Merge branch 'master' into issue-82203-saved-objects-authz-checks

docs/api/saved-objects/rotate_encryption_key.asciidoc

@@ -25,7 +25,7 @@ Bulk key rotation can consume a considerable amount of resources and hence only
 `type`::
 (Optional, string) Limits encryption key rotation only to the saved objects with the specified type. By default, {kib} tries to rotate the encryption key for all saved object types that may contain encrypted attributes.
 
-`batchSize`::
+`batch_size`::
 (Optional, number) Specifies a maximum number of saved objects that {kib} can process in a single batch. Bulk key rotation is an iterative process since {kib} may not be able to fetch and process all required saved objects in one go and splits processing into consequent batches. By default, the batch size is 10000, which is also a maximum allowed value.
 
 [[saved-objects-api-rotate-encryption-key-response-body]]
@@ -91,7 +91,7 @@ In this example, key rotation is performed for all saved objects with the `alert
 
 [source,sh]
 --------------------------------------------------
-$ curl -X POST /api/encrypted_saved_objects/_rotate_key?type=alert&batchSize=5000
+$ curl -X POST /api/encrypted_saved_objects/_rotate_key?type=alert&batch_size=5000
 --------------------------------------------------
 // KIBANA
 

docs/development/plugins/expressions/public/kibana-plugin-plugins-expressions-public.expressionfunctiondefinitions.derivative.md

@@ -0,0 +1,11 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-plugins-expressions-public](./kibana-plugin-plugins-expressions-public.md) &gt; [ExpressionFunctionDefinitions](./kibana-plugin-plugins-expressions-public.expressionfunctiondefinitions.md) &gt; [derivative](./kibana-plugin-plugins-expressions-public.expressionfunctiondefinitions.derivative.md)
+
+## ExpressionFunctionDefinitions.derivative property
+
+<b>Signature:</b>
+
+```typescript
+derivative: ExpressionFunctionDerivative;
+```

docs/development/plugins/expressions/public/kibana-plugin-plugins-expressions-public.expressionfunctiondefinitions.md

@@ -18,6 +18,7 @@ export interface ExpressionFunctionDefinitions
 |  --- | --- | --- |
 |  [clog](./kibana-plugin-plugins-expressions-public.expressionfunctiondefinitions.clog.md) | <code>ExpressionFunctionClog</code> |  |
 |  [cumulative\_sum](./kibana-plugin-plugins-expressions-public.expressionfunctiondefinitions.cumulative_sum.md) | <code>ExpressionFunctionCumulativeSum</code> |  |
+|  [derivative](./kibana-plugin-plugins-expressions-public.expressionfunctiondefinitions.derivative.md) | <code>ExpressionFunctionDerivative</code> |  |
 |  [font](./kibana-plugin-plugins-expressions-public.expressionfunctiondefinitions.font.md) | <code>ExpressionFunctionFont</code> |  |
 |  [kibana\_context](./kibana-plugin-plugins-expressions-public.expressionfunctiondefinitions.kibana_context.md) | <code>ExpressionFunctionKibanaContext</code> |  |
 |  [kibana](./kibana-plugin-plugins-expressions-public.expressionfunctiondefinitions.kibana.md) | <code>ExpressionFunctionKibana</code> |  |

docs/development/plugins/expressions/server/kibana-plugin-plugins-expressions-server.expressionfunctiondefinitions.derivative.md

@@ -0,0 +1,11 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-plugins-expressions-server](./kibana-plugin-plugins-expressions-server.md) &gt; [ExpressionFunctionDefinitions](./kibana-plugin-plugins-expressions-server.expressionfunctiondefinitions.md) &gt; [derivative](./kibana-plugin-plugins-expressions-server.expressionfunctiondefinitions.derivative.md)
+
+## ExpressionFunctionDefinitions.derivative property
+
+<b>Signature:</b>
+
+```typescript
+derivative: ExpressionFunctionDerivative;
+```

docs/development/plugins/expressions/server/kibana-plugin-plugins-expressions-server.expressionfunctiondefinitions.md

