* Shows event filters card on fleet page
* Uses aggs instead of while loop to retrieve summary data
* Add request and response types in the lists package
* Fixes old import
* Removes old i18n keys
* Removes more old i18n keys
* Use consts for exception lists url and endpoint event filter list id
* Uses event filters service to retrieve summary data
* Fixes addressed pr comments such as changing the route without underscore, adding aggs type, validating response, and more
* Uses useMemo instead of useState to memoize object
* Add new e2e test for summart endpoint
* Handle api errors on event filters and trusted apps summary api calls
* Add api error message to the toast
* Fix wrong i18n key
* Change span tag by react fragment
* Uses styled components instead of modify compontent style directly and small improvements on test -> ts
* Adds curls script for summary route
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* WIP - creating alerting authorization client factory and exposing authorization client on plugin start contract
* Updating alerting feature privilege builder to handle different alerting types
* Passing in alerting authorization type to AlertingActions class string builder
* Passing in authorization type in each function call
* Passing in exempt consumer ids. Adding authorization type to audit logger
* Changing alertType to ruleType
* Changing alertType to ruleType
* Updating unit tests
* Updating unit tests
* Passing field names into authorization query builder. Adding kql/es dsl option
* Converting to es query if requested
* Fixing functional tests
* Removing ability to specify feature privilege name in constructor
* Fixing some types and tests
* Consolidating alerting authorization kuery filter options
* Cleanup and tests
* Cleanup and tests
* Initial commit with changes needed for subfeature privilege
* Throwing error when AlertingAuthorizationClientFactory is not defined
* Renaming authorizationType to entity
* Renaming AlertsAuthorization to AlertingAuthorization
* Fixing unit tests
* Changing schema of alerting feature privilege
* Changing schema of alerting feature privilege
* Updating feature privilege iterator
* Updating feature privilege builder
* Fixing types check
* Updating privilege string terminology
* Updating privilege string terminology
* Wip
* Fixing unit tests
* Unit tests
* Updating README and removing stack subfeature privilege changes
* Fixing README
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
resolves https://github.com/elastic/kibana/issues/100607
This fixes a problem when very large parameters (over 32K bytes) are saved with
an alert. Before this fix, an error from elasticsearch would be thrown with
the following message, and a 400 returned from create (and presumably update).
Document contains at least one immense term in field=\"alert.params\"
(whose UTF8 encoding is longer than the max length 32766), all of which
were skipped.
After the fix, alerts with immense params can be saved and executed.
Note that the immense params will not be searchable, since they won't be indexed,
but that seems both unavoidable, and not a severe issue.
* [ML] Adds functional tests for anomaly detection job custom URLs
* [ML] Remove debug test tag from custom URL tests
* [ML] Update custom URL editor Jest snapshots
* [ML] Clean up in embeddables tests to fix dashboard test
* [ML] Delete test dashboard after test suites complete
* [ML] Edits to custom URL tests following review
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* [Maps] filter dashboard by map extent
* clean up
* remove warning from filter pill
* tslint
* API doc updates, i18n fixes, tslint
* only show context menu option in edit mode
* add functional test
* review feedback
* do not use search session when filtering by map bounds
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Removes event filters feature flag and expose this feature by default
* Fixes manifest unit test
* Fixes functional test adding event filter list case
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* use EuiTooltip to control tooltip component
* fix style
* update unit tests
* add functional waffle map tooltip tests
* remove reload() from useEffect
* fix type
* update unit test
## Summary
Utilizes constants package and deletes duplicate code
* Renames the `securitysolution-constants` to be `securitysolution-list-constants` to be specific
* Deletes duplicated code found during cleanup
* Moves more tests into the packages found along the way with the duplicated code
* Moves `parseScheduleDates` from `@kbn/securitysolution-io-ts-types` to `@kbn/securitysolution-io-ts-utils`
### Checklist
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
## Summary
* Creates a `securitysolution-list-utils` packaged and moves the first set of utilities into there
* Fixes a slight bug with `kbn-securitysolution-io-ts-list-types` where the wrong name was used
* Moves _all_ of the lists schemas and types into the package `kbn-securitysolution-io-ts-list-types`
* Removes copied code found in a few places
## Tech debt
* Some spots I have to use an `any` in the package as Kibana kbn packages don't have the types I need
* Some spots I copy constants until we can straighten out those pieces.
