* Initial work for new server side export API
* Revert UI changes, API only in this PR
* Remove whitespace at top of export.asciidoc
* Add tests around limitations
* Add comment
* Convert some files to typescript
* Move Boom.boomify to where the errors are created
* Use Boom.badRequest for now
* Fix lint issue
* Move files
* Update tests
* Add functional test
* Export all documents by default
* Update test assertions
* Use ~10000 saved objects in export api integration test
* Convert route to typescript, add content-type response header
* Move some tests to api_integration
* Use new sort and rename functions/variables
* Move tests to API integration
* Cleanup and finalize api integration tests
* Make type or objects required but not both in the same call
* Add spaces / security tests
* Add noTypeOrObjects to security / spaces tests
* Use json-stable-stringify and add tests for export ordering
* Address self feedback, add without kibana index test
* Only allow export API to export index-pattern, dashboard, visualization and search type objects
* Make import export size configurable and fix broken tests
* Fix broken tests
* Move test config to mock server
* Add more typescript types instead of using any
* Convert request from GET to POST
* Fix saved objects mixin test
* Update src/legacy/server/saved_objects/lib/export.ts
Co-Authored-By: mikecote <mikecote@users.noreply.github.com>
* Apply PR feedback
* Fix lint error
* Update test snapshots due to jest upgrade
* Add error handling for bulkGet
* Split export API into two endpoints
* Update src/legacy/server/saved_objects/routes/export_by_type.test.ts
Co-Authored-By: mikecote <mikecote@users.noreply.github.com>
* Update docs/api/saved-objects/export_by_type.asciidoc
Co-Authored-By: mikecote <mikecote@users.noreply.github.com>
* Update docs/api/saved-objects/export_by_type.asciidoc
Co-Authored-By: mikecote <mikecote@users.noreply.github.com>
* Update src/legacy/server/saved_objects/routes/export_objects.test.ts
Co-Authored-By: mikecote <mikecote@users.noreply.github.com>
* Apply PR feedback
* MockServer -> createMockServer
* Revert back to single API
* Re-apply PR feedback
* [Docs/Reporting] Fix Troubleshooting page issues, Add section in Get Started
Close https://github.com/elastic/kibana/issues/31518
* update some gs headings
* Kibana doesn't download Chromium!
* Note about verbose logging
* sections
* full path
* has been
It might occur that users hit the `Caught error spawning Chromium` error.
This is usually linked to missing font packages on the system.
This sub-list has been extracted from [the puppeteer troubleshooting page](https://github.com/GoogleChrome/puppeteer/blob/master/docs/troubleshooting.md) and as a follow up of the issue https://github.com/elastic/kibana/issues/28123
Let me know if I should review the package list or the text.
I might also add directions on how to check Chromium debug logs if necessary.
* Allow select settings to specify labels for their values
* Rename kuery setting to KQL
* Change docs for KQL setting
* Add warnings for unused options
* Address review
* Remove chinese translation for modified string
* Fix translations again (... should have pulled first)
* Remove old chinese translation
This commit accompanies the four that precede it. Rather than squash
them altogether, the four previous commits all do nothing except move
files to help avoid conflicts.
* csp: warn legacy browsers that do not support CSP
The new csp.warnLegacyBrowsers configuration is enabled by default, and
it shows a warning message to any legacy browser when they access Kibana
to indicate that they are not enforcing the basic security protections
of the current install.
The protections check is the same as csp.strict, so this feature is
designed to be used as an alternative to aid in BWC. When csp.strict is
enabled, warnLegacyBrowsers is effectively ignored.
* fix ChromeService tests
* more test fixes
* csp injectvars in legacy test bundle
* update warning text and make it translatable
* no need to warn in legacy browser unit tests
* tests for chrome legacy browser warning
* document legacy browser warning breaking change
* update csp warning toast message
* add period, remove dev code
* Removing deprecated xpack.monitoring.report_stats setting
* Remove from docs
* Update check in xpack_main plugin to not look at monitoring settings any more
A content security policy is a great addition to the protections built
into Kibana, but it's not effective in older browsers (like IE11) that
do not enforce the policy.
