## Summary
This PR addresses the occasional toast-floods/toast-storms with a simple
catch mechanism: deduplicate/group toasts by their broad alikeness,
their text and title.
This implementation plugs in to the `global_toast_list.tsx` in Kibana's
GlobalToastList component, capturing updates on the toast update stream,
and collapses toasts before passing them further to the downstream EUI
Toast list react components.
The core idea is to not display notifications directly, but to keep the
toast notifications apart from their visual representation. This way, we
can represent more notifications with one toast on our end, if we group
rightly. The only issue then, is to clean up everything nicely when it's
time. For this we're also exporting a mapping that shows which toast ID
represents which grouped toasts.
I also changed the type `ToastInputFields` to accept rendered react
components as title/text - this will prevent attempts to unmount react
components from elements that are not displayed, thus causing React
warnings.
The close-all button is an EUI feature, which we've started discussing
[here](https://github.com/elastic/eui/issues/6945), probably not part of
this PR.
## What toasts get merged?
The exact merging strategy was not settled, and it's kind of a valve,
where we trade off potential detail lost in toasts for the prevented
noise in the toast floods. The current strategy is as folows:
```
* These toasts will be merged:
* - where title and text are strings, and the same (1)
* - where titles are the same, and texts are missing (2)
* - where titles are the same, and the text's mount function is the same string (3)
* - where titles are missing, but the texts are the same string (4)
```
The base merge case is `(1) & (2)`, after some discussion with @Dosant
we decided to include (3) as a compromise, where we're still merging
somewhat similar toasts, and extend the merging to `ToastsApi::addError`
where all error toasts have a MountPoint as their text. We understand
this might hide some details (e.g.: same titles, but very slightly
different MountPoints as their text) but realistically this shouldn't
really happen.
The ultimate future improvement will be (as suggested in the comments by
@jloleysens) a sort of identifier to the toast, based on which we can
group without fear of losing information. But this will require more
work on all the call-sites.
Relates to: #161482
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
### For maintainers
- [x] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Before:
If agent.type !== endpoint, we were disabling the Respond button in the
Take Action dropdown on the Alert Detail page. However, an alert coming
from, for example, filebeats, could be originating from an agent with
Defend integration, which supports respond actions.
After:
I removed the check for agent.type, resulting in the API
/endpoint/metadata/:id being called in all cases. If the API returns a
200 status code, we display the respond button since the endpoint
supports the response console. If the API returns a 404 status code, we
display a tooltip saying 'Please add Defend integration' and keep the
button disabled.`
Take Action button
Timelines
## Summary
Bumps node.js to 18.17.0 (replacement for PR #144012 which was later
reverted)
As a result, these categorical additions were needed:
- `node` evocations will need the `--openssl-legacy-provider` flag,
wherever it would use certain crypto functionalities
- tests required updating of the expected HTTPS Agent call arguments,
`noDelay` seems to be a default
- `window.[NAME]` fields cannot be written directly
- some stricter typechecks
This is using our in-house built node.js 18 versions through the URLs
the proxy-cache. (built with
https://github.com/elastic/kibana-custom-nodejs-builds/pull/4)
These urls are served from a bucket, where the RHEL7/Centos7 compatible
node distributables are. (see:
https://github.com/elastic/kibana-ci-proxy-cache/pull/7)
Further todos:
- [x] check docs wording and consistency
- [ ] update the dependency report
- [x] explain custom builds in documentation
- [x] node_sass prebuilts
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Tiago Costa <tiago.costa@elastic.co>
Co-authored-by: Thomas Watson <w@tson.dk>
Resolves https://github.com/elastic/kibana/issues/162393
Adds a new feature flag
`xpack.observability.unsafe.alertDetails.observability.enabled` to
show/hide threshold alert details page until it is ready for GA.
Fix https://github.com/elastic/kibana/issues/160974
Fix https://github.com/elastic/kibana/issues/160929
## Summary
From Es 8.10, the `version` field from the Get Snapshot response has a
different format - it will no longer be a string representing the
release version, but rather it will be a string representing the version
id (see
https://github.com/elastic/kibana/issues/160974#issuecomment-1618087194
for more details).
This PR replaces the use of the `version` field with the `versionId`
field when checking in the Snapshot Restore form if the current version
is greater than 7.12 (which corresponds to `versionID` 7120099).
The PR also unskips the functional test that failed with the promotion
of Es to 8.10.
