* [Discover] migrate remaining context files from js to ts
* [Discover] get rid of any types
* [Discover] replace constants with enums, update imports
* [Discover] use unknown instead of any, correct types
* [Discover] skip any type for tests
* [Discover] add euiDataGrid view
* [Discover] add support dataGrid columns, provide ability to do not change sorting, highlight anchor doc, rename legacy variables
* [Discover] update context_legacy test and types
* [Discover] update unit tests, add context header
* [Discover] update unit and functional tests
* [Discover] remove docTable from context test which uses new data grid
* [Discover] update EsHitRecord type, use it for context app. add no pagination support
* [Discover] resolve type error in test
* [Discover] add disabling control columns option, change loading feedback
* [Discover] clean up, update functional tests
* [Discover] remove invalid translations
* [Discover] support both no results found and loading feedback
* [Discover] provide loading status for discover
* [Discover] fix functional test
* [Discover] add useDataGridColumns test, update by comments
* [Discover] fix types
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
This PR starts the migration of the Security Solution rules to use the rule-registry introduced in https://github.com/elastic/kibana/pull/95903. This is a pathfinding effort in porting over the existing Security Solution rules, and may include some temporary reference rules for testing out different paradigms as we move the rules over. See https://github.com/elastic/kibana/issues/95735 for details
Enable via the following feature flags in your `kibana.dev.yml`:
```
# Security Solution Rules on Rule Registry
xpack.ruleRegistry.index: '.kibana-[USERNAME]-alerts' # Only necessary to scope from other devs testing, if not specified defaults to `.alerts-security-solution`
xpack.securitySolution.enableExperimental: ['ruleRegistryEnabled']
```
> Note: if setting a custom `xpack.ruleRegistry.index`, for the time being you must also update the [DEFAULT_ALERTS_INDEX](9e213fb7a5/x-pack/plugins/security_solution/common/constants.ts (L28)) in order for the UI to display alerts within the alerts table.
---
Three reference rule types have been added (`query`, `eql`, `threshold`), along with scripts for creating them located in:
```
x-pack/plugins/security_solution/server/lib/detection_engine/reference_rules/scripts/
```
Main Detection page TGrid queries have been short-circuited to query `.alerts-security-solution*` for displaying alerts from the new alerts as data indices.
To test, checkout, enable the above feature flag(s), and run one of the scripts from the above directory, e.g. `./create_reference_rule_query.sh` (ensure your ENV vars as set! :)
Alerts as data within the main Detection Page 🎉
<p align="center">
<img width="500" src="https://user-images.githubusercontent.com/2946766/119911768-39cfba00-bf17-11eb-8996-63c0b813fdcc.png" />
</p>
cc @madirey @dgieselaar @pmuellr @yctercero @dhurley14 @marshallmain
* [ML] Fix categorization job view examples link when datafeed uses multiple indices
* [ML] Fix operator in index pattern check
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Call `setHeaderActionMenu(undefined)` when the HeaderMenuPortal is unmounted.
Found this line in the docs:
> Calling the handler with `undefined` will unmount the current mount point.
Which we weren't doing before.
