## Summary
- New FTR service for create/delete rules and users using roles with new
security sub-privileges in.
- Create/delete roles and users during before/after suite hook instead
of doing it on each test case.
- Updates a test using new roles/users.
### TBD
- Move role files to the common folder once this is merged:
https://github.com/elastic/kibana/pull/143880 - DONE
- Use new role/users in other tests in this suite.
- Move new service to an upper level?
### For maintainers
- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
- Cretes new search strategy for getting index patterns in security
solution plugin that uses the internal ES user in order to retrieve
event filters fields without having extra index privileges.
- Adds new API endpoint for autocomplete suggestions that uses
unified_search plugin logic but using the internal ES user.
- Updates frontend code to use both approaches above in event filters
form.
- Adds new unit tests
### For maintainers
- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Update bundled Endpoint package version to `8.6.1` for the `8.6` stack
release.
We released an `8.6.1` Endpoint package that contains some important bug
fixes for the `8.6` stack release
## Summary
- The following changes were done in support of RBAC for the policy
management from security solution:
- Pages are only accessible if user has `read` permissions
- If user does not have `read` or `write` permissions, the link to the
Policy list is remove from the Security Solution management page
- If user ONLY has `read`, then the Policy Details save button is
removed and all form controls (ex. switches, checkboxes, etc) are
disabled
- If user does not have `read` permissions to the Endpoint list page,
then the policy list `Endpoints` column is displayed as plain text (no
link)
- Fixes a bug with the `Cancel` button on the Policy Details, which was
redirecting the user by default to the Endpoint List - correct behavior
is to redirect to the policy list by default
Users can't upgrade their clusters when an old experimental feature is
enabled.
While we don't have a final solution for this issue, I am adding the
experimental flag configuration back to prevent users from having this
frustrating experience.
Quick-fix for: https://github.com/elastic/kibana/issues/146777
Original report:
https://elastic.slack.com/archives/C6E3MTCD7/p1669236299374339
Fix
```
FATAL Error: [config validation of [xpack.securitySolution].enableExperimental]: [riskyUsersEnabled] is not allowed. Allowed values are: tGridEnabled, tGridEventRenderedViewEnabled, excludePoliciesInFilterEnabled, kubernetesEnabled, disableIsolationUIPendingStatuses, pendingActionResponsesWithAck, policyListEnabled, policyResponseInFleetEnabled, previewTelemetryUrlEnabled, responseActionsConsoleEnabled, insightsRelatedAlertsByProcessAncestry, extendedRuleExecutionLoggingEnabled, socTrendsEnabled, responseActionsEnabled
```
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
@maximpn brought up the issues caused by the types required by the
rison-node package, which attempted to communicate that "encoded values
must be primitive values, or recursive arrays/object of primitive
values". This isn't actually expressible in TypeScript, which lead to
many instances of `rison.encode(value as unknown as RisonValue)` which
is useless. Additionally, the rison-node library actually supports any
value and will either produce valid rison or `undefined` for that value.
To address this I'm adding a wrapper function which accepts `any` and
returns a `string`. If rison-node is totally unable to produce any rison
for the value (because the value is `undefined` or some other type like
Symbol or BigInt) the `encode()` function will throw. If you're
accepting arbitrary input you can use the `encodeUnknown()` function,
which will return a string or undefined, if the value you provided has
zero rison representation.
Like JSON.stringify() any non-circular primitive, object, or array can
be encoded with either function. If the values within those objects are
not encodable (functions, RegExps, etc) then they will be skipped. Any
object/array with the `toJSON()` method will be converted to JSON first,
and if the prototype of the object has the `encode_rison()` method it
will be used to convert he value into rison.
The changes in this PR are mostly updating usage of rison-node to use
`@kbn/rison` (which is also enforced by eslint). There are also several
changes which remove unnecessary casting.
## Summary
It fixes#145572 and #143183 by
- Adding an abstraction layer for the Timeseries chart and using it
without APM's context and hooks
- Create and link `AlertDetailAppSection` new component to all APM rule
types
- Provide the new Alert Details page under Observability using APM
charts
<img width="1205" alt="Screenshot 2022-11-08 at 17 22 17"
src="https://user-images.githubusercontent.com/6838659/200619684-0f9eaf5b-4618-4dd3-8539-f4bc13107c2e.png">
### Checklist
Delete any items that are not applicable to this PR.
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
## For the reviewers
- Enable the feature flag
`xpack.observability.unsafe.alertDetails.apm.enabled: true` in
`kibana.yml`.
- Create an APM rule that fires alerts
- Click on `View alert details` from the Alert table
Closes https://github.com/elastic/kibana/issues/135678
## Summary
This PR continues the work started in
https://github.com/elastic/kibana/pull/142758 to bring field list
grouping from Lens into Discover.
- [x] Integrate new components and hooks into Discover page
- [x] Refactor fields grouping logic
- [x] Render Popular fields under a new separate section
- [x] Remove "Hide empty fields" switch
- [x] Adjust filtering logic
- [x] Refactor fields existence logic in Discover
- [x] Add "Unmapped fields" section
- [x] Highlight the matching term when searching for a field
- [x] Show field icons when in SQL mode
- [x] Add tooltips to field list section headings
- [x] Add tests, clean up
<img width="340" alt="Screenshot 2022-11-15 at 15 39 27"
src="https://user-images.githubusercontent.com/1415710/201947349-726ffc3a-a17f-411b-be92-81d97879765a.png">
For testing on Discover page:
Please check different use cases and toggling Advanced Settings:
- regular vs ad-hoc data views
- data views with and without a time field
- data views with unmapped and empty fields
- data views with a lot of fields
- data views with some fields being filtered out via data view
configuration
- updating query, filters, and time range
- regular and SQL mode
- searching by a field name in the sidebar
- applying a field filter in the sidebar
- adding, editing, and removing a field
- Field Statistics table when some columns are selected or no columns
are selected
- multifields in the field popover should work as before (icon should
change from "+" to "x" when subfield is selected as a column)
- `discover:searchOnPageLoad` should not show fields if turned off
- `discover:searchFieldsFromSource` should show multifields right in the
fields list if enabled
- `discover:enableSql` should show Selected and Available fields only
when enabled
- `discover:showLegacyFieldTopValues` should show old (green) field
stats in its popover
- `doc_table:legacy`
On Lens page:
- scroll position should reset when data view is switched or when
searching by a field name
- regular and SQL mode
### Checklist
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] This renders correctly on smaller devices using a responsive
layout. (You can test this [in your
browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
- [x] This was checked for [cross-browser
compatibility](https://www.elastic.co/support/matrix#matrix_browsers)
Co-authored-by: Michael Marcialis <michael@marcial.is>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Stratoula Kalafateli <efstratia.kalafateli@elastic.co>
## Summary
Make sure that identical objects in the bar chart always get assigned
the same colors.
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Tim Rühsen <tim.ruhsen@elastic.co>
## Summary
Addresses https://github.com/elastic/kibana/issues/146494
We only need the first document from the bucket to create the alert, not
`maxSignals` documents. If `maxSignals` was greater than 100, this
caused an error in the search.
