* upgrade all babel related modules, and bump lodash minors
* update kbn-pm dist
* update fetch-mock, necessary to use core-js 3
* use regenerator transform in jest tests, as required by EUI
* disable useBuiltIns rather than using regenerator plugin
* remove extra regenerator-runtime import
* Run prettier on the files that will be refactored under @kbn/test, in a follow-up pr.
* Fixup all paths to mocha,
under kbn-test, with needed
exports/imports.
* Fixed borked path (bad refactor).
* Fixup one more borked path.
* Fixup tsconfig for xml.ts
* Drop setup_node_env as it's already
in KIBANA/scripts/mocha.js.
Also, fixup cwd for globby as we are
exec-ing from a different directory.
* [watcher] add missing await
* run x-pack-firefoxSmoke ciGroup 40 times, run watcher tests 20 times per job
* Fix failing watcher test
* Revert "run x-pack-firefoxSmoke ciGroup 40 times, run watcher tests 20 times per job"
This reverts commit c5d891d44d.
* Clean up watches via api
* fix linting errors
* don't swallow errors, wait for completion
* strip trailing numbers in suite tags
* run x-pack-firefoxSmoke group 40 times
* Revert "run x-pack-firefoxSmoke group 40 times"
This reverts commit cc4eb6ce54.
* run x-pack-firefoxSmoke group 40 times
# Conflicts:
# .ci/jobs.yml
* run tests 80 times
* Revert "run tests 80 times"
This reverts commit 4320c9488a.
* Revert "run x-pack-firefoxSmoke group 40 times"
This reverts commit cf0d4056d7.
* Initial work
* Add integration tests
* Use constants
* Fix broken code
* Handle scenario where esArgs is a string
* Remove || []
* Apply PR feedback
* Use const format
* New and Legacy platforms share http server instance.
Required to use a common security interceptor for incoming http requests
* generate docs
* remove excessive contract method
* add test for New platform compatibility
* address comments part #1
* log server running only for http server
* fix test. mutate hapi request headers for BWC with legacy
* return 503 on start
* address @eli comments
* address @joshdover comments
* [ftr/percy] integrate percy with functional test runner
* execute ftr within `percy exec`
* share PERCY_BIN and GRUNT_BIN vars in setup
* [license] whitelist `(Unlicense OR Apache-2.0)`
* [percy] include pr/parallel info in env
* echo the actual variable value
* destructure required modules
* [ci] calculate percy env in a script
* remove outdated eslint overrides
* oops, nonce should be the same for each build
* take snapshots in context tests
* add percy snapshots to some dashboard tests
* account for extra execution of PERCY_BIN
* remove usage of percy service
* rename service to `visualTesting`
* write a simple test
* switch left-over percy test to visualTesting
* set log level for percy agent
* trigger ci
* try using the system chrome install instead of downloading one
* fix export definition
* Don't skip chromium download
* Add Spencer's fix to point to chrome installation
* Attempting to split tests into own ci job and test files
* Renumber job
* Add tag to decorations file
* Try new files with existing CI job
* Try again to create a new CI job
* Fix eslint problem with space
* eslint updates
* fix console test
* make test names unique
* Update ci group names
* Try old name again
* save
* add separate visual_regression ci job
* add visual regression ci job
* add new job to jobs.yml
* update path to take_percy_snapshot script
* use fixed percy job total
* fix common services import
* move visual_create_and_add_embeddables to visual_regression project
* finish moving create_and_add_embeddables
* add x-pack visual regression job
* migrate dashboard_snapshots tests to visual_regression
* remove references to removed test files
* restore some unnecessary changes
* reimplement the login page tests
* yarn.lock update
* fix test
* remove old CI_GROUP 100 block
* update failed_tests trap
* reduce yarn.lock changes
* disable debug logging
* disable visual-regression tests for now, we can enable them in specific prs
* skip and adjust functional tests for Firefox
* downgrade geckodriver to 0.22.0
* [ftr] add firefox specific config file
* remove hard coded firefox adjustments
* remove firefox specific screenshot directory
* run functional tests in firefox in x-pack
* pass the logger to readConfigFile()
* rename local var
* skip xpack firefox config
* run xpack firefox functional tests in separate command
* update report name for XPack firefox results
* adjust viz shared item test
* skip shared item test
* [test/feature_controls] increase timeout to 20 sec & use forceLogout
* FF timeout on TSVB, refresh page on failure for url navigation
* [feature_controls/visualize_security] increase timeout to 20 sec
* skip dev_tools_spaces tests on FF
* run all groups 3 times
* skip more func tests
* skip more tests
* skip all feature controls tests for Firefox
* revert back changes in feature controls tests
* rename xpack report for chrome
* skip tile map for FF, wait for render before saving
* Revert "run all groups 3 times"
This reverts commit 12b4f69627.
