mirror of
https://github.com/elastic/kibana.git
synced 2025-04-24 01:38:56 -04:00
45 commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Alejandro Fernández Haro
|
11b750b10a
|
Minimize shared-common everywhere (#188606)
## Summary  At the moment, our package generator creates all packages with the type `shared-common`. This means that we cannot enforce boundaries between server-side-only code and the browser, and vice-versa. - [x] I started fixing `packages/core/*` - [x] It took me to fixing `src/core/` type to be identified by the `plugin` pattern (`public` and `server` directories) vs. a package (either common, or single-scoped) - [x] Unsurprisingly, this extended to packages importing core packages hitting the boundaries eslint rules. And other packages importing the latter. - [x] Also a bunch of `common` logic that shouldn't be so _common_ 🙃 ### For maintainers - [x] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> |
||
Carlos Crespo
|
e94ef3e222
|
[Infra] Remove runtime_types in favor of kbn-io-ts-utils package (#188204)
## Summary Remove the [runtime_types.ts](https://github.com/elastic/kibana/pull/188204/files#diff-d3c545bedb04ac327dfbc652fdc230f98513d672d84b4c2b12101738d324b5ab) file in of favor utilizing the kbn-io-ts-utils package. `runtime_types.ts` content was copied to kbn-io-ts-utils package at some point but the file was never removed from infra plugin. Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> |
||
Konrad Szwarc
|
f96d55a4f5
|
[EDR Workflows] MKI API tests (#187560)
This pull request introduces two changes to our existing API integration tests: 1. It restructures the files to follow the security solution-wide standard. 2. It adds our API integration tests to the periodic MKI pipeline. [Example build](https://buildkite.com/elastic/kibana-serverless-security-solution-quality-gate-defend-workflows/builds/818) **Change of Structure:** All tests have been moved to `x-pack/test/security_solution_api_integration/test_suites/edr_workflows` and are grouped by feature and then by licensing. 
Angela Chuang
|
756e9c100b
|
[SecuritySolution] Revert defend-workflows integration tests (#187257)
## Summary https://github.com/elastic/kibana/pull/183611 I moved x-pack/test/security_solution_endpoint to x-pack/test/security_solution_api_integration in https://github.com/elastic/kibana/pull/183611 as I thought all the tests regarding Security Solution should live there. However security_solution_endpoint are not api tests , they are UI tests. After discussions, we decided to move security_solution_endpoint back to `x-pack/test/` The two files below are shared between `x-pack/test/security_solution_api_integration/test_suites/security_solution_endpoint_api_int` and `x-pack/test/security_solution_endpoint`, moved them to `services` in this PR to avoid type check confusion. - x-pack/test/common/services/security_solution/endpoint_data_stream_helpers.ts - x-pack/test/common/services/security_solution/endpoint_registry_helpers.ts --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> |
||
Ryland Herrick
|
2aa94a27f0
|
[Detection Engine] Adds Alert Suppression to ML Rules (#181926)
## Summary This PR introduces Alert Suppression for ML Detection Rules. This feature is behaviorally similar to alerting suppression for other Detection Engine Rule types, and nearly identical to the analogous features for EQL rules. There are some additional UI behaviors introduced here as well, mainly intended to cover the shortcomings discovered in https://github.com/elastic/kibana/issues/183100. Those behaviors are: 1. Populating the suppression field list with fields from the anomaly index(es). 1. Disabling the suppression UI if no selected ML jobs are running (because we cannot populate the list of fields on which they'll be suppressing). 1. Warning the user if _some_ selected ML jobs are not running (because the list of suppression fields may be incomplete). See screenshots below for more info. ### Intermediate Serverless Deployment As per the "intermediate deployment" requirements for serverless, while the schema (and declared alert SO mappings) will be extended to allow this functionality, the user-facing features are currently hidden behind a feature flag. Once this is merged and released, we can issue a "final" deployment in which the feature flag is enabled, and the feature effectively released. ## Screenshots * Overview of new UI fields <img width="1044" alt="Screenshot 2024-05-16 at 3 22 02 PM" src=" |
||
Pierre Gayvallet
|
dea26c6450
|
Add http2 support for Kibana server (#183465)
## Summary Part of https://github.com/elastic/kibana/issues/7104 Add support for `http2` to the Kibana server. `http2` can be enabled by setting `server.protocol: http2` in the Kibana config file. *Note: by default, enabling `http2` requires a valid `h2c` configuration, meaning that it can only run over HTTPS with TLS1.2+* ```yaml ## kibana.yaml server.protocol: http2 server.ssl.enabled: true server.ssl.key: path/to/key server.ssl.certificate: path/my/cerf ``` ## What is this PR doing ### Add HTTP2 support for the Kibana server #### - Plug http2 to the Kibana server Even if HAPI was never officially updated to really support HTTP2, node's `http`/`https`/`http2` modules are compatible enough to be able to just instantiate an http2 server/listener and provide it to HAPI "as a plain https listener". There were some tweaks to do (mostly silencing a few warnings that HAPI was causing by sending http2-illegal headers such as `Connection`), but overall, it went smoothly. #### - Add config validation By default, Kibana will require a valid `h2c` configuration to accept enabling `http2`. It means that TLS must be enabled and that TLS1.2+ should at least be in the list of supported SSL protocols (`server.ssl.supportedProtocols`). Note that default value of this setting includes TLS1.2 and 1.3. #### - Add escape hatch to run `h2` without `h2c` In some situations, it may be required to enable http2 without a valid `h2c` configuration. Kibana supports it, by setting `server.http2.allowUnsecure` to `true`. (*Note, however, that if http2 is enabled without TLS, ALPN protocol negotiation won't work, meaning that most http2 agents/clients will fail connecting unless they're explictly configured to use http2.*) ### Add documentation about this new feature #### - Update the user-facing doc about this new `server.protocol` setting Update the user-facing Kibana settings documentation to include this `http.protocol` setting (and refer to `server.http2.allowUnsecure`) **Note: this setting, and this feature, are considered as experimental** ### Adapt our dev tooling to support running Kibana with http2 enabled #### - Add a `--http2` flag to the dev CLI Enabling this flag will add the proper configuration settings to run Kibana with `http2` enabled in an (almost) valid `h2c` configutation. *Note: when using this flag, even if listening on the same port, the Kibana server will be accessible over https, meaning that you need to use https in your browser to access it. Aka `http://localhost:5601` won't work, you need to use `https://localhost:5601`. Also, we're using the self-signed dev certificates, meaning that you must go though the scary warning of your browser* #### - Implement an http2-compatible base-path proxy The current base path proxy is based on `hapi` and `hapi/h2o2`. I tried for a bunch hours trying to hack around to make it work with http2 proxying, but ultimately gave up and implemented a new version from scratch. Note that with some additional efforts, this new http2 basepath proxy could probably fully replace the existing one and be used for both http1 and http2 traffic, but it's an optimization / refactoring that did not feel required for this PR. ### Adapt the FTR to run suites against http2 #### - Add support to run FTR test suite against an h2c-enabled Kibana Note that with ALPN, clients using http1 should be (and are) able to communicate with http2 Kibana, given h2c/alpn allows protocol negitiation. So adapting our FTR tooling was not really about making it work with http2 (which worked out of the box), but making it work with **the self signed certifcates we use for https on dev mode** Note that I'm not a big fan of what I had to do, however, realistically this was the only possible approach if we want to run arbitrary test suites with TLS/HTTP2 enabled without massively changing our FTR setup. Operations and QA, feel free to chime in there, as this is your territory. #### - Change some FTR test suites to run against an HTTP2-enabled server I added a quick `configureHTTP2` helper function to take any "final" FTR suite config and mutate it to enable `http2`. I then enabled it on a few suites locally, to make sure the suites were passing correctly. I kept two suites running with http2 enabled: - the `console` oss functional tests - the `home` oss functional tests We could possibly enable it for more, but we need to figure out what kind of strategy we want on that matter (see below) ## What is this pull request NOT doing #### - Making sure everything works when HTTP2 is enabled I navigated the applications quite a bit, and did not see anything broken, however I obviously wasn't able to do a full coverage. Also, the self-signed certificate was a huge pain to detect issues really caused by http2 compared to issues because the local setup isn't valid `h2c`. In theory though (famous last words) anything not doing http/1.1 specific hacks such as bfetch should work fine with http2, given that even if using non-http2 clients, ALPN should just allow to fallback to http/1.x (this part was tested) #### - Enabling HTTP2 by default PR isn't doing it for obvious reasons. #### - Enabling HTTP2 for all FTR suites First of all, it's not that easy, because it requires adapting various parts of the config (and even some var env...), and we don't have any proper way to override config "at the end". For instance, if you add the http2 config on a top level config (e.g. the oss functional one that is reuse by the whole world - learned the hard way), it won't work because higher-level configs redefined (and override) the `browser` part of the config, loosing the settings added to run the browser in insecure mode. Secondly, I'm not sure we really need to run that many suites with http2 enabled. I learned working on that PR that we only have like one suite where https is enabled for the Kibana server, and I feel like it could be fine to have the same for http2. In theory it's just a protocol change, unless parts of our apps (e.g. bfetch) are doing things that are specific to http/1.1, switching to http2 should be an implementation detail. But I'd love to get @elastic/kibana-operations and @elastic/appex-qa opinion on that one, given they have more expertise than I do on that area. - Running performances tests We should absolutely run perf testing between http/1.1 over https and http/2, to make sure that it goes into the right directly (at least in term of user perceived speed), but I did not do it in the scope of this PR (and @dmlemeshko is on PTO so... 😅) ## Release Note Add support for `http2` to the Kibana server. `http2` can be enabled by setting `server.protocol: http2` in the Kibana config file. Note: by default, enabling `http2` requires a valid `h2c` configuration, meaning that it can only run over HTTPS with TLS1.2+ Please refer to the Kibana config documentation for more details. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> |
||