**How to test:**
1. Start Es with `yarn es snapshot -E path.repo=./tmp/snap` and Kibana
with `yarn start`
2. Go to Stack Management -> Snapshot and Restore
3. Create a Shared File System repository with location `./tmp/snap`
4. Create a policy that uses the repository created in the previous
step.
5. Run the policy to create a snapshot.
6. Go to the Snapshots tab and click the Restore button for the created
snapshot.
7. Verify that the Snapshot restore form works as expected.
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Fixes#152206
## Summary
I removed the reporter tests from
`x-pack/plugins/cases/public/components/case_view/components/case_view_activity.test.tsx`
There were a few things being tested:
| Old Test | Where is it covered |
| ------------- | ------------- |
| does the case view render `'case-view-user-list-reporter'` | [a
functional test already covers
this](https://github.com/elastic/kibana/blob/main/x-pack/test/functional_with_es_ssl/apps/cases/group1/view_case.ts#L47)
|
| Is a reporter name displayed correctly | covered in the UserList
component tests |
| a reporter without uid is rendered correctly | moved this logic to
`parseCaseUsers` and tested it there in this PR |
| fallbacks correctly to the caseData.createdBy user correctly | moved
this logic to `parseCaseUsers` and tested it there in this PR |
- Originally Kibana's `http` service did not support receiving streams,
that's why we used plain `fetch` for this. This has been fixed in
#158678, so this PR updates the streaming helpers to use Kibana's `http`
service from now on.
- The PR also breaks out the response stream code into its own package
and restructures it to separate client and server side code. This brings
down the `aiops` bundle size by `~300KB`! 🥳
- The approach to client side throttling/buffering was also revamped:
There was an issue doing the throttling inside the generator function,
it always waited for the timeout. The buffering is now removed from
`fetchStream`, instead `useThrottle` from `react-use` is used on the
reduced `data` in `useFetchStream`. Loading log rate analysis results
got a lot snappier with this update!
Closes#162381
## Summary
This PR is,,,
1. Adding documentation about objectization in variable substitution.
2. Fixing a glitch in the illegal double quotes `""`.
<details open="true"><summary>details</summary>
For example, `""${ZERO}""` may have substituted `"0"` but this
substitution must not occur because no quotes surround the `${ZERO}` in
the context of JSON syntax. `""${ZERO}""` is jut `${ZERO}` with forward
and training `""`.</details>
3. Promoting triple quotes `"""` as an alternative to the illegal double
quotes `""`.
<details open="true"><summary>details</summary>
Now `"""${ZERO}"""` is a way to substitute `"""0"""` rather than `0`
that `"${ZERO}"` may substitute. The same as before, these single and
triple quotes work only in the request body.</details>
### Checklist
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [x]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] This was checked for [cross-browser
compatibility](https://www.elastic.co/support/matrix#matrix_browsers)
Note: Regex negative lookahead `x(?!y)` and ~~lookbehind `(?<!y)x`~~
(_EDIT: no lookbehind anymore_) assertions
([cf.](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_expressions/Assertions#other_assertions))
are used in this PR. So, I've checked the following steps on each
browser.
Browsers:
- Chrome 115.0.5790.102
- Firefox 115.0.2
- Edge 115.0.1901.183
- Safari 16.3 (18614.4.6.1.6) ~~CAN'T CHECK~~ - Safari has recently
added support for the negative lookbehind as per this 16.4 release note.
>
https://developer.apple.com/documentation/safari-release-notes/safari-16_4-release-notes
> Added support for RegExp lookbehind assertions.
Steps:
1. Go to Dev Tools > Console.
2. Click `Variables` on the top.
4. Define variable `ZERO` with `0`.
6. Run the following command.
```http
POST test/_doc
{
"field": "${ZERO}"
}
```
### For maintainers
- [x] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
## Release note
Improves a way of variable substitution and its documentation
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Part of the CSP teams quick wins effort, this PR aims to improve the
experience for users first landing on the Findings page, or returning to
it.
Currently we always set the "Misconfigurations" tab as default
regardless of whether there are misconfigs or not. Even if there are
vulnerabilities (the primary tab), it will still default to misconfigs.
A small component was created to handle the root route for 'findings'
and decide which Tab to be redirected to. Vulnerabilities or
Misconfigurations. If a user has never made a tab selection, there are
no vulnerabilities, but there are findings, the user will be redirected
to the "Misconfigurations" tab. If the user had previously clicked to
select a tab, it will always remember which tab they came from last.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Moves constants from the Discover plugin into the `@kbn/discover-utils`
package.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Closes#159260
## Summary
Adds support for running ES through Docker and Serverless in `@kbn/es`
### Checklist
Delete any items that are not applicable to this PR.
