Merge branch 'master' into replace-legacy-secsol-imports

 Conflicts:
	x-pack/plugins/security_solution/public/cases/components/case_view/index.tsx

.github/CODEOWNERS

@@ -69,6 +69,24 @@
 #CC# /x-pack/plugins/drilldowns/ @elastic/kibana-app-services
 #CC# /packages/kbn-interpreter/ @elastic/kibana-app-services
 
+### Observability Plugins
+
+# Observability Shared
+/x-pack/plugins/observability/ @elastic/observability-ui
+
+# Logs and Metrics (Infra)
+/x-pack/plugins/infra/ @elastic/logs-metrics-ui
+/x-pack/plugins/infra/server/routes/log* @elastic/logs-metrics-ui @elastic/logs-ui
+/x-pack/plugins/infra/public/pages/logs/ @elastic/logs-metrics-ui @elastic/logs-ui
+/x-pack/plugins/infra/server/routes/metrics* @elastic/logs-metrics-ui @elastic/metrics-ui
+/x-pack/plugins/infra/public/pages/metrics/ @elastic/logs-metrics-ui @elastic/metrics-ui
+
+# Stack Monitoring
+/x-pack/plugins/monitoring/ @elastic/stack-monitoring-ui @elastic/logs-metrics-ui @elastic/metrics-ui
+
+# Fleet
+/x-pack/plugins/fleet/ @elastic/fleet
+
 # APM
 /x-pack/plugins/apm/  @elastic/apm-ui
 /x-pack/test/functional/apps/apm/  @elastic/apm-ui
@@ -97,6 +115,7 @@
 /x-pack/plugins/apm/server/projections/rum_page_load_transactions.ts @elastic/uptime
 /x-pack/test/apm_api_integration/tests/csm/ @elastic/uptime
 
+### END Observability Plugins
 
 # Presentation
 /src/plugins/dashboard/ @elastic/kibana-presentation
@@ -110,13 +129,6 @@
 #CC# /src/plugins/kibana_react/public/code_editor/ @elastic/kibana-presentation
 #CC# /x-pack/plugins/dashboard_mode @elastic/kibana-presentation
 
-
-# Observability UIs
-/x-pack/plugins/infra/ @elastic/logs-metrics-ui
-/x-pack/plugins/fleet/ @elastic/fleet
-/x-pack/plugins/observability/ @elastic/observability-ui
-/x-pack/plugins/monitoring/ @elastic/stack-monitoring-ui
-
 # Machine Learning
 /x-pack/plugins/ml/  @elastic/ml-ui
 /x-pack/test/accessibility/apps/ml.ts  @elastic/ml-ui

docs/CHANGELOG.asciidoc

@@ -72,10 +72,10 @@ You must migrate your time_based index patterns to a wildcard pattern. For examp
 [%collapsible]
 ====
 *Details* +
-For the `.tar.gz` and `.zip` archives, `platform` has been removed from the `root` folder name. For more information, refer to {kibana-pull}93835[#93835]
+After you extract an archive, the output directory no longer includes the target platform. For example, `kibana-8.0.0-linux-aarch64.tar.gz` produces a `kibana-8.0.0` folder. For more information, refer to {kibana-pull}93835[#93835].
 
 *Impact* +
-The `root` folder name now appears as `kibana-8.0.0-SNAPSHOT-linux-aarch64.tar.gz -> kibana-8.0.0-SNAPSHOT`.
+To use the new folder, update the configuration management tools and automation.
 ====
 
 [discrete]
@@ -84,10 +84,10 @@ The `root` folder name now appears as `kibana-8.0.0-SNAPSHOT-linux-aarch64.tar.g
 [%collapsible]
 ====
 *Details* +
-The default support for TLS v1.0 and v1.1 has been removed. For more information, refer to {kibana-pull}90511[#90511]
+The default support for TLS v1.0 and v1.1 has been removed. For more information, refer to {kibana-pull}90511[#90511].
 
