This is a follow up of https://github.com/elastic/kibana/pull/165311
Instead of duplicating the key we are only importing from
`@kbn/dev-utils` if the package is available. The serve file is also
load under dist mode where the devOnly dependencies are not availble and
as such we can't reliable load from them.
## Summary
This PR made updates to section titles and wordings in expandable flyout
according to [docs
suggestions](https://github.com/elastic/kibana/issues/164786).
## Right panel
**Response**
- Updated empty response message
**Visualizations -> Session viewer preview**
- Added upsell message when user does not have enterprise license
- Added empty message when session viewer preview is not available
**Visualizations -> Analyzer preview**
- Added empty message
**Investigation -> Investigation guide**
- Updated empty message when investigation guide is not available
**Insights -> Prevalence**
- Updated empty message when no filed/value pair meets prevalence
threashold
**Insights -> Entities**
- Updated empty message when neither host name or user name are present
## Left panel
**Insights -> Entities**
- Updated empty state message
- "User info" -> "User information"
- Tooltip and empty table message in related hosts table
- "Host info" -> "Host information"
- Tooltip and empty table message in related users table
**Insights -> Threat Intelligence**
- Updated title to lower case
- Updated empty message for threat match detected and enriched with
threat intelligence sections
- Updated tooltips
**Investigation**
- Updated empty state message to stay consistent with right section
**Insights -> Correlations**
- Updated table message when no item is found
**Insights -> Prevalence**
- Added tooltips to each column other than `Field` and `Value`
**Response**
- Updated empty state message to match response section on right section
### Checklist
Delete any items that are not applicable to this PR.
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
Fixes https://github.com/elastic/kibana/issues/165183
### Test instructions
1) install any sample data set
2) open new dashboard
3) Use "Add panel" buttons to add by-value map with only base map layer
4) Ensure map tiles fill entire map panel in dashboard
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Fix#165216
Fixed for any dimension panel:
<img width="269" alt="Screenshot 2023-08-31 at 14 22 24"
src="2a8eb2c0-747f-4918-997b-1b059339a242">
<img width="275" alt="Screenshot 2023-08-31 at 14 37 46"
src="0ef218b3-1400-4eb9-8f4b-65eee814e0ac">
This has been addressed also in the annotation panel:
<img width="262" alt="Screenshot 2023-08-31 at 14 37 00"
src="22967182-b9bb-49c4-bfb8-48f25babd128">
## Summary
When we run tests on MKI, we cannot override Elasticsearch security
realm definitions. This means that any of our tests relying on a custom
Elasticsearch security realm (SAML and JWT) won't work on MKI.
## How to test
See `Kibana serverless cheat sheet` on how to run tests against MKI.
Until https://github.com/elastic/qaf-tests/pull/30 is merged, you'd need
to also add `--exclude-tag=skipMKI` to the test runner command.
/cc @dmlemeshko
https://github.com/elastic/elasticsearch/pull/97865 expands
index-pattern expressions to include a cluster alias for purposes of
excluding an entire cluster from a cross-cluster search. This allows
users to put the minus sign in front of the cluster name
(`-cluster_one:*`). The advantage to this change is that it avoids
sending any network calls to that cluster. Compare this to the existing
syntax for excluding clusters, where the minus sign is in front of the
index name (`cluster_one:-*`). The older syntax has to send the request
to the remote cluster, which if it is down (and skip_unavailable=false),
will cause the search to fail.
This PR updates the docs to reflect the new syntax.
---------
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Due to an existing (but already resolved) bug in elastic-chart, the Lens Heatmap introduced a workaround to avoid a reduction in the size of the heatmap chart in the suggestions panel due to the length of the axis labels.
After the fix was resolved in elastic-charts, the workaround was not removed and left a bug in the interface.
This commit removes the workaround introduced.
Attempt at fixing https://github.com/elastic/kibana/issues/149611
I updated the test code as follows:
* Removed the RxJS logic and simply factorised the reads to read only
once.
* Got rid of the "retry" service. There's already a mechanism in place
to make sure the logs are up-to-date.
