Merge branch 'main' into fix-e2e-agent-check-in-timeout

elastic · Oct 10, 2023 · 095ac7b · 095ac7b
2 parents 1904836 + e3d9f3d
commit 095ac7b
Show file tree

Hide file tree

Showing 25 changed files with 1,369 additions and 529 deletions.
diff --git a/docs/CHANGELOG.asciidoc b/docs/CHANGELOG.asciidoc
@@ -54,7 +54,19 @@ Review important information about the {kib} 8.x releases.
 [[release-notes-8.10.3]]
 == {kib} 8.10.3
 
-The 8.10.3 release includes the following bug fixes.
+[float]
+[[security-update-8.10.3]]
+=== Security updates
+
+* **Kibana heap buffer overflow vulnerability**
++
+On Sept 11, 2023, Google Chrome announced CVE-2023-4863, described as “Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page”. Kibana includes a bundled version of headless Chromium that is only used for Kibana’s reporting capabilities and which is affected by this vulnerability. An exploit for Kibana has not been identified, however as a resolution, the bundled version of Chromium is updated in this release.
++
+The issue is resolved in 8.10.3.
++
+For more information, see our related
+https://discuss.elastic.co/t/kibana-8-10-3-7-17-14-security-update/344735[security
+announcement].
 
 [float]
 [[enhancement-v8.10.3]]

diff --git a/packages/kbn-doc-links/src/get_doc_links.ts b/packages/kbn-doc-links/src/get_doc_links.ts
@@ -824,6 +824,7 @@ export const getDocLinks = ({ kibanaBranch }: GetDocLinkOptions): DocLinks => {
       elasticsearch: `${SEARCH_UI_DOCS}tutorials/elasticsearch`,
     },
     serverlessClients: {
+      clientLib: `${SERVERLESS_ELASTICSEARCH_DOCS}clients`,
       goApiReference: `${SERVERLESS_ELASTICSEARCH_DOCS}go-client-getting-started`,
       goGettingStarted: `${SERVERLESS_ELASTICSEARCH_DOCS}go-client-getting-started`,
       httpApis: `${SERVERLESS_ELASTICSEARCH_DOCS}http-apis`,
@@ -847,6 +848,9 @@ export const getDocLinks = ({ kibanaBranch }: GetDocLinkOptions): DocLinks => {
       gettingStartedIngest: `${SERVERLESS_ELASTICSEARCH_DOCS}get-started#ingest`,
       gettingStartedSearch: `${SERVERLESS_ELASTICSEARCH_DOCS}get-started#search`,
     },
+    serverlessSecurity: {
+      apiKeyPrivileges: `${SERVERLESS_DOCS}api-keys#restrict-privileges`,
+    },
     synthetics: {
       featureRoles: `${ELASTIC_WEBSITE_URL}guide/en/observability/${DOC_LINK_VERSION}/synthetics-feature-roles.html`,
     },

diff --git a/packages/kbn-doc-links/src/types.ts b/packages/kbn-doc-links/src/types.ts
@@ -581,6 +581,7 @@ export interface DocLinks {
     readonly elasticsearch: string;
   };
   readonly serverlessClients: {
+    readonly clientLib: string;
     readonly goApiReference: string;
     readonly goGettingStarted: string;
     readonly httpApis: string;
@@ -604,6 +605,9 @@ export interface DocLinks {
     readonly integrationsConnectorClient: string;
     readonly integrationsLogstash: string;
   };
+  readonly serverlessSecurity: {
+    readonly apiKeyPrivileges: string;
+  };
   readonly synthetics: {
     readonly featureRoles: string;
   };

diff --git a/test/functional/apps/visualize/group3/_annotation_listing.ts b/test/functional/apps/visualize/group3/_annotation_listing.ts
@@ -13,6 +13,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
   const PageObjects = getPageObjects(['visualize', 'annotationEditor']);
   const listingTable = getService('listingTable');
   const kibanaServer = getService('kibanaServer');
+  const testSubjects = getService('testSubjects');
   const find = getService('find');
   const retry = getService('retry');
   const log = getService('log');
@@ -32,6 +33,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
 
       await PageObjects.visualize.gotoVisualizationLandingPage();
       await PageObjects.visualize.selectAnnotationsTab();
+      await listingTable.waitUntilTableIsLoaded();
     });
 
     after(async function () {
@@ -156,7 +158,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
         });
       });
 