@@ -18,6 +18,7 @@ export interface ExpressionFunctionDefinitions
 |  --- | --- | --- |
 |  [clog](./kibana-plugin-plugins-expressions-server.expressionfunctiondefinitions.clog.md) | <code>ExpressionFunctionClog</code> |  |
 |  [cumulative\_sum](./kibana-plugin-plugins-expressions-server.expressionfunctiondefinitions.cumulative_sum.md) | <code>ExpressionFunctionCumulativeSum</code> |  |
+|  [derivative](./kibana-plugin-plugins-expressions-server.expressionfunctiondefinitions.derivative.md) | <code>ExpressionFunctionDerivative</code> |  |
 |  [font](./kibana-plugin-plugins-expressions-server.expressionfunctiondefinitions.font.md) | <code>ExpressionFunctionFont</code> |  |
 |  [kibana\_context](./kibana-plugin-plugins-expressions-server.expressionfunctiondefinitions.kibana_context.md) | <code>ExpressionFunctionKibanaContext</code> |  |
 |  [kibana](./kibana-plugin-plugins-expressions-server.expressionfunctiondefinitions.kibana.md) | <code>ExpressionFunctionKibana</code> |  |

package.json

@@ -77,6 +77,10 @@
     "url": "https://github.com/elastic/kibana.git"
   },
   "resolutions": {
+    "**/@hapi/iron": "^5.1.4",
+    "**/@types/hapi__boom": "^7.4.1",
+    "**/@types/hapi__hapi": "^18.2.6",
+    "**/@types/hapi__mimos": "4.1.0",
     "**/@types/node": ">=10.17.17 <10.20.0",
     "**/cross-fetch/node-fetch": "^2.6.1",
     "**/deepmerge": "^4.2.2",
@@ -110,19 +114,30 @@
       "**/grunt-*/**",
       "x-pack/typescript",
       "@elastic/eui/rehype-react",
+      "@elastic/eui/remark-parse",
       "@elastic/eui/remark-rehype",
-      "@elastic/eui/remark-rehype/**"
+      "@elastic/eui/remark-rehype/**",
+      "@elastic/eui/unified"
     ]
   },
   "dependencies": {
     "@elastic/datemath": "5.0.3",
     "@elastic/elasticsearch": "7.10.0-rc.1",
-    "@elastic/eui": "29.5.0",
+    "@elastic/eui": "30.1.1",
     "@elastic/good": "8.1.1-kibana2",
     "@elastic/numeral": "^2.5.0",
     "@elastic/request-crypto": "1.1.4",
     "@elastic/safer-lodash-set": "0.0.0",
+    "@hapi/boom": "^7.4.11",
+    "@hapi/cookie": "^10.1.2",
     "@hapi/good-squeeze": "5.2.1",
+    "@hapi/h2o2": "^8.3.2",
+    "@hapi/hapi": "^18.4.1",
+    "@hapi/hoek": "^8.5.1",
+    "@hapi/inert": "^5.2.2",
+    "@hapi/podium": "^3.4.3",
+    "@hapi/statehood": "^6.1.2",
+    "@hapi/vision": "^5.5.4",
     "@hapi/wreck": "^15.0.2",
     "@kbn/ace": "1.0.0",
     "@kbn/analytics": "1.0.0",
@@ -145,7 +160,6 @@
     "angular-elastic": "^2.5.1",
     "angular-sanitize": "^1.8.0",
     "bluebird": "3.5.5",
-    "boom": "^7.2.0",
     "chalk": "^4.1.0",
     "check-disk-space": "^2.1.0",
     "chokidar": "^3.4.2",
@@ -165,15 +179,10 @@
     "glob": "^7.1.2",
     "glob-all": "^3.2.1",
     "globby": "^8.0.1",
-    "h2o2": "^8.1.2",
     "handlebars": "4.7.6",
-    "hapi": "^17.5.3",
-    "hapi-auth-cookie": "^9.0.0",
     "hjson": "3.2.1",
-    "hoek": "^5.0.4",
     "http-proxy-agent": "^2.1.0",
     "https-proxy-agent": "^5.0.0",
-    "inert": "^5.1.0",
     "inline-style": "^2.0.0",
     "joi": "^13.5.2",
     "js-yaml": "^3.14.0",
@@ -218,7 +227,6 @@
     "tslib": "^2.0.0",
     "type-detect": "^4.0.8",
     "uuid": "3.3.2",
-    "vision": "^5.3.3",
     "whatwg-fetch": "^3.0.0",
     "yauzl": "^2.10.0"
   },
@@ -272,7 +280,6 @@
     "@types/archiver": "^3.1.0",
     "@types/babel__core": "^7.1.10",
     "@types/bluebird": "^3.1.1",
-    "@types/boom": "^7.2.0",
     "@types/chance": "^1.0.0",
     "@types/cheerio": "^0.22.10",
     "@types/chromedriver": "^81.0.0",
@@ -292,14 +299,16 @@
     "@types/glob": "^7.1.2",
     "@types/globby": "^8.0.0",
     "@types/graphql": "^0.13.2",
-    "@types/h2o2": "^8.1.1",
-    "@types/hapi": "^17.0.18",
-    "@types/hapi-auth-cookie": "^9.1.0",
+    "@types/hapi__boom": "^7.4.1",
+    "@types/hapi__cookie": "^10.1.1",
+    "@types/hapi__h2o2": "8.3.0",
+    "@types/hapi__hapi": "^18.2.6",
+    "@types/hapi__hoek": "^6.2.0",
+    "@types/hapi__inert": "^5.2.1",
+    "@types/hapi__podium": "^3.4.1",
     "@types/has-ansi": "^3.0.0",
     "@types/history": "^4.7.3",
     "@types/hjson": "^2.4.2",
-    "@types/hoek": "^4.1.3",
-    "@types/inert": "^5.1.2",
     "@types/jest": "^26.0.14",
     "@types/jest-when": "^2.7.1",
     "@types/joi": "^13.4.2",
@@ -324,7 +333,6 @@
     "@types/opn": "^5.1.0",
     "@types/pegjs": "^0.10.1",
     "@types/pngjs": "^3.4.0",
-    "@types/podium": "^1.0.0",
     "@types/prop-types": "^15.7.3",
     "@types/reach__router": "^1.2.6",
     "@types/react": "^16.9.36",

