Merge branch 'master' into i18n/test_kibana_translation_paths

elastic · Oct 27, 2020 · 6d42c33 · 6d42c33
2 parents d0b9dac + 8fa93bc
commit 6d42c33
Show file tree

Hide file tree

Showing 48 changed files with 593 additions and 487 deletions.
diff --git a/docs/management/advanced-options.asciidoc b/docs/management/advanced-options.asciidoc
@@ -11,6 +11,13 @@ values.
 . Enter a new value for the setting.
 . Click *Save changes*.
 
+[float]
+=== Required permissions
+
+The `Advanced Settings` {kib} privilege is required to access *Advanced Settings*.
+
+To add the privilege, open the menu, then click *Stack Management > Roles*.
+
 
 [float]
 [[settings-read-only-access]]

diff --git a/docs/management/alerting/alerts-and-actions-intro.asciidoc b/docs/management/alerting/alerts-and-actions-intro.asciidoc
@@ -24,3 +24,8 @@ The *Alerts and Actions* UI only shows alerts and connectors for the current spa
 can be managed through the <<watcher-ui, Watcher UI>>. See
 <<alerting-concepts-differences>> for more information.
 ============================================================================
+
+[float]
+=== Required permissions
+
+Access to alerts and actions is granted based on your privileges to alerting-enabled features. See <<alerting-security, Alerting Security>> for more information.
diff --git a/docs/management/managing-beats.asciidoc b/docs/management/managing-beats.asciidoc
@@ -29,6 +29,13 @@ more information, see https://www.elastic.co/subscriptions and
 enrollment and configuration process step by step the first time you use the
 Central Management UI.
 
+[float]
+=== Required permissions
+
+You must have the `beats_admin` role assigned to use **{beats} Central Management**
+
+To assign the role, open the menu, then click *Stack Management > Users*.
+
 
 [float]
 === Enroll {beats}

diff --git a/docs/management/managing-fields.asciidoc b/docs/management/managing-fields.asciidoc
@@ -7,6 +7,13 @@ the index patterns that retrieve your data from {es}.
 [role="screenshot"]
 image::images/management-index-patterns.png[]
 
+[float]
+=== Required permissions
+
+The `Index Pattern Management` {kib} privilege is required to access the *Index patterns* UI.
+
+To add the privilege, open the menu, then click *Stack Management > Roles*.
+
 [float]
 === Create an index pattern
 

diff --git a/docs/management/managing-saved-objects.asciidoc b/docs/management/managing-saved-objects.asciidoc
@@ -10,6 +10,16 @@ To get started, open the main menu, then click *Stack Management > Saved Objects
 [role="screenshot"]
 image::images/management-saved-objects.png[Saved Objects]
 
+[float]
+=== Required permissions
+
+The `Saved Objects Management` {kib} privilege is required to access the *Saved Objects* UI.
+
+To add the privilege, open the menu, then click *Stack Management > Roles*.
+
+NOTE:
+Granting access to Saved Objects Management will authorize users to manage all saved objects in {kib}, including objects that are managed by applications they may not otherwise be authorized to access.
+
 
 [float]
 [[managing-saved-objects-view]]

diff --git a/docs/spaces/images/edit-space-feature-visibility.png b/docs/spaces/images/edit-space-feature-visibility.png
diff --git a/docs/spaces/images/edit-space.png b/docs/spaces/images/edit-space.png
diff --git a/docs/spaces/images/space-selector.png b/docs/spaces/images/space-selector.png
diff --git a/docs/spaces/images/spaces-roles.png b/docs/spaces/images/spaces-roles.png
diff --git a/docs/spaces/index.asciidoc b/docs/spaces/index.asciidoc
@@ -25,6 +25,11 @@ Kibana supports spaces in several ways.  You can:
 * <<spaces-default-route, Configure a Space-level landing page>>
 * <<spaces-delete-started, Disable the Spaces feature>>
 
+[float]
+==== Required permissions
+
+The `kibana_admin` role or equivilent is required to manage **Spaces**.
+
 [float]
 [[spaces-managing]]
 === View, create, and delete spaces

diff --git a/docs/user/introduction.asciidoc b/docs/user/introduction.asciidoc
@@ -112,7 +112,7 @@ You can even choose which features to enable within each space. Don’t need
 Machine learning in your “Executive” space? Simply turn it off.
 
 [role="screenshot"]
-image::images/intro-spaces.jpg[]
+image::images/intro-spaces.png[Space selector screen]
 
 You can take this all one step further with Kibana’s security features, and
 control which users have access to each space. {kib} allows for fine-grained

diff --git a/docs/user/introduction/images/intro-spaces.jpg b/docs/user/introduction/images/intro-spaces.jpg
diff --git a/docs/user/introduction/images/intro-spaces.png b/docs/user/introduction/images/intro-spaces.png
diff --git a/docs/user/management.asciidoc b/docs/user/management.asciidoc
@@ -6,6 +6,10 @@
 *Stack Management* is home to UIs for managing all things Elastic Stack&mdash;
 indices, clusters, licenses, UI settings, index patterns, spaces, and more.
 
