Originally fixed in https://github.com/elastic/kibana/pull/83836
**Problem**
When running in basic mode and navigates to the transactions details
page a toast is display with the warning:
>To create custom links, you must be subscribed to an Elastic Gold
license or above. With it, you'll have the ability to create custom
links to improve your workflow when analyzing your services.
This is caused by a request to `GET internal/apm/settings/custom_links`.
This PR ensures that only when users have a valid license custom links
will be attempted loaded
<img width="1705" alt="image"
src="60c59c87-9837-4fbb-8172-5a4add121db0">
## Summary
Remove superuser requirement in PackageService and replacing it with the
same privilege requirement as the API uses.
`PackageService` was introduced in
https://github.com/elastic/kibana/pull/121589
@joeypoon Is it okay for security team to change these privileges?
WIP, added only for `ensureInstalledPackage` for now.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
## Summary
This PR uses the new script to generate autocomplete definitions for Dev
Tools Console from the ES specification repo.
#### Definitions changes
- New property `availability` is added to filter out endpoints that are
not available in Serverless
- Some endpoints' query parameters have more details now, for example
common query params are now defined in definitions
```json
"url_params": {
"error_trace": "__flag__",
"filter_path": [],
"human": "__flag__",
"pretty": "__flag__"
},
```
- Url components in few endpoints are removed, but those were added to
overrides files in https://github.com/elastic/kibana/pull/163096
- Documentation links contain `{branch}` instead of `master` (fix for
that added in https://github.com/elastic/kibana/pull/159241)
#### Script changes
- The logic for generating `availability` for endpoint has been updated
based on the feedback from the Clients team. Details added to the script
file.
- Added a few "safe guards" to the spots in the script where an
unexpected type of data might be coming from the ES specification schema
#### Console changes
- Fixed the autocomplete request on Serverless (we might need a proper
fix for that, details in
https://github.com/elastic/kibana/issues/163318)
Also updates to readme files both in Console and the new script.
I will remove the old script in a separate PR.
## Screenshots
"ILM" autocomplete suggestions displayed on stateful
<img width="583" alt="Screenshot 2023-08-07 at 17 47 48"
src="641a48b0-fb1a-4d3b-a8c9-99eab8795510">
"ILM" autocomplete suggestions not displayed on serverless
<img width="572" alt="Screenshot 2023-08-07 at 17 35 16"
src="a1ee5468-eb9f-4f52-81d5-c661b06f8ceb">
## How to test
- Start Kibana on stateful (`yarn start`) and check that autocomplete
suggestions are working as before (no changes)
- Start Kibana on serverless (`yarn start --serverless`) and check that
autocomplete suggestions are not displayed for endpoints
blocked/internal on serverless.
### Checklist
Delete any items that are not applicable to this PR.
- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
- [ ] Any UI touched in this PR does not create any new axe failures
(run axe in browser:
[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),
[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
- [ ] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [ ] This renders correctly on smaller devices using a responsive
layout. (You can test this [in your
browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
- [ ] This was checked for [cross-browser
compatibility](https://www.elastic.co/support/matrix#matrix_browsers)
Closes#163821
## Summary
This PR adds a tooltip for the custom equation and updates its message,
similar to what we have in SLO.
|Before|After|
|---|---|
||
## Summary
This PR removes filtering vulnerabilities where the `severity` field is
missing or is different from CRITICAL, HIGH, MEDIUM or LOW. Right now
this is handled ok in the data grid but won't be reflected in the
severity map or trend chart components.
<img width="1728" alt="Screenshot 2023-08-08 at 17 42 46"
src="45ccf860-0cb7-4b03-ab51-5720dd7f90f9">
fixes
- https://github.com/elastic/security-team/issues/7289
## Summary
closes: https://github.com/elastic/kibana/issues/157847
The new links and pages in Security Solution for Serverless:
- `Investigations`
- `Timelines`
- `Osquery`
- `Assets`
- `Fleet` (and all its sub-links)
- `Endpoints` (and all its sub-links)
- `Cloud defend` (and all its sub-links)
- Callout with button linking `Integrations` in Project Setting
- `Project settings`
- `Users & roles` (Cloud UI)
- `Billing & consumption` (Cloud UI)
- `Integrations` (link to integrations with _/browse/security_ path
parameter)
- `Entity risk score` (link currently under the
`riskScoringRoutesEnabled` experimental flag)
- `Management` accordion with a set of (stack) management categories and
pages links
Sections updated:
(ESS & Serverless) `Rules` links have been updated according to new
specs.
(ESS) The `Settings` page was renamed back to `Manage`.
