* partial implementation for OLS Phase 1
* Allow Saved Objects Client to be wrapped
* Add placeholder "kibana.namespace" configuration property
* revert changes to saved objects client
* Remove circular dependency
* Removing namespace setting, we're using xpack.security.rbac.application
* Adding config.getDefault
* Expose SavedObjectsClientProvider on the server for easy plugin consumption
* migrate x-pack changes into kibana
* Beginning to use the ES APIs to insert/check privileges (#18645)
* Beginning to use the ES APIs to insert/check privileges
* Removing todo comment, I think we're good with the current check
* Adding ability to edit kibana application privileges
* Introducing DEFAULT_RESOURCE constant
* Removing unused arguments when performing saved objects auth check
* Performing bulkCreate auth more efficiently
* Throwing error in SavedObjectClient.find if type isn't provided
* Fixing Reporting and removing errant console.log
* Introducing a separate hasPrivileges "service"
* Adding tests and fleshing out the has privileges "service"
* Fixing error message
* You can now edit whatever roles you want
* We're gonna throw the find error in another PR
* Changing conflicting version detection to work when user has no
application privileges
* Throwing correct error when user is forbidden
* Removing unused interceptor
* Adding warning if they're editing a role with application privileges we
can't edit
* Fixing filter...
* Beginning to only update privileges when they need to be
* More tests
* One more test...
* Restricting the rbac application name that can be chosen
* Removing DEFAULT_RESOURCE check
* Supporting 1024 characters for the role name
* Renaming some variables, fixing issue with role w/ no kibana privileges
* Throwing decorated general error when appropriate
* Fixing test description
* Dedent does nothing...
* Renaming some functions
* Adding built-in types and alphabetizing (#19306)
* Filtering out non-default resource Kibana privileges (#19321)
* Removing unused file
* Adding kibana_rbac_dashboard_only_user to dashboard only mode roles (#19511)
* Adding create default roles test (#19505)
* RBAC - SecurityAuditLogger (#19571)
* Manually porting over the AuditLogger for use within the security audit
logger
* HasPrivileges now returns the user from the request
* Has privileges returns username from privilegeCheck
* Adding first eventType to the security audit logger
* Adding authorization success message
* Logging arguments when authorization success
* Fixing test description
* Logging args during audit failures
* RBAC Integration Tests (#19647)
* Porting over the saved objects tests, a bunch are failing, I believe
because security is preventing the requests
* Running saved objects tests with rbac and xsrf disabled
* Adding users
* BulkGet now tests under 3 users
* Adding create tests
* Adding delete tests
* Adding find tests
* Adding get tests
* Adding bulkGet forbidden tests
* Adding not a kibana user tests
* Update tests
* Renaming the actions/privileges to be closer to the functions on the
saved object client itself
* Cleaning up tests and removing without index tests
I'm considering the without index tests to be out of scope for the RBAC
API testing, and we already have unit coverage for these and integration
coverage via the OSS Saved Objects API tests.
* Fixing misspelling
* Fixing "conflicts" after merging master
* Removing some white-space differences
* Deleting files that got left behind in a merge
* Adding the RBAC API Integration Tests
* SavedObjectClient.find filtering (#19708)
* Adding ability to specify filters when calling the repository
* Implementing find filtering
* Revert "Adding ability to specify filters when calling the repository"
This reverts commit 9da30a15db.
* Adding integration tests for find filtering
* Adding forbidden auth logging
* Adding asserts to make sure some audit log isn't used
* Adding more audit log specific tests
* Necessarly is not a work, unfortunately
* Fixing test
* More descriptive name than "result"
* Better unauthorized find message?
