# Backport
This will backport the following commits from `main` to `8.x`:
- [Remove experimental tag from docs for FIPS
(#206453)](https://github.com/elastic/kibana/pull/206453)
<!--- Backport version: 9.4.3 -->
### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)
<!--BACKPORT
[{"author":{"name":"Kurt","email":"kc13greiner@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-01-13T15:13:47Z","message":"Remove
experimental tag from docs for FIPS (#206453)\n\n##
Summary\r\n\r\nRemove the Tech Preview tag from the docs for
8.17+\r\n<img width=\"882\" alt=\"Screenshot 2025-01-13 at 9 47
39 AM\"\r\nsrc=\"https://github.com/user-attachments/assets/571718e2-5e80-4bc9-941e-25164d05a911\"\r\n/>","sha":"8bc22a1297041bb682a2cd478ec8cf839f4b09bb","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Security","release_note:skip","v9.0.0","backport:version","v8.18.0","v8.17.1"],"title":"Remove
experimental tag from docs for
FIPS","number":206453,"url":"https://github.com/elastic/kibana/pull/206453","mergeCommit":{"message":"Remove
experimental tag from docs for FIPS (#206453)\n\n##
Summary\r\n\r\nRemove the Tech Preview tag from the docs for
8.17+\r\n<img width=\"882\" alt=\"Screenshot 2025-01-13 at 9 47
39 AM\"\r\nsrc=\"https://github.com/user-attachments/assets/571718e2-5e80-4bc9-941e-25164d05a911\"\r\n/>","sha":"8bc22a1297041bb682a2cd478ec8cf839f4b09bb"}},"sourceBranch":"main","suggestedTargetBranches":["8.x","8.17"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/206453","number":206453,"mergeCommit":{"message":"Remove
experimental tag from docs for FIPS (#206453)\n\n##
Summary\r\n\r\nRemove the Tech Preview tag from the docs for
8.17+\r\n<img width=\"882\" alt=\"Screenshot 2025-01-13 at 9 47
39 AM\"\r\nsrc=\"https://github.com/user-attachments/assets/571718e2-5e80-4bc9-941e-25164d05a911\"\r\n/>","sha":"8bc22a1297041bb682a2cd478ec8cf839f4b09bb"}},{"branch":"8.x","label":"v8.18.0","branchLabelMappingKey":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.17","label":"v8.17.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->
Co-authored-by: Kurt <kc13greiner@users.noreply.github.com>
# Backport
This will backport the following commits from `main` to `8.x`:
- [Removing experimental for the FIPS mode config
(#200734)](https://github.com/elastic/kibana/pull/200734)
<!--- Backport version: 8.9.8 -->
### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)
<!--BACKPORT
[{"author":{"name":"Kurt","email":"kc13greiner@users.noreply.github.com"},"sourceCommit":{"committedDate":"2024-11-19T20:23:20Z","message":"Removing
experimental for the FIPS mode config (#200734)\n\n##
Summary\r\n\r\nCloses
https://github.com/elastic/kibana/issues/200718\r\n\r\nRemove the
`experimental` from the fipsMode config path\r\n\r\n## Release
note\r\n\r\nKibana's FIPS mode is no longer considered
experimental\r\n\r\n## FIPS Pipeline for this
branch\r\n\r\nhttps://buildkite.com/elastic/kibana-fips/builds/281","sha":"8e7799ae7aed6504b234c1779e6d3654fbcc9a32","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["v9.0.0","release_note:feature","backport:version","v8.17.0"],"number":200734,"url":"https://github.com/elastic/kibana/pull/200734","mergeCommit":{"message":"Removing
experimental for the FIPS mode config (#200734)\n\n##
Summary\r\n\r\nCloses
https://github.com/elastic/kibana/issues/200718\r\n\r\nRemove the
`experimental` from the fipsMode config path\r\n\r\n## Release
note\r\n\r\nKibana's FIPS mode is no longer considered
experimental\r\n\r\n## FIPS Pipeline for this
branch\r\n\r\nhttps://buildkite.com/elastic/kibana-fips/builds/281","sha":"8e7799ae7aed6504b234c1779e6d3654fbcc9a32"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/200734","number":200734,"mergeCommit":{"message":"Removing
experimental for the FIPS mode config (#200734)\n\n##
Summary\r\n\r\nCloses
https://github.com/elastic/kibana/issues/200718\r\n\r\nRemove the
`experimental` from the fipsMode config path\r\n\r\n## Release
note\r\n\r\nKibana's FIPS mode is no longer considered
experimental\r\n\r\n## FIPS Pipeline for this
branch\r\n\r\nhttps://buildkite.com/elastic/kibana-fips/builds/281","sha":"8e7799ae7aed6504b234c1779e6d3654fbcc9a32"}},{"branch":"8.x","label":"v8.17.0","labelRegex":"^v8.17.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->
# Backport
This will backport the following commits from `main` to `8.x`:
- [[LLM tasks] Add product documentation retrieval task
(#194379)](https://github.com/elastic/kibana/pull/194379)
<!--- Backport version: 8.9.8 -->
### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)
<!--BACKPORT [{"author":{"name":"Pierre
Gayvallet","email":"pierre.gayvallet@elastic.co"},"sourceCommit":{"committedDate":"2024-11-19T14:28:26Z","message":"[LLM
tasks] Add product documentation retrieval task (#194379)\n\n##
Summary\r\n\r\nClose
https://github.com/elastic/kibana/issues/193473\r\nClosehttps://github.com/elastic/kibana/issues/193474\r\n\r\nThis PR utilize
the documentation packages that are build via the tool\r\nintroduced by
https://github.com/elastic/kibana/pull/193847, allowing to\r\ninstall
them in Kibana and expose documentation retrieval as an LLM task\r\nthat
AI assistants (or other consumers) can call.\r\n\r\nUsers can now decide
to install the Elastic documentation from the\r\nassistant's config
screen, which will expose a new tool for the\r\nassistant,
`retrieve_documentation` (only implemented for the o11y\r\nassistant in
the current PR, shall be done for security as a follow up).\r\n\r\nFor
more information, please refer to the self-review.\r\n\r\n## General
architecture\r\n\r\n<img width=\"1118\" alt=\"Screenshot 2024-10-17 at
09 22
32\"\r\nsrc=\"https://github.com/user-attachments/assets/3df8c30a-9ccc-49ab-92ce-c204b96d6fc4\">\r\n\r\n##
