Merge remote-tracking branch 'upstream/8.12' into upgrade-node-18.19.…

…1-8.12
elastic · Feb 20, 2024 · f116deb · f116deb
2 parents cd6a335 + 5a8c34e
commit f116deb
Show file tree

Hide file tree

Showing 26 changed files with 2,698 additions and 1,442 deletions.
diff --git a/docs/CHANGELOG.asciidoc b/docs/CHANGELOG.asciidoc
@@ -10,6 +10,7 @@
 
 Review important information about the {kib} 8.x releases.
 
+* <<release-notes-8.12.2>>
 * <<release-notes-8.12.1>>
 * <<release-notes-8.12.0>>
 * <<release-notes-8.11.4>>
@@ -59,6 +60,35 @@ Review important information about the {kib} 8.x releases.
 * <<release-notes-8.0.0-alpha1>>
 
 --
+[[release-notes-8.12.2]]
+== {kib} 8.12.2
+
+The 8.12.2 release includes the following bug fixes.
+
+[float]
+[[fixes-v8.12.2]]
+=== Bug Fixes
+Alerting::
+* Fixes Discover results when an alert excludes matches from previous runs ({kibana-pull}176690[#176690]).
+* Fixes bug where using select all on the rules list bypassed filters ({kibana-pull}176962[#176962]).
+Elastic Security::
+For the Elastic Security 8.12.2 release information, refer to {security-guide}/release-notes.html[_Elastic Security Solution Release Notes_].
+Fleet::
+* Fixes a popover about inactive agents not being dismissible ({kibana-pull}176929[#176929]).
+* Fixes logstash output being link:https://www.rfc-editor.org/rfc/rfc952[RFC-952] compliant ({kibana-pull}176298[#176298]).
+* Fixes assets being unintentionally moved to the default space during Fleet setup ({kibana-pull}176173[#176173]).
+* Fixes categories labels in integration overview ({kibana-pull}176141[#176141]).
+* Fixes the ability to delete agent policies with inactive agents from UI, the inactive agents need to be unenrolled first ({kibana-pull}175815[#175815]).
+Machine Learning::
+* Fixes Single Metric Viewer's zoom range settings in URL not being restored if the URL specifies a `forecastId` ({kibana-pull}176969[#176969]).
+* Fixes incorrect document count values in Top Values statistics ({kibana-pull}176328[#176328]).
+* Fixes color of markers in Single Metric Viewer when there is sparse data for anomaly detection ({kibana-pull}176303[#176303]).
+Management::
+* Fixes package showing 'Needs authorization' warning even after transform assets were authorized successfully ({kibana-pull}176647[#176647]).
+Observability::
+* Fixes and simplifies write access default behavior ({kibana-pull}177088[#177088]).
+* Fixes recall speed when using CVS output ({kibana-pull}176428[#176428]).
+
 [[release-notes-8.12.1]]
 == {kib} 8.12.1
 

diff --git a/...lic/applications/fleet/sections/agents/agent_list_page/components/agent_status_filter.tsx b/...lic/applications/fleet/sections/agents/agent_list_page/components/agent_status_filter.tsx
@@ -13,6 +13,7 @@ import {
   EuiText,
   EuiTourStep,
   useEuiTheme,
+  EuiLink,
 } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n-react';
@@ -64,17 +65,11 @@ const LeftpaddedNotificationBadge = styled(EuiNotificationBadge)`
   margin-left: 10px;
 `;
 
-const TourStepNoHeaderFooter = styled(EuiTourStep)`
-  .euiTourFooter {
-    display: none;
-  }
-  .euiTourHeader {
-    display: none;
-  }
-`;
-
-const InactiveAgentsTourStep: React.FC<{ isOpen: boolean }> = ({ children, isOpen }) => (
-  <TourStepNoHeaderFooter
+const InactiveAgentsTourStep: React.FC<{
+  isOpen: boolean;
+  setInactiveAgentsCalloutHasBeenDismissed: (val: boolean) => void;
+}> = ({ children, isOpen, setInactiveAgentsCalloutHasBeenDismissed }) => (
+  <EuiTourStep
     content={
       <EuiText size="s">
         <FormattedMessage
@@ -91,9 +86,21 @@ const InactiveAgentsTourStep: React.FC<{ isOpen: boolean }> = ({ children, isOpe
     onFinish={() => {}}
     anchorPosition="upCenter"
     maxWidth={280}
+    footerAction={
+      <EuiLink
+        onClick={() => {
+          setInactiveAgentsCalloutHasBeenDismissed(true);
+        }}
+      >
+        <FormattedMessage
+          id="xpack.fleet.addAgentHelpPopover.footActionButton"
+          defaultMessage="Got it"
+        />
+      </EuiLink>
+    }
   >
     {children as React.ReactElement}
-  </TourStepNoHeaderFooter>
+  </EuiTourStep>
 );
 
 export const AgentStatusFilter: React.FC<{
@@ -160,6 +167,7 @@ export const AgentStatusFilter: React.FC<{
   return (
     <InactiveAgentsTourStep
       isOpen={newlyInactiveAgentsCount > 0 && !inactiveAgentsCalloutHasBeenDismissed}
+      setInactiveAgentsCalloutHasBeenDismissed={setInactiveAgentsCalloutHasBeenDismissed}
     >
       <EuiPopover
         ownFocus

diff --git a/.../security_solution/server/lib/detection_engine/rule_management/logic/crud/update_rules.ts b/.../security_solution/server/lib/detection_engine/rule_management/logic/crud/update_rules.ts
@@ -19,12 +19,14 @@ export interface UpdateRulesOptions {
   rulesClient: RulesClient;
   existingRule: RuleAlertType | null | undefined;
   ruleUpdate: RuleUpdateProps;
+  allowMissingConnectorSecrets?: boolean;
 }
 