* Adding getTypes tests
* Trying to isolate cause of rbac test failures
* Adding .toLowerCase() to work around capitalization issue
* No longer exposing the auditLogger, we don't need it like that right now
* Removing some unused code
* Removing defaultSettings from test that doesn't utilize them
* Fixing misspelling
* Don't need an explicit login privilege when we have them all
* Removing unused code, fixing misspelling, adding comment
* Putting a file back
* No longer creating the roles on start-up (#19799)
* Removing kibana_rbac_dashboard_only_user from dashboard only role
defaults
* Fixing small issue with editing Kibana privileges
* [RBAC Phase 1] - Update application privileges when XPack license changes (#19839)
* Adding start to supporting basic license and switching to plat/gold
* Initialize application privilages on XPack license change
* restore mirror_status_and_initialize
* additional tests and peer review updates
* Introducing watchStatusAndLicenseToInitialize
* Adding some tests
* One more test
* Even better tests
* Removing unused mirrorStatusAndInitialize
* Throwing an error if the wrong status function is called
* RBAC Legacy Fallback (#19818)
* Basic implementation, rather sloppy
* Cleaning stuff up a bit
* Beginning to write tests, going to refactor how we build the privileges
* Making the buildPrivilegesMap no longer return application name as the
main key
* Using real privileges since we need to use them for the legacy fallback
* Adding more tests
* Fixing spelling
* Fixing test description
* Fixing comment description
* Adding similar line breaks in the has privilege calls
* No more settings
* No more rbac enabled setting, we just do RBAC
* Using describe to cleanup the test cases
* Logging deprecations when using the legacy fallback
* Cleaning up a bit...
* Using the privilegeMap for the legacy fallback tests
* Now with even less duplication
* Removing stray `rbacEnabled` from angularjs
* Fixing checkLicenses tests since we added RBAC
* [Flaky Test] - wait for page load to complete (#19895)
@kobelb this seems unrelated to our RBAC Phase 1 work, but I was able to consistently reproduce this on my machine.
* [Flaky Test] Fixes flaky role test (#19899)
Here's a fix for the latest flaky test @kobelb
* Now with even easier repository access
* Sample was including login/version privileges, which was occasionally (#19915)
causing issues that were really hard to replicate
* Dynamic types (#19925)
No more hard-coded types! This will make it so that plugins that register their own mappings just transparently work.
* start to address feedback
* Fix RBAC Phase 1 merge from master (#20226)
This updates RBAC Phase 1 to work against the latest master. Specifically:
1. Removes `xpack_main`'s `registerLicenseChangeCallback`, which we introduced in `security-app-privs`, in favor of `onLicenseInfoChange`, which was recently added to master
2. Updated `x-pack/plugins/security/server/lib/watch_status_and_license_to_initialize.js` to be compliant with rxjs v6
* Retrying initialize 20 times with a scaling backoff (#20297)
* Retrying initialize 20 times with a scaling backoff
* Logging error when we are registering the privileges
* Alternate legacy fallback (#20322)
* Beginning to use alternate callWithRequest fallback
* Only use legacy fallback when user has "some" privileges on index
* Logging useLegacyFallback when there's an authorization failure
* Adding tests, logging failure during find no types fallback
* Switching to using an enum instead of success/useLegacyFallback
* Using _execute to share some of the structure
* Moving comment to where it belongs
* No longer audit logging when we use the legacy fallback
* Setting the status to red on the first error then continually (#20343)
initializing
* Renaming get*Privilege to get*Action
* Adding "instance" to alert about other application privileges
* Revising some of the naming for the edit roles screen
* One more edit role variable renamed
* hasPrivileges is now checkPrivileges
* Revising check_license tests
* Adding 2 more privileges tests
* Moving the other _find method to be near his friend
* Spelling "returning" correctly, whoops
* Adding Privileges tests
* tests for Elasticsearch's privileges APIs
* Switching the hard-coded resource from 'default' to *
* Throw error before we execute a POST privilege call that won't work
* Resolving issue when initially registering privileges
* Logging legacy fallback deprecation warning on login (#20493)
* Logging legacy fallback deprecation on login
* Consolidation the privileges/authorization folder
* Exposing rudimentary authorization service and fixing authenticate tests
* Moving authorization services configuration to initAuthorization
* Adding "actions" service exposed by the authorization