(Serverless) The `Dev tools` link was moved to the bottom of the side
navigation.
#### Cypress tests for serverless:
They will be implemented in a follow-up PR when the infrastructure is
ready https://github.com/elastic/kibana/pull/162698
## Screenshots
### Serverless
Investigations:
Assets:
Rules:
Project Settings:
## ESS
Side Navigation:
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Tomasz Ciecierski <ciecierskitomek@gmail.com>
Co-authored-by: Tomasz Ciecierski <tomasz.ciecierski@elastic.co>
## Summary
- Fixes the loading of the Host Isolation sub-feature control into
kibana - should always be loaded and includes only the `release`
privilege in it
- Fixes the "Take action" menu items for Host Isolation (displayed in
alert details) to ensure `release` is displayed when host is isolated
and user has `release` privilege only
- Endpoint Response console will now NOT be available to users who only
have `release` response action (this is a downgrade scenario where the
user is still allowed to `release` isolated hosts)
## Summary
Originally I made a PR to add the icon into eui Library, however they
told me that they no longer support adding 3rd party logo into eui
library as such we will need to add it to Kibana instead.
This Changes includes changing the GCP logo on
- Findings flyout
- Benchmark flyout
- Dashboard
- CSPM and CNVM onboarding page (GCP tab)
<img width="795" alt="Screenshot 2023-08-14 at 9 47 25 AM"
src="53e3aafa-7f3d-4c8f-b20c-ec365693ed88">
<img width="1223" alt="Screenshot 2023-08-14 at 9 33 58 AM"
src="2fcdf9ad-8088-42c4-bb32-d6cdf12d02bc">
<img width="563" alt="Screenshot 2023-08-14 at 9 35 36 AM"
src="5c63d03a-f929-4e5c-80e7-04d8327c7acb">
<img width="754" alt="Screenshot 2023-08-14 at 9 37 40 AM"
src="cd5bc65b-3118-4d1c-a943-7a12518ad5e6">
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
`85.1.0` ➡️ `86.0.0`
⚠️ The biggest change in this PR is migrating the `react-beautiful-dnd`
dependency to it's open-source forked successor, `@hello-pangea/dnd`.
This new fork has better typescript support and additionally supports
both React 17 and React 18.
## [`86.0.0`](https://github.com/elastic/eui/tree/v86.0.0)
- Added React 18 support (StrictMode not yet supported).
([#7012](https://github.com/elastic/eui/pull/7012))
**Deprecations**
- Deprecated `euiPaletteComplimentary`; Use `euiPaletteComplementary`
instead. ([#6992](https://github.com/elastic/eui/pull/6992))
**Breaking changes**
- Replaced the underlying drag-and-drop library from
`react-beautiful-dnd` to its fork `@hello-pangea/dnd`
([#7012](https://github.com/elastic/eui/pull/7012))
([#7012](https://github.com/elastic/eui/pull/7012))
- No code updates are needed if using only `<EuiDragDropContext>`,
`<EuiDroppable>` and `<EuiDraggable>` with no direct imports from
`react-beautiful-dnd`. In case you were importing things from
`react-beautiful-dnd` and using them together with EUI components, you
need to switch to `@hello-pangea/dnd` which has cross-compatible API.
---------
Co-authored-by: Tomasz Kajtoch <tomasz.kajtoch@elastic.co>
Co-authored-by: Tomasz Kajtoch <tomek@kajto.ch>
Co-authored-by: Cee Chen <549407+cee-chen@users.noreply.github.com>
Co-authored-by: Drew Tate <andrew.tate@elastic.co>
**Relates to:** https://github.com/elastic/kibana/issues/158246
## Summary
If activity filter contains both allowed values `enabled` and `disabled` simultaneously Coverage Overview endpoint returns the response filtered by the first value only.
This PR fixes wrong behavior os if `enabled` and `disabled` values are set simultaneously the response contains combined results for both `enabled` and `disabled` activity filter values.
For example a request like below
```sh
curl -X POST --user elastic:changeme -H 'Content-Type: application/json' -H 'kbn-xsrf: 123' -d '{"filter":{"activity": ["enabled","disabled"]}}' http://localhost:5601/kbn/internal/detection_engine/rules/_coverage_overview --verbose
```
would produce the same response as the following request
```sh
curl -X POST --user elastic:changeme -H 'Content-Type: application/json' -H 'kbn-xsrf: 123' http://localhost:5601/kbn/internal/detection_engine/rules/_coverage_overview --verbose
```
### Checklist
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
Closes https://github.com/elastic/kibana/issues/162976.