Previous behavior:
* Go to /app/observability/alerts
* Click the "View in app" button for an APM alert
* Click back
* Click the "View in app" button for an APM alert
* Get a weird toast error message and the header menu is gone forever
Now:
* Go to /app/observability/alerts
* Click the "View in app" button for an APM alert
* Click back
* Click the "View in app" button for an APM alert
* Get a working header menu
Fixes#97140
* Shows event filters card on fleet page
* Uses aggs instead of while loop to retrieve summary data
* Add request and response types in the lists package
* Fixes old import
* Removes old i18n keys
* Removes more old i18n keys
* Use consts for exception lists url and endpoint event filter list id
* Uses event filters service to retrieve summary data
* Fixes addressed pr comments such as changing the route without underscore, adding aggs type, validating response, and more
* Uses useMemo instead of useState to memoize object
* Add new e2e test for summart endpoint
* Handle api errors on event filters and trusted apps summary api calls
* Add api error message to the toast
* Fix wrong i18n key
* Change span tag by react fragment
* Uses styled components instead of modify compontent style directly and small improvements on test -> ts
* Adds curls script for summary route
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Taking space id into account when creating email footer link
* Handling undefined space when spaces is disabled
* Handling undefined space when spaces is disabled
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Fetch rule statuses using single aggregation instead of N separate requests
* Optimize _find API and _find_statuses
* Merge alerting framework errors into rule statuses
* Add sortSchema for top hits agg, update terms.order schema
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Re-introduces the changes from #100727 which was backed out due to a bug. Changes included:
* Generate random isolation values for endpoint metadata
* Generator for Fleet Actions
* Added creation of actions to the index test data loader
Plus:
* Fix generator `randomBoolean()` to ensure it works with seeded random numbers
* Update resolver snapshots due to additional call to randomizer
* Adding feature flag for enabling rule import and export
* Removing item from docs
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Update datafeed_windows_rare_user_type10_remote_login.json
refactor df query to work with newer field values
* Update datafeed_windows_rare_user_type10_remote_login.json
remove event.code test - was failing a test on the build server using the original data b/c this field was not there when the query was first developed.
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Remove legacydetection rule stat summaries
* Remove ML usage summary and consolidate with ML metric telemetry.
* Remove ML usage summary and consolidate with ML metric telemetry.
* Move legacy helper constructs into index.
* Separate rule logic from ml logic. Add ml unit tests.
* Abstract types away into their own file.
* Update telemetry schema.
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* WIP - creating alerting authorization client factory and exposing authorization client on plugin start contract
* Updating alerting feature privilege builder to handle different alerting types
* Passing in alerting authorization type to AlertingActions class string builder
* Passing in authorization type in each function call
* Passing in exempt consumer ids. Adding authorization type to audit logger
* Changing alertType to ruleType
* Changing alertType to ruleType
* Updating unit tests
* Updating unit tests
* Passing field names into authorization query builder. Adding kql/es dsl option
* Converting to es query if requested
* Fixing functional tests
* Removing ability to specify feature privilege name in constructor
* Fixing some types and tests
* Consolidating alerting authorization kuery filter options
* Cleanup and tests
* Cleanup and tests
* Initial commit with changes needed for subfeature privilege
* Throwing error when AlertingAuthorizationClientFactory is not defined
* Renaming authorizationType to entity
* Renaming AlertsAuthorization to AlertingAuthorization
* Fixing unit tests
* Changing schema of alerting feature privilege
* Changing schema of alerting feature privilege
* Updating feature privilege iterator
* Updating feature privilege builder
* Fixing types check
* Updating privilege string terminology
* Updating privilege string terminology
* Wip
* Fixing unit tests
* Unit tests
* Updating README and removing stack subfeature privilege changes
* Fixing README
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* [Maps timeslider]
* just arrowLeft and arrowRight icons
* tslint
* color icon when timeslider is open, auto select first section on open
* increase width to prevent timeslider from changing sizes during interaction
* fix filters disappearing when timeslice advances
* use shorter date format for ticks
* review feedback
* do not show timeslider button when map is embedded
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
**Needed for:** rule execution log for Security https://github.com/elastic/kibana/pull/94143
**Related to:**
- alerts-as-data: https://github.com/elastic/kibana/issues/93728, https://github.com/elastic/kibana/issues/93729, https://github.com/elastic/kibana/issues/93730
- RFC for index naming https://github.com/elastic/kibana/issues/98912
## Summary
This PR adds a mechanism for writing to / reading from / bootstrapping indices for RAC project into the `rule_registry` plugin. Particularly, indices for alerts-as-data and rule execution events. This implementation is similar to existing implementations like `event_log` plugin (see https://github.com/elastic/kibana/pull/98353#issuecomment-833045980 for historical perspective), but we're going to converge all of them into 1 or 2 implementations. At least we should have a single one in `rule_registry` itself.
In this PR I tried to incorporate most of the feedback received in the RFC (https://github.com/elastic/kibana/issues/98912), but if you notice I missed/forgot something, please let me know in the comments.
