<Actions>
<action
id="ad27da7f660d61c82c61599e0e6945827ced1590f4bf36a5f74db07e99c04215">
<h3>deps: Bump ironbank version</h3>
<details
id="21fe544f0edf8039d0165187f8204a62da22d72e50fa57839d823beb83c0df2e">
<summary>deps(ironbank): Bump ubi version to 9.5</summary>
<p>changed lines [7] of file
"/tmp/updatecli/github/elastic/kibana/src/dev/build/tasks/os_packages/docker_generator/templates/ironbank/Dockerfile"</p>
</details>
<details
id="99cabf4d5a2b44b2d93b4c18590b8ccd5df3002e8d9d506c038c9011e8e93734">
<summary>deps(ironbank): Bump ubi version to 9.5</summary>
<p>change detected:
	* key "$.args.BASE_TAG" updated
from "\"9.4\"" to "\"9.5\"", in file
"src/dev/build/tasks/os_packages/docker_generator/templates/ironbank/hardening_manifest.yaml"</p>
</details>
<a
href="1192767741">GitHub
Action workflow link</a>
</action>
</Actions>
---
<table>
<tr>
<td width="77">
<img src="https://www.updatecli.io/images/updatecli.png" alt="Updatecli
logo" width="50" height="50">
</td>
<td>
<p>
Created automatically by <a
href="https://www.updatecli.io/">Updatecli</a>
</p>
<details><summary>Options:</summary>
<br />
<p>Most of Updatecli configuration is done via <a
href="https://www.updatecli.io/docs/prologue/quick-start/">its
manifest(s)</a>.</p>
<ul>
<li>If you close this pull request, Updatecli will automatically reopen
it, the next time it runs.</li>
<li>If you close this pull request and delete the base branch, Updatecli
will automatically recreate it, erasing all previous commits made.</li>
</ul>
<p>
Feel free to report any issues at <a
href="https://github.com/updatecli/updatecli/issues">github.com/updatecli/updatecli</a>.<br
/>
If you find this tool useful, do not hesitate to star <a
href="https://github.com/updatecli/updatecli/stargazers">our GitHub
repository</a> as a sign of appreciation, and/or to tell us directly on
our <a
href="https://matrix.to/#/#Updatecli_community:gitter.im">chat</a>!
</p>
</details>
</td>
</tr>
</table>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| docker.elastic.co/wolfi/chainguard-base | digest | `26caa6b` ->
`32099b9` |
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR has been generated by [Renovate
Bot](https://togithub.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MjUuMSIsInVwZGF0ZWRJblZlciI6IjM3LjQyNS4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOk9wZXJhdGlvbnMiLCJyZWxlYXNlX25vdGU6c2tpcCJdfQ==-->
Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>
Co-authored-by: Brad White <Ikuni17@users.noreply.github.com>
## Summary
Closes https://github.com/elastic/kibana/issues/200914
Removes the output columns from the agent list table, as they can't be
filtered or sorted meaningfully without performance concerns.
## Summary
Fix https://github.com/elastic/kibana/issues/199084
Introduce pre-bound versions of the inference APIs.
Accessing the bound versions can be done using the same `getClient` API,
via an additional `bindTo` parameter:
**without bindings**
```ts
const inferenceClient = myStartDeps.inference.getClient({ request });
const chatResponse = inferenceClient.chatComplete({
connectorId: 'my-connector-id',
functionCalling: 'simulated',
messages: [{ role: MessageRole.User, content: 'Do something' }],
});
```
**with bindings**
```ts
const inferenceClient = myStartDeps.inference.getClient({
request,
bindTo: {
connectorId: 'my-connector-id',
functionCalling: 'simulated',
}
});
const chatResponse = inferenceClient.chatComplete({
messages: [{ role: MessageRole.User, content: 'Do something' }],
});
```
*Note: this is only done for the server-side, as there isn't much value
in scoping APIs on the browser side in my opinion*
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## Summary
According to `Kibana Dependency ownership report` majority of React
dependencies are owned by `elastic/appex-sharedux` team.
We had a chat and agreed that it makes sense to change ownership for
React testing libraries like `enzyme` to `elastic/appex-sharedux` for
consistency (testing dependencies are usually updated together with
React ones)
Ownership report was updated.
