## Summary
Handles :
### Issue with Batches
- https://github.com/elastic/kibana/issues/201405
- Timeline had a bug where if users fetched multiple batches and then if
user adds a new column, the value of this new columns will only be
fetched for the latest batch and not old batches.
- This PR fixes that ✅ by cumulatively fetching the data for old batches
till current batch `iff a new column has been added`.
- For example, if user has already fetched the 3rd batch, data for
1st,2nd and 3rd will be fetched together when a column has been added,
otherwise, data will be fetched incrementally.
### Issue with Elastic search limit
- Elastic search has a limit of 10K hits at max but we throw error at
10K which should be allowed.
- Error should be thrown at anything `>10K`. 10001 for example.
- ✅ This PR fixes that just for timeline by allowing 10K hits.
### Removal of obsolete code
Below files related to old Timeline code are removed as well:
-
x-pack/plugins/security_solution/public/timelines/components/timeline/footer/index.test.tsx
-
x-pack/plugins/security_solution/public/timelines/components/timeline/footer/index.tsx
---------
Co-authored-by: Philippe Oberti <philippe.oberti@elastic.co>
1. Migrated stack-connector `.inference` to use share UI components
https://github.com/elastic/kibana/pull/203204
2. Extended package `@kbn/inference-endpoint-ui-common` to support edit
mode for the form of the connector, by adding the optional property
`isEdit` to `InferenceServiceFormFields` component
3. Resolves flaky timing out test
https://github.com/elastic/kibana/issues/205129
---------
Co-authored-by: Samiul Monir <samiul.monir@elastic.co>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
While refreshing my memory on how we are using the Elasticsearch
`preference` parameter, I noticed we had a method `getEsPreference` that
was exported but not used. We then had an additional method
`getPreference` that was being used to actually set the parameter. I
consolidated these into one place and moved the tests so that we can
utilize it when ES|QL supports this parameter.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: Marco Vettorello <vettorello.marco@gmail.com>
## Summary
This PR introduces changes to `x-pack/plugins/monitoring` necessary for
the Visual Refresh project
(https://github.com/elastic/kibana/issues/199715):
- replacing `euiThemeVars` with `euiTheme` context
- replacing old tokens with `euiTheme`
- making sure all color palette functions are run within the context of
the `EuiProvider`
Additionally:
- I migrated Sass to `@emotion/react`
- I migrated `euiStyled` to `@emotion/react`
- I extended `emotion.d.ts` in `tsconfig.json` for typing of the EUI
theme
closes [#8228](https://github.com/elastic/eui/issues/8228)
### QA
We need to test the critical paths in the Stack monitoring, paying close
attention to:
- [ ] color palette, visibility and contrast ratio of elements in
Amsterdam / Borealis
Specific paths:
- [ ] Monitoring time-series "Zoom out" button hover behavior -
`x-pack/plugins/monitoring/public/components/chart/monitoring_timeseries_container.tsx`
- [ ] Shard allocation (especially color mapping with shard type and
status):
- [ ]
`x-pack/plugins/monitoring/public/components/elasticsearch/shard_allocation/components/assigned.js`
- [ ]
`x-pack/plugins/monitoring/public/components/elasticsearch/shard_allocation/components/shard.js`
- [ ] Kuery bar suggestions and autocomplete field:
- [ ]
`x-pack/plugins/monitoring/public/components/kuery_bar/autocomplete_field.tsx`
- [ ]
`x-pack/plugins/monitoring/public/components/kuery_bar/suggestion_item.tsx`
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
https://github.com/elastic/kibana/pull/199071 introduced a daily
pipeline to run acceptance tests against the latest EPR image and to
promote the image if successful.
This updates our tests to start using the daily promotion except when
running the acceptance tests.
