Merge branch 'master' of github.com:elastic/kibana into security-rac-…

…rules-migration
elastic · Oct 25, 2021 · b62e83e · b62e83e
2 parents 3531a2d + de2ca18
commit b62e83e
Show file tree

Hide file tree

Showing 119 changed files with 1,087 additions and 573 deletions.
diff --git a/docs/developer/advanced/running-elasticsearch.asciidoc b/docs/developer/advanced/running-elasticsearch.asciidoc
@@ -76,7 +76,6 @@ If many other users will be interacting with your remote cluster, you'll want to
 [source,bash]
 ----
 kibana.index: '.{YourGitHubHandle}-kibana'
-xpack.task_manager.index: '.{YourGitHubHandle}-task-manager-kibana'
 ----
 
 ==== Running remote clusters

diff --git a/docs/settings/task-manager-settings.asciidoc b/docs/settings/task-manager-settings.asciidoc
@@ -22,9 +22,6 @@ Task Manager runs background tasks by polling for work on an interval.  You can
 | `xpack.task_manager.request_capacity`
   | How many requests can Task Manager buffer before it rejects new requests.  Defaults to 1000.
 
-| `xpack.task_manager.index`
-  | The name of the index used to store task information.  Defaults to `.kibana_task_manager`.
-
   | `xpack.task_manager.max_workers`
   | The maximum number of tasks that this Kibana instance will run simultaneously.  Defaults to 10.
     Starting in 8.0, it will not be possible to set the value greater than 100.

diff --git a/.../user/production-considerations/task-manager-production-considerations.asciidoc b/.../user/production-considerations/task-manager-production-considerations.asciidoc
@@ -12,7 +12,7 @@ This has three major benefits:
 
 [IMPORTANT]
 ==============================================
-Task definitions for alerts and actions are stored in the index specified by <<task-manager-settings, `xpack.task_manager.index`>>. The default is `.kibana_task_manager`.
+Task definitions for alerts and actions are stored in the index called `.kibana_task_manager`.
  
 You must have at least one replica of this index for production deployments.
 

diff --git a/packages/kbn-optimizer/limits.yml b/packages/kbn-optimizer/limits.yml
@@ -94,7 +94,7 @@ pageLoadAssetSize:
   expressionShape: 34008
   interactiveSetup: 80000
   expressionTagcloud: 27505
-  securitySolution: 231753
+  securitySolution: 273763
   customIntegrations: 28810
   expressionMetricVis: 23121
   visTypeMetric: 23332

diff --git a/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker b/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker
@@ -365,7 +365,6 @@ kibana_vars=(
     xpack.securitySolution.prebuiltRulesFromFileSystem
     xpack.securitySolution.prebuiltRulesFromSavedObjects
     xpack.spaces.maxSpaces
-    xpack.task_manager.index
     xpack.task_manager.max_attempts
     xpack.task_manager.max_poll_inactivity_cycles
     xpack.task_manager.max_workers

diff --git a/src/plugins/dashboard/server/saved_objects/dashboard.ts b/src/plugins/dashboard/server/saved_objects/dashboard.ts
@@ -19,7 +19,8 @@ export const createDashboardSavedObjectType = ({
 }): SavedObjectsType => ({
   name: 'dashboard',
   hidden: false,
-  namespaceType: 'single',
+  namespaceType: 'multiple-isolated',
+  convertToMultiNamespaceTypeVersion: '8.0.0',
   management: {
     icon: 'dashboardApp',
     defaultSearchField: 'title',

diff --git a/src/plugins/kibana_usage_collection/server/collectors/application_usage/schema.ts b/src/plugins/kibana_usage_collection/server/collectors/application_usage/schema.ts
@@ -156,7 +156,7 @@ export const applicationUsageSchema = {
   security_login: commonSchema,
   security_logout: commonSchema,
   security_overwritten_session: commonSchema,
-  securitySolution: commonSchema,
+  securitySolutionUI: commonSchema,
   siem: commonSchema,
   space_selector: commonSchema,
   uptime: commonSchema,

diff --git a/src/plugins/telemetry/schema/oss_plugins.json b/src/plugins/telemetry/schema/oss_plugins.json
@@ -5018,7 +5018,7 @@
             }
           }
         },
-        "securitySolution": {
+        "securitySolutionUI": {
           "properties": {
             "appId": {
               "type": "keyword",