- [x]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Tiago Costa <tiago.costa@elastic.co>
Introduces a new `Security` Key Concepts page to the developer
documentation, with two sections:
1. API Authorization, adapted from
https://github.com/elastic/kibana/pull/160351#discussion_r1253519358.
2. `kibana_system` privilege guidelines, adapted from our team's
internal documentation. There are two notable changes from the previous
version:
1) Removal of internal discussions, as this now exists within a public
repository.
2) Recreated the existing mermaid diagram into a public Whimsical
diagram. The new docs system supports the latter, but not the former.
## Testing
To build this locally, run `./scripts/dev_docs` from a local checkout of
this PR. A server will eventually start on `http://localhost:3000` where
you can preview the changes.
## Screenshots
<img width="1632" alt="CleanShot 2023-07-12 at 08 32 23@2x"
src="1b7c5053-a1bf-434f-bdfd-3eeeee692e18">
**Related to: https://github.com/elastic/security-team/issues/7098**
### Summary
- Move Rules Management HTTP API schemas to `/common/api`
- Explicitly define response types for API endpoints
- Remove the `_generate_assets` endpoint as unused
- Minor type fixes
Closes https://github.com/elastic/kibana/issues/162141.
### Changes
- Created an `esLegacyConfigService` to access esConfiguration and get
the hosts (protocol + url + port).
- Initialised the service mentioned using
`core.elasticsearch.legacy.config$`.
- Injected `esLegacyConfigService` as a resource for routes.
- Stop service whenever plugin is stopped.
## Summary
Adds content management api mSearch functionality to `lens`,
`visualization`, and `event_annotation_group` types via abstracted
function and types.
Part of https://github.com/elastic/kibana/issues/161545
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Stratoula Kalafateli <efstratia.kalafateli@elastic.co>
Currently, if you try loading archive with index mappings not having
replica set into stateless ES, it won't work properly: you will get 503
error on calling `GET <index_name>/_stats`:
```
{
"error": {
"root_cause": [
{
"type": "no_shard_available_action_exception",
"reason": null
}
],
"type": "search_phase_execution_exception",
"reason": "all shards failed",
"phase": "query",
"grouped": true,
"failed_shards": [
{
"shard": 0,
"index": "indices-stats",
"node": null,
"reason": {
"type": "no_shard_available_action_exception",
"reason": null
}
}
]
},
"status": 503
}
```
In stateless replica is
[required](https://elastic.slack.com/archives/C037J0RKRAN/p1690218904855299)
in order to perform search requests (the "search shard").
This PR updates index mappings in es_archives with
`"auto_expand_replicas": "0-1"`, in order to be compatible with
stateless ES and so that we can re-use existing data sets rather than
creating new ones.
I checked with Core Team that we should fine to just adapt all mapping
files, but let me know if that doesn't work for you.
The same value is used to create the "real" SO
[indices](c79c09c3d0/packages/core/saved-objects/core-saved-objects-migration-server-internal/src/actions/constants.ts (L21))
in Kibana.
## Summary
This PR versions the `cases` and `comment` domain objects and their
corresponding APIs. It was not possible to do them separately as I got
errors due to circular dependencies.
## Notable Changes
- The `Comment` type was renamed to `Attachment`
- The `Comments` type was renamed to `Attachments`
- The `*CommentRequestRt` type was renamed to `*AttachmentPayload`
- The `CommentType` type was renamed to `AttachmentType`
- The `AttributesType*` type was renamed to `*AttachmentAttributes`
- The `*ResponseTypeUserRt` type was renamed to `*AttachmentRt`
- The word `comment` got replaced with the word `attachment` in all
types
- The `RelatedCaseInfo` type was renamed to `RelatedCase`
- The `CasesByAlertId` type was renamed to
`GetRelatedCasesByAlertResponse`
Depends on: https://github.com/elastic/kibana/pull/161783,
https://github.com/elastic/kibana/pull/162059
### Checklist
Delete any items that do not apply to this PR.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
### For maintainers
- [x] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Replaces the current JVM runtime metrics dashboard with a more advanced
dashboard (based on the portable dashboards feature).
Additional information (that has not been shown in the previous view):
- memory allocation rate
- Heap usage split by memory pools
<img width="1428" alt="image"
src="c147f9c4-b115-455e-a86e-c288a94e25cb">
<img width="1424" alt="image"
src="3ff8978f-917f-4b5e-bd82-fe3a52fe78c7">
---------
Signed-off-by: Alexander Wert <alexander.wert@elastic.co>
Subset of #161337
Unblocks #162149
## Summary
This PR uses the access 'public' option when registering the `GET
/api/security/logout` and `POST /api/security/saml/callback` APIs. This
will ensure they have public access in serverless, while all other APIs
will default to internal. PR #161672 changes default access of
registered endpoints to 'internal', meaning that API owners have to
explicitly set access: public to pass the API protection restriction.
