Skip to content

Commit

Permalink
Merge remote-tracking branch 'upstream/master' into 106510
Browse files Browse the repository at this point in the history
  • Loading branch information
alexwizp committed Sep 1, 2021
2 parents c7cd802 + 16af3e9 commit ca072c7
Show file tree
Hide file tree
Showing 318 changed files with 7,378 additions and 3,787 deletions.
2 changes: 2 additions & 0 deletions .ci/Jenkinsfile_baseline_trigger
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
#!/bin/groovy

return

def MAXIMUM_COMMITS_TO_CHECK = 10
def MAXIMUM_COMMITS_TO_BUILD = 5

Expand Down
3 changes: 3 additions & 0 deletions .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
Expand Up @@ -439,6 +439,9 @@
/x-pack/test/reporting_api_integration/ @elastic/kibana-reporting-services @elastic/kibana-app-services
/x-pack/test/reporting_functional/ @elastic/kibana-reporting-services @elastic/kibana-app-services
/x-pack/test/stack_functional_integration/apps/reporting/ @elastic/kibana-reporting-services @elastic/kibana-app-services
/docs/user/reporting @elastic/kibana-reporting-services @elastic/kibana-app-services
/docs/settings/reporting-settings.asciidoc @elastic/kibana-reporting-services @elastic/kibana-app-services
/docs/setup/configuring-reporting.asciidoc @elastic/kibana-reporting-services @elastic/kibana-app-services
#CC# /x-pack/plugins/reporting/ @elastic/kibana-reporting-services


2 changes: 1 addition & 1 deletion .node-version
Original file line number Diff line number Diff line change
@@ -1 +1 @@
14.17.5
14.17.6
2 changes: 1 addition & 1 deletion .nvmrc
Original file line number Diff line number Diff line change
@@ -1 +1 @@
14.17.5
14.17.6
12 changes: 6 additions & 6 deletions WORKSPACE.bazel
Original file line number Diff line number Diff line change
Expand Up @@ -27,13 +27,13 @@ check_rules_nodejs_version(minimum_version_string = "3.8.0")
# we can update that rule.
node_repositories(
node_repositories = {
"14.17.5-darwin_amd64": ("node-v14.17.5-darwin-x64.tar.gz", "node-v14.17.5-darwin-x64", "2e40ab625b45b9bdfcb963ddd4d65d87ddf1dd37a86b6f8b075cf3d77fe9dc09"),
"14.17.5-linux_arm64": ("node-v14.17.5-linux-arm64.tar.xz", "node-v14.17.5-linux-arm64", "3a2e674b6db50dfde767c427e8f077235bbf6f9236e1b12a4cc3496b12f94bae"),
"14.17.5-linux_s390x": ("node-v14.17.5-linux-s390x.tar.xz", "node-v14.17.5-linux-s390x", "7d40eee3d54241403db12fb3bc420cd776e2b02e89100c45cf5e74a73942e7f6"),
"14.17.5-linux_amd64": ("node-v14.17.5-linux-x64.tar.xz", "node-v14.17.5-linux-x64", "2d759de07a50cd7f75bd73d67e97b0d0e095ee3c413efac7d1b3d1e84ed76fff"),
"14.17.5-windows_amd64": ("node-v14.17.5-win-x64.zip", "node-v14.17.5-win-x64", "a99b7ee08e846e5d1f4e70c4396265542819d79ed9cebcc27760b89571f03cbf"),
"14.17.6-darwin_amd64": ("node-v14.17.6-darwin-x64.tar.gz", "node-v14.17.6-darwin-x64", "e3e4c02240d74fb1dc8a514daa62e5de04f7eaee0bcbca06a366ece73a52ad88"),
"14.17.6-linux_arm64": ("node-v14.17.6-linux-arm64.tar.xz", "node-v14.17.6-linux-arm64", "9c4f3a651e03cd9b5bddd33a80e8be6a6eb15e518513e410bb0852a658699156"),
"14.17.6-linux_s390x": ("node-v14.17.6-linux-s390x.tar.xz", "node-v14.17.6-linux-s390x", "3677f35b97608056013b5368f86eecdb044bdccc1b3976c1d4448736c37b6a0c"),
"14.17.6-linux_amd64": ("node-v14.17.6-linux-x64.tar.xz", "node-v14.17.6-linux-x64", "3bbe4faf356738d88b45be222bf5e858330541ff16bd0d4cfad36540c331461b"),
"14.17.6-windows_amd64": ("node-v14.17.6-win-x64.zip", "node-v14.17.6-win-x64", "b83e9ce542fda7fc519cec6eb24a2575a84862ea4227dedc171a8e0b5b614ac0"),
},
node_version = "14.17.5",
node_version = "14.17.6",
node_urls = [
"https://nodejs.org/dist/v{version}/{filename}",
],
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -128,6 +128,7 @@ readonly links: {
readonly rollupJobs: string;
readonly elasticsearch: Record<string, string>;
readonly siem: {
readonly privileges: string;
readonly guide: string;
readonly gettingStarted: string;
readonly ml: string;
Expand Down