* Updated the `setCommonlyUsedTime` method to make sure it awaits for
the popup to be ready before clicking.
* Skipped 4 tests that seem outdated, the logs don't have the related
entries even after waiting for more than one minute and flushing (in
fact, they all seem to systematically fail on `main` too):
* lnsLegacyMetric
* [Flights] Delays & Cancellations
* [Flights] Destination Weather
* [Flights] Delay Buckets
Attached is the generated
[kibana.log](12260144/kibana.log)
(focussing only the `browser.ts` tests).
So for the skipped tests, this does not look like flakiness anymore, but
rather outdated / incorrect checks. I propose we review and update them
on a separate issue / PR.
50 runs results
[here](https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/3026).
## Summary
Adds a pipeline that will trigger the promotion and QG for kibana
through qa -> staging -> production whenever the tag which [matches the
regex](https://regex101.com/r/tY52jo/1) is created.
Sibling PR [here](https://github.com/elastic/serverless-gitops/pull/661)
that defines `main/gen/gpctl/kibana/tagged-release.yaml`
The meat of the PR is the regex.
---------
Co-authored-by: Thomas Watson <w@tson.dk>
Co-authored-by: Alex Szabo <delanni.alex@gmail.com>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Closes#164970
Fixes https://github.com/elastic/kibana/issues/165287
## Summary
- Adds an error message to the Processes tab for cases when user types
an invalid term into the search field.
- Also fixes the issue when the search field (on all tabs) would lose
focus while typing
**Showing the error**
a56ba086-decc-49f8-8a51-5e44ddd17d1d
**Before the change, field losses focus**
23cb2435-ec5c-4e3a-b955-97f2eca03307
**After the change**
a2c23da0-0d5f-4f7e-8835-e1d2e4eed4e6
## How to test
- Checkout locally
- Open host details as a page
- Go to the Processes tab and type "," in to the search field
- Make sure the app does not crash and shows the error
- Check the same for host details in the flyout
## Summary
Luckily ES ignores invalid role definitions in `roles.yml`, but it still
logs the following error:
```
node scripts/functional_tests_server.js --config x-pack/test_serverless/api_integration/test_suites/search/config.ts
----
docker logs -f es01
....
[2023-08-31T09:36:55,775][ERROR][o.e.x.s.a.s.FileRolesStore] [es01] invalid role definition [null] in roles file [/usr/share/elasticsearch/config/roles.yml]. skipping role..
```
### What this PR changes
branched from elastic/kibana/pull/163759
- Introduces new AppFeatures package `@kbn/security-solution-features`
with the common logic and `AppFeatureService` to apply offering specific
configurations for Security Solution features independently for
Serverless and ESS. This logic is replacing the earlier `AppFeatures` in
order to introduce new Kibana feature privileges for serverless PLIs so
that new Kibana privileges introduced for serverless PLIs do not
affect/show up as new Kibana feature privileges in ESS.
- Gates endpoint exceptions on alerts/rules based on serverless PLI
configurations. On serverless `Endpoint exceptions` should be
accessible/seen only on endpoint essentials/complete.
New AppFeatures logic architecture diagram:
**Note:** Corresponding API changes related to endpoint exceptions will
be in a new PR, along with the last set of UX changes for hiding the
`Endpoint exceptions` tab from the Rules details page.
### How to review
- Setup for _Servlerless_
- Run `yarn es snapshot` on a terminal window to start ES.
- Copy `config/serverless.security.yml` to
`config/serverless.security.dev.yml`
- Run `yarn serverless-security --no-base-path` on another terminal
window to start kibana in serverless mode
- Run `node
x-pack/plugins/security_solution/scripts/endpoint/endpoint_agent_emulator.js
--asSuperuser` on a new window and then select `1` to `Load Endoints`
and then `1` to `Run` the loader script. This will load some fake
agents/alerts data to test with.