Khristinin Nikita
|
69b28f317b
|
Rule execution log support backfill rule run types (#183898)
## Rule execution log support backfill rule run types
|
||
|
Pierre Gayvallet
|
148eeec0fe
|
Update supertest and superagent to latest version (#183587)
## Summary Related to https://github.com/elastic/kibana/issues/7104 Update supertest, superagent, and the corresponding type package, to their latest version. (of course, types had some signature changes and we're massively using supertest in all our FTR suites so the whole Kibana multiverse has to review it) --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> |
||
Miriam
|
a4579a7e78
|
[ObsUx] [Infra] Change container details view with asset details view (#180436)
Part of https://github.com/elastic/kibana/issues/179844
### In this PR
- From Inventory, open asset details page view for Containers
- Show overview tab with CPU and Memory KPIs and metric charts
- Metadata tab with old fields, more metadata fields will be shown in
follow-up PR
- Added links to container metrics documentation, currently there are no
docs for K8s metrics just for docker containers
#### How to test
- The feature is under a FF, on inventory page go to settings and enable
`Container view`
- In containers inventory, select a container and click on 'Docker
container metrics' link (there's an
[issue](https://github.com/elastic/kibana/issues/180806) to reword this
links as K8s containers are also shown)
- Container details page should be shown with overview and metadata tabs
- On overview tab KPIs for CPU and Memory and Metrics section with CPU
and Memory charts should be displayed
<img width="937" alt="image"
src="
|
||
Stratoula Kalafateli
|
807da63c61
|
[ES|QL] Fetch the query columns utils (#182338)
## Summary Revives this https://github.com/elastic/kibana/pull/181969 To do so, I had to create a new package `search-types` and move the types I need there. The Discovery team can take it from here. Note: It also does a cleanup on the types I move, some of them were declared twice. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> |
||
Sandra G
|
069d814fe4
|
[Infra] add apm synthtrace kibana service and cleanup package install (#179764)
## Summary Closes https://github.com/elastic/kibana/issues/175064 - Creates a service for ApmSynthtraceKibanaClient to easily access in tests and other plugins for managing the installation of the APM package needed for indexing apm documents with synthtrace's elasticsearch client - Updates the Infra api integration and functional tests to use the service - Updates Infra tests to cleanup and uninstall the apm package - Updates ApmSynthtraceKibanaClient.installApmPackage to install the latest version if no version was passed in - Updates ApmSynthtraceKibanaClient.installApmPackage to return the version that was installed - Updates ApmSynthtraceKibanaClient to have an uninstallApmPackage method https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/5599 --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Felix Stürmer <weltenwort@users.noreply.github.com> |
||
Yara Tercero
|
f4f71d1130
|
[Detections Response] Finish moving remaining legacy FTRs (#175837)
**Resolves: https://github.com/elastic/kibana/issues/151902** ## Summary After this PR, all D&R FTRs are moved to new folder where they can be run in ESS and serverless. Please see below table for a summary of what tests need revisiting by the teams. During the test migration there may have been some tests that failed on serverless, but not ESS. Some we were able to fix and get running on both, others are still marked as `brokenInServerless` and need triage. |
||
Maxim Palenov
|
58adee01a0
|
[Security Solution] Support Serverless Cypress tests with different roles (#169017)
**Addresses:** https://github.com/elastic/kibana/issues/164451 ## Summary This PR allows to run role based reused between ESS and Serverless Cypress tests. ## Details The main idea behind is to make environmental differences for tests unnoticeable. As Serverless env already has roles and users but ESS env allows to create any possible role and user we just need to create Serverless roles and corresponding users + specific ESS roles and corresponding users in ESS env before running any ESS tests. This way tests will run in a similar env and don't have to bother by roles/users creation in test suites. This is achieved by using separate Cypress support files (Cypress includes `support/e2e.js` by default) `ess_e2e.ts` and `serverless_e2e.ts` executed for corresponding environments. `ess_e2e.ts` contains logic to create mentioned above roles and users while `serverless_e2e.ts` doesn't contain such logic. _Only one user created per role and user has the same name as its corresponding role with `changeme` password._ To have an ability to create roles we need to store their definitions somewhere. It's also convenient to have JSON definitions instead of YAML. Plus Serverless roles should be pulled from `project-controller` repo but it's not addressed in this PR. I've chosen the following locations - Serverless Security roles in `packages/kbn-es/src/serverless_resources/security_roles.json`. While `@kbn/es` is a common package it has `serverless_resources` folder containing `roles.yml` with a mix of `https://github.com/elastic/project-controller/blob/main/internal/project/observability/config/roles.yml`, `https://github.com/elastic/project-controller/blob/main/internal/project/esproject/config/roles.yml` and `https://github.com/elastic/project-controller/blob/main/internal/project/security/config/roles.yml` copied from `project-controller` and used for ES data restore. As there is no automation yet it looks logical to keep Security roles subset next to ES Serverless resources. - ESS Security specific roles in `x-pack/plugins/security_solution/common/test/ess_roles.json` On top of that the following has been done - `reader` role replaced with `t1_analyst` where possible in tests (besides `e2e/explore/cases/attach_alert_to_case.cy.ts` but it's purely ESS test so it's fine) as `reader` is ESS specific and make harder to run the same tests in ESS and Serverless environments but both roles are almost equivalent - `login()` helper function accepts all known roles (Serverless + ESS) but throws an exception if a custom ESS role is used under Serverless env - `x-pack/plugins/security_solution/server/lib/detection_engine/scripts/roles_users` isn't necessary anymore as `security_roles.json` + `ess_roles.json` contain all the necessary data to create roles and users ### Does it enable role support for MKI environments? No. This PR only enabling role support for Non-MKI Serverless environments. MKI env has predefined roles but not users. This will be addressed in a follow up PR. ## Flaky test runner Two unskiped in this PR Serverless Cypress tests using non default role `detection_response/detection_alerts/missing_privileges_callout.cy.ts` and `detection_response/prebuilt_rules/prebuilt_rules_install_update_authorization.cy.ts` [150 runs](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/3723) 🟢 (there is one env related failure but it doesn't look related to the changes in this PR) |
||
Ash
|
428f3e05ec
|
[Security Solution][Endpoint] Unskip metadata API ftr test (#167226)
## Summary Adds an error handler block to help debug test setup errors during fleet agent setup for endpoint API ftr tests. Also adds missing header API version. fixes elastic/kibana/issues/151854 **flaky ftr test runners** - https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/3223 x 150 (without header) - (1 fail) - https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/3224 x 50 (all 50 pass) - https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/3228 x 100 (2 fails) - https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/3231 x 100 ( 1 fail) - https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/3241 x 50 ( 2 fails) ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> |
||
Lukas Olson
|
4b7d18b5c3
|
[bfetch] Use versioned router (#161317)
## Summary Part of https://github.com/elastic/kibana/issues/157095. Uses the new versioned router capabilities for the bfetch plugin. ### Checklist - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> |
||
Marco Antonio Ghiani
|
abe58cb011
|
[Logs Shared] Move LogStream and LogView into new shared plugin (#161151)