 *Impact* +
-To enable support, set the environment variable to `NODE_OPTIONS=--tls-min-1.0`.
+To enable support, set `--tls-min-1.0` in the `node.options` configuration file. To locate the configuration file, go to the kibana/config folder or any other configuration with the `KBN_PATH_CONF` environment variable. For example, if you are using a Debian-based system, the configuration file is located in /etc/kibana.
 ====
 
 [discrete]
@@ -96,10 +96,10 @@ To enable support, set the environment variable to `NODE_OPTIONS=--tls-min-1.0`.
 [%collapsible]
 ====
 *Details* +
-Systems that don't have `service` aliased to use kibana.service are unable to use `service start kibana`. For more information, refer to {kibana-pull}74424[#74424]
+All supported operating systems use systemd service files. Any system that doesn’t have `service` aliased to use kibana.service should use `systemctl start kibana.service` instead of `service start kibana`. For more information, refer to {kibana-pull}74424[#74424].
 
 *Impact* +
-If your system doesn't have `service` aliased to use kibana.service, use `systemctl start kibana.service`.
+If your installation uses .deb or .rpm packages with SysV, migrate to systemd.
 ====
 
 [discrete]
@@ -108,10 +108,30 @@ If your system doesn't have `service` aliased to use kibana.service, use `system
 [%collapsible]
 ====
 *Details* +
-By default, responses are not logged. Previously, responses were logged if `logging.json` was set to `true`, `logging.dest` was specified, or a TTY was detected. For more information, refer to {kibana-pull}42353[#42353]
+In previous versions, all events are logged in `json` when `logging.json:true`. With the new logging configuration, you can choose the `json` and pattern output formats with layouts. For more information, refer to {kibana-pull}42353[#42353].
 
 *Impact* +
-To log responses, set `logging.events.response=*` in kibana.yml.
+To restore the previous behavior, configure the logging format for each custom appender with the `appender.layout property` in kibana.yml. There is no default for custom appenders, and each appender must be configured expilictly.
+
+[source,yaml]
+-------------------
+logging:
+  appenders:
+    custom_console:
+      type: console
+      layout:
+        type: pattern
+    custom_json:
+      type: console
+      layout:
+        type: json
+  loggers:
+    - name: plugins.myPlugin
+      appenders: [custom_console]
+  root:
+    appenders: [default, custom_json]
+    level: warn
+-------------------
 ====
 
 [float]
@@ -120,7 +140,7 @@ To log responses, set `logging.events.response=*` in kibana.yml.
 
 [discrete]
 [[breaking-52539]]
-.Removed legacy Reporting job params compatibility shim
+.Legacy job parameters are no longer supported
 [%collapsible]
 ====
 *Details* +
@@ -152,10 +172,10 @@ Use the `/api/security/saml/callback` route, or wait to upgrade to 8.0.0-alpha2
 [%collapsible]
 ====
 *Details* +
-To provide the maximum level of protection for most installations, the csp.strict config is now enabled by default. Legacy browsers not supported by Kibana, such as IE11, are unable to access {kib} unless explicitly enabled. All browsers officially supported by Kibana do not have this issue. For more information, refer to {kibana-pull}41700[#41700]
+To provide the maximum level of protection for most installations, the csp.strict config is now enabled by default. Legacy browsers not supported by Kibana, such as Internet Explorer 11, are unable to access {kib} unless explicitly enabled. All browsers officially supported by Kibana do not have this issue. For more information, refer to {kibana-pull}41700[#41700]
 
 *Impact* +
-To enable support for legacy browsers, set `csp.strict: false` in kibana.yml.
+To enable support for legacy browsers, set `csp.strict: false` in kibana.yml. To effectively enforce the security protocol, we strongly discourage disabling `csp.strict` unless it is critical that you support Internet Explorer 11.
 ====
 
 [float]
@@ -191,14 +211,14 @@ You are now unable to use `0` as the `server.host`.
 