Done in this PR:
- [x] Schema-agnostic APIs for working with Elasticsearch.
- [x] Schema-aware log definition and bootstrapping API (creating hierarchical logs).
- [x] Schema-aware write API (logging events).
- [x] Schema-aware read API (searching logs, filtering, sorting, pagination, aggregation).
- [x] Support for Kibana spaces, space-aware index bootstrapping (either at rule creation or rule execution time).
As for reviewing this PR, perhaps it might be easier to start with:
- checking description of https://github.com/elastic/kibana/issues/98912
- checking usage examples https://github.com/elastic/kibana/pull/98353/files#diff-c049ff2198cc69bd50a69e92d29e88da7e10b9a152bdaceaf3d41826e712c12b
- checking public api https://github.com/elastic/kibana/pull/98353/files#diff-8e9ef0dbcbc60b1861d492a03865b2ae76a56ec38ada61898c991d3a74bd6268
## Next steps
Next steps towards rule execution log in Security (https://github.com/elastic/kibana/pull/94143):
- define actual schema for rule execution events
- inject instance of rule execution log into Security rule executors and route handlers
- implement actual execution logging in rule executors
- update route handlers to start fetching execution events and metrics from the log instead of custom saved objects
Next steps in the context of RAC and unified implementation:
- converge this implementation with `RuleDataService` implementation
- implement robust index bootstrapping
- reconsider using FieldMap as a generic type parameter
- implement validation for documents being indexed
- cover the final implementation with tests
- write comprehensive docs: update plugin README, add JSDoc comments to all public interfaces
Make it so `xpack.observability.unsafe.alertingExperience.enabled` only shows and hides the Alerts page, and `xpack.observability.unsafe.cases.enabled` show and hides the Cases page.
resolves https://github.com/elastic/kibana/issues/100607
This fixes a problem when very large parameters (over 32K bytes) are saved with
an alert. Before this fix, an error from elasticsearch would be thrown with
the following message, and a 400 returned from create (and presumably update).
Document contains at least one immense term in field=\"alert.params\"
(whose UTF8 encoding is longer than the max length 32766), all of which
were skipped.
After the fix, alerts with immense params can be saved and executed.
Note that the immense params will not be searchable, since they won't be indexed,
but that seems both unavoidable, and not a severe issue.
* cleanup removed dirs
* delete removed folders from other places in the repo
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Move uptime actions to Kibana's HeaderActionsMenu.
* Delete a comment.
* Extract ActionMenu content to dedicated component to make testing easier.
* Add tests.
* Use `EuiHeaderLinks` instead of `EuiFlexItem`.
* Clean up tests.
* Prefer `getByRole` for a test.
* Fix copy mistake.
* Fix a test broken by the previous commit.
* Prefer `EuiHeaderSectionItem` over `EuiHeaderSectionLink` to avoid nesting `button`s within `buttons`.
* Reverse "Settings" and "Alerts" menu options to make them uniform with APM.
