# Backport
This will backport the following commits from `8.6` to `main`:
- [Update documentation of PHP APM agent support for service maps
(#149584)](https://github.com/elastic/kibana/pull/149584)
<!--- Backport version: 8.1.0 -->
### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)
<!--BACKPORT {commits} BACKPORT-->
Co-authored-by: Emily S <emily.s@elastic.co>
This PR adds a new authorization log operation for the bulk create
attachments API.
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Fix https://github.com/elastic/kibana/issues/148412
More and more SO types will not be accessible from the HTTP APIs (either
`hidden:true` or `hiddenFromHTTPApis: true`).
However, the FTR SO client (`KbnClientSavedObjects`) still needs to be
able to access and manipulate all SO types.
This PR introduces a `ftrSoApis` plugin that is loaded for all FTR
suites. This plugin exposes SO APIs that are used by the FTR client
instead of the public SO HTTP APIs. These APIs are configured to know
about all types, even hidden ones.
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## Summary
This PR removes the deprecated field list sampling setting which was
marked as deprecated on 8.1. This
https://github.com/elastic/kibana/pull/139828 was the PR that added the
deprecation callout.
Fix query:allowLeadingWildcards description as there are no "experimental query features" anymore.
Co-authored-by: Julia Rechkunova <julia.rechkunova@elastic.co>
Co-authored-by: Stratoula Kalafateli <efstratia.kalafateli@elastic.co>
Update the `DELETE` request to use `<space_name>`.
Thanks @Erni for the nudge!
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
This PR adds a new find API for retrieving a subset of the user actions
for a case.
Issue: https://github.com/elastic/kibana/issues/134344
```
GET /api/cases/<case_id>/user_actions/_find
Query Paramaters
{
types?: Array of "assignees" | "comment" | "connector" | "description" | "pushed" | "tags" | "title" | "status" | "settings" | "severity" | "create_case" | "delete_case" | "action" | "alert" | "user" | "attachment"
sortOrder?: "asc" | "desc"
page?: number as a string
perPage?: number as a string
}
```
<details><summary>Example request and response</summary>
Request
```
curl --location --request GET 'http://localhost:5601/api/cases/8df5fe00-96b1-11ed-9341-471c9630b5ec/user_actions/_find?types=create_case&sortOrder=asc' \
--header 'kbn-xsrf: hello' \
--header 'Authorization: Basic ZWxhc3RpYzpjaGFuZ2VtZQ==' \
--data-raw ''
```
Response
```
{
"userActions": [
{
"created_at": "2023-01-17T21:54:45.527Z",
"created_by": {
"username": "elastic",
"full_name": null,
"email": null,
"profile_uid": "u_mGBROF_q5bmFCATbLXAcCwKa0k8JvONAwSruelyKA5E_0"
},
"owner": "cases",
"action": "create",
"payload": {
"title": "Awesome case",
"tags": [],
"severity": "low",
"description": "super",
"assignees": [],
"connector": {
"name": "none",
"type": ".none",
"fields": null,
"id": "none"
},
"settings": {
"syncAlerts": false
},
"owner": "cases",
"status": "open"
},
"type": "create_case",
"id": "8e121180-96b1-11ed-9341-471c9630b5ec",
"case_id": "8df5fe00-96b1-11ed-9341-471c9630b5ec",
"comment_id": null
}
],
"page": 1,
"perPage": 20,
"total": 1
}
```
</details>
## Notable Changes
- Created the new `_find` route
- Created a new `UserActionFinder` class and moved the find* methods
from the `index.ts` file into there as well as the new find logic
- Extracted the transform logic to its own file since its shared between
multiple files now
- Extracted the user action related integration test functions to the
`user_action.ts` utility file
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: lcawl <lcawley@elastic.co>
…p Service
Adding some text to help clear out confusion by users reading the
`EMS_PATH_CONF` env variable as a host env var, instead of a env
variable inside the docker container. Also, mentioning the `-e` docker
flag that can be used on the docker command to start up the service.
## Summary
Summarize your PR. If it involves visual changes include a screenshot or
gif.
### Checklist
Delete any items that are not applicable to this PR.