## 📓 Summary Closes #159128 Due to a dependencies issue when disabling a plugin in serverless mode, the LogStream feature and related logic were disabled for every consumer. We decided to split this shared component and endpoint into their own plugin of shared logs utilities, reducing to the minimum the required dependency that could disable the plugin. What we moved can be summarized with: - `infrastructure-monitoring-log-view` saved object definition and registration - LogViews server/client services (exposed with start contract) + related endpoints - LogEntries server service + related endpoints - LogEntriesDomain logic (exposed with start contract) - `<LogStream />` component - `<ScrollableLogTextStreamView />` component and related logic - LogView state machine - Containers/Hooks to consume the moved APIs. - Common types/utils definition, now exported and consumed as a dependency from the `infra` plugin. ## 🤓 Review hints Most of the changes are just renaming and moving stuff into the new plugin, but for some operations was required to implement new logic, which may deserve a more critical review: - server/public `plugin.ts` files for the `infra` and `logs_shared` plugins. The new plugin now registers the fallback actions to retrieve a source configuration if there's no stored log view. It also set the configuration for the message field and registers the log view saved object. - the `logEntriesDomain` has also been moved inside the new plugin, but is also used by the logs-analysis endpoints, so it is exposed by the logs_shared plugin and consumed by `infra`. ## 👣 Following steps We currently are still using the `observability` plugin for consuming the CoPilot feature on our LogsStream flyout. The plugin dependency is marked as optional, so disabling the `observability` plugin in a serverless environment won't disable also the exposed features in this new plugin, but it'll affect only the CoPilot feature, which won't be loaded. In future, would be nice to extract the CoPilot feature into its own package/plugin, so that also serverless projects can consume it without depending on `observability. --------- Co-authored-by: Marco Antonio Ghiani <marcoantonio.ghiani@elastic.co> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> |
||
|
Marco Antonio Ghiani
|
e3fddf38f7
|
[Logs UI] Versioning for Logs related APIs (#158710)
## 📓 Summary Closes #157324 Closes #159275 Closes #159303 This work converts the APIs related to the Logs UI feature into versioned APIs using the new [Kibana versioned router](https://docs.elastic.dev/kibana-dev-docs/versioning-http-apis#4-adhere-to-the-http-versioning-specification). The converted APIs are the following, where each endpoint now is set to version `1`: - [log_views](https://github.com/elastic/kibana/tree/main/x-pack/plugins/infra/server/routes/log_views) - [log_entries](https://github.com/elastic/kibana/tree/main/x-pack/plugins/infra/server/routes/log_entries) - [log_analysis](https://github.com/elastic/kibana/tree/main/x-pack/plugins/infra/server/routes/log_analysis) - [log_alerts](https://github.com/elastic/kibana/tree/main/x-pack/plugins/infra/server/routes/log_alerts) The PR also includes moving the interfaces and runtime types relatives to each endpoint's group into the recommended practices for [versioning interfaces](https://docs.elastic.dev/kibana-dev-docs/versioning-interfaces). ## 🧪 Testing - Navigate to the Logs UI settings page and verify the log view is correctly retrieved and can be successfully updated. - Navigate to the Logs stream page and verify the stream entries are retrieved and rendered. - Navigate to the Anomalies and Categories pages page and verify the anomalies entries are retrieved and rendered correctly. - Create a Log threshold alert and verify the chart preview data are correctly retrieved and shown. --------- Co-authored-by: Marco Antonio Ghiani <marcoantonio.ghiani@elastic.co> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> |
||
|
Lukas Olson
|
34ada8a9a6
|
[data.search] Use versioned router (#158520)
## Summary Step 1 of https://github.com/elastic/kibana/issues/157095. Uses the new versioned router capabilities for the search routes (`POST` and `DELETE`). ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### For maintainers - [x] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Matthias Wilhelm <matthias.wilhelm@elastic.co> |
||
Christiane (Tina) Heiligers
|
7bbe92f085
|
Enables preventing access to internal APIs (#156935)
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> |
||
Gerard Soldevila
|
21351df953
|
Split the .kibana saved objects index into multiple indices (#154888)
## Description Fix https://github.com/elastic/kibana/issues/104081 This PR move some of the SO types from the `.kibana` index into the following ones: - `.kibana_alerting_cases` - `.kibana_analytics` - `.kibana_security_solution` - `.kibana_ingest` This split/reallocation will occur during the `8.8.0` Kibana upgrade (*meaning: from any version older than `8.8.0` to any version greater or equal to `8.8.0`*) **This PR main changes are:** - implement the changes required in the SO migration algorithm to support this reallocation - update the FTR tools (looking at you esArchiver) to support these new indices - update hardcoded references to `.kibana` and usage of the `core.savedObjects.getKibanaIndex()` to use new APIs to target the correct index/indices - update FTR datasets, tests and utility accordingly ## To reviewers **Overall estimated risk of regressions: low** But, still, please take the time to review changes in your code. The parts of the production code that were the most impacted are the telemetry collectors, as most of them were performing direct requests against the `.kibana` index, so we had to adapt them. Most other contributor-owned changes are in FTR tests and datasets. If you think a type is misplaced (either we missed some types that should be moved to a specific index, or some types were moved and shouldn't have been) please tell us, and we'll fix the reallocation either in this PR or in a follow-up. ## .Kibana split The following new indices are introduced by this PR, with the following SO types being moved to it. (any SO type not listed here will be staying in its current index) Note: The complete **_type => index_** breakdown is available in [this spreadsheet](https://docs.google.com/spreadsheets/d/1b_MG_E_aBksZ4Vkd9cVayij1oBpdhvH4XC8NVlChiio/edit#gid=145920788). #### `.kibana_alerting_cases` - action - action_task_params - alert - api_key_pending_invalidation - cases - cases-comments - cases-configure - cases-connector-mappings - cases-telemetry - cases-user-actions - connector_token - rules-settings - maintenance-window #### `.kibana_security_solution` - csp-rule-template - endpoint:user-artifact - endpoint:user-artifact-manifest - exception-list - exception-list-agnostic - osquery-manager-usage-metric - osquery-pack - osquery-pack-asset - osquery-saved-query - security-rule - security-solution-signals-migration - siem-detection-engine-rule-actions - siem-ui-timeline - siem-ui-timeline-note - siem-ui-timeline-pinned-event #### `.kibana_analytics` - canvas-element - canvas-workpad-template - canvas-workpad - dashboard - graph-workspace - index-pattern - kql-telemetry - lens - lens-ui-telemetry - map - search - search-session - search-telemetry - visualization #### `.kibana_ingest` - epm-packages - epm-packages-assets - fleet-fleet-server-host - fleet-message-signing-keys - fleet-preconfiguration-deletion-record - fleet-proxy - ingest_manager_settings - ingest-agent-policies - ingest-download-sources - ingest-outputs - ingest-package-policies ## Tasks / PRs ### Sub-PRs **Implementation** - 🟣 https://github.com/elastic/kibana/pull/154846 - 🟣 https://github.com/elastic/kibana/pull/154892 - 🟣 https://github.com/elastic/kibana/pull/154882 - 🟣 https://github.com/elastic/kibana/pull/154884 - 🟣 https://github.com/elastic/kibana/pull/155155 **Individual index split** - 🟣 https://github.com/elastic/kibana/pull/154897 - 🟣 https://github.com/elastic/kibana/pull/155129 - 🟣 https://github.com/elastic/kibana/pull/155140 - 🟣 https://github.com/elastic/kibana/pull/155130 ### Improvements / follow-ups - 👷🏼 Extract logic into [runV2Migration](https://github.com/elastic/kibana/pull/154151#discussion_r1158470566) @gsoldevila - Make `getCurrentIndexTypesMap` resillient to intermittent failures https://github.com/elastic/kibana/pull/154151#discussion_r1169289717 - 🚧 Build a more structured [MigratorSynchronizer](https://github.com/elastic/kibana/pull/154151#discussion_r1158469918) - 🟣 https://github.com/elastic/kibana/pull/155035 - 🟣 https://github.com/elastic/kibana/pull/155116 - 🟣 https://github.com/elastic/kibana/pull/155366 ## Reallocation tweaks Tweaks to the reallocation can be done after the initial merge, as long as it's done before the public release of 8.8 - `url` should get back to `.kibana` (see [comment](https://github.com/elastic/kibana/pull/154888#discussion_r1172317133)) ## Release Note For performance purposes, Kibana is now using more system indices to store its internal data. The following system indices will be created when upgrading to `8.8.0`: - `.kibana_alerting_cases` - `.kibana_analytics` - `.kibana_security_solution` - `.kibana_ingest` --------- Co-authored-by: pgayvallet <pierre.gayvallet@elastic.co> Co-authored-by: Christos Nasikas <christos.nasikas@elastic.co> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Georgii Gorbachev <georgii.gorbachev@elastic.co> |
||
|
Christiane (Tina) Heiligers
|
ff51407fdf
|
Saved objects extensions refactor merge (#142878)
Merges the changes of #134395 into the new packages structure. Resolves #133835 ### Description This PR represents a fully manual merge of the saved objects refactor of client wrapper system into repository extensions. These changes are being manually merged due to significant changes of the saved objects implementation in the main branch, specifically the migration to the new packages structure. ### Other changes - Bulk Delete: bulk delete was implemented in parallel to #134395 being completed and this PR will refactor that API to utilize the new extensions Co-authored-by: Jeramy Soucy <jeramy.soucy@elastic.co> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Aleh Zasypkin <aleh.zasypkin@gmail.com> |