 [discrete]
 [[breaking-38657]]
-.Removed `xpack.security.authProviders` and `xpack.security.public`
+.Removed `xpack.security.public` and `xpack.security.authProviders`
 [%collapsible]
 ====
 *Details* +
 The `xpack.security.public` and `xpack.security.authProviders` settings have been removed. For more information, refer to {kibana-pull}38657[#38657]
 
 *Impact* +
-Use the `xpack.security.authc.saml.realm` setting.
+Use the `xpack.security.authc.saml.realm` and `xpack.security.authc.providers` settings.
 ====
 
 [discrete]

docs/index.asciidoc

@@ -4,8 +4,6 @@
 :include-xpack:  true
 :lang:           en
 :kib-repo-dir:   {kibana-root}/docs
-:blog-ref:       https://www.elastic.co/blog/
-:wikipedia:      https://en.wikipedia.org/wiki
 
 include::{docs-root}/shared/versions/stack/{source_branch}.asciidoc[]
 

docs/settings/alert-action-settings.asciidoc

@@ -41,14 +41,15 @@ You can configure the following settings in the `kibana.yml` file.
 [cols="2*<"]
 |===
 | `xpack.actions.enabled`
-  | Feature toggle that enables Actions in {kib}. Default: `true`.
+  | Feature toggle that enables Actions in {kib}.
+  If `false`, all features dependent on Actions are disabled, including the *Observability* and *Security* apps.  Default: `true`.
 
 | `xpack.actions.allowedHosts` {ess-icon}
   | A list of hostnames that {kib} is allowed to connect to when built-in actions are triggered. It defaults to `[*]`, allowing any host, but keep in mind the potential for SSRF attacks when hosts are not explicitly added to the allowed hosts. An empty list `[]` can be used to block built-in actions from making any external connections. +
   +
   Note that hosts associated with built-in actions, such as Slack and PagerDuty, are not automatically added to allowed hosts. If you are not using the default `[*]` setting, you must ensure that the corresponding endpoints are added to the allowed hosts as well.
- 
-| `xpack.actions.customHostSettings` {ess-icon} 
+
+| `xpack.actions.customHostSettings` {ess-icon}
   | A list of custom host settings to override existing global settings.
   Default: an empty list. +
   +
@@ -69,7 +70,7 @@ You can configure the following settings in the `kibana.yml` file.
 --
 xpack.actions.customHostSettings:
   - url: smtp://mail.example.com:465
-    ssl: 
+    ssl:
       verificationMode: 'full'
       certificateAuthoritiesFiles: [ 'one.crt' ]
       certificateAuthoritiesData: |
@@ -79,7 +80,7 @@ xpack.actions.customHostSettings:
     smtp:
       requireTLS: true
   - url: https://webhook.example.com
-    ssl: 
+    ssl:
       // legacy
       rejectUnauthorized: false
       verificationMode: 'none'
@@ -124,7 +125,7 @@ xpack.actions.customHostSettings:
 
 |[[action-config-custom-host-verification-mode]] `xpack.actions.customHostSettings[n]`
 `.ssl.verificationMode` {ess-icon}
-  | Controls the verification of the server certificate that {hosted-ems} receives when making an outbound SSL/TLS connection to the host server. Valid values are `full`, `certificate`, and `none`. 
+  | Controls the verification of the server certificate that {hosted-ems} receives when making an outbound SSL/TLS connection to the host server. Valid values are `full`, `certificate`, and `none`.
  Use `full` to perform hostname verification, `certificate` to skip hostname verification, and `none` to skip verification. Default: `full`. <<elasticsearch-ssl-verificationMode,Equivalent {kib} setting>>. Overrides the general `xpack.actions.ssl.verificationMode` configuration
   for requests made for this hostname/port.
 