-      describe.skip('data view switching', () => {
+      describe('data view switching', () => {
         it('recovers from missing data view', async () => {
           await listingTable.clickItemLink('eventAnnotation', 'missing data view');
 
@@ -175,7 +177,36 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) {
           await PageObjects.annotationEditor.saveGroup();
         });
 
-        it('recovers from missing field in data view', () => {});
+        it('recovers from missing field in data view', async () => {
+          const assertShowingMissingFieldError = async (yes: boolean) => {
+            const [failureExists, canvasExists] = await Promise.all([
+              testSubjects.exists('embeddable-lens-failure'),
+              find.existsByCssSelector('canvas', 1000),
+            ]);
+            expect(failureExists).to.be(yes);
+            expect(canvasExists).to.be(!yes);
+          };
+
+          await listingTable.clickItemLink('eventAnnotation', 'Group with additional fields');
+
+          await assertShowingMissingFieldError(false);
+
+          await retry.try(async () => {
+            await PageObjects.annotationEditor.editGroupMetadata({
+              dataView: 'Data view without fields',
+            });
+
+            await assertShowingMissingFieldError(true);
+          });
+
+          await retry.try(async () => {
+            await PageObjects.annotationEditor.editGroupMetadata({
+              dataView: 'logs*',
+            });
+
+            await assertShowingMissingFieldError(false);
+          });
+        });
       });
     });
   });

diff --git a/test/functional/fixtures/kbn_archiver/annotation_listing_page_search.json b/test/functional/fixtures/kbn_archiver/annotation_listing_page_search.json
@@ -21,6 +21,29 @@
   "version": "WzIyNywxXQ=="
 }
 
+{
+  "attributes": {
+    "fieldAttrs": "{}",
+    "fieldFormatMap": "{}",
+    "fields": "[]",
+    "name": "Data view without fields",
+    "runtimeFieldMap": "{}",
+    "sourceFilters": "[]",
+    "timeFieldName": "timestamp",
+    "title": "kibana_sample_data_logs",
+    "typeMeta": "{}"
+  },
+  "coreMigrationVersion": "8.8.0",
+  "created_at": "2023-09-07T17:23:20.906Z",
+  "id": "data-view-without-fields",
+  "managed": false,
+  "references": [],
+  "type": "index-pattern",
+  "typeMigrationVersion": "8.0.0",
+  "updated_at": "2023-09-11T15:50:59.227Z",
+  "version": "WzIyNywxXQ=="
+}
+
 {
   "attributes": {
     "fieldAttrs": "{}",
@@ -44,6 +67,44 @@
   "version": "WzIyNywxXQ=="
 }
 
+{
+  "attributes": {
+    "annotations": [
+      {
+        "extraFields": [
+          "@message.raw"
+        ],
+        "icon": "triangle",
+        "id": "3d28ce7e-fc5e-409b-aea3-4d9e15010843",
+        "key": {
+          "type": "point_in_time"
+        },
+        "label": "Event",
+        "timeField": "@timestamp",
+        "type": "query"
+      }
+    ],
+    "dataViewSpec": null,
+    "description": "",
+    "ignoreGlobalFilters": true,
+    "title": "Group with additional fields"
+  },
+  "coreMigrationVersion": "8.8.0",
+  "created_at": "2023-10-06T17:15:58.790Z",
+  "id": "12371e00-5174-11ee-a5c4-7dce2e3293a7",
+  "managed": false,
+  "references": [
+    {
+      "id": "90943e30-9a47-11e8-b64d-95841ca0b247",
+      "name": "event-annotation-group_dataView-ref-90943e30-9a47-11e8-b64d-95841ca0b247",
+      "type": "index-pattern"
+    }
+  ],
+  "type": "event-annotation-group",
+  "updated_at": "2023-10-06T17:17:05.384Z",
+  "version": "WzE4MywxXQ=="
+}
+
 {
   "attributes": {
     "annotations": [

