* WIP - creating alerting authorization client factory and exposing authorization client on plugin start contract
* Updating alerting feature privilege builder to handle different alerting types
* Passing in alerting authorization type to AlertingActions class string builder
* Passing in authorization type in each function call
* Passing in exempt consumer ids. Adding authorization type to audit logger
* Changing alertType to ruleType
* Changing alertType to ruleType
* Updating unit tests
* Updating unit tests
* Passing field names into authorization query builder. Adding kql/es dsl option
* Converting to es query if requested
* Fixing functional tests
* Removing ability to specify feature privilege name in constructor
* Fixing some types and tests
* Consolidating alerting authorization kuery filter options
* Cleanup and tests
* Cleanup and tests
* Initial commit with changes needed for subfeature privilege
* Throwing error when AlertingAuthorizationClientFactory is not defined
* Renaming authorizationType to entity
* Renaming AlertsAuthorization to AlertingAuthorization
* Fixing unit tests
* Changing schema of alerting feature privilege
* Changing schema of alerting feature privilege
* Updating feature privilege iterator
* Updating feature privilege builder
* Fixing types check
* Updating privilege string terminology
* Updating privilege string terminology
* Wip
* Fixing unit tests
* Unit tests
* Updating README and removing stack subfeature privilege changes
* Fixing README
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* [Maps timeslider]
* just arrowLeft and arrowRight icons
* tslint
* color icon when timeslider is open, auto select first section on open
* increase width to prevent timeslider from changing sizes during interaction
* fix filters disappearing when timeslice advances
* use shorter date format for ticks
* review feedback
* do not show timeslider button when map is embedded
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
**Needed for:** rule execution log for Security https://github.com/elastic/kibana/pull/94143
**Related to:**
- alerts-as-data: https://github.com/elastic/kibana/issues/93728, https://github.com/elastic/kibana/issues/93729, https://github.com/elastic/kibana/issues/93730
- RFC for index naming https://github.com/elastic/kibana/issues/98912
## Summary
This PR adds a mechanism for writing to / reading from / bootstrapping indices for RAC project into the `rule_registry` plugin. Particularly, indices for alerts-as-data and rule execution events. This implementation is similar to existing implementations like `event_log` plugin (see https://github.com/elastic/kibana/pull/98353#issuecomment-833045980 for historical perspective), but we're going to converge all of them into 1 or 2 implementations. At least we should have a single one in `rule_registry` itself.
In this PR I tried to incorporate most of the feedback received in the RFC (https://github.com/elastic/kibana/issues/98912), but if you notice I missed/forgot something, please let me know in the comments.
Done in this PR:
- [x] Schema-agnostic APIs for working with Elasticsearch.
- [x] Schema-aware log definition and bootstrapping API (creating hierarchical logs).
- [x] Schema-aware write API (logging events).
- [x] Schema-aware read API (searching logs, filtering, sorting, pagination, aggregation).
- [x] Support for Kibana spaces, space-aware index bootstrapping (either at rule creation or rule execution time).
As for reviewing this PR, perhaps it might be easier to start with:
- checking description of https://github.com/elastic/kibana/issues/98912
- checking usage examples https://github.com/elastic/kibana/pull/98353/files#diff-c049ff2198cc69bd50a69e92d29e88da7e10b9a152bdaceaf3d41826e712c12b
- checking public api https://github.com/elastic/kibana/pull/98353/files#diff-8e9ef0dbcbc60b1861d492a03865b2ae76a56ec38ada61898c991d3a74bd6268
## Next steps
Next steps towards rule execution log in Security (https://github.com/elastic/kibana/pull/94143):
- define actual schema for rule execution events
- inject instance of rule execution log into Security rule executors and route handlers
- implement actual execution logging in rule executors
- update route handlers to start fetching execution events and metrics from the log instead of custom saved objects
Next steps in the context of RAC and unified implementation:
- converge this implementation with `RuleDataService` implementation
- implement robust index bootstrapping
- reconsider using FieldMap as a generic type parameter
- implement validation for documents being indexed
- cover the final implementation with tests
- write comprehensive docs: update plugin README, add JSDoc comments to all public interfaces
Make it so `xpack.observability.unsafe.alertingExperience.enabled` only shows and hides the Alerts page, and `xpack.observability.unsafe.cases.enabled` show and hides the Cases page.
resolves https://github.com/elastic/kibana/issues/100607
This fixes a problem when very large parameters (over 32K bytes) are saved with
an alert. Before this fix, an error from elasticsearch would be thrown with
the following message, and a 400 returned from create (and presumably update).
