When setting the `canViewMlNodes`, we were assuming a serverless
environment based on whether all ML features (ad, dfa, nlp) were
enabled. When this was originally implemented no serverless project had
all three features enabled.
Since then the security project has
[changed](https://github.com/elastic/kibana/pull/175358) to include all
three features.
This PR add an explicit check for serverless and disables
`canViewMlNodes` if it is true.
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## Summary
Another follow up to https://github.com/elastic/kibana/pull/212694
- Removes `alertWithSuppression` from `sharedParams` since it's already
available on `services`
- Updates the type of `services` throughout DE executor logic to
properly represent that it has `alertWithSuppression`
- Removes `experimentalFeatures` as a param from functions that no
longer need it
- Converts `bulkCreate` from a factory to a const function
- Converts `enrichAlerts` from a factory to a const function - but
enrichment logic is still passed to the persistence functions as a
function. Now it's just one layer of factories instead of two.
- Renames types related to `enrichAlerts` to match the function
names/responsibilities better
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Part of https://github.com/elastic/kibana/issues/195418
This removes the final deprecated property from the command definitions:
the signature.
Most of the work was moving validation logic out of the generic paths
into command-specific validation methods. This exercise confirmed the
fact that many of the properties on the command signatures were added to
support something in one or two commands and did not apply to the vast
majority. Now, it is clearer what code applies to what commands.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## Summary
This PR changes the privilege's actions merging logic for the composable
and deprecated Kibana features. The change makes it possible to have any
number of composable and deprecated features chained by `replaceBy`,
`composedOf`, or a combination of the two.
Under the hood, the privileges factory sorts all deprecated and
composable privileges using Kahn's algorithm for topological sorting,
similar to what is used to sort Kibana plugin dependencies. This allows
us to not only detect cyclical dependencies but also sort privileges in
the proper order depending on their dependency chain.
The use cases addressed by this change are best illustrated by the
`actions should respect composedOf when specified with replaceBy at the
privilege` test in `privileges.test.ts`.
## Summary
With #212397 we added 2 tests for Discover app (loading `/app/discover`)
to track:
- js bundles loaded on page
- perf metrics like CPU time, Layout time and Script time fetched with
CDP Performance Domain API
While the first test for bundles _didn't report any failures_, second
test to validate Perf metrics fails periodically:
https://buildkite.com/elastic/kibana-on-merge-unsupported-ftrs/builds/34729#0195a4de-6cd5-4d1e-be11-5d02be6de2b0
```
Error: CPU time (seconds) usage during page navigation should not exceed 1.5 seconds
expect(received).toBeLessThan(expected)
Expected: < 1.5
Received: 1.591343
```
https://buildkite.com/elastic/kibana-on-merge-unsupported-ftrs/builds/34877
```
Error: Additional time spent executing JS scripts should not exceed 0.5 second
expect(received).toBeLessThan(expected)
Expected: < 0.5
Received: 0.601434
```
https://buildkite.com/elastic/kibana-on-merge-unsupported-ftrs/builds/34899
```
Error: Total layout computation time should not exceed 0.06 second
expect(received).toBeLessThan(expected)
Expected: < 0.06
Received: 0.061723
```
https://buildkite.com/elastic/kibana-on-merge-unsupported-ftrs/builds/34912#0195adb8-4536-42b7-ab4d-524535fdad9a
```
Error: Additional time spent executing JS scripts should not exceed 0.5 second
expect(received).toBeLessThan(expected)
Expected: < 0.5
Received: 0.561259
```
It was worth an experiment, but due to flakiness we decided to keep only
bundles limits validation for now and see if it is stable in the long
run.
If Data-Discovery team has interest in collecting Perf metrics without
strict validation in PRs, we can discuss the options. Alternatively we
can wait for Scout GA and you can deep dive into your own performance
testing with Playwright/CDP.
## Summary
I refactored the flapping code on ON week in PR
https://github.com/elastic/kibana/pull/213825 , and I removed an
optimization for removing recovered alerts from the task state that we
don't need to track for flapping. This PR adds it back.