diff --git a/x-pack/plugins/fleet/common/constants/routes.ts b/x-pack/plugins/fleet/common/constants/routes.ts
@@ -41,6 +41,7 @@ export const EPM_API_ROUTES = {
   VERIFICATION_KEY_ID: `${EPM_API_ROOT}/verification_key_id`,
   STATS_PATTERN: `${EPM_PACKAGES_MANY}/{pkgName}/stats`,
   BULK_ASSETS_PATTERN: `${EPM_API_ROOT}/bulk_assets`,
+  INPUTS_PATTERN: `${EPM_API_ROOT}/templates/{pkgName}/{pkgVersion}/inputs`,
 
   INFO_PATTERN_DEPRECATED: EPM_PACKAGES_ONE_DEPRECATED,
   INSTALL_FROM_REGISTRY_PATTERN_DEPRECATED: EPM_PACKAGES_ONE_DEPRECATED,

diff --git a/x-pack/plugins/fleet/common/openapi/bundled.json b/x-pack/plugins/fleet/common/openapi/bundled.json
@@ -1420,6 +1420,56 @@
         }
       ]
     },
+    "/epm/templates/{pkgName}/{pkgVersion}/inputs": {
+      "get": {
+        "summary": "Get inputs template",
+        "tags": [
+          "Elastic Package Manager (EPM)"
+        ],
+        "responses": {
+          "400": {
+            "$ref": "#/components/responses/error"
+          }
+        },
+        "operationId": "get-inputs-template",
+        "security": [
+          {
+            "basicAuth": []
+          }
+        ]
+      },
+      "parameters": [
+        {
+          "schema": {
+            "type": "string"
+          },
+          "name": "pkgName",
+          "in": "path",
+          "required": true
+        },
+        {
+          "schema": {
+            "type": "string"
+          },
+          "name": "pkgVersion",
+          "in": "path",
+          "required": true
+        },
+        {
+          "schema": {
+            "type": "string",
+            "enum": [
+              "json",
+              "yaml",
+              "yml"
+            ]
+          },
+          "name": "format",
+          "description": "Format of response - json or yaml",
+          "in": "query"
+        }
+      ]
+    },
     "/agents/setup": {
       "get": {
         "summary": "Get agent setup info",

diff --git a/x-pack/plugins/fleet/common/openapi/bundled.yaml b/x-pack/plugins/fleet/common/openapi/bundled.yaml
@@ -894,6 +894,37 @@ paths:
         name: pkgName
         in: path
         required: true
+  /epm/templates/{pkgName}/{pkgVersion}/inputs:
+    get:
+      summary: Get inputs template
+      tags:
+        - Elastic Package Manager (EPM)
+      responses:
+        '400':
+          $ref: '#/components/responses/error'
+      operationId: get-inputs-template
+      security:
+        - basicAuth: []
+    parameters:
+      - schema:
+          type: string
+        name: pkgName
+        in: path
+        required: true
+      - schema:
+          type: string
+        name: pkgVersion
+        in: path
+        required: true
+      - schema:
+          type: string
+          enum:
+            - json
+            - yaml
+            - yml
+        name: format
+        description: Format of response - json or yaml
+        in: query
   /agents/setup:
     get:
       summary: Get agent setup info

diff --git a/x-pack/plugins/fleet/common/openapi/entrypoint.yaml b/x-pack/plugins/fleet/common/openapi/entrypoint.yaml
@@ -46,6 +46,8 @@ paths:
     $ref: paths/epm@get_file.yaml
   '/epm/packages/{pkgName}/stats':
     $ref: 'paths/epm@packages@{pkg_name}@stats.yaml'
+  '/epm/templates/{pkgName}/{pkgVersion}/inputs':
+    $ref: 'paths/epm@templates@{pkg_name}@{pkg_version}@inputs.yaml'
 
