Merge remote-tracking branch 'upstream/master' into np/fix-http-inter…

…cept

.eslintignore

@@ -11,7 +11,6 @@ bower_components
 /src/plugins/data/common/es_query/kuery/ast/_generated_/**
 /src/legacy/core_plugins/vis_type_timelion/public/_generated_/**
 src/legacy/core_plugins/vis_type_vislib/public/vislib/__tests__/lib/fixtures/mock_data
-/src/legacy/ui/public/angular-bootstrap
 /src/legacy/ui/public/flot-charts
 /test/fixtures/scenarios
 /src/legacy/core_plugins/console/public/webpackShims

.eslintrc.js

@@ -302,6 +302,8 @@ module.exports = {
                   'test/plugin_functional/plugins/**/public/np_ready/**/*',
                   'test/plugin_functional/plugins/**/server/np_ready/**/*',
                   'src/legacy/core_plugins/**/public/np_ready/**/*',
+                  'src/legacy/core_plugins/vis_type_*/public/**/*',
+                  '!src/legacy/core_plugins/vis_type_*/public/legacy*',
                   'src/legacy/core_plugins/**/server/np_ready/**/*',
                   'x-pack/legacy/plugins/**/public/np_ready/**/*',
                   'x-pack/legacy/plugins/**/server/np_ready/**/*',

docs/settings/alert-action-settings.asciidoc

@@ -0,0 +1,47 @@
+[role="xpack"]
+[[alert-action-settings-kb]]
+=== Alerting and action settings in Kibana
+++++
+<titleabbrev>Alerting and action settings</titleabbrev>
+++++
+
+Alerts and actions are enabled by default in {kib}, but require you configure the following in order to use them: 
+
+. <<using-kibana-with-security,Set up {kib} to work with {stack} {security-features}>>.
+. <<configuring-tls-kib-es,Set up TLS encryption between {kib} and {es}>>.
+. <<general-alert-action-settings,Specify a value for `xpack.encrypted_saved_objects.encryptionKey`>>.
+
+You can configure the following settings in the `kibana.yml` file.
+
+
+[float]
+[[general-alert-action-settings]]
+==== General settings
+
+`xpack.encrypted_saved_objects.encryptionKey`::
+
+A string of 32 or more characters used to encrypt sensitive properties on alerts and actions before they're stored in {es}. Third party credentials &mdash; such as the username and password used to connect to an SMTP service &mdash; are an example of encrypted properties.  
++
+If not set, {kib} will generate a random key on startup, but all alert and action functions will be blocked. Generated keys are not allowed for alerts and actions because when a new key is generated on restart, existing encrypted data becomes inaccessible. For the same reason, alerts and actions in high-availability deployments of {kib} will behave unexpectedly if the key isn't the same on all instances of {kib}.
++
+Although the key can be specified in clear text in `kibana.yml`, it's recommended to store this key securely in the <<secure-settings,{kib} Keystore>>.
+
+[float]
+[[alert-settings]]
+==== Action settings
+
+`xpack.actions.whitelistedHosts`::
+A list of hostnames that {kib} is allowed to connect to when built-in actions are triggered. It defaults to `[*]`, allowing any host, but keep in mind the potential for SSRF attacks when hosts are not explicitly whitelisted. An empty list `[]` can be used to block built-in actions from making any external connections.
++
+Note that hosts associated with built-in actions, such as Slack and PagerDuty, are not automatically whitelisted. If you are not using the default `[*]` setting, you must ensure that the corresponding endpoints are whitelisted as well.
+
+`xpack.actions.enabledActionTypes`::
+A list of action types that are enabled. It defaults to `[*]`, enabling all types. The names for built-in {kib} action types are prefixed with a `.` and include: `.server-log`, `.slack`, `.email`, `.index`, `.pagerduty`, and `.webhook`. An empty list `[]` will disable all action types.
++
+Disabled action types will not appear as an option when creating new connectors, but existing connectors and actions of that type will remain in {kib} and will not function.  
+
+[float]
+[[action-settings]]
+==== Alert settings
+
+You do not need to configure any additional settings to use alerting in {kib}.

docs/settings/settings-xkb.asciidoc

@@ -10,6 +10,7 @@ include::{asciidoc-dir}/../../shared/settings.asciidoc[]
 
 For more {kib} configuration settings, see <<settings>>.
 
