Skip to content

Commit

Permalink
Merge branch 'EMT-67_add_kql_query_filter_to_endpoint_list' of github…
Browse files Browse the repository at this point in the history
….com:nnamdifrankie/kibana into EMT-67_add_kql_query_filter_to_endpoint_list
  • Loading branch information
nnamdifrankie committed Feb 3, 2020
2 parents ac0a0f7 + e255699 commit 046e0bc
Show file tree
Hide file tree
Showing 245 changed files with 4,754 additions and 2,809 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/pr-project-assigner.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ jobs:
name: Assign a PR to project based on label
steps:
- name: Assign to project
uses: elastic/github-actions/[email protected].0
uses: elastic/github-actions/[email protected].1
id: project_assigner
with:
issue-mappings: |
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/project-assigner.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ jobs:
name: Assign issue or PR to project based on label
steps:
- name: Assign to project
uses: elastic/github-actions/[email protected].0
uses: elastic/github-actions/[email protected].1
id: project_assigner
with:
issue-mappings: '[{"label": "Team:AppArch", "projectName": "kibana-app-arch", "columnId": 6173895}, {"label": "Feature:Lens", "projectName": "Lens", "columnId": 6219363}, {"label": "Team:Canvas", "projectName": "canvas", "columnId": 6187593}]'
Expand Down
2 changes: 1 addition & 1 deletion docs/management/watcher-ui/index.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ If the {es} {security-features} are enabled, you must have the
{ref}/security-privileges.html[`manage_watcher` or `monitor_watcher`]
cluster privileges to use Watcher in {kib}.

Alternately, you can have the built-in `kibana_user` role
Alternately, you can have the built-in `kibana_admin` role
and either of these watcher roles:

* `watcher_admin`. You can perform all Watcher actions, including create and edit watches.
Expand Down
15 changes: 15 additions & 0 deletions docs/migration/migrate_8_0.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,21 @@ specified explicitly.

*Impact:* Any workflow that involved manually clearing generated bundles will have to be updated with the new path.

[float]
[[breaking_80_user_role_changes]]
=== User role changes

[float]
==== `kibana_user` role has been removed and `kibana_admin` has been added.

*Details:* The `kibana_user` role has been removed and `kibana_admin` has been added to better
reflect its intended use. This role continues to grant all access to every
{kib} feature. If you wish to restrict access to specific features, create
custom roles with {kibana-ref}/kibana-privileges.html[{kib} privileges].

*Impact:* Any users currently assigned the `kibana_user` role will need to
instead be assigned the `kibana_admin` role to maintain their current
access level.

[float]
[[breaking_80_reporting_changes]]
Expand Down
1 change: 1 addition & 0 deletions docs/plugins/known-plugins.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ This list of plugins is not guaranteed to work on your version of Kibana. Instea
* https://github.com/johtani/analyze-api-ui-plugin[Analyze UI] (johtani) - UI for elasticsearch _analyze API
* https://github.com/TrumanDu/cleaner[Cleaner] (TrumanDu)- Setting index ttl.
* https://github.com/bitsensor/elastalert-kibana-plugin[ElastAlert Kibana Plugin] (BitSensor) - UI to create, test and edit ElastAlert rules
* https://github.com/query-ai/queryai-kibana-plugin[AI Analyst] (Query.AI) - App providing: NLP queries, automation, ML visualizations and insights

[float]
=== Timelion Extensions
Expand Down
4 changes: 2 additions & 2 deletions docs/uptime-guide/security.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -42,15 +42,15 @@ PUT /_security/role/uptime
=== Assign the role to a user

Next, you'll need to create a user with both the `uptime` role, and another role with sufficient {kibana-ref}/kibana-privileges.html[Kibana privileges],
such as the `kibana_user` role.
such as the `kibana_admin` role.
You can do this with the following request:

["source","sh",subs="attributes,callouts"]
---------------------------------------------------------------
PUT /_security/user/jacknich
{
"password" : "j@rV1s",
"roles" : [ "uptime", "kibana_user" ],
"roles" : [ "uptime", "kibana_admin" ],
"full_name" : "Jack Nicholson",
"email" : "[email protected]",
"metadata" : {
Expand Down
2 changes: 1 addition & 1 deletion docs/user/monitoring/viewing-metrics.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ remote monitoring cluster, you must use credentials that are valid on both the

--

.. Create users that have the `monitoring_user` and `kibana_user`
.. Create users that have the `monitoring_user` and `kibana_admin`
{ref}/built-in-roles.html[built-in roles].

