## Summary
Resolves: https://github.com/elastic/kibana/issues/161395
Parent Issue: https://github.com/elastic/kibana/issues/157883
Adds versioned types to the rule `bulk_edit` endpoint.
This PR also moves around the folder structure slightly, by adding a sub
folder for the `data`/`route`/`application` methods:
## Before
## After
Notice I added a `methods` folder to contain the methods, I did the same
for the `data` and `route` folders as well. I think this improves the
hierarchy of these modules, If folks are ok with it then I will update
the doc with the new folder structure.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
This PR refactors the getExportType() implementation in the reporting
plugin. With these changes, export types are now classes that are
registered into the export_types_registry in reporting core.
Export Type Classes:
- CsvSearchSourceExportType
- CsvSearchSourceImmediateExportType (this is not registered but can be
called by getCsvSearchSourceImmediate() in core.ts)
- CsvV2ExportType
- PngV1ExportType (deprecated)
- PngExportType
- PdfV1ExportType (deprecated)
- PdfExportType
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: Timothy Sullivan <tsullivan@elastic.co>
- Connects form validation states with react-hoom-form's state (which
was the reason of the reported bug that the error state was only
reflected in euiForm and not the react-hook-form)
- Changes `reValidateMode` from `onChange` to `onSubmit` and manually
invalidates the form when fields change so that dependent validations
can be executed reactively e.g. fixes the following state:
<img width="703" alt="Screenshot 2023-05-04 at 00 10 03"
src="https://user-images.githubusercontent.com/2748376/236061192-a9417915-1eca-4cff-b871-b680955ec15a.png">
- Extracts validation and dependencies logic into a hook to simplify
state management
- Fixes the following error where "Response body max bytes" field appear
despite "Index response body" flag being unchecked.
<img width="1205" alt="Screenshot 2023-05-05 at 19 35 27"
src="https://user-images.githubusercontent.com/2748376/236527581-ff62550a-2679-431e-8571-da02a89c0a32.png">
- Fixes a case where updated values from for nested fields (such as
"Response body contains JSON") weren't being passed to monitor inspect
component ("Inspect configuration" flyout on monitor Add/Edit).
## Summary
Unskips tests that were skipped in
bb824d3c10
Attempt to fix `no_shard_available_action_exception` type errors that
often happen during install of transforms (part of Endpoint package
install).
closes#72874
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: Paul Tavares <paul.tavares@elastic.co>
Co-authored-by: Paul Tavares <56442535+paul-tavares@users.noreply.github.com>
## Summary
This reverts commit e774ece489.
Reporting registers tasks with Task Manager in its setup phase, but
today, it's own start phase is not guaranteed to initialize. During
initialization, Reporting injects dependencies into the objects
responsible for internal handling of tasks.
The `Kibana instance ID is undefined` error can happen when Task Manager
calls the runTask before the "execute report" object receives its
dependencies.
The `Reporting task runner has not been initialized` error can happen
when a user or a Watch trigger tries to request report generation before
internal dependencies are set. This can also happen if Reporting
attempts to retry a stuck job before the internal dependencies are set.
Initializing the task objects (execute_report, monitor_reports) is
mission-critical for Reporting internals. The tasks were register in our
setup method. That means, we need to prioritize getting the start
dependencies into the task objects in the code - it can't be blocked.
This PR fixes an error logged on Kibana startup by making the
`endpoint:metadata-check-transforms-task` task always return the state
object.
### Error logged
```
[2023-07-24T11:00:25.201-04:00][ERROR][plugins.taskManager] Task endpoint:metadata-check-transforms-task "endpoint:metadata-check-transforms-task:0.0.1" failed: Error: [restartAttempts]: expected value of type [object] but got [undefined]
```
### Steps to reproduce
1. Startup a fresh Kibana from main
2. Notice the error logged
### Steps to verify PR:
1. Startup a fresh Kibana from main
2. Notice the error is no longer logged
## Summary
It fixes#161458 by adding API integration tests for the Threshold rule,
with many scenarios (file per scenario), and each scenario has a
complete life-cycle
### The scenario life-cycle
- Generating data using the `fake_host` dataset from the high-card
- Create a DataView based on the generated data
- Create the rule and wait to be active
- Get the fired alert and matches its value
- Clean up
### The covered scenarios
- Avg. percentage, fires alert
- Avg. percentage, fires alert with no data
- Custom equation on bytes filed, fires alert
- Doc count, fires alert
- Group by two fields, fires alert.