### Checklist
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
### To verify
1. Create an rule let it be active for a little and then let it recover.
2. Verify that once the flapping array doesn't have any `true` values
changes
## Summary
Fixes https://github.com/elastic/kibana/issues/213324
For some reason this PR https://github.com/elastic/kibana/pull/213928
didn't catch that the changes make the test fail. This PR fixes it.
After this, we'll be able to backport the original PR.
(The pattern of using `data-attr-field` is already used in Discover so I
think it's a good opportunity to align)
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Nick Partridge <nicholas.partridge@elastic.co>
## Summary
We've done a lot of UA changes against 8.18 and 8.x but we did not port
them to `main`. The reason we did not do the active development against
`main` is because UA is disabled on main and we need those features in
8.last not on `9.0` initially. This port is to keep the codebase
consistent and to be able to use these new UA features in the future
post `9.0`.
Any issues that that are caused from this port we should wrap them in a
config and disabled them on main and enable this new flag on `8.x`.
What is being ported?
- [x] Upgrade assistant plugin
(`x-pack/platform/plugins/private/upgrade_assistant`)
- [x] Integration test changes
(`x-pack/test/upgrade_assistant_integration`)
- [x] new UA doc links
(`src/platform/packages/shared/kbn-doc-links/src/get_doc_links.ts`)
- [x] localization files sync
(`x-pack/platform/plugins/private/translations/translations/*.json`)
- [x] Unfreeze is no longer supported after `8.x`. So removed it from
data streams readonly migration step and throw an error for regular
indices migration.
Closes https://github.com/elastic/kibana/issues/210490
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
### Authz API migration for unauthorized routes
This PR migrates last unauthorized routes owned by your team to a new
security configuration.
Please refer to the documentation for more information: [Authorization
API](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization)
### **Before migration:**
```ts
router.get({
path: '/api/path',
...
}, handler);
```
### **After migration:**
```ts
router.get({
path: '/api/path',
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization because ...',
},
},
...
}, handler);
```
## Summary
Relates https://github.com/elastic/kibana/issues/206244
Adding `custom_assets` to `fleet-synced-integrations` index, including
all component templates and ingest pipelines that has suffix `@custom`
and belong to a package.
In a follow up pr will add logic to read and install the custom assets
on the remote cluster.
To verify:
- enable feature flag `enableSyncIntegrationsOnRemote`
- add a remote es output with `sync_integrations` enabled
```
xpack.fleet.outputs:
- name: 'Preconfiged remote output'
type: 'remote_elasticsearch'
id: 'remote-output2'
hosts: ["http://192.168.64.1:9200"]
sync_integrations: true
kibana_url: "http://localhost:5601"
secrets:
service_token: token
kibana_api_key: key
```
- visit Fleet UI to let setup run that creates
`fleet-synced-integrations` index
- add system integration and create a custom component template and
ingest pipeline
- wait 5m for the async task to run
- verify that the `fleet-synced-integrations` index contains the custom
assets populated
- delete one of the assets or uninstall the package
- wait 5m for the task to run again
- verify that the assets are marked with `is_deleted:true` and has a
`deleted_at` field set
```
GET fleet-synced-integrations/_search
{
"_index": "fleet-synced-integrations",
"_id": "fleet-synced-integrations",
"_score": 1,
"_source": {
"remote_es_hosts": [
{
"hosts": [
"http://192.168.64.1:9200"
],
"name": "Preconfiged remote output",
"sync_integrations": true
}
],
"integrations": [
{
"package_version": "1.67.3",
"updated_at": "2025-03-20T07:17:55.143Z",
"package_name": "system"
}
],
"custom_assets": {
"component_template:logs-system.auth@custom": {
"type": "component_template",
"name": "logs-system.auth@custom",
"package_name": "system",
"package_version": "1.67.3",
"is_deleted": false,
"template": {
"mappings": {
"properties": {
"new_field": {
"type": "text"
}
}
}
}
},
"ingest_pipeline:logs-system.auth@custom": {
"pipeline": {
"processors": [
{
"user_agent": {
"field": "user_agent"
}
}
],
"version": 1
},
"package_version": "1.67.3",
"is_deleted": false,
"name": "logs-system.auth@custom",
"package_name": "system",
"type": "ingest_pipeline"
}
},
"custom_assets_error": {}
}
}
```
<img width="1296" alt="image"
src="https://github.com/user-attachments/assets/35503453-ab4a-4649-a889-27dd188e3d55"
/>
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
## Summary
Previously, editing the query would reset the index field to `_all`.