* Fixing misspelling
* Removing invalid and unused exports
* Adding note about only adding privileges
* Calling it initAuthorizationService
* Throwing explicit validation error in actions.getSavedObjectAction
* Deep freezing authorization service
* Adding deepFreeze tests
* Checking privileges in one call and cleaning up tests
* Deriving application from Kibana index (#20614)
* Specifying the application on the "authorization service"
* Moving watchStatusAndLicenseToInitialize to be below initAuthorizationService
* Using short-hand propery assignment
* Validate ES has_privileges response before trusting it (#20682)
* validate elasticsearch has_privileges response before trusting it
* address feedback
* Removing unused setting
* Public Role APIs (#20732)
* Beginning to work on external role management APIs
* Refactoring GET tests and adding more permutations
* Adding test for excluding other resources
* Adding get role tests
* Splitting out the endpoints, or else it's gonna get overwhelming
* Splitting out the post and delete actions
* Beginning to work on POST and the tests
* Posting the updated role
* Adding update tests
* Modifying the UI to use the new public APIs
* Removing internal roles API
* Moving the rbac api integration setup tests to use the public role apis
* Testing field_security and query
* Adding create role tests
* We can't update the transient_metadata...
* Removing debugger
* Update and delete tests
* Returning a 204 when POSTing a Role.
* Switching POST to PUT and roles to role
* We don't need the rbacApplication client-side anymore
* Adding delete route tests
* Using not found instead of not acceptable, as that's more likely
* Only allowing us to PUT known Kibana privileges
* Removing transient_metadata
* Removing one letter variable names
* Using PUT instead of POST when saving roles
* Fixing broken tests
* Adding setting to allow the user to turn off the legacy fallback (#20766)
* Pulling the version from the kibana server
* Deleting unused file
* Add API integration tests for roles with index and app privileges (#21033)
* Rbac phase1 functional UI tests (#20949)
* rbac functional tests
* changes to the test file
* RBAC_functional test
* incorporating review feedback
* slight modification to the addPriv() to cover all tests
* removed the @ in secure roles and perm file in the describe block and made it look more relevant
* Fixing role management API from users
* Set a timeout when we try/catch a find, so it doesn't pause a long time
* Changing the way we detect if a user is reserved for the ftr
* Skipping flaky test
* Replace notify.warning with toastNotifications in region map, vega, index_pattern, redirect_when_missing, graph, monitoring, and ML
* Link to index patterns from Graph toast.
* Delete RouteBasedNotifier.
* Remove courierNotifier and SearchTimeout and ShardFailure errors.
* Remove warning and custom notifier types.
/api/_xpack/usage was added as a target for 6.4.0 but it will not be
used. Instead, the /api/stats response will include usage info on
everything that gets registered with the usage service in
/src/server/usage
/api/_kibana/v1/stats is a GET API that was added in 6.2, during a point
where we thought providing usage stats through a public API would be OK
for capturing internally, with the benefit of having it be visible.
However, we've pivoted away from that idea because it doesn't line up
too well with the existing flow of data, where usage stats are combined
with the "Kibana stats" such as process uptime and number of requests.
We want to shift how we collect stats from Kibana, but it will be
gradual. It might be a while before we have an architecture that makes
sense for a standalone public API for the usage stats
This endpoint was never documented, and isn't used anywhere in the code.
It does incur a maintenance cost though.
Therefore, instead of waiting for a next major version to remove this
API, I'm removing it for 6.4. It will be marked in the release notes as
a breaking change. Since it was never documented, it should not provide
a problem.
* partial progress on reactifying users
* progress on EUIfication of users screen
* removing Angular stuff
* adding data-test-subj="passwordConfirmationInput"
* removing data-test-subj="userFormEmailInput" refs from tests
* fixing selector for role assignment
* some functional test fixes
* fixing some functional tests
* fixing last functional test
* removing stray console log
* fixing warnings
* attempting to fix flaky test
* trying again to fix flaky test
* PR feedback
* PR feedback
* fixing issue where form tried to submit
* adding sleep to allow user to load
* Design edits
Mainly adding wrapper EUI page elements, but also shifted around form elements.