What this PR does\r\n\r\nAdds two plugin:\r\n- `productDocBase`:
contains all the logic related to product\r\ndocumentation installation,
status, and search. This is meant to be a\r\n\"low level\" components
only responsible for this specific part.\r\n- `llmTasks`: an higher
level plugin that will contain various LLM tasks\r\nto be used by
assistants and genAI consumers. The intent is not to have\r\na single
place to put all llm tasks, but more to have a default place\r\nwhere we
can introduce new tasks from. (fwiw, the `nlToEsql` task
will\r\nprobably be moved to that plugin).\r\n\r\n- Add a
`retrieve_documentation` tool registration for the
o11y\r\nassistant\r\n- Add a component on the o11y assistant
configuration page to install\r\nthe product doc\r\n\r\n(wiring the
feature to the o11y assistant was done for testing purposes\r\nmostly,
any addition / changes / enhancement should be done by the\r\nowning
team - either in this PR or as a follow-up)\r\n\r\n## What is NOT
included in this PR:\r\n\r\n- Wire product base feature to the security
assistant (should be done by\r\nthe owning team as a follow-up)\r\n -
installation\r\n - utilization as tool\r\n\r\n- FTR tests: this is
somewhat blocked by the same things we need to\r\nfigure out for
https://github.com/elastic/kibana-team/issues/1271\r\n\r\n## Screenshots
\r\n\r\n### Installation from o11y assistant configuration
page\r\n\r\n<img width=\"1476\" alt=\"Screenshot 2024-10-17 at 09 41
24\"\r\nsrc=\"https://github.com/user-attachments/assets/31daa585-9fb2-400a-a2d1-5917a262367a\">\r\n\r\n###
Example of output\r\n\r\n#### Without product documentation installed
\r\n\r\n<img width=\"739\" alt=\"Screenshot 2024-10-10 at 09 59
41\"\r\nsrc=\"https://github.com/user-attachments/assets/993fb216-6c9a-433f-bf44-f6e383d20d9d\">\r\n\r\n####
With product documentation installed\r\n\r\n<img width=\"718\"
alt=\"Screenshot 2024-10-10 at 09 55
38\"\r\nsrc=\"https://github.com/user-attachments/assets/805ea4ca-8bc9-4355-a434-0ba81f8228a9\">\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by:
Alex Szabo <alex.szabo@elastic.co>\r\nCo-authored-by: Matthias Wilhelm
<matthias.wilhelm@elastic.co>\r\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"455c781c6d1e1161f66e275299cf06064a0ffde2","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","backport:prev-minor","ci:cloud-deploy","Team:Obs
AI Assistant","ci:project-deploy-observability","Team:AI
Infra","v8.17.0"],"number":194379,"url":"https://github.com/elastic/kibana/pull/194379","mergeCommit":{"message":"[LLM
tasks] Add product documentation retrieval task (#194379)\n\n##
Summary\r\n\r\nClose
https://github.com/elastic/kibana/issues/193473\r\nClosehttps://github.com/elastic/kibana/issues/193474\r\n\r\nThis PR utilize
the documentation packages that are build via the tool\r\nintroduced by
https://github.com/elastic/kibana/pull/193847, allowing to\r\ninstall
them in Kibana and expose documentation retrieval as an LLM task\r\nthat
AI assistants (or other consumers) can call.\r\n\r\nUsers can now decide
to install the Elastic documentation from the\r\nassistant's config
screen, which will expose a new tool for the\r\nassistant,
`retrieve_documentation` (only implemented for the o11y\r\nassistant in
the current PR, shall be done for security as a follow up).\r\n\r\nFor
more information, please refer to the self-review.\r\n\r\n## General
architecture\r\n\r\n<img width=\"1118\" alt=\"Screenshot 2024-10-17 at
09 22
32\"\r\nsrc=\"https://github.com/user-attachments/assets/3df8c30a-9ccc-49ab-92ce-c204b96d6fc4\">\r\n\r\n##
What this PR does\r\n\r\nAdds two plugin:\r\n- `productDocBase`:
contains all the logic related to product\r\ndocumentation installation,
status, and search. This is meant to be a\r\n\"low level\" components
only responsible for this specific part.\r\n- `llmTasks`: an higher
level plugin that will contain various LLM tasks\r\nto be used by
assistants and genAI consumers. The intent is not to have\r\na single
place to put all llm tasks, but more to have a default place\r\nwhere we
can introduce new tasks from. (fwiw, the `nlToEsql` task
will\r\nprobably be moved to that plugin).\r\n\r\n- Add a
`retrieve_documentation` tool registration for the
o11y\r\nassistant\r\n- Add a component on the o11y assistant
configuration page to install\r\nthe product doc\r\n\r\n(wiring the
feature to the o11y assistant was done for testing purposes\r\nmostly,
any addition / changes / enhancement should be done by the\r\nowning
team - either in this PR or as a follow-up)\r\n\r\n## What is NOT
included in this PR:\r\n\r\n- Wire product base feature to the security
assistant (should be done by\r\nthe owning team as a follow-up)\r\n -
installation\r\n - utilization as tool\r\n\r\n- FTR tests: this is
somewhat blocked by the same things we need to\r\nfigure out for
https://github.com/elastic/kibana-team/issues/1271\r\n\r\n## Screenshots
\r\n\r\n### Installation from o11y assistant configuration
page\r\n\r\n<img width=\"1476\" alt=\"Screenshot 2024-10-17 at 09 41
24\"\r\nsrc=\"https://github.com/user-attachments/assets/31daa585-9fb2-400a-a2d1-5917a262367a\">\r\n\r\n###
Example of output\r\n\r\n#### Without product documentation installed
\r\n\r\n<img width=\"739\" alt=\"Screenshot 2024-10-10 at 09 59
41\"\r\nsrc=\"https://github.com/user-attachments/assets/993fb216-6c9a-433f-bf44-f6e383d20d9d\">\r\n\r\n####
With product documentation installed\r\n\r\n<img width=\"718\"
alt=\"Screenshot 2024-10-10 at 09 55
38\"\r\nsrc=\"https://github.com/user-attachments/assets/805ea4ca-8bc9-4355-a434-0ba81f8228a9\">\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by:
Alex Szabo <alex.szabo@elastic.co>\r\nCo-authored-by: Matthias Wilhelm