### Changes:
- `installAgentPlatformOptions` now have options for disabling the steps
and rendering a custom children.
- `WindowsInstallStep` component was created and used in customLogs and
systemLogs.
- Small fix where systemLogs was occupying the whole screen instead of
the content space.
- Return proper path depending on the platform selected.
#### Before changes
##### system onboarding
<img width="2063" alt="image"
src="52c4b842-f70a-4328-87b3-88f6bf6f959a">
##### customLogs onboarding
<img width="2052" alt="image"
src="68c4cb28-cd10-44b2-bcc4-bb10e0f19e47">
#### After changes
##### system onboarding
6e566618-a790-4ffd-ac39-041678f8d362
##### customLogs onboarding
bf908caf-e1d7-4273-8944-2923b9d0ec42
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
While working to extract various portions of the `advancedSettings`
plugin into packages, I found the `ComponentRegistry` in the plugin to
have a number of issues that contributed to a fairly bad UX:
- the API allows for adding/overriding the title, subtitle and footer of
the Advanced Settings page, but only the footer is rendered.
- the API is available to all plugins, but only renders a single
entry... so depending on the plugin load order, the render is not
guaranteed.
- filtering the footer in or out of the display is delegated to the
component itself, so:
- it only takes effect on render.
- the count is only updated if you click on the page that contains it,
but that logic is currently broken.
- the error message is inaccurate.
This PR fixes those issues and more:
- extracts the registry into its own package.
- changes the API to allow for multiple sections from multiple plugins.
- changes the API to filter these sections from the plugin, rather than
from each individual component.
- fixes state management to show sections, keep counts accurate, etc.
---------
Co-authored-by: Vadim Kibana <82822460+vadimkibana@users.noreply.github.com>
<img width="1493" alt="Screenshot 2023-08-14 at 3 11 13 PM"
src="6bafa1e3-7075-4779-92ae-35ab30436255">
When Profiling is initiated but feature flag is not enabled:
<img width="381" alt="Screenshot 2023-08-14 at 3 17 14 PM"
src="fb4821b9-2bcc-4a7d-bd77-b200e3d43892">
When Profiling is initiated and feature flag is enabled:
<img width="369" alt="Screenshot 2023-08-14 at 3 18 59 PM"
src="cf8ed7c6-77ee-48e7-bf82-7fc2a7101d6b">
## Summary
Addresses https://github.com/elastic/kibana/issues/160573 by assuming
the sizes of the test archives were overly large and possibly created
instability between tests, which led to `Error: socket hang up`.
The change in this PR is to shrink the contents ES archives used for
testing, by removing the report content and encrypted headers, which
aren't important for the test. The tests that need these archives simply
use the metadata to ensure telemetry usage collection is working.
||Before|After|
|---|---|---|
| x-pack/test/functional/es_archives/reporting/bwc/6_2/data.json.gz |
3.2M | 4.0K |
| x-pack/test/functional/es_archives/reporting/bwc/6_3/data.json.gz |
6.7M | 6.0K |
Since this addresses a failed test rather than a flaky test, it's going
off the assumption that this change is sufficient to close the issue.
Closes https://github.com/elastic/kibana/issues/160573
## Summary
This is a fix for the flaky test
https://github.com/elastic/kibana/issues/163365 that checks Dev Console
with CCS. Before we were looking for the response to the query to
contain `extension: jpg` which might or might not show up in the
viewport based on the logstash data ingested (some of the documents have
a multi-line `message` field that will scroll everything else out of the
viewport).
<img width="1210" alt="test"
src="729f4645-db48-46bc-8376-aee8602ef500">
With the change we're looking for the `_index` metafield which can also
confirm that the search worked and it returned results from a remote
cluster. There shouldn't be any instance of it not showing up in the
viewport since it's one of the first fields in a search hit.
## Summary
Removes the link from the listing page for readonly visualizations
<img width="861" alt="image"
src="fca790d1-d8f4-4ede-b1ef-25f67da6b202">
I added this case to our serverless tests
https://github.com/elastic/kibana/issues/162346 as it is a regression
(it used to work ok).
**Resolves: https://github.com/elastic/security-team/issues/7134**
## Summary
Implemented request and response schema generation from OpenAPI
specifications.
The code generator script scans the
`x-pack/plugins/security_solution/common/api` directory, locates all
`*.schema.yaml` files, and generates a corresponding `*.gen.ts` artifact
for each, containing `zod` schema definitions.