This PR also adds internal headers to the existing serverless Spaces API
tests. This unblocks the PR to enable API protection in serverless
(#162149).
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
When turning on `server.restrictInternalApis` a number of issues
surfaced due to defaulting to internal resulting in `400`s for:
* HTTP resources
* Static assets via `registerStaticDir`
* Use of `res.render(Html|Js|Css)` outside of HTTP resources
This PR:
* defaults our HTTP resources service to register routes by default
`public`, same for static dirs.
* Did an audit of all renderX usages, if outside of HTTP resources I
added an explicit `access: public`
* ...what else?
### Set `access: 'public'` for known set of "system" routes
Method | Path | Comment
-- | -- | --
GET | /api/status
GET | /api/stats
GET | /translations/{locale}.json
GET | /api/fleet/agent_policies
GET | /api/task_manager/_background_task_utilization
GET | /internal/task_manager/_background_task_utilization
GET | /internal/detection_engine/health/_cluster
POST | /internal/detection_engine/health/_cluster
GET | /internal/detection_engine/health/_space
POST | /internal/detection_engine/health/_space
POST | /internal/detection_engine/health/_rule
POST | /internal/detection_engine/health/_setup
GET | /bootstrap.js
GET | /bootstrap-anonymous.js
GET | \*\*/bundles/\* | Core's routes for serving JS & CSS bundles
## How to test
Run this PR with `kibana.dev.yml` containing
`server.restrictInternalApis: true` and navigate around Kibana UI
checking that there are no `400`s in the network resources tab due to
access restrictions.
## Notes
* Either left a comment about why `access` was set public or a simple
unit test to check that we are setting access for a given route
## To do
- [x] Manually test Kibana
- [x] Manually test with `interactiveSetup` plugin
- [ ] Add integration and e2e test (will do in a follow up PR)
Related: https://github.com/elastic/kibana/pull/162149
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Closes https://github.com/elastic/kibana/issues/162215
## Summary
This PR changes the default session idle timeout for users to 3 days.
## Changes Made
- Updated default `session.idleTimeout` to `3d`.
- Updated tests to expect the new default timeout
- Updated asciidocs to match the above change
## Release notes
Change the default value of `session.idleTimeout` from 8 hours to 3
days.
## Summary
Add PLI authorization checks for Entity Analytics features.
*This PR only restricts access to the features* but doesn't implement
PLG/Upselling. It will be added later when we have defined the UX for
it.
The `advancedInsights` PLI was already configured, so I only had to add
extra checks to make sure users can't see the Risk score on other
components.
Updated components:
* "All hosts" table on the Hosts page
* "All users" table on the Users page
* Host overview on the Host details page and Host details flyout
* User overview on the User details page and User details flyout
* Alerts flyout
* Remove sample Upselling components config
### Not included
* Upselling/PLG
* I left empty tabs/pages where the Upselling component will be added
### How to test it?
#### ESS
* Run ESS with a basic license
* Run ESS with a platinum
#### Serverless
* Run Serverless with security essentials (serverless.security.yml)
```
xpack.serverless.security.productTypes:
[
{ product_line: 'security', product_tier: 'essentials' }
]
```
* Run Serverless with security complete
(kibana/config/serverless.security.yml)
```
xpack.serverless.security.productTypes:
[
{ product_line: 'security', product_tier: 'complete' },
]
```
1ab84134-bee1-497c-9b41-a9ec398bd921
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Connected to https://github.com/elastic/kibana/issues/146945
This PR updates API docs for
Description | Limit | Done? | Documented? | UI?
-- | -- | -- | -- | --
Total assignees per case | 10 | ✅ | Yes | ✅
Maximum number of cases/user actions/comments returned from the API |
10.000 | ✅ | Yes | N/A
Total number of cases by alert ID returned from the API | 10.000 | ✅ |
Yes | N/A
Total number of tags returned from the API | 10.000 | ✅ | Yes | N/A
Total number of reporters returned from the API | 10.000 | ✅ | Yes | N/A
### Checklist
Delete any items that are not applicable to this PR.
- [x]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
### For maintainers
- [x] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
---------
Co-authored-by: lcawl <lcawley@elastic.co>