Large diffs are not rendered by default.

11 changes: 7 additions & 4 deletions docs/management/advanced-options.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -186,7 +186,7 @@ Set to `true` to enable a dark mode for the {kib} UI. You must refresh the page
to apply the setting.

[[theme-version]]`theme:version`::
Specifies the {kib} theme. If you change the setting, refresh the page to apply the setting.
Specifies the {kib} theme. If you change the setting, refresh the page to apply the setting.

[[timepicker-quickranges]]`timepicker:quickRanges`::
The list of ranges to show in the Quick section of the time filter. This should
Expand Down Expand Up @@ -214,7 +214,7 @@ truncation.
When enabled, provides access to the experimental *Labs* features for *Canvas*.

[[labs-dashboard-defer-below-fold]]`labs:dashboard:deferBelowFold`::
When enabled, the panels that appear below the fold are loaded when they become visible on the dashboard.
When enabled, the panels that appear below the fold are loaded when they become visible on the dashboard.
_Below the fold_ refers to panels that are not immediately visible when you open a dashboard, but become visible as you scroll. For additional information, refer to <<defer-loading-panels-below-the-fold,Improve dashboard loading time>>.

[[labs-dashboard-enable-ui]]`labs:dashboard:enable_ui`::
Expand All @@ -240,7 +240,7 @@ Banners are a https://www.elastic.co/subscriptions[subscription feature].

[horizontal]
[[banners-placement]]`banners:placement`::
Set to `Top` to display a banner above the Elastic header for this space. Defaults to the value of
Set to `Top` to display a banner above the Elastic header for this space. Defaults to the value of
the `xpack.banners.placement` configuration property.

[[banners-textcontent]]`banners:textContent`::
Expand Down Expand Up @@ -443,6 +443,9 @@ The threshold above which {ml} job anomalies are displayed in the {security-app}
A comma-delimited list of {es} indices from which the {security-app} collects
events.

[[securitysolution-threatindices]]`securitySolution:defaultThreatIndex`::
A comma-delimited list of Threat Intelligence indices from which the {security-app} collects indicators.

[[securitysolution-enablenewsfeed]]`securitySolution:enableNewsFeed`:: Enables
the security news feed on the Security *Overview* page.

Expand Down Expand Up @@ -544,4 +547,4 @@ only production-ready visualizations are available to users.
[horizontal]
[[telemetry-enabled-advanced-setting]]`telemetry:enabled`::
When enabled, helps improve the Elastic Stack by providing usage statistics for
basic features. This data will not be shared outside of Elastic.
basic features. This data will not be shared outside of Elastic.
13 changes: 6 additions & 7 deletions docs/settings/reporting-settings.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -281,16 +281,15 @@ NOTE: This setting exists for backwards compatibility, but is unused and hardcod
[[reporting-advanced-settings]]
==== Security settings

[[xpack-reporting-roles-enabled]] `xpack.reporting.roles.enabled`::
deprecated:[7.14.0,This setting must be set to `false` in 8.0.] When `true`, grants users access to the {report-features} by assigning reporting roles, specified by `xpack.reporting.roles.allow`. Granting access to users this way is deprecated. Set to `false` and use {kibana-ref}/kibana-privileges.html[{kib} privileges] instead. Defaults to `true`.
With Security enabled, Reporting has two forms of access control: each user can only access their own reports, and custom roles determine who has privilege to generate reports. When Reporting is configured with <<kibana-privileges, {kib} application privileges>>, you can control the spaces and applications where users are allowed to generate reports.

