Merge remote-tracking branch 'upstream/master' into logs-ui-server-np…

…-shim

.ci/end2end.groovy

@@ -0,0 +1,125 @@
+#!/usr/bin/env groovy
+
+library identifier: 'apm@current',
+retriever: modernSCM(
+  [$class: 'GitSCMSource',
+  credentialsId: 'f94e9298-83ae-417e-ba91-85c279771570',
+  id: '37cf2c00-2cc7-482e-8c62-7bbffef475e2',
+  remote: 'git@github.com:elastic/apm-pipeline-library.git'])
+
+pipeline {
+  agent { label 'linux && immutable' }
+  environment {
+    BASE_DIR = 'src/github.com/elastic/kibana'
+    HOME = "${env.WORKSPACE}"
+    APM_ITS = 'apm-integration-testing'
+    CYPRESS_DIR = 'x-pack/legacy/plugins/apm/cypress'
+    PIPELINE_LOG_LEVEL = 'DEBUG'
+  }
+  options {
+    timeout(time: 1, unit: 'HOURS')
+    buildDiscarder(logRotator(numToKeepStr: '40', artifactNumToKeepStr: '20', daysToKeepStr: '30'))
+    timestamps()
+    ansiColor('xterm')
+    disableResume()
+    durabilityHint('PERFORMANCE_OPTIMIZED')
+  }
+  triggers {
+    issueCommentTrigger('(?i).*jenkins\\W+run\\W+(?:the\\W+)?e2e(?:\\W+please)?.*')
+  }
+  parameters {
+    booleanParam(name: 'FORCE', defaultValue: false, description: 'Whether to force the run.')
+  }
+  stages {
+    stage('Checkout') {
+      options { skipDefaultCheckout() }
+      steps {
+        deleteDir()
+        gitCheckout(basedir: "${BASE_DIR}", githubNotifyFirstTimeContributor: false,
+                    shallow: false, reference: "/var/lib/jenkins/.git-references/kibana.git")
+        script {
+          dir("${BASE_DIR}"){
+            def regexps =[ "^x-pack/legacy/plugins/apm/.*" ]
+            env.APM_UPDATED = isGitRegionMatch(patterns: regexps)
+          }
+        }
+        dir("${APM_ITS}"){
+          git changelog: false,
+              credentialsId: 'f6c7695a-671e-4f4f-a331-acdce44ff9ba',
+              poll: false,
+              url: "git@github.com:elastic/${APM_ITS}.git"
+        }
+      }
+    }
+    stage('Start services') {
+      options { skipDefaultCheckout() }
+      when {
+        anyOf {
+          expression { return params.FORCE }
+          expression { return env.APM_UPDATED != "false" }
+        }
+      }
+      steps {
+        dir("${APM_ITS}"){
+          sh './scripts/compose.py start master --no-kibana --no-xpack-secure'
+        }
+      }
+    }
+    stage('Prepare Kibana') {
+      options { skipDefaultCheckout() }
+      when {
+        anyOf {
+          expression { return params.FORCE }
+          expression { return env.APM_UPDATED != "false" }
+        }
+      }
+      environment {
+        JENKINS_NODE_COOKIE = 'dontKillMe'
+      }
+      steps {
+        dir("${BASE_DIR}"){
+          sh script: "${CYPRESS_DIR}/ci/prepare-kibana.sh"
+        }
+      }
+    }
+    stage('Smoke Tests'){
+      options { skipDefaultCheckout() }
+      when {
+        anyOf {
+          expression { return params.FORCE }
+          expression { return env.APM_UPDATED != "false" }
+        }
+      }
+      steps{
+        dir("${BASE_DIR}"){
+          sh '''
+            jobs -l
+            docker build --tag cypress ${CYPRESS_DIR}/ci
+            docker run --rm -t --user "$(id -u):$(id -g)" \
+                    -v `pwd`:/app --network="host" \
+                    --name cypress cypress'''
+        }
+      }
+      post {
+        always {
+          dir("${BASE_DIR}"){
+            archiveArtifacts(allowEmptyArchive: false, artifacts: "${CYPRESS_DIR}/screenshots/**,${CYPRESS_DIR}/videos/**,${CYPRESS_DIR}/*e2e-tests.xml")
+            junit(allowEmptyResults: true, testResults: "${CYPRESS_DIR}/*e2e-tests.xml")
+          }
+          dir("${APM_ITS}"){
+            sh 'docker-compose logs > apm-its.log || true'
+            sh 'docker-compose down -v || true'
+            archiveArtifacts(allowEmptyArchive: false, artifacts: 'apm-its.log')
+          }
+        }
+      }
+    }
+  }
+  post {
+    always {
+      dir("${BASE_DIR}"){
+        archiveArtifacts(allowEmptyArchive: true, artifacts: "${CYPRESS_DIR}/ingest-data.log,kibana.log")
+      }
+    }
+  }
+}