---------
## Summary
Part of https://github.com/elastic/kibana/issues/161882
Updates all archives of the `encrypted_saved_objects_api_integration`
test suite:
* Removing SO index definitions.
* Updating documents defined in `data.json`.
## Summary
Summarize your PR. If it involves visual changes include a screenshot or
gif.
[Quick Wins](https://github.com/elastic/security-team/issues/7167)
Remove the hover effect from left controls in vulnerability tables
2180c804-ad78-44ac-a098-0c8408a86079
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Cypress produced Junit reports, but the failed-test-reporter and various
github and kibanamachine workflows rely on a specifically formatted
junit report that includes an encoded version of the spec file path in
each testcase.
For FTR and Jest, these specially formatted junit reports are created by
a custom reporter. Due to the architecture of Cypress, re-using those
would be difficult. Instead this PR adds a script that reads,
transforms, and updates all the junit reports created by Cypress.
### TODO
Some work is not covered in this PR. I need to merge this change to test
that flaky test triaging works in buildkite and kibana machine (note: if
you know how to validate this without merging it, please reach out!)
After I'm confident that this works, I'll open follow up PRs to do the
following:
```[tasklist]
### Follow up work
- [ ] Enable this script for test_serverless cypress tests
- [ ] Enable this script for threat intelligence cypress tests (optional)
- [ ] Enable this script for fleet (optional)
```
### For maintainers
- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Require validation for endpoints accepting `kuery` as a parameter in
POST or PUT requests.
**IMPORTANT**: This PR is part of the work needed to prepare the APIs
for Serverless.
### Some context
The initial idea was to completely remove any KQL queries from being
exposed in the endpoints, but after some discussion we came to the
agreement that they can stay but need to be validated, so only allowed
parameters can be sent. A similar approach is being followed by other
teams as well.
Impacted endpoints:
- `GET api/fleet/agents`
- `GET api/fleet/agent_status`
- `GET api/fleet/agent_policies`
- `GET api/fleet/package_policies`
- `GET api/fleet/enrollment_api_keys`
- `GET api/fleet/agent_status`
All these endpoints accept as a parameter `ListWithKuery`. It was
originally being deprecated but it was then decided to keep it and add
validation to the endpoints instead.
The endpoint `api/fleet/agents/action_status` doesn't accept `kuery`
anymore, since it was not being passed internally.
### What's changing
The KQL passed to these endpoints will be accepted in two possible
formats:
```
GET kbn:api/fleet/agents?kuery=local_metadata.agent.version="8.8.0"
GET kbn:api/fleet/agents?kuery=fleet-agents.local_metadata.agent.version="8.8.0"
```
Note that originally only the second format was going to accepted, but
we decided to avoid enforcing it as it would introduce a breaking
change, possibly breaking many customers automations.
### How it works
The code for `ValidateFilterKueryNode` has been adapted from a [similar
function](45a483f496/packages/core/saved-objects/core-saved-objects-api-server-internal/src/lib/search/utils/filter_utils.ts (L102))
already used in Kibana core. I added several tests where with some
common queries that are performed in the UI just to be sure that they
would pass validation. Additional queries can be validated by these
tests in the future.
`ValidateFilterKueryNode` needs to have the SO or index and a mapping
with the parameters to validate against. I copied over the mappings for
the necessary entities; if in the future we intend to expose a new
mapping parameter in the endpoints, it will be necessary to add it there
as well, or the validation will fail.
### UI
I also checked that the UI doesn't fail when using the KQL search boxes
for Agents, Agent policies and Enrollment keys and made sure that they
expose the same values present in the mappings.
