Skip to content

Commit

Permalink
Merge branch 'master' of github.com:elastic/kibana into ilm/cloud-cal…
Browse files Browse the repository at this point in the history
…lout-for-warm-and-cold-tier

* 'master' of github.com:elastic/kibana: (126 commits)
  Add cumulative sum expression function (elastic#80129)
  [APM] Fix link to trace (elastic#80993)
  Provide url rewritten in onPreRouting interceptor (elastic#80810)
  limit renovate to npm packages
  Fix bug in logs UI link (elastic#80943)
  [Monitoring] Fix bug with setup mode appearing on pages it shouldn't (elastic#80343)
  [Security Solution][Detection Engine] Fixes false positives caused by empty records in threat list
  docs test (elastic#81080)
  Fixed alerts ui test timeout issue, related to the multiple server calls for delete all alerts, by reducing the number of alerts to the two and increasing retry timeout. (elastic#81067)
  [APM] Fix service map highlighted edge on node select (elastic#80791)
  Fix typo in toast, slight copy adjustment. (elastic#80843)
  [Security Solution] reduce optimizer limits (elastic#80997)
  [maps] 7.10 documentation updates (elastic#79917)
  [Workplace Search] Fix Group Prioritization route and clean up design (elastic#80903)
  [Enterprise Search] Added reusable HiddenText component to Credentials (elastic#80033)
  Upgrade EUI to v29.5.0 (elastic#80753)
  [Maps] Fix layer-flash when changing style (elastic#80948)
  [Security Solution] [Detections] Disable edit button when user does not have actions privileges w/ rule + actions (elastic#80220)
  [Enterprise Search] Handle loading state on Credentials page (elastic#80035)
  [Monitoring] Fix cluster listing page in how it handles global state (elastic#78979)
  ...
  • Loading branch information
jloleysens committed Oct 20, 2020
2 parents 76985c2 + e1bd1e8 commit b281379
Show file tree
Hide file tree
Showing 1,033 changed files with 34,212 additions and 18,914 deletions.
16 changes: 8 additions & 8 deletions .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
Expand Up @@ -119,18 +119,18 @@
#CC# /x-pack/plugins/beats_management/ @elastic/beats

# Canvas
/src/plugins/dashboard/ @elastic/kibana-app
/src/plugins/input_control_vis/ @elastic/kibana-app
/src/plugins/vis_type_markdown/ @elastic/kibana-app
/src/plugins/dashboard/ @elastic/kibana-canvas
/src/plugins/input_control_vis/ @elastic/kibana-canvas
/src/plugins/vis_type_markdown/ @elastic/kibana-canvas
/x-pack/plugins/canvas/ @elastic/kibana-canvas
/x-pack/plugins/dashboard_enhanced/ @elastic/kibana-app
/x-pack/plugins/dashboard_enhanced/ @elastic/kibana-canvas
/x-pack/test/functional/apps/canvas/ @elastic/kibana-canvas
#CC# /src/legacy/core_plugins/kibana/public/dashboard/ @elastic/kibana-app
#CC# /src/legacy/core_plugins/input_control_vis @elastic/kibana-app
#CC# /src/legacy/core_plugins/kibana/public/dashboard/ @elastic/kibana-canvas
#CC# /src/legacy/core_plugins/input_control_vis @elastic/kibana-canvas
#CC# /src/plugins/kibana_react/public/code_editor/ @elastic/kibana-canvas
#CC# /x-pack/legacy/plugins/canvas/ @elastic/kibana-canvas
#CC# /x-pack/plugins/dashboard_mode @elastic/kibana-app
#CC# /x-pack/legacy/plugins/dashboard_mode/ @elastic/kibana-app
#CC# /x-pack/plugins/dashboard_mode @elastic/kibana-canvas
#CC# /x-pack/legacy/plugins/dashboard_mode/ @elastic/kibana-canvas

# Core UI
# Exclude tutorials folder for now because they are not owned by Kibana app and most will move out soon
Expand Down
5 changes: 3 additions & 2 deletions .github/ISSUE_TEMPLATE/security_solution_bug_report.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
---
name: Security Solution Bug Report
about: Things break. Help us identify those things so we can fix them!
name: Bug report for Security Solution
about: Help us identify bugs in Elastic Security, SIEM, and Endpoint so we can fix them!
title: '[Security Solution]'
labels: Team: SecuritySolution
---