[NOTE]
============================================================================
In 7.x, the default value of `xpack.reporting.roles.enabled` is `true`. To migrate users to the
new method of securing access to *Reporting*, you must set `xpack.reporting.roles.enabled: false`. In the next major version of {kib}, `false` will be the only valid configuration.
The `xpack.reporting.roles` settings are for a deprecated system of access control in Reporting. It does not allow API Keys to generate reports, and it doesn't allow {kib} application privileges. We recommend you explicitly turn off reporting's deprecated access control feature by adding `xpack.reporting.roles.enabled: false` in kibana.yml. This will enable application privileges for reporting, as described in <<grant-user-access, granting users access to reporting>>.
============================================================================

`xpack.reporting.roles.allow`::
deprecated:[7.14.0,This setting will be removed in 8.0.] Specifies the roles, in addition to superusers, that can generate reports, using the {ref}/security-api.html#security-role-apis[{es} role management APIs]. Requires `xpack.reporting.roles.enabled` to be `true`. Granting access to users this way is deprecated. Use {kibana-ref}/kibana-privileges.html[{kib} privileges] instead. Defaults to `[ "reporting_user" ]`.
[[xpack-reporting-roles-enabled]] `xpack.reporting.roles.enabled`::
deprecated:[7.14.0,The default for this setting will be `false` in an upcoming version of {kib}.] Sets access control to a set of assigned reporting roles, specified by `xpack.reporting.roles.allow`. Defaults to `true`.

NOTE: Each user has access to only their own reports.
`xpack.reporting.roles.allow`::
deprecated:[7.14.0] In addition to superusers, specifies the roles that can generate reports using the {ref}/security-api.html#security-role-apis[{es} role management APIs]. Requires `xpack.reporting.roles.enabled` to be `true`. Defaults to `[ "reporting_user" ]`.
17 changes: 12 additions & 5 deletions docs/setup/configuring-reporting.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -41,11 +41,16 @@ To troubleshoot the problem, start the {kib} server with environment variables t
[float]
[[grant-user-access]]
=== Grant users access to reporting
When security is enabled, you grant users access to generate reports with <<kibana-privileges, {kib} application privileges>>, which allow you to create custom roles that control the spaces and applications where users generate reports.

When security is enabled, access to the {report-features} is controlled by roles and <<kibana-privileges, privileges>>. With privileges, you can define custom roles that grant *Reporting* privileges as sub-features of {kib} applications. To grant users permission to generate reports and view their reports in *Reporting*, create and assign the reporting role.

[[reporting-app-users]]
NOTE: In 7.12.0 and earlier, you grant access to the {report-features} by assigning users the `reporting_user` role in {es}.
. Enable application privileges in Reporting. To enable, turn off the default user access control features in `kibana.yml`:
+
[source,yaml]
------------------------------------
xpack.reporting.roles.enabled: false
------------------------------------
+
NOTE: If you use the default settings, you can still create a custom role that grants reporting privileges. The default role is `reporting_user`. This behavior is being deprecated and does not allow application-level access controls for {report-features}, and does not allow API keys or authentication tokens to authorize report generation. Refer to <<reporting-advanced-settings, reporting security settings>> for information and caveats about the deprecated access control features.

. Create the reporting role.

Expand Down Expand Up @@ -90,10 +95,12 @@ If the *Reporting* option is unavailable, contact your administrator, or <<repor

.. Click *Update user*.