||
Jeramy Soucy
|
9d479d44b1
|
Adds legacy URL alias function to test data loader. Fixes test setup for SO bulk create. (#143688) | ||
Kurt
|
227288e726
|
Adding testdataloader method to remove all SO from the kibana index (#143400)
* Adding testdataloader method to remove all SO from the kibana index * Changing call order per PR review feedback |
||
|
Kurt
|
6875d18d0f
|
Removing esArchiver in favor of testDataLoader for bulk_get Saved Objects integration tests (#140998)
* Removing esArchiver in favor of testDataLoader * [CI] Auto-commit changed files from 'node scripts/precommit_hook.js --ref HEAD~1..HEAD --fix' * Adding test data for loader * [CI] Auto-commit changed files from 'node scripts/precommit_hook.js --ref HEAD~1..HEAD --fix' * Adding generic TestDataLoader * Importing just the type per PR feedback * Changing testDataLoader function names to be more descriptive Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Larry Gregory <larry.gregory@elastic.co> Co-authored-by: Thomas Watson <watson@elastic.co> |
||
Spencer
|
50b3b57d9e
|
[ftr] add first-class support for playwrite journeys (#140680)
* [ftr] add first-class support for playwrite journeys * [CI] Auto-commit changed files from 'node scripts/generate codeowners' * fix jest test * remove ability to customize kibana server args, if we need it we can add it back * remove dev dir that doesn't exist * fix typo * prevent duplicated array converstion logic by sharing flag reader * remove destructuring of option * fix scalability config and config_path import * fix start_servers args and tests * include simple readme * fix jest tests and support build re-use when changes are just to jest tests Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> |
||
Aleh Zasypkin
|
886d61ae72
|
Get rid of esArchiver in the Copy To Spaces integration tests. (#137831)
|
||
Tre
|
677390d0a7
|
[Archive Migrations] dashboard/feature_controls/spaces (#139342)
* [Archive Migrations] dashboard/feature_controls/spaces Replaces the old es archive with kbn archive. Change test to use new archive. Helps with: https://github.com/elastic/kibana/issues/102552 * Whoops, forgot to drop the archive. |
||
Lee Drengenberg
|
f2c20b7c9f
|
[Archive Migration] batch 2 of removing es_archives/empty_kibana (#138208)
* replace es_archives/empty_kibana with kibanaServer.savedObjects.cleanStandardList * [CI] Auto-commit changed files from 'node scripts/precommit_hook.js --ref HEAD~1..HEAD --fix' * add missing kibanaServer * add a tearDown * revert changes that don't pass * revert fleet_setup, delete spaces in tearDown * Don't fail on deleting spaces * revert file for failing test Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> |
||
Chris Roberson
|
fe76adbc3a
|
[ResponseOps] Fix broken search strategy test (#130393)
* Unskip and add debug * try this * lets fail * this? * add another * Add more * Try this Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> |
||
|
spalger
|
3730dd0779 | fix all violations | ||
Felix Stürmer
|
a736c44e21
|
[Logs UI] Store Logs UI settings in a dedicated infrastructure-monitoring-log-view saved object (#125014)
|
||
|
Chris Roberson
|
70e0133691
|
[Response Ops] Change search strategy to private (#127792)
* Privatize * Add test * Fix types * debug for ci * try fetching version * Use this Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> |
||
Devin W. Hurley
|
ed7b51ffd6
|
[Security Solution] [Security Platform] Allow users without any actions privileges to still import rules (#126203)
allow users without any actions privileges to still import rules, adds tests to cover this case Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> |
||
|
Chris Roberson
|
67e52e75fe
|
[ResponseOps] Exclude RBAC from SIEM for alerts search strategy (#126859)
* Exclude RBAC from siem requests * PR feedback * PR feedback * Fix tests |
||
Frank Hassanabad
|
915206531b
|
[Security Solutions] Removes tech debt of exporting all from linter rule for security_solution plugin (#120188)
## Summary See: https://github.com/elastic/kibana/issues/110903 This removes the top level API `export *` spots from: * `security_solution` plugin by removing _all_ the exports from `security_solution/common/index.ts` since non of those were shared outside this plugin. Look at the metrics from the build below and you will see _huge_ drops off numbers across the board for required API documentation to the page load size. In the file `security_solution/common/index.ts` I now put the advice of: ``` // Careful of exporting anything from this file as any file(s) you export here will cause your page bundle size to increase. // If you're using functions/types/etc... internally it's best to import directly from their paths than expose the functions/types/etc... here. // You should _only_ expose functions/types/etc... that need to be shared with other plugins here. ``` But really I doubt we will have to share anything from `security_solutions` plugin to another plugin or expose it for anyone else. So I think this is 👍 the way forward to not expose anything directly from `security_solution/common/index.ts` anymore. |
||
Paul Tavares
|
a3119a5541
|
[Security Solution][Roles] Add Read-Only Endpoint indexes to the (Detections) role creation scripts + FTR improvements (#107086)
* Add needed indexes to the role scripts * Moved/renamed detection engine roles and user utility to `x-pack/test/common/security_solution` * removed duplicate code in rule_registry and instead exported same methods from `common/services/security_solution` * new endpoint FTR service that includes methods for loading and unloading data (uses existing data indexer methods) * Transforms: Added additional methods to the FTR Test service |
||
Spencer
|
808b44f2c1
|
[kbn/test] move types/ftr into src (#99555)
* [kbn/test] move types/ftr into src * Apply eslint updates * fix import of Lifecycle type Co-authored-by: spalger <spalger@users.noreply.github.com> Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> |
||
Brandon Kobel
|
4584a8b570
|
Elastic License 2.0 (#90099)
* Updating everything except the license headers themselves * Applying ESLint rules * Manually replacing the stragglers |
||
Nicolas Chaulet
|
441a0d4ec9
|
[Fleet] Move ingestManager plugin to fleet (#82886) | ||
Kevin Logan
|
8aa8b04cee
|
[SECURITY_SOLUTION] Retry on ingest setup (#75000) | ||
Candace Park
|
1daa2f4a54
|
[SECURITY SOLUTION][INGEST] Task/endpoint list tests (#69419)
endpoint func tests for endpoint details to ingest, edit datasource to policy, bug fix for security link |
||
Rashmi Kulkarni
|
846912a9c9
|
moved security to OSS/common (#52322) | ||
|
Spencer
|
b66415e416
|
[xpack/ftr/common] follow service provider conventions (#52236)
* [xpack/ftr/common] follow conventions, expose a config file In order to make xpack/test/common ftr config easier to work with, this updates it to follow the conventions established by most other configs of exposing all services from the services module as an object that can be easily merges into local services modules. * common config file and FtrProviderConfig are unused and unnecessary * turns out FtrProviderContext was used... |
||
|
Spencer
|
d66b3c74eb
|
[x-pack/ftr] refactor types to be more accurate/consistent wit… (#42407) | ||
Brandon Kobel
|
80aae6bba8
|
Feature Controls (#31652)
* Restructure user profile for granular app privs (#23750) merging to feature branch for further development * Introducing uiCapabilities, removing config providers & user profile (#25387) ## Summary Introduces the concept of "UI Capabilities", which allows Kibana applications to declare capabilities via the `uiCapabilities` injected var, and then use them client-side via the `ui/capabilities` module to inform their rendering decisions. * GAP - Actions Restructured and Extensible (#25347) * Restructure user profile for granular app privs (#23750) merging to feature branch for further development * Fixing saved object capability checking * Beginning to restructure actions to be used for all action building * Using actions to build ui capabilities * dropping /read from client-side userprovide ui capabilities * Adding some actions * Using different syntax which will hopefully help with allowing apps to specify the privileges themselves * Exposing all saved object operations in the capabilities * Using actions in security's onPostAuth * Only loading the default index pattern when it's required * Only using the navlinks for the "ui capabilities" * Redirecting from the discover application if the user can't access kibana:discover * Redirecting from dashboard if they're hidden * Features register their privileges now * Introducing a FeaturesPrivilegesBuilder * REmoving app from the feature definition * Adding navlink specific ations * Beginning to break out the serializer * Exposing privileges from the authorization service * Restructuring the privilege/resource serialization to support features * Adding actions unit tests * Adding features privileges builders tests * Adding PrivilegeSerializer tests * Renaming missed usages * Adding tests for the privileges serializer * Adding privileges tests * Adding registerPrivilegesWithCluster tests * Better tests * Fixing authorization service tests * Adding ResourceSerializer tests * Fixing Privileges tests * Some PUT role tests * Fixing read ui/api actions * Exposing features from xpackMainPlugin * Adding navlink:* to the "reserved privileges" * navlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_link * Automatically determining navlink based ui capabilities * Backing out changes that got left behind * Using ui actions for navlinks * Adding TODOs * Ui -> UI * Deleting unused file * Removing api: [] as it's not necessary anymore * Fixing graph saved object privileges * Privileges are now async * Pushing the asycnchronicity to the privileges "service" * Adding TODO * Providing initial value for reduce * adds uiCapabilities to test_entry_template * Adding config to APM/ML feature privileges * Commenting out obviously failing test so we can get CI greeenn * Fixing browser tests * Goodbyyeee * Adding app actions to the reserved privileges * update snapshot * UI/API changes to facilitate disabling features within spaces (#24235) * Restructure user profile for granular app privs (#23750) merging to feature branch for further development * Introducing uiCapabilities, removing config providers & user profile (#25387) ## Summary Introduces the concept of "UI Capabilities", which allows Kibana applications to declare capabilities via the `uiCapabilities` injected var, and then use them client-side via the `ui/capabilities` module to inform their rendering decisions. * GAP - Actions Restructured and Extensible (#25347) * Restructure user profile for granular app privs (#23750) merging to feature branch for further development * Fixing saved object capability checking * Beginning to restructure actions to be used for all action building * Using actions to build ui capabilities * dropping /read from client-side userprovide ui capabilities * Adding some actions * Using different syntax which will hopefully help with allowing apps to specify the privileges themselves * Exposing all saved object operations in the capabilities * Using actions in security's onPostAuth * Only loading the default index pattern when it's required * Only using the navlinks for the "ui capabilities" * Redirecting from the discover application if the user can't access kibana:discover * Redirecting from dashboard if they're hidden * Features register their privileges now * Introducing a FeaturesPrivilegesBuilder * REmoving app from the feature definition * Adding navlink specific ations * Beginning to break out the serializer * Exposing privileges from the authorization service * Restructuring the privilege/resource serialization to support features * Adding actions unit tests * Adding features privileges builders tests * Adding PrivilegeSerializer tests * Renaming missed usages * Adding tests for the privileges serializer * Adding privileges tests * Adding registerPrivilegesWithCluster tests * Better tests * Fixing authorization service tests * Adding ResourceSerializer tests * Fixing Privileges tests * Some PUT role tests * Fixing read ui/api actions * Exposing features from xpackMainPlugin * Adding navlink:* to the "reserved privileges" * navlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_link * Automatically determining navlink based ui capabilities * Backing out changes that got left behind * Using ui actions for navlinks * Adding TODOs * Ui -> UI * Deleting unused file * Removing api: [] as it's not necessary anymore * Fixing graph saved object privileges * Privileges are now async * Pushing the asycnchronicity to the privileges "service" * Adding TODO * Providing initial value for reduce * adds uiCapabilities to test_entry_template * Adding config to APM/ML feature privileges * Commenting out obviously failing test so we can get CI greeenn * Fixing browser tests * Goodbyyeee * Adding app actions to the reserved privileges * Begin to allow features to be disabled within spaces typescript fixes additional cleanup attempt to resolve build error fix tests more ts updates fix typedefs on manage_spaces_button more import fixes test fixes move user profile into xpack common Restructure space management screen fix SASS references design edits remove Yes/No language from feature toggles fix casing removed unused imports update snapshot fix sass reference for collapsible panel Fix sass reference, take 2 * Restructure user profile for granular app privs (#23750) merging to feature branch for further development * extract migration logic into testable unit * Introducing uiCapabilities, removing config providers & user profile (#25387) ## Summary Introduces the concept of "UI Capabilities", which allows Kibana applications to declare capabilities via the `uiCapabilities` injected var, and then use them client-side via the `ui/capabilities` module to inform their rendering decisions. * Design edits (#12) enables customize avatar popover update tests, and simplify editing space identifier remove references to user profile remove unused test suite remove unnecessary sass import removes security's capability_decorator * fix i18n * updates toggleUiCapabilities to use new feature definitions * cleanup and testing * remove references to old feature interface * readd lost spacer * adds feature route testing * additional i18n * snapshot update * copy edits * fix ml app icon * add missing export * remove unnecessary sass import * attempt to fix build * fix spaces api tests * esArchiver mapping updates * rename toggleUiCapabilities -> toggleUICapabilities * removes shared collapsible_panel component in favor of plugin-specific components * some copy and style adjustments * fix test following rebase * add lost types file * design edits * remove stale export * feature feedback; fixes cached disabled features * GAP: Security disables UI capabilities (#25809) * Restructure user profile for granular app privs (#23750) merging to feature branch for further development * Fixing saved object capability checking * Beginning to restructure actions to be used for all action building * Using actions to build ui capabilities * dropping /read from client-side userprovide ui capabilities * Adding some actions * Using different syntax which will hopefully help with allowing apps to specify the privileges themselves * Exposing all saved object operations in the capabilities * Using actions in security's onPostAuth * Only loading the default index pattern when it's required * Only using the navlinks for the "ui capabilities" * Redirecting from the discover application if the user can't access kibana:discover * Redirecting from dashboard if they're hidden * Features register their privileges now * Introducing a FeaturesPrivilegesBuilder * REmoving app from the feature definition * Adding navlink specific ations * Beginning to break out the serializer * Exposing privileges from the authorization service * Restructuring the privilege/resource serialization to support features * Adding actions unit tests * Adding features privileges builders tests * Adding PrivilegeSerializer tests * Renaming missed usages * Adding tests for the privileges serializer * Adding privileges tests * Adding registerPrivilegesWithCluster tests * Better tests * Restructure user profile for granular app privs (#23750) merging to feature branch for further development * Fixing authorization service tests * Adding ResourceSerializer tests * Fixing Privileges tests * Some PUT role tests * Fixing read ui/api actions * Introducing uiCapabilities, removing config providers & user profile (#25387) ## Summary Introduces the concept of "UI Capabilities", which allows Kibana applications to declare capabilities via the `uiCapabilities` injected var, and then use them client-side via the `ui/capabilities` module to inform their rendering decisions. * Exposing features from xpackMainPlugin * Adding navlink:* to the "reserved privileges" * navlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_link * Automatically determining navlink based ui capabilities * Backing out changes that got left behind * Using ui actions for navlinks * Adding TODOs * Ui -> UI * Deleting unused file * Removing api: [] as it's not necessary anymore * Fixing graph saved object privileges * Privileges are now async * Pushing the asycnchronicity to the privileges "service" * Adding TODO * Providing initial value for reduce * adds uiCapabilities to test_entry_template * Adding config to APM/ML feature privileges * Commenting out obviously failing test so we can get CI greeenn * Fixing browser tests * First, very crappy implementation * Adding tests for disabling ui capabilities * All being set to false no longer requires a clone * Using _.mapValues makes this a lot more readable * Checking those privileges dynamically * Fixing some broken stuff when i introduced checkPrivilegesDynamically * Adding conditional plugin tests * Renaming conditional plugin to optional plugin * Fixing type errors * GAP - Actions Restructured and Extensible (#25347) * Restructure user profile for granular app privs (#23750) merging to feature branch for further development * Fixing saved object capability checking * Beginning to restructure actions to be used for all action building * Using actions to build ui capabilities * dropping /read from client-side userprovide ui capabilities * Adding some actions * Using different syntax which will hopefully help with allowing apps to specify the privileges themselves * Exposing all saved object operations in the capabilities * Using actions in security's onPostAuth * Only loading the default index pattern when it's required * Only using the navlinks for the "ui capabilities" * Redirecting from the discover application if the user can't access kibana:discover * Redirecting from dashboard if they're hidden * Features register their privileges now * Introducing a FeaturesPrivilegesBuilder * REmoving app from the feature definition * Adding navlink specific ations * Beginning to break out the serializer * Exposing privileges from the authorization service * Restructuring the privilege/resource serialization to support features * Adding actions unit tests * Adding features privileges builders tests * Adding PrivilegeSerializer tests * Renaming missed usages * Adding tests for the privileges serializer * Adding privileges tests * Adding registerPrivilegesWithCluster tests * Better tests * Fixing authorization service tests * Adding ResourceSerializer tests * Fixing Privileges tests * Some PUT role tests * Fixing read ui/api actions * Exposing features from xpackMainPlugin * Adding navlink:* to the "reserved privileges" * navlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_link * Automatically determining navlink