367f7975)\r\n\r\n-
No connector selected
toast\r\n\r\n\r\nhttps://github.com/user-attachments/assets/e4900129-ae9c-413f-9a41-f7dca452e71d\r\n\r\n##
Fixes\r\n\r\n- [Fixed] Not possible to select a connector when no
connector
is\r\nselected:\r\n![bug\r\nconnectors](https://github.com/user-attachments/assets/2f5a831e-2172-4e77-9997-2447b4ee866f)\r\n\r\n---------\r\n\r\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"a990be66dffbe89b271722630fd78b544b6ae903","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Threat
Hunting","backport:version","v8.18.0","v9.1.0","v8.19.0"],"title":"[Security
Solution] SIEM Migrations
RBAC","number":207087,"url":"https://github.com/elastic/kibana/pull/207087","mergeCommit":{"message":"[Security
Solution] SIEM Migrations RBAC (#207087)\n\n## Summary\r\n\r\nImplements
the access controls for SIEM rule migrations.\r\n\r\n## API
changes\r\n\r\n- All API routes have been secured with \"SIEM
Migration\" feature checks\r\n- Start migration API route now checks if
the user has privileges to use\r\nthe connector ID received\r\n \r\n##
UI changes\r\n\r\n### Onboarding SIEM migrations\r\n\r\n- AI Connector
selection\r\n- Actions & Connectors: Read -> This privilege allows
reading and\r\nselecting a connector\r\n\r\nOtherwise, we show a callout
with the missing privileges:\r\n![connector
read\r\nmissing](https://github.com/user-attachments/assets/2eb474df-78f0-488c-803b-7c874123b62a)\r\n\r\n-
Create a migration\r\n - Security All -> Main Security read & write
access\r\n - Siem Migrations All -> new feature under the Security
catalog\r\n- Actions & Connectors: Read -> This privilege allows
connector\r\nexecution for LLM calls\r\n\r\nOtherwise, we show a callout
with the missing privileges:\r\n![onboarding start
card\r\ncallout](https://github.com/user-attachments/assets/19975efd-d684-47d8-b4c0-0352b7c319b4)\r\n\r\n###
Rule Translations page\r\n\r\n- Minimum privileges to make the page
accessible (read access):\r\n - Security Read -> Main Security read
access\r\n - Siem Migrations All -> new feature under the Security
catalog\r\n \r\nOtherwise, we hide the link in the navigation and
display the generic\r\nempty state if accessed:\r\n![rules minimum
privileges\r\nmissing](https://github.com/user-attachments/assets/9dd88c72-e669-4fde-8397-e76d3d5069f9)\r\n\r\n-
To successfully install rules the following privileges are
also\r\nrequired (write access):\r\n - Security All -> Main Security
read & write access\r\n- Index privileges for `.alerts*` pattern: _read,
write,\r\nview_index_metadata, manage_\r\n - Index privileges for
`lookup_*` pattern: _read_\r\n\r\nOtherwise, we show a callout at the
top of the page, this callout is\r\nconsistent with the one displayed on
the Detection Rules page\r\n(`/app/security/rules`)\r\n![alerts
privileges\r\nmissing](https://github.com/user-attachments/assets/105e53d7-9591-457f-983a-7fe4f9f33068)\r\n\r\n-
To retry rule translations (upload missing macros/lookups or
retry\r\nerrors)\r\n- Actions & Connectors: Read -> This privilege
allows connector\r\nexecution for LLM calls\r\n\r\nOtherwise, when
attempted, we show a toast with the missing privilege.
\r\n\r\n![](https://github.com/user-attachments/assets/f6090bb5-e6f8-4be7-bb9b-c4192155bdf8)\r\n\r\n##
Other changes\r\n\r\n- Technical preview
label\r\n\r\n![technical\r\npreview](https://github.com/user-attachments/assets/244724e2-9756-4c6d-805f-3459367f7975)\r\n\r\n-
No connector selected
toast\r\n\r\n\r\nhttps://github.com/user-attachments/assets/e4900129-ae9c-413f-9a41-f7dca452e71d\r\n\r\n##
Fixes\r\n\r\n- [Fixed] Not possible to select a connector when no
connector
is\r\nselected:\r\n![bug\r\nconnectors](https://github.com/user-attachments/assets/2f5a831e-2172-4e77-9997-2447b4ee866f)\r\n\r\n---------\r\n\r\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"a990be66dffbe89b271722630fd78b544b6ae903"}},"sourceBranch":"main","suggestedTargetBranches":["8.18","8.x"],"targetPullRequestStates":[{"branch":"9.0","label":"v9.0.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/210086","number":210086,"state":"MERGED","mergeCommit":{"sha":"8acee959bc8252dade3aa5f2a335dbe129d962c3","message":"[9.0]
[Security Solution] SIEM Migrations RBAC (#207087) (#210086)\n\n#
Backport\n\nThis will backport the following commits from `main` to
`9.0`:\n- [[Security Solution] SIEM Migrations
RBAC\n(#207087)](https://github.com/elastic/kibana/pull/207087)\n\n<!---
Backport version: 9.4.3 -->\n\n### Questions ?\nPlease refer to the
[Backport
tool\ndocumentation](https://github.com/sqren/backport)\n\n<!--BACKPORT
[{\"author\":{\"name\":\"Sergi\nMassaneda\",\"email\":\"sergi.massaneda@elastic.co\"},\"sourceCommit\":{\"committedDate\":\"2025-02-06T17:41:21Z\",\"message\":\"[Security\nSolution]
SIEM Migrations RBAC (#207087)\\n\\n##
Summary\\r\\n\\r\\nImplements\nthe access controls for SIEM rule
migrations.\\r\\n\\r\\n## API\nchanges\\r\\n\\r\\n- All API routes have
been secured with \\\"SIEM\nMigration\\\" feature checks\\r\\n- Start
migration API route now checks if\nthe user has privileges to
use\\r\\nthe connector ID received\\r\\n \\r\\n##\nUI
changes\\r\\n\\r\\n### Onboarding SIEM migrations\\r\\n\\r\\n- AI
Connector\nselection\\r\\n- Actions & Connectors: Read -> This privilege
allows\nreading and\\r\\nselecting a connector\\r\\n\\r\\nOtherwise, we
show a callout\nwith the missing
privileges:\\r\\n![connector\nread\\r\\nmissing](https://github.com/user-attachments/assets/2eb474df-78f0-488c-803b-7c874123b62a)\\r\\n\\r\\n-\nCreate
a migration\\r\\n - Security All -> Main Security read &
write\naccess\\r\\n - Siem Migrations All -> new feature under the
Security\ncatalog\\r\\n- Actions & Connectors: Read -> This privilege
allows\nconnector\\r\\nexecution for LLM calls\\r\\n\\r\\nOtherwise, we
show a callout\nwith the missing privileges:\\r\\n![onboarding
start\ncard\\r\\ncallout](https://github.com/user-attachments/assets/19975efd-d684-47d8-b4c0-0352b7c319b4)\\r\\n\\r\\n###\nRule
Translations page\\r\\n\\r\\n- Minimum privileges to make the
page\naccessible (read access):\\r\\n - Security Read -> Main Security
read\naccess\\r\\n - Siem Migrations All -> new feature under the
Security\ncatalog\\r\\n \\r\\nOtherwise, we hide the link in the
navigation and\ndisplay the generic\\r\\nempty state if
accessed:\\r\\n![rules
minimum\nprivileges\\r\\nmissing](https://github.com/user-attachments/assets/9dd88c72-e669-4fde-8397-e76d3d5069f9)\\r\\n\\r\\n-\nTo
successfully install rules the following privileges
are\nalso\\r\\nrequired (write access):\\r\\n - Security All -> Main
Security\nread & write access\\r\\n- Index privileges for `.alerts*`
pattern: _read,\nwrite,\\r\\nview_index_metadata, manage_\\r\\n - Index
privileges for\n`lookup_*` pattern: _read_\\r\\n\\r\\nOtherwise, we show
a callout at the\ntop of the page, this callout is\\r\\nconsistent with
the one displayed on\nthe Detection Rules
page\\r\\n(`/app/security/rules`)\\r\\n![alerts\nprivileges\\r\\nmissing](https://github.com/user-attachments/assets/105e53d7-9591-457f-983a-7fe4f9f33068)\\r\\n\\r\\n-\nTo
retry rule translations (upload missing macros/lookups
or\nretry\\r\\nerrors)\\r\\n- Actions & Connectors: Read -> This
privilege\nallows connector\\r\\nexecution for LLM
calls\\r\\n\\r\\nOtherwise, when\nattempted, we show a toast with the
missing
privilege.\n\\r\\n\\r\\n![](https://github.com/user-attachments/assets/f6090bb5-e6f8-4be7-bb9b-c4192155bdf8)\\r\\n\\r\\n##\nOther
changes\\r\\n\\r\\n- Technical
preview\nlabel\\r\\n\\r\\n![technical\\r\\npreview](https://github.com/user-attachments/assets/244724e2-9756-4c6d-805f-3459367f7975)\\r\\n\\r\\n-\nNo
connector
selected\ntoast\\r\\n\\r\\n\\r\\nhttps://github.com/user-attachments/assets/e4900129-ae9c-413f-9a41-f7dca452e71d\\r\\n\\r\\n##\nFixes\\r\\n\\r\\n-
[Fixed] Not possible to select a connector when
no\nconnector\nis\\r\\nselected:\\r\\n![bug\\r\\nconnectors](https://github.com/user-attachments/assets/2f5a831e-2172-4e77-9997-2447b4ee866f)\\r\\n\\r\\n---------\\r\\n\\r\\nCo-authored-by:\nElastic
Machine\n<elasticmachine@users.noreply.github.com>\\r\\nCo-authored-by:\nkibanamachine\n<42973632+kibanamachine@users.noreply.github.com>\",\"sha\":\"a990be66dffbe89b271722630fd78b544b6ae903\",\"branchLabelMapping\":{\"^v9.1.0$\":\"main\",\"^v8.19.0$\":\"8.x\",\"^v(\\\\d+).(\\\\d+).\\\\d+$\":\"$1.$2\"}},\"sourcePullRequest\":{\"labels\":[\"release_note:skip\",\"v9.0.0\",\"Team:Threat\nHunting\",\"backport:version\",\"v8.18.0\",\"v9.1.0\",\"v8.19.0\"],\"title\":\"[Security\nSolution]
SIEM
Migrations\nRBAC\",\"number\":207087,\"url\":\"https://github.com/elastic/kibana/pull/207087\",\"mergeCommit\":{\"message\":\"[Security\nSolution]
SIEM Migrations RBAC (#207087)\\n\\n##
Summary\\r\\n\\r\\nImplements\nthe access controls for SIEM rule
migrations.\\r\\n\\r\\n## API\nchanges\\r\\n\\r\\n- All API routes have
been secured with \\\"SIEM\nMigration\\\" feature checks\\r\\n- Start
migration API route now checks if\nthe user has privileges to
use\\r\\nthe connector ID received\\r\\n \\r\\n##\nUI
changes\\r\\n\\r\\n### Onboarding SIEM migrations\\r\\n\\r\\n- AI
Connector\nselection\\r\\n- Actions & Connectors: Read -> This privilege
allows\nreading and\\r\\nselecting a connector\\r\\n\\r\\nOtherwise, we
show a callout\nwith the missing
privileges:\\r\\n![connector\nread\\r\\nmissing](https://github.com/user-attachments/assets/2eb474df-78f0-488c-803b-7c874123b62a)\\r\\n\\r\\n-\nCreate
a migration\\r\\n - Security All -> Main Security read &
write\naccess\\r\\n - Siem Migrations All -> new feature under the
Security\ncatalog\\r\\n- Actions & Connectors: Read -> This privilege
allows\nconnector\\r\\nexecution for LLM calls\\r\\n\\r\\nOtherwise, we
show a callout\nwith the missing privileges:\\r\\n![onboarding
start\ncard\\r\\ncallout](https://github.com/user-attachments/assets/19975efd-d684-47d8-b4c0-0352b7c319b4)\\r\\n\\r\\n###\nRule
Translations page\\r\\n\\r\\n- Minimum privileges to make the
page\naccessible (read access):\\r\\n - Security Read -> Main Security