* revert refresh on login
* apply feedback
* Pin dependencies
* include core-js in babel packages
* specify core-js version when using `useBuiltIns`
* dedupe @babel/types to avoid "range of null" problem
* In kbn-test, provide password to cluster.start()
* Security enabled by default, overwrite by passing `-E "xpack.security.enabled=false"`
Signed-off-by: Tyler Smalley <tyler.smalley@elastic.co>
enable security on file dataviz and import (ML plugin)
update unit tests
add api test coverage for security in basic
move audit logging to standard+ license level
getopts added the `string` option in a recent version, which I didn't realize when I made updates to src/dev/run/run.ts, which rely on this option. To make sure it is available this updates getopts in all projects from `2.x` to `^2.2.4`
* chore(NA): first changes on every package.json order to support new babel 7. chore(NA): build for kbn-pm with babel 7.
* chore(NA): patch babel register to load typescrit
* chore(NA): first working version with babel 7 replacing typescript compiler.
* fix(NA): common preset declaration in order to make it work with babel-loader.
* chore(na): organizing babel preset env package json.
* chore(NA): mocha tests enabled.
* fix(NA): typo on importing
* test(NA): majority of x-pack tests ported to use babel-jest
* fix(NA): report info button test with babel-jest.
* fix(NA): polling service tests.
* test(na): fix server plugins plugin tests.
* test(NA): batch of test fixs for jest tests under babel-jest hoisting.
* chore(NA): add babel plugin to hoist mock prefixed vars on jest tests.
* chore(NA): update yarn.lock file.
* chore(NA): tests passing.
* chore(NA): remove wrong dep
* chore(NA): fix tsconfig
* chore(NA): skip babel for ts-jest.
* chore(NA): selectively apply the plugin to strip off namespace from ts files.
* chore(NA): remove not needed changes from ts tests
* chore(NA): removed ts-jest dependency. chore(NA): migrate ts tests on x-pack to use babel-jest with the new pattern.
* chore(NA): migrate kibana default distribution typescript tests to run with babel-jest and the new test mock pattern.
* chore(NA): merge and solve conflicts with master.
* chore(NA): fix problems reported by eslint
* chore(NA): fix license ovveride for babel-plugin-mock-imports
* chore(NA): update jest integration tests for kbn pm
* chore(NA): update babel jest integration tests for kbn pm.
* test(NA): update jest integration snapshot for kbn pm.
* chore(NA): apply changes according to the pull request reviews.
* chore(NA): apply changes according to the pull request reviews.
* refact(NA): migrate jest tests to the new pattern.
* fix(NA): babel 7 polyfill in the tests bundle.
* chore(NA): restore needed step in order to compile x-pack with typescript.
* chore(NA): change build to compile typescript with babel for the oss code. chore(NA): change transpile typescript task to only transpile types for x-pack. refact(NA): common preset for babel 7
* Revert "chore(NA): change build to compile typescript with babel for the oss code. chore(NA): change transpile typescript task to only transpile types for x-pack. refact(NA): common preset for babel 7"
This reverts commit 2707d538f5.
* fix(NA): import paths for tabConfigConst
* chore(NA): fix transpiling error on browser tests
* chore(NA): simplify kbn babel preset package.
* chore(NA): migrate build to use babel transpiler for typescript excluding xpack.
* fix(NA): introduced error on test quick task.
* fix(NA): fix preset for client side code on build.
* fix(NA): build with babel
* fix(NA): negated patterns in the end.
* fix(NA): kbn_tp_sample_panel_action creation.
* fix(NA): babel typescript transform plugin workaround when exporting interface name.
* refact(NA): remove not needed type cast to any on jest test.
* docs(NA): add developement documentation about jest mocks test pattern.