based ui capabilities * Backing out changes that got left behind * Using ui actions for navlinks * Adding TODOs * Ui -> UI * Deleting unused file * Removing api: [] as it's not necessary anymore * Fixing graph saved object privileges * Privileges are now async * Pushing the asycnchronicity to the privileges "service" * Adding TODO * Providing initial value for reduce * adds uiCapabilities to test_entry_template * Adding config to APM/ML feature privileges * Commenting out obviously failing test so we can get CI greeenn * Fixing browser tests * Goodbyyeee * Adding app actions to the reserved privileges * Restructure user profile for granular app privs (#23750) merging to feature branch for further development * Introducing uiCapabilities, removing config providers & user profile (#25387) ## Summary Introduces the concept of "UI Capabilities", which allows Kibana applications to declare capabilities via the `uiCapabilities` injected var, and then use them client-side via the `ui/capabilities` module to inform their rendering decisions. * GAP - Actions Restructured and Extensible (#25347) * Restructure user profile for granular app privs (#23750) merging to feature branch for further development * Fixing saved object capability checking * Beginning to restructure actions to be used for all action building * Using actions to build ui capabilities * dropping /read from client-side userprovide ui capabilities * Adding some actions * Using different syntax which will hopefully help with allowing apps to specify the privileges themselves * Exposing all saved object operations in the capabilities * Using actions in security's onPostAuth * Only loading the default index pattern when it's required * Only using the navlinks for the "ui capabilities" * Redirecting from the discover application if the user can't access kibana:discover * Redirecting from dashboard if they're hidden * Features register their privileges now * Introducing a FeaturesPrivilegesBuilder * REmoving app from the feature definition * Adding navlink specific ations * Beginning to break out the serializer * Exposing privileges from the authorization service * Restructuring the privilege/resource serialization to support features * Adding actions unit tests * Adding features privileges builders tests * Adding PrivilegeSerializer tests * Renaming missed usages * Adding tests for the privileges serializer * Adding privileges tests * Adding registerPrivilegesWithCluster tests * Better tests * Fixing authorization service tests * Adding ResourceSerializer tests * Fixing Privileges tests * Some PUT role tests * Fixing read ui/api actions * Exposing features from xpackMainPlugin * Adding navlink:* to the "reserved privileges" * navlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_link * Automatically determining navlink based ui capabilities * Backing out changes that got left behind * Using ui actions for navlinks * Adding TODOs * Ui -> UI * Deleting unused file * Removing api: [] as it's not necessary anymore * Fixing graph saved object privileges * Privileges are now async * Pushing the asycnchronicity to the privileges "service" * Adding TODO * Providing initial value for reduce * adds uiCapabilities to test_entry_template * Adding config to APM/ML feature privileges * Commenting out obviously failing test so we can get CI greeenn * Fixing browser tests * Goodbyyeee * Adding app actions to the reserved privileges * Update x-pack/plugins/security/server/lib/authorization/disable_ui_capabilities.ts Co-Authored-By: kobelb <brandon.kobel@gmail.com> * Update x-pack/plugins/security/server/lib/authorization/check_privileges_dynamically.ts Co-Authored-By: kobelb <brandon.kobel@gmail.com> * Disabling all ui capabilities if route is anonymous * More typescript * Even more typescript * Updating snapshot * Less any * More safer * Another one * Restructure user profile for granular app privs (#23750) merging to feature branch for further development * Introducing uiCapabilities, removing config providers & user profile (#25387) ## Summary Introduces the concept of "UI Capabilities", which allows Kibana applications to declare capabilities via the `uiCapabilities` injected var, and then use them client-side via the `ui/capabilities` module to inform their rendering decisions. * GAP - Actions Restructured and Extensible (#25347) * Restructure user profile for granular app privs (#23750) merging to feature branch for further development * Fixing saved object capability checking * Beginning to restructure actions to be used for all action building * Using actions to build ui capabilities * dropping /read from client-side userprovide ui capabilities * Adding some actions * Using different syntax which will hopefully help with allowing apps to specify the privileges themselves * Exposing all saved object operations in the capabilities * Using actions in security's onPostAuth * Only loading the default index pattern when it's required * Only using the navlinks for the "ui capabilities" * Redirecting from the discover application if the user can't access kibana:discover * Redirecting from dashboard if they're hidden * Features register their privileges now * Introducing a FeaturesPrivilegesBuilder * REmoving app from the feature definition * Adding navlink specific ations * Beginning to break out the serializer * Exposing privileges from the authorization service * Restructuring the privilege/resource serialization to support features * Adding actions unit tests * Adding features privileges builders tests * Adding PrivilegeSerializer tests * Renaming missed usages * Adding tests for the privileges serializer * Adding privileges tests * Adding registerPrivilegesWithCluster tests * Better tests * Fixing authorization service tests * Adding ResourceSerializer tests * Fixing Privileges tests * Some PUT role tests * Fixing read ui/api actions * Exposing features from xpackMainPlugin * Adding navlink:* to the "reserved privileges" * navlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_linknavlink -> navLink | nav_link * Automatically determining navlink based ui capabilities * Backing out changes that got left behind * Using ui actions for navlinks * Adding TODOs * Ui -> UI * Deleting unused file * Removing api: [] as it's not necessary anymore * Fixing graph saved object privileges * Privileges are now async * Pushing the asycnchronicity to the privileges "service" * Adding TODO * Providing initial value for reduce * adds uiCapabilities to test_entry_template * Adding config to APM/ML feature privileges * Commenting out obviously failing test so we can get CI greeenn * Fixing browser tests * Goodbyyeee * Adding app actions to the reserved privileges * update snapshot * Update x-pack/plugins/security/server/lib/authorization/check_privileges.ts Co-Authored-By: kobelb <brandon.kobel@gmail.com> * Update x-pack/plugins/security/server/lib/authorization/check_privileges.ts Co-Authored-By: kobelb <brandon.kobel@gmail.com> * Fixing type errors * Only disabling navLinks if a feature is registered for them * Adding non i18n'ed tooltip * Making metadata and tooltip optional * i18n'ing tooltips * Responding to peer review comments * GAP - Role API Structure (#26740) * Updated the role api PUT structure * Minimum is an array now * Updating get route to naively support the new structure * Renaming and removing some serialized methods * Updating Role PUT api tests * Fixing PUT jest tests * Fixing GET tests * Updating PrivilegeSerializer tests * Renaming features to feature for the GET, so we're consistent * Validating features and feature privileges * Update x-pack/plugins/security/server/lib/authorization/privilege_serializer.test.ts Co-Authored-By: kobelb <brandon.kobel@gmail.com> * Update x-pack/plugins/security/server/lib/authorization/privilege_serializer.test.ts Co-Authored-By: kobelb <brandon.kobel@gmail.com> * Update x-pack/plugins/security/server/lib/authorization/privilege_serializer.test.ts Co-Authored-By: kobelb <brandon.kobel@gmail.com> * Renaming some variables/members of the PrivilegesSerializer * Fixing privileges serializer tests * Fixing register privileges with cluster tests * Fixing the role creation for the api integration tests * Generalizing regex within the feature registry * update tests * [GAP] - Support infra features (#26955) ## Summary This PR adds the `Infrastructure` and `Logs` apps as toggle-able features via Granular Application Privileges. * [GAP] - Enables xpack_main to populate UI Capabilities (#27031) ## Summary Currently, plugins that register features via `xpackMainPlugin.registerFeature({...