This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| docker.elastic.co/wolfi/chainguard-base | digest | `66d427a` ->
`5ba5def` |
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMDcuMCIsInVwZGF0ZWRJblZlciI6IjM5LjEwNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOk9wZXJhdGlvbnMiLCJiYWNrcG9ydDpza2lwIiwicmVsZWFzZV9ub3RlOnNraXAiXX0=-->
Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>
This PR updates the ES|QL grammars (lexer and parser) to match the
latest version in Elasticsearch.
---------
Co-authored-by: drewdaemon <drew.tate@elastic.co>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: Stratoula Kalafateli <efstratia.kalafateli@elastic.co>
## Summary
Resolves#212981
## Release Notes
Adds the ability to create an APM availability or latency SLO for all
services
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: Kevin Delemme <kdelemme@gmail.com>
## Summary
Fixes https://github.com/elastic/kibana/issues/214709#event-16799922233
The issue was caused by the rollover of the Knowledge Base Data stream
to use default inference endpoint.
During the rollover it first got to this branch
https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/elastic_assistant/server/ai_assistant_service/index.ts#L347-L369
where it went through all the steps and continued, but it didn't
override `this.knowledgeBaseStream`, so the next time someone hit API it
was going through this path calling `getInitializedResources` to make
sure all data streams were configured properly, but because we didn't
update `this.knowledgeBaseStream` it was failing, because the original
configuration that was created in service constructor was not called,
that's why it was returning an error
### Authz API migration for unauthorized routes
This PR migrates last unauthorized routes owned by your team to a new
security configuration.
Please refer to the documentation for more information: [Authorization
API](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization)
### **Before migration:**
```ts
router.get({
path: '/api/path',
...
}, handler);
```
### **After migration:**
```ts
router.get({
path: '/api/path',
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization because ...',
},
},
...
}, handler);
```
## Summary
Resolves https://github.com/elastic/kibana/issues/213629.
Since https://github.com/elastic/kibana/pull/163784 we have included a
`format` parameter in the `sort` that we send to Elasticsearch. This
worked for everything except rollup data views, which break when the
`format` parameter is provided.
This restores the behavior prior to that PR (we still send the `sort`
but don't include the `format` parameter). Ideally we would probably not
send the timestamp field at all for rollup data views since we treat
them as if they are non-time-based, but this would require a bit of a
refactor, and rollups are deprecated anyway.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
### Release notes
Fixes opening a rollup data view in Discover.
Co-authored-by: Matthew Kime <matt@mattki.me>
### Authz API migration for unauthorized routes
This PR migrates last unauthorized routes owned by your team to a new
security configuration.
Please refer to the documentation for more information: [Authorization
API](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization)
### **Before migration:**
```ts
router.get({
path: '/api/path',
...
}, handler);
```
### **After migration:**
```ts
router.get({
path: '/api/path',
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization because ...',
},
},
...
}, handler);
```
Not sure whether we have an issue for is, but a problem I constantly run
into is that cmd+click to open in new tab doesn't work with the new side
nav. You need to do right click + open in new tab which is taking at
least 3 times as long.
This is a problem because it's not the expected behavior - the entries
in the nav are regular links and they should behave like that (the old
nav didn't have this problem).
This PR fixes the issue to not call `e.preventDefault()` in case it's a
"special click" and only triggers the in-page navigation in cases where
the user does a normal left click.
Co-authored-by: Bhavya RM <bhavya@elastic.co>
### Authz API migration for unauthorized routes
This PR migrates last unauthorized routes owned by your team to a new
security configuration.
Please refer to the documentation for more information: [Authorization
API](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization)
### **Before migration:**
```ts
router.get({
path: '/api/path',
...
}, handler);
```
### **After migration:**
```ts
router.get({
path: '/api/path',
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization because ...',
},
},
...
}, handler);
```
## Summary
Add a new privileges check before executing `applyDataViewIndices`.
This change impacts the API call `applyDataViewIndices` and the job.