**Describe the bug:**
Expand Down
3 changes: 3 additions & 0 deletions docs/api/saved-objects.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,8 @@ The following saved objects APIs are available:

* <<saved-objects-api-resolve-import-errors, Resolve import errors API>> to resolve errors from the import API

* <<saved-objects-api-rotate-encryption-key, Rotate encryption key API>> to rotate the encryption key for encrypted saved objects

include::saved-objects/get.asciidoc[]
include::saved-objects/bulk_get.asciidoc[]
include::saved-objects/find.asciidoc[]
Expand All @@ -38,3 +40,4 @@ include::saved-objects/delete.asciidoc[]
include::saved-objects/export.asciidoc[]
include::saved-objects/import.asciidoc[]
include::saved-objects/resolve_import_errors.asciidoc[]
include::saved-objects/rotate_encryption_key.asciidoc[]
110 changes: 110 additions & 0 deletions docs/api/saved-objects/rotate_encryption_key.asciidoc
Original file line number Diff line number Diff line change
@@ -0,0 +1,110 @@
[role="xpack"]
[[saved-objects-api-rotate-encryption-key]]
=== Rotate encryption key API
++++
<titleabbrev>Rotate encryption key</titleabbrev>
++++

experimental[] Rotate the encryption key for encrypted saved objects.

If a saved object cannot be decrypted using the primary encryption key, then {kib} will attempt to decrypt it using the specified <<xpack-encryptedSavedObjects-keyRotation-decryptionOnlyKeys, decryption-only keys>>. In most of the cases this overhead is negligible, but if you're dealing with a large number of saved objects and experiencing performance issues, you may want to rotate the encryption key.

[IMPORTANT]
============================================================================
Bulk key rotation can consume a considerable amount of resources and hence only user with a `superuser` role can trigger it.
============================================================================

[[saved-objects-api-rotate-encryption-key-request]]
==== Request

`POST <kibana host>:<port>/api/encrypted_saved_objects/_rotate_key`

[[saved-objects-api-rotate-encryption-key-request-query-params]]
==== Query parameters

`type`::
(Optional, string) Limits encryption key rotation only to the saved objects with the specified type. By default, {kib} tries to rotate the encryption key for all saved object types that may contain encrypted attributes.

`batchSize`::
(Optional, number) Specifies a maximum number of saved objects that {kib} can process in a single batch. Bulk key rotation is an iterative process since {kib} may not be able to fetch and process all required saved objects in one go and splits processing into consequent batches. By default, the batch size is 10000, which is also a maximum allowed value.

[[saved-objects-api-rotate-encryption-key-response-body]]
==== Response body

`total`::
(number) Indicates the total number of _all_ encrypted saved objects (optionally filtered by the requested `type`), regardless of the key {kib} used for encryption.

`successful`::
(number) Indicates the total number of _all_ encrypted saved objects (optionally filtered by the requested `type`), regardless of the key {kib} used for encryption.
+
NOTE: In most cases, `total` will be greater than `successful` even if `failed` is zero. The reason is that {kib} may not need or may not be able to rotate encryption keys for all encrypted saved objects.

`failed`::
(number) Indicates the number of the saved objects that were still encrypted with one of the old encryption keys that {kib} failed to re-encrypt with the primary key.

[[saved-objects-api-rotate-encryption-key-response-codes]]
==== Response code

`200`::
Indicates a successful call.

`400`::
Indicates that either query parameters are wrong or <<xpack-encryptedSavedObjects-keyRotation-decryptionOnlyKeys, decryption-only keys>> aren't configured.

`429`::
Indicates that key rotation is already in progress.

[[saved-objects-api-rotate-encryption-key-example]]
==== Examples

[[saved-objects-api-rotate-encryption-key-example-1]]
===== Encryption key rotation with default parameters

[source,sh]
--------------------------------------------------
$ curl -X POST /api/encrypted_saved_objects/_rotate_key
--------------------------------------------------
// KIBANA

The API returns the following:

[source,sh]
--------------------------------------------------
{
"total": 1000,
"successful": 300,
"failed": 0
}
--------------------------------------------------

The result indicates that the encryption key was successfully rotated for 300 out of 1000 saved objects with encrypted attributes, and 700 of the saved objects either didn't require key rotation, or were encrypted with an unknown encryption key.

