## Summary
This PR includes:
- Delete unused code
- Remove duplicate type definition and use the types defined in
`elastic` node module
- Refactor the code as needed for the type definition.
Tested in Serverless QA environment:
https://github.com/user-attachments/assets/43777b09-70c6-48ec-8ba2-988a3ab7e029
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [X] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## Summary
Show error to the user when trying to setup Knowledge base on undersized
cluster
<img width="1847" alt="Zrzut ekranu 2025-02-26 o 19 03 43"
src="https://github.com/user-attachments/assets/a42d8560-aebb-410e-a364-7a27074f62fc"
/>
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Garrett Spong <spong@users.noreply.github.com>
Co-authored-by: Garrett Spong <garrett.spong@elastic.co>
## Summary
Adds additional validations to Artifact APIs _(via `lists` plugin
server-side extension points)_ for the following conditions:
- If user has the global artifact management privilege, then they are
able to update/delete the artifact with no restriction (same as today)
- If user does NOT have the new global artifact management privilege,
then the update/delete action should fail:
- If it's a global artifact
- If it's a per policy artifact but it was created from a different
space than the active space the API is being called from
> [!NOTE]
> Functionality is currently behind the following feature flag:
`endpointManagementSpaceAwarenessEnabled`
### Checklist
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
## Summary
Closes https://github.com/elastic/security-team/issues/11683.
Adds an advanced setting to enable/disable the Asset Inventory page.
Replaces the old `assetInventoryUXEnabled` feature flag. The placement
of the setting is right below "Enable graph visualization", within the
Security Solution group.
### Screenshots
<details><summary>Setting off</summary>
<img width="943" alt="Screenshot 2025-02-21 at 09 38 43"
src="https://github.com/user-attachments/assets/c3b561cd-7dfa-4218-9004-cc89c5768551"
/>
</details>
<details><summary>Setting on</summary>
<img width="735" alt="Screenshot 2025-02-21 at 09 38 55"
src="https://github.com/user-attachments/assets/7a9ebf17-9339-49f2-820e-e26087f1c17c"
/>
</details>
<details><summary>Overriden setting - activated via
kibana.dev.yml</summary>
<img width="943" alt="Screenshot 2025-02-21 at 09 38 14"
src="https://github.com/user-attachments/assets/6ebb1e73-cffb-4bfd-ab21-631955574ce1"
/>
</details>
### How to test
Follow the instructions provided in the *README.md* file committed in
this PR.
### Definition of Done
- **Advanced Settings Integration**
- [x] Add a new setting under **Kibana Advanced Settings** for enabling
the Asset Inventory feature:
- **Setting Name**: `Enable Asset Inventory`
- **Setting Key**: `securitySolution:enableAssetInventory`
- **Description**: "Enable the Asset Inventory feature to view and
manage assets in the Security Solution plugin."
- **Type**: Toggle (On/Off).
- **Default Value**: Off.
- [x] Ensure the setting reflects the current status of the Asset
Inventory feature (On/Off).
- [x] Group the setting logically under the **Security Solution** in the
Kibana Advanced Settings page.
- [x] Ensure the toggle is discoverable and adheres to Kibana’s design
guidelines.
- **Implementation**
- [ ] ~~Update the `Asset Inventory` initialization logic to check the
new Kibana setting (`securitySolution:enableAssetInventory`) instead of
relying on the `assetInventoryUXEnabled` feature flag in
`kibana.dev.yml`.~~ For now we don't need to worry about initialization
- [ ] ~~Provide backward compatibility by allowing the `kibana.dev.yml`
flag (`xpack.securitySolution.assetInventoryUXEnabled`) to override the
setting in development environments.~~
- [x] The toggle should dynamically enable or disable the Asset
Inventory feature without requiring a Kibana restart.
- **Testing**
- [x] Add unit tests to verify:
- The toggle updates the setting value correctly.
- The Asset Inventory feature respects the toggle status
(enabled/disabled).
- [x] Add functional tests to validate the toggle’s behavior in the
Advanced Settings page.
- **Documentation**
- [x] Update the documentation to explain how to enable/disable the
Asset Inventory feature using Kibana Advanced Settings.