`applyDataViewIndices` updates the transforms. Executing without
privileges generates a silence error because the transform can't run.
I also added some extra unit tests for `applyDataViewIndices`.
Required privileges
['read', 'view_index_metadata'] for all security solution dataview +
asset_criticality and risk_score indices.
### How to test it
1. **API call with unprivileged user scenario**
* Enable the entity store with a superuser
* Create an unprivileged user
* Call `POST kbn:api/entity_store/engines/apply_dataview_indices`
* It should return an error
* Add the required privileges
* It executes successfully
2. **Task execution with an unprivileged user scenario**
* Create a user and add privileges only for the required Entity Store
indices
* Login with the new user
* Enable the entity store
* Add a new index to the security data view (the new user shouldn't have
access to the new index)
* Wait for 30min for the job to run, or update the [source
code](8d0feb580f/x-pack/solutions/security/plugins/security_solution/server/lib/entity_analytics/entity_store/tasks/data_view_refresh/data_view_refresh_task.ts (L150))
to make it run more often
* The job execution should fail with an error message containing the new
index name.
### Checklist
Reviewers should verify this PR satisfies this list as well.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
## Summary
Adds more coverage for FTRs to test Synonyms UI in serverless.
Adds test cases for synonyms set listing, synoyms set detail and adding
deleting rules.
Covers some happy paths.
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] This was checked for breaking HTTP API changes, and any breaking
changes have been approved by the breaking-change committee. The
`release_note:breaking` label should be applied in these situations.
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
## Summary
Resolves#212784
Ensure that when an SLO is created, the id is verified across all
spaces.
## Release Notes
Ensure that when an SLO is created, the id is verified across all
spaces.
## Testing
1. Create an SLO and save the id returned in the response in a space "A"
2. Create a second SLO with the id saved from the first SLO in the
request in a different space "B"
3. User should receive a 409 error from the SLO API.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
**Resolves: #214633**
## Summary
I am fixing a flaky test in the `delete_rules_bulk_legacy.ts` file
introduced in the #213244.
Also, in two other files I am changing using expect from kbn to jest.
Partially resolves https://github.com/elastic/kibana/issues/180709
Adds `context.grouping` action variable in the following rules:
- Custom threshold rule
- APM Latency threshold rule
- APM Failed transaction rate rule
- APM Error count rule
I will open a follow up PR to add `context.grouping` action variable in
the following rules:
- Elasticsearch query rule
- SLO burn rate rule
Excluded from scope:
- Metric threshold rule (already has `context.groupByKeys`)
- Log threshold rule (already has `context.groupByKeys`)
- Inventory threshold rule (already has `context.group` and this rule
doesn't have explicit group by fields)
### Testing
1. Create each rule with group by fields, and with "active" and
"recovered" actions
3. In "active" and "recovered" action message, use `context.grouping`
variable
4. Ensure that both "active" and "recovered" alert notifications contain
correct information
5. Ensure that the action variables UI in rule form shows
`context.grouping` action variable
Example of action message for APM Latency threshold rule with group by
on `transaction.name`:
```
{
"grouping": "{{context.grouping}}",
"service.name": "{{context.grouping.service.name}}",
"service.environment": "{{context.grouping.service.environment}}",
"transaction.type": "{{context.grouping.transaction.type}}",
"transaction.name": "{{context.grouping.transaction.name}}"
}
```
Example of action message for Custom threshold rule with group by on
`host.name` and `container.id`:
```
{
"grouping": "{{context.grouping}}",
"host.name": "{{context.grouping.host.name}}",
"container.id": "{{context.grouping.container.id}}"
}
```
---------
Co-authored-by: Maryam Saeidi <maryam.saeidi@elastic.co>
## Summary
**Requirement:**
In stack and when its search solution space, we need to update search
index details breadcrumbs, when navigated via Content -> Index
Management :
- Index management list page - `Content / Index Management / Indices`
- Index list page -` Content / Index Management / indices /
<index_name>`
- drop `Stack management` from the breadcrumb
In Classic nav, index management index details page breadcrumbs will
have no change in UI. But index management app is rendered from
search_indices plugin
### Solutions
Currently, Index management app is rendered from
[management_app](https://github.com/elastic/kibana/blob/main/src/platform/plugins/shared/management/public/components/management_app/management_app.tsx).