@@ -137,7 +138,7 @@ xpack.actions.customHostSettings:
 `.ssl.certificateAuthoritiesData` {ess-icon}
   | The contents of a PEM-encoded certificate file, or multiple files appended
   into a single string.  This configuration can be used for environments where
-  the files cannot be made available.  
+  the files cannot be made available.
 
 | `xpack.actions.enabledActionTypes` {ess-icon}
   | A list of action types that are enabled. It defaults to `[*]`, enabling all types. The names for built-in {kib} action types are prefixed with a `.` and include: `.server-log`, `.slack`, `.email`, `.index`, `.pagerduty`, and `.webhook`. An empty list `[]` will disable all action types. +
@@ -170,7 +171,7 @@ a|`xpack.actions.`
 |[[action-config-proxy-verification-mode]]
 `xpack.actions[n]`
 `.ssl.proxyVerificationMode` {ess-icon}
-| Controls the verification for the proxy server certificate that {hosted-ems} receives when making an outbound SSL/TLS connection to the proxy server. Valid values are `full`, `certificate`, and `none`. 
+| Controls the verification for the proxy server certificate that {hosted-ems} receives when making an outbound SSL/TLS connection to the proxy server. Valid values are `full`, `certificate`, and `none`.
 Use `full` to perform hostname verification, `certificate` to skip hostname verification, and `none` to skip verification. Default: `full`. <<elasticsearch-ssl-verificationMode,Equivalent {kib} setting>>.
 
 | `xpack.actions.rejectUnauthorized` {ess-icon}
@@ -182,7 +183,7 @@ Use `full` to perform hostname verification, `certificate` to skip hostname veri
 |[[action-config-verification-mode]]
 `xpack.actions[n]`
 `.ssl.verificationMode` {ess-icon}
-| Controls the verification for the server certificate that {hosted-ems} receives when making an outbound SSL/TLS connection for actions. Valid values are `full`, `certificate`, and `none`. 
+| Controls the verification for the server certificate that {hosted-ems} receives when making an outbound SSL/TLS connection for actions. Valid values are `full`, `certificate`, and `none`.
   Use `full` to perform hostname verification, `certificate` to skip hostname verification, and `none` to skip verification. Default: `full`. <<elasticsearch-ssl-verificationMode,Equivalent {kib} setting>>. +
   +
   As an alternative to setting `xpack.actions.ssl.verificationMode`, you can use the setting
@@ -213,4 +214,4 @@ Use `full` to perform hostname verification, `certificate` to skip hostname veri
 | `xpack.alerting.maxEphemeralActionsPerAlert`
   | Sets the number of actions that will be executed ephemerally. To use this, enable ephemeral tasks in task manager first with <<task-manager-settings,`xpack.task_manager.ephemeral_tasks.enabled`>>
 
-|===
+|===

packages/kbn-babel-code-parser/BUILD.bazel

@@ -1,5 +1,5 @@
 load("@build_bazel_rules_nodejs//:index.bzl", "js_library", "pkg_npm")
-load("@npm//@babel/cli:index.bzl", "babel")
+load("//src/dev/bazel:index.bzl", "jsts_transpiler")
 
 PKG_BASE_NAME = "kbn-babel-code-parser"
 PKG_REQUIRE_NAME = "@kbn/babel-code-parser"
@@ -25,35 +25,22 @@ NPM_MODULE_EXTRA_FILES = [
   "README.md",
 ]
 
-DEPS = [
-  "//packages/kbn-babel-preset",
+RUNTIME_DEPS = [
   "@npm//@babel/parser",
   "@npm//@babel/traverse",
   "@npm//lodash",
 ]
 