<hr/>
Right now, all generation sources are set to `x-codegen-enabled: false`
to prevent the creation of duplicate schemas. Maintaining the old
`io-ts` schemas alongside the new `zod` ones could potentially lead to
confusion among developers. Thus, the recommended migration strategy is
to incrementally replace old schema usages with new ones, subsequently
removing outdated ones. I'll be implementing this approach in the
upcoming PRs.
### How to use the generator
If you need to test the generator locally, enable several sources and
run the generator script to see the results.
Navigate to `x-pack/plugins/security_solution` and run `yarn
openapi:generate`
<img width="916" alt="image"
src="be1a8a61-b9ed-4359-bc3e-bf393f256859">
Important note: if you want to enable route schemas, ensure you also
enable all their dependencies, such as common schemas. Failing to do so
will result in the generated code importing non-existent files.
### Example
Input file
(`x-pack/plugins/security_solution/common/api/detection_engine/model/error_schema.schema.yaml`):
```yaml
openapi: 3.0.0
info:
title: Error Schema
version: 'not applicable'
paths: {}
components:
schemas:
ErrorSchema:
type: object
required:
- error
properties:
id:
type: string
rule_id:
$ref: './rule_schema/common_attributes.schema.yaml#/components/schemas/RuleSignatureId'
list_id:
type: string
minLength: 1
item_id:
type: string
minLength: 1
error:
type: object
required:
- status_code
- message
properties:
status_code:
type: integer
minimum: 400
message:
type: string
```
Generated output file
(`x-pack/plugins/security_solution/common/api/detection_engine/model/error_schema.gen.ts`):
```ts
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
import { z } from 'zod';
/*
* NOTICE: Do not edit this file manually.
* This file is automatically generated by the OpenAPI Generator `yarn openapi:generate`.
*/
import { RuleSignatureId } from './rule_schema/common_attributes.gen';
export type ErrorSchema = z.infer<typeof ErrorSchema>;
export const ErrorSchema = z.object({
id: z.string().optional(),
rule_id: RuleSignatureId.optional(),
list_id: z.string().min(1).optional(),
item_id: z.string().min(1).optional(),
error: z.object({
status_code: z.number().min(400),
message: z.string(),
}),
});
```
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Original ticket: https://github.com/elastic/kibana/issues/159060
This PR un-skips test which was disabled after the Rule Editing page
[refactoring](https://github.com/elastic/kibana/pull/157749). There we
stopped fields validation on page loading. To be able to show the
"failed to load saved query" error on page loading we force the field
validation when we failed to load a saved query.
## Summary
To fix the following error when running `node scripts/synthtrace
simple_trace.ts --local --live`:
```
Error: Could not connect to Kibana: request to http://elastic:changeme@localhost:5601/ failed, reason: connect ECONNREFUSED ::1:5601
at getKibanaUrl (/kibana/packages/kbn-apm-synthtrace/src/cli/utils/get_service_urls.ts:76:11)
```
Closes https://github.com/elastic/kibana/issues/163244.
### Changes
- Use `@kbn/use-tracked-promise` to fetch data from fleet apis, couldn't
use the `useFetcher` hook because it's tailoring internal routes in the
plugin;
- `useInstallSystemIntegration ` is a new hook responsible for
installing the system integration.
- `system-integration-banner` component have been created to hold all
the logic related to system integration.
#### After this changes
##### When integration is not installed
4162319f-35d3-42d3-bd4d-821d1da26a8b
##### When integration is already installed
5f1bf76e-7ed4-4f2c-ba4c-a8b2f3ff80a2
If a user doesn't have the required privileges to install the
integrations they can still continue with the onboarding process but
will see the following message in the UI. After the onboarding is
finished they will be redirected to discover using dataset names
`system.auth` and `system.syslog`.
<img width="2055" alt="image"
src="8214b761-1712-4c7b-888a-394e68ded59f">
### How to test?
- Enter the [custom
deployment](https://yngrdyn-deploy-kiban-pr163794.kb.us-west2.gcp.elastic-cloud.com/)
- Check [installed
integrations](https://yngrdyn-deploy-kiban-pr163794.kb.us-west2.gcp.elastic-cloud.com/app/integrations/installed)
`/app/integrations/installed`
- Go to observability onboarding [landing
page](https://yngrdyn-deploy-kiban-pr163794.kb.us-west2.gcp.elastic-cloud.com/app/observabilityOnboarding):
`app/observabilityOnboarding`
- Select `Stream host system logs` or `Quickstart`
- System integration should install (if it's not installed in the
deployment) or just notify that has been installed (if it's already
installed in the deployment)
- After entering `Stream host system logs` page System integration
should be installed