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Manual cherry pick of work to support integration tiles and package-level vars
* Fix types
* Remove registry input group typings
* Show integration-specific readme, title, and icon in package details page
* Revert unnecessary changes
* Add package-level `vars` field to package policy SO mappings
* Fix types
* Fix test
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* [ML] Adds functional tests for anomaly detection job custom URLs
* [ML] Remove debug test tag from custom URL tests
* [ML] Update custom URL editor Jest snapshots
* [ML] Clean up in embeddables tests to fix dashboard test
* [ML] Delete test dashboard after test suites complete
* [ML] Edits to custom URL tests following review
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* [Maps] filter dashboard by map extent
* clean up
* remove warning from filter pill
* tslint
* API doc updates, i18n fixes, tslint
* only show context menu option in edit mode
* add functional test
* review feedback
* do not use search session when filtering by map bounds
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* add ip option type to convert processor
* remove duped option
* small CR changes
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* [triggersActionsUi] Reduce page load bundle to under 100kB
* removed old code
* removed fragment
* changed svg logo to lazy react components
* fixed type checks and translations
* fixed type checks
* fixed type checks
* fixed type checks
* fixed tests
* fixed tests
* fixed iconClass
* fixed due to comments
* added info about new IconType to readme file
* fixed key errors
* [XY] Add opacity slider and dots size slider
* [Lens] Adds fill opacity slider
* Make the new sliders to appear fullwidth
* Change property name and fix unit tests
* Add a comment
* useDebouncedValue hook
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* wip; added logic for creating ILM policy at start up
* added log when ilm policy is not created
* added test for start function
* updated ilm policy to not delete data
* actually update jest snapshots and remove unused import
* updated the ilm policy, removed the min_age for the hot phase
* update jest snapshot
* removed TODO comment
* debug log -> info log
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Removes event filters feature flag and expose this feature by default
* Fixes manifest unit test
* Fixes functional test adding event filter list case
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* use EuiTooltip to control tooltip component
* fix style
* update unit tests
* add functional waffle map tooltip tests
* remove reload() from useEffect
* fix type
* update unit test
## Summary
Utilizes constants package and deletes duplicate code
* Renames the `securitysolution-constants` to be `securitysolution-list-constants` to be specific
* Deletes duplicated code found during cleanup
* Moves more tests into the packages found along the way with the duplicated code
* Moves `parseScheduleDates` from `@kbn/securitysolution-io-ts-types` to `@kbn/securitysolution-io-ts-utils`
### Checklist
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
* [ML] Fix missing selected-interval sass
* [ML] Only show interval box in explorer page and not in dashboard
* [ML] Remove console
* [ML] Move showSelectedInterval up
* [ML] Update snapshot
* [ML] Update styling of scheduled events to match and to be visible
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Refactor TableRowAction into separate component and enable menu close on item click
* add `show=isolate` to valid url param string for details panel
* Reusable BackToEndpointDetailsFlyoutSubHeader component
* new FlyoutBodyNoTopPadding compoent + refactor Policy response to use it
* Endpoint Isolate flyout panel
* New Service for doing isolate/unisolate of hosts
* Refactor detection isolate API call to use common method from new service
## Summary
* Adds package `kbn-securitysolution-list-api`
* Adds package `kbn-securitysolution-list-hooks`
* Moves files into the packages
* Moves a few additional types into the other packages such as the `kbn-securitysolution-io-ts-types` package to remove more things from the shard_export/shared_import between lists and security solution
* Removes more duplicated code
### Checklist
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
* fix: set ignoreMissingField to true by default
* Add missing serializer to trim fieldConfig
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Add logging of CPU usage by chromium
* Add logging of memory consumption by chromium
* Add PDF report byte length logging
* Add PNG report byte length logging
## Summary
* Creates a `securitysolution-list-utils` packaged and moves the first set of utilities into there
* Fixes a slight bug with `kbn-securitysolution-io-ts-list-types` where the wrong name was used
* Moves _all_ of the lists schemas and types into the package `kbn-securitysolution-io-ts-list-types`
* Removes copied code found in a few places
## Tech debt
* Some spots I have to use an `any` in the package as Kibana kbn packages don't have the types I need
* Some spots I copy constants until we can straighten out those pieces.
* I keep copied mock files until we figure out how to share mocks from these packages without adding weight or we create dedicated mock packages for all of this.
### Checklist
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
* initial version of the screenshot mode service
* First iteration of client side of screenshot mode plugin
Also hooked it up to the chromium browser imitating the preload
functionality of electron to set up the environment before
code runs.
* First implementation of server-side logic for detecting
screenshot mode
* fix some type issues and do a small refactor
* fix size limits, docs and ts issues
* fixed types issues and made sure screenshot mode is correctly detected on the client
* Moved the screenshot mode header definition to common
Added a server-side example for screenshot mode
Export the screenshot mode header in both public and server
* move require() to screenshotMode plugin
* Update chromium_driver.ts
* cleaned up some comments, minor refactor in ReportingCore and
changed the screenshotmode detection function to check for a
specific value.
