mirror of
https://github.com/elastic/kibana.git
synced 2025-04-23 09:19:04 -04:00
221c199ed1
**!!MAJORITY OF THE CHANGED FILES ARE MOVED OR COPIED!!** ### Vision According to the product vision we will build a new simple UI/UX in the future https://github.com/elastic/security-team/issues/11790 This PR is a first iteration on enabling Content Connectors Management UI in Serverless Kibana Stack Management. Elastic Managed content connectors will be available only for Security and Observability projects. ### Current PR scope 1. Used initial search_connectors plugin and renamed it to content_connectors + moved from `x-pack/solutions/search` to `x-pack/platform/plugins/shared` 2. Copy relevant connectors UI and routes from enterprise_search plugin. 3. Introduce the new Stack Management card/navigation option under the Data section. 4. Enabled this plugin only in Serverless for Security and Observability projects. 5. For making PR smaller Pipelines tab was not moved. And according to Search team vision this functionality should be dropped anyway soon. 6. Extended fleet package logic to include elastic_connectors for security and o11y serverless projects 7. Added back `search:agentless-connectors-manager` task In Stack Management navigation: <img width="2062" alt="Screenshot 2025-04-15 at 3 51 43 PM" src="https://github.com/user-attachments/assets/5c93ba01-9a6a-4eac-a21d-1370f03b8f35" /> Stack Management cards: <img width="2081" alt="Screenshot 2025-04-10 at 8 41 43 PM" src="https://github.com/user-attachments/assets/3def1c12-561b-4a84-8241-4dd61cd9313d" /> Create Elastic Managed Connector UI (on Agentless): <img width="1822" alt="Screenshot 2025-04-15 at 3 55 29 PM" src="https://github.com/user-attachments/assets/6e9fea48-85e7-43df-919d-0e5492d0e704" /> Create Self Managed Connector UI: <img width="2064" alt="Screenshot 2025-04-15 at 3 55 49 PM" src="https://github.com/user-attachments/assets/d5051898-c8fa-4e41-b9ea-b41d4ed4a0d5" /> ### Next steps - [ ] Remove duplicated code between content_connectors, enterprise_search and serverless_search - [ ] Extract [common server libs](https://github.com/elastic/kibana/tree/main/x-pack/solutions/search/plugins/enterprise_search/server/lib) to the shared package `kbn-search-connectors` --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Steph Milovic <stephanie.milovic@elastic.co> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: Artem Shelkovnikov <artem.shelkovnikov@elastic.co> Co-authored-by: Artem Shelkovnikov <lavatroublebubble@gmail.com> Co-authored-by: Kyle Pollich <kyle.pollich@elastic.co>
276 lines
No EOL
11 KiB
YAML
276 lines
No EOL
11 KiB
YAML
interactiveSetup.enabled: false
|
|
newsfeed.enabled: false
|
|
xpack.serverless.plugin.enabled: true
|
|
# Fleet settings
|
|
xpack.fleet.internal.fleetServerStandalone: true
|
|
xpack.fleet.internal.disableILMPolicies: true
|
|
xpack.fleet.internal.activeAgentsSoftLimit: 25000
|
|
xpack.fleet.internal.onlyAllowAgentUpgradeToKnownVersions: true
|
|
xpack.fleet.internal.retrySetupOnBoot: true
|
|
xpack.fleet.internal.useMeteringApi: true
|
|
xpack.searchSynonyms.enabled: false
|
|
|
|
xpack.searchQueryRules.enabled: false
|
|
|
|
## Fine-tune the feature privileges.
|
|
xpack.features.overrides:
|
|
dashboard:
|
|
privileges:
|
|
### Dashboard's `All` feature privilege should implicitly grant `All` access to Maps and Visualize features.
|
|
all.composedOf:
|
|
- feature: "maps"
|
|
privileges: [ "all" ]
|
|
- feature: "visualize"
|
|
privileges: [ "all" ]