.github/CODEOWNERS

@@ -5,6 +5,7 @@
 # App
 /x-pack/legacy/plugins/lens/ @elastic/kibana-app
 /x-pack/legacy/plugins/graph/ @elastic/kibana-app
+/src/legacy/server/sample_data/ @elastic/kibana-app
 
 # App Architecture
 /src/plugins/data/ @elastic/kibana-app-arch
@@ -66,14 +67,25 @@
 /packages/kbn-es/ @elastic/kibana-operations
 /packages/kbn-pm/ @elastic/kibana-operations
 /packages/kbn-test/ @elastic/kibana-operations
+/src/legacy/server/keystore/ @elastic/kibana-operations
+/src/legacy/server/pid/ @elastic/kibana-operations
+/src/legacy/server/sass/ @elastic/kibana-operations
+/src/legacy/server/utils/ @elastic/kibana-operations
+/src/legacy/server/warnings/ @elastic/kibana-operations
 
 # Platform
 /src/core/  @elastic/kibana-platform
-/src/legacy/server/saved_objects/  @elastic/kibana-platform
 /config/kibana.yml @elastic/kibana-platform
 /x-pack/plugins/features/  @elastic/kibana-platform
 /x-pack/plugins/licensing/  @elastic/kibana-platform
 /packages/kbn-config-schema/ @elastic/kibana-platform
+/src/legacy/server/config/ @elastic/kibana-platform
+/src/legacy/server/csp/ @elastic/kibana-platform
+/src/legacy/server/http/ @elastic/kibana-platform
+/src/legacy/server/i18n/ @elastic/kibana-platform
+/src/legacy/server/logging/ @elastic/kibana-platform
+/src/legacy/server/saved_objects/  @elastic/kibana-platform
+/src/legacy/server/status/ @elastic/kibana-platform
 
 # Security
 /x-pack/legacy/plugins/security/  @elastic/kibana-security

CONTRIBUTING.md

@@ -387,6 +387,14 @@ To activate the APM agent, use the [`active`](https://www.elastic.co/guide/en/ap
 All config options can be set either via environment variables, or by creating an appropriate config file under `config/apm.dev.js`.
 For more information about configuring the APM agent, please refer to [the documentation](https://www.elastic.co/guide/en/apm/agent/nodejs/current/configuring-the-agent.html).
 
+Example `config/apm.dev.js` file:
+
+```js
+module.exports = {
+  active: true,
+};
+```
+
 Once the agent is active, it will trace all incoming HTTP requests to Kibana, monitor for errors, and collect process-level metrics.
 The collected data will be sent to the APM Server and is viewable in the APM UI in Kibana.
 

docs/development/core/public/kibana-plugin-public.chromestart.md

@@ -39,6 +39,7 @@ export interface ChromeStart
 |  [setBrand(brand)](./kibana-plugin-public.chromestart.setbrand.md) | Set the brand configuration. |
 |  [setBreadcrumbs(newBreadcrumbs)](./kibana-plugin-public.chromestart.setbreadcrumbs.md) | Override the current set of breadcrumbs |
 |  [setHelpExtension(helpExtension)](./kibana-plugin-public.chromestart.sethelpextension.md) | Override the current set of custom help content |
+|  [setHelpSupportUrl(url)](./kibana-plugin-public.chromestart.sethelpsupporturl.md) | Override the default support URL shown in the help menu |
 |  [setIsCollapsed(isCollapsed)](./kibana-plugin-public.chromestart.setiscollapsed.md) | Set the collapsed state of the chrome navigation. |
 |  [setIsVisible(isVisible)](./kibana-plugin-public.chromestart.setisvisible.md) | Set the temporary visibility for the chrome. This does nothing if the chrome is hidden by default and should be used to hide the chrome for things like full-screen modes with an exit button. |
 

docs/development/core/public/kibana-plugin-public.chromestart.sethelpsupporturl.md

