mirror of
https://github.com/elastic/kibana.git
synced 2025-04-24 17:59:23 -04:00
62f8027c57
## Summary Adds Query Rules UI Plugin. It is disabled and pretty much empty as we want to split the implementation in multiple parts and enable the feature once implementation is done. It is disabled for Security. It is disabled for Observability. It is enabled but behind a feature flag for Search while it is not useful to enable it with partial implementations. ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
274 lines
11 KiB
YAML
274 lines
11 KiB
YAML
interactiveSetup.enabled: false
|
|
newsfeed.enabled: false
|
|
xpack.serverless.plugin.enabled: true
|
|
# Fleet settings
|
|
xpack.fleet.internal.fleetServerStandalone: true
|
|
xpack.fleet.internal.disableILMPolicies: true
|
|
xpack.fleet.internal.activeAgentsSoftLimit: 25000
|
|
xpack.fleet.internal.onlyAllowAgentUpgradeToKnownVersions: true
|
|
xpack.fleet.internal.retrySetupOnBoot: true
|
|
xpack.fleet.internal.useMeteringApi: true
|
|
xpack.searchSynonyms.enabled: false
|
|
|
|
xpack.searchQueryRules.enabled: false
|
|
|
|
## Fine-tune the feature privileges.
|
|
xpack.features.overrides:
|
|
dashboard:
|
|
privileges:
|
|
### Dashboard's `All` feature privilege should implicitly grant `All` access to Maps and Visualize features.
|
|
all.composedOf:
|
|
- feature: "maps"
|
|
privileges: [ "all" ]
|
|
- feature: "visualize"
|
|
privileges: [ "all" ]
|
|
### Dashboard's `Read` feature privilege should implicitly grant `Read` access to Maps and Visualize features.
|
|
### Additionally, it should implicitly grant privilege to create short URLs in Visualize app.
|
|
read.composedOf:
|
|
- feature: "maps"
|
|
privileges: [ "read" ]
|
|
- feature: "visualize"
|
|
privileges: [ "read" ]
|
|
### All Dashboard sub-feature privileges should be hidden: reporting capabilities will be granted via dedicated
|
|
### Reporting feature and short URL sub-feature privilege should be granted for both `All` and `Read`.
|
|
subFeatures.privileges:
|
|
download_csv_report.disabled: true
|
|
generate_report.disabled: true
|
|
store_search_session.disabled: true
|
|
url_create:
|
|
disabled: true
|
|
includeIn: "read"
|
|
dashboard_v2:
|
|
privileges:
|
|
### Dashboard's `All` feature privilege should implicitly grant `All` access to Maps and Visualize features.
|
|
all.composedOf:
|
|
- feature: "maps_v2"
|
|
privileges: [ "all" ]
|
|
- feature: "visualize_v2"
|
|
privileges: [ "all" ]
|
|
### Dashboard's `Read` feature privilege should implicitly grant `Read` access to Maps and Visualize features.
|
|
### Additionally, it should implicitly grant privilege to create short URLs in Visualize app.
|
|
read.composedOf:
|
|
- feature: "maps_v2"
|
|
privileges: [ "read" ]
|
|
- feature: "visualize_v2"
|
|
privileges: [ "read" ]
|
|
### All Dashboard sub-feature privileges should be hidden: reporting capabilities will be granted via dedicated
|
|
### Reporting feature and short URL sub-feature privilege should be granted for both `All` and `Read`.
|
|
subFeatures.privileges:
|
|
download_csv_report.disabled: true
|
|
generate_report.disabled: true
|
|
store_search_session.disabled: true
|
|
url_create:
|
|
disabled: true
|
|
includeIn: "read"
|
|
discover:
|
|
### All Discover sub-feature privileges should be hidden: reporting capabilities will be granted via dedicated
|
|
### Reporting feature and short URL sub-feature privilege should be granted for both `All` and `Read`.
|
|
subFeatures.privileges:
|
|
generate_report.disabled: true
|
|
store_search_session.disabled: true
|
|
url_create:
|
|
disabled: true
|
|
includeIn: "read"
|
|
discover_v2:
|
|
### All Discover sub-feature privileges should be hidden: reporting capabilities will be granted via dedicated
|
|
### Reporting feature and short URL sub-feature privilege should be granted for both `All` and `Read`.
|
|
subFeatures.privileges:
|
|
generate_report.disabled: true
|
|
store_search_session.disabled: true
|
|
url_create:
|
|
disabled: true
|
|
includeIn: "read"