read\naccess\\r\\n - Siem Migrations All -> new feature under the
Security\ncatalog\\r\\n \\r\\nOtherwise, we hide the link in the
navigation and\ndisplay the generic\\r\\nempty state if
accessed:\\r\\n![rules
minimum\nprivileges\\r\\nmissing](https://github.com/user-attachments/assets/9dd88c72-e669-4fde-8397-e76d3d5069f9)\\r\\n\\r\\n-\nTo
successfully install rules the following privileges
are\nalso\\r\\nrequired (write access):\\r\\n - Security All -> Main
Security\nread & write access\\r\\n- Index privileges for `.alerts*`
pattern: _read,\nwrite,\\r\\nview_index_metadata, manage_\\r\\n - Index
privileges for\n`lookup_*` pattern: _read_\\r\\n\\r\\nOtherwise, we show
a callout at the\ntop of the page, this callout is\\r\\nconsistent with
the one displayed on\nthe Detection Rules
page\\r\\n(`/app/security/rules`)\\r\\n![alerts\nprivileges\\r\\nmissing](https://github.com/user-attachments/assets/105e53d7-9591-457f-983a-7fe4f9f33068)\\r\\n\\r\\n-\nTo
retry rule translations (upload missing macros/lookups
or\nretry\\r\\nerrors)\\r\\n- Actions & Connectors: Read -> This
privilege\nallows connector\\r\\nexecution for LLM
calls\\r\\n\\r\\nOtherwise, when\nattempted, we show a toast with the
missing
privilege.\n\\r\\n\\r\\n![](https://github.com/user-attachments/assets/f6090bb5-e6f8-4be7-bb9b-c4192155bdf8)\\r\\n\\r\\n##\nOther
changes\\r\\n\\r\\n- Technical
preview\nlabel\\r\\n\\r\\n![technical\\r\\npreview](https://github.com/user-attachments/assets/244724e2-9756-4c6d-805f-3459367f7975)\\r\\n\\r\\n-\nNo
connector
selected\ntoast\\r\\n\\r\\n\\r\\nhttps://github.com/user-attachments/assets/e4900129-ae9c-413f-9a41-f7dca452e71d\\r\\n\\r\\n##\nFixes\\r\\n\\r\\n-
[Fixed] Not possible to select a connector when
no\nconnector\nis\\r\\nselected:\\r\\n![bug\\r\\nconnectors](https://github.com/user-attachments/assets/2f5a831e-2172-4e77-9997-2447b4ee866f)\\r\\n\\r\\n---------\\r\\n\\r\\nCo-authored-by:\nElastic
Machine\n<elasticmachine@users.noreply.github.com>\\r\\nCo-authored-by:\nkibanamachine\n<42973632+kibanamachine@users.noreply.github.com>\",\"sha\":\"a990be66dffbe89b271722630fd78b544b6ae903\"}},\"sourceBranch\":\"main\",\"suggestedTargetBranches\":[\"9.0\",\"8.18\",\"8.x\"],\"targetPullRequestStates\":[{\"branch\":\"9.0\",\"label\":\"v9.0.0\",\"branchLabelMappingKey\":\"^v(\\\\d+).(\\\\d+).\\\\d+$\",\"isSourceBranch\":false,\"state\":\"NOT_CREATED\"},{\"branch\":\"8.18\",\"label\":\"v8.18.0\",\"branchLabelMappingKey\":\"^v(\\\\d+).(\\\\d+).\\\\d+$\",\"isSourceBranch\":false,\"state\":\"NOT_CREATED\"},{\"branch\":\"main\",\"label\":\"v9.1.0\",\"branchLabelMappingKey\":\"^v9.1.0$\",\"isSourceBranch\":true,\"state\":\"MERGED\",\"url\":\"https://github.com/elastic/kibana/pull/207087\",\"number\":207087,\"mergeCommit\":{\"message\":\"[Security\nSolution]
SIEM Migrations RBAC (#207087)\\n\\n##
Summary\\r\\n\\r\\nImplements\nthe access controls for SIEM rule
migrations.\\r\\n\\r\\n## API\nchanges\\r\\n\\r\\n- All API routes have
been secured with \\\"SIEM\nMigration\\\" feature checks\\r\\n- Start
migration API route now checks if\nthe user has privileges to
use\\r\\nthe connector ID received\\r\\n \\r\\n##\nUI
changes\\r\\n\\r\\n### Onboarding SIEM migrations\\r\\n\\r\\n- AI
Connector\nselection\\r\\n- Actions & Connectors: Read -> This privilege
allows\nreading and\\r\\nselecting a connector\\r\\n\\r\\nOtherwise, we
show a callout\nwith the missing
privileges:\\r\\n![connector\nread\\r\\nmissing](https://github.com/user-attachments/assets/2eb474df-78f0-488c-803b-7c874123b62a)\\r\\n\\r\\n-\nCreate
a migration\\r\\n - Security All -> Main Security read &
write\naccess\\r\\n - Siem Migrations All -> new feature under the
Security\ncatalog\\r\\n- Actions & Connectors: Read -> This privilege
allows\nconnector\\r\\nexecution for LLM calls\\r\\n\\r\\nOtherwise, we
show a callout\nwith the missing privileges:\\r\\n![onboarding
start\ncard\\r\\ncallout](https://github.com/user-attachments/assets/19975efd-d684-47d8-b4c0-0352b7c319b4)\\r\\n\\r\\n###\nRule
Translations page\\r\\n\\r\\n- Minimum privileges to make the
page\naccessible (read access):\\r\\n - Security Read -> Main Security
read\naccess\\r\\n - Siem Migrations All -> new feature under the
Security\ncatalog\\r\\n \\r\\nOtherwise, we hide the link in the
navigation and\ndisplay the generic\\r\\nempty state if
accessed:\\r\\n![rules
minimum\nprivileges\\r\\nmissing](https://github.com/user-attachments/assets/9dd88c72-e669-4fde-8397-e76d3d5069f9)\\r\\n\\r\\n-\nTo
successfully install rules the following privileges
are\nalso\\r\\nrequired (write access):\\r\\n - Security All -> Main
Security\nread & write access\\r\\n- Index privileges for `.alerts*`
pattern: _read,\nwrite,\\r\\nview_index_metadata, manage_\\r\\n - Index
privileges for\n`lookup_*` pattern: _read_\\r\\n\\r\\nOtherwise, we show
a callout at the\ntop of the page, this callout is\\r\\nconsistent with
the one displayed on\nthe Detection Rules
page\\r\\n(`/app/security/rules`)\\r\\n![alerts\nprivileges\\r\\nmissing](https://github.com/user-attachments/assets/105e53d7-9591-457f-983a-7fe4f9f33068)\\r\\n\\r\\n-\nTo
retry rule translations (upload missing macros/lookups
or\nretry\\r\\nerrors)\\r\\n- Actions & Connectors: Read -> This
privilege\nallows connector\\r\\nexecution for LLM
calls\\r\\n\\r\\nOtherwise, when\nattempted, we show a toast with the
missing
privilege.\n\\r\\n\\r\\n![](https://github.com/user-attachments/assets/f6090bb5-e6f8-4be7-bb9b-c4192155bdf8)\\r\\n\\r\\n##\nOther
changes\\r\\n\\r\\n- Technical
preview\nlabel\\r\\n\\r\\n![technical\\r\\npreview](https://github.com/user-attachments/assets/244724e2-9756-4c6d-805f-3459367f7975)\\r\\n\\r\\n-\nNo
connector
selected\ntoast\\r\\n\\r\\n\\r\\nhttps://github.com/user-attachments/assets/e4900129-ae9c-413f-9a41-f7dca452e71d\\r\\n\\r\\n##\nFixes\\r\\n\\r\\n-
[Fixed] Not possible to select a connector when
no\nconnector\nis\\r\\nselected:\\r\\n![bug\\r\\nconnectors](https://github.com/user-attachments/assets/2f5a831e-2172-4e77-9997-2447b4ee866f)\\r\\n\\r\\n---------\\r\\n\\r\\nCo-authored-by:\nElastic
Machine\n<elasticmachine@users.noreply.github.com>\\r\\nCo-authored-by:\nkibanamachine\n<42973632+kibanamachine@users.noreply.github.com>\",\"sha\":\"a990be66dffbe89b271722630fd78b544b6ae903\"}},{\"branch\":\"8.x\",\"label\":\"v8.19.0\",\"branchLabelMappingKey\":\"^v8.19.0$\",\"isSourceBranch\":false,\"state\":\"NOT_CREATED\"}]}]\nBACKPORT-->\n\nCo-authored-by:
Sergi Massaneda
<sergi.massaneda@elastic.co>"}},{"branch":"8.18","label":"v8.18.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/207087","number":207087,"mergeCommit":{"message":"[Security
Solution] SIEM Migrations RBAC (#207087)\n\n## Summary\r\n\r\nImplements
the access controls for SIEM rule migrations.\r\n\r\n## API
changes\r\n\r\n- All API routes have been secured with \"SIEM
Migration\" feature checks\r\n- Start migration API route now checks if
the user has privileges to use\r\nthe connector ID received\r\n \r\n##
UI changes\r\n\r\n### Onboarding SIEM migrations\r\n\r\n- AI Connector
selection\r\n- Actions & Connectors: Read -> This privilege allows
reading and\r\nselecting a connector\r\n\r\nOtherwise, we show a callout
with the missing privileges:\r\n![connector
read\r\nmissing](https://github.com/user-attachments/assets/2eb474df-78f0-488c-803b-7c874123b62a)\r\n\r\n-
Create a migration\r\n - Security All -> Main Security read & write
access\r\n - Siem Migrations All -> new feature under the Security
catalog\r\n- Actions & Connectors: Read -> This privilege allows
connector\r\nexecution for LLM calls\r\n\r\nOtherwise, we show a callout
with the missing privileges:\r\n![onboarding start
card\r\ncallout](https://github.com/user-attachments/assets/19975efd-d684-47d8-b4c0-0352b7c319b4)\r\n\r\n###
Rule Translations page\r\n\r\n- Minimum privileges to make the page
accessible (read access):\r\n - Security Read -> Main Security read
access\r\n - Siem Migrations All -> new feature under the Security
catalog\r\n \r\nOtherwise, we hide the link in the navigation and
display the generic\r\nempty state if accessed:\r\n![rules minimum
privileges\r\nmissing](https://github.com/user-attachments/assets/9dd88c72-e669-4fde-8397-e76d3d5069f9)\r\n\r\n-
To successfully install rules the following privileges are
also\r\nrequired (write access):\r\n - Security All -> Main Security
read & write access\r\n- Index privileges for `.alerts*` pattern: _read,
write,\r\nview_index_metadata, manage_\r\n - Index privileges for
`lookup_*` pattern: _read_\r\n\r\nOtherwise, we show a callout at the
top of the page, this callout is\r\nconsistent with the one displayed on
the Detection Rules page\r\n(`/app/security/rules`)\r\n![alerts
privileges\r\nmissing](https://github.com/user-attachments/assets/105e53d7-9591-457f-983a-7fe4f9f33068)\r\n\r\n-
To retry rule translations (upload missing macros/lookups or
retry\r\nerrors)\r\n- Actions & Connectors: Read -> This privilege
allows connector\r\nexecution for LLM calls\r\n\r\nOtherwise, when
attempted, we show a toast with the missing privilege.
\r\n\r\n![](https://github.com/user-attachments/assets/f6090bb5-e6f8-4be7-bb9b-c4192155bdf8)\r\n\r\n##
Other changes\r\n\r\n- Technical preview
label\r\n\r\n![technical\r\npreview](https://github.com/user-attachments/assets/244724e2-9756-4c6d-805f-3459367f7975)\r\n\r\n-
No connector selected
toast\r\n\r\n\r\nhttps://github.com/user-attachments/assets/e4900129-ae9c-413f-9a41-f7dca452e71d\r\n\r\n##
Fixes\r\n\r\n- [Fixed] Not possible to select a connector when no
connector
is\r\nselected:\r\n![bug\r\nconnectors](https://github.com/user-attachments/assets/2f5a831e-2172-4e77-9997-2447b4ee866f)\r\n\r\n---------\r\n\r\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"a990be66dffbe89b271722630fd78b544b6ae903"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->
 2025-02-07 13:01:42 +01:00
Efe Gürkan YALAMAN
7638b23226
[8.x] [Synonyms UI] Search synonyms rule flyout (#208564) (#208849) 
# Backport