* Fixed console error and added responsive prop to table
* addressing PR feedback
* A few more PR feedback
- Fixed alignment of table
- Removed the tooltip from the lock icon and placed the description inline.
- Changed delete button to an empty button
* addressing more PR feedback
* adding email field back in
* adding back username validation
* restoring original error message
* fixing dumb null error
* [Stats API] Set API field names per spec
* fix jest tests
* fix api integration test
* trash the original metrics collector
- constantly accumulating stats over time does not align with the existing behavior, which is to reset the stats to 0 whenever they are pulled
* move some logic out of the collector types combiner into inline
- change the signature of sourceKibana
* Make a new stats collector for the API
- to not clear the data when pulling via the api
- fetching is a read-only thing
* isolate data transforms for api data and upload data
* no static methods
* remove external in bytes
* remove the _stats prefix for kibana and reporting
* update jest test snapshot
* fix collector_types_combiner test
* fix usage api
* add test suite todo comment
* reduce some loc change
* roll back mysterious change
* reduce some more loc change
* comment correction
* reduce more loc change
* whitespace
* comment question
* fix cluster_uuid
* fix stats integration test
* fix bulk uploader test, combineTypes is no longer external
* very important comments about the current nature of stats represented and long-term goals
* add stats api tests with/without authentication
* fix more fields to match data model
* fix more tests
* fix jest test
* remove TODO
* remove sockets
* use snake_case for api field names
* restore accidental removal + copy/paste error
* sourceKibana -> getKibanaInfoForStats
* skip usage test on legacy endpoint
* fix api tests
* more comment
* stop putting a field in that used to be omitted
* fix the internal type to ID the usage data for bulk uploader
* correct the kibana usage type value, which is shown as-is in the API
* more fixes for the constants identifying collector types + test against duplicates
* add a comment on a hack, and a whitespace fix
* unskip reporting tests
* Focus only on flaky test suite and run 10x
* Revert "Focus only on flaky test suite and run 10x"
This reverts commit a6616b1140c29d8d3f13666d20ae94db9a97267f.
* Move <kbn-dev-tools-app> Angular wrapper directive usage into route template
* Move sole directive into new directives folder
* WIP checkin: basic conversion to React components
* Fix sample custom patterns indentation
* Remove custom CSS
* Wrap button in EuiFormRow + define isSimulateDisabled
* Wire up simulate
* Cleanup
* Ace formatting options
* Better styling
* Adding spacing between custom patterns and simulate button
* Fixing form row widths
* Removing form row around button
* Add indentation/newlines in structured output
* Error handling
* Use constants
* Removing no-longer-used code
* Implement syntax highlighting via custom mode
* Making functional tests pass
* Adding trailing comma back
* Removing fixed heights
* Removing unnecessary styles
* Make Event Output form row full width as well
* Wrapping EuiCodeEditors in EuiPanels
* Adding spacer before callout; making spacing around callout consistent
* Clear out custom patterns from request if field is cleared out
* Clear out simulation results before attempting simulation
* Set state with untrimmed value
* Move all reporting tests into their own folder to allow for multiple kibana.yml configuration tests, including chromium
* Add debugging and try to skip other tests an jenkins to speed things up
* More debug output
* more logging (remove other line which failed on jenkins)
* Remove no sandbox flag, it doesn't help
* Add fix for socket hangup and clean up tests
* fix path to logstash_functional
* Extend timeout for chromium, add verbose logging, add better comment, conditionally output curl command
* fix path... again
* Ah, other functional tests still need access to reporting page object, put it back
* fix sp err
* Add debug logs for screenshot stitching for png.bitblt error
* Fix tests that don't pass logger to screenshotStitcher
* Fix logger being undefined
* Add more debug output
* png has data, too much info to spit out
* Add comment with link to issue for extra debug messages so they can be left in since so many passes
* Dont use spawnSync with curl, use http.request instead, more support for it
* Comment out chromium tests for now to avoid flakiness
* Wait... lets at least make sure the other fix worked (the http.request instead of spawnsync and curl)
* New http.request code doesn't seem to work on jenkins, timing out after 10 secs maybe
* go back to spawnsync to see if it's an issue with the rxjs code or the http.request code
* I think I figured it out...