The management app sets breadcrumbs for all the dependant apps. The
easiest way to implement is to set breadcrumbs based on active solution
type - `es` but this would alter breadcrumbs when index management app
is rendered from side nav footer ( management -> index management) and
other related management apps as well.
Other options is to modify setBreadcrumbs in
[ManagementAppMountParams](https://github.com/elastic/kibana/blob/main/src/platform/plugins/shared/management/public/types.ts#L79)
but the setBreadcrumbs is used by multiple other apps.
In this PR, index management app is mounted via search indices plugin.
In this way we can customize breadcrumbs for index management when
rendered from search_indices plugin. When its search solution type,
index management app will work independently from management app.
### Screenshots
#### Search solution Nav - Changed breadcrumb ( dropped stack management
& added index name)
<img width="1727" alt="Screenshot 2025-02-04 at 1 29 08 PM"
src="https://github.com/user-attachments/assets/bc6f733f-62f4-44bc-8373-24d92719f5df"
/>
#### Serverless
**Note:** No change in functionality from this PR. Added for additional
info
index details page breadcrumbs should be `Data/ Index Management /
Indices/<index_name>`
index list page breadcrumbs should be `Data/ Index Management /
Indices/`
**Serverless Details page**
<img width="1727" alt="Screenshot 2025-02-04 at 1 23 14 PM"
src="https://github.com/user-attachments/assets/72bac7a8-d7d1-40fc-9c73-bbd0545dba1f"
/>
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Exposes an Inference (plugin) API client for scripts, that mimicks the
`chatComplete` and `output` APIs that are available on its start
contract. It depends on the KibanaClient that is exposed from the
`@kbn/kibana-api-cli` package. It automatically selects a connector if
available.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Part of https://github.com/elastic/kibana/issues/195418
Gives `EVAL` autocomplete logic its own home 🏡
### Expression suggestions function
This PR also introduces a semi-generic function for generating
suggestions within an expression. This is so that the logic can be
shared between `EVAL` and `WHERE`. It also gets us closer to supporting
filtering in `STATS` (https://github.com/elastic/kibana/issues/195363).
To make this happen, I took stock of where we have differences in our
expression suggestions between `WHERE` and `EVAL`. In some cases, the
differences seemed important. In other cases, I felt ok removing them.
#### EVAL
| Behavior | Plan |
|--------------------------------------------------------------------------|------|
| Suggests pipe and comma after complete column names (`column/` or
`column /`)| get rid of it because an expression consisting of just a
single column name is essentially useless in `EVAL` |
| Doesn't suggest fields after an assignment | get rid of it. why act
any different than an expression not assigned an alias? |
| Suggests assignment operator after new column name (`newColumn /`) |
keep it |
| Suggests assignment snippet for empty expression | keep it |
| Suggests time literal completions after literal number in assignment
(`newColumn = 1 /`) | remove it. it doesn't feel that useful and
removing it makes it easier to have a generic expression suggestions
function. It will still be around in functions and operators (e.g. `1
day + 2 /`). |
| Supports multiple expressions | keep it |
#### WHERE
| Behavior | Plan |
|--------------------------------------------------------------------------|------|
| Suggests pipe after complete boolean expression (`foo AND bar /`) |
keep it, but outside of the expression suggestion function |
| Suggests boolean operators to make a boolean expression (`timestamp >
"2002" AND doubleField /`) | keep it... maybe we're being too smart but
we can always remove it later |
### Other changes
- the suggestions for `CASE(foo != /)` used to differ based on the
trigger kind. This seemed inadvertent so I removed the difference.
- we now add spaces after fields that are inserted in expressions. E.g.
`WHERE foo + <insert field><space>`. I'm not sure if this is best or
not...