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[@types/diff](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/diff)
([source](https://togithub.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/diff))
| devDependencies | major | [`^5.0.8` ->
`^6.0.0`](https://renovatebot.com/diffs/npm/@types%2fdiff/5.0.8/6.0.0) |
| [diff](https://togithub.com/kpdecker/jsdiff) | dependencies | major |
[`^5.1.0` ->
`^7.0.0`](https://renovatebot.com/diffs/npm/diff/5.1.0/7.0.0) |
|
[fastest-levenshtein](https://togithub.com/ka-weihe/fastest-levenshtein)
| dependencies | patch | [`^1.0.12` ->
`^1.0.16`](https://renovatebot.com/diffs/npm/fastest-levenshtein/1.0.12/1.0.16)
|
---
### Release Notes
<details>
<summary>kpdecker/jsdiff (diff)</summary>
###
[`v7.0.0`](https://togithub.com/kpdecker/jsdiff/blob/HEAD/release-notes.md#700)
[Compare
Source](https://togithub.com/kpdecker/jsdiff/compare/v6.0.0...7.0.0)
Just a single (breaking) bugfix, undoing a behaviour change introduced
accidentally in 6.0.0:
- [#​554](https://togithub.com/kpdecker/jsdiff/pull/554)
**`diffWords` treats numbers and underscores as word characters again.**
This behaviour was broken in v6.0.0.
###
[`v6.0.0`](https://togithub.com/kpdecker/jsdiff/blob/HEAD/release-notes.md#600)
[Compare
Source](https://togithub.com/kpdecker/jsdiff/compare/v5.2.0...v6.0.0)
This is a release containing many, *many* breaking changes. The
objective of this release was to carry out a mass fix, in one go, of all
the open bugs and design problems that required breaking changes to fix.
A substantial, but exhaustive, changelog is below.
[Commits](https://togithub.com/kpdecker/jsdiff/compare/v5.2.0...v6.0.0)
- [#​497](https://togithub.com/kpdecker/jsdiff/pull/497)
**`diffWords` behavior has been radically changed.** Previously, even
with `ignoreWhitespace: true`, runs of whitespace were tokens, which led
to unhelpful and unintuitive diffing behavior in typical texts.
Specifically, even when two texts contained overlapping passages,
`diffWords` would sometimes choose to delete all the words from the old
text and insert them anew in their new positions in order to avoid
having to delete or insert whitespace tokens. Whitespace sequences are
no longer tokens as of this release, which affects both the generated
diffs and the `count`s.
Runs of whitespace are still tokens in `diffWordsWithSpace`.
As part of the changes to `diffWords`, **a new `.postProcess` method has
been added on the base `Diff` type**, which can be overridden in custom
`Diff` implementations.
**`diffLines` with `ignoreWhitespace: true` will no longer ignore the
insertion or deletion of entire extra lines of whitespace at the end of
the text**. Previously, these would not show up as insertions or
deletions, as a side effect of a hack in the base diffing algorithm
meant to help ignore whitespace in `diffWords`. More generally, **the
undocumented special handling in the core algorithm for ignored
terminals has been removed entirely.** (This special case behavior used
to rewrite the final two change objects in a scenario where the final
change object was an addition or deletion and its `value` was treated as
equal to the empty string when compared using the diff object's
`.equals` method.)
- [#​500](https://togithub.com/kpdecker/jsdiff/pull/500)
**`diffChars` now diffs Unicode code points** instead of UTF-16 code
units.
- [#​508](https://togithub.com/kpdecker/jsdiff/pull/508)
**`parsePatch` now always runs in what was previously "strict" mode; the
undocumented `strict` option has been removed.** Previously, by default,
`parsePatch` (and other patch functions that use it under the hood to
parse patches) would accept a patch where the line counts in the headers
were inconsistent with the actual patch content - e.g. where a hunk
started with the header `@@​ -1,3 +1,6 @​@​`,
indicating that the content below spanned 3 lines in the old file and 6
lines in the new file, but then the actual content below the header
consisted of some different number of lines, say 10 lines of context, 5
deletions, and 1 insertion. Actually trying to work with these patches
using `applyPatch` or `merge`, however, would produce incorrect results
instead of just ignoring the incorrect headers, making this "feature"
more of a trap than something actually useful. It's been ripped out, and
now we are always "strict" and will reject patches where the line counts
in the headers aren't consistent with the actual patch content.