* chore(NA): missing unmerged path.
* chore(NA): fix jest tests for template.
* [CCR] Client integration tests (table lists) (#33525)
* Force user to re-authenticate if token refresh fails with `400` status code. (#33774)
* Improve performance of the Logstash Pipeline Viewer (#33793)
Resolves#27513.
_This PR is a combination of #31293 (the code changes) + #33570 (test updates). These two PRs were individually reviewed and merged into a feature branch. This combo PR here simply sets up the merge from the feature branch to `master`._
Summary of changes, taken from #31293:
## Before this PR
The Logstash Pipeline Viewer UI would make a single Kibana API call to fetch all the information necessary to render the Logstash pipeline. This included information necessary to render the detail drawer that opens up when a user clicks on an individual vertex in the pipeline.
Naturally, this single API call fetched _a lot_ of data, not just from the Kibana server but also, in turn, from Elasticsearch as well. The "pro" of this approach was that the user would see instantaneous results if they clicked on a vertex in a pipeline and opened the detail drawer for that vertex. The "cons" were the amount of computation Elasticsearch had to perform and the amount of data being transferred over the wire between Elasticsearch and the Kibana server as well as between the Kibana server and the browser.
## With this PR
This PR makes the Kibana API call to fetch data necessary for **initially** rendering the pipeline — that is, with the detail drawer closed — much lighter. When the user clicks on a vertex in a pipeline, a second API call is then made to fetch data necessary for the detail drawer.
## Gains, by the numbers
Based on a simple, 1-input, 1-filter, and 1-output pipeline.
* Before this PR, the Elasticsearch `logstash_stats` API responses (multiple calls were made using the `composite` aggregation over the `date_histogram` aggregation) generated a total of 1228 aggregation buckets (before any `filter_path`s were applied but across all `composite` "pages"). With this PR, the single `logstash_stats` API response (note that this is just for the initial rendering of the pipeline, with the detail drawer closed) generated 12 buckets (also before any `filter_path`s were applied). That's a **99.02% reduction** in number of buckets.
* Before this PR, the Elasticsearch `logstash_stats` API responses added up to 70319 bytes. With this PR, the single `logstash_stats` API response for the same pipeline is 746 bytes. That's a **98.93% reduction** in size.
* Before this PR, the Elasticsearch `logstash_state` API response was 7718 bytes. With this PR, the API response for the same pipeline is 2328 bytes. That's a **69.83% reduction** in size.
* Before this PR the Kibana API response was 51777 bytes. With this PR, the API response for the same pipeline is 2567 bytes (again, note that this is just for the initial rendering of the pipeline, with the detail drawer closed). That's a **95.04% reduction** in size.
* [Maps] split settings into layer and source panels (#33788)
* [Maps] split settings into layer and source panels
* fix SCSS import
* [env] exit if starting as root (#21563)
* [env] exit if starting as root
* fix windows
* s/--allow-root
* Typescript sample panel action (#33602)
* Typescript sample panel action
* Update EUI version to match main cabana version
* update yarn.lock
* add back typings include
* use correct relative path
* Home page "recent links" should communicate saved object type #21896 (#33694)
* adds object type for screen order
* adds object type for pointer hovering
* Update src/legacy/ui/public/chrome/directives/header_global_nav/components/header.tsx
Co-Authored-By: rockfield <philipp.b@ya.ru>
* [@kbn/expect] "fork" expect.js into repo
* [eslint] autofix references to expect.js
* [tslint] autofix all expect.js imports
* now that expect.js is in strict mode, avoid reassigning fn.length
* [ci/es] base default es version on pkg.branch value
* [ci/env] initialize $TEST_ES_FROM in checkout_sibling_es.sh
* [UA] remove TEST_ES_SNAPSHOT_VERSION override
* [ci/es] call checkout_sibling_es.sh from one location
* [ci] remove unused `--from` param
* [ci/env] always default to snapshots, switch to source when necessary
* [kbn/test] default esFrom to $TEST_ES_FROM
* [ci/setup] fix define order
* [ci/grunt] don't pass --esFrom let env pass through
* [ci/env] use branch, not version
* [ci] use same indent style as following lines
* [kbn/test] apply default values when processing args
* [kbn/test] simplify defaults, read default on each process
* [ftr] flatten GenericProviderTypes to fix "log" types
* [ftr/remote] typscript-ify
* remove webdriver types, since they're version 3 and we're using version 4
* simplify initWebDriver() function
* keep jest tests in the functional tests as js, mixing jest and mocha types doesn't work
In https://github.com/elastic/kibana/pull/31234 there were some extra changes that I've reverted, like use of the `tsconfig-paths` package to magically rewrite import statements to defy the standard node module resolution algorithm, the inclusion of several unnecessary options in the `test/tsconfig.json` file, and changes of the line-endings in the config files. This also brings a few enhancements from https://github.com/elastic/kibana/pull/30190 including a modularized version of the expect.js types, and options for explicit mappings for the PageObjects and services used in ftr tests.