- [ ] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [ ]
[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)
was added for features that require explanation or tutorials
- [ ] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [ ] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
- [ ] Any UI touched in this PR does not create any new axe failures
(run axe in browser:
[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),
[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
- [ ] If a plugin configuration key changed, check if it needs to be
allowlisted in the cloud and added to the [docker
list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)
- [ ] This renders correctly on smaller devices using a responsive
layout. (You can test this [in your
browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
- [ ] This was checked for [cross-browser
compatibility](https://www.elastic.co/support/matrix#matrix_browsers)
### Risk Matrix
Delete this section if it is not applicable to this PR.
Before closing this PR, invite QA, stakeholders, and other developers to
identify risks that should be tested prior to the change/feature
release.
When forming the risk matrix, consider some of the following examples
and how they may potentially impact the change:
| Risk | Probability | Severity | Mitigation/Notes |
|---------------------------|-------------|----------|-------------------------|
| Multiple Spaces—unexpected behavior in non-default Kibana Space.
| Low | High | Integration tests will verify that all features are still
supported in non-default Kibana Space and when user switches between
spaces. |
| Multiple nodes—Elasticsearch polling might have race conditions
when multiple Kibana nodes are polling for the same tasks. | High | Low
| Tasks are idempotent, so executing them multiple times will not result
in logical error, but will degrade performance. To test for this case we
add plenty of unit tests around this logic and document manual testing
procedure. |
| Code should gracefully handle cases when feature X or plugin Y are
disabled. | Medium | High | Unit tests will verify that any feature flag
or plugin combination still results in our service operational. |
| [See more potential risk
examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) |
### For maintainers
- [ ] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
## Summary
This PR creates the bulk get cases internal API. The endpoint is needed
for the alerts table to be able to get all cases the alerts are attached
to with one call.
Reference: https://github.com/elastic/kibana/issues/146864
### Request
- ids: (Required, array) An array of IDs of the retrieved cases.
- fields: (Optional, array) The fields to return in the attributes key
of the object response.
```
POST <kibana host>:<port>/internal/cases/_bulk_get
{
"ids": ["case-id-1", "case-id-2", "123", "not-authorized"],
"fields": ["title"]
}
```
### Response
```
{
"cases": [
{
"title": "case1",
"owner": "securitySolution",
"id": "case-id-1",
"version": "WzIzMTU0NSwxNV0="
},
{
"title": "case2",
"owner": "observability",
"id": "case-id-2",
"version": "WzIzMTU0NSwxNV0="
}
],
"errors": [
{
"error": "Not Found",
"message": "Saved object [cases/123] not found",
"status": 404,
"caseId": "123"
},
{
"error": "Forbidden",
"message": "Unauthorized to access case with owner: \"cases\"",
"status": 403,
"caseId": "not-authorized"
}
]
}
```
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
### For maintainers
- [x] This was checked for breaking API changes and was [labeled
appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
- Adds CentOS to the list of exceptions to the default value. CentOS,
Debian, and Red Hat Linux use `true`, but all other OS use `false`.
Previously, CentOS was not documented.
- Adds note regarding Chrome crash in the troubleshooting doc.
Follow up to #147526 which had to be reverted.
Resolves#127481
## Release notes
Include IP address in audit log
## Testing
1. Start Elasticsearch with trial license: `yarn es snapshot --license
trial`
2. Update `kibana.dev.yaml`:
```yaml
xpack.security.audit.enabled: true
xpack.security.audit.appender:
type: console
layout:
type: json
```
3. Observe audit logs in console when interacting with Kibana:
```json
{
"@timestamp": "2022-12-13T15:50:42.236+00:00",
"message": "User is requesting [/dev/internal/security/me] endpoint",
"client": {
"ip": "127.0.0.1"
},
"http": {
"request": {
"headers": {
"x-forwarded-for": "1.1.1.1, 127.0.0.1"
}
}
}
}
```
Note: You will see the `x-forwarded-for` field populated when running
Kibana in development mode (`yarn start`) since Kibana runs behind a
development proxy.
Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Resolves: #146222
This PR makes maximum number of retries of an action configurable.
Follows the same pattern we used in alerting plugin.
`xpack.actions.run.maxAttempts` as a global settings and
`xpack.actions.run.connectorTypeOverrides` to override the global
settings for specific connector types.