+include::alert-action-settings.asciidoc[]
 include::apm-settings.asciidoc[]
 include::dev-settings.asciidoc[]
 include::graph-settings.asciidoc[]

docs/setup/settings.asciidoc

@@ -457,16 +457,7 @@ Rollup user interface.
 
 `i18n.locale`:: *Default: en* Set this value to change the Kibana interface language. Valid locales are: `en`, `zh-CN`, `ja-JP`.
 
-`xpack.actions.enabledActionTypes:`:: *Default: +[ {asterisk} ]+* Set this value
-to an array of action types that are enabled.  An element of `*` indicates all
-action types registered are enabled.  The action types provided by Kibana are:
-`.server-log`, `.slack`, `.email`, `.index`, `.pagerduty`, `.webhook`.
-
-`xpack.actions.whitelistedHosts:`:: *Default: +[ {asterisk} ]+* Set this value
-to an array of host names which actions such as email, slack, pagerduty, and
-webhook can connect to.  An element of `*` indicates any host can be connected
-to.  An empty array indicates no hosts can be connected to.
-
+include::{docdir}/settings/alert-action-settings.asciidoc[]
 include::{docdir}/settings/apm-settings.asciidoc[]
 include::{docdir}/settings/dev-settings.asciidoc[]
 include::{docdir}/settings/graph-settings.asciidoc[]

docs/user/security/authentication/index.asciidoc

@@ -12,6 +12,7 @@
 - <<pki-authentication>>
 - <<saml>>
 - <<oidc>>
+- <<kerberos>>
 
 [[basic-authentication]]
 ==== Basic authentication
@@ -214,3 +215,26 @@ leaked, it can't be re-used after logout. This is known as "local" logout.
 {kib} can also initiate a "global" logout or _Single Logout_ if it's supported by the external authentication provider and not
 explicitly disabled by {es}. In this case, the user is redirected to the external authentication provider for log out of
 all applications associated with the active provider session.
+
+[[kerberos]]
+==== Kerberos single sign-on
+
+As with the previous SSOs, make sure that you have configured {es} first accordingly. See {ref}/kerberos-realm.html[Kerberos authentication].
+
+Next, to enable Kerberos in {kib}, you will need to enable the Kerberos authentication provider in the `kibana.yml` configuration file, as follows:
+
+[source,yaml]
+-----------------------------------------------
+xpack.security.authc.providers: [kerberos]
+-----------------------------------------------
+
+You may want to be able to authenticate with the basic authentication provider as a secondary mechanism or while you are setting up Kerberos for the stack:
+
+[source,yaml]
+-----------------------------------------------
+xpack.security.authc.providers: [kerberos, basic]
+-----------------------------------------------
+
+As a reminder, the order is important as it determines the order in which each authentication provider is attempted.
+
+Kibana uses SPNEGO, which wraps the Kerberos protocol for use with HTTP, extending it to web applications. At the end of the Kerberos handshake, Kibana will forward the service ticket to Elasticsearch. Elasticsearch will unpack it and it will respond with an access and refresh token which are then used for subsequent authentication.

src/core/public/overlays/modal/modal_service.tsx

@@ -20,7 +20,7 @@
 /* eslint-disable max-classes-per-file */
 
 import { i18n as t } from '@kbn/i18n';
-import { EuiModal, EuiConfirmModal, EuiOverlayMask } from '@elastic/eui';
+import { EuiModal, EuiConfirmModal, EuiOverlayMask, EuiConfirmModalProps } from '@elastic/eui';
 import React from 'react';
 import { render, unmountComponentAtNode } from 'react-dom';
 import { Subject } from 'rxjs';
@@ -68,6 +68,7 @@ export interface OverlayModalConfirmOptions {
   className?: string;
   closeButtonAriaLabel?: string;
   'data-test-subj'?: string;
+  defaultFocusedButton?: EuiConfirmModalProps['defaultFocusedButton'];
 }
 