+
+Access to individual features is governed by {es} and {kib} privileges.
+Consult your administrator if you do not have the appropriate access.
+
 [float]
 [[manage-ingest]]
 == Ingest

diff --git a/docs/user/security/authorization/index.asciidoc b/docs/user/security/authorization/index.asciidoc
@@ -12,7 +12,12 @@ NOTE: When running multiple tenants of {kib} by changing the `kibana.index` in y
 [[xpack-kibana-role-management]]
 === {kib} role management
 
-To create a role that grants {kib} privileges, open the main menu, click *Stack Management > Roles*, then click *Create role*. 
+To create a role that grants {kib} privileges, open the menu, then click *Stack Management > Roles* and click **Create role**.
+
+[float]
+==== Required permissions
+
+The `manage_security` cluster privilege is required to access role management.
 
 [[adding_kibana_privileges]]
 ==== Adding {kib} privileges

diff --git a/docs/user/security/images/add-space-privileges.png b/docs/user/security/images/add-space-privileges.png
diff --git a/docs/user/security/images/assign_base_privilege.png b/docs/user/security/images/assign_base_privilege.png
diff --git a/docs/user/security/images/assign_feature_privilege.png b/docs/user/security/images/assign_feature_privilege.png
diff --git a/docs/user/security/images/privilege-example-1.png b/docs/user/security/images/privilege-example-1.png
diff --git a/docs/user/security/images/role-space-visualization.png b/docs/user/security/images/role-space-visualization.png
diff --git a/docs/user/security/images/view-privilege-summary.png b/docs/user/security/images/view-privilege-summary.png
diff --git a/docs/user/security/index.asciidoc b/docs/user/security/index.asciidoc
@@ -10,6 +10,12 @@ auditing. For more information, see
 {ref}/secure-cluster.html[Secure a cluster] and
 <<using-kibana-with-security,Configuring Security in {kib}>>.
 
+[float]
+=== Required permissions
+
+The `manage_security` cluster privilege is required to access all Security features.
+
+
 [float]
 === Users
 

diff --git a/docs/user/security/role-mappings/index.asciidoc b/docs/user/security/role-mappings/index.asciidoc
@@ -19,6 +19,11 @@ With *Role mappings*, you can:
 [role="screenshot"]
 image:user/security/role-mappings/images/role-mappings-grid.png["Role mappings"]
 
+[float]
+==== Required permissions
+
+The `manage_security` cluster privilege is required to manage Role Mappings.
+
 
 [float]
 === Create a role mapping

diff --git a/x-pack/plugins/actions/server/builtin_action_types/webhook.test.ts b/x-pack/plugins/actions/server/builtin_action_types/webhook.test.ts
@@ -90,9 +90,8 @@ describe('config validation', () => {
   };
 
   test('config validation passes when only required fields are provided', () => {
-    const config: Record<string, string | boolean> = {
+    const config: Record<string, string> = {
       url: 'http://mylisteningserver:9200/endpoint',
-      hasAuth: true,
     };
     expect(validateConfig(actionType, config)).toEqual({
       ...defaultValues,
@@ -102,10 +101,9 @@ describe('config validation', () => {
 
   test('config validation passes when valid methods are provided', () => {
     ['post', 'put'].forEach((method) => {
-      const config: Record<string, string | boolean> = {
+      const config: Record<string, string> = {
         url: 'http://mylisteningserver:9200/endpoint',
         method,
-        hasAuth: true,
       };
       expect(validateConfig(actionType, config)).toEqual({
         ...defaultValues,
@@ -129,9 +127,8 @@ describe('config validation', () => {
   });
 
   test('config validation passes when a url is specified', () => {
-    const config: Record<string, string | boolean> = {
+    const config: Record<string, string> = {
       url: 'http://mylisteningserver:9200/endpoint',
-      hasAuth: true,
     };
     expect(validateConfig(actionType, config)).toEqual({
       ...defaultValues,
@@ -158,7 +155,6 @@ describe('config validation', () => {
       headers: {
         'Content-Type': 'application/json',
       },
-      hasAuth: true,
     };
     expect(validateConfig(actionType, config)).toEqual({
       ...defaultValues,
@@ -188,7 +184,6 @@ describe('config validation', () => {
       headers: {
         'Content-Type': 'application/json',
       },
-      hasAuth: true,
     };
 