<matthias.wilhelm@elastic.co>\r\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"455c781c6d1e1161f66e275299cf06064a0ffde2"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/194379","number":194379,"mergeCommit":{"message":"[LLM
tasks] Add product documentation retrieval task (#194379)\n\n##
Summary\r\n\r\nClose
https://github.com/elastic/kibana/issues/193473\r\nClosehttps://github.com/elastic/kibana/issues/193474\r\n\r\nThis PR utilize
the documentation packages that are build via the tool\r\nintroduced by
https://github.com/elastic/kibana/pull/193847, allowing to\r\ninstall
them in Kibana and expose documentation retrieval as an LLM task\r\nthat
AI assistants (or other consumers) can call.\r\n\r\nUsers can now decide
to install the Elastic documentation from the\r\nassistant's config
screen, which will expose a new tool for the\r\nassistant,
`retrieve_documentation` (only implemented for the o11y\r\nassistant in
the current PR, shall be done for security as a follow up).\r\n\r\nFor
more information, please refer to the self-review.\r\n\r\n## General
architecture\r\n\r\n<img width=\"1118\" alt=\"Screenshot 2024-10-17 at
09 22
32\"\r\nsrc=\"https://github.com/user-attachments/assets/3df8c30a-9ccc-49ab-92ce-c204b96d6fc4\">\r\n\r\n##
What this PR does\r\n\r\nAdds two plugin:\r\n- `productDocBase`:
contains all the logic related to product\r\ndocumentation installation,
status, and search. This is meant to be a\r\n\"low level\" components
only responsible for this specific part.\r\n- `llmTasks`: an higher
level plugin that will contain various LLM tasks\r\nto be used by
assistants and genAI consumers. The intent is not to have\r\na single
place to put all llm tasks, but more to have a default place\r\nwhere we
can introduce new tasks from. (fwiw, the `nlToEsql` task
will\r\nprobably be moved to that plugin).\r\n\r\n- Add a
`retrieve_documentation` tool registration for the
o11y\r\nassistant\r\n- Add a component on the o11y assistant
configuration page to install\r\nthe product doc\r\n\r\n(wiring the
feature to the o11y assistant was done for testing purposes\r\nmostly,
any addition / changes / enhancement should be done by the\r\nowning
team - either in this PR or as a follow-up)\r\n\r\n## What is NOT
included in this PR:\r\n\r\n- Wire product base feature to the security
assistant (should be done by\r\nthe owning team as a follow-up)\r\n -
installation\r\n - utilization as tool\r\n\r\n- FTR tests: this is
somewhat blocked by the same things we need to\r\nfigure out for
https://github.com/elastic/kibana-team/issues/1271\r\n\r\n## Screenshots
\r\n\r\n### Installation from o11y assistant configuration
page\r\n\r\n<img width=\"1476\" alt=\"Screenshot 2024-10-17 at 09 41
24\"\r\nsrc=\"https://github.com/user-attachments/assets/31daa585-9fb2-400a-a2d1-5917a262367a\">\r\n\r\n###
Example of output\r\n\r\n#### Without product documentation installed
\r\n\r\n<img width=\"739\" alt=\"Screenshot 2024-10-10 at 09 59
41\"\r\nsrc=\"https://github.com/user-attachments/assets/993fb216-6c9a-433f-bf44-f6e383d20d9d\">\r\n\r\n####
With product documentation installed\r\n\r\n<img width=\"718\"
alt=\"Screenshot 2024-10-10 at 09 55
38\"\r\nsrc=\"https://github.com/user-attachments/assets/805ea4ca-8bc9-4355-a434-0ba81f8228a9\">\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<42973632+kibanamachine@users.noreply.github.com>\r\nCo-authored-by:
Alex Szabo <alex.szabo@elastic.co>\r\nCo-authored-by: Matthias Wilhelm
<matthias.wilhelm@elastic.co>\r\nCo-authored-by: Elastic Machine
<elasticmachine@users.noreply.github.com>","sha":"455c781c6d1e1161f66e275299cf06064a0ffde2"}},{"branch":"8.x","label":"v8.17.0","labelRegex":"^v8.17.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->
# Backport
This will backport the following commits from `main` to `8.x`:
- [[Docs] Update nav instructions and sample data installation to
accommodate for the solution views
(#199163)](https://github.com/elastic/kibana/pull/199163)
<!--- Backport version: 9.4.3 -->
### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)
<!--BACKPORT
[{"author":{"name":"florent-leborgne","email":"florent.leborgne@elastic.co"},"sourceCommit":{"committedDate":"2024-11-08T10:10:32Z","message":"[Docs]
Update nav instructions and sample data installation to accommodate for
the solution views (#199163)\n\nThis PR:\r\n- updates navigation
instructions to accommodate for the navigation\r\nchanges related to
solution views.\r\n- updates instructions for adding sample data to rely
on the\r\nintegrations page instead of the home page, that only exists
with the\r\nclassic solution view\r\n- updates references to the home
page to avoid confusing users using one\r\nof the new solution
views\r\n\r\nCloses:
https://github.com/elastic/platform-docs-team/issues/529\r\nCloses:
https://github.com/elastic/platform-docs-team/issues/540","sha":"8e7fb7a77e2399e3e946bbba0462517fd7dad0f7","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Docs","release_note:skip","v9.0.0","docs","v8.16.0","backport:version","v8.17.0"],"title":"[Docs]
Update nav instructions and sample data installation to accommodate for
the solution
views","number":199163,"url":"https://github.com/elastic/kibana/pull/199163","mergeCommit":{"message":"[Docs]
Update nav instructions and sample data installation to accommodate for
the solution views (#199163)\n\nThis PR:\r\n- updates navigation
instructions to accommodate for the navigation\r\nchanges related to
solution views.\r\n- updates instructions for adding sample data to rely
on the\r\nintegrations page instead of the home page, that only exists
with the\r\nclassic solution view\r\n- updates references to the home
page to avoid confusing users using one\r\nof the new solution
views\r\n\r\nCloses:
https://github.com/elastic/platform-docs-team/issues/529\r\nCloses:
https://github.com/elastic/platform-docs-team/issues/540","sha":"8e7fb7a77e2399e3e946bbba0462517fd7dad0f7"}},"sourceBranch":"main","suggestedTargetBranches":["8.16","8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/199163","number":199163,"mergeCommit":{"message":"[Docs]
Update nav instructions and sample data installation to accommodate for
the solution views (#199163)\n\nThis PR:\r\n- updates navigation
instructions to accommodate for the navigation\r\nchanges related to
solution views.\r\n- updates instructions for adding sample data to rely
on the\r\nintegrations page instead of the home page, that only exists
with the\r\nclassic solution view\r\n- updates references to the home
page to avoid confusing users using one\r\nof the new solution
views\r\n\r\nCloses:
https://github.com/elastic/platform-docs-team/issues/529\r\nCloses:
https://github.com/elastic/platform-docs-team/issues/540","sha":"8e7fb7a77e2399e3e946bbba0462517fd7dad0f7"}},{"branch":"8.16","label":"v8.16.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.x","label":"v8.17.0","branchLabelMappingKey":"^v8.17.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->
Co-authored-by: florent-leborgne <florent.leborgne@elastic.co>
# Backport
This will backport the following commits from `main` to `8.x`:
- [[OpenAPI][DOCS] Add descriptions, examples, responses for role APIs
(#195527)](https://github.com/elastic/kibana/pull/195527)
<!--- Backport version: 8.9.8 -->
### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)
<!--BACKPORT [{"author":{"name":"Lisa
Cawley","email":"lcawley@elastic.co"},"sourceCommit":{"committedDate":"2024-10-25T17:13:57Z","message":"[OpenAPI][DOCS]
Add descriptions, examples, responses for role APIs
(#195527)\n\nCo-authored-by: Elena Shostak
<165678770+elena-shostak@users.noreply.github.com>","sha":"02fab7248d5b4e537030252df81bef55d04d0595","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Security","release_note:skip","Feature:Security/Authorization","v9.0.0","docs","v8.16.0","backport:version","v8.17.0"],"number":195527,"url":"https://github.com/elastic/kibana/pull/195527","mergeCommit":{"message":"[OpenAPI][DOCS]
Add descriptions, examples, responses for role APIs
(#195527)\n\nCo-authored-by: Elena Shostak
<165678770+elena-shostak@users.noreply.github.com>","sha":"02fab7248d5b4e537030252df81bef55d04d0595"}},"sourceBranch":"main","suggestedTargetBranches":["8.16","8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/195527","number":195527,"mergeCommit":{"message":"[OpenAPI][DOCS]
Add descriptions, examples, responses for role APIs
(#195527)\n\nCo-authored-by: Elena Shostak
<165678770+elena-shostak@users.noreply.github.com>","sha":"02fab7248d5b4e537030252df81bef55d04d0595"}},{"branch":"8.16","label":"v8.16.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.x","label":"v8.17.0","labelRegex":"^v8.17.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
# Backport
This will backport the following commits from `main` to `8.x`:
- [[ML] Adds ML tasks to the kibana audit log
(#195120)](https://github.com/elastic/kibana/pull/195120)
<!--- Backport version: 9.4.3 -->
### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)
<!--BACKPORT [{"author":{"name":"James
Gowdy","email":"jgowdy@elastic.co"},"sourceCommit":{"committedDate":"2024-10-14T10:37:56Z","message":"[ML]
Adds ML tasks to the kibana audit log (#195120)\n\nAdds a new
`MlAuditLogger` service for logging calls to elasticsearch
in\r\nkibana's audit log.\r\nNot all calls are logged, only ones which
make changes to ML jobs or\r\ntrained models, e.g. creating, deleting,
starting, stopping etc.\r\n\r\nCalls to the es client are wrapped in a
logging function so successes\r\nand failures can be caught and
logged.\r\n\r\nthe audit log can be enabed by adding this to the kibana
yml or dev.yml\r\nfile\r\n`xpack.security.audit.enabled: true`\r\n\r\nAn
example log entry (NDJSON formatted to make it
readable):\r\n```\r\n{\r\n \"event\": {\r\n \"action\":
\"ml_start_ad_datafeed\",\r\n \"type\": [\r\n \"change\"\r\n ],\r\n
\"category\": [\r\n \"database\"\r\n ],\r\n \"outcome\": \"success\"\r\n
},\r\n \"labels\": {\r\n \"application\": \"elastic/ml\"\r\n },\r\n
\"user\": {\r\n \"id\":
\"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0\",\r\n \"name\":
\"elastic\",\r\n \"roles\": [\r\n \"superuser\"\r\n ]\r\n },\r\n
\"kibana\": {\r\n \"space_id\": \"default\",\r\n \"session_id\":
\"U6HQCDkk+fAEUCXs7i4qM2/MZITPxE02pp8o7h09P68=\"\r\n },\r\n \"trace\":
{\r\n \"id\": \"4f1b616b-8535-43e1-8516-32ea9fe76d19\"\r\n },\r\n
\"client\": {\r\n \"ip\": \"127.0.0.1\"\r\n },\r\n \"http\": {\r\n
\"request\": {\r\n \"headers\": {\r\n \"x-forwarded-for\":
\"127.0.0.1\"\r\n }\r\n }\r\n },\r\n \"service\": {\r\n \"node\": {\r\n
\"roles\": [\r\n \"background_tasks\",\r\n \"ui\"\r\n ]\r\n }\r\n },\r\n
\"ecs\": {\r\n \"version\": \"8.11.0\"\r\n },\r\n \"@timestamp\":
\"2024-10-11T09:07:47.933+01:00\",\r\n \"message\": \"Starting anomaly
detection datafeed datafeed-11aaaa\",\r\n \"log\": {\r\n \"level\":
\"INFO\",\r\n \"logger\": \"plugins.security.audit.ecs\"\r\n },\r\n
\"process\": {\r\n \"pid\": 58305,\r\n \"uptime\": 100.982390291\r\n
},\r\n \"transaction\": {\r\n \"id\": \"77c14aadc6901324\"\r\n
}\r\n}\r\n```\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"923c450c1b044a12dd938c0c5ea380a895eeaf88","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:enhancement",":ml","v9.0.0","v8.16.0","backport:version"],"title":"[ML]
Adds ML tasks to the kibana audit
log","number":195120,"url":"https://github.com/elastic/kibana/pull/195120","mergeCommit":{"message":"[ML]
Adds ML tasks to the kibana audit log (#195120)\n\nAdds a new
