Merge branch 'master' into add-flyout

.github/workflows/pr-project-assigner.yml

@@ -8,7 +8,7 @@ jobs:
     name: Assign a PR to project based on label
     steps:
       - name: Assign to project
-        uses: elastic/github-actions/project-assigner@v1.0.0
+        uses: elastic/github-actions/project-assigner@v1.0.1
         id: project_assigner
         with:
           issue-mappings: |

.github/workflows/project-assigner.yml

@@ -8,7 +8,7 @@ jobs:
     name: Assign issue or PR to project based on label
     steps:
       - name: Assign to project
-        uses: elastic/github-actions/project-assigner@v1.0.0
+        uses: elastic/github-actions/project-assigner@v1.0.1
         id: project_assigner
         with:
           issue-mappings: '[{"label": "Team:AppArch", "projectName": "kibana-app-arch", "columnId": 6173895}, {"label": "Feature:Lens", "projectName": "Lens", "columnId": 6219363}, {"label": "Team:Canvas", "projectName": "canvas", "columnId": 6187593}]'

docs/management/watcher-ui/index.asciidoc

@@ -34,7 +34,7 @@ If the {es} {security-features} are enabled, you must have the
 {ref}/security-privileges.html[`manage_watcher` or `monitor_watcher`]
 cluster privileges to use Watcher in {kib}.
 
-Alternately, you can have the built-in `kibana_user` role
+Alternately, you can have the built-in `kibana_admin` role
 and either of these watcher roles:
 
 * `watcher_admin`. You can perform all Watcher actions, including create and edit watches.

docs/migration/migrate_8_0.asciidoc

@@ -80,6 +80,21 @@ specified explicitly.
 
 *Impact:* Any workflow that involved manually clearing generated bundles will have to be updated with the new path.
 
+[float]
+[[breaking_80_user_role_changes]]
+=== User role changes
+
+[float]
+==== `kibana_user` role has been removed and `kibana_admin` has been added.
+
+*Details:* The `kibana_user` role has been removed and `kibana_admin` has been added to better
+reflect its intended use. This role continues to grant all access to every
+{kib} feature. If you wish to restrict access to specific features, create
+custom roles with {kibana-ref}/kibana-privileges.html[{kib} privileges].
+
+*Impact:* Any users currently assigned the `kibana_user` role will need to
+instead be assigned the `kibana_admin` role to maintain their current
+access level.
 
 [float]
 [[breaking_80_reporting_changes]]

docs/uptime-guide/security.asciidoc

@@ -42,15 +42,15 @@ PUT /_security/role/uptime
 === Assign the role to a user
 
 Next, you'll need to create a user with both the `uptime` role, and another role with sufficient {kibana-ref}/kibana-privileges.html[Kibana privileges],
-such as the `kibana_user` role.
+such as the `kibana_admin` role.
 You can do this with the following request:
 
 ["source","sh",subs="attributes,callouts"]
 ---------------------------------------------------------------
 PUT /_security/user/jacknich
 {
   "password" : "j@rV1s",
-  "roles" : [ "uptime", "kibana_user" ],
+  "roles" : [ "uptime", "kibana_admin" ],
   "full_name" : "Jack Nicholson",
   "email" : "jacknich@example.com",
   "metadata" : {

docs/user/monitoring/viewing-metrics.asciidoc

@@ -63,7 +63,7 @@ remote monitoring cluster, you must use credentials that are valid on both the
 
 --
 
-.. Create users that have the `monitoring_user` and `kibana_user` 
+.. Create users that have the `monitoring_user` and `kibana_admin` 
 {ref}/built-in-roles.html[built-in roles].
 
 . Open {kib} in your web browser. 

docs/user/security/authorization/index.asciidoc

@@ -2,11 +2,11 @@
 [[xpack-security-authorization]]
 
 === Granting access to {kib}
-The Elastic Stack comes with the `kibana_user` {ref}/built-in-roles.html[built-in role], which you can use to grant access to all Kibana features in all spaces. To grant users access to a subset of spaces or features, you can create a custom role that grants the desired Kibana privileges. 
+The Elastic Stack comes with the `kibana_admin` {ref}/built-in-roles.html[built-in role], which you can use to grant access to all Kibana features in all spaces. To grant users access to a subset of spaces or features, you can create a custom role that grants the desired Kibana privileges. 
 
-When you assign a user multiple roles, the user receives a union of the roles’ privileges. Therefore, assigning the `kibana_user` role in addition to a custom role that grants Kibana privileges is ineffective because `kibana_user` has access to all the features in all spaces.
+When you assign a user multiple roles, the user receives a union of the roles’ privileges. Therefore, assigning the `kibana_admin` role in addition to a custom role that grants Kibana privileges is ineffective because `kibana_admin` has access to all the features in all spaces.
 