     expect(validateConfig(actionType, config)).toEqual({
@@ -268,7 +263,6 @@ describe('execute()', () => {
       headers: {
         aheader: 'a value',
       },
-      hasAuth: true,
     };
     await actionType.executor({
       actionId: 'some-id',
@@ -326,7 +320,6 @@ describe('execute()', () => {
       headers: {
         aheader: 'a value',
       },
-      hasAuth: false,
     };
     const secrets: ActionTypeSecretsType = { user: null, password: null };
     await actionType.executor({

diff --git a/x-pack/plugins/actions/server/builtin_action_types/webhook.ts b/x-pack/plugins/actions/server/builtin_action_types/webhook.ts
@@ -42,7 +42,6 @@ const configSchemaProps = {
     defaultValue: WebhookMethods.POST,
   }),
   headers: nullableType(HeadersSchema),
-  hasAuth: schema.boolean({ defaultValue: true }),
 };
 const ConfigSchema = schema.object(configSchemaProps);
 export type ActionTypeConfigType = TypeOf<typeof ConfigSchema>;
@@ -129,12 +128,12 @@ export async function executor(
   execOptions: WebhookActionTypeExecutorOptions
 ): Promise<ActionTypeExecutorResult<unknown>> {
   const actionId = execOptions.actionId;
-  const { method, url, headers = {}, hasAuth } = execOptions.config;
+  const { method, url, headers = {} } = execOptions.config;
   const { body: data } = execOptions.params;
 
   const secrets: ActionTypeSecretsType = execOptions.secrets;
   const basicAuth =
-    hasAuth && isString(secrets.user) && isString(secrets.password)
+    isString(secrets.user) && isString(secrets.password)
       ? { auth: { username: secrets.user, password: secrets.password } }
       : {};
 

diff --git a/x-pack/plugins/actions/server/saved_objects/migrations.test.ts b/x-pack/plugins/actions/server/saved_objects/migrations.test.ts
@@ -58,63 +58,6 @@ describe('7.10.0', () => {
   });
 });
 
-describe('7.11.0', () => {
-  beforeEach(() => {
-    jest.resetAllMocks();
-    encryptedSavedObjectsSetup.createMigration.mockImplementation(
-      (shouldMigrateWhenPredicate, migration) => migration
-    );
-  });
-
-  test('add hasAuth = true for .webhook actions with user and password', () => {
-    const migration711 = getMigrations(encryptedSavedObjectsSetup)['7.11.0'];
-    const action = getMockDataForWebhook({}, true);
-    expect(migration711(action, context)).toMatchObject({
-      ...action,
-      attributes: {
-        ...action.attributes,
-        config: {
-          hasAuth: true,
-        },
-      },
-    });
-  });
-
-  test('add hasAuth = false for .webhook actions without user and password', () => {
-    const migration711 = getMigrations(encryptedSavedObjectsSetup)['7.11.0'];
-    const action = getMockDataForWebhook({}, false);
-    expect(migration711(action, context)).toMatchObject({
-      ...action,
-      attributes: {
-        ...action.attributes,
-        config: {
-          hasAuth: false,
-        },
-      },
-    });
-  });
-});
-
-function getMockDataForWebhook(
-  overwrites: Record<string, unknown> = {},
-  hasUserAndPassword: boolean
-): SavedObjectUnsanitizedDoc<RawAction> {
-  const secrets = hasUserAndPassword
-    ? { user: 'test', password: '123' }
-    : { user: '', password: '' };
-  return {
-    attributes: {
-      name: 'abc',
-      actionTypeId: '.webhook',
-      config: {},
-      secrets,
-      ...overwrites,
-    },
-    id: uuid.v4(),
-    type: 'action',
-  };
-}
-
 function getMockDataForEmail(
   overwrites: Record<string, unknown> = {}
 ): SavedObjectUnsanitizedDoc<RawAction> {

diff --git a/x-pack/plugins/actions/server/saved_objects/migrations.ts b/x-pack/plugins/actions/server/saved_objects/migrations.ts
@@ -25,18 +25,8 @@ export function getMigrations(
     pipeMigrations(renameCasesConfigurationObject, addHasAuthConfigurationObject)
   );
 