`MlAuditLogger` service for logging calls to elasticsearch
in\r\nkibana's audit log.\r\nNot all calls are logged, only ones which
make changes to ML jobs or\r\ntrained models, e.g. creating, deleting,
starting, stopping etc.\r\n\r\nCalls to the es client are wrapped in a
logging function so successes\r\nand failures can be caught and
logged.\r\n\r\nthe audit log can be enabed by adding this to the kibana
yml or dev.yml\r\nfile\r\n`xpack.security.audit.enabled: true`\r\n\r\nAn
example log entry (NDJSON formatted to make it
readable):\r\n```\r\n{\r\n \"event\": {\r\n \"action\":
\"ml_start_ad_datafeed\",\r\n \"type\": [\r\n \"change\"\r\n ],\r\n
\"category\": [\r\n \"database\"\r\n ],\r\n \"outcome\": \"success\"\r\n
},\r\n \"labels\": {\r\n \"application\": \"elastic/ml\"\r\n },\r\n
\"user\": {\r\n \"id\":
\"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0\",\r\n \"name\":
\"elastic\",\r\n \"roles\": [\r\n \"superuser\"\r\n ]\r\n },\r\n
\"kibana\": {\r\n \"space_id\": \"default\",\r\n \"session_id\":
\"U6HQCDkk+fAEUCXs7i4qM2/MZITPxE02pp8o7h09P68=\"\r\n },\r\n \"trace\":
{\r\n \"id\": \"4f1b616b-8535-43e1-8516-32ea9fe76d19\"\r\n },\r\n
\"client\": {\r\n \"ip\": \"127.0.0.1\"\r\n },\r\n \"http\": {\r\n
\"request\": {\r\n \"headers\": {\r\n \"x-forwarded-for\":
\"127.0.0.1\"\r\n }\r\n }\r\n },\r\n \"service\": {\r\n \"node\": {\r\n
\"roles\": [\r\n \"background_tasks\",\r\n \"ui\"\r\n ]\r\n }\r\n },\r\n
\"ecs\": {\r\n \"version\": \"8.11.0\"\r\n },\r\n \"@timestamp\":
\"2024-10-11T09:07:47.933+01:00\",\r\n \"message\": \"Starting anomaly
detection datafeed datafeed-11aaaa\",\r\n \"log\": {\r\n \"level\":
\"INFO\",\r\n \"logger\": \"plugins.security.audit.ecs\"\r\n },\r\n
\"process\": {\r\n \"pid\": 58305,\r\n \"uptime\": 100.982390291\r\n
},\r\n \"transaction\": {\r\n \"id\": \"77c14aadc6901324\"\r\n
}\r\n}\r\n```\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"923c450c1b044a12dd938c0c5ea380a895eeaf88"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/195120","number":195120,"mergeCommit":{"message":"[ML]
Adds ML tasks to the kibana audit log (#195120)\n\nAdds a new
`MlAuditLogger` service for logging calls to elasticsearch
in\r\nkibana's audit log.\r\nNot all calls are logged, only ones which
make changes to ML jobs or\r\ntrained models, e.g. creating, deleting,
starting, stopping etc.\r\n\r\nCalls to the es client are wrapped in a
logging function so successes\r\nand failures can be caught and
logged.\r\n\r\nthe audit log can be enabed by adding this to the kibana
yml or dev.yml\r\nfile\r\n`xpack.security.audit.enabled: true`\r\n\r\nAn
example log entry (NDJSON formatted to make it
readable):\r\n```\r\n{\r\n \"event\": {\r\n \"action\":
\"ml_start_ad_datafeed\",\r\n \"type\": [\r\n \"change\"\r\n ],\r\n
\"category\": [\r\n \"database\"\r\n ],\r\n \"outcome\": \"success\"\r\n
},\r\n \"labels\": {\r\n \"application\": \"elastic/ml\"\r\n },\r\n
\"user\": {\r\n \"id\":
\"u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0\",\r\n \"name\":
\"elastic\",\r\n \"roles\": [\r\n \"superuser\"\r\n ]\r\n },\r\n
\"kibana\": {\r\n \"space_id\": \"default\",\r\n \"session_id\":
\"U6HQCDkk+fAEUCXs7i4qM2/MZITPxE02pp8o7h09P68=\"\r\n },\r\n \"trace\":
{\r\n \"id\": \"4f1b616b-8535-43e1-8516-32ea9fe76d19\"\r\n },\r\n
\"client\": {\r\n \"ip\": \"127.0.0.1\"\r\n },\r\n \"http\": {\r\n
\"request\": {\r\n \"headers\": {\r\n \"x-forwarded-for\":
\"127.0.0.1\"\r\n }\r\n }\r\n },\r\n \"service\": {\r\n \"node\": {\r\n
\"roles\": [\r\n \"background_tasks\",\r\n \"ui\"\r\n ]\r\n }\r\n },\r\n
\"ecs\": {\r\n \"version\": \"8.11.0\"\r\n },\r\n \"@timestamp\":
\"2024-10-11T09:07:47.933+01:00\",\r\n \"message\": \"Starting anomaly
detection datafeed datafeed-11aaaa\",\r\n \"log\": {\r\n \"level\":
\"INFO\",\r\n \"logger\": \"plugins.security.audit.ecs\"\r\n },\r\n
\"process\": {\r\n \"pid\": 58305,\r\n \"uptime\": 100.982390291\r\n
},\r\n \"transaction\": {\r\n \"id\": \"77c14aadc6901324\"\r\n
}\r\n}\r\n```\r\n\r\n---------\r\n\r\nCo-authored-by: kibanamachine
<42973632+kibanamachine@users.noreply.github.com>","sha":"923c450c1b044a12dd938c0c5ea380a895eeaf88"}},{"branch":"8.x","label":"v8.16.0","branchLabelMappingKey":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->
Co-authored-by: James Gowdy <jgowdy@elastic.co>
## Updates
### Latest updates
- Expose whether KB is configured to run in FIPS mode from Core ->
Security
<img width="653" alt="Screenshot 2024-06-20 at 9 55 17 PM"
src="56a9f50f-0a05-41ca-9292-ed225b3d8062">
Consolidating all FIPS PRs into this PR
*Previous PRs were Approved
### Changes
- Config option is now experimental:
`xpack.security.experimental.fipsMode.enabled`
- Documentation has been revised
- Listed as an experimental feature
- Added keystore references for adding a password
## Summary
Closes#169738Closes#169739Closes#169740Closes#185948
FIPS is a platinum license feature.
KIbana instances must have a platinum or better license to start up in
FIPS mode, a lesser license will result in Kibana failing to start up
If the license is degraded, Kibana will still run, but an error will be
logged letting the user know that Kibana will not be able to restart.
## Config changes
This PR required the changes that were approved from [a previous
PR](https://github.com/elastic/kibana/pull/174558), since that PR
couldn't be merged into main, I merged it here.
## Testing
### Locally
In your `kibana.dev.yml` add:
`xpack.security.experimental.fipsMode.enabled: true`
To allow Kibana to start without actually providing a compliant OpenSSL
provider, in `x-pack/plugins/security/server/config.ts` change L328 from
`if (isFipsEnabled !== isNodeRunningWithFipsEnabled)` to `if (false)`
You are now configured to run in FIPS-spoof mode!