This will backport the following commits from `main` to `8.x`:
- [[Synonyms UI] Search synonyms rule flyout
(#208564)](https://github.com/elastic/kibana/pull/208564)

<!--- Backport version: 9.6.4 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sorenlouv/backport)

<!--BACKPORT [{"author":{"name":"Efe Gürkan
YALAMAN","email":"efeguerkan.yalaman@elastic.co"},"sourceCommit":{"committedDate":"2025-01-29T21:55:52Z","message":"[Synonyms
UI] Search synonyms rule flyout (#208564)\n\n## Summary\r\n\r\nAdds
search synonym rule flyout.\r\nAdds endpoints and hooks for synonym rule
management.\r\n\r\n\r\nhttps://github.com/user-attachments/assets/e43b4a40-6452-4cfd-921f-2bde1219f219\r\n\r\n\r\n\r\n###
Checklist\r\n\r\nCheck the PR satisfies following conditions.
\r\n\r\nReviewers should verify this PR satisfies this list as
well.\r\n\r\n- [x] Any text added follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\r\n-
[ ] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [ ] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests changed\r\n- [ ] The PR description includes
the appropriate Release Notes section,\r\nand the correct
`release_note:*` label is applied per
the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"2cb7bea5f3e7686faa5dfbf11b8c7d270fdcdd34","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Search","backport:version","v8.18.0"],"title":"[Synonyms
UI] Search synonyms rule
flyout","number":208564,"url":"https://github.com/elastic/kibana/pull/208564","mergeCommit":{"message":"[Synonyms
UI] Search synonyms rule flyout (#208564)\n\n## Summary\r\n\r\nAdds
search synonym rule flyout.\r\nAdds endpoints and hooks for synonym rule
management.\r\n\r\n\r\nhttps://github.com/user-attachments/assets/e43b4a40-6452-4cfd-921f-2bde1219f219\r\n\r\n\r\n\r\n###
Checklist\r\n\r\nCheck the PR satisfies following conditions.
\r\n\r\nReviewers should verify this PR satisfies this list as
well.\r\n\r\n- [x] Any text added follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\r\n-
[ ] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [ ] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests changed\r\n- [ ] The PR description includes
the appropriate Release Notes section,\r\nand the correct
`release_note:*` label is applied per
the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"2cb7bea5f3e7686faa5dfbf11b8c7d270fdcdd34"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/208564","number":208564,"mergeCommit":{"message":"[Synonyms
UI] Search synonyms rule flyout (#208564)\n\n## Summary\r\n\r\nAdds
search synonym rule flyout.\r\nAdds endpoints and hooks for synonym rule
management.\r\n\r\n\r\nhttps://github.com/user-attachments/assets/e43b4a40-6452-4cfd-921f-2bde1219f219\r\n\r\n\r\n\r\n###
Checklist\r\n\r\nCheck the PR satisfies following conditions.
\r\n\r\nReviewers should verify this PR satisfies this list as
well.\r\n\r\n- [x] Any text added follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\r\n-
[ ] [Unit or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [ ] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests changed\r\n- [ ] The PR description includes
the appropriate Release Notes section,\r\nand the correct
`release_note:*` label is applied per
the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)","sha":"2cb7bea5f3e7686faa5dfbf11b8c7d270fdcdd34"}},{"branch":"8.x","label":"v8.18.0","branchLabelMappingKey":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->
 2025-01-30 00:34:56 +00:00
Efe Gürkan YALAMAN
9b0302c22b
[8.x] [Synonyms UI] Synonyms UI base plugin (#203284) (#205843) 
# Backport

This will backport the following commits from `main` to `8.x`:
- [[Synonyms UI] Synonyms UI base plugin
(#203284)](https://github.com/elastic/kibana/pull/203284)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Efe Gürkan
YALAMAN","email":"efeguerkan.yalaman@elastic.co"},"sourceCommit":{"committedDate":"2025-01-06T19:15:19Z","message":"[Synonyms
UI] Synonyms UI base plugin (#203284)\n\n## Summary\r\n\r\nCreates a
plugin for Synonyms UI implementation. It is hidden under the\r\nUI flag
and config option which is off by default.\r\n```\r\nPOST
kbn:/internal/kibana/settings/searchSynonyms:synonymsEnabled\r\n{\"value\":
true}\r\n```\r\n\r\nServerless Search:\r\n<img width=\"379\"
alt=\"Screenshot 2024-12-17 at 13 18
02\"\r\nsrc=\"https://github.com/user-attachments/assets/8c2cb6f0-ce2a-4be6-8605-4f994adeefd7\"\r\n/>\r\n\r\nStack
Search\r\n<img width=\"293\" alt=\"Screenshot 2024-12-17 at 13 21
43\"\r\nsrc=\"https://github.com/user-attachments/assets/0d61de0e-2cd3-46a6-990f-1f1a70843324\"\r\n/>\r\n\r\n\r\n\r\n###
Checklist\r\n\r\nCheck the PR satisfies following conditions.
\r\n\r\nReviewers should verify this PR satisfies this list as
well.\r\n\r\n- [x] Any text added follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n-
[
]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas
added for features that require explanation or tutorials\r\n- [ ] [Unit
or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [x] This was
checked for breaking HTTP API changes, and any breaking\r\nchanges have
been approved by the breaking-change committee.
The\r\n`release_note:breaking` label should be applied in these
situations.\r\n- [ ] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests changed\r\n- [x] The PR description includes
the appropriate Release Notes section,\r\nand the correct
`release_note:*` label is applied per
the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"e542fd2370c8b247beb938f337602f60bb6c0573","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:EnterpriseSearch","backport:version","v8.18.0"],"number":203284,"url":"https://github.com/elastic/kibana/pull/203284","mergeCommit":{"message":"[Synonyms
UI] Synonyms UI base plugin (#203284)\n\n## Summary\r\n\r\nCreates a
plugin for Synonyms UI implementation. It is hidden under the\r\nUI flag
and config option which is off by default.\r\n```\r\nPOST
kbn:/internal/kibana/settings/searchSynonyms:synonymsEnabled\r\n{\"value\":
true}\r\n```\r\n\r\nServerless Search:\r\n<img width=\"379\"
alt=\"Screenshot 2024-12-17 at 13 18
02\"\r\nsrc=\"https://github.com/user-attachments/assets/8c2cb6f0-ce2a-4be6-8605-4f994adeefd7\"\r\n/>\r\n\r\nStack
Search\r\n<img width=\"293\" alt=\"Screenshot 2024-12-17 at 13 21
43\"\r\nsrc=\"https://github.com/user-attachments/assets/0d61de0e-2cd3-46a6-990f-1f1a70843324\"\r\n/>\r\n\r\n\r\n\r\n###
Checklist\r\n\r\nCheck the PR satisfies following conditions.
\r\n\r\nReviewers should verify this PR satisfies this list as
well.\r\n\r\n- [x] Any text added follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n-
[
]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas
added for features that require explanation or tutorials\r\n- [ ] [Unit
or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [x] This was
checked for breaking HTTP API changes, and any breaking\r\nchanges have
been approved by the breaking-change committee.
The\r\n`release_note:breaking` label should be applied in these
situations.\r\n- [ ] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests changed\r\n- [x] The PR description includes
the appropriate Release Notes section,\r\nand the correct
`release_note:*` label is applied per
the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"e542fd2370c8b247beb938f337602f60bb6c0573"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/203284","number":203284,"mergeCommit":{"message":"[Synonyms
UI] Synonyms UI base plugin (#203284)\n\n## Summary\r\n\r\nCreates a
plugin for Synonyms UI implementation. It is hidden under the\r\nUI flag
and config option which is off by default.\r\n```\r\nPOST
kbn:/internal/kibana/settings/searchSynonyms:synonymsEnabled\r\n{\"value\":
true}\r\n```\r\n\r\nServerless Search:\r\n<img width=\"379\"
alt=\"Screenshot 2024-12-17 at 13 18
02\"\r\nsrc=\"https://github.com/user-attachments/assets/8c2cb6f0-ce2a-4be6-8605-4f994adeefd7\"\r\n/>\r\n\r\nStack
Search\r\n<img width=\"293\" alt=\"Screenshot 2024-12-17 at 13 21
43\"\r\nsrc=\"https://github.com/user-attachments/assets/0d61de0e-2cd3-46a6-990f-1f1a70843324\"\r\n/>\r\n\r\n\r\n\r\n###
Checklist\r\n\r\nCheck the PR satisfies following conditions.
\r\n\r\nReviewers should verify this PR satisfies this list as
well.\r\n\r\n- [x] Any text added follows [EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n-
[
]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas
added for features that require explanation or tutorials\r\n- [ ] [Unit
or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n- [x] This was
checked for breaking HTTP API changes, and any breaking\r\nchanges have
been approved by the breaking-change committee.
The\r\n`release_note:breaking` label should be applied in these
situations.\r\n- [ ] [Flaky
Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1)
was\r\nused on any tests changed\r\n- [x] The PR description includes
the appropriate Release Notes section,\r\nand the correct
`release_note:*` label is applied per
the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"e542fd2370c8b247beb938f337602f60bb6c0573"}},{"branch":"8.x","label":"v8.18.0","labelRegex":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->
 2025-01-08 13:22:06 +00:00
Kibana Machine
bcfa88ec96
[8.x] [Search] Basic RBAC for Search Applications &amp; Behavioral Analytics (#203335) (#203651) 
# Backport

This will backport the following commits from `main` to `8.x`:
- [[Search] Basic RBAC for Search Applications &amp; Behavioral
Analytics (#203335)](https://github.com/elastic/kibana/pull/203335)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Rodney
Norris","email":"rodney.norris@elastic.co"},"sourceCommit":{"committedDate":"2024-12-10T17:12:29Z","message":"[Search]
Basic RBAC for Search Applications & Behavioral Analytics
(#203335)\n\n## Summary\r\n\r\nMoved Search Applications & Behavioral
Analytics from the base\r\nKibanaFeature to their own so that they can
be controlled independently\r\nfrom other parts of the search
solution.\r\n\r\n### Checklist\r\n\r\n- [x] Any text added follows
[EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n\r\n---------\r\n\r\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"91337c74a34efb3fc6df1e14cf1461f125833b89","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Search","backport:prev-minor","v8.18.0"],"title":"[Search]
Basic RBAC for Search Applications & Behavioral
Analytics","number":203335,"url":"https://github.com/elastic/kibana/pull/203335","mergeCommit":{"message":"[Search]
Basic RBAC for Search Applications & Behavioral Analytics
(#203335)\n\n## Summary\r\n\r\nMoved Search Applications & Behavioral
Analytics from the base\r\nKibanaFeature to their own so that they can
be controlled independently\r\nfrom other parts of the search
solution.\r\n\r\n### Checklist\r\n\r\n- [x] Any text added follows
[EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n\r\n---------\r\n\r\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"91337c74a34efb3fc6df1e14cf1461f125833b89"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/203335","number":203335,"mergeCommit":{"message":"[Search]
Basic RBAC for Search Applications & Behavioral Analytics
(#203335)\n\n## Summary\r\n\r\nMoved Search Applications & Behavioral
Analytics from the base\r\nKibanaFeature to their own so that they can
be controlled independently\r\nfrom other parts of the search
solution.\r\n\r\n### Checklist\r\n\r\n- [x] Any text added follows
[EUI's
writing\r\nguidelines](https://elastic.github.io/eui/#/guidelines/writing),
uses\r\nsentence case text and includes
[i18n\r\nsupport](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)\r\n\r\n---------\r\n\r\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"91337c74a34efb3fc6df1e14cf1461f125833b89"}},{"branch":"8.x","label":"v8.18.0","branchLabelMappingKey":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Rodney Norris <rodney.norris@elastic.co>
 2024-12-10 13:05:39 -06:00
Rodney Norris
4dd3c9e47b
[8.x] [Search] Search Playground - shared rendering (#201302) (#203243) 
# Backport

This will backport the following commits from `main` to `8.x`:
- [[Search] Search Playground - shared rendering
(#201302)](https://github.com/elastic/kibana/pull/201302)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Rodney
Norris","email":"rodney.norris@elastic.co"},"sourceCommit":{"committedDate":"2024-12-05T21:09:51Z","message":"[Search]
Search Playground - shared rendering
(#201302)","sha":"434eaa78ad7c045f52b2126cdae0f1d8fa7a00f6","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Search","backport:prev-minor","v8.18.0"],"number":201302,"url":"https://github.com/elastic/kibana/pull/201302","mergeCommit":{"message":"[Search]
Search Playground - shared rendering
(#201302)","sha":"434eaa78ad7c045f52b2126cdae0f1d8fa7a00f6"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/201302","number":201302,"mergeCommit":{"message":"[Search]
Search Playground - shared rendering
(#201302)","sha":"434eaa78ad7c045f52b2126cdae0f1d8fa7a00f6"}},{"branch":"8.x","label":"v8.18.0","labelRegex":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->
 2024-12-06 17:22:01 +00:00
Kibana Machine
5d674b87f0
[8.x] fix(security, features): do not expose UI capabilities of the deprecated features (#198656) (#199147) 
# Backport