-NOTE: When running multiple tenants of Kibana by changing the `kibana.index` in your `kibana.yml`, you cannot use `kibana_user` to grant access. You must create custom roles that authorize the user for that specific tenant. Although multi-tenant installations are supported, the recommended approach to securing access to Kibana segments is to grant users access to specific spaces.
+NOTE: When running multiple tenants of Kibana by changing the `kibana.index` in your `kibana.yml`, you cannot use `kibana_admin` to grant access. You must create custom roles that authorize the user for that specific tenant. Although multi-tenant installations are supported, the recommended approach to securing access to Kibana segments is to grant users access to specific spaces.
 
 [role="xpack"]
 === {kib} role management

docs/user/security/reporting.asciidoc

@@ -85,14 +85,14 @@ elasticsearch.username: 'custom_kibana_system'
 [[reporting-roles-user-api]]
 ==== With the user API
 This example uses the {ref}/security-api-put-user.html[user API] to create a user who has the
-`reporting_user` role and the `kibana_user` role:
+`reporting_user` role and the `kibana_admin` role:
 
 [source, sh]
 ---------------------------------------------------------------
 POST /_security/user/reporter
 {
   "password" : "x-pack-test-password",
-  "roles" : ["kibana_user", "reporting_user"],
+  "roles" : ["kibana_admin", "reporting_user"],
   "full_name" : "Reporting User"
 }
 ---------------------------------------------------------------
@@ -106,11 +106,11 @@ roles on a per user basis, or assign roles to groups of users. By default, role
 mappings are configured in
 {ref}/mapping-roles.html[`config/shield/role_mapping.yml`].
 For example, the following snippet assigns the user named Bill Murray the
-`kibana_user` and `reporting_user` roles:
+`kibana_admin` and `reporting_user` roles:
 
 [source,yaml]
 --------------------------------------------------------------------------------
-kibana_user:
+kibana_admin:
   - "cn=Bill Murray,dc=example,dc=com"
 reporting_user:
   - "cn=Bill Murray,dc=example,dc=com"

docs/user/security/securing-kibana.asciidoc

@@ -104,15 +104,15 @@ You can manage privileges on the *Management / Security / Roles* page in {kib}.
 If you're using the native realm with Basic Authentication, you can assign roles
 using the *Management / Security / Users* page in {kib} or the
 {ref}/security-api.html#security-user-apis[user management APIs]. For example, 
-the following creates a user named `jacknich` and assigns it the `kibana_user` 
+the following creates a user named `jacknich` and assigns it the `kibana_admin` 
 role:
 
 [source,js]
 --------------------------------------------------------------------------------
 POST /_security/user/jacknich
 {
   "password" : "t0pS3cr3t",
-  "roles" : [ "kibana_user" ]
+  "roles" : [ "kibana_admin" ]
 }
 --------------------------------------------------------------------------------
 // CONSOLE

src/plugins/console/server/lib/elasticsearch_proxy_config.ts

@@ -21,9 +21,10 @@ import _ from 'lodash';
 import http from 'http';
 import https from 'https';
 import url from 'url';
-import { Duration } from 'moment';
 
-const createAgent = (legacyConfig: any) => {
+import { ESConfigForProxy } from '../types';
+
+const createAgent = (legacyConfig: ESConfigForProxy) => {
   const target = url.parse(_.head(legacyConfig.hosts));
   if (!/^https/.test(target.protocol || '')) return new http.Agent();
 
@@ -59,7 +60,7 @@ const createAgent = (legacyConfig: any) => {
   return new https.Agent(agentOptions);
 };
 
-export const getElasticsearchProxyConfig = (legacyConfig: { requestTimeout: Duration }) => {
+export const getElasticsearchProxyConfig = (legacyConfig: ESConfigForProxy) => {
   return {
     timeout: legacyConfig.requestTimeout.asMilliseconds(),
     agent: createAgent(legacyConfig),

src/plugins/console/server/plugin.ts

@@ -60,9 +60,7 @@ export class ConsoleServerPlugin implements Plugin<ConsoleSetup> {
         const legacyConfig = readLegacyEsConfig();
         return {
           ...elasticsearch,
-          hosts: legacyConfig.hosts,
-          requestHeadersWhitelist: legacyConfig.requestHeadersWhitelist,
-          customHeaders: legacyConfig.customHeaders,
+          ...legacyConfig,
         };
       },
       pathFilters: proxyPathFilters,