This was due to using `useState` instead of `useRef` to store the query
value.
Closes https://github.com/elastic/kibana/issues/214416
How to test
1. Go to search profiler
2. Enter an index name, anything but `_all` - which is already there
3. Edit the query
4. Did the index value remain unchanged? Good! Its fixed!
ALSO - need to test to make sure this works with content in the url.
## Summary
This PR removes the declarative objects that were meant to describe the
behavior of "options" (see details section below if you don't know what
I'm talking about). **It does not remove "options" as a concept from our
AST.** "Option" is probably the wrong name for the subcommands in the
AST but, at the moment, it is working fine how it is.
Here is a list of what these definitions were being used for and where I
ended up.
| Use | How it worked | What I did |
|---------------------------------------------------------------------|---------------|------------|
| To generate command declarations for display in suggestions menu | It
had some complex logic to try to construct a declaration string from the
information in the `signature` property | I replaced this with
statically declared declaration strings on the command definitions. I
took most of them directly from our docs. They are a better result than
the autogenerated stuff |
| To build the `METADATA` suggestion | the definition was passed into
`buildOptionDefinition` | I declared the `METADATA` suggestion
statically in the `FROM` autocomplete code. |
| To check for field correctness in `METADATA` | This logic lived in the
option definition's `validate` method | I moved it to the `FROM`
command's validate method |
| To validate the type of the value assigned to `APPEND_SEPARATOR` in
`DISSECT` | This logic lived in the option definition's `validate`
method | I moved it to the `DISSECT` command's validate method |
| To check if the left side of the equals sign in `DISSECT` is
"APPEND_SEPARATOR | In most cases, the parser catches stuff like this,
but for some reason `DISSECT`'s grammar is very loose so we have been
stepping in with our own validation (maybe we should suggest changing
this). This was the only case that was triggering the "Unknown option"
message. | I moved it to the `DISSECT` command's validate method |
| To prevent default column validation for `METADATA` | This was the
only true use of the `skipCommonValidation` property which would prevent
the validator trying to find metadata fields in the standard field list
| I inserted an option name check directly into the validation code.
It's not a good long-term solution, but it is actually an improvement
since the former code pretended to be general but was actually just for
`METADATA`. At least now it is clear what the exception is for. |
| To filter functions and operators that are available after `BY` |
Function definitions sometimes declare that they are supported in a `by`
statement. The validator checks if the function does. | This didn't
change. The option nodes in the AST are still there and we are still
relying on the `supportedCommands` and `supportedOptions` properties in
the function definitions. |
#### Pictures
<img width="859" alt="Screenshot 2025-03-20 at 1 47 36 PM"
src="https://github.com/user-attachments/assets/3bd3c3c6-6066-466e-b33b-9444ab58670a"
/>
_New, statically-defined declarations_
<img width="783" alt="Screenshot 2025-03-20 at 2 12 28 PM"
src="https://github.com/user-attachments/assets/94550b25-5da9-4c82-9586-11b3515debd7"
/>
_In cases besides `APPEND_SEPARATOR`, incorrect keywords produce syntax
errors._
<img width="700" alt="Screenshot 2025-03-20 at 2 09 05 PM"
src="https://github.com/user-attachments/assets/de1a23f4-2509-4c6e-84ec-a807e96b65a5"
/>
_Didn't break the `APPEND_SEPARATOR` datatype validation_
<img width="791" alt="Screenshot 2025-03-20 at 2 03 28 PM"
src="https://github.com/user-attachments/assets/169aaa15-52f3-4d22-ab77-26a560cd9359"
/>
_Didn't break `METADATA` fields validation_
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [x]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
### Background/details
Till now, "options" have been a concept in our code. Their definition
isn't clear, but it essentially comes down to any capitalized keyword
after the command name. For example `STATS... >BY<`, `DISSECT...
>APPEND_SEPARATOR<`. You could think of them as roughly subcommands or
substatements.