This will backport the following commits from `main` to `8.x`:
- [fix(security, features): do not expose UI capabilities of the
deprecated features
(#198656)](https://github.com/elastic/kibana/pull/198656)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Aleh
Zasypkin","email":"aleh.zasypkin@elastic.co"},"sourceCommit":{"committedDate":"2024-11-06T14:06:39Z","message":"fix(security,
features): do not expose UI capabilities of the deprecated features
(#198656)\n\n## Summary\r\n\r\nThis PR ensures that we don’t expose UI
capabilities for deprecated\r\nfeatures since they’re unnecessary, and
the code should rely on the UI\r\ncapabilities of the replacement
features instead.\r\n\r\nAdditionally, this PR transforms the
`disabledFeatures` property of\r\nSpace objects returned from our
programmatic and HTTP APIs to replace\r\nany deprecated feature IDs with
the IDs of their replacement features,\r\nensuring that feature
visibility toggles work for deprecated features as\r\nwell.\r\n\r\n##
How to test\r\n\r\n1. Run Kibana FTR server with the following config
(registers test\r\ndeprecated features):\r\n```shell\r\nnode
scripts/functional_tests_server.js --config
x-pack/test/security_api_integration/features.config.ts\r\n```\r\n2.
Once server is up and running create Space with
the\r\n`case_1_feature_a` **deprecated** feature
disabled:\r\n```shell\r\ncurl 'http://localhost:5620/api/spaces/space'
-u elastic:changeme \\\r\n -X POST -H 'Content-Type: application/json'
-H 'kbn-version: 9.0.0' \\\r\n --data-raw
'{\"name\":\"space-alpha\",\"id\":\"space-alpha\",\"initials\":\"s\",\"color\":\"#D6BF57\",\"disabledFeatures\":[\"case_1_feature_a\"],\"imageUrl\":\"\"}'\r\n```\r\n3.
Log in to Kibana and [navigate to a
Space\r\n`space-alpha`](http://localhost:5620/app/management/kibana/spaces/edit/space-alpha)\r\nyou've
just created. Observe that deprecated `Case #1 feature
A`\r\n(`case_1_feature_a`) isn't displayed, and instead you should see
that\r\nreplaces deprecated one - `Case #1 feature B`
(`case_1_feature_b`):\r\n\r\n![Screen Shot 2024-11-01 at 17
40\r\n59](https://github.com/user-attachments/assets/5b91e71c-7d46-4ff1-bf73-d148622e8ec4)\r\n\r\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"deeb9fe32af717a883727aed7d83c6106d8d839f","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Security","release_note:skip","Feature:Security/Authorization","v9.0.0","backport:prev-major"],"title":"fix(security,
features): do not expose UI capabilities of the deprecated
features","number":198656,"url":"https://github.com/elastic/kibana/pull/198656","mergeCommit":{"message":"fix(security,
features): do not expose UI capabilities of the deprecated features
(#198656)\n\n## Summary\r\n\r\nThis PR ensures that we don’t expose UI
capabilities for deprecated\r\nfeatures since they’re unnecessary, and
the code should rely on the UI\r\ncapabilities of the replacement
features instead.\r\n\r\nAdditionally, this PR transforms the
`disabledFeatures` property of\r\nSpace objects returned from our
programmatic and HTTP APIs to replace\r\nany deprecated feature IDs with
the IDs of their replacement features,\r\nensuring that feature
visibility toggles work for deprecated features as\r\nwell.\r\n\r\n##
How to test\r\n\r\n1. Run Kibana FTR server with the following config
(registers test\r\ndeprecated features):\r\n```shell\r\nnode
scripts/functional_tests_server.js --config
x-pack/test/security_api_integration/features.config.ts\r\n```\r\n2.
Once server is up and running create Space with
the\r\n`case_1_feature_a` **deprecated** feature
disabled:\r\n```shell\r\ncurl 'http://localhost:5620/api/spaces/space'
-u elastic:changeme \\\r\n -X POST -H 'Content-Type: application/json'
-H 'kbn-version: 9.0.0' \\\r\n --data-raw
'{\"name\":\"space-alpha\",\"id\":\"space-alpha\",\"initials\":\"s\",\"color\":\"#D6BF57\",\"disabledFeatures\":[\"case_1_feature_a\"],\"imageUrl\":\"\"}'\r\n```\r\n3.
Log in to Kibana and [navigate to a
Space\r\n`space-alpha`](http://localhost:5620/app/management/kibana/spaces/edit/space-alpha)\r\nyou've
just created. Observe that deprecated `Case #1 feature
A`\r\n(`case_1_feature_a`) isn't displayed, and instead you should see
that\r\nreplaces deprecated one - `Case #1 feature B`
(`case_1_feature_b`):\r\n\r\n![Screen Shot 2024-11-01 at 17
40\r\n59](https://github.com/user-attachments/assets/5b91e71c-7d46-4ff1-bf73-d148622e8ec4)\r\n\r\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"deeb9fe32af717a883727aed7d83c6106d8d839f"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/198656","number":198656,"mergeCommit":{"message":"fix(security,
features): do not expose UI capabilities of the deprecated features
(#198656)\n\n## Summary\r\n\r\nThis PR ensures that we don’t expose UI
capabilities for deprecated\r\nfeatures since they’re unnecessary, and
the code should rely on the UI\r\ncapabilities of the replacement
features instead.\r\n\r\nAdditionally, this PR transforms the
`disabledFeatures` property of\r\nSpace objects returned from our
programmatic and HTTP APIs to replace\r\nany deprecated feature IDs with
the IDs of their replacement features,\r\nensuring that feature
visibility toggles work for deprecated features as\r\nwell.\r\n\r\n##
How to test\r\n\r\n1. Run Kibana FTR server with the following config
(registers test\r\ndeprecated features):\r\n```shell\r\nnode
scripts/functional_tests_server.js --config
x-pack/test/security_api_integration/features.config.ts\r\n```\r\n2.
Once server is up and running create Space with
the\r\n`case_1_feature_a` **deprecated** feature
disabled:\r\n```shell\r\ncurl 'http://localhost:5620/api/spaces/space'
-u elastic:changeme \\\r\n -X POST -H 'Content-Type: application/json'
-H 'kbn-version: 9.0.0' \\\r\n --data-raw
'{\"name\":\"space-alpha\",\"id\":\"space-alpha\",\"initials\":\"s\",\"color\":\"#D6BF57\",\"disabledFeatures\":[\"case_1_feature_a\"],\"imageUrl\":\"\"}'\r\n```\r\n3.
Log in to Kibana and [navigate to a
Space\r\n`space-alpha`](http://localhost:5620/app/management/kibana/spaces/edit/space-alpha)\r\nyou've
just created. Observe that deprecated `Case #1 feature
A`\r\n(`case_1_feature_a`) isn't displayed, and instead you should see
that\r\nreplaces deprecated one - `Case #1 feature B`
(`case_1_feature_b`):\r\n\r\n![Screen Shot 2024-11-01 at 17
40\r\n59](https://github.com/user-attachments/assets/5b91e71c-7d46-4ff1-bf73-d148622e8ec4)\r\n\r\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"deeb9fe32af717a883727aed7d83c6106d8d839f"}}]}]
BACKPORT-->

Co-authored-by: Aleh Zasypkin <aleh.zasypkin@elastic.co>
 2024-11-06 09:52:51 -06:00
Kibana Machine
324b7bf5c0
[8.x] [Search][Fix] Inference Endpoints deep link &amp; Side Nav access (#197461) (#197547) 
# Backport

This will backport the following commits from `main` to `8.x`:
- [[Search][Fix] Inference Endpoints deep link &amp; Side Nav access
(#197461)](https://github.com/elastic/kibana/pull/197461)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Rodney
Norris","email":"rodney.norris@elastic.co"},"sourceCommit":{"committedDate":"2024-10-23T23:44:23Z","message":"[Search][Fix]
Inference Endpoints deep link & Side Nav access
(#197461)","sha":"a124493b8c5aa1dc71c4cf8f2caf134c4355987f","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:Search","backport:prev-major","v8.16.0","v8.17.0"],"title":"[Search][Fix]
Inference Endpoints deep link & Side Nav
access","number":197461,"url":"https://github.com/elastic/kibana/pull/197461","mergeCommit":{"message":"[Search][Fix]
Inference Endpoints deep link & Side Nav access
(#197461)","sha":"a124493b8c5aa1dc71c4cf8f2caf134c4355987f"}},"sourceBranch":"main","suggestedTargetBranches":["8.16","8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/197461","number":197461,"mergeCommit":{"message":"[Search][Fix]
Inference Endpoints deep link & Side Nav access
(#197461)","sha":"a124493b8c5aa1dc71c4cf8f2caf134c4355987f"}},{"branch":"8.16","label":"v8.16.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.x","label":"v8.17.0","branchLabelMappingKey":"^v8.17.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Rodney Norris <rodney.norris@elastic.co>
 2024-10-23 20:52:20 -05:00
Kibana Machine
0f2489e85a
[8.x] [Dataset Quality] Introduce Kibana Management Feature (#194825) (#196266) 
# Backport

This will backport the following commits from `main` to `8.x`:
- [[Dataset Quality] Introduce Kibana Management Feature
(#194825)](https://github.com/elastic/kibana/pull/194825)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT
[{"author":{"name":"mohamedhamed-ahmed","email":"mohamed.ahmed@elastic.co"},"sourceCommit":{"committedDate":"2024-10-15T09:40:09Z","message":"[Dataset
Quality] Introduce Kibana Management Feature (#194825)\n\ncloses
[#3874](https://github.com/elastic/observability-dev/issues/3874)\r\n\r\n\r\n##
📝 Summary\r\n\r\nThis PR adds new kibana privilege feature to control
access to `Data Set\r\nQuality` page under Stack Management's `Data`
section.\r\n\r\nHad to fix a lot of tests since the `kibana_admin` role
gets access by\r\ndefault to all kibana features one of which now is the
`Data Set\r\nQuality` page. At the same time this made the `Data`
section visible to\r\nany user with `kibana_admin` role.\r\n\r\n## 🎥
Demo\r\n\r\n\r\n\r\nhttps://github.com/user-attachments/assets/ce8c8110-f6f4-44b8-a4e7-5f2dd3deda66\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"b93d3c224aeae33fa59482094c9927f0358c6ec8","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Security","release_note:skip","v9.0.0","Team:ML","Team:EnterpriseSearch","backport:prev-minor","Team:obs-ux-logs"],"title":"[Dataset
Quality] Introduce Kibana Management
Feature","number":194825,"url":"https://github.com/elastic/kibana/pull/194825","mergeCommit":{"message":"[Dataset
Quality] Introduce Kibana Management Feature (#194825)\n\ncloses
[#3874](https://github.com/elastic/observability-dev/issues/3874)\r\n\r\n\r\n##
📝 Summary\r\n\r\nThis PR adds new kibana privilege feature to control
access to `Data Set\r\nQuality` page under Stack Management's `Data`
section.\r\n\r\nHad to fix a lot of tests since the `kibana_admin` role
gets access by\r\ndefault to all kibana features one of which now is the
`Data Set\r\nQuality` page. At the same time this made the `Data`
section visible to\r\nany user with `kibana_admin` role.\r\n\r\n## 🎥
Demo\r\n\r\n\r\n\r\nhttps://github.com/user-attachments/assets/ce8c8110-f6f4-44b8-a4e7-5f2dd3deda66\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"b93d3c224aeae33fa59482094c9927f0358c6ec8"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/194825","number":194825,"mergeCommit":{"message":"[Dataset
Quality] Introduce Kibana Management Feature (#194825)\n\ncloses
[#3874](https://github.com/elastic/observability-dev/issues/3874)\r\n\r\n\r\n##
📝 Summary\r\n\r\nThis PR adds new kibana privilege feature to control
access to `Data Set\r\nQuality` page under Stack Management's `Data`
section.\r\n\r\nHad to fix a lot of tests since the `kibana_admin` role
gets access by\r\ndefault to all kibana features one of which now is the
`Data Set\r\nQuality` page. At the same time this made the `Data`
section visible to\r\nany user with `kibana_admin` role.\r\n\r\n## 🎥
Demo\r\n\r\n\r\n\r\nhttps://github.com/user-attachments/assets/ce8c8110-f6f4-44b8-a4e7-5f2dd3deda66\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"b93d3c224aeae33fa59482094c9927f0358c6ec8"}}]}]
BACKPORT-->

Co-authored-by: mohamedhamed-ahmed <mohamed.ahmed@elastic.co>
 2024-10-15 06:26:45 -05:00
Elena Shostak
518533898a
[8.x] Added scope field to features config. (#191634) (#193389) 
# Backport