* fix export
* Expanded server-side screenshot mode contract with function that
checks a kibana request to determine whether we in screenshot
mode
* added comments to explain use of literal value rather than external reference
* updated comment
* update reporting example
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Timothy Sullivan <tsullivan@elastic.co>
Co-authored-by: Tim Sullivan <tsullivan@users.noreply.github.com>
* WIP - creating alerting authorization client factory and exposing authorization client on plugin start contract
* Updating alerting feature privilege builder to handle different alerting types
* Passing in alerting authorization type to AlertingActions class string builder
* Passing in authorization type in each function call
* Passing in exempt consumer ids. Adding authorization type to audit logger
* Changing alertType to ruleType
* Changing alertType to ruleType
* Updating unit tests
* Updating unit tests
* Passing field names into authorization query builder. Adding kql/es dsl option
* Converting to es query if requested
* Fixing functional tests
* Removing ability to specify feature privilege name in constructor
* Fixing some types and tests
* Consolidating alerting authorization kuery filter options
* Cleanup and tests
* Cleanup and tests
* Throwing error when AlertingAuthorizationClientFactory is not defined
* Renaming authorizationType to entity
* Renaming AlertsAuthorization to AlertingAuthorization
* Fixing unit tests
* Updating privilege string terminology
* Updating privilege string terminology
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
* Removes commented out code which promises we are going to do something past 7.11. This code has been checked in and the column of `last_look_back_date` has been removed since 7.11, which means we haven't had it for 7.11, 7.12, and now 7.13.
Related: https://github.com/elastic/kibana/pull/89801
* switch mac chromium download location to kibana team gcs
* oops, fix the path to the binary
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Fixes weird 'flash' when entries does not exists on event filters page. Also fixes a multilang and query when empty string
* Removes old comment
* Use function to retrieve async resource state
* Fix unit test
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Changing variable name of cases_count_daily to cases_count_total.
* Taking comments out of tests and reverting tests to previosu state.
* Changing meta description to be more descriptive.
* Changing meta description to be more descriptive.
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* add a link for issue to remove circular deps
* features: migrate from joi to config-schema
* update tests
* migrate home tutorials to config-schema
* migrate home dataset validation to config schema
* remove unnecessary type. we cannot guarantee this is a valid SO
* address Pierres comments
The Ingest Node Pipelines UI added support to configure a registered domain processor. This processor extracts the registered domain, sub-domain and top-level domain from a fully qualified domain name.
* New bulk create route for meta engine source engines
* New delete route for meta engine source engines
* Add removeSourceEngine and onSourceEngineRemove to SourceEnginesLogicActions
* New SourceEnginesTable component
* Use new SourceEnginesTable component in SourceEngines view
* Added closeAddSourceEnginesModal and openAddSourceEnginesModal to SourceEnginesLogic
* New AddSourceEnginesModal component
* New AddSourceEnginesButton component
* Add AddSourceEnginesButton and AddSourceEnginesModal to SourceEngines view
* Allow user to select source engines to add
* Add addSourceEngines and onSourceEnginesAdd to SourceEnginesLogic
* Submit new source engines when user saves from inside AddSourceEnginesModal
* Fix failing tests
* fix i18n
* Fix imports
* Use body instead of query params for source engines bulk create endpoint
* Tests for SouceEnginesLogic actions setIndexedEngines and fetchIndexedEngines
* Re-enabling two skipped tests
* Feedback: move source engine APIs to own file
- We generally organize routes/logic etc. by view, and since this is its own view, it can get its own file
* Misc UI polish
Table:
- Add EuiPageContent bordered panel (matches Curations & API logs which is a table in a panel)
- Remove bolding on engine name (matches rest of Kibana UI)
- Remove responsive false (we do want responsive tables in Kibana)
Modal:
- Remove EuiOverlayMask - per recent EUI changes, this now comes baked in with EuiModal
