## Summary
Based on a request in [this
issue](https://github.com/elastic/security-team/issues/10341). The
Cypress cleanup task for serverless testing didn't include a command to
cleanup the project tested against when that project was created using
the proxy handler. This PR adds a second conditional method in the
cleanup task to cleanup projects with the proxy handler when it is in
use.
### Checklist
- [ ] Cypress tests run with proxy handler
- [x] Projects created during a cypress run with the proxy handler are
automatically cleaned up by the cypress cleanup task
### For maintainers
- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Co-authored-by: Maxim Palenov <maxim.palenov@elastic.co>
Co-authored-by: dkirchan <55240027+dkirchan@users.noreply.github.com>
Co-authored-by: Gloria Hornero <gloria.hornero@elastic.co>
- Fixes "Untitled" CSV exports when an export of a Discover session CSV is triggered on a Dashboard
- Switches to make use of the embeddable title when exporting CSV of Discover session embeddables on a Dashboard.
## Summary
This PR fixes a regression in the `serializeState` function used to pass
the embeddable attributes to the dashboard to save the panel. In the
refactor this function started to leak the `searchSessionId` in the
serialized state and even if not used after worse it could lead to
issues and in general it's a waste of disk space.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
## Release notes
It fixes a regression for the serialized state for the Lens embeddable
saving attributes who should not be in the serialized state.
## Summary
This PR was initially to resolve more prompt improvements, but it will
be split into multiple PR's as it also includes a bugfix for ECS mapping
node logic, where ECS mapping node was not always part of the
translation flow.
Some minor prompt improvements are also included, an updated field
mapping for RAG rules (adding the query field) and filtering out metrics
integrations from the RAG for now.
Added telemetry metadata parameters to createModel together with
`maxRetries` as well.
Remove visualizations dependency from dashboard plugin. Instead of using
lens visTypeAlias, navigating to lens is done by executing addLensPanel
action.
Part of https://github.com/elastic/kibana/issues/204249
Clean up work from embeddable refactor. PR removes
`DashboardContainerInput` type, which is a duplicate of `DashboardState`
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
fixes https://github.com/elastic/search-team/issues/9171
## Summary
The connectors integration should be GA in ECH, but shouldn't be
available in serverless right now.
~~Prettier also triggered on these files based on our `.prettierrc`
rules, it looks like. Let me know if I should revert all the formatting
changes. There were mixed quotes in a few places, and some indentation
stuff in others.~~
I removed the prettier changes because they invited substantial
conflicts with all the whitespace changes.
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
### Identify risks
Does this PR introduce any risks? For example, consider risks like hard
to test bugs, performance regression, potential of data loss.
Describe the risk, its severity, and mitigation for each identified
risk. Invite stakeholders and evaluate how to proceed before merging.
- [x] Changes serverless behavior, so I'm deploying a serverless search
project to smoke test
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Resolves https://github.com/elastic/kibana/issues/208459
## Summary
The fix added in this
[PR](https://github.com/elastic/kibana/pull/206598) to call the
`mark_removed_tasks_as_unrecognized` tasks sometimes throws an error if
the task is in the middle of running. This PR adds a try/catch and a
retry to the `runSoon` call.
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## Summary
Closes https://github.com/elastic/kibana/issues/206237
Create `fleet-synced-integrations` index in Fleet setup, added async
task that populates the index with a doc that includes remote ES output
data and installed integrations data.
ES change to add `kibana_system` privileges:
https://github.com/elastic/elasticsearch/pull/121753
To test locally:
- run elasticsearch from source to apply the privilege changes, so that
`kibana_system` can create the index.
```
yarn es source -E xpack.security.authc.api_key.enabled=true -E xpack.security.authc.token.enabled=true --source-path=/Users/juliabardi/elasticsearch -E path.data=/tmp/es-data -E xpack.ml.enabled=false
```
- enable the feature flag in `kibana.dev.yml`:
`xpack.fleet.enableExperimental: ['enableSyncIntegrationsOnRemote']`
- add a remote ES output with sync enabled
- install some integrations
- wait until Fleet setup and the task runs
- verify that the index is created and contains a doc with the expected
data
```
GET fleet-synced-integrations/_search
"hits": {
"total": {
"value": 1,
"relation": "eq"
},
"max_score": 1,
"hits": [
{
"_index": "fleet-synced-integrations",
"_id": "fleet-synced-integrations",
"_score": 1,
"_source": {
"remote_es_hosts": [
{
"hosts": [
"http://remote1:80"
],
"name": "remote1",
"sync_integrations": true
}
],
"integrations": [
{
"package_version": "1.64.1",
"updated_at": "2025-02-05T11:03:02.226Z",
"package_name": "system"
}
]
}
}
]
```
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Closes https://github.com/elastic/kibana/issues/210313
Automates the retrieval of grouping functions ( categorize and bucket )
for both the functions definitions and docs.
Buckets signatures are tricky so I overwrite them with our
implementation. Everything else is being retrieved by ES
## Release Note
Fix package name validation on Datastream page.