packages/kbn-ui-framework/package.json

@@ -31,7 +31,7 @@
   },
   "devDependencies": {
     "@babel/core": "^7.11.6",
-    "@elastic/eui": "29.5.0",
+    "@elastic/eui": "30.1.1",
     "@kbn/babel-preset": "1.0.0",
     "@kbn/optimizer": "1.0.0",
     "babel-loader": "^8.0.6",

packages/kbn-ui-shared-deps/package.json

@@ -10,7 +10,7 @@
   },
   "dependencies": {
     "@elastic/charts": "24.0.0",
-    "@elastic/eui": "29.5.0",
+    "@elastic/eui": "30.1.1",
     "@elastic/numeral": "^2.5.0",
     "@kbn/i18n": "1.0.0",
     "@kbn/monaco": "1.0.0",

src/core/public/public.api.md

@@ -6,7 +6,7 @@
 
 import { Action } from 'history';
 import { ApiResponse } from '@elastic/elasticsearch/lib/Transport';
-import Boom from 'boom';
+import Boom from '@hapi/boom';
 import { ConfigPath } from '@kbn/config';
 import { EnvironmentMode } from '@kbn/config';
 import { EuiBreadcrumb } from '@elastic/eui';

src/core/server/elasticsearch/legacy/errors.test.ts

@@ -17,7 +17,7 @@
  * under the License.
  */
 
-import Boom from 'boom';
+import Boom from '@hapi/boom';
 
 import { LegacyElasticsearchErrorHelpers } from './errors';
 

src/core/server/elasticsearch/legacy/errors.ts

@@ -17,7 +17,7 @@
  * under the License.
  */
 
-import Boom from 'boom';
+import Boom from '@hapi/boom';
 import { get } from 'lodash';
 
 const code = Symbol('ElasticsearchError');

src/core/server/http/base_path_proxy_server.ts

@@ -22,8 +22,8 @@ import { Agent as HttpsAgent, ServerOptions as TlsOptions } from 'https';
 
 import apm from 'elastic-apm-node';
 import { ByteSizeValue } from '@kbn/config-schema';
-import { Server, Request } from 'hapi';
-import HapiProxy from 'h2o2';
+import { Server, Request } from '@hapi/hapi';
+import HapiProxy from '@hapi/h2o2';
 import { sampleSize } from 'lodash';
 import * as Rx from 'rxjs';
 import { take } from 'rxjs/operators';

src/core/server/http/cookie_session_storage.ts

@@ -17,10 +17,10 @@
  * under the License.
  */
 
-import { Request, Server } from 'hapi';
-import hapiAuthCookie from 'hapi-auth-cookie';
+import { Request, Server } from '@hapi/hapi';
+import hapiAuthCookie from '@hapi/cookie';
 // @ts-expect-error no TS definitions
-import Statehood from 'statehood';
+import Statehood from '@hapi/statehood';
 
 import { KibanaRequest, ensureRawRequest } from './router';
 import { SessionStorageFactory, SessionStorage } from './session_storage';
@@ -80,7 +80,7 @@ class ScopedCookieSessionStorage<T extends Record<string, any>> implements Sessi
       const session = await this.server.auth.test('security-cookie', this.request);
       // A browser can send several cookies, if it's not an array, just return the session value
       if (!Array.isArray(session)) {
-        return session as T;
+        return session.credentials as T;
       }
 