- [ ] ~~Provide details about the fallback behavior when using the
`kibana.dev.yml` flag.~~
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [x] This was checked for breaking HTTP API changes, and any breaking
changes have been approved by the breaking-change committee. The
`release_note:breaking` label should be applied in these situations.
- [x] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
### Identify risks
Feature will get exposed to end users if combination of setting and
feature flag is not set up correctly.
## For reviewers:
Only `*.schema.yml` files were edited (excluding
`*.bundled.schema.yml`). Rest of the changes comes from auto generation
and can be ignored.
## Description
Part of DW team effort - elastic/security-team#11804
This PR aligns the property/schema descriptions and examples in
AsciiDocs with OpenAPI schemas. The primary goal of this PR was not to
extend or enhance the documentation but to migrate from one system to
another.
Ascii docs -
https://www.elastic.co/guide/en/security/8.17/management-api-overview.html
OpenApi generated docs -
https://www.elastic.co/docs/api/doc/kibana/operation/operation-endpointgetactionslist
Changes:
Copied missing property descriptions from AsciiDoc to OpenApi properties
Copied existing AsciiDoc examples for both requests and responses
Fixed falsy query object in some GET requests - in OpenApi it was
defined as an object, not as path query params.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Paul Tavares <56442535+paul-tavares@users.noreply.github.com>
Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>
Fixes#209695
## Summary
Adds a method from content management for exposing a server-side
Dashboard CRUD client.
Consumers who want to search, retrieve, or modify Dashboards from a
server plugin find themselves using the Saved Object client. This means
they need to handle JSON parse/stringify and reference handling
themselves. We could expose a CRUD functionality from content management
on the Dashboard server plugin contract to avoid re-creating all of this
boilerplate handling.
Commit c53f47d72a shows a crude
demonstration of how a plugin can use the methods available on the
Dashboard server plugin with a request to retrieve a list of dashboards.
You can test this in the Dev Tools:
```
GET kbn:/api/search_dashboards?spaces=*
```
This will use the Search method from content management to return a list
of dashboards across all spaces.
To allow the Search method to return all fields in the Dashboard, I
needed to remove the default fields. I updated all current uses of the
search method to specify the necessary fields. See
618e025210.
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [x]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [x] This was checked for breaking HTTP API changes, and any breaking
changes have been approved by the breaking-change committee. The
`release_note:breaking` label should be applied in these situations.
- [x] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
### Identify risks
Does this PR introduce any risks? For example, consider risks like hard
to test bugs, performance regression, potential of data loss.
Describe the risk, its severity, and mitigation for each identified
risk. Invite stakeholders and evaluate how to proceed before merging.
- [ ] [See some risk
examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)
- [ ] ...
Fixes https://github.com/elastic/kibana/issues/211911
The CSV processing is now a three-stage process:
1. Parse the samples with the temporary column names of the form
`column1`.
2. Test parsing with the actual pipeline that parses into
`package.dataStream.columnName`.
3. Convert the samples into JSON form `{"columnName": "value", ...}` for
further processing.
Now the pipeline works as expected:
```yaml
- csv:
tag: parse_csv
field: message
target_fields:
- ai_202502211453.logs._timestamp
- ai_202502211453.logs.message
description: Parse CSV input
- drop:
ignore_failure: true
if: >-
ctx.ai_202502211453?.logs?._timestamp == '@timestamp' &&
ctx.ai_202502211453?.logs?.message == 'message'
tag: remove_csv_header
description: Remove the CSV header line by comparing the values
```
There are unit tests tests for the CSV functionality that include a mock
CSV processing pipeline.
## Summary
This PR fixes a couple of things with regards to the parsing of the
OpenAPI spec for use in CEL generation:
1) fixes and greatly simplifies the parsing of the OpenAPI spec so that
we collect all the $ref tags in the response object
2) only collects the top level schemas from the response object (since
that's all we really need for the CEL program)
3) fixes it so that users cannot select 'Save configuration' if there is
a generation error
4) better error messaging if/when a spec parsing error occurs
Note re fix # 3, the 'Save configuration' button will still initially be
available upon an error occurring. Then when if the user tries to click
save after an error, it will then disable the save button and show the
message indicating they need a successful generation to save. This is
consistent with the UX philosophy in the rest of the flyout that all
buttons are enabled by default, and if the user does something 'wrong',
we then provide guidance for how to proceed.