[[saved-objects-api-rotate-encryption-key-example-2]]
===== Encryption key rotation for the specific type with reduce batch size

[IMPORTANT]
============================================================================
Default parameters are optimized for speed. Change the parameters only when necessary. However, if you're experiencing any issues with this API, you may want to decrease a batch size or rotate the encryption keys for the specific types only. In this case, you may need to run key rotation multiple times in a row.
============================================================================

In this example, key rotation is performed for all saved objects with the `alert` type in batches of 5000.

[source,sh]
--------------------------------------------------
$ curl -X POST /api/encrypted_saved_objects/_rotate_key?type=alert&batchSize=5000
--------------------------------------------------
// KIBANA

The API returns the following:

[source,sh]
--------------------------------------------------
{
"total": 100,
"successful": 100,
"failed": 0
}
--------------------------------------------------

The result indicates that the encryption key was successfully rotated for all 100 saved objects with the `alert` type.

2 changes: 1 addition & 1 deletion docs/developer/best-practices/typescript.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ This architecture imposes several limitations to which we must comply:
[discrete]
==== Prerequisites
Since project refs rely on generated `d.ts` files, the migration order does matter. You can migrate your plugin only when all the plugin dependencies already have migrated. It creates a situation where commonly used plugins (such as `data` or `kibana_react`) have to migrate first.
https://github.com/elastic/kibana/issues/79343 is going to provide a tool for identifying a plugin dependency tree.
Run `node scripts/find_plugins_without_ts_refs.js --id your_plugin_id` to get a list of plugins that should be switched to TS project refs to unblock your plugin migration.

[discrete]
==== Implementation
Expand Down
17 changes: 6 additions & 11 deletions docs/developer/plugin-list.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -286,10 +286,6 @@ which will load the visualization's editor.
|To access an elasticsearch instance that has live data you have two options:
|{kib-repo}blob/{branch}/x-pack/plugins/audit_trail[auditTrail]
|WARNING: Missing README.
|{kib-repo}blob/{branch}/x-pack/plugins/beats_management/readme.md[beatsManagement]
|Notes:
Failure to have auth enabled in Kibana will make for a broken UI. UI-based errors not yet in place
Expand Down Expand Up @@ -436,10 +432,8 @@ using the CURL scripts in the scripts folder.
|{kib-repo}blob/{branch}/x-pack/plugins/ml/readme.md[ml]
|To use machine learning features, you must have a Platinum or Enterprise license
or a free 14-day trial. File Data Visualizer requires a Basic license. For more
info, refer to
Set up machine learning features.
|This plugin provides access to the machine learning features provided by
Elastic.
|{kib-repo}blob/{branch}/x-pack/plugins/monitoring[monitoring]
Expand Down Expand Up @@ -471,7 +465,8 @@ Set up machine learning features.
|{kib-repo}blob/{branch}/x-pack/plugins/security/README.md[security]
|See Configuring security in Kibana.
|See Configuring security in
Kibana.
|{kib-repo}blob/{branch}/x-pack/plugins/security_solution/README.md[securitySolution]
Expand Down Expand Up @@ -501,8 +496,8 @@ routes, etc.
|Gathers all usage collection, retrieving them from both: OSS and X-Pack plugins.
|{kib-repo}blob/{branch}/x-pack/plugins/transform[transform]
|WARNING: Missing README.
|{kib-repo}blob/{branch}/x-pack/plugins/transform/readme.md[transform]
|This plugin provides access to the transforms features provided by Elastic.
|{kib-repo}blob/{branch}/x-pack/plugins/translations[translations]
Expand Down

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

21 changes: 0 additions & 21 deletions docs/development/core/server/kibana-plugin-core-server.auditor.md

This file was deleted.

This file was deleted.

This file was deleted.

This file was deleted.

Loading

0 comments on commit b281379

Please sign in to comment.