### Testing
From dev tools, you can test the affected endpoints by entering the
following queries:
```
# agents
GET kbn:api/fleet/agents?kuery=fleet-agents.active:true
GET kbn:api/fleet/agents?kuery=active:true
# tags
GET kbn:api/fleet/agents/tags?kuery=fleet-agents.tags:tag1
GET kbn:api/fleet/agents/tags?kuery=tags:tag1
# agent status
GET kbn:/api/fleet/agent_status?kuery=fleet-agents.policy_id:fleet-server-policy
GET kbn:/api/fleet/agent_status?kuery=policy_id:fleet-server-policy
# package policies
GET kbn:/api/fleet/package_policies?kuery=ingest-package-policies.package.name:fleet_server
# agent policies
GET kbn:/api/fleet/agent_policies?kuery=ingest-agent-policies.name:"Fleet Server Policy"
GET kbn:/api/fleet/agent_policies?kuery=name:"Fleet Server Policy"
# enrollment keys
GET kbn:/api/fleet/enrollment_api_keys?kuery=fleet-enrollment-api-keys.policy_id:policy1
GET kbn:/api/fleet/enrollment_api_keys?kuery=policy1
```
These should all pass validation; modifying the parameters (for instance
with non existing ones) should fail validation
### Checklist
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Patryk Kopycinski <contact@patrykkopycinski.com>
## Summary
1. Align dashboard listing UI with Kibana dashboard.
2. `Security Solution` tags are selected by default and removable by
users.
**Prerequisite:**
This PR is waiting for https://github.com/elastic/kibana/pull/160871 to
be merged
**Steps to verify:**
1. Visit Security > Dashboards, and create a dashboard from this page.
2. Back to Security Dashboards page, you should see the dashboard you
just created and Security Solution tag should be selected by default in
the tag filters.
3. Open the tag options, click the Security Solution tag. Observe that
it should be removable, and it should display all the dashboards you
have in the table.
**Known issues:**
https://github.com/elastic/kibana/pull/160540#issuecomment-1610395834
**Before:**
<img width="2545" alt="Screenshot 2023-06-27 at 09 24 19"
src="bc0fa0b1-96ad-43b0-afc1-48444dfb5691">
**After:**
<img width="2543" alt="Screenshot 2023-06-27 at 09 22 21"
src="82d0a868-bda2-431f-b0b5-9cbc34d3ae71">
### Checklist
Delete any items that are not applicable to this PR.
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Pablo Neves Machado <pablo.nevesmachado@elastic.co>
This is a follow-up to https://github.com/elastic/kibana/pull/160671,
where the Management plugins were disabled using `contextRef`.
The configs for disabling the UI of the security management plugins were
added in https://github.com/elastic/kibana/pull/158186. In this PR, they
are changed so that they follow the same convention for disabling the
Management plugins - setting the default values of the configs to `true`
and explicitly setting them to `false` in the `serverless.yml` file.
This way, we have a clear view in `serverless.yml` of all
plugins/functionalities that have been disabled.
## Summary
The idea here is to simplify shared values management in the expandable
flyout. This PR is a start for a series of changes aimed at this goal.
Here, we are moving the flyout init to a dedicated Flyout and Provider
components, composing Expandable Flyout and respective providers into
something specific to Security Solution. Also, changes to how the flyout
is composed will no longer trigger codeowner review for 3 teams, just
one.
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Fixes#153378
This PR introduces a new Duration formatter, similar to the TSVB one and
more complete like the Field Formatter one.
Few keys features of the new formatter:
* supports from and to unit selection
* supports Humanize (approximate) and Humanize (precise) outputs
* supports units below milliseconds
* supports decimals precision (with the exception of the `humanize
approximate` output)
* supports suffix
* supports the compact version (with the exception of the `humanize
approximate` output)
Input and Output options are now exported directly from the Field
Formatter to have a shared list of options.