@@ -0,0 +1,24 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-public](./kibana-plugin-public.md) &gt; [ChromeStart](./kibana-plugin-public.chromestart.md) &gt; [setHelpSupportUrl](./kibana-plugin-public.chromestart.sethelpsupporturl.md)
+
+## ChromeStart.setHelpSupportUrl() method
+
+Override the default support URL shown in the help menu
+
+<b>Signature:</b>
+
+```typescript
+setHelpSupportUrl(url: string): void;
+```
+
+## Parameters
+
+|  Parameter | Type | Description |
+|  --- | --- | --- |
+|  url | <code>string</code> |  |
+
+<b>Returns:</b>
+
+`void`
+

docs/development/core/public/kibana-plugin-public.savedobjectsclient.find.md

@@ -9,5 +9,5 @@ Search for objects
 <b>Signature:</b>
 
 ```typescript
-find: <T extends SavedObjectAttributes>(options: Pick<SavedObjectFindOptionsServer, "search" | "filter" | "type" | "fields" | "searchFields" | "defaultSearchOperator" | "hasReference" | "sortField" | "page" | "perPage">) => Promise<SavedObjectsFindResponsePublic<T>>;
+find: <T extends SavedObjectAttributes>(options: Pick<SavedObjectFindOptionsServer, "search" | "filter" | "type" | "page" | "fields" | "searchFields" | "defaultSearchOperator" | "hasReference" | "sortField" | "perPage">) => Promise<SavedObjectsFindResponsePublic<T>>;
 ```

docs/development/core/public/kibana-plugin-public.savedobjectsclient.md

@@ -20,7 +20,7 @@ export declare class SavedObjectsClient
 |  [bulkGet](./kibana-plugin-public.savedobjectsclient.bulkget.md) |  | <code>(objects?: {</code><br/><code>        id: string;</code><br/><code>        type: string;</code><br/><code>    }[]) =&gt; Promise&lt;SavedObjectsBatchResponse&lt;SavedObjectAttributes&gt;&gt;</code> | Returns an array of objects by id |
 |  [create](./kibana-plugin-public.savedobjectsclient.create.md) |  | <code>&lt;T extends SavedObjectAttributes&gt;(type: string, attributes: T, options?: SavedObjectsCreateOptions) =&gt; Promise&lt;SimpleSavedObject&lt;T&gt;&gt;</code> | Persists an object |
 |  [delete](./kibana-plugin-public.savedobjectsclient.delete.md) |  | <code>(type: string, id: string) =&gt; Promise&lt;{}&gt;</code> | Deletes an object |
-|  [find](./kibana-plugin-public.savedobjectsclient.find.md) |  | <code>&lt;T extends SavedObjectAttributes&gt;(options: Pick&lt;SavedObjectFindOptionsServer, &quot;search&quot; &#124; &quot;filter&quot; &#124; &quot;type&quot; &#124; &quot;fields&quot; &#124; &quot;searchFields&quot; &#124; &quot;defaultSearchOperator&quot; &#124; &quot;hasReference&quot; &#124; &quot;sortField&quot; &#124; &quot;page&quot; &#124; &quot;perPage&quot;&gt;) =&gt; Promise&lt;SavedObjectsFindResponsePublic&lt;T&gt;&gt;</code> | Search for objects |
+|  [find](./kibana-plugin-public.savedobjectsclient.find.md) |  | <code>&lt;T extends SavedObjectAttributes&gt;(options: Pick&lt;SavedObjectFindOptionsServer, &quot;search&quot; &#124; &quot;filter&quot; &#124; &quot;type&quot; &#124; &quot;page&quot; &#124; &quot;fields&quot; &#124; &quot;searchFields&quot; &#124; &quot;defaultSearchOperator&quot; &#124; &quot;hasReference&quot; &#124; &quot;sortField&quot; &#124; &quot;perPage&quot;&gt;) =&gt; Promise&lt;SavedObjectsFindResponsePublic&lt;T&gt;&gt;</code> | Search for objects |
 |  [get](./kibana-plugin-public.savedobjectsclient.get.md) |  | <code>&lt;T extends SavedObjectAttributes&gt;(type: string, id: string) =&gt; Promise&lt;SimpleSavedObject&lt;T&gt;&gt;</code> | Fetches a single object |
 