* Add support to kbn-es and kbn-test for data archives
* Fix log indent
* Decompress directly to data directory
Co-Authored-By: joshdover <me@joshdover.com>
* Improve logs
* progress
* progress
* cleanup and elastic configs
* make upgrades to support adding aditional users, with
* use defaultDeep to ensure settings pass correctly
* move needed configs to start servers into kbn_server (except x-pack plugin paths and users)
* move xpack config to an export
* add more time
* diff rollbacks
* roll back prettier diff
* revert setupUsers signature
* remove more bluebird
* update bluebird for fixes with jest compatability
* fix ts errors
* dont allow jest to keep going making errors confising
* Separates configs for jest integration core/x-pack.
* Pass nested kbn config parameters.
* Adds example x-pack integration test using live es.
* Cloud detectors should be configurable for tests.
* Cloud detectors should use native promises only.
* No erroneous comments...
* Util is only for promisify, duh!
* New tests should have docuementation to help those looking to utilize them.
* Doc section headings should be consistent with each other.
* With git there is no need to commit commented code.
Fixes#26295
There are several places where we have accidentally added new license headers with linters but failed to remove old license headers manually. This prevents that by applying the an inverted version of the license headers rule that removed invalid license headers when files are moved.
* [ci][ftr][kbn/test] split up CI jobs
* [ci] run --assert-none-excluded in ci groups, before builds
* [ftr] improve error message when excluded tests found
* [ci] document other places the ciGroups live
Closes#22840
In the functional tests we want a better way to include/exclude certain tests, especially as we move forward with #22359. This PR allows us to decorate suite objects with "tags", which won't clutter up the test names and can be used to filter out specific tests within a single test config. The functional test runner supports defining `--include-tag` and `--exclude-tag` CLI arguments, and multiple can be defined.
The method of filtering out tests for running against cloud has been updated to use this approach and I plan to do the same to #22359 once this is merged.
* Update rmrfSync method
* Add catch statement
* Fix lint issues
* switch to del package
* remove old rmrf_sync module
* Fix CI failure del is not a function error
* Fix spaces
### Review notes
This is generally ready for review. We are awaiting https://github.com/elastic/elasticsearch/issues/32777 to improve handling when users do not have any access to Kibana, but this should not hold up the overall review for this PR.
This PR is massive, there's no denying that. Here's what to focus on:
1) `x-pack/plugins/spaces`: This is, well, the Spaces plugin. Everything in here is brand new. The server code is arguably more important, but feel free to review whatever you see fit.
2) `x-pack/plugins/security`: There are large and significant changes here to allow Spaces to be securable. To save a bit of time, you are free to ignore changes in `x-pack/plugins/security/public`: These are the UI changes for the role management screen, which were previously reviewed by both us and the design team.
3) `x-pack/test/saved_object_api_integration` and `x-pack/test/spaces_api_integration`: These are the API test suites which verify functionality for:
a) Both security and spaces enabled
b) Only security enabled
c) Only spaces enabled
What to ignore:
1) As mentioned above, you are free to ignore changes in `x-pack/plugins/security/public`
2) Changes to `kibana/src/server/*`: These changes are part of a [different PR that we're targeting against master](https://github.com/elastic/kibana/pull/23378) for easier review.
## Saved Objects Client Extensions
A bulk of the changes to the saved objects service are in the namespaces PR, but we have a couple of important changes included here.
### Priority Queue for wrappers
We have implemented a priority queue which allows plugins to specify the order in which their SOC wrapper should be applied: `kibana/src/server/saved_objects/service/lib/priority_collection.ts`. We are leveraging this to ensure that both the security SOC wrapper and the spaces SOC wrapper are applied in the correct order (more details below).