Relates: https://github.com/elastic/kibana/issues/210271
## Screenshots
<details>
<summary>parsing fix</summary>
<img width="450" alt="Screenshot 2025-02-21 at 2 15 34 PM"
src="https://github.com/user-attachments/assets/80fe8e56-ffe3-4d5c-b6ac-5a57e025b70b"
/>
</details>
<details>
<summary>save disabled fix</summary>
<img width="450" alt="Screenshot 2025-02-21 at 2 13 45 PM"
src="https://github.com/user-attachments/assets/5220bad7-70b1-4ade-83f7-ce1f97d115d1"
/>
<img width="450" alt="Screenshot 2025-02-21 at 2 13 55 PM"
src="https://github.com/user-attachments/assets/427bb52c-6fa9-457f-ab28-f490be981094"
/>
</details>
## Summary
This stops errors on missing connectors permissions when fetching
indices, which was preventing users without connectors permissions but
with listing and write permissions to indices generally from seeing
indices in the Search UI.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
This PR adds a new tool that gives the LLM access to the current time.
The tool returns the time in the timezone configured on Kibana as well
as the UTC time.
Changes:
- Add time tool
- Also increased the speed of the assistant stream making the assistant
feel more snappy
([here](https://github.com/elastic/kibana/pull/211200/files#diff-d4dd2f3b250247285fee3300a6d38cf622f2724daa87947fe58111bae9d3d655R12)).
The reasons for keeping the small delay (of 10 ms) is because it helps
smooth out the stream.
<img width="500" alt="image"
src="https://github.com/user-attachments/assets/e613f9fb-a0f5-4559-88df-6d8ea0e5d042"
/>
## How to test
- Check that stack management > advanced settings > timezone is set to
"browser"
- Open the security assistant
- Ask "what is the current time". You should get back the time in your
local timezone + the equivalent GMT timezone (UTC and GMT are
equivalent)
- Go to stack management > advanced settings and set "Time zone" to a
different timezone (a timezone with a different timezone offset).
- Go to the assistant and ask again, "What is the current time". You
should get back the time in the timezone that you just configured and
the UTC equivalent.
- Other questions to try out:
- "What was the time exactly one week ago? Rounded to the nearest
hour.". The result should be correct depending on what you have
configured in advanced settings.
- "Write an esql query that gets 100 records from the .logs index from
the last week. Use the absolute time in the query." (may need to prompt
again to have the query include the absolute time)
- "When is my birthday", The assistant responds with "I don't know but
you can tell me". You reply with "It was exactly 3 weeks ago". The
assistant should create a KB document with the correct date.
## Considerations:
- When asked "Which security labs content was published in the last 2
months", gemini-1-5-pro-002 often responds incorrectly
([trace](6bfddf7b-1225-4e97-ac9f-6cdf9158ac35?timeModel=%7B%22duration%22%3A%227d%22%7D&peek=4f5244a3-68fd-45e3-b1df-6c80e739377f)).
GPT4o performs better and does not return an incorrect result when asked
this question
([trace](6bfddf7b-1225-4e97-ac9f-6cdf9158ac35?timeModel=%7B%22duration%22%3A%227d%22%7D&peek=61bc4c12-d5ea-48be-8460-3e891d2e243b)).
- You will notice that the formatted time string contains the time in
the user's timezone and in UTC timezone (e.g. `Current time: 14/02/2025,
00:33:12 UTC-07:00 (14/02/2025, 07:33:12 UTC+00:00)`). The reason for
this is that the weaker LLMs sometimes make mistakes when converting
from one timezone to another. Therefore I have included both in the
formatted message. * If the user is in UTC, then the UTC timezone will
not be repeated.
## How is the current time string formatted?
The formatted time string is added directly into the system prompt.
Bellow is the logic for how the string is formatted.