   # Agent endpoints
   /agents/setup:

diff --git a/x-pack/plugins/fleet/common/openapi/paths/epm@templates@{pkg_name}@{pkg_version}@inputs.yaml b/x-pack/plugins/fleet/common/openapi/paths/epm@templates@{pkg_name}@{pkg_version}@inputs.yaml
@@ -0,0 +1,30 @@
+get:
+  summary: Get inputs template
+  tags:
+    - Elastic Package Manager (EPM)
+  responses:
+    '400':
+      $ref: ../components/responses/error.yaml
+  operationId: get-inputs-template
+  security:
+    - basicAuth: []
+parameters:
+  - schema:
+      type: string
+    name: pkgName
+    in: path
+    required: true
+  - schema:
+      type: string
+    name: pkgVersion
+    in: path
+    required: true
+  - schema:
+      type: string
+      enum:
+        - json
+        - yaml
+        - yml
+    name: format
+    description: 'Format of response - json or yaml'
+    in: query
diff --git a/x-pack/plugins/fleet/common/services/full_agent_policy_to_yaml.ts b/x-pack/plugins/fleet/common/services/full_agent_policy_to_yaml.ts
@@ -39,7 +39,7 @@ export const fullAgentPolicyToYaml = (policy: FullAgentPolicy, toYaml: typeof sa
   return _formatSecrets(policy.secret_references, yaml);
 };
 
-function _sortYamlKeys(keyA: string, keyB: string) {
+export function _sortYamlKeys(keyA: string, keyB: string) {
   const indexA = POLICY_KEYS_ORDER.indexOf(keyA);
   const indexB = POLICY_KEYS_ORDER.indexOf(keyB);
   if (indexA >= 0 && indexB < 0) {

diff --git a/x-pack/plugins/fleet/server/routes/epm/handlers.ts b/x-pack/plugins/fleet/server/routes/epm/handlers.ts
@@ -53,6 +53,7 @@ import type {
   GetLimitedPackagesRequestSchema,
   GetBulkAssetsRequestSchema,
   CreateCustomIntegrationRequestSchema,
+  GetInputsRequestSchema,
 } from '../../types';
 import {
   bulkInstallPackages,
@@ -67,6 +68,7 @@ import {
   getLimitedPackages,
   getInstallation,
   getBulkAssets,
+  getTemplateInputs,
 } from '../../services/epm/packages';
 import type { BulkInstallResponse } from '../../services/epm/packages';
 import { defaultFleetErrorHandler, fleetErrorToResponseOptions, FleetError } from '../../errors';
@@ -650,6 +652,28 @@ export const reauthorizeTransformsHandler: FleetRequestHandler<
   }
 };
 
+export const getInputsHandler: FleetRequestHandler<
+  TypeOf<typeof GetInputsRequestSchema.params>,
+  TypeOf<typeof GetInputsRequestSchema.query>,
+  undefined
+> = async (context, request, response) => {
+  const soClient = (await context.fleet).internalSoClient;
+
+  try {
+    const { pkgName, pkgVersion } = request.params;
+    const { format } = request.query;
+    let body;
+    if (format === 'json') {
+      body = await getTemplateInputs(soClient, pkgName, pkgVersion, 'json');
+    } else if (format === 'yml' || format === 'yaml') {
+      body = await getTemplateInputs(soClient, pkgName, pkgVersion, 'yml');
+    }
+    return response.ok({ body });
+  } catch (error) {
+    return defaultFleetErrorHandler({ error, response });
+  }
+};
+
 // Don't expose the whole SO in the API response, only selected fields
 const soToInstallationInfo = (pkg: PackageListItem | PackageInfo) => {
   if ('savedObject' in pkg && pkg.savedObject?.attributes) {