### Spaces SOC Wrapper
This wrapper is very simple, and it is only responsible for two things:
1) Prevent users from interacting with any `space` objects (use the Spaces client instead, described below)
2) Provide a `namespace` to the underlying Saved Objects Client, and ensure that no other wrappers/callers have provided a namespace. In order to accomplish this, the Spaces wrapper uses the priority queue to ensure that it is the last wrapper invoked before calling the underlying client.
### Security SOC Wrapper
This wrapper is responsible for performing authorization checks. It uses the priority queue to ensure that it is the first wrapper invoked. To say another way, if the authorization checks fail, then no other wrappers will be called, and the base client will not be called either. This wrapper authorizes users in one of two ways: RBAC or Legacy. More details on this are below.
### Examples:
`GET /s/marketing/api/saved_objects/index-pattern/foo`
**When both Security and Spaces are enabled:**
1) Saved objects API retrieves an instance of the SOC via `savedObjects.getScopedClient()`, and invokes its `get` function
2) The Security wrapper is invoked.
a) Authorization checks are performed to ensure user can access this particular saved object at this space.
3) The Spaces wrapper is invoked.
a) Spaces applies a `namespace` to be used by the underlying client
4) The underlying client/repository are invoked to retrieve the object from ES.
**When only Spaces are enabled:**
1) Saved objects API retrieves an instance of the SOC via `savedObjects.getScopedClient()`, and invokes its `get` function
2) The Spaces wrapper is invoked.
a) Spaces applies a `namespace` to be used by the underlying client
3) The underlying client/repository are invoked to retrieve the object from ES.
**When only Security is enabled:**
(assume `/s/marketing` is no longer part of the request)
1) Saved objects API retrieves an instance of the SOC via `savedObjects.getScopedClient()`, and invokes its `get` function
2) The Security wrapper is invoked.
a) Authorization checks are performed to ensure user can access this particular saved object globally.
3) The underlying client/repository are invoked to retrieve the object from ES.
## Authorization
Authorization changes for this project are centered around Saved Objects, and builds on the work introduced in RBAC Phase 1.
### Saved objects client
#### Security without spaces
When security is enabled, but spaces is disabled, then the authorization model behaves the same way as before: If the user is taking advantage of Kibana Privileges, then we check their privileges "globally" before proceeding. A "global" privilege check specifies `resources: ['*']` when calling the [ES _has_privileges api.](https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-has-privileges.html). Legacy users (non-rbac) will continue to use the underlying index privileges for authorization.
#### Security with spaces
When both plugins are enabled, then the authorization model becomes more fine-tuned. Rather than checking privileges globally, the privileges are checked against a specific resource that matches the user's active space. In order to accomplish this, the Security plugin needs to know if Spaces is enabled, and if so, it needs to ask Spaces for the user's active space. The subsequent call to the `ES _has_privileges api` would use `resources: ['space:marketing']` to verify that the user is authorized at the `marketing` space. Legacy users (non-rbac) will continue to use the underlying index privileges for authorization. **NOTE** The legacy behavior implies that those users will have access to all spaces. The read/write restrictions are still enforced, but there is no way to restrict access to a specific space for legacy auth users.
#### Spaces without security
No authorization performed. Everyone can access everything.
### Spaces client
Spaces, when enabled, prevents saved objects of type `space` from being CRUD'd via the Saved Objects Client. Instead, the only "approved" way to work with these objects is through the new Spaces client (`kibana/x-pack/plugins/spaces/lib/spaces_client.ts`).
When security is enabled, the Spaces client performs its own set of authorization checks before allowing the request to proceed. The Spaces client knows which authorization checks need to happen for a particular request, but it doesn't know _how_ to check privileges. To accomplish this, the spaces client will delegate the check security's authorization service.
#### FAQ: Why oh why can't you used the Saved Objects Client instead!?
That's a great question! We did this primarily to simplify the authorization model (at least for our initial release). Accessing regular saved objects follows a predictible authorization pattern (described above). Spaces themselves inform the authorization model, and this interplay would have greatly increased the complexity. We are brainstorming ideas to obselete the Spaces client in favor of using the Saved Objects Client everywhere, but that's certainly out of scope for this release.