- Change description text to subdued to match other modals (e.g. Curations queries) in Kibana
* Misc i18n/copy tweaks
Modal:
- Add combobox placeholder text
- i18n cancel/save buttons
- inline i18n and change title casing to sentence casing
* Table refactors
- DRY out table columns shared with the main engines tables (title & formatting change slightly from the standalone UI, but this is fine / we should prefer Kibana standardization moving forward)
- Actions column changes
- Give it a name - axe will throw issues for table column missing headings
- Do not make actions a conditional empty array - we should opt to remove the column totally if there is no content present, otherwise screen readers will read out blank cells unnecessarily
- Switch to icons w/ description tooltips to match the other Kibana tables
- Remove unnecessary sorting props (we don't have sorting enabled on any columns)
Tests
- Add describe block for organization
- Add missing coverage for window confirm branch and canManageMetaEngineSourceEngines branch
* Modal test fixes
- Remove unnecessary type casting
- Remove commented out line
- Fix missing onChange function coverage
* Modal: move unmemoized array iterations to Kea selectors
- more performant: kea selectors are memoized
- cleaner/less logic in views
- easier to write unit tests for
+ rename setSelectedEngineNamesToAdd to onAddEnginesSelection
+ remove unused selectors test code
* Modal: Add isLoading UX to submit button + value renames
- isLoading prevents double clicks/dupe events, and also provides a responsive UX hint that something is happening
- Var renames: there's only one modal on the page, being extra specific with the name isn't really necessary. If we ever add more than one to this view it would probably make sense to split up the logic files or do something else. Verbose modal names/states shouldn't necessarily be the answer
* Source Engines view test fixes
- Remove unused mock values/actions
- Move constants to within main describe
- Remove unhappy vs happy path describes - there aren't enough of either scenario to warrant the distinction
- add page actions describe block and fix skipped/mounted test by shallow diving into EuiPageHeader
* [Misc] Single components/index.ts export
For easier group importing
* Move all copy consts/strings to their own i18n constants file
* Refactor recursive fetchEngines fn to shared util
+ update MetaEnginesTableLogic to use new helper/DRY out code
+ write unit tests for just that helper
+ simplify other previous logic checks to just check that the fn was called + add mock
* Tests cleanup
- Move consts into top of describe blocks to match rest of codebase
- Remove logic comments for files that are only sourcing 1 logic file
- Modal:
- shallow is fairly cheap and it's easier / more consistent w/ other tests to start a new wrapper every test
- Logic:
- Remove unnecessarily EnginesLogic mocks
- Remove mount() in beforeEach - it doesn't save us that many extra lines / better to be more consistent when starting tests that mount with values vs not
- mock clearing in beforeEach to match rest of codebase
- describe blocks: split up actions vs listeners, move selectors between the two
- actions: fix tests that are in a describe() but not an it() (incorrect syntax)
- Reducer/value checks: check against entire values obj to check for regressions or untested reducers & be consistent rest of codebase
- listeners - DRY out beforeEach of success vs error paths, combine some tests that are a bit repetitive vs just having multiple assertions
- Logic comments:
- Remove unnecessary comments (if we're not setting a response, it seems clear we're not using it)
- Add extra business logic context explanation as to why we call re-initialize the engine
Co-authored-by: Constance Chen <constance.chen.3@gmail.com>
* Set up TruncatedEnginesList component
- Used for listing source engines
- New in Kibana: now links to source engine schema pages for easier schema fixes!
* Add meta engines schema active fields table
* Render meta engine schema conflicts table & warning callout
* Update x-pack/plugins/enterprise_search/public/applications/app_search/components/schema/components/truncated_engines_list.tsx
Co-authored-by: Jason Stoltzfus <jastoltz24@gmail.com>
Co-authored-by: Jason Stoltzfus <jastoltz24@gmail.com>
* Improve accessibility labeling for `FilterPopover` component.
* Simplify test revisions.
* Simplify unit test.
* Refactor test to use text formatter helper functions.