- [#​435](https://togithub.com/kpdecker/jsdiff/pull/435) **Fix
`parsePatch` handling of control characters.** `parsePatch` used to
interpret various unusual control characters - namely vertical tabs,
form feeds, lone carriage returns without a line feed, and EBCDIC NELs -
as line breaks when parsing a patch file. This was inconsistent with the
behavior of both JsDiff's own `diffLines` method and also the Unix
`diff` and `patch` utils, which all simply treat those control
characters as ordinary characters. The result of this discrepancy was
that some well-formed patches - produced either by `diff` or by JsDiff
itself and handled properly by the `patch` util - would be wrongly
parsed by `parsePatch`, with the effect that it would disregard the
remainder of a hunk after encountering one of these control characters.
- [#​439](https://togithub.com/kpdecker/jsdiff/pull/439) **Prefer
diffs that order deletions before insertions.** When faced with a choice
between two diffs with an equal total edit distance, the Myers diff
algorithm generally prefers one that does deletions before insertions
rather than insertions before deletions. For instance, when diffing
`abcd` against `acbd`, it will prefer a diff that says to delete the `b`
and then insert a new `b` after the `c`, over a diff that says to insert
a `c` before the `b` and then delete the existing `c`. JsDiff deviated
from the published Myers algorithm in a way that led to it having the
opposite preference in many cases, including that example. This is now
fixed, meaning diffs output by JsDiff will more accurately reflect what
the published Myers diff algorithm would output.
- [#​455](https://togithub.com/kpdecker/jsdiff/pull/455) **The
`added` and `removed` properties of change objects are now guaranteed to
be set to a boolean value.** (Previously, they would be set to
`undefined` or omitted entirely instead of setting them to false.)
- [#​464](https://togithub.com/kpdecker/jsdiff/pull/464)
Specifying `{maxEditLength: 0}` now sets a max edit length of 0 instead
of no maximum.
- [#​460](https://togithub.com/kpdecker/jsdiff/pull/460) **Added
`oneChangePerToken` option.**
- [#​467](https://togithub.com/kpdecker/jsdiff/pull/467)
**Consistent ordering of arguments to `comparator(left, right)`.**
Values from the old array will now consistently be passed as the first
argument (`left`) and values from the new array as the second argument
(`right`). Previously this was almost (but not quite) always the other
way round.
- [#​480](https://togithub.com/kpdecker/jsdiff/pull/480) **Passing
`maxEditLength` to `createPatch` & `createTwoFilesPatch` now works
properly** (i.e. returns undefined if the max edit distance is exceeded;
previous behavior was to crash with a `TypeError` if the edit distance
was exceeded).
- [#​486](https://togithub.com/kpdecker/jsdiff/pull/486) **The
`ignoreWhitespace` option of `diffLines` behaves more sensibly now.**
`value`s in returned change objects now include leading/trailing
whitespace even when `ignoreWhitespace` is used, just like how with
`ignoreCase` the `value`s still reflect the case of one of the original
texts instead of being all-lowercase. `ignoreWhitespace` is also now
compatible with `newlineIsToken`. Finally, **`diffTrimmedLines` is
deprecated** (and removed from the docs) in favour of using `diffLines`
with `ignoreWhitespace: true`; the two are, and always have been,
equivalent.
- [#​490](https://togithub.com/kpdecker/jsdiff/pull/490) **When
calling diffing functions in async mode by passing a `callback` option,
the diff result will now be passed as the *first* argument to the
callback instead of the second.** (Previously, the first argument was
never used at all and would always have value `undefined`.)
- [#​489](togithub.com/kpdecker/jsdiff/pull/489) **`this.options`
no longer exists on `Diff` objects.** Instead, `options` is now passed
as an argument to methods that rely on options, like `equals(left,
right, options)`. This fixes a race condition in async mode, where
diffing behaviour could be changed mid-execution if a concurrent usage
of the same `Diff` instances overwrote its `options`.