* Comment out tests to avoid flaky png error in the screenshot stitcher
* Use a const for OSS archive path
* use path.resolve correctly.
* [X-Pack Usage API] use authentication from request headers
* add test for usage api no-auth
* whitespace / syntax nits
* reduce loc changed
* remove a weird looking comment
* update snapshot tests
* Update time ranges
* Add sleeps, adjust time, update snapshots
* Skip TSVB until the issue with vertical line placement and x-axis timestamps is fixed
* fix expectations of time range with saved search creation
* remove debug line
* Allow pluggable panel actions
* Need to register it as being used in kibana
* Some cleanup
* update snapshots to match new EUI versions, set time range
* Use newer panelActions service
* add missing await
* More clean up and fixes
* bring back window reload
* Show actions in view mode too
* delete now unused files
* Use toggle action to determin if context menu is open
* Fix tests that assume the toggle is hidden in view mode.
* Add some debug logs
* Fix up assumptions
* Previous failing test was legit - we don't want to show remove option when panel is expanded
* Embeddable can be empty before the panel is loaded
* Should look for either visualize or discover page
* Address code comments
* address code review comments
* whoops, get rid of childPanelToOpenOnClick entirely
* Update & expand reporting API tests
* remove xpack stuff from oss archive
* wrap "it"s so they are in expected order.
* Update expected recent stats
* url was pointing to a visualization not a csv
* Move comment around
* Merging with changes on master renaming stats to usage
* fix reference to old stats file.
* bad merge
* [XpackMain] Add _xpack/usage API
* add xpack usage http api integration test
* comment
* misc test describe fixes
* fix integration test
* fix reply called twice
* enable api test
* enable kibana collection for integration test to work
* throw error comment
* Revert "[DOCS] Removes redundant index.asciidoc files (#19192)"
This reverts commit d11b5aae9a.
* Revert "[typescript] add typescript support for the server and browser (#19104)"
This reverts commit c6112067fc.
* Revert "Option to run kibana from build for CI (#19125)"
This reverts commit 5969860303.
* [Monitoring/React] Render ES Indices Listing with Base Controller
Refactors the ES Indices Listing to use Base Controller and a React component instead of an Angular directive
* fix functional tests
* fix another test
* better default for summary status component
* nicer code for whitespace after label
* apiFn => apiUrlFn
* Deleted / Closed
Restructure testing with kbn-test package
- Run with multiple configs, move cli options to config
- Package-ify kbn-test
- Eventually we'll have functional_test_runner live in a package
of its own, and then this kbn-test will use that as a dependency,
probably still as a devDependency.
- Implement functional_tests_server
- Collapse single and multiple config apis into one command
Use kbn-es
Replace es_test_cluster + es_test_config with kbn/test utils
Implement new createEsTestCluster
Improve scripts, jsdocs, cli top-level tools
Lift error handling to the top level
* Adding basic syntax highlighting for grok expressions
* Use EUI color palette
* Handle regex tokens, escaped and unescaped
* Return token for escaped content
* Add functional test
* Using higher-contrast colors
* Removing comment I used for developing the highlight rules
* Using object destructuring
* Removing unnecessary method
This reduces the output from the clusters API in the data processing stage.
Mainly, it throws away a lot of unused fields in `elasticsearch.cluster_stats` and `elasticsearch.cluster_state`
cc @rasroh
* [Monitoring/React] Render ES Nodes Listing with Base Controller
Refactors the ES Nodes Listing to use Base Controller and a React component instead of an Angular directive
* remove another obsolete file