There was a hope that commands would be uniform enough that these
"options" would deserve to be their own special first-class citizen. But
they break conceptually...
For example `APPEND_SEPARATOR` is not a keyword with an expression after
it... it is a variable `APPEND_SEPARATOR=":"`... or filtering in
stats.... `STATS AVG(bytes) >WHERE<` .... so is WHERE an option now?
`FORK` will break this even further.
So, we are moving the architecture to allow for complexity and variance
among the commands. Command-specific logic will have the final say in
how autocomplete and validation work for anything with that command.
## Summary
Creates a wrapper plugin around the alerts table, that registers a basic
alerts table embeddable panel for dashboards.
> [!NOTE]
> This PR is a preparation work for the [embeddable alerts
table](https://github.com/elastic/kibana/issues/197483). The feature is
disabled for end-users while waiting for other dependent PRs to be
integrated with this, and uses a partially hard-coded table
configuration for testing purposes. The final panel will be fully
configurable by the user.
## Verification steps
1. Uncomment this line
4d49e98b4d/x-pack/platform/plugins/shared/embeddable_alerts_table/public/plugin.ts (L34)
(I'm using a comment to avoid polluting the embeddable examples app with
this panel for a short time)
2. Create one or more ES Query rules that fire alerts
3. Visit the Dashboards page and create a dashboard, then enter edit
mode
4. Click "Add panel"
5. Under "Visualizations" choose "Alerts table"
6. Check that the table panel was created correctly
6.1. Shows any alerts fired by the ES Query rule(s)
6.2. Check that the table adapts correctly to the panel when resizing,
and all normal interactions with the alerts table work correctly
(adding/removing fields, opening alerts in flyouts, using row/bulk
actions)
6.3. Check that panels respond to the global time filter (only time
filters, not KQL search or filters)
6.4. Check that panels respond to individual time filters (⛭ icon >
Apply custom time range)
11. Create a role with access to dashboards but without any alerting
capability and a user assigned to that role
12. Repeat steps 3 and 4, and verify that the "Alerts table" option
isn't available under "Visualizations"
13. Add any alerting capability to the role, such as Management > Stack
rules
14. Repeat steps 3 and 4, and verify that the "Alerts table" is
available again
## References
Closes#203611
### Checklist
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
This PR overhauls the overview page.
Classic stream:
<img width="1004" alt="Screenshot 2025-03-12 at 21 00 39"
src="https://github.com/user-attachments/assets/a058da08-0ae2-48cc-abca-359b23288b32"
/>
Wired stream:
<img width="1019" alt="Screenshot 2025-03-12 at 21 01 56"
src="https://github.com/user-attachments/assets/bca04537-f79b-4814-8e31-9d3dae18ad90"
/>
## Doubts / things I changed from the design
* Quick links is just all dashboards, so I adjusted the wording
accordingly. Also, since we render all dashboards, there isn't really
value in "View all assets"
* The panel on top is already stating the count of docs, why should we
repeat that in the histogram panel?
* No search bar - in the beginning we said we don't want this page to
become discover, a search bar feels like we are going there. Also, what
should the user enter there? I don't think we want to buy deeper in KQL
* Should the count of docs be the total count of the count for the
currently selected time range? Not sure what makes more sense
* For wired streams I left the tabs in place to switch between child
streams and quick links. We can revisit this once we get closer to
actually releasing wired streams
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
This PR is the setting the foundations for the AI for SOC Alert summary
page. It has very little UI, instead it focuses on the following:
- add routing for the `alert_summary` page
- fetches the integrations, filters them to only keep the ones related
to AI for SOC, then decides what to render depending on if some AI for
SOC packages have been installed or not
The PR also makes a small change to the `SecurityRoutePageWrapper`
component, to allow us to redirect to the Security Solution HomePage
instead of the NoPrivilegesPage. While this might not be a long term
solution, it is the easiest path forward. In the future, AI for SOC will
most likely be its own plugin (leaving outside of Security Solution)
hence this will not be needed anymore.