|
|
### Dashboard's `Read` feature privilege should implicitly grant `Read` access to Maps and Visualize features.
|
|
### Additionally, it should implicitly grant privilege to create short URLs in Visualize app.
|
|
read.composedOf:
|
|
- feature: "maps"
|
|
privileges: [ "read" ]
|
|
- feature: "visualize"
|
|
privileges: [ "read" ]
|
|
### All Dashboard sub-feature privileges should be hidden: reporting capabilities will be granted via dedicated
|
|
### Reporting feature and short URL sub-feature privilege should be granted for both `All` and `Read`.
|
|
subFeatures.privileges:
|
|
download_csv_report.disabled: true
|
|
generate_report.disabled: true
|
|
store_search_session.disabled: true
|
|
url_create:
|
|
disabled: true
|
|
includeIn: "read"
|
|
dashboard_v2:
|
|
privileges:
|
|
### Dashboard's `All` feature privilege should implicitly grant `All` access to Maps and Visualize features.
|
|
all.composedOf:
|
|
- feature: "maps_v2"
|
|
privileges: [ "all" ]
|
|
- feature: "visualize_v2"
|
|
privileges: [ "all" ]
|
|
### Dashboard's `Read` feature privilege should implicitly grant `Read` access to Maps and Visualize features.
|
|
### Additionally, it should implicitly grant privilege to create short URLs in Visualize app.
|
|
read.composedOf:
|
|
- feature: "maps_v2"
|
|
privileges: [ "read" ]
|
|
- feature: "visualize_v2"
|
|
privileges: [ "read" ]
|
|
### All Dashboard sub-feature privileges should be hidden: reporting capabilities will be granted via dedicated
|
|
### Reporting feature and short URL sub-feature privilege should be granted for both `All` and `Read`.
|
|
subFeatures.privileges:
|
|
download_csv_report.disabled: true
|
|
generate_report.disabled: true
|
|
store_search_session.disabled: true
|
|
url_create:
|
|
disabled: true
|
|
includeIn: "read"
|
|
discover:
|
|
### All Discover sub-feature privileges should be hidden: reporting capabilities will be granted via dedicated
|
|
### Reporting feature and short URL sub-feature privilege should be granted for both `All` and `Read`.
|
|
subFeatures.privileges:
|
|
generate_report.disabled: true
|
|
store_search_session.disabled: true
|
|
url_create:
|
|
disabled: true
|
|
includeIn: "read"
|
|
discover_v2:
|
|
### All Discover sub-feature privileges should be hidden: reporting capabilities will be granted via dedicated
|
|
### Reporting feature and short URL sub-feature privilege should be granted for both `All` and `Read`.
|
|
subFeatures.privileges:
|
|
generate_report.disabled: true
|
|
store_search_session.disabled: true
|
|
url_create:
|
|
disabled: true
|
|
includeIn: "read"
|
|
### Shared images feature is hidden in Role management since it's not needed.
|
|
filesSharedImage.hidden: true
|
|
### Maps feature is hidden in Role management since it's automatically granted by Dashboard feature.
|
|
maps_v2.hidden: true
|
|
### Reporting feature is supposed to give access to reporting capabilities across different features.
|
|
reporting:
|
|
privileges:
|
|
all.composedOf:
|
|
- feature: "dashboard_v2"
|
|
privileges: [ "download_csv_report" ]
|
|
- feature: "discover_v2"
|
|
privileges: [ "generate_report" ]
|
|
### Visualize feature is hidden in Role management since it's automatically granted by Dashboard feature.
|
|
visualize:
|
|
### The short URL sub-feature privilege should be always granted.
|
|
subFeatures.privileges.url_create.includeIn: "read"
|
|
visualize_v2:
|
|
hidden: true
|
|
### The short URL sub-feature privilege should be always granted.
|
|
subFeatures.privileges.url_create.includeIn: "read"
|
|
|
|
# Cloud links
|
|
xpack.cloud.base_url: 'https://cloud.elastic.co'
|
|
|
|
# Disable preboot phase for serverless
|
|
core.lifecycle.disablePreboot: true
|
|
|
|
# Enable ZDT migration algorithm
|
|
migrations.algorithm: zdt
|
|
|
|
# Enable elasticsearch response size circuit breaker
|
|
elasticsearch.maxResponseSize: "100mb"