- If the user's kibana timezone setting is "Browser"
1. and their browser timezone is not UTC, then the format is `Current
time: Thu, Feb 13, 2025 11:33 PM UTC-08:00 (7:33 AM UTC)` (where the
first timezone is the client timezone, the one from the browser)
2. and their browser is in UTC, then the format is `Current time: Thu,
Feb 13, 2025 11:33 PM UTC+00:00`
- If the user's kibana timezone is set to something other than "Browser"
1. and the Kibana timezone setting is not UTC equivalent, then the
format is `Current time: Thu, Feb 13, 2025 11:33 PM UTC-08:00 (7:33 AM
UTC)` (where the first timezone is the one from the Kibana timezone
setting)
2. and their kibana timezone is UTC equivalent, then the format is
`Current time: Thu, Feb 13, 2025 11:33 PM UTC+00:00`
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [x]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [x] This was checked for breaking HTTP API changes, and any breaking
changes have been approved by the breaking-change committee. The
`release_note:breaking` label should be applied in these situations.
- [x] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
### Identify risks
Does this PR introduce any risks? For example, consider risks like hard
to test bugs, performance regression, potential of data loss.
Describe the risk, its severity, and mitigation for each identified
risk. Invite stakeholders and evaluate how to proceed before merging.
- [ ] [See some risk
examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)
- [ ] ...
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
In this PR, we covered the following changes:
- Do not display the banner it after semantic text fields have been
added
- Update messaging to be more explicit on the automatic chunking that is
being handled in the background
<img width="1717" alt="Screenshot 2025-02-26 at 3 53 40 PM"
src="https://github.com/user-attachments/assets/f7aecf30-b7ca-4add-a543-a76f975e372a"
/>
- - -
Closes https://github.com/elastic/search-team/issues/7874
---------
Co-authored-by: Liam Thompson <32779855+leemthompo@users.noreply.github.com>
Right now OTel test fails in Ensemble because it waits for the collector
to exit before proceeding which never happens because collector runs on
the foreground. This change forces the collector to run in the
background and also redirects its logs into a dedicated file to make the
test output more clear.
[Successful run of the Nightly
job](3771906587)
🔒
This PR fixes two cases for routing:
* Handle special characters in field names like `@` or whitespace
* Do not fail on object/scalar mismatch
It does this by pulling the relevant fields in a safe way into a local
hashmap instead of accessing them inline using the `.?` operator.
As discussed offline, the existing `useDateRange` hook integrating the
timefilter contract with the react lifecycle is a nice abstraction that
makes sense to be part of the data plugin directly.
This PR moves it into the timefilterclass:
```
const {
timeRange,
absoluteTimeRange,
setTimeRange
} = data.query.timefilter.timefilter.useTimefilter();
```
All consumers have been changed to use this directly.
## Add telemetry for gaps UI
Add several events for:
- Fill gap
- Fill remaining gap
- Filter gaps table
- Show all rules with gaps
### How to test:
1. Pull pr locally
2. enable telemetry
```telemetry.optIn: true```
3. check that events appear [here](6e9919c0-d22e-11ee-8356-8b8a68fd8ef2?_g=())
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
### Summary
It closes#210713
This PR introduces the **onboarding flow for Asset Inventory**, ensuring
users are guided through an enablement process when accessing the Asset
Inventory page for the first time.
#### Changes:
**Asset Inventory API Forwarding**
- The Asset Inventory API now proxies enablement requests to the
**Entity Store API** (`/api/entity_store/engines/enable`).
- This ensures that any future **enhancements for Asset Inventory
enablement** are already handled on the server side.
**Asset Inventory Context**
- Introduced the `AssetInventoryContext` to centralize **Asset Inventory
status management** based on the `/api/entity_store/engines/status` data
(`disabled`, `initializing`, `ready`, etc.).
- Allows any component to **consume the onboarding state** and react
accordingly.
**"Get Started" Onboarding Experience**
- Implemented a **new onboarding screen** that appears when Asset
Inventory is disabled.
- Includes:
- Informative **title and description** about the feature.
- A **call-to-action button** to enable Asset Inventory.
- **Loading states and error handling** for the API call.
**API Integration and Hooks**
- Created `useEnableAssetInventory` to abstract and handle enablement
logic via **React Query**.
- Created `useAssetInventoryRoutes` to abstract API calls for fetching
and enabling Asset Inventory.