diff --git a/test/api_integration/apis/saved_objects_management/find.ts b/test/api_integration/apis/saved_objects_management/find.ts
@@ -202,7 +202,7 @@ export default function ({ getService }: FtrProviderContext) {
                 path: '/app/dashboards#/view/b70c7ae0-3224-11e8-a572-ffca06da1357',
                 uiCapabilitiesPath: 'dashboard.show',
               },
-              namespaceType: 'single',
+              namespaceType: 'multiple-isolated',
             });
           }));
 

diff --git a/test/api_integration/apis/saved_objects_management/relationships.ts b/test/api_integration/apis/saved_objects_management/relationships.ts
@@ -301,7 +301,7 @@ export default function ({ getService }: FtrProviderContext) {
                 path: '/app/dashboards#/view/b70c7ae0-3224-11e8-a572-ffca06da1357',
                 uiCapabilitiesPath: 'dashboard.show',
               },
-              namespaceType: 'single',
+              namespaceType: 'multiple-isolated',
               hiddenType: false,
             },
           },

diff --git a/x-pack/plugins/security_solution/common/constants.ts b/x-pack/plugins/security_solution/common/constants.ts
@@ -12,6 +12,7 @@ import { ENABLE_CASE_CONNECTOR } from '../../cases/common';
 import { METADATA_TRANSFORMS_PATTERN } from './endpoint/constants';
 
 export const APP_ID = 'securitySolution' as const;
+export const APP_UI_ID = 'securitySolutionUI';
 export const CASES_FEATURE_ID = 'securitySolutionCases' as const;
 export const SERVER_APP_ID = 'siem' as const;
 export const APP_NAME = 'Security' as const;

diff --git a/x-pack/plugins/security_solution/public/app/deep_links/index.test.ts b/x-pack/plugins/security_solution/public/app/deep_links/index.test.ts
@@ -8,7 +8,7 @@ import { getDeepLinks, PREMIUM_DEEP_LINK_IDS } from '.';
 import { AppDeepLink, Capabilities } from '../../../../../../src/core/public';
 import { SecurityPageName } from '../types';
 import { mockGlobalState } from '../../common/mock';
-import { CASES_FEATURE_ID } from '../../../common/constants';
+import { CASES_FEATURE_ID, SERVER_APP_ID } from '../../../common/constants';
 
 const findDeepLink = (id: string, deepLinks: AppDeepLink[]): AppDeepLink | null =>
   deepLinks.reduce((deepLinkFound: AppDeepLink | null, deepLink) => {
@@ -24,10 +24,11 @@ const findDeepLink = (id: string, deepLinks: AppDeepLink[]): AppDeepLink | null
     return null;
   }, null);
 
+const basicLicense = 'basic';
+const platinumLicense = 'platinum';
+
 describe('deepLinks', () => {
   it('should return a subset of links for basic license and the full set for platinum', () => {
-    const basicLicense = 'basic';
-    const platinumLicense = 'platinum';
     const basicLinks = getDeepLinks(mockGlobalState.app.enableExperimental, basicLicense);
     const platinumLinks = getDeepLinks(mockGlobalState.app.enableExperimental, platinumLicense);
 
@@ -57,44 +58,58 @@ describe('deepLinks', () => {
   });
 
   it('should return case links for basic license with only read_cases capabilities', () => {
-    const basicLicense = 'basic';
     const basicLinks = getDeepLinks(mockGlobalState.app.enableExperimental, basicLicense, {
       [CASES_FEATURE_ID]: { read_cases: true, crud_cases: false },
+      [SERVER_APP_ID]: { show: true },
     } as unknown as Capabilities);
-
     expect(findDeepLink(SecurityPageName.case, basicLinks)).toBeTruthy();
   });
 
   it('should return case links with NO deepLinks for basic license with only read_cases capabilities', () => {
-    const basicLicense = 'basic';
     const basicLinks = getDeepLinks(mockGlobalState.app.enableExperimental, basicLicense, {
       [CASES_FEATURE_ID]: { read_cases: true, crud_cases: false },
+      [SERVER_APP_ID]: { show: true },
     } as unknown as Capabilities);
     expect(findDeepLink(SecurityPageName.case, basicLinks)?.deepLinks?.length === 0).toBeTruthy();
   });
 
   it('should return case links with deepLinks for basic license with crud_cases capabilities', () => {
-    const basicLicense = 'basic';
     const basicLinks = getDeepLinks(mockGlobalState.app.enableExperimental, basicLicense, {
       [CASES_FEATURE_ID]: { read_cases: true, crud_cases: true },
+      [SERVER_APP_ID]: { show: true },
     } as unknown as Capabilities);
 
     expect(
       (findDeepLink(SecurityPageName.case, basicLinks)?.deepLinks?.length ?? 0) > 0
     ).toBeTruthy();
   });
 