|
|
### Shared images feature is hidden in Role management since it's not needed.
|
|
filesSharedImage.hidden: true
|
|
### Maps feature is hidden in Role management since it's automatically granted by Dashboard feature.
|
|
maps_v2.hidden: true
|
|
### Reporting feature is supposed to give access to reporting capabilities across different features.
|
|
reporting:
|
|
privileges:
|
|
all.composedOf:
|
|
- feature: "dashboard_v2"
|
|
privileges: [ "download_csv_report" ]
|
|
- feature: "discover_v2"
|
|
privileges: [ "generate_report" ]
|
|
### Visualize feature is hidden in Role management since it's automatically granted by Dashboard feature.
|
|
visualize:
|
|
### The short URL sub-feature privilege should be always granted.
|
|
subFeatures.privileges.url_create.includeIn: "read"
|
|
visualize_v2:
|
|
hidden: true
|
|
### The short URL sub-feature privilege should be always granted.
|
|
subFeatures.privileges.url_create.includeIn: "read"
|
|
|
|
# Cloud links
|
|
xpack.cloud.base_url: 'https://cloud.elastic.co'
|
|
|
|
# Disable preboot phase for serverless
|
|
core.lifecycle.disablePreboot: true
|
|
|
|
# Enable ZDT migration algorithm
|
|
migrations.algorithm: zdt
|
|
|
|
# Enable elasticsearch response size circuit breaker
|
|
elasticsearch.maxResponseSize: "100mb"
|
|
|
|
# Limit batch size to reduce possibility of failures.
|
|
# A longer migration time is acceptable due to the ZDT algorithm.
|
|
migrations.batchSize: 250
|
|
|
|
migrations.zdt:
|
|
metaPickupSyncDelaySec: 5
|
|
|
|
# Ess plugins
|
|
xpack.securitySolutionEss.enabled: false
|
|
|
|
# Management team plugins
|
|
xpack.upgrade_assistant.enabled: false
|
|
xpack.rollup.enabled: false
|
|
xpack.watcher.enabled: false
|
|
xpack.ccr.enabled: false
|
|
xpack.ilm.enabled: false
|
|
xpack.remote_clusters.enabled: false
|
|
xpack.snapshot_restore.enabled: false
|
|
xpack.license_management.enabled: false
|
|
|
|
# Management team UI configurations
|
|
# Disable index actions from the Index Management UI
|
|
xpack.index_management.enableIndexActions: false
|
|
# Disable legacy index templates from Index Management UI
|
|
xpack.index_management.enableLegacyTemplates: false
|
|
# Disable index stats information from Index Management UI
|
|
xpack.index_management.enableIndexStats: false
|
|
# Enable size and doc count information via metering API from Index Management UI
|
|
xpack.index_management.enableSizeAndDocCount: true
|
|
# Disable data stream stats information from Index Management UI
|
|
xpack.index_management.enableDataStreamStats: false
|
|
# Only limited index settings can be edited
|
|
xpack.index_management.editableIndexSettings: limited
|
|
# Disable _source field in the Mappings editor's advanced options form from Index Management UI
|
|
xpack.index_management.enableMappingsSourceFieldSection: false
|
|
# Disable toggle for enabling data retention in DSL form from Index Management UI
|
|
xpack.index_management.enableTogglingDataRetention: false
|
|
# Disable project level rentention checks in DSL form from Index Management UI
|
|
xpack.index_management.enableProjectLevelRetentionChecks: false
|
|
|
|
# Disable Manage Processors UI in Ingest Pipelines
|
|
xpack.ingest_pipelines.enableManageProcessors: false
|
|
|
|
# Keep deeplinks visible so that they are shown in the sidenav
|
|
dev_tools.deeplinks.navLinkStatus: visible
|
|
management.deeplinks.navLinkStatus: visible
|
|
|
|
# Onboarding team UI configurations
|
|
xpack.cloud_integrations.data_migration.enabled: false
|
|
guided_onboarding.enabled: false
|
|
|
|
# Other disabled plugins
|
|
xpack.canvas.enabled: false
|
|
data.search.sessions.enabled: false
|
|
advanced_settings.globalSettingsEnabled: false
|
|
|
|
# Disable the browser-side functionality that depends on SecurityCheckupGetStateRoutes
|
|
xpack.security.showInsecureClusterWarning: false
|
|
|
|
# Disable UI of security management plugins
|
|
xpack.security.ui.userManagementEnabled: false