. Open {kib} in your web browser.
Expand Down
6 changes: 3 additions & 3 deletions docs/user/security/authorization/index.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@
[[xpack-security-authorization]]

=== Granting access to {kib}
The Elastic Stack comes with the `kibana_user` {ref}/built-in-roles.html[built-in role], which you can use to grant access to all Kibana features in all spaces. To grant users access to a subset of spaces or features, you can create a custom role that grants the desired Kibana privileges.
The Elastic Stack comes with the `kibana_admin` {ref}/built-in-roles.html[built-in role], which you can use to grant access to all Kibana features in all spaces. To grant users access to a subset of spaces or features, you can create a custom role that grants the desired Kibana privileges.

When you assign a user multiple roles, the user receives a union of the roles’ privileges. Therefore, assigning the `kibana_user` role in addition to a custom role that grants Kibana privileges is ineffective because `kibana_user` has access to all the features in all spaces.
When you assign a user multiple roles, the user receives a union of the roles’ privileges. Therefore, assigning the `kibana_admin` role in addition to a custom role that grants Kibana privileges is ineffective because `kibana_admin` has access to all the features in all spaces.

NOTE: When running multiple tenants of Kibana by changing the `kibana.index` in your `kibana.yml`, you cannot use `kibana_user` to grant access. You must create custom roles that authorize the user for that specific tenant. Although multi-tenant installations are supported, the recommended approach to securing access to Kibana segments is to grant users access to specific spaces.
NOTE: When running multiple tenants of Kibana by changing the `kibana.index` in your `kibana.yml`, you cannot use `kibana_admin` to grant access. You must create custom roles that authorize the user for that specific tenant. Although multi-tenant installations are supported, the recommended approach to securing access to Kibana segments is to grant users access to specific spaces.

[role="xpack"]
=== {kib} role management
Expand Down
8 changes: 4 additions & 4 deletions docs/user/security/reporting.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -85,14 +85,14 @@ elasticsearch.username: 'custom_kibana_system'
[[reporting-roles-user-api]]
==== With the user API
This example uses the {ref}/security-api-put-user.html[user API] to create a user who has the
`reporting_user` role and the `kibana_user` role:
`reporting_user` role and the `kibana_admin` role:

[source, sh]
---------------------------------------------------------------
POST /_security/user/reporter
{
"password" : "x-pack-test-password",
"roles" : ["kibana_user", "reporting_user"],
"roles" : ["kibana_admin", "reporting_user"],
"full_name" : "Reporting User"
}
---------------------------------------------------------------
Expand All @@ -106,11 +106,11 @@ roles on a per user basis, or assign roles to groups of users. By default, role
mappings are configured in
{ref}/mapping-roles.html[`config/shield/role_mapping.yml`].
For example, the following snippet assigns the user named Bill Murray the
`kibana_user` and `reporting_user` roles:
`kibana_admin` and `reporting_user` roles:

[source,yaml]
--------------------------------------------------------------------------------
kibana_user:
kibana_admin:
- "cn=Bill Murray,dc=example,dc=com"
reporting_user:
- "cn=Bill Murray,dc=example,dc=com"
Expand Down
4 changes: 2 additions & 2 deletions docs/user/security/securing-kibana.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -104,15 +104,15 @@ You can manage privileges on the *Management / Security / Roles* page in {kib}.
If you're using the native realm with Basic Authentication, you can assign roles
using the *Management / Security / Users* page in {kib} or the
{ref}/security-api.html#security-user-apis[user management APIs]. For example,
the following creates a user named `jacknich` and assigns it the `kibana_user`
the following creates a user named `jacknich` and assigns it the `kibana_admin`
role:

[source,js]
--------------------------------------------------------------------------------
POST /_security/user/jacknich
{
"password" : "t0pS3cr3t",
"roles" : [ "kibana_user" ]
"roles" : [ "kibana_admin" ]
}
--------------------------------------------------------------------------------
// CONSOLE
Expand Down
51 changes: 47 additions & 4 deletions docs/user/visualize.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,53 @@ modifications to the saved search are automatically reflected in the
visualization. To disable automatic updates, you can disconnect a visualization
from the saved search.