+  it('should return case links with deepLinks for basic license with crud_cases capabilities and security disabled', () => {
+    const basicLinks = getDeepLinks(mockGlobalState.app.enableExperimental, platinumLicense, {
+      [CASES_FEATURE_ID]: { read_cases: true, crud_cases: true },
+      [SERVER_APP_ID]: { show: false },
+    } as unknown as Capabilities);
+    expect(findDeepLink(SecurityPageName.case, basicLinks)).toBeTruthy();
+  });
+
   it('should return NO case links for basic license with NO read_cases capabilities', () => {
-    const basicLicense = 'basic';
     const basicLinks = getDeepLinks(mockGlobalState.app.enableExperimental, basicLicense, {
       [CASES_FEATURE_ID]: { read_cases: false, crud_cases: false },
+      [SERVER_APP_ID]: { show: true },
     } as unknown as Capabilities);
-
     expect(findDeepLink(SecurityPageName.case, basicLinks)).toBeFalsy();
   });
 
+  it('should return empty links for any license', () => {
+    const emptyDeepLinks = getDeepLinks(
+      mockGlobalState.app.enableExperimental,
+      basicLicense,
+      {} as unknown as Capabilities
+    );
+    expect(emptyDeepLinks.length).toBe(0);
+  });
+
   it('should return case links for basic license with undefined capabilities', () => {
-    const basicLicense = 'basic';
     const basicLinks = getDeepLinks(
       mockGlobalState.app.enableExperimental,
       basicLicense,
@@ -105,7 +120,6 @@ describe('deepLinks', () => {
   });
 
   it('should return case deepLinks for basic license with undefined capabilities', () => {
-    const basicLicense = 'basic';
     const basicLinks = getDeepLinks(
       mockGlobalState.app.enableExperimental,
       basicLicense,

diff --git a/x-pack/plugins/security_solution/public/app/deep_links/index.ts b/x-pack/plugins/security_solution/public/app/deep_links/index.ts
@@ -6,16 +6,11 @@
  */
 
 import { i18n } from '@kbn/i18n';
-import { Subject } from 'rxjs';
 
+import { isEmpty } from 'lodash';
 import { LicenseType } from '../../../../licensing/common/types';
 import { SecurityPageName } from '../types';
-import {
-  AppDeepLink,
-  ApplicationStart,
-  AppNavLinkStatus,
-  AppUpdater,
-} from '../../../../../../src/core/public';
+import { AppDeepLink, ApplicationStart, AppNavLinkStatus } from '../../../../../../src/core/public';
 import {
   OVERVIEW,
   DETECT,
@@ -50,6 +45,7 @@ import {
   UEBA_PATH,
   CASES_FEATURE_ID,
   HOST_ISOLATION_EXCEPTIONS_PATH,
+  SERVER_APP_ID,
 } from '../../../common/constants';
 import { ExperimentalFeatures } from '../../../common/experimental_features';
 
@@ -356,25 +352,18 @@ export function getDeepLinks(
 ): AppDeepLink[] {
   const isPremium = isPremiumLicense(licenseType);
 
+  /**
+   * Recursive DFS function to filter deepLinks by permissions (licence and capabilities).
+   * Checks "end" deepLinks with no children first, the other parent deepLinks will be included if
+   * they still have children deepLinks after filtering
+   */
   const filterDeepLinks = (deepLinks: AppDeepLink[]): AppDeepLink[] => {
     return deepLinks
-      .filter((deepLink) => {
-        if (!isPremium && PREMIUM_DEEP_LINK_IDS.has(deepLink.id)) {
-          return false;
-        }
-        if (deepLink.id === SecurityPageName.case) {
-          return capabilities == null || capabilities[CASES_FEATURE_ID].read_cases === true;
-        }
-        if (deepLink.id === SecurityPageName.ueba) {
-          return enableExperimental.uebaEnabled;
-        }
-        return true;
-      })
       .map((deepLink) => {
         if (
           deepLink.id === SecurityPageName.case &&
           capabilities != null &&
-          capabilities[CASES_FEATURE_ID].crud_cases === false
+          capabilities[CASES_FEATURE_ID]?.crud_cases === false
         ) {
           return {
             ...deepLink,
@@ -388,6 +377,21 @@ export function getDeepLinks(
           };
         }
         return deepLink;
+      })
+      .filter((deepLink) => {
+        if (!isPremium && PREMIUM_DEEP_LINK_IDS.has(deepLink.id)) {
+          return false;
+        }
+        if (deepLink.path && deepLink.path.startsWith(CASES_PATH)) {
+          return capabilities == null || capabilities[CASES_FEATURE_ID]?.read_cases === true;
+        }
+        if (deepLink.id === SecurityPageName.ueba) {
+          return enableExperimental.uebaEnabled;
+        }
+        if (!isEmpty(deepLink.deepLinks)) {
+          return true;
+        }
+        return capabilities == null || capabilities[SERVER_APP_ID]?.show === true;
       });
   };
 