Granting the privilege to generate reports also grants the user the privilege to view their reports in *Stack Management > Reporting*. Users can only access their own reports.

[float]
[[reporting-roles-user-api]]
==== Grant access with the role API
You can also use the {ref}/security-api-put-role.html[role API] to grant access to the reporting features. Grant the reporting role to users in combination with other roles that grant read access to the data in {es}, and at least read access in the applications where users can generate reports.
With <<grant-user-access, {kib} application privileges>> enabled in Reporting, you can also use the {ref}/security-api-put-role.html[role API] to grant access to the {report-features}. Grant custom reporting roles to users in combination with other roles that grant read access to the data in {es}, and at least read access in the applications where users can generate reports.

[source, sh]
---------------------------------------------------------------
Expand Down
4 changes: 3 additions & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@
"**/underscore": "^1.13.1"
},
"engines": {
"node": "14.17.5",
"node": "14.17.6",
"yarn": "^1.21.1"
},
"dependencies": {
Expand Down Expand Up @@ -655,6 +655,7 @@
"@types/yauzl": "^2.9.1",
"@types/zen-observable": "^0.8.0",
"@typescript-eslint/eslint-plugin": "^4.14.1",
"@typescript-eslint/typescript-estree": "^4.14.1",
"@typescript-eslint/parser": "^4.14.1",
"@yarnpkg/lockfile": "^1.1.0",
"abab": "^2.0.4",
Expand Down Expand Up @@ -725,6 +726,7 @@
"eslint-plugin-react": "^7.20.3",
"eslint-plugin-react-hooks": "^4.2.0",
"eslint-plugin-react-perf": "^3.2.3",
"eslint-traverse": "^1.0.0",
"expose-loader": "^0.7.5",
"faker": "^5.1.0",
"fancy-log": "^1.3.2",
Expand Down
2 changes: 2 additions & 0 deletions packages/elastic-eslint-config-kibana/.eslintrc.js
Original file line number Diff line number Diff line change
Expand Up @@ -90,5 +90,7 @@ module.exports = {
},
],
],

'@kbn/eslint/no_async_promise_body': 'error',
},
};
1 change: 1 addition & 0 deletions packages/kbn-eslint-plugin-eslint/index.js
Original file line number Diff line number Diff line change
Expand Up @@ -12,5 +12,6 @@ module.exports = {
'disallow-license-headers': require('./rules/disallow_license_headers'),
'no-restricted-paths': require('./rules/no_restricted_paths'),
module_migration: require('./rules/module_migration'),
no_async_promise_body: require('./rules/no_async_promise_body'),
},
};
165 changes: 165 additions & 0 deletions packages/kbn-eslint-plugin-eslint/rules/no_async_promise_body.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,165 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0 and the Server Side Public License, v 1; you may not use this file except
* in compliance with, at your election, the Elastic License 2.0 or the Server
* Side Public License, v 1.
*/

const { parseExpression } = require('@babel/parser');
const { default: generate } = require('@babel/generator');
const tsEstree = require('@typescript-eslint/typescript-estree');
const traverse = require('eslint-traverse');
const esTypes = tsEstree.AST_NODE_TYPES;
const babelTypes = require('@babel/types');

/** @typedef {import("eslint").Rule.RuleModule} Rule */
/** @typedef {import("@typescript-eslint/parser").ParserServices} ParserServices */
/** @typedef {import("@typescript-eslint/typescript-estree").TSESTree.Expression} Expression */
/** @typedef {import("@typescript-eslint/typescript-estree").TSESTree.ArrowFunctionExpression} ArrowFunctionExpression */
/** @typedef {import("@typescript-eslint/typescript-estree").TSESTree.FunctionExpression} FunctionExpression */
/** @typedef {import("@typescript-eslint/typescript-estree").TSESTree.TryStatement} TryStatement */
/** @typedef {import("@typescript-eslint/typescript-estree").TSESTree.NewExpression} NewExpression */
/** @typedef {import("typescript").ExportDeclaration} ExportDeclaration */
/** @typedef {import("eslint").Rule.RuleFixer} Fixer */

const ERROR_MSG =
'Passing an async function to the Promise constructor leads to a hidden promise being created and prevents handling rejections';