**HoverForExplanation Component**
- Introduced `HoverForExplanation`, a **tooltip-based helper component**
that enhances the onboarding description.
- Provides **inline explanations** for key terms like **identity
providers, cloud services, MDMs, and databases**, ensuring users
understand **data sources** in Asset Inventory.
**Testing & Error Handling**
- Added **unit tests** for the onboarding component and hooks.
- Implemented error handling for failed API requests (e.g., permission
errors, server failures).
#### Screenshots
https://github.com/user-attachments/assets/1280404e-9cb3-4288-91a7-640f8f1b458a
#### How to test it locally
- Ensure the `assetInventoryUXEnabled` feature flag is enabled on
kibana.yml file:
```
xpack.securitySolution.enableExperimental: ['assetInventoryUXEnabled']
```
- Ensure the Entity Store is Off and data is removed (initial state), so
the onboarding is visible (If the Entity Store is installed by other
means the onboarding will direct users to the empty state component or
to the all assets page)
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
This PR adds general unit tests for the langgraph execution and tests
most of the possible variations in which the graph can route between
conditional edges
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| docker.elastic.co/wolfi/chainguard-base | digest | `c66fdaf` ->
`6387bd4` |
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMDcuMCIsInVwZGF0ZWRJblZlciI6IjM5LjEwNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOk9wZXJhdGlvbnMiLCJiYWNrcG9ydDpza2lwIiwicmVsZWFzZV9ub3RlOnNraXAiXX0=-->
Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>
Part of DW team effort -
https://github.com/elastic/security-team/issues/11804
This PR aligns the property/schema descriptions and examples in
AsciiDocs with OpenAPI schemas. The primary goal of this PR was not to
extend or enhance the documentation but to migrate from one system to
another.
Ascii docs -
https://www.elastic.co/guide/en/kibana/8.17/osquery-manager-api.html
OpenApi generated docs -
https://www.elastic.co/docs/api/doc/kibana/operation/operation-osqueryfindlivequeries
Changes:
1. Copied missing property descriptions from AsciiDoc to OpenApi
properties
2. Copied existing AsciiDoc examples for both requests and responses
3. Fixed falsy query object in some GET requests - in OpenApi it was
defined as an object, not as path query params.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: natasha-moore-elastic <137783811+natasha-moore-elastic@users.noreply.github.com>
Fixes#209317
## Summary
Summary of
[Slack](https://elastic.slack.com/archives/C04HT4P1YS3/p1740054800086779)
discussion:
As shown below, we check if the `Create rule` button exists and then we
try to click it:
```
const clickCreateRuleButton = async () => {
await testSubjects.existOrFail('createRuleButton');
const createRuleButton = await testSubjects.find('createRuleButton');
return await createRuleButton.click();
};
```
It seems something goes wrong during click in this case and even after 2
mins, we don't see the modal:
```
[00:03:11] │ debg --- retry.tryForTime error: [data-test-subj="ruleTypeModal"] is not displayed
...
[00:05:09] └- ✖ fail: ObservabilityApp Custom threshold preview chart does render the empty chart only once at bootstrap
```
@dmlemeshko pointed to the implementation that we have for the button
and the fact that we need to first check if the user is authorized to
see this button, and something might have caused the click not to be
successful even though there is no error reported by WebDriver.
```
useEffect(() => {
setHeaderActions?.([
...(authorizedToCreateAnyRules ? [<CreateRuleButton openFlyout={openRuleTypeModal} />] : []),
<RulesSettingsLink />,
<RulesListDocLink />,
]);
}, [authorizedToCreateAnyRules]);
```
Long story short, we will add waiting for the global spinner to
hopefully make this test less flaky 🤞🏻
---------
Co-authored-by: Dominique Clarke <dominique.clarke@elastic.co>
## Summary
This PR optimizes the FTR service initialization by not loading UI
service for API tests and by removing retries during test user setup
## Changes
- Remove loading of common UI services from common services (UI services
should not be loaded for API tests)
- Move `security` service from `@kbn/ftr-common-functional-ui-services`
to `@kbn/ftr-common-functional-services` as it should be available to
API tests as well
- Only try once to delete `testUser` during init (this user usually does
not exist on a fresh deployment - and if it does, a single delete
request is enough to get rid of it)
## Benchmark results
**These changes will reduce FTR CI runtime overall by ~100 minutes**
🚀
Due to parallel workers in CI, the effective runtime of the whole CI job
will be less than that.