 ## Methods

docs/development/core/server/kibana-plugin-server.plugininitializercontext.config.md

@@ -8,6 +8,9 @@
 
 ```typescript
 config: {
+        legacy: {
+            globalConfig$: Observable<SharedGlobalConfig>;
+        };
         create: <T = ConfigSchema>() => Observable<T>;
         createIfExists: <T = ConfigSchema>() => Observable<T | undefined>;
     };

docs/development/core/server/kibana-plugin-server.plugininitializercontext.md

@@ -16,7 +16,7 @@ export interface PluginInitializerContext<ConfigSchema = unknown>
 
 |  Property | Type | Description |
 |  --- | --- | --- |
-|  [config](./kibana-plugin-server.plugininitializercontext.config.md) | <code>{</code><br/><code>        create: &lt;T = ConfigSchema&gt;() =&gt; Observable&lt;T&gt;;</code><br/><code>        createIfExists: &lt;T = ConfigSchema&gt;() =&gt; Observable&lt;T &#124; undefined&gt;;</code><br/><code>    }</code> |  |
+|  [config](./kibana-plugin-server.plugininitializercontext.config.md) | <code>{</code><br/><code>        legacy: {</code><br/><code>            globalConfig$: Observable&lt;SharedGlobalConfig&gt;;</code><br/><code>        };</code><br/><code>        create: &lt;T = ConfigSchema&gt;() =&gt; Observable&lt;T&gt;;</code><br/><code>        createIfExists: &lt;T = ConfigSchema&gt;() =&gt; Observable&lt;T &#124; undefined&gt;;</code><br/><code>    }</code> |  |
 |  [env](./kibana-plugin-server.plugininitializercontext.env.md) | <code>{</code><br/><code>        mode: EnvironmentMode;</code><br/><code>        packageInfo: Readonly&lt;PackageInfo&gt;;</code><br/><code>    }</code> |  |
 |  [logger](./kibana-plugin-server.plugininitializercontext.logger.md) | <code>LoggerFactory</code> |  |
 |  [opaqueId](./kibana-plugin-server.plugininitializercontext.opaqueid.md) | <code>PluginOpaqueId</code> |  |

docs/user/security/index.asciidoc

@@ -37,4 +37,4 @@ cause Kibana's authorization to behave unexpectedly.
 include::authorization/index.asciidoc[]
 include::authorization/kibana-privileges.asciidoc[]
 include::api-keys/index.asciidoc[]
-
+include::rbac_tutorial.asciidoc[]

docs/user/security/rbac_tutorial.asciidoc

@@ -0,0 +1,104 @@
+[[space-rbac-tutorial]]
+=== Tutorial:  Use role-based access control to customize Kibana spaces
+
+With role-based access control (RBAC), you can provide users access to data, tools,
+and Kibana spaces.  In this tutorial, you will learn how to configure roles
+that provide the right users with the right access to the data, tools, and
+Kibana spaces.
+
+[float]
+==== Scenario
+
+Our user is a web developer working on a bank's
+online mortgage service.  The web developer has these 
+three requirements:
+
+* Have access to the data for that service 
+* Build visualizations and dashboards
+* Monitor the performance of the system
+
+You'll provide the web developer with the access and privileges to get the job done.
+
+[float]
+==== Prerequisites
+
+To complete this tutorial, you'll need the following:
+
+*  **Administrative privileges**: You must have a role that grants privileges to create a space, role, and user. This is any role which grants the `manage_security` cluster privilege. By default, the `superuser` role provides this access. See the {ref}/built-in-roles.html[built-in] roles.  
+*  **A space**: In this tutorial, use `Dev Mortgage` as the space 
+name. See <<spaces-managing, spaces management>> for
+details on creating a space.
+*  **Data**:  You can use <<tutorial-sample-data, sample data>> or 
+live data.  In the steps below, Filebeat and Metricbeat data are used.
+
+[float]
+==== Steps
+
+With the requirements in mind, here are the steps that you will work 
+through in this tutorial:
+
+* Create a role named `mortgage-developer`
+* Give the role permission to access the data in the relevant indices
+* Give the role permission to create visualizations and dashboards 
+* Create the web developer's user account with the proper roles