       // If we have an array with one value, we're good also
@@ -141,20 +141,22 @@ export async function createCookieSessionStorageFactory<T>(
   await server.register({ plugin: hapiAuthCookie });
 
   server.auth.strategy('security-cookie', 'cookie', {
-    cookie: cookieOptions.name,
-    password: cookieOptions.encryptionKey,
-    validateFunc: async (req, session: T | T[]) => {
+    cookie: {
+      name: cookieOptions.name,
+      password: cookieOptions.encryptionKey,
+      isSecure: cookieOptions.isSecure,
+      path: basePath === undefined ? '/' : basePath,
+      clearInvalid: false,
+      isHttpOnly: true,
+      isSameSite: cookieOptions.sameSite === 'None' ? false : cookieOptions.sameSite ?? false,
+    },
+    validateFunc: async (req: Request, session: T | T[]) => {
       const result = cookieOptions.validate(session);
       if (!result.isValid) {
         clearInvalidCookie(req, result.path);
       }
       return { valid: result.isValid };
     },
-    isSecure: cookieOptions.isSecure,
-    path: basePath,
-    clearInvalid: false,
-    isHttpOnly: true,
-    isSameSite: cookieOptions.sameSite === 'None' ? false : cookieOptions.sameSite ?? false,
   });
 
   // A hack to support SameSite: 'None'.

src/core/server/http/http_server.mocks.ts

@@ -16,8 +16,8 @@
  * specific language governing permissions and limitations
  * under the License.
  */
-import { parse as parseUrl } from 'url';
-import { Request } from 'hapi';
+import { URL, format as formatUrl } from 'url';
+import { Request } from '@hapi/hapi';
 import { merge } from 'lodash';
 import { Socket } from 'net';
 import { stringify } from 'query-string';
@@ -73,7 +73,7 @@ function createKibanaRequestMock<P = any, Q = any, B = any>({
   auth = { isAuthenticated: true },
 }: RequestFixtureOptions<P, Q, B> = {}) {
   const queryString = stringify(query, { sort: false });
-  const url = parseUrl(`${path}${queryString ? `?${queryString}` : ''}`);
+  const url = new URL(`${path}${queryString ? `?${queryString}` : ''}`, 'http://localhost');
 
   return KibanaRequest.from<P, Q, B>(
     createRawRequestMock({
@@ -87,6 +87,9 @@ function createKibanaRequestMock<P = any, Q = any, B = any>({
       method,
       url,
       route: {
+        // @ts-expect-error According to types/hapi__hapi the following settings-fields have problems:
+        // - `auth` can't be a boolean, but it can according to the @hapi/hapi source (https://github.com/hapijs/hapi/blob/v18.4.2/lib/route.js#L139)
+        // - `app` isn't a valid property, but it is and this was fixed in the types in v19.0.1 (https://github.com/DefinitelyTyped/DefinitelyTyped/pull/41968)
         settings: { tags: routeTags, auth: routeAuthRequired, app: kibanaRouteOptions },
       },
       raw: {
@@ -120,9 +123,11 @@ type DeepPartialObject<T> = { [P in keyof T]+?: DeepPartial<T[P]> };
 function createRawRequestMock(customization: DeepPartial<Request> = {}) {
   const pathname = customization.url?.pathname || '/';
   const path = `${pathname}${customization.url?.search || ''}`;
-  const url = Object.assign({ pathname, path, href: path }, customization.url);
+  const url = new URL(
+    formatUrl(Object.assign({ pathname, path, href: path }, customization.url)),
+    'http://localhost'
+  );
 
-  // @ts-expect-error _core isn't supposed to be accessed - remove once we upgrade to hapi v18
   return merge(
     {},
     {
@@ -140,12 +145,6 @@ function createRawRequestMock(customization: DeepPartial<Request> = {}) {
           socket: {},
         },
       },
-      // TODO: Remove once we upgrade to hapi v18
-      _core: {
-        info: {
-          uri: 'http://localhost',
-        },
-      },
     },
     customization
   ) as Request;