[float]
[[vis-inspector]]
== Inspect visualizations

Many visualizations allow you to inspect the query and data behind the visualization.

. In the {kib} toolbar, click *Inspect*.
. To download the data, click *Download CSV*, then choose one of the following options:
* *Formatted CSV* - Downloads the data in table format.
* *Raw CSV* - Downloads the data as provided.
. To view the requests for collecting data, select *Requests* from the *View*
dropdown.

[float]
[[save-visualize]]
== Save visualizations
To use your visualizations in <<dashboard, dashboards>>, you must save them.

. In the {kib} toolbar, click *Save*.
. Enter the visualization *Title* and optional *Description*, then *Save* the visualization.

To access the saved visualization, go to *Management > {kib} > Saved Objects*.

[float]
[[save-visualization-read-only-access]]
==== Read only access
When you have insufficient privileges to save visualizations, the following indicator is
displayed and the *Save* button is not visible.

For more information, refer to <<xpack-security-authorization>>.

[role="screenshot"]
image::visualize/images/read-only-badge.png[Example of Visualize's read only access indicator in Kibana's header]

[float]
[[visualize-share-options]]
== Share visualizations

When you've finished your visualization, you can share it outside of {kib}.

From the *Share* menu, you can:

* Embed the code in a web page. Users must have {kib} access
to view an embedded visualization.
* Share a direct link to a {kib} visualization.
* Generate a PDF report.
* Generate a PNG report.

--
include::{kib-repo-dir}/visualize/visualize_rollup_data.asciidoc[]
Expand All @@ -95,7 +142,3 @@ include::{kib-repo-dir}/visualize/heatmap.asciidoc[]
include::{kib-repo-dir}/visualize/for-dashboard.asciidoc[]

include::{kib-repo-dir}/visualize/vega.asciidoc[]

include::{kib-repo-dir}/visualize/saving.asciidoc[]

include::{kib-repo-dir}/visualize/inspector.asciidoc[]
11 changes: 0 additions & 11 deletions docs/visualize/inspector.asciidoc

This file was deleted.

19 changes: 0 additions & 19 deletions docs/visualize/saving.asciidoc

This file was deleted.

14 changes: 7 additions & 7 deletions docs/visualize/timelion.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ image::images/timelion-create01.png[]
[[time-series-compare-data]]
==== Compare the data

To compare the two data sets, add another series with data from the previous hour, separated by a comma:
To compare the two data sets, add another series with data from the previous hour, separated by a comma:

[source,text]
----------------------------------
Expand Down Expand Up @@ -81,7 +81,7 @@ image::images/timelion-create03.png[]

[float]
[[time-series-title]]
==== Add a title
==== Add a title

Add a meaningful title:

Expand Down Expand Up @@ -169,7 +169,7 @@ Change the position and style of the legend:

[source,text]
----------------------------------
.es(offset=-1h,index=metricbeat-*, timefield='@timestamp', metric='avg:system.cpu.user.pct').label('last hour').lines(fill=1,width=0.5).color(gray), .es(index=metricbeat-*, timefield='@timestamp', metric='avg:system.cpu.user.pct').label('current hour').title('CPU usage over time').color(#1E90FF).legend(columns=2, position=nw) <1>
.es(offset=-1h,index=metricbeat-*, timefield='@timestamp', metric='avg:system.cpu.user.pct').label('last hour').lines(fill=1,width=0.5).color(gray), .es(index=metricbeat-*, timefield='@timestamp', metric='avg:system.cpu.user.pct').label('current hour').title('CPU usage over time').color(#1E90FF).legend(columns=2, position=nw) <1>
----------------------------------

<1> `.legend()` sets the position and style of the legend. In this example, `.legend(columns=2, position=nw)` places the legend in the north west position of the visualization with two columns.
Expand Down Expand Up @@ -210,7 +210,7 @@ Change how the data is displayed so that you can easily monitor the inbound traf
.es(index=metricbeat*, timefield=@timestamp, metric=max:system.network.in.bytes).derivative() <1>
----------------------------------

<1> `.derivative` plots the change in values over time.
<1> `.derivative` plots the change in values over time.