## Summary
This PR mitigates an issue where the `has_es_data` check can hang when
some remote clusters are unresponsive, leaving users stuck in a loading
state in some apps (e.g. Discover and Dashboard) until the request times
out. There are two main changes that help mitigate this issue:
- The `resolve/cluster` request in the `has_es_data` endpoint has been
split into two requests -- one for local data first, then another for
remote data second. In cases where remote clusters are unresponsive but
there is data available in the local cluster, the remote check is never
performed and the check completes quickly. This likely resolves the
majority of cases and is also likely faster in general than checking
both local and remote clusters in a single request.
- In cases where there is no local data and the remote `resolve/cluster`
request hangs, a new `data_views.hasEsDataTimeout` config has been added
to `kibana.yml` (defaults to 5 seconds) to abort the request after a
short delay. This scenario is handled in the front end by displaying an
error toast to the user informing them of the issue, and assuming there
is data available to avoid blocking them. When this occurs, a warning is
also logged to the Kibana server logs.
Fixes#200280.
### Notes
- Modifying the existing version of the `has_es_data` endpoint in this
way should be backward compatible since the behaviour should remain
unchanged from before when the client and server versions don't match
(please validate if this seems accurate during review).
- For a long term fix, the ES team is investigating the issue with
`resolve/cluster` and will aim to have it behave like `resolve/index`,
which fails quickly when remote clusters are unresponsive. They may also
implement other mitigations like a configurable timeout in ES:
https://github.com/elastic/elasticsearch/issues/114020. The purpose of
this PR is to provide an immediate solution in Kibana that mitigates the
issue as much as possible.
- If ES ends up providing another performant method for checking if
indices exist instead of `resolve/cluster`, Kibana should migrate to
that. More details in
https://github.com/elastic/elasticsearch/issues/112307.
### Testing notes
To reproduce the issue locally, follow these steps:
- Follow [these
instructions](https://gist.github.com/lukasolson/d0861aa3e6ee476ac8dd7189ed476756)
to set up a local CCS environment.
- Stop the remote cluster process.
- Use Netcat on the remote cluster port to listen to requests but not
respond (e.g. on macOS: `nc -l 9600`), simulating an unresponsive
cluster. See https://github.com/elastic/elasticsearch/issues/32678 for
more context.
- Navigate to Discover and observe that the `has_es_data` request hangs.
When testing in this PR branch, the request will only wait for 5 seconds
before assuming data exists and displaying a toast.
### Checklist
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [x] This was checked for breaking HTTP API changes, and any breaking
changes have been approved by the breaking-change committee. The
`release_note:breaking` label should be applied in these situations.
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_node:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Closes https://github.com/elastic/kibana/issues/197370
### Test instructions
1) open new kibana installation
2) verify canvas is not available in menu or application search bar
3) use saved object import to import canvas workpad. Reload browser
4) verify canvas is available in menu and application search bar
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Catching an invalid state of properties propagated to the UnifiedHistogram which is using the Lens embeddable in Discover, that causes a rendering error when e.g. ad hoc data views are being edited. Therefore the skipped testview can be unskipped.
## Summary
This PR moves a couple of entries from
`.buildkite/ftr_security_stateful_configs.yml` to
`.buildkite/ftr_security_serverless_configs.yml` as they seemed to be
related to serverless.
### Authz API migration for authorized routes
This PR migrates `access:<privilege>` tags used in route definitions to
new security configuration.
Please refer to the documentation for more information: [Authorization
API](https://docs.elastic.dev/kibana-dev-docs/key-concepts/security-api-authorization)
### **Before migration:**
Access control tags were defined in the `options` object of the route:
```ts
router.get({
path: '/api/path',
options: {
tags: ['access:<privilege_1>', 'access:<privilege_2>'],
},
...
}, handler);
```
### **After migration:**
Tags have been replaced with the more robust
`security.authz.requiredPrivileges` field under `security`:
```ts
router.get({
path: '/api/path',
security: {
authz: {
requiredPrivileges: ['<privilege_1>', '<privilege_2>'],
},
},
...
}, handler);
```
### What to do next?
1. Review the changes in this PR.
2. You might need to update your tests to reflect the new security
configuration:
- If you have tests that rely on checking `access` tags.
- If you have snapshot tests that include the route definition.
- If you have FTR tests that rely on checking unauthorized error
message. The error message changed to also include missing privileges.
## Any questions?
If you have any questions or need help with API authorization, please
reach out to the `@elastic/kibana-security` team.
Co-authored-by: Joey F. Poon <joey.poon@elastic.co>
Co-authored-by: Gergő Ábrahám <gergo.abraham@elastic.co>
Co-authored-by: Tomasz Ciecierski <tomasz.ciecierski@elastic.co>
## Summary
Closes https://github.com/elastic/security-team/issues/10741.