/**
* @param {Expression} node
*/
const isPromise = (node) => node.type === esTypes.Identifier && node.name === 'Promise';

/**
* @param {Expression} node
* @returns {node is ArrowFunctionExpression | FunctionExpression}
*/
const isFunc = (node) =>
node.type === esTypes.ArrowFunctionExpression || node.type === esTypes.FunctionExpression;

/**
* @param {any} context
* @param {ArrowFunctionExpression | FunctionExpression} node
*/
const isFuncBodySafe = (context, node) => {
// if the body isn't wrapped in a blockStatement it can't have a try/catch at the root
if (node.body.type !== esTypes.BlockStatement) {
return false;
}

// when the entire body is wrapped in a try/catch it is the only node
if (node.body.body.length !== 1) {
return false;
}

const tryNode = node.body.body[0];
// ensure we have a try node with a handler
if (tryNode.type !== esTypes.TryStatement || !tryNode.handler) {
return false;
}

// ensure the handler doesn't throw
let hasThrow = false;
traverse(context, tryNode.handler, (path) => {
if (path.node.type === esTypes.ThrowStatement) {
hasThrow = true;
return traverse.STOP;
}
});
return !hasThrow;
};

/**
* @param {string} code
*/
const wrapFunctionInTryCatch = (code) => {
// parse the code with babel so we can mutate the AST
const ast = parseExpression(code, {
plugins: ['typescript', 'jsx'],
});

// validate that the code reperesents an arrow or function expression
if (!babelTypes.isArrowFunctionExpression(ast) && !babelTypes.isFunctionExpression(ast)) {
throw new Error('expected function to be an arrow or function expression');
}

// ensure that the function receives the second argument, and capture its name if already defined
let rejectName = 'reject';
if (ast.params.length === 0) {
ast.params.push(babelTypes.identifier('resolve'), babelTypes.identifier(rejectName));
} else if (ast.params.length === 1) {
ast.params.push(babelTypes.identifier(rejectName));
} else if (ast.params.length === 2) {
if (babelTypes.isIdentifier(ast.params[1])) {
rejectName = ast.params[1].name;
} else {
throw new Error('expected second param of promise definition function to be an identifier');
}
}

// ensure that the body of the function is a blockStatement
let block = ast.body;
if (!babelTypes.isBlockStatement(block)) {
block = babelTypes.blockStatement([babelTypes.returnStatement(block)]);
}

// redefine the body of the function as a new blockStatement containing a tryStatement
// which catches errors and forwards them to reject() when caught
ast.body = babelTypes.blockStatement([
// try {
babelTypes.tryStatement(
block,
// catch (error) {
babelTypes.catchClause(
babelTypes.identifier('error'),
babelTypes.blockStatement([
// reject(error)
babelTypes.expressionStatement(
babelTypes.callExpression(babelTypes.identifier(rejectName), [
babelTypes.identifier('error'),
])
),
])
)
),
]);

return generate(ast).code;
};

/** @type {Rule} */
module.exports = {
meta: {
fixable: 'code',
schema: [],
},
create: (context) => ({
NewExpression(_) {
const node = /** @type {NewExpression} */ (_);

// ensure we are newing up a promise with a single argument
if (!isPromise(node.callee) || node.arguments.length !== 1) {
return;
}

const func = node.arguments[0];
// ensure the argument is an arrow or function expression and is async
if (!isFunc(func) || !func.async) {
return;
}

// body must be a blockStatement, try/catch can't exist outside of a block
if (!isFuncBodySafe(context, func)) {
context.report({
message: ERROR_MSG,
loc: func.loc,
fix(fixer) {
const source = context.getSourceCode();
return fixer.replaceText(func, wrapFunctionInTryCatch(source.getText(func)));
},
});
}
},
}),
};
Loading

0 comments on commit ca072c7

Please sign in to comment.