Here's the basic behavior of the Alert summary page:
- The `Landing page` will be shown if none of the hardcoded AI for SOC
packages are installed (these values are hardcoded as we currently do
not have a way to filter integrations for the AI for SOC ones only):
- splunk // doesnt yet exist
- google_secops
- microsoft_sentinel
- sentinel_one
- crowdstrike
- The `Wrapper` component will only be shown if you have at least one of
the above AI for SOC packages installed.
### Very limited UI added in this PR
| Loading integrations | No installed packages | Some installed packages
|
| ------------- | ------------- | ------------- |
| 
| 
| 
|
### Notes
We need to remove the section at the top of the page that currently
shows the `Add integrations` button. A follow PR will take care of that.
[This](https://github.com/elastic/kibana/blob/main/x-pack/solutions/security/plugins/security_solution/public/app/home/index.tsx#L54)
is where that bar is being added. We will have to find a way to not show
that for the AI for SOC tier.
## How to test
This needs to be ran in Serverless:
- `yarn es serverless --projectType security`
- `yarn serverless-security --no-base-path`
You also need to enable the AI for SOC tier, by adding the following to
your `serverless.security.dev.yaml` file:
```
xpack.securitySolutionServerless.productTypes:
[
{ product_line: 'ai_soc', product_tier: 'search_ai_lake' },
]
```
The Alert summary navigation will NOT be shown for the following
Serverless users: `viewer`, `t1_analyst`.
and `t2_analyst`. For those, the navigation entry is not present, and
navigating to the url directly will automatically re-route to the
Security home page.
Currently, retrieving the integrations (via the `fleet/epm/packages`
endpoint) is also unauthorized for the following users: `editor`,
`t3_analyst`, `threat_intelligence_analyst`, `rule_author`,
`soc_manager` and `detections_admin`.
This means that the only users that can be currently used to test this
PR are:
- `platform_engineer`
- `endpoint_operations_analyst`
- `endpoint_policy_manager`
- `admin`
- `system_indices_superuser`
### Checklist
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
Will help close https://github.com/elastic/security-team/issues/11954 as
well as https://github.com/elastic/security-team/issues/11979.
Closes https://github.com/elastic/kibana/issues/208001
## Summary
- Added filtering option in the `create connector` flyout:
- Search field:
- search connectors by name (or description)
- cards dynamically update based on the input
- includes a clear button to reset the search
Demo:
https://github.com/user-attachments/assets/6d38a916-ad05-41dd-867e-c37260913067
---------
Co-authored-by: Christos Nasikas <xristosnasikas@gmail.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## 📓 Summary
Part of https://github.com/elastic/streams-program/issues/38
This work adds the `date` processor along with the dissect and grok ones
in the enrichment section.
It scales well following the current folder structure, but we should
definitely polish it a bit more once more processors get added, such as
getting the right form component, improve form state derivation, etc.
https://github.com/user-attachments/assets/824d15c8-ce9d-455a-ae0b-97aeec8cf025
---------
Co-authored-by: Kerry Gallagher <kerry.gallagher@elastic.co>
Co-authored-by: Joe Reuter <johannes.reuter@elastic.co>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Kerry Gallagher <471693+Kerry350@users.noreply.github.com>
## Summary
The intent is to have a centralised place to store the list of Kibana
solutions and serverless project types.
To that end, this PR creates a `@kbn/projects-solutions-groups` package.
It also adds the new solution type `'chat'`.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
### Authz API migration for unauthorized routes
This PR migrates unauthorized routes owned by your team to a new
security configuration.
Please refer to the documentation for more information: [Authorization
API](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization)
### **Before migration:**
```ts
router.get({
path: '/api/path',
...
}, handler);
```
### **After migration:**
```ts
router.get({
path: '/api/path',
security: {
authz: {
enabled: false,
reason: 'This route is opted out from authorization because ...',
},
},
...
}, handler);
```
### What to do next?
1. Review the changes in this PR.
2. Elaborate on the reasoning to opt-out of authorization.
3. Routes without a compelling reason to opt-out of authorization should
plan to introduce them as soon as possible.
2. You might need to update your tests to reflect the new security
configuration:
- If you have snapshot tests that include the route definition.
## Any questions?
If you have any questions or need help with API authorization, please
reach out to the `@elastic/kibana-security` team.