Run: `yarn es snapshot` and `yarn start` > You should see Kibana fail to
start with an error about using a basic license.
Run: `yarn es snapshot --license trial` and `yarn start` > Kibana should
start.
Login as `elastic` and navigate to Stack Management > License Management
Switch your license to `basic` and accept.
In your logs, you will see an error letting users know that you no
longer have an appropriate license and Kibana will not restart.
### For FIPS enthusiasts
Start an ES instance in a method of your choosing, but not using `yarn
es snapshot`. I like to use an 8.15.0-snapshot from the `.es/cache`
directory by running `tar -xzvf
elasticsearch-8.15.0-SNAPSHOT-darwin-aarch64.tar.gz ` and cd into the
new directory's `bin` folder to run `./elasticsearch`
Ensure you have Docker running locally.
From any command line, run: `docker run --rm -it -e
XPACK_SECURITY_FIPSMODE_ENABLED='true' -p 5601:5601/tcp
docker.elastic.co/kibana-ci/kibana-ubi-fips:8.15.0-SNAPSHOT-bc3150316ed317c08d57c6bd785ba39586072e1d`
This will start Kibana into Interactive Setup mode, copy and paste the
token from the ES startup logs.
Kibana should fail to start and you should see Kibana fail to start with
an error about using a basic license.
Repeat the above process except before you paste the token from ES, do
the following to enable a trial license on your ES instance:
In a new terminal window, navigate to your the top level of your
elasticsearch folder and run
`curl -X POST --cacert config/certs/http_ca.crt -u
elastic:YOUR_PASSWORD_HERE
"https://localhost:9200/_license/start_trial?acknowledge=true&pretty"`
You should receive a successful response.
Now paste the token from the ES startup logs into the Kibana Interactive
Setup window and Kibana should start.
Login as `elastic` and navigate to Stack Management > License Management
Switch your license to `basic` and accept.
In your logs, you will see an error letting users know that you no
longer have an appropriate license and Kibana will not restart.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: lcawl <lcawley@elastic.co>
## Summary
Resolves https://github.com/elastic/kibana/issues/166095.
This updates the API Key management screen to reflect the copy
adjustments described in #166095:
1. Change `Cross-Cluster` to `Cross-cluster`, unless it is mid-sentence
in which case `cross-cluster` should be used.
2. Updated ownership & expiry warnings to use the active voice.
3. Renamed `Personal` API Keys to `User` API Keys.
View docs changes here:
https://kibana_bk_175809.docs-preview.app.elstc.co/diff
Problem: The [Configure security in Kibana](https://www.elastic.co/guide/en/kibana/current/using-kibana-with-security.html) docs page only covers the `xpack.security.encryptionKey` setting for session encryption. Users may not know that encryption for Kibana's reporting and saved objects features also require encryption keys.
Solution: Add a cross-link to the respective encryption key settings for reporting and saved objects
Closes https://github.com/elastic/kibana/issues/162215
## Summary
This PR changes the default session idle timeout for users to 3 days.
## Changes Made
- Updated default `session.idleTimeout` to `3d`.
- Updated tests to expect the new default timeout
- Updated asciidocs to match the above change
## Release notes
Change the default value of `session.idleTimeout` from 8 hours to 3
days.
This PR updates the security audit logs with some cases values. We added
a new operation for retrieving the `categories` of a case and the users
associated with a case.
closes#149338
## Summary
Sets refresh parameter to false in session create, update, and
invalidate. Previously refresh was set to 'wait_for' (or 'true' in the
case of invalidating by query).
### Tests
Several unit tests and functional tests have been updated to reflect the
change in test snapshots and to manually refresh the session index in
order to complete testing. The bulk of the test changes reside in the
[concurrent session limit
suite](66a43be28c/x-pack/test/security_api_integration/tests/session_concurrent_limit/global_limit.ts).
Flaky Test Runner for relevant test suites:
https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/1984
### Documentation
Adds a note to the session-management ascii doc to document a known
limitation of enforcing the concurrent sessions limit...
```
NOTE: Due to the rate at which session information is refreshed, there might be a few seconds where the concurrent session limit is not enforced.
This is something to consider for use cases where it is common to create multiple sessions simultaneously.
```
---------
Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com>
Closes#147049Closes#149897
Migrates authorization and audit logic from the Saved Objects Repository
to the Saved Objects Security Extension. This is achieved by
implementing action-specific authorization methods within the security
extension. The SO repository is no longer responsible for making any
authorization decisions, but It is still responsible to know how to call
the extension methods. I've tried to make this as straightforward as
possible such that there is a clear ownership delineation between the
repository and the extension, by keeping the interface simple and
(hopefully) obvious.
### Security Extension Interface
New Public Extension Methods:
- authorizeCreate
- authorizeBulkCreate
- authorizeUpdate
- authorizeBulkUpdate
- authorizeDelete
- authorizeBulkDelete
- authorizeGet
- authorizeBulkGet
- authorizeCheckConflicts
- authorizeRemoveReferences
- authorizeOpenPointInTime
- auditClosePointInTime
- authorizeAndRedactMultiNamespaceReferences
- authorizeAndRedactInternalBulkResolve
- authorizeUpdateSpaces
- authorizeFind
- getFindRedactTypeMap
- authorizeDisableLegacyUrlAliases (for secure spaces client)
- auditObjectsForSpaceDeletion (for secure spaces client)
Removed from public interface:
- authorize
- enforceAuthorization
- addAuditEvent
### Tests
- Most test coverage moved from `repository.security_extension.test.ts`
to `saved_objects_security_extension.test.ts`
- `repository.security_extension.test.ts` tests extension call,
parameters, and return
- Updates repository unit tests to check that all security extension
calls are made with the current space when the spaces extension is also
enabled
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com>
This PR adds a new bulk get attachments API.