|
|
xpack.security.ui.roleMappingManagementEnabled: false
|
|
|
|
# Enforce restring access to internal APIs see https://github.com/elastic/kibana/issues/151940
|
|
server.restrictInternalApis: true
|
|
# Telemetry enabled by default and not disableable via UI
|
|
telemetry.optIn: true
|
|
telemetry.allowChangingOptInStatus: false
|
|
|
|
# Harden security response headers, see https://github.com/elastic/kibana/issues/150884
|
|
# The browser should remember that a site, including subdomains, is only to be accessed using HTTPS for 1 year
|
|
# Can override this setting in kibana.dev.yml, e.g. server.securityResponseHeaders.strictTransportSecurity: null
|
|
server.securityResponseHeaders.strictTransportSecurity: max-age=31536000; includeSubDomains
|
|
# Disable embedding for serverless MVP
|
|
server.securityResponseHeaders.disableEmbedding: true
|
|
|
|
# default to newest routes
|
|
server.versioned.versionResolution: newest
|
|
# do not enforce client version check
|
|
server.versioned.strictClientVersionCheck: false
|
|
|
|
# Enforce single "default" space and disable feature visibility controls
|
|
xpack.spaces.maxSpaces: 100
|
|
xpack.spaces.allowFeatureVisibility: false
|
|
xpack.spaces.allowSolutionVisibility: false
|
|
|
|
# Only display console autocomplete suggestions for ES endpoints that are available in serverless
|
|
console.autocompleteDefinitions.endpointsAvailability: serverless
|
|
|
|
# Do not check the ES version when running on Serverless
|
|
elasticsearch.ignoreVersionMismatch: true
|
|
|
|
# Limit maxSockets to 800 as we do in ESS, which improves reliability under high loads.
|
|
elasticsearch.maxSockets: 800
|
|
|
|
# Visualizations editors readonly settings
|
|
vis_type_gauge.readOnly: true
|
|
vis_type_heatmap.readOnly: true
|
|
vis_type_metric.readOnly: true
|
|
vis_type_pie.readOnly: true
|
|
vis_type_table.readOnly: true
|
|
vis_type_tagcloud.readOnly: true
|
|
vis_type_timelion.readOnly: true
|
|
vis_type_timeseries.readOnly: true
|
|
vis_type_vislib.readOnly: true
|
|
vis_type_xy.readOnly: true
|
|
input_control_vis.readOnly: true
|
|
xpack.graph.enabled: false
|
|
|
|
# Disable cases in stack management
|
|
xpack.cases.stack.enabled: false
|
|
|
|
# Alerting and action circuit breakers
|
|
xpack.alerting.rules.run.actions.max: 3000
|
|
xpack.alerting.rules.run.timeout: 1m
|
|
xpack.alerting.rules.run.ruleTypeOverrides:
|
|
- id: siem.indicatorRule
|
|
timeout: 10m
|
|
- id: siem.eqlRule
|
|
timeout: 5m
|
|
xpack.alerting.rules.minimumScheduleInterval.enforce: true
|
|
xpack.alerting.rules.maxScheduledPerMinute: 400
|
|
xpack.actions.run.maxAttempts: 10
|
|
xpack.actions.queued.max: 10000
|
|
|
|
uiSettings:
|
|
overrides:
|
|
# Disables ESQL in advanced settings (hides it from the UI)
|
|
enableESQL: true
|
|
bfetch:disable: true
|
|
# Disables `Defer loading panels below "the fold"`
|
|
labs:dashboard:deferBelowFold: false
|
|
|
|
# Task Manager
|
|
xpack.task_manager.allow_reading_invalid_state: false
|
|
xpack.task_manager.request_timeouts.update_by_query: 60000
|
|
xpack.task_manager.metrics_reset_interval: 120000
|
|
|
|
# Reporting feature
|
|
xpack.screenshotting.enabled: false
|
|
xpack.reporting.queue.pollInterval: 3m
|
|
xpack.reporting.statefulSettings.enabled: false
|
|
xpack.reporting.csv.maxConcurrentShardRequests: 0
|
|
|
|
# Disabled Observability plugins
|
|
xpack.ux.enabled: false
|
|
xpack.legacy_uptime.enabled: false
|
|
monitoring.enabled: false
|
|
monitoring.ui.enabled: false
|
|
|
|
## Enable uiSettings validations
|
|
xpack.securitySolution.enableUiSettingsValidations: true
|
|
data.enableUiSettingsValidations: true
|
|
discover.enableUiSettingsValidations: true
|
|
|
|
## Data Usage in stack management
|
|
xpack.dataUsage.enabled: true
|
|
# This feature is disabled in Serverless until fully tested within a Serverless environment
|
|
xpack.dataUsage.enableExperimental: ['dataUsageDisabled']
|