 /**

src/core/public/public.api.md

@@ -6,6 +6,7 @@
 
 import { Breadcrumb } from '@elastic/eui';
 import { EuiButtonEmptyProps } from '@elastic/eui';
+import { EuiConfirmModalProps } from '@elastic/eui';
 import { EuiGlobalToastListToast } from '@elastic/eui';
 import { ExclusiveUnion } from '@elastic/eui';
 import { IconType } from '@elastic/eui';

src/dev/precommit_hook/casing_check_config.js

@@ -88,7 +88,6 @@ export const IGNORE_DIRECTORY_GLOBS = [
   'src/babel-*',
   'packages/*',
   'packages/kbn-ui-framework/generator-kui',
-  'src/legacy/ui/public/angular-bootstrap',
   'src/legacy/ui/public/flot-charts',
   'src/legacy/ui/public/utils/lodash-mixins',
   'test/functional/fixtures/es_archiver/visualize_source-filters',
@@ -124,9 +123,6 @@ export const TEMPORARILY_IGNORED_PATHS = [
   'src/legacy/core_plugins/timelion/server/series_functions/__tests__/fixtures/tlConfig.js',
   'src/fixtures/config_upgrade_from_4.0.0_to_4.0.1-snapshot.json',
   'src/legacy/core_plugins/vis_type_vislib/public/vislib/__tests__/lib/fixtures/mock_data/terms/_seriesMultiple.js',
-  'src/legacy/ui/public/angular-bootstrap/bindHtml/bindHtml.js',
-  'src/legacy/ui/public/angular-bootstrap/tooltip/tooltip-html-unsafe-popup.html',
-  'src/legacy/ui/public/angular-bootstrap/tooltip/tooltip-popup.html',
   'src/legacy/ui/public/assets/favicons/android-chrome-192x192.png',
   'src/legacy/ui/public/assets/favicons/android-chrome-256x256.png',
   'src/legacy/ui/public/assets/favicons/android-chrome-512x512.png',

src/legacy/core_plugins/data/public/search/aggs/agg_config.ts

@@ -35,7 +35,7 @@ import { Schema } from './schemas';
 import {
   ISearchSource,
   FetchOptions,
-  fieldFormats,
+  FieldFormatsContentType,
   KBN_FIELD_TYPES,
 } from '../../../../../../plugins/data/public';
 
@@ -383,7 +383,7 @@ export class AggConfig {
     return this.aggConfigs.timeRange;
   }
 
-  fieldFormatter(contentType?: fieldFormats.ContentType, defaultFormat?: any) {
+  fieldFormatter(contentType?: FieldFormatsContentType, defaultFormat?: any) {
     const format = this.type && this.type.getFormat(this);
 
     if (format) {
@@ -393,7 +393,7 @@ export class AggConfig {
     return this.fieldOwnFormatter(contentType, defaultFormat);
   }
 
-  fieldOwnFormatter(contentType?: fieldFormats.ContentType, defaultFormat?: any) {
+  fieldOwnFormatter(contentType?: FieldFormatsContentType, defaultFormat?: any) {
     const fieldFormatsService = npStart.plugins.data.fieldFormats;
     const field = this.getField();
     let format = field && field.format;

src/legacy/core_plugins/data/public/search/aggs/agg_type.ts

@@ -29,7 +29,7 @@ import { BaseParamType } from './param_types/base';
 import { AggParamType } from './param_types/agg';
 import {
   KBN_FIELD_TYPES,
-  fieldFormats,
+  IFieldFormat,
   ISearchSource,
 } from '../../../../../../plugins/data/public';
 