@@ -402,18 +406,3 @@ export function isPremiumLicense(licenseType?: LicenseType): boolean {
     licenseType === 'trial'
   );
 }
-
-export function updateGlobalNavigation({
-  capabilities,
-  updater$,
-  enableExperimental,
-}: {
-  capabilities: ApplicationStart['capabilities'];
-  updater$: Subject<AppUpdater>;
-  enableExperimental: ExperimentalFeatures;
-}) {
-  updater$.next(() => ({
-    navLinkStatus: AppNavLinkStatus.hidden, // needed to prevent showing main nav link
-    deepLinks: getDeepLinks(enableExperimental, undefined, capabilities),
-  }));
-}
diff --git a/x-pack/plugins/security_solution/public/app/home/template_wrapper/index.tsx b/x-pack/plugins/security_solution/public/app/home/template_wrapper/index.tsx
@@ -78,8 +78,12 @@ export const SecuritySolutionTemplateWrapper: React.FC<SecuritySolutionPageWrapp
     const showEmptyState = useShowPagesWithEmptyView();
     const emptyStateProps = showEmptyState ? NO_DATA_PAGE_TEMPLATE_PROPS : {};
 
-    // StyledKibanaPageTemplate is a styled EuiPageTemplate. Security solution currently passes the header and page content as the children of StyledKibanaPageTemplate, as opposed to using the pageHeader prop, which may account for any style discrepancies, such as the bottom border not extending the full width of the page, between EuiPageTemplate and the security solution pages.
-
+    /*
+     * StyledKibanaPageTemplate is a styled EuiPageTemplate. Security solution currently passes the header
+     * and page content as the children of StyledKibanaPageTemplate, as opposed to using the pageHeader prop,
+     * which may account for any style discrepancies, such as the bottom border not extending the full width of the page,
+     * between EuiPageTemplate and the security solution pages.
+     */
     return (
       <StyledKibanaPageTemplate
         $isTimelineBottomBarVisible={isTimelineBottomBarVisible}

diff --git a/x-pack/plugins/security_solution/public/app/index.tsx b/x-pack/plugins/security_solution/public/app/index.tsx
@@ -7,8 +7,7 @@
 
 import React from 'react';
 import { render, unmountComponentAtNode } from 'react-dom';
-import { Redirect, Route, Switch } from 'react-router-dom';
-import { OVERVIEW_PATH } from '../../common/constants';
+import { Route, Switch } from 'react-router-dom';
 
 import { NotFoundPage } from './404';
 import { SecurityApp } from './app';
@@ -22,7 +21,7 @@ export const renderApp = ({
   services,
   store,
   usageCollection,
-  subPlugins,
+  subPluginRoutes,
 }: RenderAppProps): (() => void) => {
   const ApplicationUsageTrackingProvider =
     usageCollection?.components.ApplicationUsageTrackingProvider ?? React.Fragment;
@@ -36,25 +35,9 @@ export const renderApp = ({
     >
       <ApplicationUsageTrackingProvider>
         <Switch>
-          {[
-            ...subPlugins.overview.routes,
-            ...subPlugins.alerts.routes,
-            ...subPlugins.rules.routes,
-            ...subPlugins.exceptions.routes,
-            ...subPlugins.hosts.routes,
-            ...subPlugins.network.routes,
-            // will be undefined if enabledExperimental.uebaEnabled === false
-            ...(subPlugins.ueba != null ? subPlugins.ueba.routes : []),
-            ...subPlugins.timelines.routes,
-            ...subPlugins.cases.routes,
-            ...subPlugins.management.routes,
-          ].map((route, index) => (
-            <Route key={`route-${index}`} {...route} />
-          ))}
-
-          <Route path="" exact>
-            <Redirect to={OVERVIEW_PATH} />
-          </Route>
+          {subPluginRoutes.map((route, index) => {
+            return <Route key={`route-${index}`} {...route} />;
+          })}
           <Route>
             <NotFoundPage />
           </Route>