})` also have to specify their own `uiCapabilities` via `injectDefaultVars`, which is counter-intuitive and cumbersome. We've accepted this complexity for OSS plugins, but x-pack and third-party plugins should not have to concern themselves with such implementation details. This PR removes that requirement for x-pack and third-party plugins, so all they have to do is register features, and ensure that their feature privileges contain the appropriate UI Capabilities in the `ui` property. ### Notes This implementation intentionally does not alter UI Capabilities that come in via OSS Kibana. The capabilities defined there should be the source of truth, regardless of which distribution is used. ### Example <pre> xpackMainPlugin.registerFeature({ id: 'graph', name: 'Graph', icon: 'graphApp', <b>navLinkId: 'graph',</b> privileges: { all: { app: [], savedObject: { ... }, <b>ui: ['showWriteControls'],</b> }, read: { app: [], savedObject: { ... }, <b>ui: ['someOtherCapability],</b> } } }); </pre> Will be translated to the following UI Capabilities: ``` uiCapabilities: { navLinks: { graph: true }, graph: { showWriteControls: true, someOtherCapability: true, } } ``` xpack_main is **not responsible** for disabling UI capabilities, so this will initialize all capabilities with a value of `true`. * Hide write controls for the visualization application (#26536) * Hide write controls for the timelion application (#26537) * blacklist feature ids (#27493) * [GAP] - Support management links (#27055) ## Summary This enables management links to be toggled via UI Capabilities. ## TODO - [x] Implement spaces controls - [x] Implement security controls - [x] Testing - [ ] (optional) - dedicated display for managing management links? * Enables the feature catalogue registry to be controlled via uiCapabil… (#27945) * Enables the feature catalogue registry to be controlled via uiCapabilities * update snapshot * xpack_main populates uiCapabilities with the full list of catalogue entries * builds application privileges using catalogue actions * prevent 'catalogue' from being registered as a feature id * fix mocha tests * fix merge * update snapshots * GAP - Discover and NavLinks Functional Testing (#27414) * Adding very basic Discover tests * Ensuring discover is visible in both spaces * Parsing the DOM to determine the uiCapabilities * Making this.wreck `any` because the type definitions suck * Specifying auth when requesting ui capabilities * Beginning architecture to support permutation testing * Adding documentation of the different configurations we'd like to test * Fixing type errors * Beginning to work on the framework to test the combinations * Adding some factories * Pushing forward, not a huge fan of what I have right now * The new-new * Less weird types * Revising some things after talking with Larry * Switching from wreck to axios * Restructuring some files * Changing to a space with all features, and a space with no features * Beginning to add the security only tests * Adding a navLinksBuilder * Adding spaces only tests * Not disabling ui capabilities, or authing app/api access when we shouldn't be * Can't get rid of management * Adding more user types * More users, this is starting to really suck * Renaming some things... * Revising which users we'll test in which ui capabilities "test suite" * Adding some more user scenarios for the security_only configuration * Adding security_only user scenarios * Adding space scenarios * Fixing type errors * Udpating the readme for the spaces we're testing with * Adding global read discover security ui functional tests * Adding tests to make sure save buttons are shown/hidden The actual implementation is broken somewhere * Fixing tests after GIS is added and conflicts happened for infra * Adding discover ui capability tests * Fixing navlinks tests * Adding discover view tests * Adding UI tests for spaces being disabled * Fixing tests * Removing wreck dependency, it's garbage * Fixing typo * Updating ui capabilities README.md and adding another user for the security and spaces ui capability tests * Updating yarn lock file * Consolidation some types * Adding VisualizeDisabledSpace to the scenarios. * Fixing esArchives with .kibana_2 * Disable features optional again * Adding ensureCurrentUrl: false * Fixing space selector tests * Fixing gis privileges, they use saved objects * Fixing find's element staleness checks * Update x-pack/test/functional/es_archives/spaces/disabled_features/data.json Co-Authored-By: kobelb <brandon.kobel@gmail.com> * Generalizing logic to get appNavLinksText * Removing duplicate license header * Adding GIS mappingst * Fixing readme * We love our future selfs * Adding GisRead scenario * Whoops * Adding note about funky syntax for use with exhaustive switches * Using a centralized list of features * Give it some time * Even more time? * Space Management - accessibility & i18n improvements (#28195) ## Summary 1) Improves the accessibility for the spaces management screen: - Customize Space Avatar popover now receives focus when toggled - Labels are more descriptive, providing context - Delete Space modal correctly focuses 2) Improves i18n support - fixed a couple hard-coded strings 3) Adds a "Features" column to the spaces grid page, which shows a brief summary of the number of features enabled for each space:  Related: https://github.com/elastic/kibana/issues/28184 * Feature Controls - spaces - functional tests (#28213) * adds tests for /api/features/v1 endpoint * update failing management test * Fc/run ui capability tests (#28362) * Running the UI Capability Tests as part of the normal CI runs * Adding uptime feature to get these tests passing * Adding features and sorting * Adding uptime security_only uiCapability tests, and fixing devTools * Fixing the docs * Fixing section panel i18n issue * Removing unused import * Updating snapshots * Feature Controls - The new new role API (#28441) These changes allow us to build the most recent UI where spaces can be "grouped" and edited at once. This changes the kibana section of the role definition to the following: ``` { kibana: [ { base: ['read'], feature: { discover: ['all'], dashboard: ['all'] }, spaces: ['*'] }, { base: ['read'], feature: { discover: ['all'], dashboard: ['all'] }, spaces: ['marketing', 'sales'] } ] } ``` If the `spaces` property isn't provided (for example if the user isn't using Spaces) then it'll default to `['*']`. There are a few other stipulations that we're implementing with this approach. 1. Each "item" can be for 1 to many spaces OR globally. We can't specify both space privileges and global privileges in the same "item" because for Spaces we translate `all` to `space_all`, etc. so we can give them different privileges, and this becomes problematic when trying to serialize/deserialize to ES. 2. Additionally, each space can only appear once. The ES model would allow this, but the role management UI becomes more complicated if we were to allow this when calculating effective privileges. * Feature Controls - Discover Save Button Test #28500 (#28501) * Adding some debug logs * Setting ui settings using the functional services * Doing the same for the spaces disabled features * Removing console.log debug statements * Using save instead of showWriteControls * Reload when adjusting visible features within the users active space (#28409) ## Summary Changes to the visible features within a space are not visible until the page is refreshed. Because of this, when a user is editing their active space, their changes are not immediately visible. This updates the space management screen to force a refresh when updating the visible features inside the active space. It also introduces a modal warning that this will happen:  * Throwing error if we register a feature after getAll is called (#29030) * Throwing error if we register a feature after getAll is called * Fixing some tests * Fixing feature route tests * Removing unused imports * Fixing merge conflict * Feature Controls - Fixing fallout of removing the legacy fallback (#29141) * Fixing use of mode.useRbacFoRequest to mode.useRbac * Fixing ui capability tests * [Feature Controls] - Fix a11y for customize feature section (#29174) ## Summary Fixes the displayed and announced text for the "show"/"hide" button of the Customize Visible Features section of the spaces management page. This was inadvertently broken following a merge from master at some point. * Feature Controls: Fixing k7's new "nav links" (#29198) * Fixing k7's new applist for feature controls * Renaming appSwitcher to appsMenu * Feature Controls - Dashboard (#29139) * Using addRouteSetupWork to implement the redirect * Using centralized addSetupWork * Fixing dashboard functional feature privileges tests * Ensuring landing page and create dashboard redirect to the home-page * Adding more tests to ensure the redirects work properly * Adding disabled space feature tests for Dashboards * Update src/ui/public/capabilities/route_setup.ts Co-Authored-By: kobelb <brandon.kobel@gmail.com> * Update test/functional/page_objects/common_page.js Co-Authored-By: kobelb <brandon.kobel@gmail.com> * Fixing ui capability tests after adding createNew * Removing unnecessary `return undefined` * requireUICapabilities -> requireUICapability * Updating dashboard ui capability tests * Fixing issue with the selection column appearing on Dashboards * Fixing ui capability dashboard space only tests * [FC] - Move management and catalogue entries out of privilege definition (#28354) * Moves catalogue and management entries from privilege defintion to base feature definition * Update new management menu to respect items disabled via UI Capabilities * add test * re-add index pattern entries * re-add advanced settings icon * fix tests * remove management and catalogue entries from read-only users * bring it back now y'all * catalogue updates for xpack plugins * Introduces 'grantWithBaseRead' flag * update privileges from all -> read where necessary * rename feature builder functions * catalogue and management items should cascade to privileges when not specified * add catalogue entry for uptime app * Simplify feature registrations using inherited catalogue/management entries * consolidate and fix privilege building logic * rename variables * remove debug code * remove duplicate lodash import * Update x-pack/plugins/xpack_main/server/lib/feature_registry/feature_registry.ts Co-Authored-By: legrego <lgregorydev@gmail.com> * [GAP] - Role Management UI (#26840)    --------- Edge-case scenarios: 1) [x] '*' and spaces in the same "entry" Handled via `_transform_errors` at the API level. Renders a partial read-only view in the UI. 2) [x] same space appearing in multiple "entries" Handled via `_transform_errors` at the API level. Renders a partial read-only view in the UI. 3) [x] base and feature privileges being set on the same "entry" UI does not allow this to be set, but UI is smart enough to display the correct effective privilege in this case. 4) [x] multiple base privileges set in the same "entry" UI does not allow this to be set, but UI is smart enough to apply the most permissive base privilege when displaying and performing privilege calculations. 