This will backport the following commits from `main` to `8.x`:
- [Added scope field to features config.
(#191634)](https://github.com/elastic/kibana/pull/191634)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Elena
Shostak","email":"165678770+elena-shostak@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-09-13T00:22:20Z","message":"Added
scope field to features config. (#191634)\n\n## Summary\r\nKibana needs
to more tightly control the set of visible features within\r\na space,
in order to support the new solution-based navigation.\r\nAdded `scope`
field to the features configuration. This enhancement is\r\nintended to
prevent new features from appearing in Space
Visibility\r\nToggles.\r\n\r\n\r\n### Checklist\r\n\r\n-
[x]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas
added for features that require explanation or tutorials\r\n- [x] [Unit
or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n\r\n\r\n__Fixes:
https://github.com/elastic/kibana/issues/191299__\r\n\r\n## Release
Note\r\n\r\nAdded `scope` field to the features configuration. This
enhancement is\r\nintended to prevent new features from appearing in
Space Visibility\r\nToggles.\r\n\r\n---------\r\n\r\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"a71c9ba38ab4b88288313b91bd1b699777b3aab1","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:enhancement","chore","Team:Security","Feature:Security/Spaces","backport:skip","Team:Fleet","v9.0.0","Team:Obs
AI
Assistant","ci:project-deploy-observability","Team:obs-ux-infra_services","Team:obs-ux-management","apm:review"],"number":191634,"url":"https://github.com/elastic/kibana/pull/191634","mergeCommit":{"message":"Added
scope field to features config. (#191634)\n\n## Summary\r\nKibana needs
to more tightly control the set of visible features within\r\na space,
in order to support the new solution-based navigation.\r\nAdded `scope`
field to the features configuration. This enhancement is\r\nintended to
prevent new features from appearing in Space
Visibility\r\nToggles.\r\n\r\n\r\n### Checklist\r\n\r\n-
[x]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas
added for features that require explanation or tutorials\r\n- [x] [Unit
or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n\r\n\r\n__Fixes:
https://github.com/elastic/kibana/issues/191299__\r\n\r\n## Release
Note\r\n\r\nAdded `scope` field to the features configuration. This
enhancement is\r\nintended to prevent new features from appearing in
Space Visibility\r\nToggles.\r\n\r\n---------\r\n\r\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"a71c9ba38ab4b88288313b91bd1b699777b3aab1"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/191634","number":191634,"mergeCommit":{"message":"Added
scope field to features config. (#191634)\n\n## Summary\r\nKibana needs
to more tightly control the set of visible features within\r\na space,
in order to support the new solution-based navigation.\r\nAdded `scope`
field to the features configuration. This enhancement is\r\nintended to
prevent new features from appearing in Space
Visibility\r\nToggles.\r\n\r\n\r\n### Checklist\r\n\r\n-
[x]\r\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\r\nwas
added for features that require explanation or tutorials\r\n- [x] [Unit
or
functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere
updated or added to match the most common scenarios\r\n\r\n\r\n__Fixes:
https://github.com/elastic/kibana/issues/191299__\r\n\r\n## Release
Note\r\n\r\nAdded `scope` field to the features configuration. This
enhancement is\r\nintended to prevent new features from appearing in
Space Visibility\r\nToggles.\r\n\r\n---------\r\n\r\nCo-authored-by:
Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"a71c9ba38ab4b88288313b91bd1b699777b3aab1"}}]}]
BACKPORT-->

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
 2024-09-19 10:42:43 -05:00
Sander Philipse
f7c708f135
[Search] Implement RBAC Kibana feature for Search (#192130) 
## Summary

This implements RBAC properly for Search. We no longer rely on the
enterprise search node to limit access to Search, so except for App
Search and Workplace Search. That means we need proper Kibana features
to manage RBAC, which this adds: one for Search and a separate one for
Relevance as that feature is guarded by an Enterprise license.

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
 2024-09-12 16:53:26 +02:00
Kurt
5ec0cb0ed2
FIPS FTR Overrides and test skips (#192053) 
## Summary

Kibana requires security to be enabled and a platinum or better license
to run in FIPS mode.

Since not all FTR configs assume these conditions will be enabled, we
cant run every test. So these failing tests will be skipped when these
overrides are enforced.

This does not mean that the functionality is not supported in FIPS mode.

## What is the point?

Running these tests in FIPS mode is not necessarily to check that the
functionality works as expected, it is to make sure Kibana does not
crash due to unsupported algorithm usage (`md4`, `md5`, etc).

When running in FIPS mode, Node will throw an `unsupported envelope
function` error (with FIPS enabled) if it encounters an unsupported
algorithm, so the more lines of code covered, the more assurance we can
have that features will work in FIPS mode.

## Nature of the changes

To skip a test, a `tag` is added: `this.tags('skipFIPS')`

`this.tags` is only available for `describe('description', function()
{...});`

There should not be any logical changes, just tests wrapped in an extra
block.

I tried to make the wording in the new `describe` block "flow" 😅 if you
prefer different wording in the new `describe` block - please add a
change!

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Nikita Indik <nikita.indik@elastic.co>
 2024-09-10 13:17:40 -04:00
Andrew Macri
8ee04937fe
[Security Solution] [Attack discovery] Attack Discovery RBAC / Display an upgrade CTA for the serverless essentials product tier (#188788) 
## [Security Solution] [Attack discovery] Attack Discovery RBAC / Display an upgrade CTA for the serverless essentials product tier

### Summary

This PR adds Role Based Access Control (RBAC) to Attack discovery.

Security users may enable or disable the new `Attack Discovery` RBAC feature shown in the figure below:

![rbac](https://github.com/user-attachments/assets/2ca3de6e-3e87-401f-8a06-0eb06d36d081)

_Above: The new `Attack discovery` RBAC feature_

It is possible to for example, configure a custom role that enables Attack discovery, but disables the assistant, as illustrated by the table below:

| Role                                      | License    | Navigation visible | Show upsell | Upsell has actions | View in assistant enabled |
|-------------------------------------------|------------|--------------------|-------------|--------------------|---------------------------|
| `has_attack_discovery_all_assistant_none`     | Basic      |                   |            |                   |                          |
| `has_attack_discovery_all_assistant_none` | Trial      |                   |            |                   |                          |
| `has_attack_discovery_all_assistant_none` | Platinum   |                   |            |                   |                          |
| `has_attack_discovery_all_assistant_none` | Enterprise |                   |            |                   |                          |

_Above: An example role that enables Attack discovery, but disables the assistant_

See the `Desk Testing` section of this PR for details.

This PR also fixes an issue where Attack discovery does not display an upgrade call to action (CTA) for the serverless _essentials_ product tier, per the before and after screenshots below:

#### Before

![serverless_essentials_before](https://github.com/user-attachments/assets/90e8f433-896d-40a3-b095-8f0cca0f7073)

_Above: Before the fix, an upgrade CTA is NOT displayed for the serverless essentials product tier_

#### After

![serverless_essentials_after](https://github.com/user-attachments/assets/4cdd146e-afac-4f3e-925b-4786e1908312)

_Above: After the fix, an upgrade CTA is displayed for the serverless essentials product tier_

The fix above is implemented by adopting the upselling framework.

### New Feature ID

This PR adds a new Feature ID for attack discovery:

```typescript
export const ATTACK_DISCOVERY_FEATURE_ID = 'securitySolutionAttackDiscovery' as const;
```

in `x-pack/packages/security-solution/features/src/constants.ts`

### Upselling framework usage

This PR updates the Attack discovery page to use the upselling framework via the following summarized steps:

1. Removed the branching logic from `x-pack/plugins/security_solution/public/attack_discovery/pages/upgrade/index.tsx`, and moved the component to an upselling `section` component in `x-pack/packages/security-solution/upselling/sections/attack_discovery/index.tsx`, where the component was renamed to `AttackDiscoveryUpsellingSection`.

This `section` component handles (just) the styling of the upselling message and actions (by itself, without the page wrapper), and receives the following props:

```typescript
interface Props {
  actions?: React.ReactNode;
  availabilityMessage: string;
  upgradeMessage: string;
}
```

The self managed and serverless-specific actions and `i18n` messages are passed down via the components described in the later steps below.

2. Removed all previous references to the `Upgrade` component (and references to `useProductTypes`) from the Attack discovery page in `x-pack/plugins/security_solution/public/attack_discovery/pages/index.tsx`, because the framework manages the upgrade case instead of the page itself.

3. Created an upselling `page` component `AttackDiscoveryUpsellingPage` in `x-pack/packages/security-solution/upselling/pages/attack_discovery/index.tsx`.

This component handles (just) the styling of the _page_ that wraps the Attack discovery `section`. It passes the same props to the previously described `AttackDiscoveryUpsellingSection` component.

4. Created a self-managed-specific `AttackDiscoveryUpsellingPageESS` component in `x-pack/plugins/security_solution_ess/public/upselling/pages/attack_discovery/index.tsx`

This component passes self-managed-specific upgrade action buttons / links and `i18n` strings to the previously described `AttackDiscoveryUpsellingPage`

5. Also for self managed, added a new `AttackDiscoveryUpsellingPageLazy` component to the existing file: `x-pack/plugins/security_solution_ess/public/upselling/lazy_upselling.tsx`

This component lazy loads the previously described `AttackDiscoveryUpsellingPageESS` component.

6. Added registration for the previously described `AttackDiscoveryUpsellingPageLazy` component to the existing `UpsellingPages` section in `x-pack/plugins/security_solution_ess/public/upselling/register_upsellings.tsx` with a `minimumLicenseRequired` of `enterprise`:

```
minimumLicenseRequired: 'enterprise',
```

7. Created a serverless-specific `AttackDiscoveryUpsellingPageServerless` component in `x-pack/plugins/security_solution_serverless/public/upselling/pages/attack_discovery/index.tsx`

This component passes serverless-specific `i18n` messages to the platform agnostic `AttackDiscoveryUpsellingPage` component.

8. Also for serverless, added a new `AttackDiscoveryUpsellingPageLazy` component to the existing file: `x-pack/plugins/security_solution_serverless/public/upselling/lazy_upselling.tsx`

9. Added registration for the previously described `AttackDiscoveryUpsellingPageLazy` component to the existing `upsellingPages` section in `x-pack/plugins/security_solution_serverless/public/upselling/upsellings.tsx` with the `assistant` PLI:

```
pli: ProductFeatureKey.assistant,
```

10. Added the `${ASSISTANT_FEATURE_ID}.ai-assistant` capability as an OR condition (via nested array, per the [framework](https://github.com/elastic/kibana/blob/main/x-pack/plugins/security_solution/public/common/lib/capabilities/has_capabilities.ts#L11-L22)) to the Attack discovery link in `x-pack/plugins/security_solution/public/attack_discovery/links.ts`. This addition enables the security route wrapper to check for upselling pages in serverless:

```
capabilities: [[`${SERVER_APP_ID}.show`, `${ASSISTANT_FEATURE_ID}.ai-assistant`]],
```

11. Added `licenseType: 'enterprise'` to the Attack discovery link in `x-pack/plugins/security_solution/public/attack_discovery/links.ts` to require an `enterprise` license for self managed

### Upgrade CTA gallery

The screenshots in this section document the CTA (or Welcome message when the feature is licensed) displayed for various license levels after the fix:

#### Users with the `None` privilege

If users with the `None` privilege manually enter an Attack discovery URL, e.g. `http://localhost:5601/app/security/attack_discovery`, the framework will display the following error prompt:

![privelages_required](https://github.com/user-attachments/assets/d282609e-5400-4ba9-8130-de5e10f8973d)

#### Self managed BASIC

![self_managed_basic_after](https://github.com/user-attachments/assets/048b2a3b-9e2d-4b95-a697-c739ea2dc5bb)

#### Self managed PLATINUM

![self_managed_platinum_after](https://github.com/user-attachments/assets/d7c49551-a8cf-4afb-b3bf-c3243e892219)

#### Self managed TRIAL

![self_managed_trial_after](https://github.com/user-attachments/assets/d5cc03a9-97aa-4c78-a5f5-92e5af3a85ac)

#### Self managed ENTERPRISE

![self_managed_enterprise_after](https://github.com/user-attachments/assets/a849b534-7e07-4481-9641-c48dee126466)

#### Serverless ESSENTIALS

![serverless_essentials_after](https://github.com/user-attachments/assets/4cdd146e-afac-4f3e-925b-4786e1908312)

#### Serverless COMPLETE

![serverless_complete_after](https://github.com/user-attachments/assets/8cab60c3-dea6-4d7a-b86a-b2cd11c9b4dd)

## Desk Testing

### Severless: Desk testing (just) the upgrade CTA

Reproduction steps:

1) Comment-out any preconfigured connectors in `config/kibana.dev.yml`

2) Edit the configuration of `config/serverless.security.yml` to enable the `essentials` product tier:

```yaml
xpack.securitySolutionServerless.productTypes:
  [
    { product_line: 'security', product_tier: 'essentials' }
  ]
```

3) Start Elasticsearch

```sh
yarn es serverless --projectType security
```

4) Start a development instance of Kibana

```
yarn start --serverless=security --no-base-path
```