* I keep copied mock files until we figure out how to share mocks from these packages without adding weight or we create dedicated mock packages for all of this.
### Checklist
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
* WIP - creating alerting authorization client factory and exposing authorization client on plugin start contract
* Updating alerting feature privilege builder to handle different alerting types
* Passing in alerting authorization type to AlertingActions class string builder
* Passing in authorization type in each function call
* Passing in exempt consumer ids. Adding authorization type to audit logger
* Changing alertType to ruleType
* Changing alertType to ruleType
* Updating unit tests
* Updating unit tests
* Passing field names into authorization query builder. Adding kql/es dsl option
* Converting to es query if requested
* Fixing functional tests
* Removing ability to specify feature privilege name in constructor
* Fixing some types and tests
* Consolidating alerting authorization kuery filter options
* Cleanup and tests
* Cleanup and tests
* Throwing error when AlertingAuthorizationClientFactory is not defined
* Renaming authorizationType to entity
* Renaming AlertsAuthorization to AlertingAuthorization
* Fixing unit tests
* Updating privilege string terminology
* Updating privilege string terminology
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
Re-adds a test that was skipped. If it goes bonkers again, I will add more debugging information to it. I will keep an eye on the operations channel to see when/if this fails again. Originally this looked to be timeouts waiting, so I increased the global timeout to be 20 seconds instead of the original 10 seconds.
Resolves:
https://github.com/elastic/kibana/issues/89389
### Checklist
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
* [functional test] remove redundant navigation, wait for lens to be loaded
* fix navigation to new viz
* update test title
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* add retry logic and add describe.only to prepare for flaky test runner
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
fixes#99895
Can reproduce #99895 with something like
```shell
curl 'http://localhost:5601/api/fleet/enrollment-api-keys' \
-H 'content-type: application/json' \
-H 'kbn-version: 8.0.0' \
-u elastic:changeme \
--data-raw '{"name":"with spaces","policy_id":"d6a93200-b1bd-11eb-90ac-052b474d74cd"}'
```
Kibana logs this stack trace
```
server log [10:57:07.863] [error][fleet][plugins] KQLSyntaxError: Expected AND, OR, end of input but "\" found.
policy_id:"d6a93200-b1bd-11eb-90ac-052b474d74cd" AND name:with\ spaces*
--------------------------------------------------------------^
at Object.fromKueryExpression (/Users/jfsiii/work/kibana/src/plugins/data/common/es_query/kuery/ast/ast.ts:52:13)
at listEnrollmentApiKeys (/Users/jfsiii/work/kibana/x-pack/plugins/fleet/server/services/api_keys/enrollment_api_key.ts:37:69)
at Object.generateEnrollmentAPIKey (/Users/jfsiii/work/kibana/x-pack/plugins/fleet/server/services/api_keys/enrollment_api_key.ts:160:31)
at processTicksAndRejections (internal/process/task_queues.js:93:5)
at postEnrollmentApiKeyHandler (/Users/jfsiii/work/kibana/x-pack/plugins/fleet/server/routes/enrollment_api_key/handler.ts:53:20)
at Router.handle (/Users/jfsiii/work/kibana/src/core/server/http/router/router.ts:273:30)
at handler (/Users/jfsiii/work/kibana/src/core/server/http/router/router.ts:228:11)
at exports.Manager.execute (/Users/jfsiii/work/kibana/node_modules/@hapi/hapi/lib/toolkit.js:60:28)
at Object.internals.handler (/Users/jfsiii/work/kibana/node_modules/@hapi/hapi/lib/handler.js:46:20)
at exports.execute (/Users/jfsiii/work/kibana/node_modules/@hapi/hapi/lib/handler.js:31:20)
at Request._lifecycle (/Users/jfsiii/work/kibana/node_modules/@hapi/hapi/lib/request.js:370:32)
at Request._execute (/Users/jfsiii/work/kibana/node_modules/@hapi/hapi/lib/request.js:279:9) {
shortMessage: 'Expected AND, OR, end of input but "\\" found.'