* [Lens] Create managedReference type for formulas
* Fix test failures
* Fix i18n types
* Delete managedReference when replacing
* Tests for formula
* Refactoring from code review
Co-authored-by: Joe Reuter <johannes.reuter@elastic.co>
Co-authored-by: Marco Liberati <marco.liberati@elastic.co>
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
* Fix: Disable selection of filter status 'All' on AddToCaseAction
* UI: Hide disabled statuses on AddToCaseAction
* Refactor: Rename disabledStatuses to hiddenStatuses
* Fix: Pick the first valid status for initialFilterOptions
Previously it was always picking 'open', but it wouldn't work when hiddenStatuses contains "open".
* Add missing test
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
## Summary
The io-ts package was too large and needed to broken down more by domain to decrease the lists plugin size and any other plugin wanting to use the packages will not incur big hits as well.
Before we had one large io-ts package:
```
@kbn/securitysolution-io-ts-utils
```
Now we have these broken down 4 packages:
```
@kbn/securitysolution-io-ts-utils
@kbn/securitysolution-io-ts-types
@kbn/securitysolution-io-ts-alerting-types
@kbn/securitysolution-io-ts-list-types
```
Deps between these packages are:
```
@kbn/securitysolution-io-ts-utils (none)
@kbn/securitysolution-io-ts-types -> @kbn/securitysolution-io-ts-utils
@kbn/securitysolution-io-ts-alerting-types -> @kbn/securitysolution-io-ts-types, @kbn/securitysolution-io-ts-utils
@kbn/securitysolution-io-ts-list-types -> @kbn/securitysolution-io-ts-types, @kbn/securitysolution-io-ts-utils
```
Short description and function of each (Also in each of their README.md):
```
@kbn/securitysolution-io-ts-utils, Smallest amount of utilities such as format, validate, etc...
@kbn/securitysolution-io-ts-types, Base types such as to_number, to_string, etc...
@kbn/securitysolution-io-ts-alerting-types, Alerting specific types such as severity, from, to, etc...
@kbn/securitysolution-io-ts-list-types, list specific types such as exception lists, exception list types, etc...
```
### Checklist
Delete any items that are not applicable to this PR.
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
## Summary
fixes#99895
Can reproduce #99895 with something like
```shell
curl 'http://localhost:5601/api/fleet/enrollment-api-keys' \
-H 'content-type: application/json' \
-H 'kbn-version: 8.0.0' \
-u elastic:changeme \
--data-raw '{"name":"with spaces","policy_id":"d6a93200-b1bd-11eb-90ac-052b474d74cd"}'
```
Kibana logs this stack trace
```
server log [10:57:07.863] [error][fleet][plugins] KQLSyntaxError: Expected AND, OR, end of input but "\" found.
policy_id:"d6a93200-b1bd-11eb-90ac-052b474d74cd" AND name:with\ spaces*
--------------------------------------------------------------^
at Object.fromKueryExpression (/Users/jfsiii/work/kibana/src/plugins/data/common/es_query/kuery/ast/ast.ts:52:13)
at listEnrollmentApiKeys (/Users/jfsiii/work/kibana/x-pack/plugins/fleet/server/services/api_keys/enrollment_api_key.ts:37:69)
at Object.generateEnrollmentAPIKey (/Users/jfsiii/work/kibana/x-pack/plugins/fleet/server/services/api_keys/enrollment_api_key.ts:160:31)
at processTicksAndRejections (internal/process/task_queues.js:93:5)
at postEnrollmentApiKeyHandler (/Users/jfsiii/work/kibana/x-pack/plugins/fleet/server/routes/enrollment_api_key/handler.ts:53:20)
at Router.handle (/Users/jfsiii/work/kibana/src/core/server/http/router/router.ts:273:30)
at handler (/Users/jfsiii/work/kibana/src/core/server/http/router/router.ts:228:11)
at exports.Manager.execute (/Users/jfsiii/work/kibana/node_modules/@hapi/hapi/lib/toolkit.js:60:28)
at Object.internals.handler (/Users/jfsiii/work/kibana/node_modules/@hapi/hapi/lib/handler.js:46:20)
at exports.execute (/Users/jfsiii/work/kibana/node_modules/@hapi/hapi/lib/handler.js:31:20)
at Request._lifecycle (/Users/jfsiii/work/kibana/node_modules/@hapi/hapi/lib/request.js:370:32)
at Request._execute (/Users/jfsiii/work/kibana/node_modules/@hapi/hapi/lib/request.js:279:9) {
shortMessage: 'Expected AND, OR, end of input but "\\" found.'