5) Navigate to Security > Attack discovery

**Expected result**

- An upgrade CTA is displayed, as illustrated by the _after_ screenshot below:

![serverless_essentials_after](https://github.com/user-attachments/assets/4cdd146e-afac-4f3e-925b-4786e1908312)

- The video tour is NOT displayed for serverless, as noted in the [original PR](https://github.com/elastic/kibana/pull/182605#issuecomment-2100607857)

**Actual result**

- An upgrade CTA is NOT displayed, as illustrated by the _before_ screenshot below:

![serverless_essentials_before](https://github.com/user-attachments/assets/90e8f433-896d-40a3-b095-8f0cca0f7073)

### Desk testing Self Managed

To desk test self manged, we will:

1) Create (three) roles for testing
2) Create (three) users assigned to the roles
3) Test each role at `Basic`, `Trial`, `Platinum`, and `Enterprise` levels to verify:

- `Attack discovery` link visibility in the Security solution navigation
- Visibility of the upsell empty prompt for license levels where Attack discovery is unavailable
- The upsell empty prompt includes the `Subscription plans` and `Manage license` actions
- When Attack discoveries are generated, the `View in Ai Assistant` button and popover menu action are enabled / disabled, based on availability of the `AI Assistant` feature

#### Creating (three) roles for testing

In this section, we will start a new (development) self managed deployment, and create the following three roles via Kibana Dev Tools:

- `has_attack_discovery_all_assistant_all`
- `has_attack_discovery_all_assistant_none`
- `has_attack_discovery_none_assistant_all`

To start the deployment and create the roles:

1) Add a pre-configured GenAI connector to `config/kibana.dev.yml`

2) Start a new (development) instance of Elasticsearch:

```sh
yarn es snapshot -E path.data=/Users/$USERNAME/data-2024-07-31a
```

3) Start a local (development) instance of Kibana:

```
yarn start --no-base-path
````

4) Login to Kibana as the `elastic` user

5) Generate some alerts

6) Navigate to Dev Tools

7) Execute the following three API calls to create the roles:

<details><summary>PUT /_security/role/has_attack_discovery_all_assistant_all</summary>
<p>

``` ts
PUT /_security/role/has_attack_discovery_all_assistant_all
{
  "cluster": [
    "all"
  ],
  "indices": [
    {
      "names": [
        "*"
      ],
      "privileges": [
        "all"
      ],
      "field_security": {
        "grant": [
          "*"
        ],
        "except": []
      },
      "allow_restricted_indices": false
    }
  ],
  "applications": [
    {
      "application": "kibana-.kibana",
      "privileges": [
        "feature_securitySolutionAssistant.minimal_all",
        "feature_securitySolutionAttackDiscovery.minimal_all",
        "feature_siem.all",
        "feature_securitySolutionCases.all",
        "feature_actions.all"
      ],
      "resources": [
        "*"
      ]
    }
  ],
  "run_as": [],
  "metadata": {},
  "transient_metadata": {
    "enabled": true
  }
}
```

</p>
</details>

<details><summary>PUT /_security/role/has_attack_discovery_all_assistant_none</summary>
<p>

``` ts
PUT /_security/role/has_attack_discovery_all_assistant_none
{
  "cluster": [
    "all"
  ],
  "indices": [
    {
      "names": [
        "*"
      ],
      "privileges": [
        "all"
      ],
      "field_security": {
        "grant": [
          "*"
        ],
        "except": []
      },
      "allow_restricted_indices": false
    }
  ],
  "applications": [
    {
      "application": "kibana-.kibana",
      "privileges": [
        "feature_securitySolutionAttackDiscovery.minimal_all",
        "feature_siem.all",
        "feature_securitySolutionCases.all",
        "feature_actions.all"
      ],
      "resources": [
        "*"
      ]
    }
  ],
  "run_as": [],
  "metadata": {},
  "transient_metadata": {
    "enabled": true
  }
}
```

</p>
</details>

<details><summary>PUT /_security/role/has_attack_discovery_none_assistant_all</summary>
<p>

``` ts
PUT /_security/role/has_attack_discovery_none_assistant_all
{
  "cluster": [
    "all"
  ],
  "indices": [
    {
      "names": [
        "*"
      ],
      "privileges": [
        "all"
      ],
      "field_security": {
        "grant": [
          "*"
        ],
        "except": []
      },
      "allow_restricted_indices": false
    }
  ],
  "applications": [
    {
      "application": "kibana-.kibana",
      "privileges": [
        "feature_securitySolutionAssistant.minimal_all",
        "feature_siem.all",
        "feature_securitySolutionCases.all",
        "feature_actions.all"
      ],
      "resources": [
        "*"
      ]
    }
  ],
  "run_as": [],
  "metadata": {},
  "transient_metadata": {
    "enabled": true
  }
}
```

</p>
</details>

#### Creating (three) users assigned to the roles

In this section, we will create the following three users via Kibana Dev Tools using the API calls below (expand for details):

- `attack_discovery_all_assistant_all`
- `attack_discovery_all_assistant_none`
- `attack_discovery_none_assistant_all`

1) Navigate to Dev Tools

2) Execute the following three API calls to create the users:

<details><summary>POST /_security/user/attack_discovery_all_assistant_all</summary>
<p>

``` ts
POST /_security/user/attack_discovery_all_assistant_all
{
    "username": "attack_discovery_all_assistant_all",
    "password": "changeme",
    "roles": [
      "has_attack_discovery_all_assistant_all"
    ],
    "full_name": "Attack Discovery All Assistant All",
    "email": "user@example.com",
    "metadata": {},
    "enabled": true
}
```

</p>
</details>

<details><summary>POST /_security/user/attack_discovery_all_assistant_none</summary>
<p>

``` ts
POST /_security/user/attack_discovery_all_assistant_none
{
    "username": "attack_discovery_all_assistant_none",
    "password": "changeme",
    "roles": [
      "has_attack_discovery_all_assistant_none"
    ],
    "full_name": "Attack Discovery All Assistant None",
    "email": "user@example.com",
    "metadata": {},
    "enabled": true
}
```

</p>
</details>

<details><summary>POST /_security/user/attack_discovery_none_assistant_all</summary>
<p>

``` ts
POST /_security/user/attack_discovery_none_assistant_all
{
    "username": "attack_discovery_none_assistant_all",
    "password": "changeme",
    "roles": [
      "has_attack_discovery_none_assistant_all"
    ],
    "full_name": "Attack Discovery None Assistant All",
    "email": "user@example.com",
    "metadata": {},
    "enabled": true
}
```

</p>
</details>

#### Testing each role at `Basic`, `Trial`, `Platinum`, and `Enterprise` levels

In this section, we will test each of the self managed `Basic`, `Trial`, `Platinum`, and `Enterprise` license levels with the three roles we created for testing.

##### Testing the `has_attack_discovery_all_assistant_all` role

1) Login as the `attack_discovery_all_assistant_all` user

2) Navigate to the Security solution

3) For each of the `Basic`, `Trial`, `Platinum`, and `Enterprise` levels, verify your observations match the expected behavior in the table below:

| Role                                     | License    | Navigation visible | Show upsell | Upsell has actions | View in assistant enabled |
|------------------------------------------|------------|--------------------|-------------|--------------------|---------------------------|
| `has_attack_discovery_all_assistant_all` | Basic      |                   |            |                   |                          |
| `has_attack_discovery_all_assistant_all` | Trial      |                   |            |                   |                          |
| `has_attack_discovery_all_assistant_all` | Platinum   |                   |            |                   |                          |
| `has_attack_discovery_all_assistant_all` | Enterprise |                   |            |                   |                          |

##### Testing the `has_attack_discovery_all_assistant_none` role

1) Login as the `attack_discovery_all_assistant_none` user

2) Navigate to the Security solution

3) For each of the `Basic`, `Trial`, `Platinum`, and `Enterprise` levels, verify your observations match the expected behavior in the table below:

| Role                                      | License    | Navigation visible | Show upsell | Upsell has actions | View in assistant enabled |
|-------------------------------------------|------------|--------------------|-------------|--------------------|---------------------------|
| `has_attack_discovery_all_assistant_none`     | Basic      |                   |            |                   |                          |
| `has_attack_discovery_all_assistant_none` | Trial      |                   |            |                   |                          |
| `has_attack_discovery_all_assistant_none` | Platinum   |                   |            |                   |                          |
| `has_attack_discovery_all_assistant_none` | Enterprise |                   |            |                   |                          |

##### Testing the `has_attack_discovery_none_assistant_all` role

1) Login as the `attack_discovery_none_assistant_all` user

2) Navigate to the Security solution

3) For each of the `Basic`, `Trial`, `Platinum`, and `Enterprise` levels, verify your observations match the expected behavior in the table below:

| Role                                      | License    | Navigation visible | Show upsell | Upsell has actions | View in assistant enabled |
|-------------------------------------------|------------|--------------------|-------------|--------------------|---------------------------|
| `has_attack_discovery_none_assistant_all` | Basic      |                   |            |                   |                          |
| `has_attack_discovery_none_assistant_all` | Trial      |                   |            |                   |                          |
| `has_attack_discovery_none_assistant_all` | Platinum   |                   |            |                   |                          |
| `has_attack_discovery_none_assistant_all` | Enterprise |                   |            |                   |                          |

---------------------------------------------

### Serverless Testing

To desk test serverless, we will test the `essentials` and `complete` product tiers to verify:

- `Attack discovery` link visibility in the Security project navigation
- Visibility of the upsell empty prompt for license levels where Attack discovery is unavailable
- The upsell empty prompt does NOT include the `Subscription plans` and `Manage license` actions
- When Attack discoveries are generated, the `View in Ai Assistant` button and popover menu action are enabled

#### Essentials tier testing

1) Add a pre-configured GenAI connector to `config/kibana.dev.yml`

2) Edit the configuration of `config/serverless.security.yml` to enable the `essentials` product tier:

```yaml
xpack.securitySolutionServerless.productTypes:
  [
    { product_line: 'security', product_tier: 'essentials' },
    { product_line: 'endpoint', product_tier: 'essentials' },
  ]
```

2) Start a new (development) instance of Elasticsearch:

```sh
yarn es serverless --clean --projectType security
```

3) Start a local (development) instance of Kibana:

```
yarn start --serverless=security --no-base-path
````

4) select the `admin` role

5) Generate some alerts

6) Verify your observations match the expected behavior in the table below:

| Role                          | Tier       | Navigation visible | Show upsell | Upsell has actions | View in assistant enabled |
|-------------------------------|------------|--------------------|-------------|--------------------|---------------------------|
| `viewer`                      | essentials |                   |            |                   |                          |
| `editor`                      | essentials |                   |            |                   |                          |
| `t1_analyst`                  | essentials |                   |            |                   |                          |
| `t2_analyst`                  | essentials |                   |            |                   |                          |
| `t3_analyst`                  | essentials |                   |            |                   |                          |
| `threat_intelligence_analyst` | essentials |                   |            |                   |                          |
| `rule_author`                 | essentials |                   |            |                   |                          |
| `soc_manager`                 | essentials |                   |            |                   |                          |
| `detections_admin`            | essentials |                   |            |                   |                          |
| `platform_engineer`           | essentials |                   |            |                   |                          |
| `endpoint_operations_analyst` | essentials |                   |            |                   |                          |
| `endpoint_policy_manager`     | essentials |                   |            |                   |                          |
| `admin`                       | essentials |                   |            |                   |                          |
| `system_indices_superuser`    | essentials |                   |            |                   |                          |

### Complete tier testing

1) Stop the running Kibana server (from the previous Essentials tier testing)

2) Edit the configuration of `config/serverless.security.yml` to enable the `complete` product tier:

```yaml
xpack.securitySolutionServerless.productTypes:
  [
    { product_line: 'security', product_tier: 'complete' },
    { product_line: 'endpoint', product_tier: 'complete' },
  ]
```

3) Restart a local (development) instance of Kibana:

```
yarn start --serverless=security --no-base-path
````

4) Verify your observations match the expected behavior in the table below:

| Role                          | Tier     | Navigation visible | Show upsell | Upsell has actions | View in assistant enabled |
|-------------------------------|----------|--------------------|-------------|--------------------|---------------------------|
| `viewer`                      | complete |                   |            |                   |                          |
| `editor`                      | complete |                   |            |                   |                          |
| `t1_analyst`                  | complete |                   |            |                   |                          |
| `t2_analyst`                  | complete |                   |            |                   |                          |
| `t3_analyst`                  | complete |                   |            |                   |                          |
| `threat_intelligence_analyst` | complete |                   |            |                   |                          |
| `rule_author`                 | complete |                   |            |                   |                          |
| `soc_manager`                 | complete |                   |            |                   |                          |
| `detections_admin`            | complete |                   |            |                   |                          |
| `platform_engineer`           | complete |                   |            |                   |                          |
| `endpoint_operations_analyst` | complete |                   |            |                   |                          |
| `endpoint_policy_manager`     | complete |                   |            |                   |                          |
| `admin`                       | complete |                   |            |                   |                          |
| `system_indices_superuser`    | complete |                   |            |                   |                          |
 2024-08-13 11:46:20 -04:00
Alejandro Fernández Haro
11b750b10a
Minimize shared-common everywhere (#188606) 
## Summary


![8xfggo](https://github.com/user-attachments/assets/f3d9312f-2ad3-4fa2-9daf-01e2b1ad6cac)

At the moment, our package generator creates all packages with the type
`shared-common`. This means that we cannot enforce boundaries between
server-side-only code and the browser, and vice-versa.