@@ -58,7 +58,7 @@ export interface AggTypeConfig<
     inspectorAdapters: Adapters,
     abortSignal?: AbortSignal
   ) => Promise<any>;
-  getFormat?: (agg: TAggConfig) => fieldFormats.FieldFormat;
+  getFormat?: (agg: TAggConfig) => IFieldFormat;
   getValue?: (agg: TAggConfig, bucket: any) => any;
   getKey?: (bucket: any, key: any, agg: TAggConfig) => any;
 }
@@ -199,7 +199,7 @@ export class AggType<
    * @param  {agg} agg - the agg to pick a format for
    * @return {FieldFormat}
    */
-  getFormat: (agg: TAggConfig) => fieldFormats.FieldFormat;
+  getFormat: (agg: TAggConfig) => IFieldFormat;
 
   getValue: (agg: TAggConfig, bucket: any) => any;
 

src/legacy/core_plugins/data/public/search/aggs/buckets/create_filter/date_range.test.ts

@@ -19,7 +19,7 @@
 
 import moment from 'moment';
 import { createFilterDateRange } from './date_range';
-import { fieldFormats } from '../../../../../../../../plugins/data/public';
+import { fieldFormats, FieldFormatsGetConfigFn } from '../../../../../../../../plugins/data/public';
 import { AggConfigs } from '../../agg_configs';
 import { BUCKET_TYPES } from '../bucket_agg_types';
 import { IBucketAggConfig } from '../_bucket_agg_type';
@@ -28,7 +28,7 @@ jest.mock('ui/new_platform');
 
 describe('AggConfig Filters', () => {
   describe('Date range', () => {
-    const getConfig = (() => {}) as fieldFormats.GetConfigFn;
+    const getConfig = (() => {}) as FieldFormatsGetConfigFn;
     const getAggConfigs = () => {
       const field = {
         name: '@timestamp',

src/legacy/core_plugins/data/public/search/aggs/buckets/create_filter/histogram.test.ts

@@ -20,13 +20,13 @@ import { createFilterHistogram } from './histogram';
 import { AggConfigs } from '../../agg_configs';
 import { BUCKET_TYPES } from '../bucket_agg_types';
 import { IBucketAggConfig } from '../_bucket_agg_type';
-import { fieldFormats } from '../../../../../../../../plugins/data/public';
+import { fieldFormats, FieldFormatsGetConfigFn } from '../../../../../../../../plugins/data/public';
 
 jest.mock('ui/new_platform');
 
 describe('AggConfig Filters', () => {
   describe('histogram', () => {
-    const getConfig = (() => {}) as fieldFormats.GetConfigFn;
+    const getConfig = (() => {}) as FieldFormatsGetConfigFn;
     const getAggConfigs = () => {
       const field = {
         name: 'bytes',

src/legacy/core_plugins/data/public/search/aggs/buckets/create_filter/range.test.ts

@@ -18,7 +18,7 @@
  */
 
 import { createFilterRange } from './range';
-import { fieldFormats } from '../../../../../../../../plugins/data/public';
+import { fieldFormats, FieldFormatsGetConfigFn } from '../../../../../../../../plugins/data/public';
 import { AggConfigs } from '../../agg_configs';
 import { BUCKET_TYPES } from '../bucket_agg_types';
 import { IBucketAggConfig } from '../_bucket_agg_type';
@@ -27,7 +27,7 @@ jest.mock('ui/new_platform');
 
 describe('AggConfig Filters', () => {
   describe('range', () => {
-    const getConfig = (() => {}) as fieldFormats.GetConfigFn;
+    const getConfig = (() => {}) as FieldFormatsGetConfigFn;
     const getAggConfigs = () => {
       const field = {
         name: 'bytes',

src/legacy/core_plugins/data/public/search/aggs/buckets/range.test.ts

@@ -19,7 +19,7 @@
 
 import { AggConfigs } from '../agg_configs';
 import { BUCKET_TYPES } from './bucket_agg_types';
-import { fieldFormats } from '../../../../../../../plugins/data/public';
+import { FieldFormatsGetConfigFn, fieldFormats } from '../../../../../../../plugins/data/public';
 
 jest.mock('ui/new_platform');
 