Document contains at least one immense term in field=\"alert.params\"
(whose UTF8 encoding is longer than the max length 32766), all of which
were skipped.
After the fix, alerts with immense params can be saved and executed.
Note that the immense params will not be searchable, since they won't be indexed,
but that seems both unavoidable, and not a severe issue.
* cleanup removed dirs
* delete removed folders from other places in the repo
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Move uptime actions to Kibana's HeaderActionsMenu.
* Delete a comment.
* Extract ActionMenu content to dedicated component to make testing easier.
* Add tests.
* Use `EuiHeaderLinks` instead of `EuiFlexItem`.
* Clean up tests.
* Prefer `getByRole` for a test.
* Fix copy mistake.
* Fix a test broken by the previous commit.
* Prefer `EuiHeaderSectionItem` over `EuiHeaderSectionLink` to avoid nesting `button`s within `buttons`.
* Reverse "Settings" and "Alerts" menu options to make them uniform with APM.
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Manual cherry pick of work to support integration tiles and package-level vars
* Fix types
* Remove registry input group typings
* Show integration-specific readme, title, and icon in package details page
* Revert unnecessary changes
* Add package-level `vars` field to package policy SO mappings
* Fix types
* Fix test
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* [ML] Adds functional tests for anomaly detection job custom URLs
* [ML] Remove debug test tag from custom URL tests
* [ML] Update custom URL editor Jest snapshots
* [ML] Clean up in embeddables tests to fix dashboard test
* [ML] Delete test dashboard after test suites complete
* [ML] Edits to custom URL tests following review
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* [Maps] filter dashboard by map extent
* clean up
* remove warning from filter pill
* tslint
* API doc updates, i18n fixes, tslint
* only show context menu option in edit mode
* add functional test
* review feedback
* do not use search session when filtering by map bounds
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* add ip option type to convert processor
* remove duped option
* small CR changes
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* [triggersActionsUi] Reduce page load bundle to under 100kB
* removed old code
* removed fragment
* changed svg logo to lazy react components
* fixed type checks and translations
* fixed type checks
* fixed type checks
* fixed type checks
* fixed tests
* fixed tests
* fixed iconClass
* fixed due to comments
* added info about new IconType to readme file
* fixed key errors
* [XY] Add opacity slider and dots size slider
* [Lens] Adds fill opacity slider
* Make the new sliders to appear fullwidth
* Change property name and fix unit tests
* Add a comment
* useDebouncedValue hook
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* wip; added logic for creating ILM policy at start up
* added log when ilm policy is not created
* added test for start function
* updated ilm policy to not delete data
* actually update jest snapshots and remove unused import
* updated the ilm policy, removed the min_age for the hot phase
* update jest snapshot
* removed TODO comment
* debug log -> info log
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Removes event filters feature flag and expose this feature by default
* Fixes manifest unit test
* Fixes functional test adding event filter list case
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* use EuiTooltip to control tooltip component
* fix style
* update unit tests
* add functional waffle map tooltip tests
* remove reload() from useEffect
* fix type
* update unit test
## Summary
Utilizes constants package and deletes duplicate code
* Renames the `securitysolution-constants` to be `securitysolution-list-constants` to be specific
* Deletes duplicated code found during cleanup
* Moves more tests into the packages found along the way with the duplicated code
* Moves `parseScheduleDates` from `@kbn/securitysolution-io-ts-types` to `@kbn/securitysolution-io-ts-utils`
### Checklist
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
* [ML] Fix missing selected-interval sass
* [ML] Only show interval box in explorer page and not in dashboard
* [ML] Remove console
* [ML] Move showSelectedInterval up
* [ML] Update snapshot
* [ML] Update styling of scheduled events to match and to be visible
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