When CSP strict mode is enabled, right before the Kibana app is
bootstrapped, a basic safety check is performed to see if "naked" inline
scripts are rejected. If inline scripting is allowed by the browser,
then an error message is presented to the user and Kibana never attempts
to bootstrap.
* csp: nonce and unsafe-eval for scripts
To kick things off, a rudimentary CSP implementation only allows
dynamically loading new JavaScript if it includes an associated nonce
that is generated on every load of the app.
A more sophisticated content security policy is necessary, particularly
one that bans eval for scripts, but one step at a time.
* img-src is not necessary if the goal is not to restrict
* configurable CSP owned by security team
* smoke test
* remove x-content-security-policy
* document csp.rules
* fix tsconfig for test
* switch integration test back to regular js
* stop looking for tsconfig in test
* grrr, linting errors not caught by precommit
* docs: people -> you for consistency sake
Co-Authored-By: epixa <court@epixa.com>
* Add new references attribute to saved objects
* Add dual support for dashboard export API
* Use new relationships API supporting legacy relationships extraction
* Code cleanup
* Fix style and CI error
* Add missing spaces test for findRelationships
* Convert collect_references_deep to typescript
* Add missing trailing commas
* Fix broken test by making saved object API consistently return references
* Fix broken api integration tests
* Add comment about the two TS types for saved object
* Only return title from the attributes returned in findRelationships
* Fix broken test
* Add missing security tests
* Drop filterTypes support
* Implement references to search, dashboard, visualization, graph
* Add index pattern migration to dashboards
* Add references mapping to dashboard mppings.json
* Remove findRelationships from repository and into it's own function / file
* Apply PR feedback pt1
* Fix some failing tests
* Remove error throwing in migrations
* Add references to edit saved object screen
* Pass types to findRelationships
* [ftr] restore snapshots from master, rely on migrations to add references
* [security] remove `find_relationships` action
* remove data set modifications
* [security/savedObjectsClient] remove _getAuthorizedTypes method
* fix security & spaces tests to consider references and migrationVersion
* Add space id prefixes to es_archiver/saved_objects/spaces/data.json
* Rename referenced attributes to have a suffix of RefName
* Fix length check in scenario references doesn't exist
* Add test for inject references to not be called when references array is empty or missing
* some code cleanup
* Make migrations run on machine learning data files, fix rollup filterPath for savedSearchRefName
* fix broken test
* Fix collector.js to include references in elasticsearch response
* code cleanup pt2
* add some more tests
* fix broken tests
* updated documentation on referencedBy option for saved object client find function
* Move visualization migrations into kibana plugin
* Update docs with better description on references
* Apply PR feedback
* Fix merge
* fix tests I broke adressing PR feedback
* PR feedback pt2
* Allow passing a default operator to use on find operations
* Default operator to OR like elasticsearch to avoid passing null
* Add dashboard search tests
* Make search_operator optional
* Fix query_params.test.js
* Include searchOperator in saved_object_finder
* Apply PR feedback
* Rename searchOperator to defaultSearchOperator
* [dashboard+gis] remove dark mode options
* [reporting/extract] restore fixtures
* remove mentions of old `.theme-dark` class
* import panel styles from panel/_index.scss
* Remove mode.initialize and change useRbacForRequest to useRbac
* Updating saved object api tests
* Fixing spaces api integration tests
* Removing unused "expect legacy forbidden" declarations and imports
* Updating docs
* Update docs/migration/migrate_7_0.asciidoc
Co-Authored-By: kobelb <brandon.kobel@gmail.com>
* Update docs/migration/migrate_7_0.asciidoc
Co-Authored-By: kobelb <brandon.kobel@gmail.com>
* Updating comment that mentions the scenario when we aren't using RBAC
* Adding back the authorization section of the config
When a config setting is marked as unused using the deprecations, it's
still required to show up in the config declarations so an error isn't
thrown on startup.
* Adding note about watcher jobs
* Update docs/migration/migrate_7_0.asciidoc
Co-Authored-By: kobelb <brandon.kobel@gmail.com>