Co-authored-by: Ashokaditya <ashokaditya@elastic.co>
Co-authored-by: Viduni Wickramarachchi <viduni.wickramarachchi@elastic.co>
## Summary
Part of https://github.com/elastic/kibana/issues/208908
Replaces scss to css-in-js.
> [!NOTE]
> The rest of the `.scss` will be migrated in different pull requests
<!--
- [ ] `x-pack/platform/plugins/private/graph/`public/_mixins.scss
- [ ]
`x-pack/platform/plugins/private/graph/`public/components/_app.scss
- [ ]
`x-pack/platform/plugins/private/graph/`public/components/_graph.scss
- [ ]
`x-pack/platform/plugins/private/graph/`public/components/_inspect.scss
- [ ]
`x-pack/platform/plugins/private/graph/`public/components/_search_bar.scss
- [ ]
`x-pack/platform/plugins/private/graph/`public/components/_search_bar.scss
- [ ]
`x-pack/platform/plugins/private/graph/`public/components/field_manager/_field_picker.scss
- [ ]
`x-pack/platform/plugins/private/graph/`public/components/field_manager/_index.scss
-->
### Checklist
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
## Summary
### Fleet
- Exposed API route for bulk get package policies via the routes service
- Created and exposed type `BulkGetPackagePoliciesRequestBody`
<br/>
### Security Solution
The following changes were made to Endpoint Artifacts in support of
spaces:
> [!NOTE]
> Space awareness is currently behind feature flag:
`endpointManagementSpaceAwarenessEnabled`
- The policy assignment component, which is displayed on artifact's
Create and Update forms, now:
- Displays the count of policies (if any) that are associated with the
artifact, but not currently accessible in the active space (screen
capture 1️⃣ )
- When a user does NOT have the Global Artifact privilege, the `Global`
toggle selection will be disabled and a tooltip is displayed. This
change also applies to the create form where the default selection will
be per-policy and the global button will be disabled. (screen capture
2️⃣ )
- Artifact policy assignments that are not accessible in active space
are preserved when submitting an update to the artifact
- The component was also refactored a bit to simplify its list of props
- Artifact card policy assignment menu was adjusted to show any policy
that is not accessible to the user as "disabled" along with a tooltip
(screen capture 3️⃣ )
- The update artifact API was changed (via server-side extension point)
to not error when validating policies that are not accessible in active
space if they were already associated with the item being updated.
- Fixes a bug in the Find artifacts API (impact only when spaces was
enabled) where an invalid filter was created when there was no policies
currently shared with active space.
## Summary
This PR reworks how APM handles getting its sources data, elevating the
necessary code to a private shared plugin so that Discover for Traces
can access the data and handle user provided configuration. It also
removes the need for Discover for Traces to rely on the APM static data
view, so the Trace data source and document profile will work on any
compatible/configured index, even in ESQL mode.
Closes#211414
<img alt="ESQL Discover Traces Screenshot 2025-03-04 173032"
src="https://github.com/user-attachments/assets/f5bbb736-8b8b-45dc-ac23-4bf7083aa47e"
/>
## How to test
Test with olbt-cli instance for now, will post for doing with synthtrace
data. Ensure the following is added to your kibana.dev.yml:
```yaml
discover.experimental.enabledProfiles:
- observability-traces-data-source-profile
```
- Make sure your space has the Observability solution view configured
- Go to Discover page
- Select Data Views mode if required and create a view with a `traces`
specific index. Or use the APM static data view.
- The default columns on the page should show the summary column with
four of the following badges: `service.name`, `event.outcome`,
`transaction.name`, `transaction.duration.us`, `span.name`,
`span.duration.us`
- Go to ESQL mode with the query targetting a `traces` index
- The default columns should show the same as in Data View mode
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Irene Blanco <irene.blanco@elastic.co>
## Summary
This PR fixes a regression introduced for user messages.
The `viewMode` check moved from observable to its raw value but still
performing the observable check.
The fix is to check both the panel `viewMode` AND as fallback the
embeddable hierarchy viewMode until the `edit` mode is met.
---------
Co-authored-by: Nick Partridge <nick.ryan.partridge@gmail.com>