-  const migrationWebhookConnectorHasAuth = encryptedSavedObjects.createMigration<
-    RawAction,
-    RawAction
-  >(
-    (doc): doc is SavedObjectUnsanitizedDoc<RawAction> =>
-      doc.attributes.actionTypeId === '.webhook',
-    pipeMigrations(addHasAuthConfigurationObject)
-  );
-
   return {
     '7.10.0': executeMigrationWithErrorHandling(migrationActions, '7.10.0'),
-    '7.11.0': executeMigrationWithErrorHandling(migrationWebhookConnectorHasAuth, '7.11.0'),
   };
 }
 

diff --git a/...ecurity_solution/public/management/pages/policy/view/policy_forms/protections/malware.tsx b/...ecurity_solution/public/management/pages/policy/view/policy_forms/protections/malware.tsx
@@ -11,6 +11,7 @@ import {
   EuiRadio,
   EuiSwitch,
   EuiTitle,
+  EuiText,
   EuiSpacer,
   htmlIdGenerator,
   EuiCallOut,
@@ -28,6 +29,7 @@ import { policyConfig } from '../../../store/policy_details/selectors';
 import { usePolicyDetailsSelector } from '../../policy_hooks';
 import { clone } from '../../../models/policy_details_config';
 import { LinkToApp } from '../../../../../../common/components/endpoint/link_to_app';
+import { popupVersionsMap } from './popup_options_to_versions';
 
 const ProtectionRadioGroup = styled.div`
   display: flex;
@@ -83,6 +85,25 @@ const ProtectionRadio = React.memo(({ id, label }: { id: ProtectionModes; label:
 
 ProtectionRadio.displayName = 'ProtectionRadio';
 
+const SupportedVersionNotice = ({ optionName }: { optionName: string }) => {
+  const version = popupVersionsMap.get(optionName);
+  if (!version) {
+    return null;
+  }
+
+  return (
+    <EuiText color="subdued" size="xs">
+      <i>
+        <FormattedMessage
+          id="xpack.securitySolution.endpoint.policyDetails.supportedVersion"
+          defaultMessage="Agent version {version}"
+          values={{ version }}
+        />
+      </i>
+    </EuiText>
+  );
+};
+
 /** The Malware Protections form for policy details
  *  which will configure for all relevant OSes.
  */
@@ -189,14 +210,15 @@ export const MalwareProtections = React.memo(() => {
             />
           </h6>
         </EuiTitle>
+        <SupportedVersionNotice optionName="malware" />
+        <EuiSpacer size="s" />
         <EuiCheckbox
           id="xpack.securitySolution.endpoint.policyDetail.malware.userNotification"
           onChange={handleUserNotificationCheckbox}
           checked={userNotificationSelected}
-          label={i18n.translate(
-            'xpack.securitySolution.endpoint.policyDetail.malware.userNotification',
-            { defaultMessage: 'User Notification' }
-          )}
+          label={i18n.translate('xpack.securitySolution.endpoint.policyDetail.malware.notifyUser', {
+            defaultMessage: 'Notify User',
+          })}
         />
       </>
     );

diff --git a/...public/management/pages/policy/view/policy_forms/protections/popup_options_to_versions.ts b/...public/management/pages/policy/view/policy_forms/protections/popup_options_to_versions.ts
@@ -0,0 +1,9 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+const popupVersions: Array<[string, string]> = [['malware', '7.11+']];
+
+export const popupVersionsMap: ReadonlyMap<string, string> = new Map<string, string>(popupVersions);
diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json
@@ -20244,6 +20244,7 @@
     "xpack.triggersActionsUI.sections.actionsConnectorsList.unableToLoadActionTypesMessage": "アクションタイプを読み込めません",
     "xpack.triggersActionsUI.sections.addAction.webhookAction.error.requiredHeaderKeyText": "キーが必要です。",
     "xpack.triggersActionsUI.sections.addAction.webhookAction.error.requiredHeaderValueText": "値が必要です。",
+    "xpack.triggersActionsUI.sections.addAction.webhookAction.error.requiredHostText": "ユーザー名が必要です。",
     "xpack.triggersActionsUI.sections.addAction.webhookAction.error.requiredMethodText": "メソッドが必要です",
     "xpack.triggersActionsUI.sections.addAction.webhookAction.error.requiredPasswordText": "パスワードが必要です。",
     "xpack.triggersActionsUI.sections.addAlert.error.greaterThenThreshold0Text": "しきい値 1 はしきい値 0 よりも大きい値にしてください。",
@@ -20367,7 +20368,6 @@
     "xpack.triggersActionsUI.sections.alertsList.alertStatusOk": "OK",
     "xpack.triggersActionsUI.sections.alertsList.alertStatusPending": "保留中",
     "xpack.triggersActionsUI.sections.alertsList.alertStatusUnknown": "不明",
-    "xpack.triggersActionsUI.sections.alertsList.attentionBannerTitle": "{totalStausesError} {totalStausesError, plural, one {{singleTitle}} other {# {multipleTitle}}}でエラーが見つかりました。",
     "xpack.triggersActionsUI.sections.alertsList.bulkActionPopover.buttonTitle": "アラートを管理",
     "xpack.triggersActionsUI.sections.alertsList.bulkActionPopover.deleteAllTitle": "削除",
     "xpack.triggersActionsUI.sections.alertsList.bulkActionPopover.disableAllTitle": "無効にする",