5) [x] multiple feature privileges for the same "entry" (ml_all and ml_read) UI does not allow for this to be set, but UI is smart enough to apply the most permissive base privilege when displaying and performing privilege calculations. -------- ## Summary This updates the role management UI to allow application privileges to be customized globally and per-space. ## TODO: - [x] [First Design review](https://github.com/legrego/kibana/pull/13) - [ ] Second Design review - [ ] Copy review - [x] i18n - [x] Handle deleted/unknown features - [x] Handle deleted/unknown spaces - [x] Cleanup & refactoring - [x] Testing * [Feature Controls, Spaces] - Don't load bundles for hidden apps (#29617) ## Summary This enables the spaces plugin to issue a 404 if the requested application is disabled within the users active space. To enable this functionality, the `app` property was moved to the root feature level, with the option to override at the privilege level. This follows the same logic as `catalogue` and `management` sections. This will enable automatic app "protections" for those which only specify a single UI application, including: 1) Timelion 2) Canvas 3) Monitoring 4) APM 5) Code (when it merges) 6) GIS 7) Graph 8) ML * [Feature Controls] - Copy Edits (#29651) ## Summary Copy edits from today's session * [Feature Controls] - Rename-a-thon (#29709) * post-merge cleanup * [Feature Controls] - fixes from recent merge from master (#29826) ## Summary this pr will contain any required changes to fix CI from the recent merge from master, which includes the new k7 redesign design and dark mode * Feature Controls: Adding privileges tooltip for Dev Tools (#30008) * Adding privileges tooltip for Dev Tools * appeasing the linter * [Feature Controls] - Fix displayed space base privilege (#30133) ## Summary This fixes the displayed space base privilege when a global base privilege is influencing the dropdown control: 1) Add global 'read' privilege 2) Configure space privilege -- note default base privilege of 'read' 3) Change space base privilege to 'custom' Prior to this fix, the dropdown would not honor the change; it would keep 'read' as the selected option. * Feature Controls: Adding read privileges for advanced settings and index patterns (#30106) * Adding read privileges for advanced settings and index patterns * Fixing the tests and the actual code itself * Feature Controls - spaces not a security mechanism warning (#29853) * Changing copy for the spaces not a security mechanism warning * Using Gail's wording * [Feature Controls] - Fixes from merging from master (8.0) (#30267) * improve typings * fix xpack_main type definitions * test updates * Fc/functional test move (#29835) * Moving dashboard feature control tests to the dashboard application * Moving more tests around * Fixing some tests, no longer using uiSettings service, doesn't play nicely with spaces * Fixing esarchived issue * Renaming some files * [Feature Controls] - Readonly view for Advanced Settings using UICapabilities (#30243) ## Summary This builds on the work done in https://github.com/elastic/kibana/pull/30106 to enable a read-only mode for the Advanced Settings screen: - Input fields are disabled - Save options are not displayed - "Reset to default" options are not displayed * Feature Controls: No Wildcards (#30169) * A poorly named abstraction enters the room * No more wildcards, starting to move some stuff around * Splitting out the feature privilege builders * Using actions instead of relying on their implementation * We don't need the saved object types any longer * Explicitly specifying some actions that used to rely on wildcards * Fixing api integration test for privileges * Test fixture plugin which adds the globaltype now specifies a feature * Unauthorized to find unknown types now * Adding tests for features with no privileges * Update x-pack/test/saved_object_api_integration/security_and_spaces/apis/find.ts Co-Authored-By: kobelb <brandon.kobel@gmail.com> * Adding back accidentally deleted test * Using the shared XPackMainPlugin definition * Fixing privileges * [Feature Controls] - Readonly mode for Canvas using UICapabilities (#29264) ## Summary Updates Canvas to respect UICapabilities when determining if a user has read or read/write access to the application: 1) Adds a `showWriteControls` UI Capability to the Canvas's `all` privilege. 2) Removes the `setCanUserWrite` Redux action 3) Sets the initial (and only) state for `state.transient.canUserWrite` based on the UI Capability. Closes https://github.com/elastic/kibana/issues/27695 * [Feature Controls] - Readonly mode for Maps using UICapabilities (#30437) ## Summary This updates the maps application to support a read-only mode: 1) Removes selection/delete from Maps listing page 2) Removes "save" option ## TODO: - [x] Functional UI Tests * Add typings for x-pack/test to support .html imports (#30570) We're importing `ui/capabilities` from the x-pack/test project, which implicitly traverses into typings which are potentially importing .html files, so we have to teach TypeScript about it. * [Feature Controls] - Readonly mode for Timelion using UICapabilities (#30128) ## Summary Updates Timelion to respect UICapabilities when determining if a user has read or read/write access to the application. A previous PR was responsible for hiding the save controls, but this PR adds testing and the appropriate UICapabilities to the registered privilege definition. * remove stray debug code * [Feature Controls] - Updates from src/ui move to src/legacy/ui (#30678) * dummy commit * fix import path * update message identifier * fix snapshot * remove unused translations * Feature Controls: Adding read/write privileges for all applications (#30732) * Adding read/write privileges for all applications * Using default for advanced settings, canvas, maps and timelion * Update x-pack/test/ui_capabilities/security_only/tests/canvas.ts Co-Authored-By: kobelb <brandon.kobel@gmail.com> * Update x-pack/test/ui_capabilities/security_only/tests/canvas.ts Co-Authored-By: kobelb <brandon.kobel@gmail.com> * Update x-pack/test/ui_capabilities/security_only/tests/maps.ts Co-Authored-By: kobelb <brandon.kobel@gmail.com> * Update x-pack/test/ui_capabilities/security_only/tests/maps.ts Co-Authored-By: kobelb <brandon.kobel@gmail.com> * Update x-pack/test/ui_capabilities/security_only/tests/timelion.ts Co-Authored-By: kobelb <brandon.kobel@gmail.com> * [Feature Controls] - Readonly mode for Visualize using UICapabilities (#29714) * enable read-only view, and enable app redirection for visualize app * Hide 'Edit Visualization' dashboard context menu item if visualizations are not editable * Hide 'Add new visualization' button if action is not available * show 'Visualize' button on discover view only if viz app is available * update tests * allow visualizations to be created, but not saved for read-only users * adds functional tests for visualize * add tests for showing/hiding the visualize button in the discover app * fix visualize tests following merge from master * tests for edit viz feature from dashboards * cleanup * remove unnecessary call to set ui settings * remove unused variables * reduce flakyness of tsvb tests * renames visualize.showWriteControls => visualize.save * fix ui capability tests * fix tests * fix references to timePicker page object * fix ts errors * adds 'editable' property to embeddable metadata instead of hardcoded capability checks * Remove unnecessary read-only considerations * revert unnecessary mock changes * [Feature Controls] - Adds missing uptime icon (#30716) ## Summary Adds missing feature icon for Uptime application. Needs https://github.com/elastic/kibana/pull/30678 to merge before this will go green. * Feature Controls - Fix branch (#31135) * Updating snapshot * Switching visualize to use the default branch of the switch * Fixing esarchive * Feature Controls - Graph (#30762) * Adding graph functional tests * Fixing Privilieges API test * Adding graph ui capability tests * Update x-pack/test/ui_capabilities/security_only/tests/graph.ts Co-Authored-By: kobelb <brandon.kobel@gmail.com> * Update x-pack/test/ui_capabilities/security_only/tests/graph.ts Co-Authored-By: kobelb <brandon.kobel@gmail.com> * Update x-pack/test/ui_capabilities/security_and_spaces/tests/graph.ts Co-Authored-By: kobelb <brandon.kobel@gmail.com> * Update x-pack/test/ui_capabilities/security_only/tests/graph.ts Co-Authored-By: kobelb <brandon.kobel@gmail.com> * Update x-pack/test/ui_capabilities/spaces_only/tests/graph.ts Co-Authored-By: kobelb <brandon.kobel@gmail.com> * Apply suggestions from code review Co-Authored-By: kobelb <brandon.kobel@gmail.com> * Removing hard-coded constants * Adding Graph delete button * Fixing ui capability tests * [Feature Controls] - Fixes page width for spaces management screen (#30723) ## Summary Fixes the skinny spaces management screen following the redesign of the overall management area. Needs https://github.com/elastic/kibana/pull/30678 to merge before this will go green. * Feature Controls - Dev Tools (#30712) * Adding functional tests * Addingn Dev_Tools ui capability tests * Adding some api tests for console's API * Apply suggestions from code review Co-Authored-By: kobelb <brandon.kobel@gmail.com> * Moving uiCapability definition * Giving user_1 dashboard access to space_2 * Using the default in the switch for devtools/visualize * Using forceLogout, maps are leaving us on a 404 page * Fixing privileges API tests * Feature Controls- Fix Merge Conflicts (#31651) * Removing duplicated and outdated tests * Updating snapshot * Fixing type script errors * Getting rid of some double quotes * Adding saved_object:url access to discover temporarily to fix tests * Fixing dashboard tests, updating snapshots * Fixing security only find tests * Removing reduntant test * Trying to give it more time * Fixing it 20 seconds to redirect away from the create new dashboard * Feature Controls - No more route defaults for dashboards (#31767) * No more route defaults for dashboards * Verbose logging... * Changing some ciGroups to try to narrow down the problem * Revert "Verbose logging..." This reverts commit |