## Summary
Closes - #199893
If the package name starts with a number [ Only number , alphabet ,
underscore are allowed ] then some of the script processors in the
pipeline fail with dot annotation since the fields are formed like
`ctx.123_abc.something` which fails with `Illegal Argument Exception` in
script processor.
Hence the package name has additional validation on Data stream page to
restrict it to start with an alphabet or underscore instead.
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
In https://github.com/elastic/kibana/pull/208166, we added a validation
step that verifies that all zod schemas:
a) Are built with supported types, meaning types that we can analyze for
if they are applied strictly (no excess keys)
b) Are built with any side effects (refine or transform, which may
impact the type reliability)
This doesn't impact the actual parameter validation, but is instead an
additional check on the schemas we're using.
For any violation found, we log a warning, this has the downside of
increasing our total log volume and is only really needed in development
mode.
Hence, in this PR, we're only logging these warnings if Kibana is
running in dev mode, and the PR updates all consuming plugins to pass
this context along.
## Summary
This PR adds a test config category to the scout reporting. This allows
us to distinguish between UI and API FTR tests.
A new property `testConfigCategory` has been added to all FTR configs
that don't already inherit it from a higher level config.
## Summary
This PR turns the AlertsTable into a standalone component, making it
independent from the `TriggersActionsUI` plugin.
#### Removes the alerts table registry
All configuration is now managed through the AlertsTable component
props. Shared configurations are handled by giving consumers the ability
to directly provide alerts table wrapper components (see for example the
`renderAlertsTable` prop of `getCases`).
#### Moves the alerts table to dedicated package(s)
Following the feature-driven structure we're introducing for ResponseOps
(alerting) client-side packages:
- `@kbn/response-ops-alerts-table`
- `@kbn/response-ops-alerts-apis`
- `@kbn/response-ops-alerts-fields-browser`
#### Initial work on improving composition and organization
- Reorganizes the table code into a by-entity-type folder structure
(`components/`, `hooks/`, ...)
- Simplifies some components and breaks into smaller units when possible
## To verify
For consumers of the alerts table:
- Check that all your tables have the same behavior as before (columns,
sort, row actions, bulk actions, etc.)
- Check that your "shared" tables (i.e. cases alerts view in O11y and
Security) have the expected configuration and behavior
> [!WARNING]
> This PR moves a lot of files. Git might not always recognize the
correct delete/add file pairs. If you see weird diffs feel free to reach
out for help!
### Checklist
- [x]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] [Flaky Test
Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was
used on any tests changed
### Identify risks
| Risk | Description | Severity | Mitigation |
|---|---|---|---|
| Table misconfigurations | Some table configurations might slightly
differ from the previous AlertsTableRegistry-backed version | Low |
Quick fix |
## References
Closes#195180
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Christos Nasikas <xristosnasikas@gmail.com>
## Summary
Fix flaky tests for custom rule and step detail !!
## Changes
`custom_status_alert.journey.ts
`
Rule name filling was flaky so sometimes it was keeping the default name
value, so i have removed it to simplify and keep default rule name
always which is "Synthetics monitor status rule"
`step_details.journey.ts
`
Monitor wasn't being created due to a bad request on browser monitor
payload, which was causing this test to fail, monitor absence was
causing test to fail.
Closes https://github.com/elastic/kibana/issues/210179
## Summary
While attempting to attach an alias to the session index, we were using
`.kibana_security_session_1` as the index name. However, the session
index, if upgraded using the Upgrade assistant gets renamed to
`.kibana_security_session_1-reindexed-for-9` and
`.kibana_security_session_1` is set as an alias pointing to this index.
When we try to reattach the alias using this as the index name, ES
throws an error. This doesn't affect Kibana functionality but it
increases the number of errors thrown in the logs.
**This PR corrects this issue by attaching the alias to the index only
when alias isn't already present. We now only assign the alias if not
present - and not during creation of the index as it is created with the
alias in it's settings.**
### Release note
Fixes the assignment of the Session index alias by only attaching it if
not already present.
## How to test
To see the error in the logs, you'll need at least 7.x and 8.x checked
out locally. Once done, run bootstrap.
#### Step 1: On 7.17
- Start ES with `yarn es snapshot --license trial -E
path.data=/tmp/esdata`
- Start Kibana and login with elastic user
- You can check the contents of Kibana session index:
```
GET .kibana_security_session_1/_search
{
"query": {
"match_all": {}
}
}
```
Should return a single document
- You can now shut kibana and ES
#### Step 2: on 8.x
- Make a backup of the esdata above `cp -r /tmp/esdata /tmp/esdatabkp`
- Start ES as above `yarn es snapshot --license trial -E
path.data=/tmp/esdata`
- Start kibana and login
- Navigate to Upgrade assistant. You should see at least 2 System
indices that require migration (Security and Kibana)
- Start the migrate index process (Step 2 in the UA interface)
- Once done, trigger a local restart of kibana either by restarting
using the start script or just triggering a file save on any file in
your IDE
- You should start seeing the error described above in 100ms increments
till it reaches 10000ms and then it's every 10 seconds
- Navigate to Dev tools and run
```
GET .kibana_security_session/_alias
```
You should see the index as
```
.kibana_security_session_reindexed-for-9 {
aliases: {
// aliases of the index including kibana_security_session_1
}
}
```
#### Verify the fix
To verify, we have a couple of options - either clone the PR and go
through the same steps as Step 2 above but for 9.0. The easier option is
replace the code of function `attachAliasToIndex` in `session_index.ts`
in 8.x with the changes in this PR. This should restart your kibana
server and you will no longer see the error in the logs.