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
### Identify risks
- [ ] As with any refactor, there's a possibility this will introduce a
regression in the behavior of commands. However, all automated tests are
passing and I have tested the behavior manually and can detect no
regression.
---------
Co-authored-by: Stratoula Kalafateli <efstratia.kalafateli@elastic.co>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Creates basic routes to download and upload content packs associated to
a stream.
Only dashboard assets will be exported and linked to a stream.
The endpoints are currently a proxy to the savedObjects
importer/exporter interfaces:
- download exports the dashboard linked to a stream
- upload imports a content pack file and link the dashboards to the
targeted stream. Dashboards are imported as-is with no index pattern
replacement performed, this will be implemented separately
### Testing
- download `curl -XPOST -H "x-elastic-internal-origin: 'kibana'" -H
"kbn-xsrf: true"
http://elastic:changeme@localhost:5601/pat/api/streams/logs/content/export
--output content.json`
- upload `curl -XPOST -H "kbn-xsrf: true"
http://elastic:changeme@localhost:5601/pat/api/streams/logs.foo/content/import
-F 'content=@content.json'`
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
We decided to group `Kibana API helpers` under a single fixture:
`apiServices` instead of individual fixtures. It should simplify the
search of existing helpers and reduce a risk for Teams to create the
same helper like we see today with FTR.
Adding just `apiServices` in test context and adding dot will expand a
list of all available API helpers + it can be extended for individual
solution (e.g. @kbn/scout-oblt) and directly in plugin (if there is no
chance to re-use it in other plugins)
<img width="699" alt="image"
src="https://github.com/user-attachments/assets/34a76659-04af-48c4-ab69-abda0c950206"
/>
Before:
```
test('should create something', async ({
fleetApi,
onboardingApi,
alertingApi,
}) => {
await fleetApi.integration.install(integrationName);
await onboardingApi.updateInstallationStepStatus(
onboardingId,
'ea-download',
'complete'
);
await alertingApi.waitForAlert(alertId);
```
After:
```
test('should create something', async ({
apiServices,
}) => {
await apiServices.fleet.integration.install(integrationName);
await apiServices.onboarding.updateInstallationStepStatus(
onboardingId,
'ea-download',
'complete'
);
await apiServices.alerting.waitForAlert(alertId);
```
This PR introduces evaluation functionality to Defend Insights, enabling
us to trigger LangSmith experiments directly from Kibana.
Additionally, we’ve migrated to the new prompt storage system used in
Attack Discovery (see commit bcbb12b732).
## Summary
Stop emitting any `.js` files during typechecking. We only depend on the
declarations, not the emitted, compiled javascript files.
An added benefit, is making some bad import errors more obvious.
We'll no longer try to build javascript files in place if a poor
import/require is made, rather the error of importing outside projects
(in the forest of a bunch of errors possibly) will be visible in the
typescript logs:
```
# instead of:
proc [tsc] error TS5055: Cannot write file '/opt/buildkite-agent/builds/bk-agent-prod-gcp-1741789017236110254/elastic/kibana-pull-request/kibana/src/platform/packages/shared/kbn-babel-register/cache/no_cache_cache.js' because it would overwrite input file.
# we'll see:
... several others like this
proc [tsc] src/platform/packages/shared/kbn-grok-ui/scripts/generate_patterns.js:10:9 - error TS6307: File '/Users/alex/Git/elastic-kibana/src/setup_node_env/index.js' is not listed within the file list of project '/Users/alex/Git/elastic-kibana/src/platform/packages/shared/kbn-grok-ui/tsconfig.type_check.json'. Projects must list all files or use an 'include' pattern.
proc [tsc]
proc [tsc] 10 require('../../../../../setup_node_env');
... several others like this
```
## Summary
Updates [axios to
1.8.3](https://github.com/axios/axios/releases/tag/v1.8.3).
Axios 1.8.2 fixed a vulnerability, but forgot to reflect the new flag in
their type definitions. This is probably required to allow the changes
smoothly.