|
|
|
|
# Limit batch size to reduce possibility of failures.
|
|
# A longer migration time is acceptable due to the ZDT algorithm.
|
|
migrations.batchSize: 250
|
|
|
|
migrations.zdt:
|
|
metaPickupSyncDelaySec: 5
|
|
|
|
# Ess plugins
|
|
xpack.securitySolutionEss.enabled: false
|
|
|
|
# Management team plugins
|
|
xpack.upgrade_assistant.enabled: false
|
|
xpack.rollup.enabled: false
|
|
xpack.watcher.enabled: false
|
|
xpack.ccr.enabled: false
|
|
xpack.ilm.enabled: false
|
|
xpack.remote_clusters.enabled: false
|
|
xpack.snapshot_restore.enabled: false
|
|
xpack.license_management.enabled: false
|
|
|
|
# Management team UI configurations
|
|
# Disable index actions from the Index Management UI
|
|
xpack.index_management.enableIndexActions: false
|
|
# Disable legacy index templates from Index Management UI
|
|
xpack.index_management.enableLegacyTemplates: false
|
|
# Disable index stats information from Index Management UI
|
|
xpack.index_management.enableIndexStats: false
|
|
# Enable size and doc count information via metering API from Index Management UI
|
|
xpack.index_management.enableSizeAndDocCount: true
|
|
# Disable data stream stats information from Index Management UI
|
|
xpack.index_management.enableDataStreamStats: false
|
|
# Only limited index settings can be edited
|
|
xpack.index_management.editableIndexSettings: limited
|
|
# Disable _source field in the Mappings editor's advanced options form from Index Management UI
|
|
xpack.index_management.enableMappingsSourceFieldSection: false
|
|
# Disable toggle for enabling data retention in DSL form from Index Management UI
|
|
xpack.index_management.enableTogglingDataRetention: false
|
|
# Disable project level rentention checks in DSL form from Index Management UI
|
|
xpack.index_management.enableProjectLevelRetentionChecks: false
|
|
|
|
# Disable Manage Processors UI in Ingest Pipelines
|
|
xpack.ingest_pipelines.enableManageProcessors: false
|
|
|
|
# Keep deeplinks visible so that they are shown in the sidenav
|
|
dev_tools.deeplinks.navLinkStatus: visible
|
|
management.deeplinks.navLinkStatus: visible
|
|
|
|
# Onboarding team UI configurations
|
|
xpack.cloud_integrations.data_migration.enabled: false
|
|
guided_onboarding.enabled: false
|
|
|
|
# Other disabled plugins
|
|
xpack.canvas.enabled: false
|
|
data.search.sessions.enabled: false
|
|
advanced_settings.globalSettingsEnabled: false
|
|
|
|
# Disable the browser-side functionality that depends on SecurityCheckupGetStateRoutes
|
|
xpack.security.showInsecureClusterWarning: false
|
|
|
|
# Disable UI of security management plugins
|
|
xpack.security.ui.userManagementEnabled: false
|
|
xpack.security.ui.roleMappingManagementEnabled: false
|
|
|
|
# Enforce restring access to internal APIs see https://github.com/elastic/kibana/issues/151940
|
|
server.restrictInternalApis: true
|
|
# Telemetry enabled by default and not disableable via UI
|
|
telemetry.optIn: true
|
|
telemetry.allowChangingOptInStatus: false
|
|
|
|
# Harden security response headers, see https://github.com/elastic/kibana/issues/150884
|
|
# The browser should remember that a site, including subdomains, is only to be accessed using HTTPS for 1 year
|
|
# Can override this setting in kibana.dev.yml, e.g. server.securityResponseHeaders.strictTransportSecurity: null
|
|
server.securityResponseHeaders.strictTransportSecurity: max-age=31536000; includeSubDomains