```
the `kuery` value which causes the `KQLSyntaxError` is
```
policy_id:\"d6a93200-b1bd-11eb-90ac-052b474d74cd\" AND name:with\\ spaces*
```
a value without spaces, e.g. `no_spaces`
```
policy_id:\"d6a93200-b1bd-11eb-90ac-052b474d74cd\" AND name:no_spaces*
```
is converted to this query object
```
{
"bool": {
"filter": [
{
"bool": {
"should": [
{
"match_phrase": {
"policy_id": "d6a93200-b1bd-11eb-90ac-052b474d74cd"
}
}
],
"minimum_should_match": 1
}
},
{
"bool": {
"should": [
{
"query_string": {
"fields": [
"name"
],
"query": "no_spaces*"
}
}
],
"minimum_should_match": 1
}
}
]
}
```
I tried some other approaches for handling the spaces based on what I saw in the docs like `name:"\"with spaces\"` and `name:(with spaces)*`but they all failed as well, like
```
KQLSyntaxError: Expected AND, OR, end of input but "*" found.
policy_id:"d6a93200-b1bd-11eb-90ac-052b474d74cd" AND name:(with spaces)*
-----------------------------------------------------------------------^
at Object.fromKueryExpression (/Users/jfsiii/work/kibana/src/plugins/data/common/es_query/kuery/ast/ast.ts:52:13)
at listEnrollmentApiKeys (/Users/jfsiii/work/kibana/x-pack/plugins/fleet/server/services/api_keys/enrollment_api_key.ts:37:69)
at Object.generateEnrollmentAPIKey (/Users/jfsiii/work/kibana/x-pack/plugins/fleet/server/services/api_keys/enrollment_api_key.ts:166:31)
at processTicksAndRejections (internal/process/task_queues.js:93:5)
at postEnrollmentApiKeyHandler (/Users/jfsiii/work/kibana/x-pack/plugins/fleet/server/routes/enrollment_api_key/handler.ts:53:20)
at Router.handle (/Users/jfsiii/work/kibana/src/core/server/http/router/router.ts:273:30)
at handler (/Users/jfsiii/work/kibana/src/core/server/http/router/router.ts:228:11)
at exports.Manager.execute (/Users/jfsiii/work/kibana/node_modules/@hapi/hapi/lib/toolkit.js:60:28)
at Object.internals.handler (/Users/jfsiii/work/kibana/node_modules/@hapi/hapi/lib/handler.js:46:20)
at exports.execute (/Users/jfsiii/work/kibana/node_modules/@hapi/hapi/lib/handler.js:31:20)
at Request._lifecycle (/Users/jfsiii/work/kibana/node_modules/@hapi/hapi/lib/request.js:370:32)
at Request._execute (/Users/jfsiii/work/kibana/node_modules/@hapi/hapi/lib/request.js:279:9) {
shortMessage: 'Expected AND, OR, end of input but "*" found.'
```
So I logged out the query object for a successful request, and put that in a function
```
{
"query": {
"bool": {
"filter": [
{
"bool": {
"should": [
{
"match_phrase": {
"policy_id": "d6a93200-b1bd-11eb-90ac-052b474d74cd"
}
}
],
"minimum_should_match": 1
}
},
{
"bool": {
"should": [
{
"query_string": {
"fields": [
"name"
],
"query": "(with spaces) *"
}
}
],
"minimum_should_match": 1
}
}
]
}
}
}
```
### Checklist
- [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
The unmount callback should have never been in the useEffect keyed off of the pathname. Another issue appeared earlier and I tried to fix it with the now removed conditional, but it should have been removed into it’s own useEffect that only runs when the component is unmounted, not on every route change.
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>