## Test Coverage
### Saved Objects API
A bulk of the changes to enable spaces are centered around saved objects, so we have spent a majority of our time automating tests against the saved objects api.
**`x-pack/test/saved_object_api_integration/`** contains the test suites for the saved objects api. There is a `common/suites` subfolder which contains a bulk of the test logic. The suites defined here are used in the following test configurations:
1) Spaces only: `./spaces_only`
2) Security and spaces: `./security_and_spaces`
3) Security only: `./security_only`
Each of these test configurations will start up ES/Kibana with the appropriate license and plugin set. Each set runs through the entire test suite described in `common/suites`. Each test with in each suite is run multiple times with different inputs, to test the various permutations of authentication, authorization type (legacy vs RBAC), space-level privileges, and the user's active space.
### Spaces API
Spaces provides an experimental public API.
**`x-pack/test/spaces_api_integration`** contains the test suites for the Spaces API. Similar to the Saved Objects API tests described above, there is a `common/suites` folder which contains a bulk of the test logic. The suites defined here are used in the following test configurations:
1) Spaces only: `./spaces_only`
2) Security and spaces: `./security_and_spaces`
### Role Management UI
We did not provide any new functional UI tests for role management, but the existing suite was updated to accomidate the screen rewrite.
We do have a decent suite of jest unit tests for the various components that make up the new role management screen. They're nested within `kibana/x-pack/plugins/security/public/views/management/edit_role`
### Spaces Management UI
We did not provide any new functional UI tests for spaces management, but the components that make up the screens are well-tested, and can be found within `kibana/x-pack/plugins/spaces/public/views/management/edit_space`
### Spaces Functional UI Tests
There are a couple of UI tests that verify _basic_ functionality. They assert that a user can login, select a space, and then choose a different space once inside: `kibana/x-pack/test/functional/apps/spaces`
## Reference
Notable child PRs are listed below for easier digesting. Note that some of these PRs are built on other PRs, so the deltas in the links below may be outdated. Cross reference with this PR when in doubt.
### UI
- Reactify Role Management Screen: https://github.com/elastic/kibana/pull/19035
- Space Aware Privileges UI: https://github.com/elastic/kibana/pull/21049
- Space Selector (in Kibana Nav): https://github.com/elastic/kibana/pull/19497
- Recently viewed Widget: https://github.com/elastic/kibana/pull/22492
- Support Space rename/delete: https://github.com/elastic/kibana/pull/22586
### Saved Objects Client
- ~~Space Aware Saved Objects: https://github.com/elastic/kibana/pull/18862~~
- ~~Add Space ID to document id: https://github.com/elastic/kibana/pull/21372~~
- Saved object namespaces (supercedes #18862 and #21372): https://github.com/elastic/kibana/pull/22357
- Securing saved objects: https://github.com/elastic/kibana/pull/21995
- Dedicated Spaces client (w/ security): https://github.com/elastic/kibana/pull/21995
### Other
- Public Spaces API (experimental): https://github.com/elastic/kibana/pull/22501
- Telemetry: https://github.com/elastic/kibana/pull/20581
- Reporting: https://github.com/elastic/kibana/pull/21457
- Spencer's original Spaces work: https://github.com/elastic/kibana/pull/18664
- Expose `spaceId` to "Add Data" tutorials: https://github.com/elastic/kibana/pull/22760Closes#18948
"Release Note: Create spaces within Kibana to organize dashboards, visualizations, and other saved objects. Secure access to each space when X-Pack Security is enabled"
* Add option to functional test server to run elasticsearch from install dir
* Fix variable
* Fix server CLI test
* Updates to include install path in esFrom command line option
* Fix snapshot
* Update args/cli tests
* Keep default snapshot in args/help
I was surprised when I tried to spread a `Set` in TypeScript and the browser complained about `Set.slice()` not being defined. This is because TypeScript does not automatically enable support for iterators when targeting earlier ES versions, like we do in the browser, unless you use the `"downlevelIteration": true` compiler option. This injects some helpers into the necessary files for reading/spreading iterators, which can be stuffed behind an import statement with using the `"importHelpers": true` compiler option and include `tslib` in our dependencies. This is already a dependency of several of our packages, so it shouldn't cause any additional modules.