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
---------
Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
## Summary
While working on improving the history feature of the expandable flyout
package, I realized that we've kept a `state` property on. our
`flyoutPanelProps` interface that has been unused since the flyout got
released. This property was intended to be used for some scenario we had
imagined, but over the last couple of years of using the expandable
flyout, it was never needed.
This PR makes a very small cleanup to remove that `state` property. We
can add it back on day if a need arises.
### Checklist
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
## Summary
- [x] Removed use of color calculating function `transparentize()`
- [x] Begin removal of JSON tokens when possible in favor of colors
tokens
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
This PR is probably the final PR that makes the changes to support EUI
Borealis. It focuses on removing all the usage of EUI Json tokens.
You will notice different approaches while removing the tokens:
- for some cases, the changes were done using `css from
'@emotions/react'` as the components using the tokens were already using
`euiTheme` or adding it was straightforward and required the minimal
amount of changes
- for some cases, where the css changes were pretty involved, a hook was
created to be able to import the styles and apply them in the components
- finally for other cases, esepcially if the styled components were
extracted in a different file and were used within many others, I
decided to create reusable components. This allowed to not change all
the files impacted and limit the number of files modified in this PR.
Feel free to comment on any of the approaches and suggest better
options!
https://github.com/elastic/kibana/issues/201889
---------
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Starting in 9.1-SNAPSHOT, the Elastic Agent image has moved from the
`beats` namespace to its own `elastic-agent` namespace in
docker.elastic.co. This PR updates a few places where the old path is in
use.
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
### Identify risks
Does this PR introduce any risks? For example, consider risks like hard
to test bugs, performance regression, potential of data loss.
Describe the risk, its severity, and mitigation for each identified
risk. Invite stakeholders and evaluate how to proceed before merging.
- [ ] This was done with a generic find/replace across the Kibana
codebase. I did not test the changes extensively and made a few changes
outside of the Fleet codebase. Codeowners please be aware.
## Summary
Closes https://github.com/elastic/kibana/issues/201710.
Implements filters section for Asset Inventory reusing `FilterGroup`
component from `@kbn/alerts-ui-shared` package.
### Screenshot
<img width="1740" alt="Screenshot 2025-01-17 at 16 21 55"
src="https://github.com/user-attachments/assets/bf83d9e8-4919-498d-a0ab-fdc3df711d4e"
/>
### Definition of done
- [x] Add multiple dropdown filters labelled:
- Type - filter by `asset.category`
- Criticality - filter by `asset.criticality`
- Tags - filter by `asset.tags.name`
- Name - filter TBD
- [x] Ensure each dropdown allows users to select multiple options to
filter the inventory data.
- [x] Add a button or dropdown labeled "More filters" that exposes
advanced filtering options, including "Reset control" and "Edit
control".
- [x] Verify if the `FilterGroup` component from
`packages/kbn-alerts-ui-shared` can be reused to wrap the required
functionalities.
- It can be reused, but the detection engine uses `AlertFilterControls`
instead, which is a higher-level alternative. And that's what I did in
Asset Inventory too
- [x] Ensure the filters are functional on the front-end and can
interact with placeholder data.
### Out of scope
- Backend data filtering logic
- Implementation of the actual data fetching based on filters
### How to test
Follow the "how to test" instructions written on this PR:
- https://github.com/elastic/kibana/pull/206115
### Checklist
- [x] This was checked for breaking HTTP API changes, and any breaking
changes have been approved by the breaking-change committee. The
`release_note:breaking` label should be applied in these situations.
- [x] The PR description includes the appropriate Release Notes section,
and the correct `release_note:*` label is applied per the
[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
### Risks
No risks at all.
## Summary
This PR includes the following updates:
- Converted `readOnly` fields to `disabled` to ensure consistency across
all view-only fields.
- Added an `isPreconfigured` check to disable the `num_allocations`
field. While `num_allocations` is the only updatable field for
`Elasticsearch` services, it cannot be modified if the endpoint is
preconfigured.
### Not preconfigured
### Preconfigured
### Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
- [X] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
## Summary
Closes#210610
This PR removes `error.id` field from being queried at
`getErrorGroupMainStatistics`, as it was not being used, as it was
required. If we didn't have this field, the endpoint call would crash.