- [x] I started fixing `packages/core/*`
- [x] It took me to fixing `src/core/` type to be identified by the
`plugin` pattern (`public` and `server` directories) vs. a package
(either common, or single-scoped)
- [x] Unsurprisingly, this extended to packages importing core packages
hitting the boundaries eslint rules. And other packages importing the
latter.
- [x] Also a bunch of `common` logic that shouldn't be so _common_ 🙃 

### For maintainers

- [x] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
 2024-07-29 12:47:46 -06:00
Joe McElroy
bc42310da5
[Search] [Getting Started Guide] Update examples (#188642) 
## Summary

Updating the quick start guides. 

Changes:
- introduce a new semantic search guide which talks through
semantic_text
- vector search updates to make the examples simpler + callouts to use
semantic search with semantic_text
 - Updates to AI search to make it more up to date

### Checklist

Delete any items that are not applicable to this PR.

- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
- [ ] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
- [ ] Any UI touched in this PR does not create any new axe failures
(run axe in browser:
[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),
[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
- [ ] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [ ] This renders correctly on smaller devices using a responsive
layout. (You can test this [in your
browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
- [ ] This was checked for [cross-browser
compatibility](https://www.elastic.co/support/matrix#matrix_browsers)


### Risk Matrix

Delete this section if it is not applicable to this PR.

Before closing this PR, invite QA, stakeholders, and other developers to
identify risks that should be tested prior to the change/feature
release.

When forming the risk matrix, consider some of the following examples
and how they may potentially impact the change:

| Risk | Probability | Severity | Mitigation/Notes |

|---------------------------|-------------|----------|-------------------------|
| Multiple Spaces&mdash;unexpected behavior in non-default Kibana Space.
| Low | High | Integration tests will verify that all features are still
supported in non-default Kibana Space and when user switches between
spaces. |
| Multiple nodes&mdash;Elasticsearch polling might have race conditions
when multiple Kibana nodes are polling for the same tasks. | High | Low
| Tasks are idempotent, so executing them multiple times will not result
in logical error, but will degrade performance. To test for this case we
add plenty of unit tests around this logic and document manual testing
procedure. |
| Code should gracefully handle cases when feature X or plugin Y are
disabled. | Medium | High | Unit tests will verify that any feature flag
or plugin combination still results in our service operational. |
| [See more potential risk
examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) |


### For maintainers

- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

---------

Co-authored-by: Liam Thompson <32779855+leemthompo@users.noreply.github.com>
Co-authored-by: Rodney Norris <rodney@tattdcodemonkey.com>
 2024-07-22 14:19:35 +02:00
Pierre Gayvallet
d0b807403c
Improve features plugin's contract type names (#187944) 
## Summary

Fix https://github.com/elastic/kibana/issues/65999

Change the `features` plugin's contract type names to follow our naming
convensions and to avoid needing to rename them during imports

(and yeah, I'm triggering a review from 30 teams again for a type
rename, just for the fun of it)

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
 2024-07-17 15:33:32 +01:00
elena-shostak
63cbdb8be7
Added ui capabilities to role management (#181424) 
## Summary

Part of the Spaces UX redesign requires us to show the list of roles
which grant access to the space. Since not all users who manage spaces
can also manage roles, we need to make this a conditional view based on
user privileges.

Added `view` UI Capability to role management, it will be available at
`capabilities.roles?.view`


### Checklist

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed

### For maintainers

- [x] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)

__Fixes: https://github.com/elastic/kibana/issues/181315__

## Release note
Added UI Capability to role management.

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
 2024-04-26 14:10:54 +02:00
Alejandro Fernández Haro
fd09c26d15
async-import plugins in the server side (#170856) 
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
 2023-11-15 00:55:56 -07:00
Aurélien FOUCRET
c12276d836
Renaming the esre application into ai_search (#166632) 2023-09-20 16:22:49 +02:00
Rodney Norris
1e347652cf
[Search] refactor: rename ent-search elasticsearch app id (#165241) 
## Summary

Updated the elasticsearch app id in the enterprise search plugin from
'elasticsearch' to 'enterpriseSearchElasticsearch'. This is to remove
any possible permission or privelege conflicts with the route
`/app/elasticsearch`, which is registerd by serverless search.

### Checklist

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
 2023-08-30 12:34:52 -05:00
Alex Szabo
9d2696b5c5
[Ops] Upgrade to axios 1.4 (#163732) 
## Summary
upgrade `axios` to 1.4

- adjust to header usage, and config optionality
- Axios' adapters are now resolved from a string key by axios, no need
to import/instantiate adapters
- most of the changed code stems from changes in Axios' types
  - `response.config` is now optional
- there was a change in the type of AxiosHeaders <->
InternalAxiosHeaders

Closes: #162661 
Closes: #162414

---------

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
 2023-08-22 11:47:48 +02:00
Dario Gieselaar
3128328def
[Observability AI Assistant] Lens function (#163872) 
Co-authored-by: Coen Warmer <coen.warmer@gmail.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Clint Andrew Hall <clint@clintandrewhall.com>
Co-authored-by: Carlos Crespo <carloshenrique.leonelcrespo@elastic.co>
Co-authored-by: Alejandro Fernández Haro <alejandro.haro@elastic.co>
 2023-08-17 09:45:51 +02:00
Garrett Spong
6acf72f25c
[Security Solution] Adds RBAC for Assistant (#163031) 
## Summary

Adds `All`/`None` RBAC for the Elastic AI Assistant within the Security
app via Kibana feature privileges, and also via serverless PLI App
Features for the Security `complete` product (see
https://github.com/elastic/security-team/issues/7023).

Added as high-level category to enable future support of sub-features
(included sample `Create Conversation` sub-feature plumbed as example).

<p align="center">
<img width="500"
src="b42ab3fe-65e1-49b9-a379-262f2438c0eb"
/>
</p> 

Note: Since [`minimumLicense:
'enterprise'`](https://github.com/elastic/kibana/pull/163031/files#diff-56de8b6234daf4e0e69efe680e5a4afc4f88d152243b773d90c3991fa9dabc19R28)
is configured on this privilege, when the license check isn't satisfied,
the privilege will be hidden (not disabled).

## Testing

Feature is available for `enterprise` licenses and when `All` privilege
is set, otherwise Assistant is hidden in Timeline, all `Chat` UI
elements are hidden, and the `cmd/ctrl + ;` shortcut is unavailable.

---

### On Prem Testing:
Create two roles, one for each `all`/`none` Security Elastic AI
Assistant privilege (via Dev Tools):

<details><summary>PUT /_security/role/assistant_all</summary>
<p>

``` ts
PUT /_security/role/assistant_all
{
  "cluster": [
    "all"
  ],
  "indices": [
    {
      "names": [
        "*"
      ],
      "privileges": [
        "all"
      ],
      "field_security": {
        "grant": [
          "*"
        ],
        "except": []
      },
      "allow_restricted_indices": false
    }
  ],
  "applications": [
    {
      "application": "kibana-.kibana",
      "privileges": [
        "feature_securitySolutionAssistant.minimal_all",
        "feature_siem.all",
        "feature_securitySolutionCases.all",
        "feature_actions.all"
      ],
      "resources": [
        "*"
      ]
    }
  ],
  "run_as": [],
  "metadata": {},
  "transient_metadata": {
    "enabled": true
  }
}
```
</p>
</details>


<details><summary>PUT /_security/role/assistant_none</summary>
<p>

``` ts
PUT /_security/role/assistant_none
{
  "cluster": [
    "all"
  ],
  "indices": [
    {
      "names": [
        "*"
      ],
      "privileges": [
        "all"
      ],
      "field_security": {
        "grant": [
          "*"
        ],
        "except": []
      },
      "allow_restricted_indices": false
    }
  ],
  "applications": [
    {
      "application": "kibana-.kibana",
      "privileges": [
        "feature_siem.all",
        "feature_securitySolutionCases.all",
        "feature_actions.all"
      ],
      "resources": [
        "*"
      ]
    }
  ],
  "run_as": [],
  "metadata": {},
  "transient_metadata": {
    "enabled": true
  }
}
```
</p>
</details>

Create a new `assistant_user` (assigned both roles above), log in and
test assistant availability, then remove one role at a time testing
each:

<details><summary>POST /_security/user/assistant_user (ALL)</summary>
<p>

``` ts
POST /_security/user/assistant_user
{
    "username": "assistant_user",
    "password": "changeme",
    "roles": [
      "assistant_all",
      "assistant_none"
    ],
    "full_name": "Assistant User",
    "email": "assistant-user@elastic.co",
    "metadata": {},
    "enabled": true
}
```
</p>
</details>

Test that assistant is available in UI via `Chat` buttons and shortcut
keys.

<details><summary>PUT /_security/user/assistant_user (NONE)</summary>
<p>

``` ts
PUT /_security/user/assistant_user
{
    "username": "assistant_user",
    "roles": [
      "assistant_none"
    ],
    "full_name": "Assistant User",
    "email": "assistant-user@elastic.co",
    "metadata": {},
    "enabled": true
}
```
</p>
</details>

Test that assistant is **NOT** available in UI via `Chat` buttons or
shortcut keys.

---

### Serverless Testing:

To test with the Assistant available, set `productTypes` to `complete`
in `config/serverless.security.yml`

```
xpack.securitySolutionServerless.productTypes:
  [
    { product_line: 'security', product_tier: 'complete' },
    { product_line: 'endpoint', product_tier: 'complete' },
  ]
  ```

otherwise to test without the Assistant, pick a different product type like `essentials`:

```
xpack.securitySolutionServerless.productTypes:
  [
    { product_line: 'security', product_tier: 'essentials' },
    { product_line: 'endpoint', product_tier: 'essentials' },
  ]
```

Then start Serverless Kibana: `yarn serverless-security`

---

### Checklist

Delete any items that are not applicable to this PR.

- [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
 2023-08-11 15:48:59 -06:00
Sloane Perrault
566d4ddc5a
[Enterprise Search] Vector search landing page (#160206) 
## Summary



d43fa0f0-1491-411f-8aa9-0767b08edd20



### Checklist

Delete any items that are not applicable to this PR.

- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [x] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
- [x] Any UI touched in this PR does not create any new axe failures
(run axe in browser:
[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),
[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
- [x] This renders correctly on smaller devices using a responsive
layout. (You can test this [in your
browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
 2023-06-23 09:23:25 -04:00
Adam Demjen
4573874fab
[8.9] Add ESRE landing page placeholder and navigation (#159589) 
## Summary

This PR adds the ESRE landing page to the left hand nav and the
hamburger menu. The page is just a placeholder for now, but it will be
filled with a complete step-by-step guide in follow-up PRs.

cc @julianrosado on ordering of menu items.

![Screenshot 2023-06-13 at 10 33
07](07cbcb84-6494-44e2-a09b-fcaf4d816b5b)
![Screenshot 2023-06-13 at 10 32
56](978ad272-3735-42ac-a3f8-20649485d687)

### Checklist

Delete any items that are not applicable to this PR.

- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
 2023-06-15 09:49:05 -04:00
Rodney Norris
68ca864e96
[Enterprise Search] Move Search Applications to Applications module (#155805) 
## Summary

Move Search Applications pages from the Content module to a new
Applications module in `enterprise_search`.

When initially implementing engines behind a feature flag in 8.7 it was
decided to add the pages to the content application to make it easier to
share components and expedite development. But as we're trying to land
Search Applications in 8.8 (formerly engines) we've decided they need to
be in there own plugin public application for several reasons, but the
driving one is to add a global navigation option for Search
Applications. Additionally we get to render search_applications under a
better URL than `content/engines`.