src/plugins/console/server/types.ts

@@ -31,4 +31,12 @@ export interface ESConfigForProxy {
   requestHeadersWhitelist: string[];
   customHeaders: Record<string, any>;
   requestTimeout: Duration;
+  ssl?: {
+    verificationMode: 'none' | 'certificate' | 'full';
+    certificateAuthorities: string[] | string;
+    alwaysPresentCertificate: boolean;
+    certificate?: string;
+    key?: string;
+    keyPassphrase?: string;
+  };
 }

x-pack/legacy/plugins/apm/public/components/app/ServiceMap/Popover/Contents.tsx

@@ -0,0 +1,66 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import {
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiHorizontalRule,
+  EuiTitle
+} from '@elastic/eui';
+import cytoscape from 'cytoscape';
+import React from 'react';
+import { Buttons } from './Buttons';
+import { Info } from './Info';
+import { ServiceMetricList } from './ServiceMetricList';
+
+const popoverMinWidth = 280;
+
+interface ContentsProps {
+  focusedServiceName?: string;
+  isService: boolean;
+  label: string;
+  onFocusClick: () => void;
+  selectedNodeData: cytoscape.NodeDataDefinition;
+  selectedNodeServiceName: string;
+}
+
+export function Contents({
+  selectedNodeData,
+  focusedServiceName,
+  isService,
+  label,
+  onFocusClick,
+  selectedNodeServiceName
+}: ContentsProps) {
+  return (
+    <EuiFlexGroup
+      direction="column"
+      gutterSize="s"
+      style={{ minWidth: popoverMinWidth }}
+    >
+      <EuiFlexItem>
+        <EuiTitle size="xxs">
+          <h3>{label}</h3>
+        </EuiTitle>
+        <EuiHorizontalRule margin="xs" />
+      </EuiFlexItem>
+      <EuiFlexItem>
+        {isService ? (
+          <ServiceMetricList serviceName={selectedNodeServiceName} />
+        ) : (
+          <Info {...selectedNodeData} />
+        )}
+      </EuiFlexItem>
+      {isService && (
+        <Buttons
+          focusedServiceName={focusedServiceName}
+          onFocusClick={onFocusClick}
+          selectedNodeServiceName={selectedNodeServiceName}
+        />
+      )}
+    </EuiFlexGroup>
+  );
+}

x-pack/legacy/plugins/apm/public/components/app/ServiceMap/Popover/Info.tsx

@@ -4,10 +4,11 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-import React from 'react';
+import lightTheme from '@elastic/eui/dist/eui_theme_light.json';
 import { i18n } from '@kbn/i18n';
+import cytoscape from 'cytoscape';
+import React from 'react';
 import styled from 'styled-components';
-import lightTheme from '@elastic/eui/dist/eui_theme_light.json';
 
 const ItemRow = styled.div`
   line-height: 2;
@@ -19,8 +20,8 @@ const ItemTitle = styled.dt`
 
 const ItemDescription = styled.dd``;
 
-interface InfoProps {
-  type: string;
+interface InfoProps extends cytoscape.NodeDataDefinition {
+  type?: string;
   subtype?: string;
 }
 

x-pack/legacy/plugins/apm/public/components/app/ServiceMap/Popover/Popover.stories.tsx

@@ -0,0 +1,49 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { storiesOf } from '@storybook/react';
+import React from 'react';
+import {
+  ApmPluginContext,
+  ApmPluginContextValue
+} from '../../../../context/ApmPluginContext';
+import { Contents } from './Contents';
+
+const selectedNodeData = {
+  id: 'opbeans-node',
+  label: 'opbeans-node',
+  href:
+    '#/services/opbeans-node/service-map?rangeFrom=now-24h&rangeTo=now&refreshPaused=true&refreshInterval=0',
+  agentName: 'nodejs',
+  type: 'service'
+};
+
+storiesOf('app/ServiceMap/Popover/Contents', module).add(
+  'example',
+  () => {
+    return (
+      <ApmPluginContext.Provider
+        value={
+          ({ core: { notifications: {} } } as unknown) as ApmPluginContextValue
+        }
+      >
+        <Contents
+          selectedNodeData={selectedNodeData}
+          isService={true}
+          label="opbeans-node"
+          onFocusClick={() => {}}
+          selectedNodeServiceName="opbeans-node"
+        />
+      </ApmPluginContext.Provider>
+    );
+  },
+  {
+    info: {
+      propTablesExclude: [ApmPluginContext.Provider],
+      source: false
+    }
+  }
+);