```
the `kuery` value which causes the `KQLSyntaxError` is
```
policy_id:\"d6a93200-b1bd-11eb-90ac-052b474d74cd\" AND name:with\\ spaces*
```
a value without spaces, e.g. `no_spaces`
```
policy_id:\"d6a93200-b1bd-11eb-90ac-052b474d74cd\" AND name:no_spaces*
```
is converted to this query object
```
{
"bool": {
"filter": [
{
"bool": {
"should": [
{
"match_phrase": {
"policy_id": "d6a93200-b1bd-11eb-90ac-052b474d74cd"
}
}
],
"minimum_should_match": 1
}
},
{
"bool": {
"should": [
{
"query_string": {
"fields": [
"name"
],
"query": "no_spaces*"
}
}
],
"minimum_should_match": 1
}
}
]
}
```
I tried some other approaches for handling the spaces based on what I saw in the docs like `name:"\"with spaces\"` and `name:(with spaces)*`but they all failed as well, like
```
KQLSyntaxError: Expected AND, OR, end of input but "*" found.
policy_id:"d6a93200-b1bd-11eb-90ac-052b474d74cd" AND name:(with spaces)*
-----------------------------------------------------------------------^
at Object.fromKueryExpression (/Users/jfsiii/work/kibana/src/plugins/data/common/es_query/kuery/ast/ast.ts:52:13)
at listEnrollmentApiKeys (/Users/jfsiii/work/kibana/x-pack/plugins/fleet/server/services/api_keys/enrollment_api_key.ts:37:69)
at Object.generateEnrollmentAPIKey (/Users/jfsiii/work/kibana/x-pack/plugins/fleet/server/services/api_keys/enrollment_api_key.ts:166:31)
at processTicksAndRejections (internal/process/task_queues.js:93:5)
at postEnrollmentApiKeyHandler (/Users/jfsiii/work/kibana/x-pack/plugins/fleet/server/routes/enrollment_api_key/handler.ts:53:20)
at Router.handle (/Users/jfsiii/work/kibana/src/core/server/http/router/router.ts:273:30)
at handler (/Users/jfsiii/work/kibana/src/core/server/http/router/router.ts:228:11)
at exports.Manager.execute (/Users/jfsiii/work/kibana/node_modules/@hapi/hapi/lib/toolkit.js:60:28)
at Object.internals.handler (/Users/jfsiii/work/kibana/node_modules/@hapi/hapi/lib/handler.js:46:20)
at exports.execute (/Users/jfsiii/work/kibana/node_modules/@hapi/hapi/lib/handler.js:31:20)
at Request._lifecycle (/Users/jfsiii/work/kibana/node_modules/@hapi/hapi/lib/request.js:370:32)
at Request._execute (/Users/jfsiii/work/kibana/node_modules/@hapi/hapi/lib/request.js:279:9) {
shortMessage: 'Expected AND, OR, end of input but "*" found.'
```
So I logged out the query object for a successful request, and put that in a function
```
{
"query": {
"bool": {
"filter": [
{
"bool": {
"should": [
{
"match_phrase": {
"policy_id": "d6a93200-b1bd-11eb-90ac-052b474d74cd"
}
}
],
"minimum_should_match": 1
}
},
{
"bool": {
"should": [
{
"query_string": {
"fields": [
"name"
],
"query": "(with spaces) *"
}
}
],
"minimum_should_match": 1
}
}
]
}
}
}
```
### Checklist
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
* Fix UX when alert is disabled and in an error state
* Reset executionStatus to pending after enabling an alert
* Renames alert instance status OK to Recovered
* Fix end to end test
* Update doc screenshot
* Fix confusing test name
* Remove flakiness in integration test
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