|
|
# Disable embedding for serverless MVP
|
|
server.securityResponseHeaders.disableEmbedding: true
|
|
|
|
# default to newest routes
|
|
server.versioned.versionResolution: newest
|
|
# do not enforce client version check
|
|
server.versioned.strictClientVersionCheck: false
|
|
|
|
# Enforce single "default" space and disable feature visibility controls
|
|
xpack.spaces.maxSpaces: 100
|
|
xpack.spaces.allowFeatureVisibility: false
|
|
xpack.spaces.allowSolutionVisibility: false
|
|
|
|
# Only display console autocomplete suggestions for ES endpoints that are available in serverless
|
|
console.autocompleteDefinitions.endpointsAvailability: serverless
|
|
|
|
# Do not check the ES version when running on Serverless
|
|
elasticsearch.ignoreVersionMismatch: true
|
|
|
|
# Limit maxSockets to 800 as we do in ESS, which improves reliability under high loads.
|
|
elasticsearch.maxSockets: 800
|
|
|
|
# Visualizations editors readonly settings
|
|
vis_type_gauge.readOnly: true
|
|
vis_type_heatmap.readOnly: true
|
|
vis_type_metric.readOnly: true
|
|
vis_type_pie.readOnly: true
|
|
vis_type_table.readOnly: true
|
|
vis_type_tagcloud.readOnly: true
|
|
vis_type_timelion.readOnly: true
|
|
vis_type_timeseries.readOnly: true
|
|
vis_type_vislib.readOnly: true
|
|
vis_type_xy.readOnly: true
|
|
input_control_vis.readOnly: true
|
|
xpack.graph.enabled: false
|
|
|
|
# Disable cases in stack management
|
|
xpack.cases.stack.enabled: false
|
|
|
|
# Alerting and action circuit breakers
|
|
xpack.alerting.rules.run.actions.max: 3000
|
|
xpack.alerting.rules.run.timeout: 1m
|
|
xpack.alerting.rules.run.ruleTypeOverrides:
|
|
- id: siem.indicatorRule
|
|
timeout: 10m
|
|
- id: siem.eqlRule
|
|
timeout: 5m
|
|
xpack.alerting.rules.minimumScheduleInterval.enforce: true
|
|
xpack.alerting.rules.maxScheduledPerMinute: 400
|
|
xpack.actions.run.maxAttempts: 10
|
|
xpack.actions.queued.max: 10000
|
|
|
|
uiSettings:
|
|
overrides:
|
|
# Disables ESQL in advanced settings (hides it from the UI)
|
|
enableESQL: true
|
|
bfetch:disable: true
|
|
# Disables `Defer loading panels below "the fold"`
|
|
labs:dashboard:deferBelowFold: false
|
|
|
|
# Task Manager
|
|
xpack.task_manager.allow_reading_invalid_state: false
|
|
xpack.task_manager.request_timeouts.update_by_query: 60000
|
|
xpack.task_manager.metrics_reset_interval: 120000
|
|
|
|
# Reporting feature
|
|
xpack.screenshotting.enabled: false
|
|
xpack.reporting.queue.pollInterval: 3m
|
|
xpack.reporting.statefulSettings.enabled: false
|
|
xpack.reporting.csv.maxConcurrentShardRequests: 0
|
|
|
|
# Disabled Observability plugins
|
|
xpack.ux.enabled: false
|
|
xpack.legacy_uptime.enabled: false
|
|
monitoring.enabled: false
|
|
monitoring.ui.enabled: false
|
|
|
|
## Enable uiSettings validations
|
|
data.enableUiSettingsValidations: true
|
|
discover.enableUiSettingsValidations: true
|
|
|
|
## Data Usage in stack management
|
|
xpack.dataUsage.enabled: true
|
|
# This feature is disabled in Serverless until fully tested within a Serverless environment
|
|
xpack.dataUsage.enableExperimental: ['dataUsageDisabled']
|
|
|
|
## Content Connectors in stack management
|
|
xpack.contentConnectors.enabled: true |