- [#​518](https://togithub.com/kpdecker/jsdiff/pull/518)
**`linedelimiters` no longer exists** on patch objects; instead, when a
patch with Windows-style CRLF line endings is parsed, **the lines in
`lines` will end with `\r`**. There is now a **new
`autoConvertLineEndings` option, on by default**, which makes it so that
when a patch with Windows-style line endings is applied to a source file
with Unix style line endings, the patch gets autoconverted to use
Unix-style line endings, and when a patch with Unix-style line endings
is applied to a source file with Windows-style line endings, it gets
autoconverted to use Windows-style line endings.
- [#​521](https://togithub.com/kpdecker/jsdiff/pull/521) **the
`callback` option is now supported by `structuredPatch`, `createPatch`,
and `createTwoFilesPatch`**
- [#​529](https://togithub.com/kpdecker/jsdiff/pull/529)
**`parsePatch` can now parse patches where lines starting with `--` or
`++` are deleted/inserted**; previously, there were edge cases where the
parser would choke on valid patches or give wrong results.
- [#​530](https://togithub.com/kpdecker/jsdiff/pull/530) **Added
`ignoreNewlineAtEof` option to `diffLines`**
- [#​533](https://togithub.com/kpdecker/jsdiff/pull/533)
**`applyPatch` uses an entirely new algorithm for fuzzy matching.**
Differences between the old and new algorithm are as follows:
- The `fuzzFactor` now indicates the maximum [*Levenshtein*
distance](https://en.wikipedia.org/wiki/Levenshtein_distance) that there
can be between the context shown in a hunk and the actual file content
at a location where we try to apply the hunk. (Previously, it
represented a maximum [*Hamming*
distance](https://en.wikipedia.org/wiki/Hamming_distance), meaning that
a single insertion or deletion in the source file could stop a hunk from
applying even with a high `fuzzFactor`.)
- A hunk containing a deletion can now only be applied in a context
where the line to be deleted actually appears verbatim. (Previously, as
long as enough context lines in the hunk matched, `applyPatch` would
apply the hunk anyway and delete a completely different line.)
- The context line immediately before and immediately after an insertion
must match exactly between the hunk and the file for a hunk to apply.
(Previously this was not required.)
- [#​535](https://togithub.com/kpdecker/jsdiff/pull/535) **A bug
in patch generation functions is now fixed** that would sometimes
previously cause `\ No newline at end of file` to appear in the wrong
place in the generated patch, resulting in the patch being invalid.
- [#​535](https://togithub.com/kpdecker/jsdiff/pull/535) **Passing
`newlineIsToken: true` to *patch*-generation functions is no longer
allowed.** (Passing it to `diffLines` is still supported - it's only
functions like `createPatch` where passing `newlineIsToken` is now an
error.) Allowing it to be passed never really made sense, since in cases
where the option had any effect on the output at all, the effect tended
to be causing a garbled patch to be created that couldn't actually be
applied to the source file.
- [#​539](https://togithub.com/kpdecker/jsdiff/pull/539)
**`diffWords` now takes an optional `intlSegmenter` option** which
should be an `Intl.Segmenter` with word-level granularity. This provides
better tokenization of text into words than the default behaviour, even
for English but especially for some other languages for which the
default behaviour is poor.
###
[`v5.2.0`](https://togithub.com/kpdecker/jsdiff/blob/HEAD/release-notes.md#v520)
[Compare
Source](https://togithub.com/kpdecker/jsdiff/compare/v5.1.0...v5.2.0)
[Commits](https://togithub.com/kpdecker/jsdiff/compare/v5.1.0...v5.2.0)
- [#​411](https://togithub.com/kpdecker/jsdiff/pull/411) Big
performance improvement. Previously an O(n) array-copying operation
inside the innermost loop of jsdiff's base diffing code increased the
overall worst-case time complexity of computing a diff from O(n²) to
O(n³). This is now fixed, bringing the worst-case time complexity down
to what it theoretically should be for a Myers diff implementation.
- [#​448](https://togithub.com/kpdecker/jsdiff/pull/448)
Performance improvement. Diagonals whose furthest-reaching D-path would
go off the edge of the edit graph are now skipped, rather than being
pointlessly considered as called for by the original Myers diff
algorithm. This dramatically speeds up computing diffs where the new
text just appends or truncates content at the end of the old text.