A first look at the new formatter in action: when enabled it the first
time it will lands on `Seconds => Humanize (Approximate)` configuration
(this emulates the current Field Formatter behaviour)
<img width="1217" alt="Screenshot 2023-07-19 at 15 28 52"
src="8ddcb945-3cd7-4af1-bdfb-2ae1795ab06c">
In this example the input was in Minutes so it is possible to change it
from the default `Seconds` entry:
<img width="1223" alt="Screenshot 2023-07-19 at 14 17 11"
src="b547b3ed-475e-421c-b196-a76b07235bd3">
Switching output type to something else than `Humanize (approximate)`
will make available both decimals and compact controls as well.
Custom suffix is supported as well.
<img width="1220" alt="Screenshot 2023-07-19 at 14 18 34"
src="f5efe1f7-5f0d-4de1-bb3e-80ff00857bc6">
<img width="1228" alt="Screenshot 2023-07-19 at 14 18 19"
src="fef7fa2d-ecd3-48ae-a833-16dbeaeaade2">
When Decimals and Compact controls are disabled a helpful tooltip is
shown to the user to explain why:
<img width="341" alt="Screenshot 2023-07-19 at 14 17 30"
src="78ca1df5-808d-4e2d-8598-90e3f3ec5a85">
<img width="337" alt="Screenshot 2023-07-19 at 14 17 23"
src="4ca0028d-3344-464c-8b36-1f74f53bd34e">
I've also prepared an alternate UI version which is more compact, using
the `DelimitedControls` UI, but it does not looks that great. Maybe some
design iteration could help make it better? cc @MichaelMarcialis
<img width="1226" alt="Screenshot 2023-07-19 at 14 20 02"
src="fb8f69f2-5182-480d-9cb2-7a7149a54320">
### Checklist
Delete any items that are not applicable to this PR.
- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
- [ ] Any UI touched in this PR does not create any new axe failures
(run axe in browser:
[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),
[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
- [ ] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [ ] This renders correctly on smaller devices using a responsive
layout. (You can test this [in your
browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
- [ ] This was checked for [cross-browser
compatibility](https://www.elastic.co/support/matrix#matrix_browsers)
### Risk Matrix
Delete this section if it is not applicable to this PR.
Before closing this PR, invite QA, stakeholders, and other developers to
identify risks that should be tested prior to the change/feature
release.
When forming the risk matrix, consider some of the following examples
and how they may potentially impact the change:
| Risk | Probability | Severity | Mitigation/Notes |
|---------------------------|-------------|----------|-------------------------|
| Multiple Spaces—unexpected behavior in non-default Kibana Space.
| Low | High | Integration tests will verify that all features are still
supported in non-default Kibana Space and when user switches between
spaces. |
| Multiple nodes—Elasticsearch polling might have race conditions
when multiple Kibana nodes are polling for the same tasks. | High | Low
| Tasks are idempotent, so executing them multiple times will not result
in logical error, but will degrade performance. To test for this case we
add plenty of unit tests around this logic and document manual testing
procedure. |
| Code should gracefully handle cases when feature X or plugin Y are
disabled. | Medium | High | Unit tests will verify that any feature flag
or plugin combination still results in our service operational. |
| [See more potential risk
examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) |
### For maintainers
- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Stratoula Kalafateli <efstratia.kalafateli@elastic.co>
## Summary
A very small first piece to address
https://github.com/elastic/kibana/issues/153645
- Starts adding new folder structure in cypress tests
`detections_response/rules_management`
- Adds `detections_response/rules_management/bulk_actions`
- Reshuffled screens and tasks to now also have a corresponding
`screens/rules_bulk_actions.ts` and `tasks/rules_bulk_actions.ts`
- We chatted and decided to try to organize tests by subdomains rather
than by teams. Anticipated upcoming changes will add something like:
- `detections_response/rules_management`
- `/bulk_actions.ts`
- `/rules_table.ts`
- `detections_response/prebuilt_rules`
- `detections_response/rule_creation`
- `detections_response/rule_details`
- `detections_response/rule_edit`
- `detections_response/exceptions`
- `/shared_exception_lists`
- `/alerts_table`
- `/alerts_details`
- `/rule_details`
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Georgii Gorbachev <georgii.gorbachev@elastic.co>
## Summary
Summarize your PR. If it involves visual changes include a screenshot or
gif.