[role="screenshot"]
image::images/timelion-math02.png[]
Expand Down Expand Up @@ -240,7 +240,7 @@ To make the visualization easier to analyze, change the data metric from bytes t
.es(index=metricbeat*, timefield=@timestamp, metric=max:system.network.in.bytes).derivative().divide(1048576), .es(index=metricbeat*, timefield=@timestamp, metric=max:system.network.out.bytes).derivative().multiply(-1).divide(1048576) <1>
----------------------------------

<1> `.divide()` accepts the same input as `.multiply()`, then divides the data series by the defined divisor.
<1> `.divide()` accepts the same input as `.multiply()`, then divides the data series by the defined divisor.

[role="screenshot"]
image::images/timelion-math04.png[]
Expand All @@ -256,7 +256,7 @@ Customize and format the visualization using functions:
----------------------------------
.es(index=metricbeat*,
timefield=@timestamp,
metric=max:system.network.in.byte)
metric=max:system.network.in.bytes)
.derivative()
.divide(1048576)
.lines(fill=2, width=1)
Expand All @@ -270,7 +270,7 @@ Customize and format the visualization using functions:
.multiply(-1)
.divide(1048576)
.lines(fill=2, width=1) <3>
.color(blue) < <4>
.color(blue) <4>
.label("Outbound traffic")
.legend(columns=2, position=nw) <5>
----------------------------------
Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -454,7 +454,7 @@
"murmurhash3js": "3.0.1",
"mutation-observer": "^1.0.3",
"nock": "10.0.6",
"node-sass": "^4.9.4",
"node-sass": "^4.13.1",
"normalize-path": "^3.0.0",
"nyc": "^14.1.1",
"pixelmatch": "^5.1.0",
Expand Down
2 changes: 1 addition & 1 deletion packages/kbn-plugin-helpers/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
"gulp-zip": "5.0.1",
"inquirer": "^1.2.2",
"minimatch": "^3.0.4",
"node-sass": "^4.9.4",
"node-sass": "^4.13.1",
"through2": "^2.0.3",
"through2-map": "^3.0.0",
"vinyl-fs": "^3.0.3"
Expand Down
2 changes: 1 addition & 1 deletion packages/kbn-ui-framework/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@
"jquery": "^3.4.1",
"keymirror": "0.1.1",
"moment": "^2.24.0",
"node-sass": "^4.9.4",
"node-sass": "^4.13.1",
"postcss": "^7.0.5",
"postcss-loader": "^3.0.0",
"raw-loader": "^3.1.0",
Expand Down
14 changes: 13 additions & 1 deletion src/core/server/elasticsearch/elasticsearch_config.ts
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,19 @@ const configSchema = schema.object({
),
apiVersion: schema.string({ defaultValue: DEFAULT_API_VERSION }),
healthCheck: schema.object({ delay: schema.duration({ defaultValue: 2500 }) }),
ignoreVersionMismatch: schema.boolean({ defaultValue: false }),
ignoreVersionMismatch: schema.conditional(
schema.contextRef('dev'),
false,
schema.boolean({
validate: rawValue => {
if (rawValue === true) {
return '"ignoreVersionMismatch" can only be set to true in development mode';
}
},
defaultValue: false,
}),
schema.boolean({ defaultValue: false })
),
});

const deprecations: ConfigDeprecationProvider = () => [
Expand Down
7 changes: 7 additions & 0 deletions src/core/server/elasticsearch/elasticsearch_service.mock.ts
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import { IScopedClusterClient } from './scoped_cluster_client';
import { ElasticsearchConfig } from './elasticsearch_config';
import { ElasticsearchService } from './elasticsearch_service';
import { InternalElasticsearchServiceSetup, ElasticsearchServiceSetup } from './types';
import { NodesVersionCompatibility } from './version_check/ensure_es_version';

const createScopedClusterClientMock = (): jest.Mocked<IScopedClusterClient> => ({
callAsInternalUser: jest.fn(),
Expand Down Expand Up @@ -71,6 +72,12 @@ type MockedInternalElasticSearchServiceSetup = jest.Mocked<
const createInternalSetupContractMock = () => {
const setupContract: MockedInternalElasticSearchServiceSetup = {
...createSetupContractMock(),
esNodesCompatibility$: new BehaviorSubject<NodesVersionCompatibility>({
isCompatible: true,
incompatibleNodes: [],
warningNodes: [],
kibanaVersion: '8.0.0',
}),
legacy: {
config$: new BehaviorSubject({} as ElasticsearchConfig),
},
Expand Down
Loading

0 comments on commit 046e0bc

Please sign in to comment.