- [#​351](https://togithub.com/kpdecker/jsdiff/issues/351)
Importing from the lib folder - e.g. `require("diff/lib/diff/word.js")`
- will work again now. This had been broken for users on the latest
version of Node since Node 17.5.0, which changed how Node interprets the
`exports` property in jsdiff's `package.json` file.
- [#​344](https://togithub.com/kpdecker/jsdiff/issues/344)
`diffLines`, `createTwoFilesPatch`, and other patch-creation methods now
take an optional `stripTrailingCr: true` option which causes
Windows-style `\r\n` line endings to be replaced with Unix-style `\n`
line endings before calculating the diff, just like GNU `diff`'s
`--strip-trailing-cr` flag.
- [#​451](https://togithub.com/kpdecker/jsdiff/pull/451) Added
`diff.formatPatch`.
- [#​450](https://togithub.com/kpdecker/jsdiff/pull/450) Added
`diff.reversePatch`.
- [#​478](https://togithub.com/kpdecker/jsdiff/pull/478) Added
`timeout` option.
</details>
<details>
<summary>ka-weihe/fastest-levenshtein (fastest-levenshtein)</summary>
###
[`v1.0.16`](https://togithub.com/ka-weihe/fastest-levenshtein/compare/1.0.15...03d621ba324d0f665b3b7f557429ca622560d9a3)
[Compare
Source](https://togithub.com/ka-weihe/fastest-levenshtein/compare/1.0.15...03d621ba324d0f665b3b7f557429ca622560d9a3)
###
[`v1.0.15`](37bd0917de...1.0.15)
[Compare
Source](37bd0917de...1.0.15)
###
[`v1.0.14`](45d58d245e...37bd0917de8347c73d67467bd1c5ea803cba5f94)
[Compare
Source](45d58d245e...37bd0917de8347c73d67467bd1c5ea803cba5f94)
###
[`v1.0.13`](606c132c58...45d58d245e0d75138bb7da00dd1188ef8d6fdb84)
[Compare
Source](606c132c58...45d58d245e0d75138bb7da00dd1188ef8d6fdb84)
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Renovate
Bot](https://togithub.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MjUuMSIsInVwZGF0ZWRJblZlciI6IjM3LjQyNS4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOkRhdGFEaXNjb3ZlcnkiLCJiYWNrcG9ydDphbGwtb3BlbiIsInJlbGVhc2Vfbm90ZTpza2lwIl19-->
---------
Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Davis McPhee <davis.mcphee@elastic.co>
Co-authored-by: Nikita Indik <nikita.indik@elastic.co>
Co-authored-by: Matthias Wilhelm <matthias.wilhelm@elastic.co>
## Summary
Unskips flaky tests.
Passed in stateful and serverless for 50 iterations.
Previous failures related to fleet integration package failures. The
logic for installing the synthetics integration via fleet was changed to
improve flakiness in #204273. Those changes have also impacted the
flakiness of these tests.
Part of https://github.com/elastic/kibana/issues/180908
## Summary
**EDR Connector Subfeature Privilege**
This PR creates a new EDR connector sub-feature privilege under the read
privilege for connectors. The read privilege currently allows users to
execute connectors, and this new privilege will limit some of the
connectors that can be executed. When the EDR privilege is turned on,
users will be able to execute EDR connectors, and when it is off they
will not execute. This new privilege includes SentinelOne and
Crowdstrike connectors.
To determine which connectors are considered EDR connectors, we
leverage`getKibanaPrivileges` in the connector type definition. I
removed the restrictions to use this field only for system actions and
renamed `getSystemActionKibanaPrivileges` to
`getActionKibanaPrivileges`. I also added a field, `subFeatureType `, to
the connector type definition to help disable testing/executing an
connectors that are restricted under a sub-feature.
**EDR Connector Execution for Testing**
The execution of EDR connectors using the API is limited to a single
sub-action for testing purposes. This ensures users can still
configure/test EDR connectors. In a separate
[PR](https://github.com/elastic/kibana/pull/204804), I added back the
SentinelOne and Crowdstrike params UIs with options restricted to one
sub-action.