-babel(
-  name = "target",
-  data = DEPS + [
-      ":srcs",
-      ".babelrc",
-  ],
-  output_dir = True,
-  # the following arg paths includes $(execpath) as babel runs on the sandbox root
-  args = [
-      "./%s/src" % package_name(),
-      "--config-file",
-      "./%s/.babelrc" % package_name(),
-      "--out-dir",
-      "$(@D)",
-      "--quiet"
-  ],
+jsts_transpiler(
+  name = "target_node",
+  srcs = SRCS,
+  build_pkg_name = package_name(),
 )
 
 js_library(
   name = PKG_BASE_NAME,
   srcs = NPM_MODULE_EXTRA_FILES,
-  deps = DEPS + [":target"],
+  deps = RUNTIME_DEPS + [":target_node"],
   package_name = PKG_REQUIRE_NAME,
   visibility = ["//visibility:public"],
 )

packages/kbn-babel-code-parser/package.json

@@ -3,7 +3,7 @@
   "description": "babel code parser for Kibana",
   "private": true,
   "version": "1.0.0",
-  "main": "./target/index.js",
+  "main": "./target_node/index.js",
   "license": "SSPL-1.0 OR Elastic License 2.0",
   "repository": {
     "type": "git",

packages/kbn-es/BUILD.bazel

@@ -1,5 +1,5 @@
 load("@build_bazel_rules_nodejs//:index.bzl", "js_library", "pkg_npm")
-load("@npm//@babel/cli:index.bzl", "babel")
+load("//src/dev/bazel:index.bzl", "jsts_transpiler")
 
 PKG_BASE_NAME = "kbn-es"
 PKG_REQUIRE_NAME = "@kbn/es"
@@ -27,8 +27,7 @@ NPM_MODULE_EXTRA_FILES = [
   "README.md",
 ]
 
-DEPS = [
-  "//packages/kbn-babel-preset",
+RUNTIME_DEPS = [
   "@npm//@elastic/elasticsearch",
   "@npm//abort-controller",
   "@npm//chalk",
@@ -43,31 +42,16 @@ DEPS = [
   "@npm//zlib"
 ]
 
-babel(
-  name = "target",
-  data = DEPS + [
-      ":srcs",
-      ".babelrc",
-  ],
-  output_dir = True,
-  # the following arg paths includes $(execpath) as babel runs on the sandbox root
-  args = [
-      "./%s/src" % package_name(),
-      "--config-file",
-      "./%s/.babelrc" % package_name(),
-      "--out-dir",
-      "$(@D)",
-      "--extensions",
-      ".ts,.js",
-      "--copy-files",
-      "--quiet"
-  ],
+jsts_transpiler(
+  name = "target_node",
+  srcs = SRCS,
+  build_pkg_name = package_name(),
 )
 
 js_library(
   name = PKG_BASE_NAME,
   srcs = NPM_MODULE_EXTRA_FILES,
-  deps = DEPS + [":target"],
+  deps = RUNTIME_DEPS + [":target_node"],
   package_name = PKG_REQUIRE_NAME,
   visibility = ["//visibility:public"],
 )

packages/kbn-es/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kbn/es",
-  "main": "./target/index.js",
+  "main": "./target_node/index.js",
   "version": "1.0.0",
   "license": "SSPL-1.0 OR Elastic License 2.0",
   "private": true,

packages/kbn-optimizer/limits.yml

@@ -107,7 +107,7 @@ pageLoadAssetSize:
   dataVisualizer: 27530
   banners: 17946
   mapsEms: 26072
-  timelines: 330000
+  timelines: 327300
   screenshotMode: 17856
   visTypePie: 35583
   expressionRevealImage: 25675
@@ -116,5 +116,6 @@ pageLoadAssetSize:
   expressionRepeatImage: 22341
   expressionImage: 19288
   expressionMetric: 22238
-  expressionShape: 30033
+  expressionShape: 34008
   interactiveSetup: 18532
+

packages/kbn-server-http-tools/.babelrc

@@ -0,0 +1,3 @@
+{
+  "presets": ["@kbn/babel-preset/node_preset"]
+}