 export const updateRules = async ({
   rulesClient,
   existingRule,
   ruleUpdate,
+  allowMissingConnectorSecrets,
 }: UpdateRulesOptions): Promise<PartialRule<RuleParams> | null> => {
   if (existingRule == null) {
     return null;
@@ -81,6 +83,7 @@ export const updateRules = async ({
   const update = await rulesClient.update({
     id: existingRule.id,
     data: newInternalRule,
+    allowMissingConnectorSecrets,
   });
 
   if (existingRule.enabled && enabled === false) {

diff --git a/...ution/server/lib/detection_engine/rule_management/logic/import/import_rules_utils.test.ts b/...ution/server/lib/detection_engine/rule_management/logic/import/import_rules_utils.test.ts
@@ -13,14 +13,15 @@ import {
   getRuleMock,
   getEmptyFindResult,
   getFindResultWithSingleHit,
+  getFindResultWithMultiHits,
 } from '../../../routes/__mocks__/request_responses';
 
 import { createRules } from '../crud/create_rules';
-import { patchRules } from '../crud/patch_rules';
+import { updateRules } from '../crud/update_rules';
 import { importRules } from './import_rules_utils';
 
 jest.mock('../crud/create_rules');
-jest.mock('../crud/patch_rules');
+jest.mock('../crud/update_rules');
 
 describe('importRules', () => {
   const mlAuthz = {
@@ -84,7 +85,7 @@ describe('importRules', () => {
 
     expect(result).toEqual([{ rule_id: 'rule-1', status_code: 200 }]);
     expect(createRules).toHaveBeenCalled();
-    expect(patchRules).not.toHaveBeenCalled();
+    expect(updateRules).not.toHaveBeenCalled();
   });
 
   it('reports error if "overwriteRules" is "false" and matching rule found', async () => {
@@ -106,10 +107,10 @@ describe('importRules', () => {
       },
     ]);
     expect(createRules).not.toHaveBeenCalled();
-    expect(patchRules).not.toHaveBeenCalled();
+    expect(updateRules).not.toHaveBeenCalled();
   });
 
-  it('patches rule if "overwriteRules" is "true" and matching rule found', async () => {
+  it('updates rule if "overwriteRules" is "true" and matching rule found', async () => {
     clients.rulesClient.find.mockResolvedValue(getFindResultWithSingleHit());
 
     const result = await importRules({
@@ -129,7 +130,53 @@ describe('importRules', () => {
 
     expect(result).toEqual([{ rule_id: 'rule-1', status_code: 200 }]);
     expect(createRules).not.toHaveBeenCalled();
-    expect(patchRules).toHaveBeenCalled();
+    expect(updateRules).toHaveBeenCalled();
+  });
+
+  /**
+   * Existing rule may have nullable fields set to a value (e.g. `timestamp_override` is set to `some.value`) but
+   * a rule to import doesn't have these fields set (e.g. `timestamp_override` is NOT present at all in the ndjson file).
+   * We expect the updated rule won't have such fields preserved (e.g. `timestamp_override` will be removed).
+   *
+   * Unit test is only able to check `updateRules()` receives a proper update object.
+   */
+  it('ensures overwritten rule DOES NOT preserve fields missed in the imported rule when "overwriteRules" is "true" and matching rule found', async () => {
+    const existingRule = getRuleMock(
+      getQueryRuleParams({
+        timestampOverride: 'some.value',
+      })
+    );
+
+    clients.rulesClient.find.mockResolvedValue(
+      getFindResultWithMultiHits({ data: [existingRule] })
+    );
+
+    const result = await importRules({
+      ruleChunks: [
+        [
+          {
+            ...getImportRulesSchemaMock(),
+            rule_id: 'rule-1',
+          },
+        ],
+      ],
+      rulesResponseAcc: [],
+      mlAuthz,
+      overwriteRules: true,
+      rulesClient: context.alerting.getRulesClient(),
+      existingLists: {},
+    });
+
+    expect(result).toEqual([{ rule_id: 'rule-1', status_code: 200 }]);
+    expect(createRules).not.toHaveBeenCalled();
+    expect(updateRules).toHaveBeenCalledWith(
+      expect.objectContaining({
+        ruleUpdate: expect.not.objectContaining({
+          timestamp_override: expect.anything(),
+          timestampOverride: expect.anything(),
+        }),
+      })
+    );
   });
 
   it('reports error if rulesClient throws', async () => {
@@ -154,7 +201,7 @@ describe('importRules', () => {
       },
     ]);
     expect(createRules).not.toHaveBeenCalled();
-    expect(patchRules).not.toHaveBeenCalled();
+    expect(updateRules).not.toHaveBeenCalled();
   });
 
   it('reports error if "createRules" throws', async () => {
@@ -180,8 +227,8 @@ describe('importRules', () => {
     ]);
   });
 
-  it('reports error if "patchRules" throws', async () => {
-    (patchRules as jest.Mock).mockRejectedValue(new Error('error patching rule'));
+  it('reports error if "updateRules" throws', async () => {
+    (updateRules as jest.Mock).mockRejectedValue(new Error('import rule error'));
     clients.rulesClient.find.mockResolvedValue(getFindResultWithSingleHit());
 
     const result = await importRules({
@@ -196,7 +243,7 @@ describe('importRules', () => {
     expect(result).toEqual([
       {
         error: {
-          message: 'error patching rule',
+          message: 'import rule error',
           status_code: 400,
         },
         rule_id: 'rule-1',