**Rule API and Feature Configuration Updates**
Validation has been added to the rule APIs to enforce restrictions on
adding EDR connectors. The connector feature configuration has been
updated to include a new feature ID, EdrForSecurityFeature, which
ensures that EDR connectors are hidden on the rule form.
Note: I saw that EDR connectors are also temporarily restricted in the
Security Solution UI. To streamline this, I removed the
`isBidirectionalConnectorType` check in `action_type_registry.ts`.
Instead, I removed `SecurityConnectorFeatureId` from the
`supportedFeatureIds` of the SentinelOne connector type definition.
### Checklist
Check the PR satisfies following conditions.
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
## To test
**EDR Connector Subfeature Privilege**
1. Create a new role and disable EDR connectors under the Actions and
Connectors privilege
2. Create a new user and assign that role to user
3. Create a Sentinel One connector (It doesn't need to work, you can use
fake values for the url and token)
4. Login as the new user and run the following in Dev Tools to verify
that you aren't authorized execute the Sentinel One connector
```
POST kbn:/api/actions/connector/$CONNECTOR_ID/_execute
{
"params": {
"subAction": "getAgents",
"subActionParams": {}
}
}
```
7. Update the role to enable EDR connectors and repeat the steps to
verify that you are authorized to run the connector. (It will fail but
verify it's not Unauthorized)
**EDR Connector Execution for Testing**
1. Enable the EDR connectors privilege in the role you created above and
log in as the user you created above.
2. Run the following in Dev Tools to verify that you are authorized
execute the Sentinel One connector using only the `getAgents`
sub-action. (It will fail but verify it's not `Unauthorized`)
```
POST kbn:/api/actions/connector/$CONNECTOR_ID/_execute
{
"params": {
"subAction": "getAgents",
"subActionParams": {}
}
}
```
3. Run it again but replace the `subAction` with `isolateHost`. Verify
that you get an unauthorized error.
**Rule API and Feature Configuration Updates**
1. 1. Enable the EDR connectors privilege in the role you created above
and log in as the user you created above.
2. Go to Stack Management
3. Try to create a rule, and verify that you don't see the SentinelOne
connector.
4. Try to create a rule using the API and add your SentinelOne
connector, verify that the API throws an error.
```
POST kbn:/api/alerting/rule
{
"tags": [],
"params": {},
"schedule": {
"interval": "1m"
},
"consumer": "alerts",
"name": "Always firing rule",
"rule_type_id": "example.always-firing",
"actions": [
{
"group": "small",
"id": "$CONNECTOR_ID",
"params": {
"subAction": "isolateAgent",
"subActionParams": {}
},
"frequency": {
"notify_when": "onActionGroupChange",
"throttle": null,
"summary": false
}
}
],
"alert_delay": {
"active": 1
}
}
```
5. You can test the same behaviors when trying to add a SentinelOne
connector to existing rules.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
After merging #202748, #204959, and #201653, all of the properties in
some telemetry schemas were moved completely, but `node
scripts/telemetry_check --fix` didn't update the `properties` object
correctly.
Also, in #202748 and #201653, the relocation script changed some paths,
confusing them with `@kbn/security-plugin` and `@kbn/cloud-plugin`.