```
POST internal/cases/<case_id>/attachments/_bulk_get
{
"ids": ["02441860-9b66-11ed-a8df-f1edb375c327", "2"]
}
```
<details><summary>Example request and response</summary>
Request
```
POST http://localhost:5601/internal/cases/attachments/_bulk_get
{
"ids": ["283a4600-9cfd-11ed-9e3d-c96d764b0e39", "2", "382e97f0-9cfd-11ed-9e3d-c96d764b0e39"]
}
```
Response
```
{
"attachments": [
{
"id": "283a4600-9cfd-11ed-9e3d-c96d764b0e39",
"version": "WzI2MiwxXQ==",
"comment": "Stack comment",
"type": "user",
"owner": "cases",
"created_at": "2023-01-25T22:11:03.398Z",
"created_by": {
"email": null,
"full_name": null,
"username": "elastic",
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
"pushed_at": null,
"pushed_by": null,
"updated_at": null,
"updated_by": null
}
],
"errors": [
{
"error": "Not Found",
"message": "Saved object [cases-comments/2] not found",
"status": 404,
"attachmentId": "2"
},
{
"error": "Bad Request",
"message": "Attachment is not attached to case id=248d6aa0-9cfd-11ed-9e3d-c96d764b0e39",
"status": 400,
"attachmentId": "382e97f0-9cfd-11ed-9e3d-c96d764b0e39"
}
]
}
```
</details>
<details><summary>Unauthorized example response</summary>
```
{
"attachments": [],
"errors": [
{
"error": "Forbidden",
"message": "Unauthorized to access attachment with owner: \"securitySolution\"",
"status": 403,
"attachmentId": "382e97f0-9cfd-11ed-9e3d-c96d764b0e39"
}
]
}
```
</details>
## Notable changes
- Created a new internal route for retrieving attachments
- Refactored the attachments service to take the saved object client in
the constructor instead of each method
- Refactored attachments service by moving the get style operations to
their own class
- Refactored the integration utilities file to move the attachment
operations to their own file
- The API will return a 400 if more than 10k ids are requested
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
This PR adds a new authorization log operation for the bulk create
attachments API.
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
This PR adds a new find API for retrieving a subset of the user actions
for a case.
Issue: https://github.com/elastic/kibana/issues/134344
```
GET /api/cases/<case_id>/user_actions/_find
Query Paramaters
{
types?: Array of "assignees" | "comment" | "connector" | "description" | "pushed" | "tags" | "title" | "status" | "settings" | "severity" | "create_case" | "delete_case" | "action" | "alert" | "user" | "attachment"
sortOrder?: "asc" | "desc"
page?: number as a string
perPage?: number as a string
}
```
<details><summary>Example request and response</summary>
Request
```
curl --location --request GET 'http://localhost:5601/api/cases/8df5fe00-96b1-11ed-9341-471c9630b5ec/user_actions/_find?types=create_case&sortOrder=asc' \
--header 'kbn-xsrf: hello' \
--header 'Authorization: Basic ZWxhc3RpYzpjaGFuZ2VtZQ==' \
--data-raw ''
```
Response
```
{
"userActions": [
{
"created_at": "2023-01-17T21:54:45.527Z",
"created_by": {
"username": "elastic",
"full_name": null,
"email": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
"owner": "cases",
"action": "create",
"payload": {
"title": "Awesome case",
"tags": [],
"severity": "low",
"description": "super",
"assignees": [],
"connector": {
"name": "none",
"type": ".none",
"fields": null,
"id": "none"
},
"settings": {
"syncAlerts": false
},
"owner": "cases",
"status": "open"
},
"type": "create_case",
"id": "8e121180-96b1-11ed-9341-471c9630b5ec",
"case_id": "8df5fe00-96b1-11ed-9341-471c9630b5ec",
"comment_id": null
}
],
"page": 1,
"perPage": 20,
"total": 1
}
```
</details>
## Notable Changes
- Created the new `_find` route
- Created a new `UserActionFinder` class and moved the find* methods
from the `index.ts` file into there as well as the new find logic
- Extracted the transform logic to its own file since its shared between
multiple files now
- Extracted the user action related integration test functions to the
`user_action.ts` utility file
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: lcawl <lcawley@elastic.co>
## Summary
This PR creates the bulk get cases internal API. The endpoint is needed
for the alerts table to be able to get all cases the alerts are attached
to with one call.
Reference: https://github.com/elastic/kibana/issues/146864
### Request
- ids: (Required, array) An array of IDs of the retrieved cases.
- fields: (Optional, array) The fields to return in the attributes key
of the object response.
```
POST <kibana host>:<port>/internal/cases/_bulk_get
{
"ids": ["case-id-1", "case-id-2", "123", "not-authorized"],
"fields": ["title"]
}
```
### Response
```
{
"cases": [
{
"title": "case1",
"owner": "securitySolution",
"id": "case-id-1",
"version": "WzIzMTU0NSwxNV0="
},
{
"title": "case2",
"owner": "observability",
"id": "case-id-2",
"version": "WzIzMTU0NSwxNV0="
}
],
"errors": [
{
"error": "Not Found",
"message": "Saved object [cases/123] not found",
"status": 404,
"caseId": "123"
},
{
"error": "Forbidden",
"message": "Unauthorized to access case with owner: \"cases\"",
"status": 403,
"caseId": "not-authorized"
}
]
}
```
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
### For maintainers
- [x] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
Follow up to #147526 which had to be reverted.
Resolves#127481
## Release notes
Include IP address in audit log
## Testing
1. Start Elasticsearch with trial license: `yarn es snapshot --license
trial`
2. Update `kibana.dev.yaml`:
```yaml
xpack.security.audit.enabled: true
xpack.security.audit.appender:
type: console
layout:
type: json
```
3. Observe audit logs in console when interacting with Kibana:
```json
{
"@timestamp": "2022-12-13T15:50:42.236+00:00",
"message": "User is requesting [/dev/internal/security/me] endpoint",
"client": {
"ip": "127.0.0.1"
},
"http": {
"request": {
"headers": {
"x-forwarded-for": "1.1.1.1, 127.0.0.1"
}
}
}
}
```
Note: You will see the `x-forwarded-for` field populated when running
Kibana in development mode (`yarn start`) since Kibana runs behind a
development proxy.
Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Reverts elastic/kibana#147526
Reverting due to errors when using `FakeRequest`:
```
TypeError: Cannot read properties of undefined (reading 'remoteAddress')
at KibanaSocket.get remoteAddress [as remoteAddress] (/Users/shahzad-16/elastic/kibana/node_modules/@kbn/core-http-router-server-internal/target_node/src/socket.js:25:24)
at Object.log (/Users/shahzad-16/elastic/kibana/x-pack/plugins/security/server/audit/audit_service.ts:95:32)
at runMicrotasks (<anonymous>)
at processTicksAndRejections (node:internal/process/task_queues:96:5)
Terminating process...
server crashed with status code 1
```
Resolves#127481
## Release notes
Include IP address in audit log
## Testing
1. Update `kibana.dev.yaml`:
```yaml
xpack.security.audit.enabled: true
xpack.security.audit.appender:
type: console
layout:
type: json
```
2. Observe audit logs in console when interacting with Kibana:
```json
{
"@timestamp": "2022-12-13T15:50:42.236+00:00",
"message": "User is requesting [/dev/internal/security/me] endpoint",
"client": {
"ip": "127.0.0.1"
},
"http": {
"request": {
"headers": {
"x-forwarded-for": "1.1.1.1, 127.0.0.1"
}
}
}
}
```
Note: You will see the `x-forwarded-for` field populated when running
Kibana in development mode (`yarn start`) since Kibana runs behind a
development proxy.
Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com>
## Summary
API keys can now be updated via the API Keys Management screen
## Release Note
API Keys can now be updated with new Role Descriptors and Metadata via
the API Keys Management screen.
## Testing Instructions
Login as `elastic`
Navigate to Roles and create a new role with the `read_security` cluster
privilege:
<img width="962" alt="Screen Shot 2022-11-30 at 9 42 31 AM"
src="https://user-images.githubusercontent.com/21210601/204826868-a8f6bf03-acf8-404c-90c8-e2b9ab62dc11.png">
Create a new user and assign that new role, `viewer`, and
`kibana_admin`:
<img width="936" alt="Screen Shot 2022-11-30 at 9 43 10 AM"
src="https://user-images.githubusercontent.com/21210601/204827030-e5f97f8e-6676-4c18-8a46-f6afee87ba12.png">
Navigate to Dev Tools and run the following:
```json
POST /_security/api_key/grant
{
"grant_type": "password",
"username" : "elastic",
"password" : "changeme",
"run_as": "elastic",
"api_key" : {
"name": "test-expired-key",
"expiration": "1ms"
}
}
POST /_security/api_key/grant
{
"grant_type": "password",
"username" : "elastic",
"password" : "changeme",
"run_as": "test_user",
"api_key" : {
"name": "test-user-key",
"expiration": "1d"
}
}
```
The first command will create an API key for the `elastic` user that
expires immediately.
The second command will create an API key for `test_user`.
Navigate to the API Key page, click the name column links to see a
readonly view for the 2 previously created keys as users cannot update
an API key that belongs to another user nor an API key that is expired.
Create a new API key:
<img width="632" alt="Screen Shot 2022-11-30 at 9 44 52 AM"
src="https://user-images.githubusercontent.com/21210601/204829114-672c6583-8801-4af0-bfa8-64ae1072ef46.png">
Click the name link for the newly created API key to see the Update API
key flyout.
Update the fields and click submit:
<img width="642" alt="Screen Shot 2022-11-30 at 9 45 59 AM"
src="https://user-images.githubusercontent.com/21210601/204829914-9fb1f8e6-8b3f-4acc-b63f-d7e4a0906727.png">
If the update was successful:
<img width="904" alt="Screen Shot 2022-11-30 at 9 46 42 AM"
src="https://user-images.githubusercontent.com/21210601/204830133-1dcb083b-f945-4980-9e91-19081c224b55.png">
Now click the name link again for the updated key and click submit
without making changes. You should see a warning:
<img width="895" alt="Screen Shot 2022-11-30 at 9 46 52 AM"
src="https://user-images.githubusercontent.com/21210601/204830570-2ca5e2e0-19b6-43ce-b7e4-ae594be6a86b.png">
Logout the `elastic` user and login as `test_user`
Navigate to API Keys and click the existing API Key to see a readonly
view flyout:
<img width="639" alt="Screen Shot 2022-11-30 at 9 58 25 AM"
src="https://user-images.githubusercontent.com/21210601/204832019-640ecd2e-4bcb-402b-a164-e8b8eb9f8848.png">
Thanks for reviewing!
Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Adding deprecation warning for Interactive Users using ApiKeys
* Fixing unit test verbiage
* Update docs/user/security/authentication/index.asciidoc
Co-authored-by: Larry Gregory <lgregorydev@gmail.com>
* Update docs/user/security/api-keys/index.asciidoc
Co-authored-by: Larry Gregory <lgregorydev@gmail.com>
* Changing capitalization on 'keys' to avoid confusion with the UI API Keys
* Update docs/user/security/api-keys/index.asciidoc
Co-authored-by: Larry Gregory <lgregorydev@gmail.com>
* Update docs/user/security/authentication/index.asciidoc
Co-authored-by: Larry Gregory <lgregorydev@gmail.com>
* Changing the logging message and unit test descriptions based on PR review feedback
* Update x-pack/plugins/security/server/routes/analytics/authentication_type.test.ts
Co-authored-by: Aleh Zasypkin <aleh.zasypkin@gmail.com>
* Update x-pack/plugins/security/server/routes/analytics/authentication_type.ts
Co-authored-by: Aleh Zasypkin <aleh.zasypkin@gmail.com>
* Update x-pack/plugins/security/server/routes/analytics/authentication_type.ts
Co-authored-by: Aleh Zasypkin <aleh.zasypkin@gmail.com>
* Removing unnecessary whitespace
* Fixing spelling in unit test assertion
Co-authored-by: Larry Gregory <lgregorydev@gmail.com>
Co-authored-by: Aleh Zasypkin <aleh.zasypkin@gmail.com>
* wip
* wip
* Reverting changes not related to event log aggregation
* Reverting changes not related to event log aggregation
* Updating event log client find to take array of sort options
* Updating tests and adding basic aggregation function
* Adding tests
* Fixing functional test
* Fixing functional test
* Revert "Reverting changes not related to event log aggregation"
This reverts commit 939340e252.
* Revert "Reverting changes not related to event log aggregation"
This reverts commit 40a93a4b3c.
* Getting aggregation and parsing aggregation results
* Cleanup
* Changing api to internal
* Fixing types
* PR feedback
* omg types
* types and optional accessors
* Adding fn to calculate num executions based on date range
* Fleshing out rules client function and tests
* http api
* Cleanup
* Adding schedule delay
* Limit to 1000 logs
* Fixing security tests
* Fixing unit tests
* Validating numExecutions
* Changing sort input format
* Adding more sort fields
* Fixing unit tests
* Adding functional tests
* Adding sort to terms aggregation
* Fixing functional test
* Adding audit event for rule GET
* Adding audit event for rule execution log GET
* PR feedback
* Adding gap policy and using static num buckets
* Fixing checks
* Fixing checks
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