### Tests (Serverless)
- with
`{ product_line: 'security', product_tier: 'essentials' }` or `{
product_line: 'security', product_tier: 'complete' }`
and
`{ product_line: 'endpoint', product_tier: 'essentials' }` or `{
product_line: 'endpoint', product_tier: 'complete' }`
1. Navigate to Rules>Shared exception lists via
`http://localhost:5601/app/security/exceptions`
2. Test that you can see `Endpoint Security Exception List` card on the
shared exception lists page.
3. Navigate to `Alerts` page via `app/security/alerts`, you should see
endpoint alerts. If not, then click on `Manage Rules` and then
disable/enable `Endpoint Security` rules. That should trigger alerts to
show up on the Alerts table.
4. Click on `View Details` button under `Actions` column. Once the
flyout is visible, click on `Take Action` and verify that `Add Endpoint
exception` is visible/enabled/clickable on the menu.
5. Click on `More actions` button under `Actions` column and verify that
`Add Endpoint exception` is visible/enabled/clickable on the menu.
6. Click on `Investigate in timeline` button under `Actions` column;
when the timeline view is visible and the alert item is displayed, click
on buttons mentioned in 4. and 5. above and verify the same.
7. Navigate to `Rules`>`DetectionRules`>`Endpoint Security` rule under
the `Rules` table. Select the `Alerts` tab.
8. Click and verify `View details`,`More actions` and `Investigate in
timeline` buttons same as in 4., 5., 6. above.
9. You should be able to see the `Endpoint exceptions` tab as well.
Click and verify that you can see the tab's content.
- with
`{ product_line: 'security', product_tier: 'essentials' }` or `{
product_line: 'security', product_tier: 'complete' }`
1. Edit `config/serverless.security.dev.yml` so that `endpoint` product
line item is commented out.
2. Test that you can not see `Endpoint Security Exception List` card on
the shared exception lists page.
3. Items 4. 5. 6. as above but the menu items should be disabled. This
can be verified with fake data only as with a real endpoint, endpoint
alerts are actually not visible at all.
### Tests (ESS)
On the ESS side, endpoint exceptions are not affected by this change and
work as usual based on index privileges.
---------
Co-authored-by: semd <sergi.massaneda@elastic.co>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: YulNaumenko <jo.naumenko@gmail.com>
Co-authored-by: Pablo Neves Machado <pablo.nevesmachado@elastic.co>
Co-authored-by: Pablo Machado <machadoum@gmail.com>
Closes https://github.com/elastic/kibana/issues/163163.
We were getting `elastic-agent` status using `human`
[output](https://www.elastic.co/guide/en/fleet/current/elastic-agent-cmd-options.html#_options_7),
this way of obtaining the state is very unreliable since human format
it's more likeable to vary from one version to other. e.g
- v8.0.0
<img width="1021" alt="image"
src="7c8102a4-0785-4ab1-b690-ab62ec67644d">
- v8.9.0
<img width="1026" alt="image"
src="b6acdfbd-6efa-4518-8855-0aba3662f07b">
### Changes
- Get `elastic-agent` status from json output.
#### Demo
##### v8.0.0
6c507269-65d5-4c8a-9e9f-420698ca995d
##### v8.9.0
acdab744-0bd7-43c8-9eb8-024e5a2eeae5
## Summary
Solves this issue: https://github.com/elastic/kibana/issues/161763
This PR introduces autocomplete for mustache variables for email
connector(next PR will add it to all connectors) under the feature flag.
We decided keep old solution with button with all searchable options as
well.
How to test:
Create an email connector in kibana.yml:
xpack.actions.preconfigured:
maildev:
name: 'email: maildev'
actionTypeId: '.email'
config:
from: 'guskova@example.com'
host: 'localhost'
port: '1025'
How it should work:
You start writing in Message window {{ and mustache variable name. And
you should see autocomplete popup with all possible options to choose.
When you click somewhere else, popup should disappeared.
061016a6-b8ca-497b-9bed-b8b012d31a95
e options to choose. When you click somewhere else, popup should
disappeared.
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Xavier Mouligneau <xavier.mouligneau@elastic.co>