[Quick Wins](https://github.com/elastic/security-team/issues/7167)
Remove tooltip, reduce click area of tooltip, and make View All button
at the bottom fixed position.
<img width="652" alt="image"
src="db058936-b47a-4a76-8101-ff5ad61b2da3">
Part of https://github.com/elastic/kibana/issues/159342.
In this PR, I'm preparing the `cloud_security_posture-findings_stats`
task type for serverless by defining an explicit task state schema. This
schema is used to validate the task's state before saving the task but
also when reading the task. In the scenario an older Kibana node runs a
task after a newer Kibana node has stored additional task state, the
unknown state properties will be dropped. Additionally, this will prompt
developers to be aware that adding required fields to the task state is
a breaking change that must be handled with care. (see
https://github.com/elastic/kibana/issues/155764).
For more information on how to use `stateSchemaByVersion`, see
https://github.com/elastic/kibana/pull/159048 and
https://github.com/elastic/kibana/blob/main/x-pack/plugins/task_manager/README.md.
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
As a Part of Quick Wins, this PR is a fix for issue where
Vulnerabilities Resources page are missing suffixes on its page Title,
<img width="1396" alt="Screenshot 2023-07-20 at 9 32 53 AM"
src="f8ead36e-2a0f-4347-b3d7-e56ca9a30073">
## Summary
Summarize your PR. If it involves visual changes include a screenshot or
gif.
[Quick Wins](https://github.com/elastic/security-team/issues/7167)
Change the Application Benchmark tooltip to `The benchmark used to
evaluate this resource`
<img width="741" alt="Screen Shot 2023-07-20 at 9 34 50 AM"
src="b227eede-ed2a-4aae-ba71-7aeaf411f72a">
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Closes#162240Closes#162220Closes#162221
## Summary
This PR fixes the navigation to the alerts page issue when the back
button is used - in this case, the user stays on the same page instead
of going back to the previous page. This issue was found on the hosts
view page after adding the 'show all' link inside the overview tab but
it exists also when you navigate from the observability overview page.
I tested also navigating using the menu, from observability overview and
hosts view, outside of observability and the navigation works fine with
the change. If there are any concerns or if I miss something I will be
happy to discuss this.
Before:
dc9590c9-ef7e-469c-aad4-6c6f377d9bef
After:
be3d1f9a-bd27-426d-bd6e-61f5a0a206f3
## Summary
This PR removes the ability to get system actions from `GET` APIs.
Specifically:
- The Get action API throws a 404 error when requesting a system action
- The Bulk Get action API throws a 404 error when requesting a system
action
- The Get All API filters out system actions
- The Get List Types API filters out system actions
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
### For maintainers
- [x] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
Closes#161267
## 📝 Summary
This PR removes CPU, memory, disk, or network values from AAD and action
context variables. I will add a test for this implementation in another
[PR](https://github.com/elastic/kibana/pull/161569).
| Before | After |
|---|---|
||
## 🧪 How to test
- Create a new threshold rule and add an action with the
`context.container` action variable
- Make sure you set the group to `kubernetes.pod.uid`
- Check the value in the triggered action, you should not see CPU,
memory, disk, or network values there
Part of https://github.com/elastic/kibana/issues/159342.
In this PR, I'm preparing the security solution related tasks for
serverless by defining an explicit task state schema. This schema is
used to validate the task's state before saving the task but also when
reading the task. In the scenario an older Kibana node runs a task after
a newer Kibana node has stored additional task state, the unknown state
properties will be dropped. Additionally, this will prompt developers to
be aware that adding required fields to the task state is a breaking
change that must be handled with care. (see
https://github.com/elastic/kibana/issues/155764).
For more information on how to use `stateSchemaByVersion`, see
https://github.com/elastic/kibana/pull/159048 and
https://github.com/elastic/kibana/blob/main/x-pack/plugins/task_manager/README.md.
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