- The removal of UI service loading (which includes starting a browser
instance) for API tests reduces init time by ~0.5 seconds. With 313 API
configs that are started on CI, this reduces the runtime overall by ~156
seconds / ~2.6 minutes.
- The removal of test user delete retries reduces init time by ~10
seconds. With 589 FTR configs that are started on CI, this reduces the
runtime overall by ~5890 seconds / ~98 minutes.
- These numbers have been taken on a local machine and since CI workers
are usually slower, we should see at least this amount of improvement if
not more in CI.
- Fixes https://github.com/elastic/kibana/issues/211109
## Summary
This PR fixes a number of bugs in fields popularity logic:
- [x] If field popularity was customized via UI form, the value will be
saved now as a number instead of a string
- [x] Same for runtime fields in another part of the code
- [x] Since the data was polluted with string values, this PR makes sure
that the incrementing would still work and the result would be converted
to number.
- [x] If user opened the field flyout, when selected/deselected fields
as columns in the table, then opened the field flyout again, the data
shown as Popularity was outdated. Now it should be fixed.
- [x] Prevents reseting of Popularity scores in other fields.
- [x] Functional tests in
`test/functional/apps/discover/group6/_sidebar.ts` and
`test/functional/apps/management/data_views/_index_pattern_popularity.ts`.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
## Summary
Rename the `FindingsBaseEsQuery` interface exposed by the
`@kibana/cloud-security-posture` package as well as all references where
it's imported.
Separating this renaming into its own PR also lets us tag it with
`backport:prev-minor` and avoid potential merge conflicts in the future.
### Depends on
- https://github.com/elastic/kibana/pull/210938
### Checklist
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
### Identify risks
No risk whatsoever.
## Summary
Closes https://github.com/elastic/kibana/issues/201711.
Implement "Top 10 Asset Types" bar chart.
- The X-axis shows all assets grouped by category (`entity.category`
field), one category per bar
- Each bar shows stacked subgroups of assets by source (`entity.type`
field)
- The Y-axis shows the counts of assets
### Depends on
- https://github.com/elastic/kibana/pull/208417 so that the chart
renders data fetched dynamically. When it gets merged, this one will be
rebased and will only contain the last commit as changes.
### Screenshots
<details><summary>Loading state (animated spinner from <a
href="https://eui.elastic.co/#/display/loading#chart"
target="_blank">Elastic Charts</a>)</summary>
<img width="1378" alt="Screenshot 2025-02-25 at 18 14 39"
src="https://github.com/user-attachments/assets/553294e2-aaee-40c0-b1bb-de3e85f64d78"
/>
</details>
<details><summary>Fetching state (animated progress bar)</summary>
<img width="1376" alt="Screenshot 2025-02-25 at 18 14 58"
src="https://github.com/user-attachments/assets/accdbc0e-40a2-4b30-9f4e-808a466be4d5"
/>
</details>
<details><summary>Chart with fetched data</summary>
<img width="1428" alt="Screenshot 2025-02-24 at 13 11 03"
src="https://github.com/user-attachments/assets/3c455bc8-5bdd-4ea2-a946-53e138ae081b"
/>
</details>
<details><summary>Chart with filtered, fetched data (by type:
"Identity")</summary>
<img width="1429" alt="Screenshot 2025-02-24 at 13 11 17"
src="https://github.com/user-attachments/assets/a1e75210-757e-42d1-b852-945de5f3f44b"
/>
</details>
<details><summary>Empty chart - no data</summary>
<img width="1258" alt="Screenshot 2025-02-13 at 09 47 08"
src="https://github.com/user-attachments/assets/c239a5a6-337e-41c9-a9a3-7cdc2c9b1e01"
/>
</details>
### Definition of done
- [x] Add a bar chart titled "Top 10 Asset Types" to the "Asset
Inventory" page.
- [x] Use the `@elastic/charts` library to implement the visualization.