@@ -44,7 +44,7 @@ const buckets = [
 ];
 
 describe('Range Agg', () => {
-  const getConfig = (() => {}) as fieldFormats.GetConfigFn;
+  const getConfig = (() => {}) as FieldFormatsGetConfigFn;
   const getAggConfigs = () => {
     const field = {
       name: 'bytes',

src/legacy/core_plugins/data/public/search/aggs/buckets/terms.ts

@@ -30,7 +30,8 @@ import { IAggConfigs } from '../agg_configs';
 import { Adapters } from '../../../../../../../plugins/inspector/public';
 import {
   ISearchSource,
-  fieldFormats,
+  IFieldFormat,
+  FieldFormatsContentType,
   KBN_FIELD_TYPES,
 } from '../../../../../../../plugins/data/public';
 
@@ -80,9 +81,9 @@ export const termsBucketAgg = new BucketAggType({
     const params = agg.params;
     return agg.getFieldDisplayName() + ': ' + params.order.text;
   },
-  getFormat(bucket): fieldFormats.FieldFormat {
+  getFormat(bucket): IFieldFormat {
     return {
-      getConverterFor: (type: fieldFormats.ContentType) => {
+      getConverterFor: (type: FieldFormatsContentType) => {
         return (val: any) => {
           if (val === '__other__') {
             return bucket.params.otherBucketLabel;
@@ -94,7 +95,7 @@ export const termsBucketAgg = new BucketAggType({
           return bucket.params.field.format.convert(val, type);
         };
       },
-    } as fieldFormats.FieldFormat;
+    } as IFieldFormat;
   },
   createFilter: createFilterTerms,
   postFlightRequest: async (

src/legacy/core_plugins/kibana/public/dashboard/legacy.ts

@@ -18,34 +18,14 @@
  */
 
 import { PluginInitializerContext } from 'kibana/public';
-import { npSetup, npStart, legacyChrome } from './legacy_imports';
-import { LegacyAngularInjectedDependencies } from './plugin';
+import { npSetup, npStart } from './legacy_imports';
 import { start as data } from '../../../data/public/legacy';
 import { start as embeddables } from '../../../embeddable_api/public/np_ready/public/legacy';
-import './dashboard_config';
 import { plugin } from './index';
 
-/**
- * Get dependencies relying on the global angular context.
- * They also have to get resolved together with the legacy imports above
- */
-async function getAngularDependencies(): Promise<LegacyAngularInjectedDependencies> {
-  const injector = await legacyChrome.dangerouslyGetActiveInjector();
-
-  return {
-    dashboardConfig: injector.get('dashboardConfig'),
-  };
-}
-
 (async () => {
   const instance = plugin({} as PluginInitializerContext);
-  instance.setup(npSetup.core, {
-    ...npSetup.plugins,
-    npData: npSetup.plugins.data,
-    __LEGACY: {
-      getAngularDependencies,
-    },
-  });
+  instance.setup(npSetup.core, npSetup.plugins);
   instance.start(npStart.core, {
     ...npStart.plugins,
     data,

src/legacy/core_plugins/kibana/public/dashboard/legacy_imports.ts

@@ -30,15 +30,11 @@ export const legacyChrome = chrome;
 export { SavedObjectSaveOpts } from 'ui/saved_objects/types';
 export { npSetup, npStart } from 'ui/new_platform';
 export { subscribeWithScope } from 'ui/utils/subscribe_with_scope';
-// @ts-ignore
-export { ConfirmationButtonTypes } from 'ui/modals/confirm_modal';
 export { KbnUrl } from 'ui/url/kbn_url';
 // @ts-ignore
 export { createTopNavDirective, createTopNavHelper } from 'ui/kbn_top_nav/kbn_top_nav';
 // @ts-ignore
 export { KbnUrlProvider, RedirectWhenMissingProvider } from 'ui/url/index';
-// @ts-ignore
-export { confirmModalFactory } from 'ui/modals/confirm_modal';
 export { IInjector } from 'ui/chrome';
 export { SavedObjectLoader } from 'ui/saved_objects';
 export { VISUALIZE_EMBEDDABLE_TYPE } from '../../../visualizations/public/embeddable';