## Summary
This PR includes the following changes to the graph investigation
component:
- Add "Investigate in timeline" button to the graph in the expanded
flyout (applying the same filters to the timeline)
- Move graph control buttons to the right and align their design
https://github.com/user-attachments/assets/6e7c59a7-150d-4046-8e3d-14790b8f6d4d
<details>
<summary>New storybook stories 📹 </summary>
https://github.com/user-attachments/assets/adf64f7f-3bd3-499e-b9ba-f8040df729e7
</details>
**How to test:**
To test this PR using storybook (alternatively access to storybooks
attached to this build)
```
yarn storybook cloud_security_posture_packages
```
To test e2e:
- Enable the feature flag
`kibana.dev.yml`:
```yaml
uiSettings.overrides.securitySolution:enableVisualizationsInFlyout: true
xpack.securitySolution.enableExperimental: ['graphVisualizationInFlyoutEnabled']
```
- Load mocked data:
```bash
node scripts/es_archiver load x-pack/test/cloud_security_posture_functional/es_archives/logs_gcp_audit \
--es-url http://elastic:changeme@localhost:9200 \
--kibana-url http://elastic:changeme@localhost:5601
node scripts/es_archiver load x-pack/test/cloud_security_posture_functional/es_archives/security_alerts \
--es-url http://elastic:changeme@localhost:9200 \
--kibana-url http://elastic:changeme@localhost:5601
```
- Make sure you include data from Oct 13 2024. (in the video I use Last
year)
To run FTR tests:
```
yarn test:ftr:server --config x-pack/test/cloud_security_posture_functional/config.ts
yarn test:ftr:runner --config x-pack/test/cloud_security_posture_functional/config.ts --grep="Graph visualization"
```
### Checklist
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Fixed broken CI. The bug was happening due to moving file roots while
not updating the telemetry.rc file and the .json schema files properly
…s to Emotion
Addresses #205449
This PR migrates `ecs_data_quality_dashboard` package from
`styled-components` to `emotion`. In the process we also convert the
`kbn/ui-theme` json tokens to `euiTheme` counterparts.
Additionally we decorate root `babel-jest`
[transform](211d4a6889/packages/kbn-test/src/jest/transforms/babel.js)
locally in `security_solution/public/overview` and
`ecs_data_quality_dashboard` package folder to include
`@emotion/babel-preset-css-prop`.
The reason for local `babel-jest` transforms is that root `babel-jest`
transform doesn't include `@emotion/babel-preset-css-prop` which is
necessary for proper compilation of emotion css prop in tests. Without
it there is a warning
appearing in every test that tests a component that uses css prop with
theme function passed into it. Other use cases seem to be compiling fine
without this babel preset. But theme callback is a valid way of using
emotion so we shouldn't avoid using it just because it's not added
properly to the test compilation step. Hence I am adding it locally to
`ecs_data_quality_dashboard` package and
`security_solution/public/overview`.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
This PR updates the function definitions and inline docs based on the
latest metadata from Elasticsearch.
Co-authored-by: Stratoula Kalafateli <efstratia.kalafateli@elastic.co>
## Summary
Resolves https://github.com/elastic/kibana/issues/192886
- Unskips `knowledge_base_user_instructions.spec.ts` in serverless
- stays skipped in mki due to proxy usage issue
- Duplicates new changes from non serverless
- Removes `skipInMKI` tags for:
`knowledge_base_setup.spec.ts`
`knowledge_base.spec.ts `
`knowledge_base_status.spec.ts`
If https://github.com/elastic/kibana/issues/192718 is merged before
this, I will move `knowledge_base_user_instructions.spec.ts` to
deployment agnostic. Otherwise It can be done in that PR or another.
Previously reverted due to the number of statuses we were tracking, and
the subsequent rate limiting.
The number of updates we need to do after
https://github.com/elastic/kibana/pull/199073 is significantly lower.
We've already been using org-wide status checks for [on-merge commit
statuses](https://github.com/elastic/kibana/commits/main) in the interim
and are not seeing issues.
## Summary
This PR addresses the issue where when user opens new tab by clicking on
popout icon on Alerts Data grid on Alerts preview Contextual flyout, the
date from original tab is not retained, as such there are scenario where
user don't see any alerts on new tab because its defaulted to today when
the alerts only exist from view days ago
https://github.com/user-attachments/assets/58a30d7d-18b3-47a8-ab4b-2ce143583368
Resolves https://github.com/elastic/kibana/issues/182229
## Release Note
Remove Logs Explorer
## Summary
- Removes the Discover/Logs Explorer tabs in the top nav
- Changes all links to Logs Explorer in other applications to Discover
- Removes all APIs exposed by Logs Explorer
Note: This does not remove Logs Explorer from the codebase. There will
be a follow up for that work.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