As the name suggests, it simply removes the link to the "Container
Workload Protection" link from the Cloud section in the Assets page. The
Cloud section is kept though, since the screenshot in the ticket doesn't
highlight it.
### Testing
> [!NOTE]
> Note this page is only accessible in Serverless.
Authenticate to Docker Registry with
```bash
docker login -u albertoblaz -p <YOUR_PASSWORD> docker.elastic.co
```
Then run ES with
```bash
yarn es serverless --projectType security --kill
```
Alternatively, run Kibana with
```bash
yarn serverless-security
```
### Screenshot
Link removed, but Cloud section is kept:
<details><summary>Before</summary>
<img width="2043" alt="before"
src="https://github.com/user-attachments/assets/e0421c83-6f62-49f9-bb46-26e8e828f10b">
</details>
<details><summary>After</summary>
<img width="2514" alt="Screenshot 2024-11-20 at 12 05 01"
src="https://github.com/user-attachments/assets/51ac7f1f-086a-4fe2-846a-5511fc8e0f82">
</details>
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_node:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
## Summary
Closes https://github.com/elastic/kibana/issues/189067
These asset criticality tests were failing in serverless because it
seems queries without a specified sort order behave differently in
serverless vs ESS.
I have made it so that asset criticality sorts by timestamp by default,
this makes serverless the same as ESS.
I have backported to 8.16 as I think the more tests that run, the
better.
## Summary
Closes https://github.com/elastic/kibana/issues/198997
Part of https://github.com/elastic/kibana/issues/193245
This PR contains the changes to migrate `transactions` test folder to
Deployment-agnostic testing strategy.
### How to test
- Serverless
```
node scripts/functional_tests_server --config x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.apm.serverless.config.ts
node scripts/functional_test_runner --config x-pack/test/api_integration/deployment_agnostic/configs/serverless/oblt.apm.serverless.config.ts
```
It's recommended to be run against
[MKI](https://github.com/elastic/kibana/blob/main/x-pack/test_serverless/README.md#run-tests-on-mki)
- Stateful
```
node scripts/functional_tests_server --config x-pack/test/api_integration/deployment_agnostic/configs/stateful/oblt.apm.stateful.config.ts
node scripts/functional_test_runner --config x-pack/test/api_integration/deployment_agnostic/configs/stateful/oblt.apm.stateful.config.ts
```
## Checks
- [x] (OPTIONAL, only if a test has been unskipped) Run flaky test suite
- [x] local run for serverless
- [x] local run for stateful
- [x] MKI run for serverless
<!--ONMERGE {"backportTargets":["8.x"]} ONMERGE-->
## Summary
Fixes https://github.com/elastic/kibana/issues/196548
SLO Availability sync delay field to use `@timestamp` instead of
`event.ingested` !!
### Testing
- Make sure Synthetics availability SLOs works as expected in serverless
and stateful
- Make sure when SLO is updated, it continues to work
## Summary
This updates our `renovate.json` configuration to mark the Shared UX
team as owners of their set of dependencies. I made an attempt to group
the dependencies into logical groups, but this is easily changed if
desired.
## Summary
Part of https://github.com/elastic/kibana-team/issues/1242
**Fixes for alignment of the Role editor flyout**
1. Remove the warning callout regarding global privileges that impact
other privileges
1. Unify the info callouts regarding combination of privileges
1. set "Customize" as the default selected option when assigning new
privileges
1. update placeholders for selector box when assigning privileges
1. Hide privileges controls if no spaces are selected
1. Update button group label text to "Define privileges" and align
helper texts below
1. Align headers for assign/edit states
1. Remove descriptions under headers
1. Update size of info callout above button group to small
1. Reduce text size for the "Manage roles" link
1. Remove the "Additional Stack Management permissions can be found
outside of this menu..." test for the Spaces Management context.
**Polish fixes**
1. Remove features visible column
1. ~~Remove identifier column from spaces grid~~
1. Fix vertical alignment of non-current space name in table
1. Ordered the listing of assigned roles during and after search
1. Removing a role from the space shows a confirmation modal
1. Update columns widths in the spaces grid
1. Remove the "By default your current view is Classic" callout
### Checklist
Delete any items that are not applicable to this PR.
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
- [x] Any UI touched in this PR does not create any new axe failures
(run axe in browser:
[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),
[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
- [x] This renders correctly on smaller devices using a responsive
layout. (You can test this [in your
browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
- [x] This was checked for [cross-browser
compatibility](https://www.elastic.co/support/matrix#matrix_browsers)