### Screenshots

Search Applications added to global collapsible navigation:

![image](https://user-images.githubusercontent.com/1972968/234625232-1625e86d-134b-47c3-9c0b-db8a54eb7645.png)
URL and Breadcrumbs updated

![image](https://user-images.githubusercontent.com/1972968/234626430-ab827ce1-ea1c-450b-881e-c4878eea8559.png)
 2023-05-04 11:15:15 -05:00
Yulia Čech
b75546f7eb
[Guided onboarding] Use Kibana features to grant access (#155065) 
## Summary

Fixes https://github.com/elastic/kibana/issues/149132

This PR adds a Kibana feature for the guided onboarding plugin for
better permissions handling. By default `kibana_admin` and `editor`
roles are granted access to guided onboarding. The role `viewer` on the
other hand doesn't have enough permissions to see or use guided
onboarding. For any roles that don't have the correct permissions,
guided onboarding is completely disabled, the same as it's disabled
on-prem.
When creating a new role, the feature "Setup guides" can be enabled or
disabled.

### How to test
1. Add `xpack.cloud.id: 'testID'` to `/config/kibana.dev.yml`
1. Start ES with `yarn es snapshot` and Kibana with `yarn start``
2. Login as elastic and create a test user with the role `viewer`
3. Clear everything from your browser's local storage 
4. Login as the test user and check the following
- On the first visit, the "on-prem" welcome message is shown (not the
guided onboarding landing page)
- The url `/app/home#/getting_started` is unknown and redirects back to
the home page
- There is no button "Setup guides" in the header
- There is no link "Setup guides" in the help menu

### Checklist

- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
 2023-04-26 04:33:58 -07:00
Spencer
1b85815402
[packages] migrate all plugins to packages (#148130) 
Fixes https://github.com/elastic/kibana/issues/149344

This PR migrates all plugins to packages automatically. It does this
using `node scripts/lint_packages` to automatically migrate
`kibana.json` files to `kibana.jsonc` files. By doing this automatically
we can simplify many build and testing procedures to only support
packages, and not both "packages" and "synthetic packages" (basically
pointers to plugins).

The majority of changes are in operations related code, so we'll be
having operations review this before marking it ready for review. The
vast majority of the code owners are simply pinged because we deleted
all `kibana.json` files and replaced them with `kibana.jsonc` files, so
we plan on leaving the PR ready-for-review for about 24 hours before
merging (after feature freeze), assuming we don't have any blockers
(especially from @elastic/kibana-core since there are a few core
specific changes, though the majority were handled in #149370).

---------

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
 2023-02-08 21:06:50 -06:00
Spencer
c8f83ed2eb
Move real plugins out of 'fixtures' dirs (#148756) 
The location of plugins was previously somewhat irrelevant, but as we
move into packages it's more important that we can find all plugins in
the repository, and we would like to be able to do that without needing
to maintain a manifest somewhere to accomplish this. In order to make
this possible we plan to find any plugin/package by spotting all
kibana.json files which are not "fixtures". This allows plugin-like code
(but not actual plugin code) to exist for testing purposes, but it must
be within some form of "fixtures" directory, and any plugin that isn't
in a fixtures directory will be automatically pulled into the system
(though test plugins, examples, etc. will still only be loaded when the
plugin's path is passed via `--plugin-path`, the system will know about
them and use that knowledge for other things).

Since this is just a rename Operations will review and merge by EOD Jan
12th unless someone has a blocking concern.

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
 2023-01-12 12:38:49 -07:00
Alison Goryachev
2b6183e11d
[Onboarding] ECMA MVP cleanup (#147702) 2022-12-21 11:02:01 -05:00
claracruz
e868b3aa77
[Platform Onboarding] Elastic cloud migration assistant page (#145523) 2022-12-16 10:31:03 -05:00
Tiago Costa
016e3e03a4
chore(NA): enables isolatedModules on base tsconfig file (#144841) 
This PR enables `isolatedModules` on our `tsconfig.base.json`. Enabling
this means that our codebase is safe for tools that use TypeScript APIs
like `transpileModule` or alternative compilers like Babel. The
requirements introduced by enabling `isolatedModules` were already in
place for every piece of code transpiled with babel so we feel like its
time to make it the default across the board inside our repository.

The DX shouldn't be impacted negatively by these change as we introduced
a lint rule verification for the critical part around `isolatedModules`
which is around `const enums`. The PR also has a couple of `TODOs` to be
removed once we upgrade into typescript v4.8 where we would be able to
say everything that is typescript inside our repo should be consider a
module by default.

More information about `isolatedModules` can be found at
https://www.typescriptlang.org/tsconfig#isolatedModules

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
 2022-11-18 19:39:11 +00:00
Casey Zumwalt
e8359390b9
[Ent. Search] Search experiences landing page (#143874) 
* Scaffold plugin

* Layout

* Basic landing page layout

* Search experiences illustration

* [CI] Auto-commit changed files from 'node scripts/eslint --no-cache --fix'

* Test fixes

* More test fixes

* Use a different i18n key for the Search category

* Cleanup plugin primitives

* i18n

* Safe i18n

* [CI] Auto-commit changed files from 'node scripts/precommit_hook.js --ref HEAD~1..HEAD --fix'

* Test fixes

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
 2022-11-02 14:15:17 +01:00
Joseph McElroy
48ad65f992
[Enterprise Search] [Analytics] Analytics Collection list view (#139554) 
Implements the analytics collection list view.

Co-authored-by: Casey Zumwalt <casey.zumwalt@elastic.co>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
 2022-08-31 14:11:25 +02:00
Efe Gürkan YALAMAN
90e46180fe
[Enterprise Search] Reintroduce content plugin for next release (#134026) 
* Reintroduce content plugin for next release

Adds simple tabs on the overview tab

* Updated comments to be accurate as suggested on review

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
 2022-06-13 16:00:49 +02:00
Efe Gürkan YALAMAN
1c8f6ffb2f
[Enterprise Search] Remove content plugin for 8.3 release (#133738) 
* Remove content plugin for 8.3 release

* Delete server side plugins

* Remove collection schema

* Fix CI
 2022-06-07 17:49:52 +02:00
Casey Zumwalt
a6b394d557
[Enterprise Search] Move Elasticsearch guide to a standalone app (#132750) 
* Move the Elasticsearch guide to a standalone app

* Add breadcumbs, title

* [CI] Auto-commit changed files from 'node scripts/precommit_hook.js --ref HEAD~1..HEAD --fix'

* [CI] Auto-commit changed files from 'node scripts/eslint --no-cache --fix'

* Test fixes

* Updated telemetry

* Undo unintentional change

Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
 2022-05-24 15:54:16 -05:00
Tomasz Ciecierski
e9c1c3932b
[Osquery] Make Osquery All with All base privillege (#130523) 2022-05-17 08:22:18 +02:00
Jonathan Budzenski
b191f141f3
Upgrade axios dependency (0.21.10.27.2). (#111655) 
Co-authored-by: Aleh Zasypkin <aleh.zasypkin@elastic.co>
 2022-05-12 11:49:52 +02:00
Spencer
542b381fa5
[ftr] automatically determine config run order (#130983) 
* [ftr] automatically determine config run order

* split lens config into two groups

* support ftr configs always running against CI

* Split detection_engine_api_integration rule exception list tests

* Add configs from previous commit

* [ftr] remove testMetadata and maintain a unique lifecycle instance per run

* Revert "[ftr] remove testMetadata and maintain a unique lifecycle instance per run"

This reverts commit d2b4fdb824.

* Split alerting_api_integration/security_and_spaces tests

* Add groups to yaml

* Revert "Revert "[ftr] remove testMetadata and maintain a unique lifecycle instance per run""

This reverts commit 56232eea68.

* stop ES more forcefully and fix timeout

* only cleanup lifecycle phases when the cleanup is totally complete

* only use kill when cleaning up an esTestInstance

* fix broken import

* fix runOptions.alwaysUseSource implementation

* fix config access

* fix x-pack/ccs config

* fix ml import file paths

* update kibana build id

* revert array.concat() change

* fix baseConfig usage

* fix pie chart data

* split up maps tests

* pull in all of group5 so that es archives are loaded correctly

* add to ftr configs.yml

* fix pie chart data without breaking legacy version

* fix more pie_chart stuff in new vis lib

* restore normal PR tasks

* bump kibana-buildkite-library

* remove ciGroup validation

* remove the script which is no longer called from checks.sh

* [CI] Auto-commit changed files from 'yarn kbn run build -i @kbn/pm'

* adapt flaky test runner scripts to handle ftrConfig paths

* fix types in alerting_api_integration

* improve flaky config parsing and use non-local var name for passing explicit configs to ftr_configs.sh

* Split xpack dashboard tests

* Add configs

* [flaky] remove key from ftr-config steps

* [CI] Auto-commit changed files from 'node scripts/eslint --no-cache --fix'

* restore cypress builds

* remove ciGroups from FTR config files

* fixup some docs

* add temporary script to hunt for FTR config files

* use config.base.js naming for clarity

* use script to power ftr_configs.yml

* remove usage of removed x-pack/scripts/functional_tests

* fix test names in dashboard snapshots

* bump kibana-buildkite-library

* Try retrying only failed configs

* be a little quieter about trying to get testStats from configs with testRunners defined

* Remove test code

* bump kibana-buildkite-library

* update es_snapshot and on_merge jobs too

* track duration and exit code for each config and print it at the end of the script

* store results in order, rather than by key, in case there are duplicates in $config

* bash is hard

* fix env source and use +e rather than disabling e for whole file

* bash sucks

* print config summary in jest jobs too

* define results in jest_parallel.sh

* simplify config summary print, format times a little better

* fix reference to unbound time variable, use better variable name

* skip the newline between each result

* finish with the nitpicking

* sync changes with ftr_configs.sh

* refuse to execute config files which aren't listed in the .buildkite/ftr_configs.yml

* fix config.edge.js base config import paths

* fix some readmes

* resolve paths from ftr_configs manifest

* fix readConfigFile tests

* just allow __fixtures__ configs

* list a few more cypress config files

* install the main branch of kibana-buildkite-library

* split up lens group1

* move ml data_visualizer tests to their own config

* fix import paths

* fix more imports

* install specific commit of buildkite-pipeline-library

* sort configs in ftr_configs.yml

* bump kibana-buildkite-library

* remove temporary script

* fix env var for limiting config types

* Update docs/developer/contributing/development-functional-tests.asciidoc

Co-authored-by: Christiane (Tina) Heiligers <christiane.heiligers@elastic.co>

* produce a JUnit report for saved objects field count

* apply standard concurrency limits from flaky test runner

* support customizing FTR concurrency via the env

Co-authored-by: Brian Seeders <brian.seeders@elastic.co>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Christiane (Tina) Heiligers <christiane.heiligers@elastic.co>
 2022-05-04 17:05:58 -05:00
Spencer
2a78f350e1
break out parts of @kbn/dev-utils (#130509) 
* break out parts of @kbn/dev-utils

* autofix imports and kbn/pm dist

* update readme for @kbn/stdio-dev-helpers

* finish renames
 2022-04-19 12:24:58 -05:00
spalger
3730dd0779 fix all violations 2022-04-16 01:37:30 -05:00
Scotty Bollinger
d69c99356f
[Enterprise Search] Add Content plugin (#129108) 
* Add Content plugin

* Update telemetry schema

* Fix failing test

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
 2022-04-04 10:15:37 -05:00
Xavier Mouligneau
852a728229
Grant access to machine learning features when base privileges are used (#115444) 2021-10-26 18:15:44 -04:00
Thomas Watson
f152787a68
Remove deprecated xpack.security.enabled config option (#111681) 
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
 2021-10-25 14:12:05 -04:00
Joe Portner
0f1c7ccc98
Prevent Spaces from being disabled (#115283) 2021-10-18 16:17:04 +01:00
Stacey Gammon
52ee65b8d5
Make owner attribute required on kibana.json (#108231) 
* make owner attribute required

* Add owner properties in more places

* add test for owner attribute

* add error check too in the test

* Fix tests

* fix tests and update docs

* wip

* More test fixes

* Fix All The Errorz

* Adding more owner attributes

* Update x-pack/test/saved_object_api_integration/common/fixtures/saved_object_test_plugin/kibana.json

Co-authored-by: Larry Gregory <lgregorydev@gmail.com>

* Update x-pack/test/ui_capabilities/common/fixtures/plugins/foo_plugin/kibana.json

Co-authored-by: Larry Gregory <lgregorydev@gmail.com>

* commeeeooonnnn

* Update docs

* soooo many kibanajsons

* adjust plugin generator to add an owner

* Add owner to the plugin generator scripts

* update snapshot

* Fix snapshot

* review updates

Co-authored-by: Larry Gregory <lgregorydev@gmail.com>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
 2021-08-24 10:02:32 -04:00
Patryk Kopyciński
9edcf9e71e
[Osquery] RBAC (#106669) 2021-08-10 16:36:27 +02:00