+
+[float]
+==== Create a role
+
+Go to **Management > Roles** 
+for an overview of your roles.  This view provides actions
+for you to create, edit, and delete roles.
+
+[role="screenshot"]
+image::security/images/role-management.png["Role management"]
+
+
+You can create as many roles as you like. Click *Create role* and 
+provide a name. Use `dev-mortgage` because this role is for a developer 
+working on the bank's mortgage application.
+
+
+[float]
+==== Give the role permission to access the data
+
+Access to data in indices is an index-level privilege, so in 
+*Index privileges*, add lines for the indices that contain the 
+data for this role.  Two privileges are required: `read` and 
+`view_index_metadata`.  All privileges are detailed in the 
+https://www.elastic.co/guide/en/elasticsearch/reference/current/security-privileges.html[security privileges] documentation.
+
+In the screenshots, Filebeat and Metricbeat data is used, but you 
+should use the index patterns for your indices.
+
+[role="screenshot"]
+image::security/images/role-index-privilege.png["Index privilege"]
+
+[float]
+==== Give the role permission to create visualizations and dashboards
+
+By default, roles do not give Kibana privileges.  Click **Add space 
+privilege** and associate this role with the `Dev Mortgage` space.
+
+To enable users with the `dev-mortgage` role to create visualizations 
+and dashboards, click *All* for *Visualize* and *Dashboard*. Also 
+assign *All* for *Discover* because it is common for developers 
+to create saved searches while designing visualizations.
+
+[role="screenshot"]
+image::security/images/role-space-visualization.png["Associate space"]
+
+[float]
+==== Create the developer's user account with the proper roles
+
+Go to **Management > Users** and click on **Create user** to create a 
+user.  Give the user the `dev-mortgage` role 
+and the `monitoring-user` role, which is required for users of **Stack Monitoring**.
+
+[role="screenshot"]
+image::security/images/role-new-user.png["Developer user"]
+
+Finally, have the developer log in and access the Dev Mortgage space 
+and create a new visualization.
+
+NOTE: If the user is assigned to only one space, they will automatically enter that space on login.
+

package.json

@@ -112,7 +112,7 @@
     "@elastic/charts": "^14.0.0",
     "@elastic/datemath": "5.0.2",
     "@elastic/ems-client": "1.0.5",
-    "@elastic/eui": "16.0.0",
+    "@elastic/eui": "16.1.0",
     "@elastic/filesaver": "1.1.2",
     "@elastic/good": "8.1.1-kibana2",
     "@elastic/numeral": "2.3.3",

packages/kbn-test/package.json

@@ -15,7 +15,8 @@
     "@kbn/dev-utils": "1.0.0",
     "@types/parse-link-header": "^1.0.0",
     "@types/strip-ansi": "^5.2.1",
-    "@types/xml2js": "^0.4.5"
+    "@types/xml2js": "^0.4.5",
+    "diff": "^4.0.1"
   },
   "dependencies": {
     "chalk": "^2.4.2",

packages/kbn-test/src/failed_tests_reporter/README.md

@@ -12,10 +12,10 @@ copy(`wget "${Array.from($$('a[href$=".xml"]')).filter(a => a.innerText === 'Dow
 
 This copies a script to download the reports, which you should execute in the `test/junit` directory.
 
-Next, run the CLI in `--dry-run` mode so that it doesn't actually communicate with Github.
+Next, run the CLI in `--no-github-update` mode so that it doesn't actually communicate with Github and `--no-report-update` to prevent the script from mutating the reports on disk and instead log the updated report.
 
 ```sh
-node scripts/report_failed_tests.js --verbose --dry-run --build-url foo
+node scripts/report_failed_tests.js --verbose --no-github-update --no-report-update
 ```
 
-If you specify the `GITHUB_TOKEN` environment variable then `--dry-run` will execute read operations but still won't execute write operations.
+Unless you specify the `GITHUB_TOKEN` environment variable requests to read existing issues will use anonymous access which is limited to 60 requests per hour.