- [x] Configure the chart with:
- **X-axis:** Asset type categories
- **Y-axis:** Count of assets
- **Legend:** A color-coded key linking each bar to a specific category.
- [x] Ensure the chart is responsive when resizing the screen and
adheres to the [visual
spec](https://www.figma.com/design/9zUqAhhglT1EGYG4LOl1X6/Asset-Management?node-id=2946-19648&t=FuD3BEY4FyxAKV38-4).
- [x] Integrate the chart so that it updates based on the filters
section and the Unified Header component.
### How to test
Follow the instructions from [this
PR](https://github.com/elastic/kibana/pull/208417) to prepare the local
env with data.
Alternatively, open the
`asset_inventory/components/top_assets_bar_chart.tsx` file and edit
yourself the `data` prop that we pass into `<BarSeries>` with mocked
data. The data must have the following shape:
```js
[
{ category: 'cloud-compute', source: 'gcp-compute', count: 500, },
{ category: 'cloud-compute', source: 'aws-security', count: 300, },
{ category: 'cloud-storage', source: 'gcp-compute', count: 221, },
{ category: 'cloud-storage', source: 'aws-security', count: 117, },
];
```
### Checklist
- [x] This was checked for breaking HTTP API changes, and any breaking
changes have been approved by the breaking-change committee. The
`release_note:breaking` label should be applied in these situations.
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
### Identify risks
No risks whatsoever.
## Summary
Summarize your PR. If it involves visual changes include a screenshot or
gif.
This PR add background task to upgrade Agentless Deployments after
Kibana Stack has been upgrade in ESS. Once the Kibana stack upgrades, the task will do following:
1. Fetch agentless policies with package policies that have agents
2. Check if agentless agents version is upgradeable by use `semverLT`
which see if current agent version less than latest available upgrade
version and current kibana version
3. If agent version is upgradedable, then task will calls Agentless
Upgrade Endpoint to upgrade agentless deployment.
4. Agent should be upgraded to latest available upgraded version
**How to test PR:**
Prerequisite:
Install [QAF
Tool](https://docs.elastic.dev/appex-qa/qaf/getting-started)
Create EC cloud api key [QAF Elastic
Cloud](https://docs.elastic.dev/appex-qa/qaf/features/ec-deployments)
1. Go to Elastic Cloud and Create ESS Deployment in `8.17.0-SNAPSHOT`
```qaf elastic-cloud deployments create --environment production --region gcp-us-west2 --stack-version 8.17.0-SNAPSHOT --version-validation --deployment-name <DEPLOYMENT_NAME> ```
2. Create an Agentless Integration
3. Upgrade stack to `8.18.0-SNAPSHOT` > `8.19.0-SNAPSHOT`
4. Run the following QAF command
```qaf elastic-cloud deployments upgrade <DEPLOYMENT_NAME>
9.1.0-SNAPSHOT --kb-docker-image
docker.elastic.co/kibana-ci/kibana-cloud:9.1.0-SNAPSHOT-5e00106755e7084d1325e784eb27f91db9724c89```
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
The goal of this PR is to enable all the workflows for "Classic" without
enabling "Wired" streams. This PR changes the `isStreamsEnabled` check
for `PUT /api/streams/{id}` to allow for `PUT` requests for an
`UnwiredStreamDefinition`. This change will allow users to directly
navigate to `/app/streams` and use it to manage "classic" streams.
User's would still be required to call `POST /api/streams/_enable` to
work with "wired" streams.
This also includes a fix for the `i18n` paths that were missed when
moving from Observability to Platform.
Adds a temporary workaround for an issue with ES containers starting on
M4 based macs.
```
info waiting for ES cluster to report a green status
#
# A fatal error has been detected by the Java Runtime Environment:
#
# SIGILL (0x4) at pc=0x0000ffff93d400a8, pid=7, tid=16
#
# JRE version: (23.0+37) (build )
# Java VM: OpenJDK 64-Bit Server VM (23+37-2369, mixed mode, sharing, tiered, compressed oops, compressed class ptrs, serial gc, linux-aarch64)
# Problematic frame:
# j java.lang.System.registerNatives()V+0 java.base@23
#
# No core dump will be written. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again
```
